Implementation of open Two-Factor Authentication service applied to Virtual Private Network

For preventing the sensitive information from the malicious attackers, each layer in OSI model has its own security mechanism such as 802.1x in Data-link layer, SSL/TLS in Transport layer etc. In Network layer, IPSec, which is used to create the secure tunnel for exchanging data, is one approach to implement the so-called Virtual Private Network (VPN). In order to make VPN more secure and reliable, a strong authentication mechanism has to be applied besides the traditional username and password credentials. One of the existing methods is Two-Factor Authentication. This paper will propose the procedure to guide the one, who is willing to design and implement that service from the scratch, to build and integrate the Two-Factor Authentication Service (TFAS) into VPN system with low-cost money by the programming language-Java. The advantage of this approach is that it is too difficult to find out the ready-made system that can do the automatic real-time support; even if the commercial solution is purchased, it will be an in-a-box product which is unable to satisfy 100 percent of requirements. Additionally, for monitoring the status and health of service, the custom events such as number of login attempts exceeded, abnormal behavior of user etc. can be logged which will be valuable and useful for auditing and debugging whenever incidents occur. This idea had been applied to set up the TFAS for VPN system in the bank, it serves about 300 simultaneous users at this time.