In modern network communications systems (including both digital and physical), messages, e.g., data packets or paper envelopes, between parties are routed from the source to the destination via a series of addressable nodes included in the network. Both the source and destination address are typically viewable by all nodes in the network as the message traverses the path. In addition, both the contents of the message and identity of the parties under certain circumstances could be determined by eavesdropping on the network. In many situations, the parties desire to maintain confidentiality of both the contents of the messages exchanged and the fact that any messages at all are being exchanged. To provide such confidentiality, different types of protection schemes have been developed.
One such type of protection scheme is referred to as an “onion encryption scheme” as described in U.S. Pat. No. 6,986,036. As described therein, an onion encryption scheme involves multi-layered encryption and decryption operations. The client encrypts each message to be sent to the target server multiple times with different keys, one for each mix (a mix is a collection of nodes in the network) in the routing chain, in the order of the mixes in the chain. When the message is routed through the chain, each mix “peels off a layer of the onion” by decrypting the message with its key, and forwards the decrypted message to the next mix on the chain. More specifically, when the client intends to communicate with a target server, it sends a request for a secured routing chain to a trusted routing control server. The routing control server then selects servers for creating the routing chain, generates a first set of cryptographic keys for the respective servers, and deposits the cryptographic keys with the respective servers. The routing control server also sends routing information identifying the servers in the chain and a second set of cryptographic keys that correspond to the respective keys in the first set to the client. The client encrypts a message to be sent to the target server with each of the cryptographic keys in the second set of keys it received from the routing control server. The encrypted message is then sent through the chain of servers. When a server in the chain receives the message, it decrypts the message using its cryptographic key and then forwards the decrypted message to the next downstream node on the chain.
While the above-described onion scheme operates to provide confidentiality to both the contents and routing of messages, there are significant drawbacks. For example, the onion encryption scheme requires significant key management, both for the routing control server and each of the other servers in the network. The routing control server must continually generate new encryption/decryption keys, and ensure that each server has the appropriate decryption key. Each server must maintain the corresponding decryption keys, and be able to associate each decryption key with a specific message to be decrypted. Such key management can add significant costs to the infrastructure and operation required for operating the onion encryption scheme. Additionally, with the onion routing scheme, the entire data packet (message and routing) is encrypted multiple times (once for each mix in the routing chain) and must be decrypted multiple times. As data packets are becoming significantly larger in size, this adds additional burdens to the system, thereby decreasing the efficiency of the system.
Thus, there exists a need for methods and systems for providing confidentiality for communications sent via a network that is efficient, easy to implement, and does not require significant key management.