Integrating Overlay and Social Networks for Seamless P2P Networking

In this paper we introduce social VPNs, a novel system architecture which leverages existing social networking infrastructures to enable ad-hoc VPNs which are self-configuring, self-managing, yet maintain security against untrusted parties. The key principles in our approach are: (1) self-configuring virtual network overlays enable seamless bi-directional IP-layer connectivity among parties linked by means of social connections; (2) social networking infrastructures greatly facilitate the establishment of trust relationships among parties, and these can be seamlessly integrated with existing public-key cryptography implementations to authenticate and encrypt traffic flows on overlay links end-to-end; and (3) knowledge of social connections can be used to improve the performance of overlay routing. This paper describes the architecture of such Social VPNs and a prototype implementation which integrates the Facebook API, IP-over-P2P virtual networks, and the IPsec security infrastructure in a virtual router. We demonstrate the ability of the prototype to support existing, unmodified TCP/IP applications while transparently dealing with the increasingly common case of users connected to the Internet through network address translators (NATs), and present qualitative and quantitative analysis of its functionality and performance.