Social VPN

A social VPN is a virtual private network that is created among individual peers, automatically, based on relationships established by them through a social networking service. A social VPN aims at providing peer-to-peer (P2P) network connectivity between a user and his or her friends, in an easy to set up manner that hides from the users the complexity in setting up and maintaining authenticated/encrypted end-to-end VPN tunnels.

Architecture

An architecture of a social VPN is based on a centralized infrastructure where users authenticate, discover their friends and exchange cryptographic public keys, and a P2P overlay which is used to route messages between VPN endpoints. For example, this allows an organization to have routed connections with separate offices, or with other organizations, over the Internet. A routed VPN connection across the Internet logically operates as a dedicated Wide Area Network (WAN) link.

Packet capture and injection

A social VPN uses a virtual network interface (such as TUN/TAP devices in Windows and Unix systems) to capture and inject IP packets from a host. Once captured, packets are encrypted, encapsulated, and routed over an overlay network.

Security

A social VPN uses online social networks to distribute public keys and advertise node address to friends. The acquired public keys are used to establish encrypted communication between two endpoints. Symmetric keys are exchanged during the process of establishing an end-to-end link by two social VPN peers.

Routing

Routing in the social VPN is peer-to-peer. One approach that has been implemented uses a structured P2P system for sending IP packets encapsulated in overlay messages from a source to destination.

Private IP address space

A social VPN uses dynamic IP address assignment and translation to avoid collision with existing (private) address spaces of end hosts, and to allow the system to scale to the number of users that today's successful online social network services serve (tens of millions). Users are able to connect directly only to a small subset of the total number of users of such a service, where the subset is determined by their established relationships.

Naming

A social VPN uses names derived from the social network service to automatically assign host names to endpoints. These names are translated to virtual private IP addresses in the overlay by a loop-back DNS virtual server.

Related systems

*The MIT Unmanaged Internet Architecture (UIA)provides ''ad hoc'', zero-configuration routing infrastructure for mobile devices, but the ''ad hoc'' connections are not established through a social networking infrastructure.
*"Friend Net" is a similar concept put forth in a 2002 blog entry.
*Hamachi is a zero-configuration VPN which uses a security architecture different from that of social VPN.LogMeIn Hamachi Security Architecture
. The leafnetworks VPN also supports the creation of networks using the Facebook API.

Software

An open-source social VPN implementation based on the Facebook social network service and the Brunet P2P overlay is available for Windows and Linux systems under MIT license. It creates direct point-to-point secure connections between computers with the help of online social networks, and supports transparent traversal of NATs. It uses the P2P overlay to create direct VPN connections between pairs of computers (nodes). To establish a connection, two nodes advertise their P2P node address (as well as public keys for secure communication) to each other through an online social network. Once each node acquires the node address (and public keys) of the other node, an IP-to-nodeAddress mapping is created and IP packets can be routed through the VPN tunnel.

References

External links

{{DEFAULTSORT:Social Vpn
Free network-related software
Virtual private networks