IPv4 address exhaustion becomes a real possibility today, and the shift to IPv6 is soon to be a reality. While the IPv4 address space has 32 bits, the IPv6 address space has an extensive address space of 128 bits. Therefore, in IPv6, IPv6 addresses which are unique over the global range can be assigned to all nodes. There is thus no need to share one public IPv4 address among a plurality of nodes using NAT (Network Address Translation) as in IPv4. Therefore, in IPv6, each node can achieve end-to-end communication. This matches the original design concept of the Internet, bringing significant advantages. For example, there is an advantage that it is possible to easily implement P2P applications for which various schemes have been required to go beyond the NAT.
There is also a disadvantage. In communication using IPv6, an address assigned to each node gets known to the other end of communication. Further, in an IPv6 address generated using the address autoconfiguration of IPv6, the low-order 64 bits are used for an MAC (Media Access Control) address of NIC (Network Interface Card). Furthermore, the low-order 64 bits of the IPv6 address which are used for the MAC address are used for a long term and in a fixed manner. As a result, there is a high risk that the communication history of a user of a communication node is traced, which raises a serious issue in anonymity assurance.
Further, in communication using NAT, the address of a node which performs communication is concealed from the other end of communication. For example, when access is made from a node to a Web server, the Web server can get to know the address of NAT assigned to the WAN (Wide Area Network) side, it cannot get to know the address of a LAN (Local Area Network) under NAT. In many cases, an address on the WAN side is assigned to a broadband router distributed to each home. Therefore, although it is possible to identify a home as a communication source at the point of time by knowing the address on the WAN side, the address on the WAN side is temporary, and it varies at various occasions such as upon reboot of a broadband router having NAT. Therefore, it is unable to trace the communication of a specific node for a long term.
To address the issue of anonymity assurance, specifications that generates low-order 64 bits of an IPv6 address randomly without using an MAC address and further modifies them at regular intervals are published (Non Patent Literature 1: RFC3041, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”).
However, in the technique based on the specifications disclosed in Non Patent Literature 1, a prefix part, which is high-order 64 bits of IPv6, is left unmodified. The prefix, the high-order 64 bits of IPv6, is assigned to a broadband router distributed to a home, for example, and advertised to a communication node connected to a LAN under the broadband router. As a result, the communication node generates an IPv6 address in which the received prefix is placed at the high-order 64 bits and performs communication using the generated IPv6 address.
When the prefix of IPv6 is not modified for a long period, there is a risk that a communication source is identified at a home. The case where there is such a risk is similar to the case where NAT is used in the current IPv4; however, the address on the WAN side of NAT is modified at various occasions in IPv4.
In the case of IPv6, because the address of a communication node connected to a LAN is generated using a prefix, modification of the prefix involves modification of the address of the communication node in the LAN. Therefore, a problem arises if the prefix is modified at regular intervals like the address on the WAN side of NAT in IPv4. As a result, a fixed prefix is used for a long term in IPv6, and the issue of anonymity is more serious compared with the case of IPv4.
Further, in IPv6, P2P applications are expected to increase continuously in the future, and the opportunities when users directly get to know the address of a communication node used by each user will also increase, which makes the issue of anonymity more important. Therefore, a higher level of anonymity is required in IPv6 than in IPv4.
Further, a problem also arises when a communication node in a LAN automatically modifies its address including a prefix part. The reason is that, because the prefix part is used for routing of an IPv6 packet, modification of the prefix part results in a failure to route the packet addressed to the communication node to a network to which the communication node is connected.
An example of a technique of achieving address modification including the prefix part is disclosed in Patent Literature 1. Hereinafter, an operation in the communication system according to Patent Literature 1 is described briefly. As shown in FIG. 27, the communication system according to Patent Literature 1 is made up of a transmitting-side information processing device p10 (address=2·7FFFF0·6E9A), a tentative address server p20 (address=5·5FFFF0·000), and a receiving-side information processing device p30 (address=2·7FFFF0·639A), which are connected through the Internet p40.
The transmitting-side information processing device p10 acquires a tentative address (5·5FFFF0·0001) from the tentative address server p20 and uses the acquired tentative address as a source address when transmitting a packet. Thus, the transmitting-side information processing device p10 transmits a transmission packet (dst=2·7FFFF0·639A, srt=5·5FFFF0·0001 (tentative address)) to the receiving-side information processing device p30.
The receiving-side information processing device p30 receives the packet transmitted from the transmitting-side information processing device p10 and sends a response to the source address (5·5FFFF0·0001). Because this address is an address having a prefix part to be routed to the tentative address server p20, the tentative address server p20 receives the response packet. Thus, the tentative address server p20 receives the received packet (dst=5·5FFFF0·0001 (tentative address), src=2·7FFFF0·639A) from the receiving-side information processing device p30.
When the tentative address server p20 assigns a tentative address to the transmitting-side information processing device p10, the tentative address server p20 stores the correspondence between the real address (2·7FFFF0·6E9A) of the transmitting-side information processing device p10 and the tentative address (5·5FFFF0·0001) which has been lent, and, using the stored information, gets to know that the packet transmitted from the receiving-side information processing device p30 is a packet to be transmitted to the transmitting-side information processing device p10. As a result, the tentative address server p20 modifies the destination address of the packet received from the receiving-side information processing device p30 to the real address of the transmitting-side information processing device p10 and modifies the source address thereof to the address (5·5FFFF0·0000) of the tentative address server p20, and then sends out the packet to the Internet p40.
Finally, the packet transmitted from the tentative address server p20 is routed to the transmitting-side information processing device p10, and the transmitting-side information processing device p10 receives it. According to the method described above, the transmitting-side information processing device p10 can modify the address including the prefix part. Thus, the transmitting-side information processing device p10 receives the received packet (dst=2·7FFFF0·6E9A, src=5·5FFFF0·0000 (tentative address server)) from the tentative address server p20.
Further, as other related art, a server device that includes a tunnel server having a function of creating an anonymous address and a tunneling function in Mobile IPv6 is disclosed in Patent Literature 2. A user management method that configures a global IPv6 address by combining IF-ID and Ipv6 address prefix in an IPv6 access network is disclosed in Patent Literature 3. A communication device that calculates an interface ID of a terminal based on a digest value of a hash function and generates a source address using the calculated interface ID of the terminal is disclosed in Patent Literature 4.