Design of secure authentication protocol in SOCKS V5 for VPN using mobile phone

Abstract

The Socket Secure version 5 (SOCKS V5) protocol described the password-based authentication to provide authentication services to the initial SOCKS protocol. In this approach, the request transmits the password in plaintext and thus, it is not recommended due to security reasons. In this article, we proposed a mobile phone-based authentication with session key agreement approach that provides strong authentication services to SOCKS V5 protocol. The protocol is suitable for mobile users and makes use of International Mobile Subscriber Identity (IMSI) to provide unique identification. In this protocol, mobile phone is used to provide authentication between user and SOCKS proxy server when a user wants to access a Virtual Private Network (VPN). Easy availability and widely acceptance of mobile phones in comparison to smart cards is the motivation behind developing this authentication protocol. The proposed protocol establishes the session keys between mobile user and SOCKS proxy server as well as Application Server of the VPN. In the proposed protocol, multiple mobile users can simultaneously access the application server via a SOCKS proxy server. The proposed protocol is secure against known attacks.