The present invention relates to communications in data networks. More specifically, it relates to a method for initiating a tunneling association in a data network.
Computer users are becoming increasingly concerned about the privacy of their communications over the Internet. Privacy concerns are an important factor in the continued growth and acceptance of the Internet by society. As the use of the Internet increases, more and more sensitive information is being transmitted over this global network. Companies who cannot afford a private network often transfer sensitive corporate information over the Internet. Also, private citizens are increasingly relying on the Internet for banking and commercial transactions and frequently have to transfer private or personal information over the Internet, such as credit card numbers, social security numbers, or medical information.
Unfortunately, the Internet is not a very secure network. Information is transmitted over the Internet inside Internet Protocol (xe2x80x9cIPxe2x80x9d) packets. These packets typically pass through several routers between transmission by a source computer and reception by a destination computer. At each leg of their journey the packets can be intercepted and inspected. Moreover, the Internet Protocol that is used on global computer networks (such as the Internet) and on many private networks (such as intranets) is not a highly secure protocol. For example, because IP packets include a source address in a header, a hacker or cracker may intercept all IP packets from a particular source IP address. Consequently, the hacker may be able to accumulate all transmissions from the source.
Typically, it is easy to map users to source IP addresses. A determined hacker may extract the source IP address from an IP packet and deduce that they are coming from a computer whose IP address is already known. Knowing the location of the source, the hacker may then be able to deduce the identity of the user who sent the IP packet. Even if the hacker cannot exactly identify the user or computer, he may glean sufficient information as to its approximate physical or virtual location. In globally addressed IP subnets it is easy to determine the location or organization of the source computer. For example, an appropriate Domain Name Server (xe2x80x9cDNSxe2x80x9d) inquiry may correlate the IP address with a domain name, and domain names are typically descriptive of the user, location, or the user""s organization.
Of course, the sender may encrypt the information inside the IP packets before transmission, e.g. with IP Security (xe2x80x9cIPSecxe2x80x9d). However, accumulating all the packets from one source address may provide the hacker with sufficient information to decrypt the message. Moreover, encryption at the source and decryption at the destination may be infeasible for certain data formats. For example, streaming data flows, such as multimedia or Voice-over-Internet-Protocol (xe2x80x9cVoIPxe2x80x9d), may require a great deal of computing power to encrypt or decrypt the IP packets on the fly. The increased strain on computer power may result in jitter, delay, or the loss of some packets. The expense of added computer power might also dampen the customer""s desire to invest in VoIP equipment.
Nonetheless, even if the information inside the IP packets could be concealed, the hacker is still capable of reading the source address of the packets. Armed with the source IP address, the hacker may have the capability of tracing any VoIP call and eavesdropping on all calls from that source. One method of thwarting the hacker is to establish a Virtual Private Network (xe2x80x9cVPNxe2x80x9d) by initiating a tunneling connection between edge routers on the public network. For example, tunneling packets between two end-points over a public network is accomplished by encapsulating the IP packet to be tunneled within the payload field for another packet that is transmitted on the public network. The tunneled IP packets, however, may need to be encrypted before the encapsulation in order to hide the source IP address. Once again, due to computer power limitations, this form of tunneling may be inappropriate for the transmission of multimedia or VoIP packets.
Another method for tunneling is network address translation (see e.g., xe2x80x9cThe IP Network Address Translatorxe2x80x9d, by P. Srisuresh and K. Egevang, Internet Engineering Task Force (xe2x80x9cIETFxe2x80x9d), Internet Draft  less than draft-rfced-info-srisuresh-05.txt greater than , February 1998). However, this type of address translation is also computationally expensive, causes security problems by preventing certain types of encryption from being used, or breaks a number of existing applications in a network that cannot provide network address translation (e.g., File Transfer Protocol (xe2x80x9cFTPxe2x80x9d)). What is more, network address translation interferes with the end-to-end routing principal of the Internet that recommends that packets flow end-to-end between network devices without changing the contents of any packet along a transmission route (see e.g., xe2x80x9cRouting in the Internet,xe2x80x9d by C. Huitema, Prentice Hall, 1995, ISBN 0-131-321-927). Once again, due to computer power limitations, this form of tunneling may be inappropriate for the transmission of multimedia or VoIP packets.
It is therefore desirable to establish a tunneling association that hides the identity of the originating and terminating ends of the tunneling association from the other users of a public network. Hiding the identities may prevent a hacker from intercepting all media flow between the ends.
In accordance with preferred embodiments of the present invention, some of the problems associated with initiating a tunneling association are overcome. A method and system for initiating a tunneling association is provided. One aspect of the invention includes a method for initiating a tunneling association between an originating end of the tunneling association and a terminating end of the tunneling association. The method includes receiving a request to initiate the tunneling association on a first network device. The first network device is associated with the originating end of the tunneling association, and the request includes a unique identifier for the terminating end of the tunneling association. A trusted-third-party network device is informed of the request on a public network. A public network address for a second network device is associated with the unique identifier for the terminating end of the tunneling association on the trusted-third-party network device. The second network device is associated with the terminating end of the tunneling association. A first private network address on the first network device and a second private network address on the second network device are negotiated through the public network. The first private network address is assigned to the originating end of the tunneling association and the second private network address is assigned to the terminating end of the tunneling association.
For example, the method and system of the present invention may provide for the initiation of a Voice-over-Internet-Protocol association between an originating telephony device and a terminating telephony device. The method and system described herein may help ensure that the addresses of the ends of the tunneling association are hidden on the public network and may increase the security of communication without an increased computational burden.
The foregoing and other features and advantages of preferred embodiments of the present invention will be more readily apparent from the following detailed description, which proceeds with references to the accompanying drawings.