6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing

Research Article

On the design of autonomic, decentralized VPNs

Download621 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2010.43,
        author={David Isaac Wolinsky and Kyungyong Lee and P. Oscar Boykin and Renato Figueiredo},
        title={On the design of autonomic, decentralized VPNs},
        proceedings={6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing},
        keywords={IP networks Peer to peer computing Protocols Routing Security Sockets Virtual private networks},
  • David Isaac Wolinsky
    Kyungyong Lee
    P. Oscar Boykin
    Renato Figueiredo
    Year: 2011
    On the design of autonomic, decentralized VPNs
    DOI: 10.4108/icst.collaboratecom.2010.43
David Isaac Wolinsky1, Kyungyong Lee1, P. Oscar Boykin1, Renato Figueiredo1
  • 1: University of Florida


Decentralized and P2P (peer-to-peer) VPNs (virtual private networks) have recently become quite popular for connecting users in small to medium collaborative environments, such as academia, businesses, and homes. In the realm of VPNs, there exist centralized, decentralized, and P2P solutions. Centralized systems require a single entity to provide and manage VPN server(s); decentralized approaches allow more than one entity to share the management responsibility for the VPN infrastructure, while existing P2P approaches rely on a centralized infrastructure but allow users to bypass it to form direct low-latency, high-throughput links between peers. In this paper, we describe a novel VPN architecture that can claim to be both decentralized and P2P, using methods that lower the entry barrier for VPN deployment compared to other VPN approaches. Our solution extends existing work on IP-over-P2P (IPOP) overlay networks to address challenges of configuration, management, bootstrapping, and security. We present the first implementation and analysis of a P2P system secured by DTLS (datagram transport layer security) along with decentralized techniques for revoking user access.