Technical Information
Diclave Networks provides a generic global Virtual Private Network environment.
Users use their PC or laptop to establish an encrypted connection to our VPN Gateways. This connection travels through a VPN concentrator that mixes the streams from several users to make them indistinguishable to outside observers. After the encrypted connection is decrypted at our VPN Gateways the data is relayed to the Digital Enclave.
Our Digital Enclave is an internal (but global) network of Diclave access points. It enables protected connections between users of different access points. For connections that are directed to the Internet all data gets relayed through the External Gateway.
To protect the secrecy of communication every hop of communication is encrypted as long as it is under control of Diclave Networks. For communication between users of Diclave no packet ever travels the network unencrypted. Data directed to the Internet gets decrypted at the External Gateway.
To protect the privacy of our members all data is mixed at several points of the system. First, the encrypted connections get mixed on the VPN concentrator so that at no point are the source, destination or contents available at the same time. Essentially the system removes all source information while traveling through the VPN concentrator. Secondly, all connections headed to the Internet get mixed on the External Gateways. Here every connection receives a random IP that is shared with other connections. This ensures that outside observers cannot associate your outgoing IP-Address or traffic pattern with your incoming connection.
For maximum use and flexibility Diclave Network operates a generic VPN Environment. We are not limited to one kind of VPN application or one brand. Diclave Network can be accessed using OpenVPN or IPSec/L2TP VPN clients. Internal operations of Diclave Network are based on IPSec. Using OpenVPN on the users PC has the advantage of easy installation and maintenance while providing excellent cryptographic security at the same time.
OpenVPN uses state of the art and wide spread encryption algorithms (AES, Blowfish) to encrypt traffic. Key exchange and authentication is based on DH and RSA. By compressing the data and communicating it over high performance UDP connections maximum performance is ensured.
Client as well as internal IPSec connections prefer AES for traffic encryption but provide DES3 for backwards compatibility with legacy clients and applications. Wherever possible the maximum key sizes supported by the software are used. Please refer to your VPN client documentation for details.
If you have further questions, please contact: tech@diclave.net.
