Y Shiraishi; Y Fukuta; M Morii
CCNC 2004: 1ST IEEE CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE, PROCEEDINGS IEEE 671 - 673 2004
[Refereed] A key advantage of SSL VPN is that no specialized client software is required. When a user requests access to a server, the SSL client module, which is a Java applet code, is downloaded into the host at first. However, it is quite likely that not all applications run well, because a client can not connect with a server through an HTTPS tunnel in some applications as we know. Moreover, there is the possibility that we can not use the VPN connections when the SSL port is under Denial of Service (DoS) or Distributed DoS (DDoS) attack. In this paper, we propose a port randomized VPN architecture such that any application can use the VPN and the VPN has strength against DoS or DDoS attack. The proposed VPN uses the same Java applet as existing SSL VPNs use, but the function of the applet, which we call mobile code, is dynamically changed by Java Remote Method Invocation (RMI). The VPN client applet can cooperate with a VPN server and a firewall in server side.