Title :
On the design of autonomic, decentralized VPNs
Author :
Wolinsky, David Isaac ; Lee, Kyungyong ; Boykin, P. Oscar ; Figueiredo, Renato
Author_Institution :
Univ. of Florida, Gainesville, FL, USA
Abstract :
Decentralized and P2P (peer-to-peer) VPNs (virtual private networks) have recently become quite popular for connecting users in small to medium collaborative environments, such as academia, businesses, and homes. In the realm of VPNs, there exist centralized, decentralized, and P2P solutions. Centralized systems require a single entity to provide and manage VPN server(s); decentralized approaches allow more than one entity to share the management responsibility for the VPN infrastructure, while existing P2P approaches rely on a centralized infrastructure but allow users to bypass it to form direct low-latency, high-throughput links between peers. In this paper, we describe a novel VPN architecture that can claim to be both decentralized and P2P, using methods that lower the entry barrier for VPN deployment compared to other VPN approaches. Our solution extends existing work on IP-over-P2P (IPOP) overlay networks to address challenges of configuration, management, bootstrapping, and security. We present the first implementation and analysis of a P2P system secured by DTLS (datagram transport layer security) along with decentralized techniques for revoking user access.
Keywords :
IP networks; computer network security; network servers; peer-to-peer computing; virtual private networks; DTLS; IP-over-P2P overlay networks; IPOP overlay networks; VPN server; autonomic decentralized VPN; centralized system; datagram transport layer security; direct low-latency high-throughput links; virtual private network; IP networks; Peer to peer computing; Protocols; Routing; Security; Sockets; Virtual private networks;
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2010 6th International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-963-9995-24-6
