This invention relates to a session protection system which can be applied in a packet switching network especially one operating in an asynchronous transfer mode (ATM). It enables real-time data to be protected from unauthorised access.
It is desirable to protect data flowing through a network from unauthorised access. For example, PPV Services (pay per view) which deliver data for which a customer pays, such as video on demand, or real time news feeds, and the like, are all at risk of interception and unauthorised use. However, if analogue signals are being delivered by a cable TV system, protection can be provided by inserting spurious line synchronisation pulses. Alternatively, in digital systems, standard encryption techniques such as DES or triple DES are used to encode a payload stream. Typically DES encryption/decryption requires that additional hardware be incorporated into a design to meet the bit level processing requirements. For many real time services the value of the information is in the fact that it is being delivered in real time. Consequently it is possible to envisage other forms of protection which do not require this additional hardware. There are systems where the volume of data is very large, such as video on demand systems, which means that even simple encryption systems can be effective because of the amount of data.
As broadband access becomes more widely deployed, PPV services will become more prevalent and the connection point (or link) where the access network delivers data to the customer premises is potentially a point for unauthorised physical access to the service.
The invention provides a system for protecting services delivered over an ATM link.
More particularly, the invention provides a packet switching system operating in ATM, wherein each cell has a header to identify a connection or link, the system including a controller to ensure that rules are followed to ensure:
i) ATM cells are delivered in the order transmitted, and
ii) ATM cells are delivered with a consistent VP or VP/VC value said connection or link being either for a virtual path (VP), where cells are delivered with the same VP field but potentially different VC fields; or a virtual circuit (VC), where cells are delivered with the same VP and VC fields, the VP and VC fields being contained within the cell header and negotiated on a link by link basis but being static for a link, said ATM defining an adaptation layer for transmitting packets through a VC, whereby the adaptation layer ATM endpoints beak packets into cells and the transmission of packets through the network relies on both of said rules for correct operation;
the packet switching system further including a session protection system which disrupts the controller and employs a pseudo random number generator, located in a transmitting network element to break at least one of said rules by:
(a) either delivering ATM cells in an order differing from that in which they were transmitted,
(b) or delivering ATM cells with a non-consistent VP or VP/VC value, and which also employs a further pseudo random number generator located in a receiving network element either to reassemble the received ATM cells so that they are in the order of transmission, or so that they have a consistent VP or VP/VC value respectively, the session protection system providing said network elements with exchange keys to synchronise said pseudo random generators.
Whilst the session protection system can break one or other of the above rules, it can break both for more security.
The pseudo random number generators may be controlled by parameters which depend on (a) number of cells over which to reorder, (b) maximum packet size expected, or (c) communication delay variation, or any combination or permutation of these parameters.
Where there is only one active VC, preferably dummy stream of cells is generated to interleave with the real stream of cells to avoid the possibility of data interception by an unauthorised user, where all cells could be captured regardless of their cell header. This is useful when breaking the second rule (ii).
Where errors may occur causing corruption of cells, bad cells could be kept until reassembled (to deal with rule (i)), and the time of arrival of cells could be noted, cells being transmitted across a link on a fixed rate, whereby arriving cells are null if they do not contain data from an active VC.