Described systems and methods allow carrying out privacy-preserving DNS exchanges. In some embodiments, a client machine engages in a private information retrieval (PIR) exchange with a nameserver. In response to receiving an encrypted query from the client, the query formulated according to a domain name, the nameserver may extract a record (e.g., an IP address) from a domain name database without decrypting the respective query. Some embodiments achieve such information retrieval by the use of homomorphic encryption.

Described systems and methods allow carrying out privacy-preserving DNS exchanges. In some embodiments, a client machine engages in a private information retrieval (PIR) exchange with a nameserver. In response to receiving an encrypted query from the client, the query formulated according to a domain name, the nameserver may extract a record (e.g., an IP address) from a domain name database without decrypting the respective query. Some embodiments achieve such information retrieval by the use of homomorphic encryption.

A controller can securely publish an application of a tenant by securely extending a network fabric into the networks of the tenant with virtual private networks and NAT. After a tenant deploys an application into one or more networks of the tenant, the tenant can indicate select applications to publish. The network controller assigns a network address from the routable address space of the network fabric to the application and a network address aggregate to each application connector that will front an instance of the application, which securely extends the network fabric into the tenant network. The network controller configures NAT rules in the network fabric and on the application connector to create a route for traffic of the application through the network fabric to the application instance using a fully qualified domain name assigned to the application without exposing a private network address of the application instance and preserving security of other resource on the tenant network.

A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.

Described systems and methods allow carrying out privacy-preserving DNS exchanges. In some embodiments, a client machine engages in a private information retrieval (PIR) exchange with a nameserver. In response to receiving an encrypted query from the client, the query formulated according to a domain name, the nameserver may extract a record (e.g., an IP address) from a domain name database without decrypting the respective query. Some embodiments achieve such information retrieval by the use of homomorphic encryption.

Described systems and methods allow carrying out privacy-preserving DNS exchanges. In some embodiments, a client machine engages in a private information retrieval (PIR) exchange with a nameserver. In response to receiving an encrypted query from the client, the query formulated according to a domain name, the nameserver may extract a record (e.g., an IP address) from a domain name database without decrypting the respective query. Some embodiments achieve such information retrieval by the use of homomorphic encryption.

Techniques for maintaining service continuity in a 5G NR network in communication with a MEC system and an edge application (EDGEAPP) system are disclosed. A notification message originating from a service management function (SMF) of a core network (CN) is decoded at a network exposure function (NEF) of the CN. The notification message includes a UE IP address change of a UE. A private IP address of the UE is determined based on the UE IP address change. A query with the private IP address is encoded for transmission to a NAT server. A response from the NAT server is decoded. The response includes a public IP address and a UE ID of the UE. The public IP address corresponds to the private IP address. A tuple including the UE ID, the public IP address, and the private IP address is generated at the NEF.

Techniques for maintaining service continuity in a 5G NR network in communication with a MEC system and an edge application (EDGEAPP) system are disclosed. A notification message originating from a service management function (SMF) of a core network (CN) is decoded at a network exposure function (NEF) of the CN. The notification message includes a UE IP address change of a UE. A private IP address of the UE is determined based on the UE IP address change. A query with the private IP address is encoded for transmission to a NAT server. A response from the NAT server is decoded. The response includes a public IP address and a UE ID of the UE. The public IP address corresponds to the private IP address. A tuple including the UE ID, the public IP address, and the private IP address is generated at the NEF.

Systems, devices and methods for concealing radio communications and the spatial position of radio transmitters involved therein include the use of electrotechnical signal variation and dynamic, pseudo-random radio identifier. Transmitted radio signals contain radio identifiers identifying the transmitting mobile radio device. Each radio identifier is dynamically selected for each radio signal from a sequence of radio identifiers selected from a set of predefined pseudo-random sequences. The sequence is selected based on a predetermined selection rule. The radio identifier is selected from the thus selected sequence according to a predetermined deterministic update pattern associated with the selected sequence. The associated transmission power and/or transmission frequency is dynamically varied on the transmitter side according to a predetermined deterministic variation scheme.

Systems, devices and methods for concealing radio communications and the spatial position of radio transmitters involved therein include the use of electrotechnical signal variation and dynamic, pseudo-random radio identifier. Transmitted radio signals contain radio identifiers identifying the transmitting mobile radio device. Each radio identifier is dynamically selected for each radio signal from a sequence of radio identifiers selected from a set of predefined pseudo-random sequences. The sequence is selected based on a predetermined selection rule. The radio identifier is selected from the thus selected sequence according to a predetermined deterministic update pattern associated with the selected sequence. The associated transmission power and/or transmission frequency is dynamically varied on the transmitter side according to a predetermined deterministic variation scheme.