A Virtual Private Network (VPN) is a logical network that uses insecure public telecommunications, such as the Internet, to provide secure communications to members of the VPN. A VPN seeks to provide the security associated with dedicated communication lines but without requiring the necessary hardware and at a fraction of the cost, which is typically associated with dedicated communication lines.
A VPN works by using shared public infrastructure while simultaneously maintaining privacy through agreed upon security procedures and protocols. Essentially, a VPN uses custom encryption to encrypt messages communicated via the VPN. The encryption and decryption of messages rely upon keys that are securely held by participants of the VPN.
Typically, it is not desirable for a particular VPN communication key to remain unchanged for any extended period of time. This is so, because the longer a key is detectable over the shared public infrastructure, the more likely an intruder will have a chance to discover the key. Consequently and pursuant to configurations or detected events, the communication key for a VPN will change over time with some regularity.
However, when the key is changed it has to be communicated to each of the participants of the VPN; otherwise, some participants will find that they are no longer capable of communicating within the VPN. The popular approach for communicating a changed key is to multicast the changed key to members of the VPN. With multicasting, the key is sent to all members of the VPN at once. Essentially for VPN rekeying techniques, multicasting may be viewed as selective broadcasting, since within the VPN the changed key is broadcast, but the changed key is not exposed to the entire shared public network.
Yet, not every network or sub network within the public infrastructure is capable of supporting multicasting. Consequently, the benefits of VPN and dynamic rekey distribution within a VPN are limited to participants that are accessible to sub networks, resources, and/or applications that support multicasting techniques. For multicasting to work a single packet has to be replicated for each intended recipient from a single stream or packet. Thus, the application and adoption of VPN techniques are currently circumscribed to participants and networks enabled for multicasting communications.
Therefore, improved techniques for distributing keys within a VPN are desirable.