VPN Authentication and Encryption

The fundamentals of creating a VPN are Authentication, strong Encryption and a method of secure Key Exchange. Authenticate the users, securely exchange keys for encryption then encrypt the data using the generated keys.

Authentication is used to validate a users identity using one or more of a number of methods:

Something you have – can be a key card, a security pass, drivers license, a passport or similar. The possession of one of the above items is usually enough to confirm the identity of the holder. The problem with this is that the device can be lost or stolen, and sometimes used by other persons.

Something you know – a password, pass phrase or some other known information that can be used to calculate function from a secret message.

Something you are – A physical characteristic of your body such as your finger print, the retina print of your eye or your DNA.

Encryption is a means of taking some plain readable text into a cipher text utilizing some form of algorithmic mapping. The intended receiver of such a cipher text must have the means to reverse the process by knowing the same algorithm, but an attacker cannot know the process.

Encryption systems must use mathematically complex algorithms so as to provide a good enough deterrent from attackers to be able to use some brute force method of calculating the algorithm in use. Two common methods of encryption are Symmetric Encryption Systems and Public Key Encryption Systems:

Symmetric encryption simply uses an identical key for encryption of the plain text and decryption of the cipher text. and decryption at both ends. The encryptor applies the key to the plain text data which results in a cipher text. The decryptor reverses the by applying the same key to the cipher text to reveal the plain text data. The most common symmetric encryption system is the Data Encryption Standard (DES), of which there are several variations.

Public Key Encryption systems are a lot more complex than symmetric encryption systems such as DES and depend upon mathematical functions that are often referred to as “trap-door” functions. They involve complex mathematical formulae which normally involve exponentiation to high powers, modular arithmetic and the products of large prime numbers. The algorithms yield an encryption mechanism and an encryption key which can be made public and a decryption algorithm and decryption key that is kept secret. The mathematics of the algorithms is so complex that it is not possible to deduce the decryption mechanism from the encryption mechanism alone.