In the Wild West of the early Internet, there was virtually no protection for communication over public networks. Thirty years ago, this slowly began to change. Researchers developed new protocols that now form the basis for secure and advanced VPN solutions.
Virtual private networks (VPNs) are indispensable for secure remote access in companies. But hardly anyone knows their story. The origins of today's VPNs go back to 1993, around 30 years ago. At this time, researchers John Ioannidis of Columbia University and Matt Blaze of AT&T Bell Labs presented the swipe protocol.
In their draft published on December 3, 1993 (Draft), the two scientists set out their ambitious goal: They wanted to ensure not only the confidentiality, integrity and authentication of network traffic, but also end-to-end security. Until then, only a few people had thought about how to secure unencrypted data packets on the Internet. Although Swipe never got past the experimental stage, it set the course toward secure communication.
The experimental Swipe protocol included optional authentication. However, it was never released.
Wei Xu of the security firm Trusted Information Systems, which was later acquired by Network Associates and then by McAfee, had somewhat greater success. He wanted to accelerate the transmission of encrypted data via T1 lines, which were used for high-speed connections at the time. T1 lines supported up to 24 channels for voice or data and reached a top speed of 1.540 Mbps. The problem, however, was that DES and triple DES encryption algorithms available on the hardware at the time were too slow to fully utilize these lines. Wei Xu therefore developed a new driver that was incorporated into a commercially available product, the legendary Gauntlet Firewall. At the end of 1994, this secured long-distance connections between several locations on the east and west coasts of the USA for the first time.
The Naval Research Laboratory also participated in research to secure IP packets. The scientists had obtained financial support from the Defense Advanced Research Projects Agency (DARPA). DARPA is a well-funded federal agency that belongs to the US Department of Defense and was involved in developing ARPANET, the predecessor of the Internet.
How the path to the encrypted tunnel was created via public networks
In 1995, the newly established IPsec Working Group of the Internet Engineering Task Force (IETF) began work on a series of freely available protocols, which were grouped together under the name IPsec. The National Security Agency (NSA) also participated in this with its SDNS (Secure Data Network System) project. This team developed Security Protocol Layer 3 (SP3), on which the Network Layer Security Protocol (NLSP) is based. The Key Management Protocol (KMP), which takes care key management, was also created.
In 1996, Microsoft employee Gurdeep Singh Pall developed the first version of the Point-to-Point Tunneling Protocol (PPTP). PC Magazine named it “Innovation of the Year” that same year. PPTP is considered a particularly important milestone in the development of advanced VPN products. Its release came at just the right time. In the 1990s, Internet usage increased sharply for the first time, having been released for general use by the U.S. military in the decade before.
PPTP made it possible to establish an encrypted tunnel via public networks such as the Internet for the first time. Secure connections could be established with no more than the address of the destination and credentials. This basic system is still used today – but usually extended with additional authentication procedures. PPTP only has declined in use since Edward Snowden revealed that the NSA is capable of decrypting PPTP connections.
How the IPsec protocol ensures significantly more security
It’s a different story for IPsec, even if IKEv1 has now been surpassed by IKEv2. The first version of the Internet Key Exchange protocol (IKEv1) was introduced in 1998. Seven years later, the release of IKEv2 followed, which not only had new features such as MOBIKE (IKEv2 Mobility and Multihoming Protocol), but also eliminated many of the vulnerabilities of its predecessor.
Previously, L2TP, the Layer 2 Tunneling Protocol, was released. It is actually based on two protocols, L2F (Layer 2 Forwarding) from Cisco Systems and PPTP, but does not offer encryption itself. L2TP is therefore normally used in combination with IPsec.
In 2001, James Yonan introduced OpenVPN, the first free VPN protocol. OpenVPN allows participants to authenticate each other with shared keys, certificates, or a combination of username and password. Wireguard is also gaining more popularity, although the protocol is still relatively new. Thanks to performance optimization, it is suitable for use on hardware with less computing power. It currently doesn’t offer a sufficient level of extendability and configuration to suit commercial environments.
Advanced VPN solutions based on IPsec and cloud VPNs
This isn’t the case for IPsec: All VPN solutions currently available on the market support IPsec in one form or another. It particularly important for customers which IPsec protocols are supported by the solutions they use. Proprietary extensions are often implemented, but usually lead to a dead end. NCP developed an IPsec protocol stack in 2002, which is 100% based on IETF specifications and supports all IPsec standards exactly as they are defined in the RFCs.
NCP has also developed its own VPN Path Finder Technology, which enables secure VPN connections through firewalls or proxies that block IPsec. This is the case in many hotels, for example. As remote access protected only by username and password is no longer considered effective or up-to-date, NCP has tightened authentication. Username and passwords can be intercepted far too easily. All NCP VPN products include advanced authentication built on time-based one-time password (TOTP) authentication, elliptical curves (ECC) and digital certificates in a public key infrastructure (PKI) environment as well as on biometric solutions. NCP’s entire VPN portfolio can also be integrated into cloud VPNs.
Learn more about VPN in the cloud now