1. Field of the Disclosure
The technology of the disclosure relates generally to Traversal Using Relays around Network Address Translator (TURN) connections, and, in particular, to enhancing privacy of TURN connections between TURN clients and TURN servers.
2. Technical Background
A host (e.g., a computing device connected to a network) located behind a Network Address Translator (NAT) device or system may wish to communicate with other hosts, some of which may also be located behind NATs. To do this, the hosts may use “hole punching” techniques in an attempt to discover a direct communications path that connects one computing device to another through intervening NATs and/or routers, but that does not traverse any relays. However, hole punching techniques may be unsuccessful if one or both hosts are located behind NATs that are configured with mapping behaviors incompatible with direct communications paths. For instance, NATs that are configured with a mapping behavior of “address-dependent mapping” or “address- and port-dependent mapping,” as non-limiting examples, may impede direct communications paths between hosts.
When a direct communications path cannot be found, it may be necessary to employ an intermediate host to relay communications between the two hosts. One protocol for relaying communications, described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 5766 (available online at, e.g., http://tools.ietf.org/search/rfc5766), is known as Traversal Using Relays around NAT (TURN). The TURN protocol allows a host (referred to herein as a “TURN client”) to request that a TURN server act as an intermediate host to relay communications to and from other hosts (referred to as “TURN peers”). To accomplish this, the TURN client obtains a TURN relayed transport address from the TURN server. The TURN relayed transport address includes an Internet Protocol (IP) address and port on the TURN server through which network communications may be passed between the TURN client and the TURN peer. For instance, communications sent by the TURN peer to the TURN relayed transport address are sent by the TURN server to the TURN client. Communications sent by the TURN client to the TURN relayed transport address are sent by the TURN server to the TURN peer using the TURN relayed transport address as the source address.
However, the use of a TURN server may raise concerns with respect to privacy of a TURN client. Although use of the TURN server hides the topology of the network to which the TURN client is connected, information that may potentially compromise the privacy of the TURN client may be leaked during setup of the TURN connection and/or by characteristics of a TURN connection between the TURN client and the TURN server. For example, a TURN peer may be able to determine, based on the candidate addresses received from the TURN client during connection setup, that the TURN server is being used, and thus that the TURN client may be trying to hide or obfuscate its address. Similarly, if the TURN peer can detect that the TURN server is used for multiple communications sessions, the TURN peer may be able to determine that the multiple communications sessions are associated with the same TURN client.