Research Article
On the design of autonomic, decentralized VPNs
@INPROCEEDINGS{10.4108/icst.collaboratecom.2010.43, author={David Isaac Wolinsky and Kyungyong Lee and P. Oscar Boykin and Renato Figueiredo}, title={On the design of autonomic, decentralized VPNs}, proceedings={6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing}, publisher={IEEE}, proceedings_a={COLLABORATECOM}, year={2011}, month={5}, keywords={IP networks Peer to peer computing Protocols Routing Security Sockets Virtual private networks}, doi={10.4108/icst.collaboratecom.2010.43} }
- David Isaac Wolinsky
Kyungyong Lee
P. Oscar Boykin
Renato Figueiredo
Year: 2011
On the design of autonomic, decentralized VPNs
COLLABORATECOM
ICST
DOI: 10.4108/icst.collaboratecom.2010.43
Abstract
Decentralized and P2P (peer-to-peer) VPNs (virtual private networks) have recently become quite popular for connecting users in small to medium collaborative environments, such as academia, businesses, and homes. In the realm of VPNs, there exist centralized, decentralized, and P2P solutions. Centralized systems require a single entity to provide and manage VPN server(s); decentralized approaches allow more than one entity to share the management responsibility for the VPN infrastructure, while existing P2P approaches rely on a centralized infrastructure but allow users to bypass it to form direct low-latency, high-throughput links between peers. In this paper, we describe a novel VPN architecture that can claim to be both decentralized and P2P, using methods that lower the entry barrier for VPN deployment compared to other VPN approaches. Our solution extends existing work on IP-over-P2P (IPOP) overlay networks to address challenges of configuration, management, bootstrapping, and security. We present the first implementation and analysis of a P2P system secured by DTLS (datagram transport layer security) along with decentralized techniques for revoking user access.