Social VPNs: Integrating Overlay and Social Networks for Seamless P2P Networking

From P2P Wiki

Authors

Renato Figueiredo, Oscar Boykin, Pierre St. Juste and David Wolinsky

Abstract

Systems enabling Internet users to communicate over private, authenticated end-to-end channels are highly desirable.  Network-layer approaches such as Virtual Private Networks (VPNs) exist, but require considerable setup and management which hinder deployment of ad-hoc networks: trust needs to be established, keys need to be exchanged, and private network tunnels need to be created and maintained among end users. In this paper we propose a novel system architecture which leverages existing social networking infrastructures to enable ad-hoc VPNs which are self-configuring, self-managing, yet maintain security against untrusted parties. The key principles in our approach are: (1) self-configuring virtual network overlays enable seamless bi-directional IP-layer connectivity among parties linked by means of social connections; (2) social networking infrastructures greatly facilitate the establishment of trust relationships among parties, and these can be seamlessly integrated with existing public-key cryptography implementations to authenticate  and encrypt traffic flows on overlay links end-to-end; and (3) knowledge of social connections can be used to improve the performance of overlay routing. This paper describes the architecture of such Social VPNs and a prototype implementation which integrates the Facebook API, IP-over-P2P virtual networks, and the IPsec  security infrastructure in a virtual router. We demonstrate the ability of the prototype to support existing, unmodified TCP/IP applications while transparently dealing with the increasingly common case of users connected to the Internet through Network Address Translators (NATs), and present qualitative and quantitative analysis of its functionality and performance.

Slides: [pdf] Paper: [pdf]

The SocialVPN project web site allows you to download our application and has links to the code.

Related Projects (from the same research group):

Brunet: a P2P library with support for Kleinberg small worlds/Randomized Chord.

IPOP: IP-over-P2P.  Builds virtual IP networks with support of NAT-traversal using a structured P2P overlay (Brunet).

Grid Appliance: an ad-hoc grid system using virtual machines, IPOP and condor to make building grids trivial.

Group Mailing List: feel free to join or read our mailing list. Development of the above projects is discussed on this list.