Securing the Private Realm Gateway

Hammad Kabir, Jesús Llorente Santos, Raimo Kantola

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

5 Citations (Scopus)


The traditional mechanisms to traverse Network Address Translators (NAT) do not scale well to battery powered mobile-hosts: the majority of Internet users today. Private Realm Gateway (PRGW) aims to replace NATs at network edges and overcome the drawbacks of the NAT traversal mechanisms. The solution does not require changes in end-hosts or protocols, and hosts in the private realm can remain globally reachable without polling. PRGW handles incoming connections based on domain resolution of the served hosts. Incoming DNS queries create connection state in PRGW for subsequent packet forwarding. The connection state provides means for access control on the Internet-originated flows. This paper analyses the security of PRGW and introduces mechanisms that protect the served hosts and networks against Internet-borne attacks, in particular: address spoofing and Distributed Denial of Service (DDoS). The paper contributes to establish PRGW as an incrementally deployable network function that offers light-weight NAT traversal and protects the private realm against the inherent Internet threats.

Original languageEnglish
Title of host publication2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016
Number of pages9
ISBN (Electronic)9783901882838
Publication statusPublished - 21 Jun 2016
MoE publication typeA4 Conference publication
EventIFIP Networking - Vienna, Austria
Duration: 17 May 201619 May 2016


ConferenceIFIP Networking
Abbreviated titleNETWORKING


  • DDoS
  • Denial of Service
  • DNS
  • Gateway
  • Internet threats
  • NAT
  • NAT Traversal
  • Network
  • PRGW
  • Security


Dive into the research topics of 'Securing the Private Realm Gateway'. Together they form a unique fingerprint.

Cite this