Our VIPN connects to SNO, transforming your data into snowflakes and melting them into the snowpack, so that you become invisible.

What is a VIPN ?

VIPN: Virtual & Invisible Private Network

Snowpack technology, has been developed with the idea that the present cybersecurity cornerstone, Trust, as reached its limit. With the spread of ICT technologies across all consumer and industry equipment’s, systems and systems of systems, the ever increasing complexity of the ICT supply chain, and the thriving worldwide vulnerabilities and exploits market, there has been a terrific increase of common vulnerabilities uncovered each year during the last decade (+25k CVE in 2022, including 15% deemed critical by NIST). Because, the chain of trusts is like a house of cards, this trend makes the Trust paradigm less and less relevant or at least harder to maintain.

This is why, Snowpack was designed with a “Beyond Trust” by-design approach: no user should have to trust any of the elements of the network overlay. We achieved that by making users, devices and data invisible on Internet: even if there is a vulnerability somewhere in the chain of trust, it should not be exploitable by any observer, whether from a script-kiddy or a nation-state. As a result, users become independent from the underlaying infrastructure in the broader sense of the term (i.e., software, hardware, cryptographic layers and of course Snowpack).

Agents & SNO

In a nutshell, our VIPN agents connect to Snowpack Network Overlay (SNO) turns your data into snowflakes, mix them with billions of other look-alike anonymous snowflakes from other users and melts them into the Snowpack.

SNO is an overlay network composed of nodes operated by Snowpack, partners, and certain clients.

Unlike traditional VPNs and anonymity networks (e.g., Tor, I2P, etc.), SNO does not rely only on conventional encryption but also on data fragmentation into complementary noises called « snowflakes. » These snowflakes are then exchanged through routes created using a privacy-by-design auto-discovery mechanism that ensures the anonymity of endpoints. This approach allows users to operate without trusting the nodes that make up SNO: regardless of their computational capacity, no node can determine the origin, destination, or content of a snowflake as they never see these information, not even encrypted.
As part of the activities of our joint laboratory with CEA List, it has been demonstrated that the entropy of SNO follows a power-law distribution based on the number of flakes.

This architecture enables SNO to offer six complementary properties, some of which are relatively unique:

  • Resilience: Nodes are hosted by various cloud operators and managed by different partners.
  • Absence of a Trusted Third Party: Neither Snowpack nor any of its partners can determine the routes, thus preserving the anonymity and invisibility of communications, even in « Privacy » mode (see the following section).
  • Quality of Security: By design, flows cannot be distinguished on SNO since even metadata is turned into snowflakes. Attacking communications on SNO therefore requires brute-forcing the entire overlay. To achieve this, one would need to compromise the PKIs of the partners operating the nodes, deploy probes across all nodes, record the network to retrieve all snowflakes, and then test the various combinations of snowflakes against each other. This combinatorial complexity follows a power-law distribution based on the number of snowflakes and can be measured using data reported by SNO. Consequently, users can verify the computational power required for an attacker to carry out such an operation. Moreover, since this « QoSec » (Quality of Security) can be measured, it can also be controlled by adding dummy traffic with “snow-cannons”.
  • MITM (Man-in-the-Middle) attacks are impossible, even in anonymity mode.
  • Cloaking of the Attack Surface : similarly to Onion services, VIPN protocols enable devices to communicate without mutual knowledge of endpoint IP addresses and without the server requiring an open listening for serving incoming clients, and without a trusted third party.

Similar to a VPN, VIPN can operate in two ways:

  • « Privacy » or non-collaborative use, which is similar to that of a proxy or consumer VPN services. In this mode, only Alice requires an SNO agent or connector, which allows her to « hide » behind SNO to access the Clear, Deep, and Dark web.
  • « Tunnel » or collaborative use, where both Alice and Bob must have a VIPN agent r to establish a route on SNO.
What is Snowpack ?

Similar to VPNs or anonymization networks, Snowpack is fully transparent for applications.

Network heterogeneity is an important element which re-enforces security. As such, Snowpack network is made of nodes fully operated by Snowpack, others deployed at customer’s premises (for customers requiring the highest level of security) and finally some at independent operators.

Two different nodes can be distinguished: S-node which can be consider as a relay and Holonode which is used for the Privacy/Browsing mode. A customer establishes a “route” consisting of at least two “ways” by choosing a subset of nodes. These circuits are built anonymously via an auto-discovery mechanism. All the IP packets exchanged by the client and its interlocutor are then “separated” into complementary fragments by secret sharing that circulate along the circuits. Since these fragments are anonymous, a node can neither identify the end-points nor access the content in any way.

Communication Protocol

Privacy Mode

In the privacy mode, Snowpack allows users to create their own hologram to contact Internet services. This hologram is then considered the correspondent of the service and allows to guarantee the anonymous navigation of our user.

The user selects the S-nodes he wants to use to create his routes as well as the holonode which will serve as his hologram to communicate with the service.

  1. He then creates his circuits with the input nodes of the network.
  2. Then he anonymously creates circuits between the following nodes.
  3. The user designates a “master” node, S-node3 in the video, which will be responsible for reformatting the message. To be able to do so, it must find the complementary route which is achieved thanks to a self-discovery mechanism based on secret sharing message exchanged on the complementary routes.
  4. Each of the exit S-nodes receives the information of the holonode to be used and creates a circuit with it to recover the output messages.

During a communication, the user fragments the message into complementary fragments that he sends on separate routes. Each node relays to the next node and when S-node3 has received the two fragments, it recombines them and sends the message to the service by spoofing the holonode address. The service then considers it is communicating with holonode and sends its response back to holonode. From there, holonode fragments the message and sends a fragment to each of the S-nodes to which it is connected. The S-nodes then route the message to the user who only has to recompose the message.

Communication privacy is guaranteed against a possible network node compromise thanks to an architecture built to prevent any network element from having access to all the elements of the communication: {Sender, Recipient, Message content} as shown at the end of the video.

Tunnel Mode

In the peer-to-peer mode, both parties aims to connect anonymously and securely. First, they establish independently circuits up to the middle of the Snowpack network.

Then, thanks to a self-discovery mechanism based on a defined secret, exchanged through a secure channel, the two pieces connect to each other. The connection is established. The connection is then fully bi-directional.