In data communication networks such as packet-switching networks the information transmitted between two nodes connected in or to the respective network is represented in digital form and is divided into packets. The information may in particular be transmitted between two endpoints or end nodes connected to the network. As illustrated in FIG. 1 a first end node C can communicate with a second end node S through the nodes of the network 1, the nodes of the network also called routers or switching nodes. Each of the end nodes accesses the network through an access node ARC, ARS. Between the access nodes the information transmitted between the end nodes C, S can propagate along different paths including various other network nodes. E.g. one path may be used for transmitting first information from the first end node to the second node and different path may be used for transmitting response information from the second end node to the first node. This is called asymmetric routing. In symmetric routing the packets instead flow forward and reverse down the same path between the two endpoints.
The endpoints or end nodes may for example be or include various electronic devices such as computers and mobile telephones. The packet-switching network 1 may in particular be the Internet or a similar network.
The communication between nodes is often performed according to a protocol that is a set of rules which may be standardized. For the Internet the communication is generally performed according to the Internet Protocol IP and specifically according to the current version thereof such as the IPv6, i.e. version 6 of the Internet protocol. The rules of a protocol for a packet switching network stipulate, among many things, which fields and extra information should be included in each packet, how packets are routed and how errors are detected and corrected. Asymmetric routing as mentioned above can occur in the large Internet backbone network since the path for forwarding information in a first direction between two endpoints may often be less available for forwarding information in a second, opposite direction between the two endpoints.
In order to keep the information content secret or confidential in the communication thereof between end nodes, the information can be encrypted using one or more encryption keys. E.g. when two end nodes, such as the end nodes C, S, are to establish a communication session in which an exchange of information will take place, they can exchange keys in a sequence of preliminary messages and for example generate a secret encryption key KS that is shared and known by only these two nodes. A protocol giving rules for performing exchange of keys can be called a key establishment protocol. A standard key establishment protocol is the IKEv2 (Internet Key Exchange version 2) protocol.
In order to perform the exchange of information between two end nodes, there may be special requirements for the communication. E.g., there may be requirements such as that no packet is allowed to be lost during the transmission thereof during the network 1, that the packets arrive to the destination end node in a correct sequential order and with a time interval between that is not too large, e.g. to allow real time streaming of data. Protocols that handle such requirements can be called QoS (Quality of Service) protocols.
However, allowing the use of both a QoS (Quality of Service) protocol and a security protocol such as an IP security (IPsec) protocol in the same communication session between two end nodes has always been a difficult challenge as the requirements for performing exchange of information according to the first protocol often contradict those dictated by the security protocol, see S. Kent, K. Seo, “Security Architecture for the Internet Protocol”, IETF RFC 4301, December 2005. In fact, when an IPsec protocol is used, no router on the path between the two endpoints could be capable of providing the required QoS as all corresponding fields are encrypted. For example, on a local narrow-bandwidth link, it would be beneficial to perform transcoding of the data for more efficient bandwidth usage. This is made impossible in the case where the data is encrypted and/or integrity protected. Moreover, it may be difficult to stop “unwanted” traffic, e.g. “SPAM” or traffic forming part of an attempt to generally flood the network. This would typically require analysis of the packet content, which again is made impossible by encryption. Other security functions such as e.g. message authentication and integrity may similarly be in contradiction to QoS. It follows that enabling a satisfactory QoS imposes a limitation on the security/confidentiality scope, in order to enable specific routers to process and provide QoS requirements, or in general, for the routers to enforce some policy for how to handle the data. The main solution to this problem has been to design dedicated higher layer security protocols, which provide limited data confidentiality compared to what IPsec protocols can provide: the lower in the stack security is placed, the higher becomes its “coverage”. For instance, if protection is applied at the transport level, through e.g. TLS, lower level network data, e.g. IP or MAC headers, will remain unprotected.
There is also a security problem when setting up a communication session as appears from the following example. The first end node C sends a request to the second end node S which may be e.g. a content server that the first end node, the client, wishes to establish a communication session, see FIG. 2. The second end node decides that the communication session must be protected by encryption and starts a key exchange procedure by sending some first message directed to the first end node. However, the second end node S has no way of knowing whether it is then actually conducting the key exchange with another node MiTM (Man-in-The-Middle) that is interposed along the path in the network 1 between the access routers ARC, ARS of the end nodes. If this node MiTM involves itself in such a key exchange procedure, it would most likely be capable of intercepting the communication between the two end node and of decrypting information in the forwarded packets during the communication session. A security attack of this kind is called a Man-in-The-Middle attack.
Unicast reverse path forwarding (uRPF) as defined in RFC 3704 is a method that uses the routing tables of routers in a network in order to prevent IP address spoofing. Packets are only forwarded if they come from the best route of a router to the source of a packet and it is preferably used for symmetric routing.
It can also be mentioned that an ART (Address Reachability Test) is often performed in a standardized way in conjunction with the exchange of keys between end nodes, making each of the end nodes gain some assurance about the topological location of the other end node. However, such tests and similar procedures cannot protect against security attacks of the MiTM kind.
The MiTM problem is addressed in the Internet Draft haddad-sava-prefix-reachability-detection-00 having the title “Enabling Source Address Verification via Prefix Reachability Detection”, submitted to the IETF on Jul. 7, 2007, found at e.g. the URL:s http://tools.ietf.org/pdf/draft-haddad-sava-prefix-reachability-detection-00.pdf and http://www.potaroo.net/ietf/idref/draft-haddad-sava-prefix-reachability-detection/. In the copending International patent application PCT/SE2008/050209, filed Feb. 26, 2008 a Prefix Reachability Detection (PRD) protocol is disclosed and a procedure performed according to this protocol allows a location-based authentication for a connection over e.g. the Internet between two endpoints such as a client and a server. In particular, a source address verification mechanism is disclosed, which can also be used in a mobile and multihomed environment. The disclosed method allows a first endpoint to check the topological location of a second endpoint, in the sense that the first endpoint can determine whether the topological location of the second endpoint topological location in the network correctly corresponds to the prefix claimed by the second endpoint in its IP address. Such a procedure is also called “location authentication”.
The use of the Prefix Reachability Detection protocol can thus allow protection against man-in-the middle attacks. Performing a successful PRD procedure can provide sufficient assurance to the two endpoints C and S in regard of the claimed topological location of the other endpoint, which helps building trust between the two endpoints. In a procedure according to the PRD protocol it is assumed that each node connected in the considered network is capable of securely fetching the public key (Kp) of another node connected in the considered network, e.g. by performing a prefix lookup, the prefix being the first portion of an Internet address.