There are three main ways of secure communication inside MVCN:
Communication between certain devices shall be allowed by the system of MVCN only after accomplishing the identification and authentication of the devices as well as the users by the MVCN-server. Only data needed for the authentication of devices and users shall run to the server; thereafter the system uses a peer-to-peer connection for communicating between the devices, there is no central network hub allowing potential eavesdroppers to aim a single point of attack.
While the basic purpose and many of the usage scenarios are similar to virtual private networks (VPN) – i.e. an encrypted tunnel is used to secure private information transmitted over public TCP/IP networks –, the MVCN technology offers a number of benefits that make it a clear winner is certain situations.
The main difference from a VPN is that while there is a central MVCN authentication server, the encrypted data traffic does not have to flow through a central choke point, like with a VPN; on the contrary, the MVCN clients communicate directly, in a peer-to-peer (P2P-) fashion. (Strictly speaking, it is possible to use an MVCN proxy server within the MVCN network, if the MVCN clients cannot reach each other with global addresses, but it is not a requirement.)
Furthermore, all current MVCN devices include some sort of cryptographic hardware (a Trusted Platform Module or a similar, encrypted microSD card) to raise the level of security.
This architecture solves a number of problems traditionally associated with VPNs:
MVCN key exchange
MVCN devices use 2048-bit RSA for server authentication/key exchange and 1024-bit RSA for peer authentication/key exchange. The data communication is encrypted with 448-bit Blowfish CBC.
Private keys are never shared and the TPM/cryptocard is used when negotiating the encryption keys (by default, encryption keys are changed every 5 minutes but this interval can be modified)
MVCN is a closed system regarding authentication. Keys can only be requested and granted by the MVCN server, not other peers. Keys are only kept for the length of the call and then are thrown away.
Our company has a family of MVCN-based products, optimized for different tasks. Regardless of their various designs and speeds, the essential operation of these devices is the same and perform the same role – the MVCN client – in the MVCN network.