Secure Networking with NAT Traversal for Enhanced Mobility

  • Lubomir Cvrk
  • Vit Vrba
Conference paper
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 245)


When a peer in a public network opens a connection to another one being behind a network address translator, it encounters the network address translation problem. So called “UDP hole punching” approach allows to open a public-to-private or private-to-private network connection. This article deals with this approach to propose new security architecture for IPv4 communication introducing so called “implicit security” concept. Main contributions are ability to interconnect to any host behind NAT using just a host’s domain name, enhanced mobility, and encryption and authentication of all data transmitted through this connection right from a packet sender to a local receiver. Secure channel is established on-demand automatically and is independent on any application. No additional modification of current NAT, IPv4 or DNS is required.


Personal Wireless Communication Public Network Network Address Translation Login Request Original Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [I]
    Fergusson, N., Schneier, B., Practical Cryptography, Wiley Publishing, Inc., Indianopolis USA, 2003Google Scholar
  2. [2]
    A. J. Menzes, P. C. van Oorschot, S. A. Vanstone, Handbook of applied cryptography, CRC Press LLC, Florida, USA, 1997.Google Scholar
  3. [3]
    D. Kegel, “NAT and Peer-to-peer networking”, Web page, 1999
  4. [4]
    B. Ford, P. Srisuresh, and D. Kegel, “Peer-to-Peer Communication Across Network Address Translators”, Web page, 2005.
  5. [5]
    S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, 1998.Google Scholar
  6. [6]
    T. Dierks, C. Allen, “The TLS Protocol Version 1.0”, RFC 2246, 1999.Google Scholar
  7. [7]
  8. [8]
    H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, 1997.Google Scholar
  9. [9]
    Free S/WAN project,
  10. [10]
    S. Kent, R. Atkinson, “IP Encapsulating Security Payload (ESP)”, RFC 2406, 1998.Google Scholar
  11. [II]
    L. Cvrk, V. Zeman, D. Komosny, “H.323 Client-Independent Security Approach”. Lecture Notes in Computer Science, 2005.Google Scholar
  12. [12]
    S. Kent, and R. Atkinson, “IP Encapsulating Security Payload (ESP)”, RFC 2406, 1998.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Lubomir Cvrk
    • 1
  • Vit Vrba
    • 1
  1. 1.Dept. of TelecommunicationsBrno University of TechnologyBrnoCzech Republic

Personalised recommendations