Distributed monitoring of self-configuring Virtual Private Networks

The cheap and globally available communication infrastructure of the Internet, makes it more and more interesting for companies and governments to also exchange private information over it. However, the often deployed manually configured Virtual Private Networks (VPNs) have certain limitations: While cryptography can ensure the confidentiality, integrity and authentication of transmitted data, the availability of globally accessible VPN is puzzling and will become an issue of increasing importance. This is due to the usual manual configuration approach, where a central VPN concentrator, a so-called Hub, is used to connect all participants (spokes). Centralized approaches like this hub-and-spoke architecture are very susceptible to attackers who control or rent botnets. Recently, powerful Denial-of-Service (DoS) attacks have even led to failures in the critical infrastructures of Estonia and the Republic of Georgia, and the threat of DoS-attacks had been reported to be used even in extortions. In order to reduce this risk for VPNs, an entire paradigm shift in the management of such infrastructures is required. As distributed VPNs, which promise better resilience properties [1], cannot be reasonably configured by manual interaction, such VPNs must be automatically configured. Nonetheless, besides providing potentially better resilience against DoS attacks, self-configuring VPNs may have also other advantages. They may be easier to deploy, allow for a more efficient integration of mobile users, and a more robust reaction to transport network failures. Furthermore, the number of security relevant configuration errors can be reduced, e.g., due to typos in addresses or subnet masks.