When a peer in a public network opens a connection to another one being behind a network address translator, it encounters the network address translation problem. So called "UDP hole punching" approach allows to open a public-to-private or private-to-private network connection. This article deals with this approach to propose new security architecture for IPv4 communication introducing so called "implicit security" concept. Main contributions are ability to interconnect to any host behind NAT using just a host's domain name, enhanced mobility, and encryption and authentication of all data transmitted through this connection right from a packet sender to a local receiver. Secure channel is established on-demand automatically and is independent on any application. No additional modification of current NAT, IPv4 or DNS is required.
展开▼
