Description:TECHNICAL FIELD
[0001] The present disclosure relates, in general, to data communication and more specifically, relates to a system and method that secures end-to-end data transmission in a public wide area network (WAN).

BACKGROUND
[0002] The most common method used in public networks/internet to provide secure data communication is Virtual Private Network (VPN). The VPN tunnel is established between VPN client and VPN server over internet connection. All the data traffic is routed through VPN tunnel is encrypted. A VPN protocol is a technology that uses VPN service to establish a secure tunnel. The main VPN protocols in use today are Point-to-point Tunnelling Protocol (PPTP), Layer2 Tunnelling Protocol (L2TP), IP Security (IPSec), Secure Socket Tunnelling Protocol (SSTP) and OpenVPN.
[0003] An example of such a network is recited in a patent US 10965494 that describes an Intelligent Multi-channel VPN Orchestration. This method uses VPN routing table for each of a plurality of VPNs and these tables are stored in VPN client. The client device can access a first VPN routing table and establish a first VPN tunnel to a first VPN. While the first VPN tunnel is active, the client device can access a second VPN routing table and establishes second VPN tunnel simultaneously.
[0004] Another example is recited in a patent RU2707715C2 that describes dynamic secure communication network and protocol. This method transmits a packet over a cloud, wherein the cloud comprises a network of media nodes comprises scrambling a packet by changing the order of data segments in a packet in a first media node in accordance with first scrambling algorithm and sending to second media node. Second media node descrambles a packet in order to restore the data segment and scrambles with second scrambling algorithm such that the order of the data segments in the packet arrives the third media node is different from the order of data segment in the second media node.
[0005] Therefore, it is desired to overcome the drawbacks, shortcomings, and limitations associated with existing solutions, and develop an efficient system that secures transmission of encrypted data over multiple WAN.

OBJECTS OF THE PRESENT DISCLOSURE
[0006] An object of the present disclosure relates, to data communication, and more specifically, relates to a system and method that secures end-to-end data transmission in a public wide area network (WAN).
[0007] Another object of the present disclosure is to provide a system that secures transmission of encrypted data over multiple WAN.
[0008] Another object of the present disclosure is to provide a system that ensures even if any of one WAN is compromised the complete application data retrieval is impossible by network attacker.
[0009] Yet another object of the present disclosure is to provide an efficient system.

SUMMARY
[0010] The present disclosure relates to data communication, and more specifically, relates to a system and method that secures end-to-end data transmission in a public-wide area network (WAN).The main objective of the present disclosure is to overcome the drawback, limitations, and shortcomings of the existing system and solution, by providing a system and method of transferring application data securely in a private network established over public domain from source device to destination device over various wide area networks (WAN) channels through multi-WAN channel router. The system secures end-to-end data transmission in a public WAN, where the public WAN can be 3G, 4G, 5Gnetworks and/or wired network i.e., leased line or dial-up connection.
[0011] The present disclosure relates to a system for communication of data in a public network. The system can include a plurality of devices having a source device that is adapted to transmit a set of data to a destination device over a plurality of WAN channels of a multi-channel router. A processor operatively coupled to the source device and the destination device. The source device splits the data into a random number of data parts of random size. The source device encrypts each data part by random selection of encryption algorithms. The encryption algorithm is randomly selected from a set of indexed encryption algorithms and key index. The source device generates control file, where the control file can include source node ID, destination node ID, key index, algorithm index and the encrypted control data parts in an encrypted form. The encrypted control data part can include a number of data parts, data size, data integrity, key index, and algorithm index.
[0012] The source device can transmit each encrypted data part and the control file from randomly selected source WAN channels to randomly selected destination WAN channel using network information table. The encrypted data part and the control file are transmitted over the randomly selected WAN channel by configuring the multi-channel router in bandwidth aggregation mode for all the active WAN channels and policy is set to bind source IP address to each WAN channel. Further, the destination device can receive the encrypted data part and the control file from the plurality of WAN channels. The destination device can decrypt each encrypted data part by corresponding decryption algorithm and key index using the control file and merge decrypted data part to get original data after integrity verification, thereby securing transmission of encrypted data over multiple WAN and ensures even if any of one WAN channel is compromised, the complete application data retrieval is impossible by network attacker.
[0013] Besides, the system sets a private network by selecting at least one device with static IP address as a master device and maintaining network information table in each device. The network information table can include device ID, master device details, available WAN channels of each device, static IP address and dynamic IP address. Accordingly, the data is transferred from the source device to the destination device by knowing the number of available WAN channels in the destination device through the network information table and selecting the destination WAN channel randomly.
[0014] In addition, data is transmitted from the source device to the destination device through cloud server, when the selected destination WAN channel is provided with dynamic IP address. Each device with WAN channel of dynamic IP address communicates periodically over the WAN channel to the cloud server and transmit and receive encrypted data parts and control file over transport layer security (TLS). Moreover, the source node ID and destination node ID is computed to obfuscate the source device ID and destination device ID. The source device computes the source node ID by scrambling the data of source device ID and time stamp and the destination node ID by scrambling the source device index, destination device ID and time stamp, wherein the destination device descrambles and authenticates the source device.
[0015] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

BRIEF DESCRIPTION OF THE DRAWINGS
[0016] The following drawings form part of the present specification and are included to further illustrate aspects of the present disclosure. The disclosure may be better understood by reference to the drawings in combination with the detailed description of the specific embodiments presented herein.
[0017] FIG. 1 illustrates an exemplary network implementation of a system with multiple WAN channel router over public network in accordance with an embodiment of the present disclosure.
[0018] FIG. 2 illustrates an exemplary data transmission from one device to another device over Internet in accordance with an embodiment of the present disclosure.
[0019] FIG. 3A illustrates an exemplary data transmission from the source device to the destination device through cloud server in accordance with an embodiment of the present disclosure.
[0020] FIG. 3B illustrates source node ID computation of the system in accordance with an embodiment of the present disclosure.
[0021] FIG. 3C illustrates destination node ID computation of the system in accordance with an embodiment of the present disclosure.
[0022] FIG. 4 illustrates an exemplary flow chart of a method for establishing secure communication in a public network in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
[0023] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[0024] As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
[0025] The present disclosure relates, to data communication, and more specifically, relates to a system and method that secures end-to-end data transmission in a public wide area network (WAN).The proposed system disclosed in the present disclosure overcomes the drawbacks, shortcomings, and limitations associated with the conventional system by providing an efficient system that secures end-to-end data transmission in public Wide Area Network (WAN).In the proposed system, at a source device, the application data is split into multiple data parts and each data part gets encrypted, the control file is generated and these data parts along with the control file are transmitted over multiple wired or wireless WAN channels randomly to the destination device. All these received encrypted data parts are decrypted at the destination device based on the control file information and aggregates all the decrypted data parts to obtain the plain application data. This method of secure transmission ensures even if any of one WAN is compromised, the complete application data retrieval is impossible by network attacker. The present disclosure can be described in enabling detail in the following examples, which may represent more than one embodiment of the present disclosure.
[0026] The present disclosure relates to the system that secures the communication of data in public network over multiple WAN channels. The method securely transfers application data in an established private network over public domain from one device to another device. Each device is connected with multiple WAN channel-based router USB for Dongle, SIM card for3G/4G/5G, Ethernet for its internet connectivity. The application data is split into random number of parts with random size and each part is encrypted with random selection of encryption algorithms and it is transmitted from source system to destination system. Along with these encrypted parts, control file also is transmitted which contains data size, data integrity, number of data parts, algorithm index and key index. Each encrypted data part/control file is transmitted by random selection of source WAN channel in source device and random selection of destination WAN channel in destination device. This ensures the transmission of encrypted data over multiple WAN. Even if any one of the WAN is compromised, it is impossible to retrieve the entire application data.
[0027] The advantages achieved by the system of the present disclosure can be clear from the embodiments provided herein. The system secures transmission of encrypted data over multiple WAN and ensures even if any of one WAN is compromised, the complete application data retrieval is impossible by network attacker. The description of terms and features related to the present disclosure shall be clear from the embodiments that are illustrated and described; however, the invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents of the embodiments are possible within the scope of the present disclosure. Additionally, the invention can include other embodiments that are within the scope of the claims but are not described in detail with respect to the following description.
[0028] FIG. 1 illustrates an exemplary network implementation of a system with multiple WAN channel router over public network in accordance with an embodiment of the present disclosure.
[0029] Referring to FIG. 1, system 100 secures the communication of data from one device to another device in a public network 110 over multiple wide area network (WAN) channels. The system 100 transfers data securely through multiple WAN channels (104-1 to 104-4 (which are collectively referred to as WAN channels 104, herein)) of a multi-channel router 106 in a public WAN network 110, where the public WAN is wireless network such as 3G/4G/5Gnetworks and/or wired network i.e., leased line or dial up connection. The system 100 can include two or more devices (102-1 to 102-4(which are collectively referred to as device 102, herein)), WAN channels 104, multi-channel router 106, cloud server 108 and public network 110.
[0030] As depicted in FIG. 1, the system 100 with multiple WAN channel router 106 connected to other devices 102 over public network/internet 110. These WAN channels 104 can be an Internet service provider (ISP), subscriber identity module (SIM) based wireless network and universal serial bus (USB) dongle. The system 100 can include the software application for data splits, merging, key generation module, encryption, decryption, scrambler, data integrity calculation and verification.
[0031] In an embodiment, two or more devices (102-1 to 102-4), as presented in the example, can include a source device 102-1 and a destination device 102-2. The source device 102-1 adapted to transmit a set of data e.g., application data to the destination device 102-2 over the WAN channels 104 of the multi-channel router 106. A processor 112 operatively coupled to the source device 102-1 and the destination device 102-2, the processor 112 configured to split, at the source device 102-1, the data into a random number of data parts of random size. The source device 102-2 can encrypt each data part by random selection of encryption algorithms. The encryption algorithm is randomly selected from a set of indexed encryption algorithms and key index.
[0032] The source device 102-1 can generate control file, where the control file can include source node ID, destination node ID, key index, algorithm index and the encrypted control data part in an encrypted form. The encrypted control data part can include number of data parts, data size, data integrity, key index, and algorithm index. The source device 102-1 can transmit each encrypted data part and the control file from randomly selected source WAN channels 104 to randomly selected destination WAN channel 104 using a network information table.
[0033] The destination device 102-2 can receive the encrypted data parts and the control file from the WAN channels 104. The destination device 102-2 can decrypt each encrypted data part by corresponding decryption algorithm and key index using the control file and merge decrypted data parts to get original data after integrity verification. The encrypted data parts and the control file are transmitted over the randomly selected WAN channel 104 by configuring the multi-channel router 106 in bandwidth aggregation mode for all the active WAN channels 104 and policy is set to bind a source IP address to each WAN channel 104.
[0034] The system 100 sets a private network by selecting at least one device 102 with static IP address as a master device and maintaining network information table in each device 102. The network information table can include device ID, master device details, available WAN channels of each device, static IP address and dynamic IP address. The network information table is maintained by continuous monitoring of status of the WAN channels 104. The updating of the any WAN channels 104 for connectivity changes, the updated table is forwarded to the master device, which then updates to all other devices.
[0035] In an embodiment, the set of data is transferred from the source device 102-1 to the destination device 102-2 by knowing the number of available WAN channels 104 in the destination device 102-2 through the network information table and selecting the destination WAN channel randomly. In another embodiment, the set of data is transmitted from the source device 102-1 to the destination device 102-2 through cloud server 108, when the selected destination WAN channel 104 is provided with dynamic IP address. Each device with WAN channel 104 of dynamic IP address communicates periodically over the WAN channel 104 to the cloud server 108 and transmit and receive encrypted data parts and control file over transport layer security (TLS).
[0036] The system 100 transfers data securely through multiple WAN channels 104 of the router 106 from one device 102-1 e.g., source device to another device 102-2 e.g., destination device through public network110 i.e., Internet. The group of such devices 102 together forms a private network in a public domain/internet 110.Each device 102 in the private network can include 64-bit unique ID. Fewer devices 102 have a WAN channel with a public static IP address and based on the device index priority, at least one of the devices with one of the static IP addresses is selected as the master device. This information is pre-shared to all the devices before it connects to the public network 110.
[0037] The data transmitted among these devices 102 in the network 110, very securely using multiple WAN channels 104 of the router 106 connected to each device 102. This multiple WAN channel router 106 provides internet connection over the interfaces such as Ethernet, SIM slot, USB for Dongle to get internet from various wired and/or wireless network. Each device 102 in the private network can have the network information table as mentioned below in Table 1. This table 1 contains all the device ID value, master device detail, available WAN channels of leased Line, SIM cards and Dongle. Each device 102 in the private network can include static IP addresses and dynamic IP addresses.
Device
Index Unique device ID No. of Active
WAN
channels in
router Router IP addresses (in Hex)
1 64-bit Unique Random data1 5 1. Static IP address1: xx.xx.xx.xx
2. Dynamic IP address2: xx.xx.xx.xx
3. Static IP address3: xx.xx.xx.xx
4. Dynamic IP address4: xx.xx.xx.xx
5. Static IP address5: xx.xx.xx.xx
2 64-bit Unique Random data2 3 1. Static IP address1: xx.xx.xx.xx
2. Dynamic IP address2: xx.xx.xx.xx
3. Static IP address3: xx.xx.xx.xx
3 64-bit Unique Random data3 4 1. Dynamic IP address1: xx.xx.xx.xx
2. Static IP address2: xx.xx.xx.xx
3. Dynamic IP address3: xx.xx.xx.xx
4. Static IP address4: xx.xx.xx.xx
4 64-bit Unique Random data4 2 1. Static IP address1: xx.xx.xx.xx
2. Dynamic IP address2: xx.xx.xx.xx
5 64-bit Unique Random data5 3 1. Dynamic IP address1: xx.xx.xx.xx
2. Static IP address2: xx.xx.xx.xx
3. Static IP address3: xx. xx. xx. xx
Table 1: Network Information in each device of established private network
[0038] In case of connectivity changes in any of device WAN channel such as unplug, power off and disconnection, then immediately changes are forwarded by the multi-channel router 106 to connected devices 102and then the device updates its network information table. This information is forwarded to the master device by its static IP address. This master device updates to all other devices in the private network about changes in connectivity information. Whenever a new device joins this private network, it may query the master device and gets the network information table. By this method, all the devices 102 in the private network gets the updates of other devices connected WAN channels information.
[0039] Each device 102 can include software modules such as multiple encryption and decryption algorithm modules, key generation modules, Standard Hash algorithm for Integrity check, data splitter, data aggregator, scrambler, and random number generator module to choose the random data size and to generate random number of data parts. The multi-WAN channel router 106 is configured in bandwidth aggregation mode for all the active WAN channels 104 and policy is set to bind source IP address to WAN channel 104. For example, in multi-WAN channel router 106 with IP address 192.168.1.1, if 4 WAN channels such as interfaces of SIM1, SIM2, USB and Ethernet are active then bind each WAN channel with local IP address as mentioned below in Table 2.
Source IP Address at device WAN Channel Interface
192.168.1.10 WAN1 SIM1
192.168.1.20 WAN2 SIM2
192.168.1.30 WAN3 USB
192.168.1.40 WAN4 Ethernet
Table 2: A device with 4 active WAN channels and its IP binding
[0040] Whenever any encrypted data parts needs to be transmitted over a randomly selected WAN channel network, then the source IP address of this part should be corresponding randomly selected WAN channel's allocated source IP address. By this way, the transmission of each encrypted data parts over selected WAN channel 104 is ensured irrespective of enabled bandwidth aggregation.
[0041] In order to transmit a data from one device 102-1to another device 102-2, first the entire data is split into multiple random data parts of random size and each part is encrypted from the selected encryption algorithm and then each encrypted data parts is transmitted from the selected source WAN channel 104 of local device 102-1 to selected destination WAN channel 104 of remote device 102-2 over transport layer security (TLS) protocol. This ensures multi-level security mechanism in the network 110. The selection of number of data parts, data size, encryption algorithm, number of encrypted data parts to be relayed, source channel, destination channel is random. For each data transmission, a control file is generated, which contains information about the data size, data integrity, key indices used to encrypt each data part, algorithm selection indices for each file part, source node ID and destination node ID. Along with data parts, this control file is transmitted to the remote device 102-2. The control file can include two parts of data such as plain control data part and encrypted control data part. The plain control data part can include source node ID, destination node ID, key index and algorithm index used for the control file encryption. The encrypted control data part can include encrypted data for number of data parts, data size, data integrity, key index and algorithm index used for each data part encryption.
[0042] The destination device 102-2 can receive control file that contains two parts such as plain control data part and encrypted control data part. From the plain control data part, after verification of destination device ID by its scrambling polynomial, decrypt the encrypted control data part with received control key index and algorithm index. After decryption of encrypted control data part, destination device extracts key index and algorithm index used for the encryption of each data parts. All the received encrypted data parts are decrypted with its corresponding algorithm and key index and then aggregate all the decrypted data parts in order to get the original application data. After aggregation of all the decrypted data, the original data size and its integrity value is verified at destination device with its received data size and integrity value.
[0043] If the selected destination WAN channel has dynamic IP address, then, the encrypted data parts/control file is transmitted to a service running in a cloud system 108. All the device 102 which is provided with dynamic IP address for its WAN channel 104 always looks for a data from the cloud periodically. The hosted service in public cloud domain contains network information table and maintains repository for each device in private network. Encrypted data with destination node ID/control information part is transmitted over TLS to hosted service in cloud, upon the successful authentication by the service; it reads the destination node ID from the received encrypted data parts/control file and stores it in corresponding device repository. Each device 102 with WAN channel 104 of dynamic IP address communicates periodically over this WAN channel to hosted service in a cloud and receives encrypted data parts/control file from its repository over TLS.
[0044] Thus, the present invention overcomes the drawbacks, shortcomings, and limitations associated with existing solutions, and provides an efficient system that secures transmission of data and ensures even if any of one WAN is compromised, the complete application data retrieval is impossible by network attacker.
[0045] FIG. 2 illustrates an exemplary data transmission from one device to another device over Internet in accordance with an embodiment of the present disclosure. The system 100 can include source device 102-1 and destination device 102-2 that can include static IP address-based WAN channels 104. For example, in this scenario, the application plain data is split into random number of multiple data parts of random size. Each data part is encrypted with the randomly selected encryption algorithm. Each algorithm requires a key index, which is used by the key generation module to generate key and initial vector for algorithm. The algorithm index, key index, number of data parts, total data size and data integrity are stored in the control file. This control file can include source node ID, destination node ID, control key index and encrypted control information. Each encrypted data parts and control file is transmitted by the randomly selected source WAN channel 104 to the randomly selected destination WAN channel 104. At the destination device 102-2, the encrypted control information is decrypted with the control key index, key indices and algorithm indices for each encrypted data part, data size and data integrity values are extracted.
[0046] FIG. 3A illustrates an exemplary data transmission from the source device to the destination device through cloud server in accordance with an embodiment of the present disclosure. As depicted in FIG.3A, the data transmission is performed from source device 102-1 to destination device 102-2 that can include a dynamic IP address-based WAN1 channel. In this scenario, the application data is split into random number of multiple data parts with random size and each data part is encrypted with randomly selected encryption algorithm and its corresponding algorithm index, key index, number of data parts, total data size and data integrity are stored into control file.
[0047] Each encrypted data parts and control file is transmitted from randomly selected source WAN channel 104 to randomly selected destination WAN channel. The destination WAN channel can include public static IP address. In the case of dynamic IP address-based WAN channel, the source device 102-1 transmits the encrypted data parts with the destination node ID to the service running in the cloud system 108 (also referred to as cloud server 108, herein). Upon the successful authentication, after descrambling the destination node ID, based on the destination device ID, the received encrypted data parts/control file is stored in its corresponding device repository. All the device with dynamic IP address-based WAN channel always looks into the service running in cloud periodically. Whenever the data is available in the service, then destination device 102-2 receives it over its dynamic IP address-based WAN channel e.g., WAN1 of second device. At the destination device 102-2, this encrypted control information is decrypted with the control key index and then key indices and algorithm indices for each encrypted data part, data size and data integrity values are extracted. Here, the source node ID is scrambled data of source device ID and time stamp. The destination node ID is scrambled data of source device index, destination device ID and timestamp.
[0048] In an implementation, if five devices form a private network over internet, then each device is represented with device index and its corresponding device ID of n-bit i.e., 64-bit or more unique random data. Along with this device index and n-bit unique random data, each device has a unique scrambler polynomial which is described in Table 3 below. In order to establish a private network in the public domain, each device in the private network should have all other device information such as the device index, device ID and its scrambler polynomial.
Device Index Device ID Scrambler Polynomial
1 n-bit Unique Random data1 Polynomial1
2 n-bit Unique Random data2 Polynomial2
3 n-bit Unique Random data3 Polynomial3
4 n-bit Unique Random data4 Polynomial4
5 n-bit Unique Random data5 Polynomial5
Table 3: Device Index with 64-bit of unique random data for a private network contains 5 devices
[0049] FIG. 3B depicts source node ID computation, in the source node ID computation the source node ID is computed by scrambling the input of source device ID and time stamp with the source device polynomial.
[0050] FIG. 3C depicts destination node ID computation, in the destination node ID computation, the destination ID is computed by scrambling the input of destination device ID, source device index and time stamp with destination device polynomial.
[0051] In an implementation, if first device, transmits the data to a third device in the network, then source node ID is computed from the device ID of first device index and time stamp by means of source scrambler and destination node ID is computed from the device ID of third device index, source device index and time stamp by means of destination scrambler. In order to obfuscate the exposure of source device ID and destination device ID in internet domain, linear feedback shift register (LFSR) based scrambler is used.
[0052] Moreover, each device 102 in the private network contains all other device index and its device ID, network information table, scrambler polynomial, algorithms used for encryption and decryption, scrambler, standard hash algorithm for integrity computation. The main objective of source and destination scrambler is to obfuscate the source device ID and destination device ID.
[0053] FIG. 4 illustrates an exemplary flow chart of a method for establishing secure communication in a public network in accordance with an embodiment of the present disclosure. The method 400 includes a block 402, the source device can transmit the set of data to the destination device over the plurality of WAN channels of the multi-channel router. The plurality of devices can include the source device and destination device. The processor operatively coupled to the source device and the destination device.
[0054] At block 404, the source device can split the data into the random number of data parts of random size. At block 406, the source device can encrypt each data part by random selection of encryption algorithms. At block 408, the source device can generate control file, the control file can include source node ID, destination node ID, key index, algorithm index and the encrypted control data part.
[0055] At block 410, the source device can transmit each encrypted data part and the control file from randomly selected source WAN channels of the plurality of WAN channels to randomly selected destination WAN channel of the plurality of WAN channels using the network information table. At block 412, the destination device can receive the encrypted data parts and the control file from the plurality of WAN channels. At block 414, the destination device can decrypt each encrypted data part by corresponding decryption algorithm and key index using the control file and at block 416 the destination device can merge decrypted data parts to get original data after integrity verification.
[0056] It will be apparent to those skilled in the art that the system 100 of the disclosure may be provided using some or all of the mentioned features and components without departing from the scope of the present disclosure. While various embodiments of the present disclosure have been illustrated and described herein, it will be clear that the disclosure is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the disclosure, as described in the claims.

ADVANTAGES OF THE PRESENT INVENTION
[0057] The present disclosure provides a system that secures transmission of encrypted data over multiple WAN.
[0058] The present disclosure provides a system that ensures even if any of one WAN is compromised, the complete application data retrieval is impossible by network attacker.
[0059] The present disclosure provides an efficient system.
, Claims:1. A system (100) for establishing secure communication in a public network, the system comprising:
a plurality of devices (102-1 to 102-4) having a source device (102-1) that is adapted to transmit a set of data to a destination device (102-2) over a plurality of Wide Area Network (WAN) channels (104) of a multi-channel router (106); and
a processor operatively coupled to the source device and the destination device, the processor configured to:
split, at the source device (102-1), the set of data into a random number of data parts of random size;
encrypt, at the source device (102-1), each data part by random selection of encryption algorithms;
generate, at the source device (102-1), control file, the control file comprises source node ID, destination node ID, key index, algorithm index and the encrypted control data part;
transmit, at the source device (102-1), each encrypted data part and the control file from randomly selected source WAN channels of the plurality of WAN channels to randomly selected destination WAN channel of the plurality of WAN channels using network information table;
receive, at the destination device (102-2), the encrypted data parts and the control file from the plurality of WAN channels;
decrypt, at the destination device (102-2), each encrypted data part by corresponding decryption algorithm and key index using the control file; and
merge, at the destination device (102-2), decrypted data parts to get original data after integrity verification.
2. The system as claimed in claim 1, wherein the encrypted control data part comprises a number of data parts, data size, data integrity, key index, and algorithm index.
3. The system as claimed in claim 1, wherein the encryption algorithm is randomly selected from a set of indexed encryption algorithms and key index.
4. The system as claimed in claim 1, wherein the source node ID and destination node ID is computed to obfuscate the source device ID and destination device ID, wherein source device (102-1) computes the source node ID by scrambling the data of source device ID and time stamp and the destination node ID by scrambling the source device index, destination device ID and time stamp, wherein the destination device descrambles and authenticates the source device.
5. The system as claimed in claim 1, wherein the encrypted data part and the control file are transmitted over the randomly selected WAN channel of the plurality of WAN channels (104) by configuring the multi-channel router (106) in bandwidth aggregation mode for all the active WAN channels and policy is set to bind a source IP address to each WAN channel.
6. The system as claimed in claim 1, wherein the system sets a private network by selecting at least one device of the plurality of devices (102-1 to 102-4) with static IP address as a master device and maintaining network information table in each device, wherein the network information table comprises device ID, master device details, available WAN channels of each device, static IP address and dynamic IP address.
7. The system as claimed in claim 6, wherein the network information table is maintained by continuous monitoring of status of the plurality of WAN channels (104), wherein any of the plurality of WAN channels when updated for connectivity changes, the updated table is forwarded to the master device, which then updates to all other devices.
8. The system as claimed in claim 1, wherein the set of data is transferred from the source device (102-1) to the destination device (102-2) by knowing the number of available WAN channels of the plurality of WAN channels (104) in the destination device through the network information table and selecting the destination WAN channel randomly.
9. The system as claimed in claim 1, wherein the set of data with destination node ID is transmitted from the source device (102-1) to the destination device (102-2) through cloud server, when the selected destination WAN channel (104) is provided with dynamic IP address, wherein each device with WAN channel (104) of dynamic IP address communicates periodically over the WAN channel (104) to the cloud server to transmit and receive encrypted data parts and control file over transport layer security (TLS).
10. A method (400) for establishing secure communication in a public network, the method comprising:
transmitting (402), from a source device, the data to a destination device over a plurality of WAN channels of a multi-channel router, wherein a plurality of devices (102-1 to 102-4) having the source device and the destination device, a processor operatively coupled to the source device and the destination device;
splitting (404), at the source device, the data into a random number of data parts of random size;
encrypting (406), at the source device, each data part by random selection of encryption algorithms;
generating (408), at the source device, control file, the control file comprises source node ID, destination node ID, key index, algorithm index and the encrypted control data part;
transmitting (410), at the source device, each encrypted data part and the control file from randomly selected source WAN channels of the plurality of WAN channels to randomly selected destination WAN channel of the plurality of WAN channels using a network information table;
receiving (412), at the destination device, the encrypted data parts, and the control file from the plurality of WAN channels;
decrypting (414), at the destination device, each encrypted data parts by corresponding decryption algorithm and key index using the control file; and
merging, at the destination device, decrypted data parts to get original data after integrity verification.