VPN User Authentication Using Centralized Identity Providers

Mortágua, Duarte; Zúquete, André; Salvador, Paulo

Home // ICNS 2023, The Nineteenth International Conference on Networking and Services // View article

VPN User Authentication Using Centralized Identity Providers

Authors:
Duarte Mortágua
André Zúquete
Paulo Salvador

Keywords: Identity Providers, Authentication, OAuth 2.0, VPN, WireGuard

Abstract:
The online access to an always growing set of services requires users to manage credentials to identify themselves to all of them. The reduce this burden on users, centralized authentication systems, ordinarily known as Identity Providers (IdPs), and Single Sign-On (SSO) protocols where developed and are often deployed. IdPs and SSO were mainly developed for Web-based interactions, first in the scope of a set of federated services belonging to one organization, later on wider scopes, such as for virtually everyone (e.g., Google or Facebook users) or for all citizens of a given country. The Portuguese national IdP, Autenticação.gov, is an example of this later case. Today, many adhering services, from both the public and the private sectors, enable users to authenticate themselves using the functionalities provided by Autenticação.gov.gov. However, the use of this IdP, as well as of similar ones, is mostly limited to Web applications. The goal of this paper was to study the integration of IdP services with Virtual Private Network (VPN) setup processes, namely for the authentication of VPN users. To this end, we used a recent VPN technology, WireGuard, which became popular amongst vendors due to its speed, simplicity and adoption by the kernels of the mainstream operating systems. We propose a method for a WireGuard-based VPN client to connect to a VPN server and negotiate cryptographic keys associated to a user authenticated by a centralized, OAuth 2.0-enabled IdP. We implemented a VPN server that enables users to use two different IdPs, namely Google Identity and Autenticação.gov; they both support the OAuth 2.0, but in different ways.

Pages: 9 to 18

Copyright: Copyright (c) IARIA, 2023

Publication date: March 13, 2023

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-68558-052-0

Location: Barcelona, Spain

Dates: from March 13, 2023 to March 17, 2023