The present invention relates in general to networked data processing systems, and in particular to virtual private network (VPN) systems and other network systems using tunneling or encapsulating methods.
A virtual private network (VPN) is an extension of a private intranet network across a public network, such as the Internet, creating a secure private connection. This effect is achieved through an encrypted private tunnel, as describe below. A VPN securely conveys information across the Internet connecting remote users, branch offices, and business partners into an extended corporate network.
Tunneling, or encapsulation, is a common technique in packet-switched networks. A packet from a first protocol is xe2x80x9cwrappedxe2x80x9d in a second packet from a second protocol. That is, a new header from a second protocol is attached to the first packet. The entire first packet becomes the payload of the second one. Tunneling is frequently used to carry traffic of one protocol over a network that does not support that protocol directly. For example, a Network Basic Input/Output System (NetBIOS) or Internet Packet Exchange (IPX) packet can be encapsulated in an Internet Protocol (IP) packet to carry it over a Transmission Control Protocol/Internet Protocol (TCP/IP) network. If the encapsulated first packet is encrypted, an intruder or hacker will have difficulty figuring out the true destination address of the first packet and the first packet""s data contents.
The use of VPNs raises several security concerns beyond those that were present in traditional corporate intranet networks. A typical end-to-end data path might contain several machines not under the control of the corporation, for example, the Internet Service Provider (ISP) access computer, a dial-in segment, and the routers within the Internet. The path may also contain a security gateway, such as a firewall or router, that is located at the boundary between an internal segment and an external segment. The data path may also contain an internal segment which serves as a host or router, carrying a mix of intra-company and inter-company traffic. Commonly, the data path will include external segments, such as the Internet, which will carry traffic not only from the company network but also from other sources.
In this heterogeneous environment, there are many opportunities to eavesdrop, to change a datagram""s contents, to mount denial-of-service (DOS) attacks, or to alter a datagram""s destination address. Current encryption algorithms are not perfect, and even encrypted packets can be read given sufficient time. The use of a VPN within this environment gives a would-be intruder or hacker a fixed target to focus upon in that the end points of the VPN do not change, nor do the encryption methods and keys. The instant invention addresses the security concerns inherent in this system.
The instant invention is an apparatus and method for pre-negotiation and partial random generation of a secondary configuration of a VPN or other tunneled network for use in case the security of a main VPN is compromised. Configuration features such as the source and destination addresses of the nodes, their encryption keys, and their encryption algorithms are typically exchanged in order to establish a main VPN or tunneled network. In the instant invention, a set of usable addresses, usable encryption methods, along with randomly-generated keys are exchanged between the nodes in anticipation of a compromise of the main VPN or tunneled network. The tunneled nodes are configured to take advantage of one of the possible secondary VPN networks represented by these secondary configurations, should a compromise or attempted compromise be detected on the main VPN.
A compromise of the VPN or tunneled network may be detected through any one of several means known in the art, such as an alert from the server. In the instant invention, the secondary configurations exchanged between the nodes can be used to automatically establish a second VPN or tunneled network as the use of the main VPN or tunneled network is abandoned or fed with false data.
The foregoing outlines broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention.