1. Field of the Invention
This invention relates to a secrecy communication system. More specifically, it relates to an encrypted communication system that is used in transferring information via an ATM network.
2. Description of the Related Art
Various forms of data, including audio, video and text, are transferred via networks. One widely used method for integrated handling of these various types of data is ATM (Asynchronous Transfer Mode). ATM is a fundamental technology of B-ISDN (broadband ISDN); it has attracted considerable attention as a technology that transfers data both efficiently and at high speed.
In ATM, information is stored in cells to be transferred. A cell is a fixed-length packet of 53 bytes, consisting of a 5-byte header and a 48-byte payload. Information including routing information is set in the header. The information to be transferred is stored in the payload. The ATM network transfers the cells to the specified transfer destination based on the routing information set in the header of each cell.
FIG. 1 is a configuration diagram of one example of a typical ATM network. The terminals 201 and 202 are ATM terminals; they have the functions of sending data to be transferred that are stored in cells and of reproducing data from the cells that are received. The terminals 201 and 202 are directly built into the exchange units. The terminals 203 to 205 are non-ATM terminals; they do not have the functions of sending data to be transferred that are stored in cells and of reproducing data from the cells that are received. Consequently, the terminals 203 to 205 are included in the exchange units through the respective CLADs (Cell Assembly and Disassembly functions) 206 to 208. The exchange units 209 to 212 analyze the routing information set in the cell headers and output each cell to the output line specified by the result of that analysis.
In recent years, various types of information have come to be transferred via networks. Some of this information, such as consumer information in financial services and military information, is secret. For this reason, a function (secrecy function) to protect the transferred information from theft, tampering and destruction. The central technology of the secrecy function is encryption. A variety of encryption methods have been developed; a typical well-known method is DES (Data Encryption Standard).
In the system shown in FIG. 1, when data being transferred between terminals are encrypted, for example, software for the encryption process will be installed in each terminal; the sending terminal sends cells in which encrypted data (cipher text) are stored to the network, while the receiving terminal deciphers the cipher text stored in the received cells and reproduces the data.
FIG. 2 shows the concept of the block cipher, which is one cryptographic method. The most widely used block cipher is DES. In the block cipher, the sending terminal divides the payload in each cell into a number of blocks and then encrypts the payload by executing a transposition cipher, which interchanges the order of blocks, and a substitution cipher, which replaces the original data with other data according to specified rules, repeatedly for a specified number of times. Then the sending terminal sends the cell in which the payload has been encrypted out onto the network.
The network transfers that cell to the transfer destination in accordance with the routing information set in the cell header. The receiving terminal deciphers the payload by executing the transposition cipher and the substitution cipher with respect to the received cell payload in the opposite order to the order in which they were executed in the encryption processing in the sending terminal.
However, in a block cipher of which DES is a typical example, since the transposition cipher and the substitution cipher must be executed as described above, it is difficult to shorten the time required for software processing. For this reason, in a network such as an ATM network in which the data transfer rate is very fast, it is inappropriate to introduce the block cipher.
The stream cipher is known as an encryption method in which high speed processing is possible. In the stream cipher, bits of the plain text are processed one at a time in order; in general, random numbers (pseudo random numbers) are used. In the stream cipher which uses pseudo random numbers, on the sending side the cipher text is obtained by calculating the exclusive logical sum of the plain text to be transferred and the pseudo random numbers one bit at a time. Meanwhile, on the receiving side, pseudo random numbers identical to those that were generated on the sending side are generated, and the original plain text is obtained by calculating the exclusive logical sum of the received cipher text and the pseudo random numbers one bit at a time. Thus, in the stream cipher, complicated software processing is not necessary, so that it is relatively easy to obtain high speed.
However, if an attempt is made to introduce the stream cipher using pseudo random numbers as described above into the ATM network as is, problems such as the following will occur. In the ATM, if the exchanges 209 to 212 become congested, cells will be discarded or the order of arrival of cells at the destination will become interchanged. Consequently, if, for example, when the sending terminal sends the cells in the order cell 1, cell 2, cell 3, . . . , cell 3 is received immediately after cell 1 on the receiving side, the pseudo random number intended for deciphering cell 2 is used for cell 3, so the cipher text cannot be deciphered. Once the cryptographic synchronization (the decryption timing) is thrown off, the cryptographic synchronization cannot subsequently be recovered.
Thus, although the stream cipher using pseudo random numbers is suitable for high speed processing, once the cryptographic synchronization is thrown off it is essentially impossible to recover it, so it is not suitable for a system such as ATM in which it is possible for transferred data to be discarded.
In order to avoid the problem that the cryptographic synchronization is thrown off by the discarding of cells in the exchange units, as shown in FIG. 3 it is conceivable to have a configuration in which only data transmitted on the relay line between exchange units are encrypted. In FIG. 3, the encryption units 213 to 218 have their own respective encryption functions; cells received from the exchange unit are encrypted and sent out onto the relay line, while cells received from the relay line are decrypted and sent to the exchange unit. In a configuration such as this, there is almost no discarding of cells between encryption units, so that cells encrypted in a certain encryption unit (for example the encryption unit 213) in almost all cases arrive at the matching encryption unit (in this case, the encryption unit 216) without being discarded, and the cryptographic synchronization is not thrown off.
However, in this configuration, depending on the route by which the cells are transferred encryption/decryption processing is performed a multiple number of times. For example, in the case in which cells are transferred from the terminal 204 to the terminal 202, encryption/decryption processing is performed between the encryption unit 216 and the encryption unit 213, and between the encryption unit 214 and the encryption unit 217. When the same data are encrypted number of times in this manner, the strength of the encryption decreases. In addition, in this configuration, the data are not encrypted inside the exchange units, so there is a danger that they can be stolen there.
Thus, in existing systems there is danger that data will be discarded in exchange units and in addition that, when secrecy communication is performed in a high speed network, there is the problem that once the cryptographic synchronization is thrown off it cannot be recovered, or alternatively if an attempt is made to prevent that from happening then the level of secrecy will be decreased.