1. Technical Field
This invention relates to a method of operating a packet network and finds particular application in controlling the transfer of data packets over a packet network.
2. Related Art
It has become increasingly important to ensure that adequate security is in place to protect the infrastructure and applications operating over public data networks from attack by unauthorised users. Without adequate security, false information may be transmitted to users of the network or, potentially, operation of the network infrastructure may be severely disrupted.
A data source connected to a packet network may send data packets to one or more recipients using one of a number of data transport methods. In packet network terminology, sending a packet to a single recipient is known as uni-casting, the data packet being specifically addressed for that recipient. Sending a packet to all possible recipients is known as broadcasting, a special address being used to ensure that the packet is distributed to all users connected to the network, or to at least a part of the network. Sending a packet to a subset of all possible recipients, in particular to those recipients who have elected to receive packets as members of one or more addressable groups, is referred to as multi-casting. Such groups are referred to as multi-cast groups.
In a known multi-casting arrangement there may be a number of multi-cast groups available to which a potential recipient may subscribe to receive data packets. Each multi-cast group is assigned a unique multi-cast address so that a data packet addressed to a particular multi-cast address will be delivered to all recipients subscribing to that multi-cast group. A hierarchy of so-called “caching servers” may be connected to a packet network for the purpose of routing information from an information source, such as a “publish & subscribe” news service, to one or more specified multi-cast addresses (groups). A caching server may be a conventional server computer with one or more interfaces to the packet network, arranged to operate using known transport protocols such as TCP/IP and/or a multi-casting protocol such as the Internet Group Management Protocol (IGMP) Version 2 as defined in Internet Request for Comment (RFC) 2236, published on the Internet by the Internet Engineering Task Force (IETF). In order for data packets to be correctly transferred by the caching servers, each caching server is configured to forward a received data packet to one or more predetermined network destinations, other caching servers in the hierarchy or servers providing end users with access to a multi-casting session for example, according to the location of subscribers to those multi-cast groups. Preferably, packets are sent only once to each destination and a caching server will only replicate a packet when required to do so. In this way, the number of packets required to be sent in order to distribute a given set of information to a group of users is greatly reduced, at all but the final stage of delivery to a user, in comparison with that required to uni-cast the information set from the source to each of those users separately.
However, known multi-casting arrangements are inherently insecure in their method of transferring data. The primary purpose of a multi-cast caching server infrastructure is to disseminate information to subscribing destinations. A network of multi-cast caching servers will generally convey any correctly addressed data packet received by it. It is therefore possible for an unauthorised user to transmit false messages over multicast addresses in the hope that caching servers will faithfully propagate those messages.
Known security techniques for use in multi-casting arrangements are of two main types: those that protect the content of data packets and those that authenticate the source of data packets. Those measures designed to protect the content of data packets, against alteration for example, are implemented typically at the application level by information service providers, for example using known data encryption techniques. However, such application level security measures do not generally prevent distribution by caching servers at the transport level of data packets originating from other, potentially rogue sources. In a multi-casting network arrangement any user may send data packets over a valid multi-cast address.
A known technique that may be used to both authenticate the source of data packets and to enable unauthorised changes to the content of those data packets to be detected is to encode a digital signature into each packet. A recipient caching server may decode the signature in each received packet and decide, on the basis of the apparent validity of the packet, whether or not to forward the packet. An example of a known digital signature technique is PGP™ as described in RFC 1991, published on the Internet by the Internet Engineering Task Force (IETF) Network Working Group. However, encoding and decoding digital signatures for every packet to be sent and received respectively adds a considerable and undesirable overhead to the processing required to route packets, in a multi-casting arrangement in particular.