Send in your ideas. Deadline June 1, 2024
Source code :
Vendor stores
Nix Flake
Theme fund: NGI0 PET
Start: 2019-06
End: 2019-06
More projects like this
Network infrastructure


A high performance IPSEC implementation

When the IP protocol was designed, its original authors did not add adequate security features. In 1994 the first official RFC concerning an end-to-end encrypted variant of IP called IPSEC was published after a number of years of standardisation work in the IETF. Almost a quarter of a century later, there is still a very limited set of implementations of the protocol. IPSEC is perceived by many as hard to deploy, which creates a chicken and egg situation in driving adoption. Vita is a fresh new implementation of IPSEC based on Snabb Switch, a high performance open source packet networking toolkit. The goal of Vita is to make it very easy to use IPSec on commodity hardware, and to produce a fast and compliant clean room implementation. Vita previously received funding from the Internet Hardening Fund. This project will move the deployability of Vita forward, and among others will produce a number of drivers for interfacing with e.g. high speed interfaces such as the Linux kernel. It limited size and use of an existing packet networking toolkit means it can be easily audited.

Why does this actually matter to end users?

On the internet, every computer by design gets a unique number - a so called internet protocol address (or for short IP address). This address is used to send information from your computer to the other computer you want to communicate with, and of course back. Unlike a traditional radio, you often need to send messages to receive messages on the internet. Computers are a great engineering achievement but they are certainly not magic, and thus they need to be able to somehow find each other. The IP address makes this possible. Unfortunately, the fact that every computer has a unique number opens up the possibility of abuse by dishonest actors. Because even though it is none of their business, breaking privacy is a profitable business. If they link what you do on the left side of the internet to what you do on the right side of the internet, they can create a profile and sell this to the highest bidder - with any bad luck to people that want to use it for nefarious purposes.

Misuse of IP addresses shows just one of the ways in which the internet protocol and other important networking technologies are designed to connect, to extend, but not always to secure the traffic that is sent over it. The pioneers of the internet simply could not foresee how massive and crucial their technology would become to modern society. This project aims to add security to the core internet protocol by encrypting and codifying the information it transports so users can confidentially be online. IPsec, which stands for internet protocol security, is an older effort to protect users privacy and security on the internet and Vita aims to update this work and make it ready for deployment at your local network operator. Fixing and securing fundamental internet technologies is a worthwhile effort for the billions of users that live and work online as we speak, but can only make a difference for people if it is actually a part of the current internet. This project can help make that a reality and raise the bar for online privacy and security.

Run by Interstellar Ventures

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.