Secure Networking with NAT Traversal for Enhanced Mobility
When a peer in a public network opens a connection to another one being behind a network address translator, it encounters the network address translation problem. So called “UDP hole punching” approach allows to open a public-to-private or private-to-private network connection. This article deals with this approach to propose new security architecture for IPv4 communication introducing so called “implicit security” concept. Main contributions are ability to interconnect to any host behind NAT using just a host’s domain name, enhanced mobility, and encryption and authentication of all data transmitted through this connection right from a packet sender to a local receiver. Secure channel is established on-demand automatically and is independent on any application. No additional modification of current NAT, IPv4 or DNS is required.
KeywordsPersonal Wireless Communication Public Network Network Address Translation Login Request Original Packet
- [I]Fergusson, N., Schneier, B., Practical Cryptography, Wiley Publishing, Inc., Indianopolis USA, 2003Google Scholar
- A. J. Menzes, P. C. van Oorschot, S. A. Vanstone, Handbook of applied cryptography, CRC Press LLC, Florida, USA, 1997.Google Scholar
- D. Kegel, “NAT and Peer-to-peer networking”, Web page, http://alumnus.caltech.edu/~dank/peer-nat.html. 1999
- B. Ford, P. Srisuresh, and D. Kegel, “Peer-to-Peer Communication Across Network Address Translators”, Web page, http://www.brynosaurus.com/pub/net/p2pnat/ 2005.
- S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, 1998.Google Scholar
- T. Dierks, C. Allen, “The TLS Protocol Version 1.0”, RFC 2246, 1999.Google Scholar
- Open VPN project, http://openvpn.sourceforge.net
- H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, 1997.Google Scholar
- Free S/WAN project, http://www.freeswan.org
- S. Kent, R. Atkinson, “IP Encapsulating Security Payload (ESP)”, RFC 2406, 1998.Google Scholar
- [II]L. Cvrk, V. Zeman, D. Komosny, “H.323 Client-Independent Security Approach”. Lecture Notes in Computer Science, 2005.Google Scholar
- S. Kent, and R. Atkinson, “IP Encapsulating Security Payload (ESP)”, RFC 2406, 1998.Google Scholar