VPN-Zero: A Privacy-Preserving Decentralized Virtual Private Network
Autor: | Matteo Varvello, Panagiotis Papadopoulos, Antonio Nappa, Inigo Querejeta Azurmendi, Gonçalo Pestana, Benjamin Livshits |
---|---|
Rok vydání: | 2021 |
Předmět: |
Service (systems architecture)
business.industry Computer science Node (networking) ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS computer.file_format Certification Distributed hash table Domain (software engineering) Production (economics) business BitTorrent computer Computer network Private network |
Zdroj: | Networking |
Popis: | Distributed Virtual Private Networks (dVPNs) are new solutions aiming to solve the trust-privacy concern of a VPN's central authority by leveraging a distributed architecture. In this paper, we discuss the requirements of a successful dVPN system and we present VPN-Zero: a dVPN system with strong privacy guarantees that provides traffic accounting and has minimal performance impact on its users. VPN-Zero guarantees that a dVPN node only carries traffic it has “allowlisted”, without revealing its allowlist or knowing the traffic it tunnels. This is achieved via three main innovations: (a) an attestation mechanism which leverages TLS to certify a user visit to a specific domain, (b) a zero-knowledge proof to certify that some incoming traffic is authorized (e.g., falls in a node's allowlist, without disclosing the target domain), and (c) a dynamic chain of VPN tunnels to both increase privacy and guarantee service continuation while traffic certification is in place. The paper demonstrates VPN-Zero functioning when integrated with two production systems: BitTorrent's Distributed Hash Table and ProtonVPN. Early evaluation results show that the median setup time of VPN-Zero is about 10 seconds. |
Databáze: | OpenAIRE |
Externí odkaz: |