Public Key-Based Rendezvous Infrastructure for Secure and Flexible Private Networking

Secure private networking over the Internet is difficult especially when trying to form a new network with private servers and hosts that belong to different administrative domains. Although such form of private network is useful as a closed group communication environment, simply applying existing VPN technologies is not sufficient. Not to mention common problems such as NAT and firewall traversal, potential collision of private IP addresses among networks makes their interconnection extremely difficult. In addition, access control inside the private network is required in order to prevent inappropriate access to other users´ network resources. In this paper, we propose a public key-based rendezvous infrastructure and user-side VPN agents that can instantly interconnect multiple private networks while automatically mediating address collision and enforcing appropriate access control on cross domain communication by utilizing Zeroconf technologies. We built the rendezvous infrastructure using DHT technologies in order to achieve good scalability and implemented the VPN agent for Linux-based embedded devices so that users can run it on their residential gateway or wireless router.