Proceedings of the International Conference on
Information Security ICIS’05,
Pondicherry Engineering College, Pondicherry, India. Dec.7-9, 2005, pp.321 –324.
A Secure Wireless Gateway using StrongSWAN
Kalli Satyanarayan Reddy
, Amit Hirway
International Institute of Information Technology, Rajiv Gandhi Infotech Park, Hinjawadi, Pune –411057
Wireless Local Area Networks (WLANs) have become commonplace because of their low cost, hassle-free
setup and speed equivalent to wired networks. Laptops and Palmtops are being equipped with instant
wireless-access technology and telecom service providers have started to set up wireless hot spots at
public places. However, the 802.11 standard for WLANs has major flaws in its security implementation
i.e. Wired Equivalent Privacy (WEP). Various techniques such as Media Access Control (MAC) and
Internet Protocol (IP) address filtering exist in the Wireless Access Point configuration, but researchers
have proved them to be futile. This makes 802.11, an easy target for malicious activities. Our solution to
this problem is a wireless gateway using Strong Secured Wide Area Network (StrongSWAN).
StrongSWAN is an IP Security (IPSec) implementation for Linux kernel 2.6+. It uses RSA public key
authentication (RSA keys in X.509 certificates), Triple Data Encryption Standard (3DES) for encryption
and Diffie-Hellman key exchange protocol for key management. We propose to support both registered
and unpaid users by providing better Quality-of-Service (QoS) to the former using Squid Proxy Server
(ACL or delay pools feature) for bandwidth management. We also propose to use the IP Traffic
Monitoring (IPTraf) tool for traffic monitoring.
On the client side, Windows 2000, XP and Linux clients can be supported.
Wireless communications offer many benefits to
organizations and users such as portability and
increased productivity, and lower