Method of Building Dynamic Multi-Hop VPN Chains for Ensuring Security of Terminal Access Systems

International business groups are increasingly using terminal systems as workstations. At the same time, virtual machine servers are often located in the head structure, while remote offices have to connect to them using terminals. Currently, the security of terminal access systems is ensured by the robustness of communication protocols between a terminal and a host. To improve the security of such connections, the concept of Multi-hop VPN chains has recently been used. Its essence lies in the use of a set of intermediate VPN servers, the interaction of which is organized according to a certain rule for the purpose of multiple “repackaging” of traffic between subnets or through end-to-end tunneling. At the same time, the speed of building such an overlay structure and the delay indicator between the end nodes are important tasks. Therefore, the task of fast building Multi-hop VPN chains with a given security level and the condition of the minimum allowable network delay is relevant. A method for building dynamic Multi-hop VPN chains to ensure the security of terminal access systems is proposed in the paper. The method is based on solving a set of combinatorial best choice problems. The method provides for both scheduled hopping of the route in the chain, and unscheduled one conditioned by a failure of the VPN server or exceeding the threshold network delay between a terminal and a host. The paper presents the results of comparative experiments with the well-known NeuroRouting approach. It is shown that the developed method is more flexible than NeuroRouting. By carrying out experiments, it was found that the use of the developed method allows obtaining a gain in connection security by increasing the frequency of chain hopping; reducing the time delay of data exchange between the host and the terminal through a chain of VPN servers up to 15%.