|Technical Features & Documents|
The following technical paper explains AVES in full detail and provides information about our Linux based implementation and its performance. It also explains the application, security, and scaling limitations of AVES.
We have tested our AVES implementation on RedHat Linux 6.1 and above, although we believe a version 2.2 or above Linux kernel is the only requirement. There are many features in our implementation that are not yet described in the paper. Below we provide an overview.
AVES has a lot of security features to keep a user's computers as protected as possible, however, a user should always secure his computers just as he should secure his NAT gateway even if he is not using AVES.
The first concern of an AVES user is, will any random person be able to connect to his computers at home? We have implemented the following security features to protect users from malicious attackers:
Authentication ensures that connections can only be established through the AVES service provider. A random person cannot directly connect to a user's computers without going through AVES. Moreover, to connect to a user's computers through AVES a person needs to know the host names of those computers. If a person does not know any host names and tries to attack the system, the anti-waypoing-scanning feature will reject the person from the system for an extended period of time. The host names themselves, unless disclosed voluntarily by the user, are hard to obtain because AVES has anti-host-name-scanning. What this does is that, if a malicious person is trying to discover host names by guessing, the response time for the queries from such person will become extremely slow, making the attack impractical.
Even if a person knows the host name of a user's computer (e.g. the computer is a public web server), AVES has other features to keep the person's activities in check:
These features all aim to put a hard limit on the amount of system resources a person can consume. These limits should not be reached under normal usage scenarios.
It is typical that an AVES user's NAT gateway does not have a fixed IP address assigned by the ISP. Instead, the NAT gateway obtains a dynamic IP address from the ISP on power-up through the DHCP protocol. To support dynamic IP address, we have added these following features:
When a user powers-up his NAT gateway, it authenticates itself with the AVES service provider and transfers its new IP address to the service provider. AVES also by default assigns the NAT gateway a host name for convenience.