Socialvpn

articleissues
importance=September 2008
orphan=September 2008

Infobox Software
name = SocialVPN



caption =
author =
developer =
released =
latest release version =
latest release date =
latest preview version =
latest preview date =
operating system =
platform = Cross-platform
language =
genre = VPN
license = GNU GPL
website = http://www.socialvpn.org/

The term Social VPN refers to a Virtual Private Network that is created among individual peers, automatically, based on relationships established by them through a social networking service. A SocialVPN aims at providing peer-to-peer network connectivity between an user and his or her friends, in an easy to setup manner that hides from the users the complexity in setting up and maintaining authenticated/encrypted end-to-end VPN tunnels.

Architecture

An architecture of a SocialVPN is described in [R. Figueiredo, P. O. Boykin, P. St. Juste, D. Wolinsky, [http://byron.acis.ufl.edu/papers/cops08.pdf "SocialVPNs: Integrating Overlay and Social Networks for Seamless P2P Networking"] , in Proceedings of IEEE WETICE/COPS, Rome, italy, June 2008.] . The approach is based on a centralized infrastructure where users authenticate, discover their friends and exchange cryptographic public keys, and a peer-to-peer overlay which is used to route messages between VPN endpoints.

Packet capture and injection

A SocialVPN uses a virtual network interface (such as tap/tun devices in Windows and Unix systems) to capture and inject IP packets from a host. Once captured, packets are encrypted, encapsulated, and routed over an overlay network.

Security

A SocialVPN uses online social networks to distribute public keys and advertise node address to friends. The acquired public keys are used to establish encrypted communication between two endpoints. Symmetric keys are exchanged during the process of establishing an end-to-end link by two SocialVPN peers.

Routing

Routing in the SocialVPN is peer-to-peer. One approach that has been implemented uses a structured P2P system for sending IP packets encapsulated in overlay messages from a source to destination.

Private IP address space

A SocialVPN uses dynamic IP address assignment and translation to avoid collision with existing (private) address spaces of end hosts, and to allow the system to scale to the number of users that today's successful online social network services serve (tens of millions). Users are able to connect directly only to a small subset of the total number of users of such a service, where the subset is determined by their established relationships.

Naming

A SocialVPN uses names derived from the social network service to automatically assign host names to endpoints. These names are translated to virtual private IP addresses in the overlay by a loop-back DNS virtual server.

Related systems

The MIT [http://pdos.csail.mit.edu/uia/ Unmanaged Internet Architecture] (UIA) has a similar system that provides ad-hoc, zero-configuration routing infrastructure for mobile devices, but the ad-hoc connections are not established through a social networking infrastructure [Bryan Ford, Jacob Strauss, Chris Lesniewski-Laas, Sean Rhea, Frans Kaashoek, and Robert Morris, [http://www.pdos.lcs.mit.edu/papers/uia:osdi06.pdf "Persistent Personal Names for Globally Connected Mobile Devices"] , in Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI '06), Seattle, WA, November 2006.] .The idea of a "Friend Net" which is similar in nature to a SocialVPN has been put forth in a 2002 blog entry [Lucas Gonze [http://blogs.oreilly.com/digitalmedia/2002/12/friendnet.html "Friendnet"] , blog entry (2002-12-15). Retrieved on 2008-09-23.] . Hamachi is a related zero-configuration VPN, which uses a different security architecture not based on social networks. [ [https://secure.logmein.com/products/hamachi/securityarchitecture.asp LogMeIn Hamachi Security Architecture] .] . The leafnetworks VPN also supports the creation of networks using the Facebook API.

Software

An open-source SocialVPN implementation based on the [http://www.facebook.com Facebook] social network service and the [http://boykin.acis.ufl.edu/wiki/index.php/Brunet Brunet P2P overlay] is available for Windows and Linux systems under the GPL license. It creates direct point-to-point secure connections between computers with the help of online social networks, and supports transparent traversal of NATs. The application is in alpha testing phase.

This SocialVPN implementation is a P2P application that is part of a structured peer-to-peer overlay. It uses this P2P overlay to create a direct connection between two computers. This connection is used to tunnel IP traffic between the two computers. In order to enable IP connectivity between two computers, they advertise their P2P node address (as well as public keys for secure communication) to each other through an online social network. Once each node acquires the node address (and public keys), an IP-to-nodeAddress mapping is created. IP packets can then be routed to the appropriate p2p node.

References

See also

Virtual Private Networks
* Virtual private network overview article
* OpenVPN, an open source VPN program
* Hamachi

External links

* [http://www.socialvpn.org/ SocialVPN Main Website]
* [http://socialvpn.wordpress.com/ SocialVPN Home] at WordPress.com
* [http://www.logmeinhamachi.com/ Hamachi Website]
* [http://www.leafnetworks.net leafnetworks Website]
* [http://pdos.csail.mit.edu/uia/ Unmanaged Internet Architecture Website]