ARTICLE
Atsign’s Zero Trust Planes
How Data is Transmitted with the atProtocol in NoPorts
In “100 Times Faster Internet,” our co-founder and CTO, Colin, introduces the concept of control and data planes, along with a novel addition, the policy plane. Over the next few weeks, we’ll explore how Atsign leverages these three planes to enhance internet and networking capabilities.
Data Transmission
The process of data transmission in NoPorts involves three atSigns, each associated with specific components: the NoPorts daemon program (sshnpd) running on the device intended for SSH access, the NoPorts client program (sshnp) used on the device initiating the SSH connection, and the noports TCP rendezvous program (RVD). These programs communicate through the atProtocol and the atClient SDKs, ensuring that their exchanged messages are end-to-end encrypted.
The above image is an overview of how data is transmitted in our remote access tool, NoPorts. We read this diagram starting at the bottom left, the client.
The client creates a GUID (globally unique identifier) for the session. The client sends a request notification to the socket relay host (labeled above as @rendezvous here) for a port1/port2 pair for this sessionID.
@rendezvous’ job (as an actor, specifically as the socket relay host) is to receive requests from atSigns, find a pair of available ports (networking technology provided by the machine’s operating system), and open server sockets for both ports. Once this bridge is established, the socket relay host will send a response to the client.
After the client receives this response, it will send a request notification to the sshnpd including the session ID and the socket relay host of rvd port 1.
An srv process will open a socket to the socket relay host of rvd port 1 and open a socket to its local sshd port, rather than the sshnp/sshnpd doing this part of the connection. This allows the sshnpd to be restarted without effecting existing sessions. When both have been opened successfully, it is bridged by the socket relay client and sends a response notification to the client.
The client will issue an SSH command to set up the SSH tunnel and do a local port forwarding. The client will display a message to the owner of the machine that they may now SSH to the device’s local host (labeled above as @linux_mc).
In the next post, we’ll explain more about the policy plane.
In the meantime, check out our YouTube channel. It’s full of helpful content like remote access tutorials as well as our newest Atsign Engineering Podcast.
Mitigating Man-in-the-Middle Risks and Ensuring Data Integrity
Prevent Man-in-the-Middle risks, protect your data, and maintain privacy while implementing corporate policies.
Atsign’s Zero Trust Planes: Policy Plane
Learn how Atsign’s unique policy plane revolutionizes data transmission, eliminating vulnerabilities associated with VPNs and firewalls.
Why Are There Constantly Escalating Data Breaches and Security Violations?
Data breaches are on the rise. Traditional security measures like firewalls and VPNs have limitations. Atsign offers a new solution with atSigns, a secure digital address that eliminates the need for open ports and complex authentication, simplifying data security.
Transforming Fleet Management with Real-Time Telemetry: An Atsign Use Case
Learn how a real-time telemetry solution with Atsign technology can help a large fleet management company achieve significant improvements in reliability, reduce costs, and optimize maintenance schedules.
Data Transmission Methods with Atsign’s NoPorts and atSDK
Learn how Atsign is addressing vulnerabilities in data transmissions, making it safer to send data securely over the Internet.