Transcript
software products
ACS Mobile VPN Suite (AMVS) OVERVIEW
Applied Communication Sciences’ Mobile VPN Suite (AMVS) allows commercial smart
devices to seamlessly roam between infrastructure cellular/Wi-Fi and ad hoc networks, while maintaining the session continuity for both unicast and multicast applications and preserving the security association between the smart device and the network VPN gateways. ACS Mobile VPN Suite is a client-server based software solution that is compatible with NSA mobility requirements for commercial smart devices; e.g., Commercial Solutions for Classified (CSfC) capability packages. The client software currently runs on the Android platform as a service and the server component can be hosted in Linux-based virtual machines Applied Communication Sciences understands the enhanced security requirements and challenges for mobile users who need to be always connected to their network of choice, with seamless user experience and without compromising network communication security.
(VMs). Built on commercial standard VPN and mobility management technologies, ACS AMVS offers two layers of state-of-the-art security with seamless session mobility when the network interface IP address of the smart device changes due to the attachment of different access networks. Figure 1 (below) gives a overview the ACS AMVS solution architecture.
Figure 1: AMVS Solution Architecture The mobility solution of the ACS Mobile VPN Suite allows the smart devices to connect to the best available networks and offers the capability to extend coverage of infrastructure gaps by automatically forming an ad hoc Wi-Fi network by maintaining the session continuity and same security association. The solution determines and designates specific nodes to be bridge nodes so that the other nodes in the ad hoc network can communicate to the infrastructure network without compromising the session continuity. An access network agnostic overlay enables multicast application packets to traverse the network to and from the
Page 2 of 4
smart devices and ensures end point IP address persistence. In addition to NSA CSfC-based VPN capabilities, the ACS Mobile VPN Suite enables a single authentication framework to manage user and device identity, as well as enforce network access controls and policies to mobile users. APPLICABILITY
ACS Mobile VPN Suite is targeted for commercial and government networks, including tactical and public safety networks that need premium levels of connectivity and where two layers of over-the-air encryption are required (as per NSA CSfC guidelines) on top of the link layer security when mobile users are connected via an IP network. Key features of ACS AVMS capabilities include: •
NSA Suite B compliant cryptographic algorithms for encryption
•
NSA CSfC mobility package requirements
•
Multi-factor authentication
•
Dynamic network selection based on best available access networks
•
Secure session continuity for unicast and multicast applications
•
Range extension by dynamically forming ad hoc networks
Figure 2. AMVS Application Scenarios
Page 3 of 4
ACS Mobile VPN Suite has the following technical specifications:
Table 1: AMVS Technical Specifications AREA
Operating System
Access Network Support VPN Protocol
Mobility
Authentication Options
Encryption and Key Exchange
ATTRIBUTES
• Server: Linux (Ubuntu 12.04, 32 bit) based VM • Client: Android 4.x (Currently supports Samsung Galaxy Nexus, S4, Note II), runs as a service • Ethernet (IEEE 802.3) • Wi-Fi (IEEE 802.11 a/b/g/n) • Cellular ( 3G/4G LTE) • IPsec/IKEv2 at the network layer • SSL (TLS 1.2) at the transport layer; TLS ensures transparent application security (e.g., HTTP over TLS/SSL) • IKEv2 Mobility (MOBIKE); VPN connection is maintained during interface IP address changes • IEEE 802.21; Network discovery and selection of best available networks • Diameter with password expiry • Diameter with one time password • Digital certificate (x.509)/Smartcard, Self-signed • Multi-factor authentication (Combined certificate and username/password) • AES- 256 (CBC and GCM modes) • NSA Suite B algorithms • 4096-bit RSA keys, Elliptic Curve Diffie-Hellman (ECDH), Elliptic Curve Digital Signature Algorithm (ECDSA), SHA2 , (SHA-256, 384, 512)
Extensible Authentication Protocol
• EAP-TLS • EAP-TTLS • EAP-MSCHAPv2
Federal Information Processing Standard (FIPS)
• FIPS 140-2 compliant feature and version
Ad hoc Routing
• Optimized Link State Routing Protocol version (OLSR v2); Automatic formation of ad hoc networks and gateway selection for connecting to the infrastructure where available
Optimal Bridge Node Selection
• Automatic selection of optimal bridge node to allow the ad hoc nodes to connect to the infrastructure
Multicast
Deployment Option
• Multicast overlay to enable native multicast packets to traverse the infrastructure network to and from the smart devices. Simplified Multicast Forwarding (SMF) with Duplicate Packet Detection (DPD) that forwards multicast traffic in ad hoc networks and can interface with any IP multicast protocol. • Pre-deployment via Installer • CLI-based • API-based
Page 4 of 4
FOR MORE INFORMATION ABOUT AMVS, CONTACT US AT:
RELEASE NOTES
ACS Mobile VPN Suite 1.0 is available as of December, 2013 for Android-based smart
devices. Support for Apple’s IoS is targeted for first half 2014.
Applied Communication Sciences 150 Mount Airy Road Basking Ridge, NJ 07920
[email protected] www.appcomsci.com
ABOUT APPLIED COMMUNICATION SCIENCES
ACS delivers world class research, consulting and engineering to enable government agencies, telecom carriers, and commercial enterprises to fully exploit technology futures. Drawing on its Bell Labs heritage, ACS excels at creating innovative technologies and services to solve the most difficult and complex information and communications problems. Areas of particular expertise include cyber security, wireless and mobility, information assurance, network and operations, data analytics, advanced software and methodologies, application engineering and integration, smart grid, and optical networking and quantum technologies. The company is headquartered in Basking Ridge, NJ, and is a wholly-owned subsidiary of The SI Organization, Inc.
© 2013 Applied Communication Sciences. All rights reserved. A Business of the SI.
MB-0025
