The “background” description provided herein is for the purpose of generally describing the context of the invention. Work of the presently named inventors described in this description, as well as aspects of the description which may not otherwise qualify as prior art at the time of filing, are neither expressly or impliedly admitted as prior art against the present invention.
In recent years, network communication has been widely embraced due to the proliferation of the Internet and World Wide Web. Likewise, the spread and expansion of Internet communication has led to a corresponding increase in computer-related crimes known as “hacking” and “cracking.” Hacking and cracking refer to the ability of individuals and criminal organizations to misuse technology for the purposes of obtaining access to hardware and user information, unlawfully, or without permission.
For example, a denial of service attack generates a large amount of traffic through a network for the purpose of disrupting the operation of a particular computer system, such as a web server. The attack disrupts operation of the server to the point that it becomes overwhelmed by the traffic and can no longer function properly. When the server becomes overloaded owing to this disturbance, it typically goes down, rendering any content on the server inaccessible; such an attack is especially problematic for web-based e-commerce.
In addition to exploitations in TCP/IP communications, such as spoofing, there are more basic challenges to security of network terminals, such as theft of passwords and access permissions. For example, trojan programs, key loggers, and similar spy ware may be loaded to a network terminal for capturing passwords and user IDs of unsuspecting personnel utilizing the terminal. Once gaining access, unauthorized individuals may choose to maliciously destroy content, or, copy and distribute content which should otherwise be protected from access by unauthorized users. Such conduct may be thwarted by limiting access to physical facilities housing the network terminals; however, this problem is not eliminated as individuals within an organization may also engage in such behavior.
Moreover, computer viruses and worms provide another security concern in that users of network terminals often times “infect” such terminals inadvertently by visiting untrusted websites or by retrieving infected emails from untrusted sources. Of course, once one network terminal becomes infected, the infection can then be easily spread throughout an organization leading to a decreased performance in network systems and/or a complete crash of the system.
Consequently, in network communications utilizing a conventional TCP/IP (Transmission Control Protocol/Internet Protocol) or UDP (User Datagram Protocol), encryption communication, such as IPsec (Internet Protocol Security) or SSL (Secure Socket Layer), is utilized to prevent some security risks presented during the exchange of data between network terminals. In general, such encryption provides either a common key (also called a secret key) cryptograph system, and/or a public key cryptograph system. In the case of IPsec, a common key cryptograph system is used. The common key cryptograph system has an advantage in that the speed of encryption and decryption is faster with respect to the public key cryptograph system. The common key cryptograph system used in IPsec carries out encryption and decryption by the same key and enables key creation by either the transmission or the reception side of the communication. Of course, as a common key is exchanged, there is an increase risk of compromise by packet sniffing and like traffic intercepts because the common key is used on both sides of the communication.
The algorithm used in the common key cryptograph system is the DES (Data Encryption Standard: common key (secret key) encryption algorithm developed by IBM). IPsec also employs DES as one of its encryption algorithms. IPsec was promoted by the IETF (Internet Engineer Task Force) for standardization and the feature thereof lies not only in encrypting a specific application, but also in encrypting every communication transmitted from the host at the IP layer of the OSI model. In this manner, it becomes possible for a user to have a secure communication without being conscious of the underlying security application. Also, IPsec makes it possible to evolve the encryption algorithm without changing the basic IPsec structure.
A 32 bit code referred to as SPI (Security Pointer Index) is used for the common encryption key in IPsec based on a Security Association (SA) and IKE (Internet Key Exchange) is used for the key exchange protocol. Further, IPsec is provided with a protocol AH (Authentication Header) for providing integrity and authentication through encryption.
Also, Secure Socket Layer (SSL) is an HTTP protocol with a security function which was developed by Netscape®. Through HTTP, a client and a server authenticate each other on the network using SSL to interact with highly confidential information such as credit card information or the like, by encrypting it. In this manner, it is possible to prevent sniffing of data, replay attacks (capturing confidential data to be resent later), spoofing, falsifying of data and the like.
FIG. 25 shows an example of a TCP/IP protocol stack relative to the OSI model illustrating an encryption communication by using conventional IPsec. FIG. 26 shows an example of a TCP/IP protocol stack relative to the OSI model in a case of carrying out an encryption communication by using conventional SSL.
The OSI reference model is well known and is constituted such that a bottom layer (first layer) is a physical layer, a second layer is a data-link layer, a third layer is a network layer, a fourth layer is a transport layer, a fifth layer is a session layer, a sixth layer is a presentation layer and a top layer (seventh layer) is an application layer. The hierarchy in this OSI reference model is illustrated by dividing a communication function into seven stages and a standard function module is set for every layer. In the TCP/IP of FIG. 25, only five layers of the OSI reference model are shown.
The TCP/IP protocol stack is typically expressed in software or firmware, each protocol of the stack being conceptually positioned in a respective OSI layer of the hierarchy.
First, to explain the distinctions between layers of the OSI reference model, the physical layer (first layer) is a layer which defines a physical electrical characteristic of the signal line. However, it is rare case that this layer is defined and mounted alone. Ordinarily layer 1 is defined, for example, as an Ethernet standard or the like together with the data-link layer of the second layer.
The data-link layer (second layer) is a layer which defines packet format, physical node addresses, a transmitting and receiving method of packets and the like. Layer 2 defines a protocol for interacting packets between two nodes through a physical communication medium. In this second layer, some kind of address or Medium Access Control (MAC) identifier is added with respect to each node and packets are transmitted on the communication medium by specifying a transmission source of the packets. As to communication mediums, there are diversified types of copper wiring, wireless, optical fiber and the like. Also, with respect to the connection mode (topology), there is not only point-to-point connection but also bus, star, and link topologies. The packet transmitted on the communication medium is provides to a node at a reception side where it is processed with respect to the remaining OSI layers.
For example, a NIC (Network Interface Card) functions in conjunction with an associated driver to operate at the physical layer and data-link layer for connecting a personal computer, a printer or the like to a premises network (LAN). In many cases, the NIC interfaces to an Ethernet.
By means of the NIC, a node (apparatus) which wants to transmit data awaits a vacant time slot to start a transmission via the Ethernet. At that time, if a plurality of nodes start transmissions simultaneously, data collide in the cable and are broken-down, so that transmitting nodes stop transmissions and will restart transmissions after waiting a random of time. In this manner, it is possible for a plurality of nodes to share a single cable so as to communicate mutually.
The network layer (third layer) is a layer which defines a communication method between two arbitrary nodes. In the case of TCP/IP, the third layer corresponds to an IP layer. It is possible in the data-link layer to carry out a communication between nodes on the same network medium. The role of the network layer is to communicate by using routing between two arbitrary nodes existing on the network. Here, “routing” refers to transmitting IP packets by selecting an optimum path when packets are transmitted to a host in the TCP/IP network. For example, communication is carried out in the network layer between two Ethernet segments by routing packets. Also, it is possible to route packets not through physical network media but by routing to a dial-up PPP (Point to Point Protocol) line which connects a computer to a network (Ethernet) through a telephone line, also by routing to an exclusive line using an optical fiber and the like. For this purpose, addresses (IP addresses in case of TCP/IP) which are not dependent on the physical medium are ordinarily allotted to respective nodes and the routing is carried out based thereupon. IPsec encrypts every communication in this network layer.
The transport layer (fourth layer) is a protocol layer for realizing a hypothetical communication path in which there is no error between two processes executed on respective nodes. In the case of TCP/IP, it corresponds to the TCP layer. The network layer offers a function to carry out a communication between two nodes. The role of the transport layer is to offer a hypothetical communication path by using this in which there is no error between two processes (applications). More specifically, it is possible to transmit data in the network layer, but there is no guarantee that the data will arrive at a destination. Also, there is no guarantee either that the data will arrive correctly in the transmitted order. Consequently, the transport layer provides a communication path in which there is error protection. For example, if it is necessary, data can be resent and recovery processes or the like may be carried out.
User Datagram Protocol (UDP) is also disposed in this transport layer together with TCP. The difference between UDP and TCP lies in that UDP provides high speed communication relative to TCP due to the non-compensation for data errors. TCP is used primarily to transmit data such as a case of a communication between computers. UDP is used primarily when audio and video is transmitted such as in the case of voice over IP (VoIP).
The session layer (fifth layer) defines a procedure of a session (from start to end of a communication) and enabling a communication by establishing a connection between applications. A socket disposed in this layer is defined as an IP address which the computer possesses and a port number which functions as a sub address of the IP address. In case of connecting nodes, a session is carried out by always appointing a socket (pair of IP address and port number). As shown in FIG. 26, according to SSL which is a conventional representative encryption communication technology, an encryption communication is realized in this session layer.
The presentation layer (sixth layer) defines an expression method; coding, encrypting or the like, of the data which are interacted in the session (start to end of a communication). In the TCP/IP protocol, there is no function corresponding to this layer. The stream data process is ordinarily handled by the application itself.
Also, the application layer (seventh layer) defines data interaction between applications; there is no function corresponding to this layer in the TCP/IP protocol. The application layer defines, for example, an electronic mail format, an internal structure of a document text or the like which is a common data structure or the like necessary in case of interacting data between applications bilaterally.
FIG. 25 shows a standard TCP/IP protocol stack equipped with IPsec in which, an NIC (Network Interface Card) driver is provided in the physical layer (first layer) and the data-link layer (second layer). This interface card connects hardware of a computer or the like to a network, and includes software for performing transmission and reception control, such as WINSOCK. In the network layer of FIG. 25, there exists an IP emulator, a portion of which is elongated and extending upward to the transport layer (fourth layer). The portion extended to the transport layer is not mounted with transport functionality. A function of the network layer is only provided for the session layer. This IP emulator carries out an encryption communication by IPsec and IP. Also, ARP (Address Resolution Protocol) is disposed in the network layer of the third layer. The ARP is a protocol to be used for finding a MAC address, which is typically a physical address of Ethernet resolved from an EP address. MAC is a transmission control technology utilized in LAN or the like for defining a transmitting and receiving method of a frame, defining a transmitting and receiving unit of data, a frame format, error correction and the like.
Also, the network layer is provided with an ICMP (Internet Control Message Protocol). ICMP transfers an error message and a control message of IP for such purposes as PINGing a destination host. IGMP (Internet Group Management Protocol) controls a host group (i.e., multicast) for distributing the same data to a plurality of hosts efficiently or being constituted for receiving the distribution. TCP and UDP are disposed in the transport layer which is an upper layer relative to the network layer, a socket interface is disposed in the session layer which is an upper layer thereof.
FIG. 26 shows an example of a standard TCP/IP protocol equipped with SSL for an encryption processing protocol. The network layer is not equipped with IPsec, but the socket (session layer) is equipped with SSL instead. Other protocols of FIG. 26 are same as those shown in FIG. 25.
In conventional encryption communication technologies, IPsec provides transmission and reception by encrypting IP packets. Consequently, this operation is transparent to application software which utilizes upper protocols of TCP, UDP or the like to be aware of a fact that IPsec is used.
On the other hand, in SSL, a digital certificate using RSA (Rivest, Shamir, Adleman) public key cryptograph technology provides the authentication level. A common key cryptograph technology such as DES or the like is used for the data encryption. SSL lies in the session layer of the fifth layer, so that it is dependent on a specific application.
IPsec is designed to prevent security compromises by ansuring the integrity and authentication of communications. On the other hand, SSL is an encryption technology in the fifth layer and is one for transmitting and receiving information relating to privacy, company secret information, etc., securely by encrypting data of the World Wide Web, FTP (File Transfer Protocol) or the like.
Table 1 is a table describing functions of IPsec and SSL by a comparison thereof. As seen from this table, IPsec and SSL have mutually exclusive advantages and defects.
For example, in the case of SSL, for the communication between client-client, the SSL message exchange and communication content becomes a master/slave relationship. In other words, the relationship is more client/server, so that the communication between client-client could not be carried out without employing a server. More specifically, in a case when secret data are transmitted from a terminal A to a terminal B by SSL encryption, it was always necessary to interpose a server therebetween. On the other hand, there is not such a restriction in IPsec, as direct communication is enabled.
TABLE 1Comparison of IPsec and SSL FunctionsIPsecSSL(1) communication between◯Direct communication isXDirect communication isclient—clientavailableunavailable.Communication isavailable through aspecial server.(2) PPP Mobile Environment□It is possible by utilizing◯Communication isXAUTH. However,available.there is a problem ofsecurity.(3) ADSL Environment(4) NAT, IP Masquerade□It can be realized by being◯Communication isEnvironmentcommonly used withavailable.NAT-T.(5) DoS Attack to TCP/IP◯It is possible to haveXCorrespondence isProtocol Stackcorrespondence with DoSunavailable.attack.(6) Under Bad CommunicationXCorrespondence is◯Correspondence isEnvironment (Environmentinadequate. Lowering ofavailable.where Communication Errorsthroughput is incurred.often Occur Caused by ManyPhysical Noises)(7) Communication between□Communication is◯Communication isDifferent LANsunavailable when theavailable.subnet address is the sameaddress.(8) Different Network□Management is hard and◯Management can beEnvironmentdifficult.simplified.(9) Connection through aXCommunication is◯Communication isplurality of Carriersunavailable.available.(10) Secure Communication of◯Secure communication isXCommunication isAll UDP Portspossible.unavailable.(11) Secure Communication of◯Secure communication isXCommunication isAll TCP Portspossible.unavailable except aspecific TCP port.(12) Limitation in Application◯Not affected.XIt is necessary to changethe socket program.(13) Access UnitIP UnitResource Unit(URL Unit,Folder Unit)(14) MTU(Maximum Segment□Adjustment is necessary.◯Communication isSize)Available without beingConscious of MTU.(15) Internet Telephone Using□It is possible by utilizingXIt cannot be used.VoIP under MobileXAUTH. However,Environmentthere is a problem ofsecurity.(16) Internet Telephone Using□It is possible by utilizingXIt cannot be used.VoIP under ADSLXAUTH. However,Environmentthere is a problem ofsecurity.(17) Internet Telephone Using□It can be realized by usingXIt cannot be used.VoIP between Different LANsNAT-T, IPsec-DHCP.(18) Internet Telephone UsingXCommunication isXIt cannot be used.VoIP between LANs of Pluralunavailable.Carriers
Also, in a PPP (Point to Point Protocol) mobile environment, or, an ADSL (Asymmetric Digital Subscriber Line) environment, IPsec carries out authentication of its connecting partner. The authentication is via a communication using an IKE (Internet Key Exchange) protocol used for the determination of Security Associations (SA), such as encryption system, key exchange, and bilateral authentication before it starts an encryption communication of data. Yet, in the case of the PPP Mobile Environment (remote client) or the ADSL Environment, the EP address cannot be fixed. So, the main mode of IKE, used most between gateways of IPsec, in other words, a mode using IP address information of a communication partner for authentication, cannot be used. It should be noted that the IP address need not be used for ID information in an aggressive mode. In the aggressive mode, for example, user information is used for the ID information such that it becomes possible to specify a partner by using a password of a user as the common key. However, in the aggressive mode, the ID of the connecting partner is transmitted in a message which is the same as key exchange information, so that the ID is transmitted as a plaintext without encryption. Also, the authentication problem can be solved by utilizing XAUTH (Extended Authentication within IKE), but the IP address is unknown in the access by a remote client in a firewall setting, so that it becomes necessary to permit all of IKE and IPsec such that problems relating to security remain. Speaking of SSL, it is possible to communicate even under the environment described above.
Also, there is a problem in IPsec that it cannot communicate with NAT (Network Address Translation) and IP masquerade. In order to communicate therewith, it has to be commonly used with other function such that, for example, it is to be listed in a payload of UDP. NAT is a technology for a company or the like connected to an Internet to share one global IP address in a plurality of computers and a technology for bilaterally-converting IP address (local address) available only in an organization and address (global address) on the Internet. The reason why it cannot communicate with NAT is because it becomes impossible for the bilateral conversion of the global address to be performed by this local address since the IP header is in an authentication region of AH (Authentication Header) and it becomes impossible for local address peers having different sub-nets to communicate with each other.
IP masquerade makes it possible to access the Internet from a plurality of clients who possess private addresses in LAN and it can be said, seen from a view point of security, that it is desirable to utilize this arrangement, because only a terminal which is operated by the IP masquerade can be seen from the outside (Internet). The reason why IPsec cannot communicate with IP masquerade is because the ESP (Encapsulating Security Payload: encrypted payload) header of IPsec is positioned just after the IP header. An ordinarily router mounted with IP masquerade judges such that a TCP/UDP port number is to be positioned just after the IP header. Consequently, that port number is made to change if it goes by way of a router mounted with IP masquerade, so that IPsec judges that there was a falsifying and there occurs a problem that the authentication of the host cannot be obtained. It is possible to avoid this problem by utilizing a product which supports NAT-T (NAT-Traversal) for taking onto a payload of UDP. However, it is not possible to connect even NAT-T peers if versions of NAT-T are different from each other. It is possible for SSL to communicate even under the environment described above.
On the other hand, SSL is not helpless with respect to various kinds of attacks to TCP/IP. When a DoS attack to the TCP/IP protocol stack occurs, for example, a TCP cutoff attack takes place, the TCP session is cutoff such that service to SSL is stopped. The IP layer possess a security function since the IPsec is mounted in the third layer (IP layer), so that it is possible to prevent a DoS attack to TCP/IP (fourth layer, third layer). However, SSL is an encryption protocol which is mounted in a layer (fifth layer) upper than the TCP/IP (fourth layer, third layer), so that it is impossible to prevent a DoS attack to TCP/IP.
Further, SSL is more effective as compared with IPsec with respect to a communication under an inferior communication environment such as environments exhibiting physical layer noise and communication errors. More specifically, it becomes a situation for IPsec in the case of detecting an error that the resending operation is to be dependent on the upper TCP. TCP transmits resending data to IPsec, but IPsec cannot recognize resent data such that a re-encryption is to be carried out. SSL carries out an error recovering process by TCP, so that the same data is never re-encrypted.
Also, it is not possible for IPsec to communicate between different LANs. More specifically, distribution management of sub-net addresses in LAN is managed by DHCP (Dynamic Host Configuration Protocol) server existing in the LAN, the same sub-net addresses are never allocated in a LAN. But, there is a possibility in case of a communication between different LANs that the same addresses are allocated, because the DHCP servers existing in the respective LANs allocate sub-net addresses individually. In a case when the same addresses are allocated in this manner, it is not possible for the IPsec to communicate. However, it is possible to communicate therein if an IPsec—DHCP servers are set up differently so as to be managed such that same addresses never occur. The SLL is positioned in the fifth layer (session layer) of the OSI reference model as mentioned above, so that an error recovering process can be performed in TCP of a lower layer and it becomes possible to communicate under an inferior environment as described above.
Also, with respect to the communication under different network environments, IPsec has to manage all of the nodes along a route and to make setting changes such that the IPsec can pass therethrough. The management becomes difficult, but it is possible for SSL to carry out a communication even under this environment without being conscious of the environment of the nodes which are traversed during communication.
Further, there is a problem in IPsec that a connection through a plurality of carriers cannot be attained. In other words, IPsec has to manage all of the traversed nodes and to make setting changes such that IPsec can pass therethrough, so that a connection through a plurality of carriers cannot be attained. For example, in a case when contracts with different carriers in separate locations, such as Tokyo and Osaka, Japan, it is not possible to connect there between, so that there is also a case in which expensive exclusive lines are additionally required. It is possible for SSL to communicate even under this environment described above.
It is not possible for SSL to communicate UDP by encryption, because it does not support UDP communication. It is not possible for TCP either to communicate all of TCP ports by encryption, because it only supports specific ports. On the other hand, it is possible for IPsec to communicate either one of UDP and TCP by encryption.
Further, SSL is deficient in that it does not have compatibility with respect to the application. The application uses the socket (fifth layer) as a program interface when an Internet communication is carried out. Therefore, in a case when the application uses SSL (fifth layer), this socket interface must be changed to a SSL interface. Consequently, SSL has no compatibility with the application. On the other hand, IPsec is positioned lower than the socket (fifth layer), so that the socket (fifth layer) can be used as a program interface directly for the application such that it has compatibility with the application.
Also, while IPsec can control according to the IP address unit, SSL is to control according to the source unit (URL unit, folder unit).
Further, IPsec has a problem that the maximum segment size becomes small. More specifically, since IPsec uses an ESP header and an ESP trailer, the payload becomes small, so that fragment (division of packet) occurs and the throughput is lowered. Also, since the fragment is prohibited for the TCP packet, it is necessary in the end-end communication to comprehend environment in which IPsec passes and to set a maximum segment size by which a fragment does not occur. On the other hand, it is not necessary for SSL to comprehend an environment for passing through, so that it is not necessary to set the maximum segment size.
The protocol of the present invention described hereinafter is an encryption communication protocol which includes all of the advantages of IPsec and SSL, as well as those which will be appreciated from a reading of the following sections, while remedying at least the deficiencies discussed above.