A control plane for WireGuard

Vista senzilla d'ítem
dc.contributor.authorPaillissé Vilanova, Jordi
dc.contributor.authorBarcia González, Alejandro
dc.contributor.authorLópez Brescó, Albert
dc.contributor.authorRodríguez Natal, Alberto
dc.contributor.authorMaino, Fabio
dc.contributor.authorCabellos Aparicio, Alberto
dc.contributor.groupUniversitat Politècnica de Catalunya. CBA - Sistemes de Comunicacions i Arquitectures de Banda Ampla
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors
dc.date.accessioned2022-09-15T08:52:50Z
dc.date.available2022-09-15T08:52:50Z
dc.date.issued2021
dc.description.abstractWireGuard is a VPN protocol that has gained significant interest recently. Its main advantages are: (i) simple configuration (via pre-shared SSH-like public keys), (ii) mobility support, (iii) reduced codebase to ease auditing, and (iv) Linux kernel implementation that yields high performance. However, WireGuard (intentionally) lacks a control plane. This means that each peer in a WireGuard network has to be manually configured with the other peers’ public key and IP addresses, or by other means. In this paper we present an architecture based on a centralized server to automatically distribute this information. In a nutshell, first we manually establish a WireGuard tunnel to the centralized server, and ask all the peers to store their public keys and IP addresses in it. Then, WireGuard peers use this secure channel to retrieve on-demand the information for the peers they want to communicate to. Our design strives to: (i) offer a key distribution scheme simpler than PKI-based ones, (ii) limit the number of public keys sent to the peers, and (iii) reduce tunnel establishment latency by means of an UDP-based protocol. We argue that such automation can help the deployment in enterprise or ISP scenarios. We also describe in detail our implementation and analyze several performance metrics. Finally, we discuss possible improvements regarding several shortcomings we found during implementation.
dc.description.peerreviewedPeer Reviewed
dc.description.sponsorshipThis work was partially supported by the Spanish MINECO under contract TEC2017-90034-C2-1-R (ALLIANCE) and the Catalan Institution for Research and Advanced Studies (ICREA).
dc.description.versionPostprint (author's final draft)
dc.identifier.citationPaillissé, J. [et al.]. A control plane for WireGuard. A: International Conference on Computer Communication and Networks. "30th International Conference on Computer Communications and Networks, ICCCN 2021: Athens, Greece, July 19-22, 2021". Institute of Electrical and Electronics Engineers (IEEE), 2021, ISBN 978-1-6654-1278-0. DOI 10.1109/ICCCN52240.2021.9522315.
dc.identifier.doi10.1109/ICCCN52240.2021.9522315
dc.identifier.isbn978-1-6654-1278-0
dc.identifier.urihttps://hdl.handle.net/2117/372835
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.projectidinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2013-2016/TEC2017-90034-C2-1-R/ES/DISEÑANDO UNA INFRAESTRUCTURA DE RED 5G DEFINIDA MEDIANTE CONOCIMIENTO HACIA LA PROXIMA SOCIEDAD DIGITAL/
dc.relation.publisherversionhttps://ieeexplore.ieee.org/document/9522315
dc.rights.accessOpen Access
dc.subjectÀrees temàtiques de la UPC::Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Protocols de comunicació
dc.subject.lcshPublic key cryptography
dc.subject.lcshComputer network protocols
dc.subject.lemacCriptografia
dc.subject.lemacProtocols de xarxes d'ordinadors
dc.subject.otherDynamic VPN
dc.subject.otherWireguard
dc.subject.otherSecure overlays
dc.subject.otherControl plane
dc.titleA control plane for WireGuard
dc.typeConference report
dspace.entity.typePublication
local.citation.authorPaillissé, J.; Barcia, A.; López, A.; Rodríguez, A.; Maino, F.; Cabellos-Aparicio, A.
local.citation.contributorInternational Conference on Computer Communication and Networks
local.citation.publicationName30th International Conference on Computer Communications and Networks, ICCCN 2021: Athens, Greece, July 19-22, 2021
local.identifier.drac31789085

Fitxers

Paquet original

Mostrant 1 - 1 de 1
Miniatura
Nom:
wiregurad-control-plane.pdf
Mida:
399.85 KB
Format:
Adobe Portable Document Format
Descripció:

Col·leccions

Enviament des de DRAC
Ponències/Comunicacions de congressos
Ponències/Comunicacions de congressos