The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
Secure communications on public or private networks continues to be a great concern to data communication stakeholders. Various governments, financial institutions, corporate entities, and other parties seek to ensure their data communications are secure against threats through various encryption technologies (e.g., SSL, SSH, HTTPS, AES, etc.). The desire for secure communications is not restricted to just large-scale entities, but applies to end users who also wish to keep their network activities secure or anonymous.
One approach that has arisen over the last decade and seeks to provide secure, anonymous communications includes securing data packets in layers of encryption based on the number of hops that packets take over a communication network path. Such an approach is commonly referred to as “onion routing” because each hop in the network adds a new layer of encryption. The Tor Project (see URL torproject.org) provides open source software and packages that allow developers to create secure anonymous TCP/IP applications. For example, The Tor Project offers a browser bundle that allows end users to browse the web in an anonymous manner via a network of Tor nodes.
The Tor Project also provides support for the creation and consumption of hidden services. The hidden services represent servers that provide network services (e.g., FTP, HTTP, etc.) and that have unknown, or hidden IP addresses, to the edge device. Such hidden services are accessible only through a complicated hidden service protocol.
Unfortunately, Tor has numerous limitations and weakness. One limitation is that Tor, at the time of this writing, only supports TCP/IP over an IPv4 network. Although useful, the migration of the Internet to IPv6 would place Tor at a disadvantage. It is noted that effort is underway to port Tor to IPv6. However, the completion of the port is far off in time. Tor also operates via a network of nodes comprising general purpose computers having allocated IP addresses (e.g., servers, home computers, etc.). Thus, Tor is only able to provide communications among participating edge device IP addressable peers, which can expose participating nodes to observation via ISPs or other threats. This risk of exposure is very real with respect to hidden services. It would be more desirable to provide access to hidden services while reducing the risk of exposing those services and also maintaining compatibility with existing Tor protocols.
U.S. Pat. No. 6,266,704 to Reed et al. titled “Onion Routing Network for Security Moving Data through Communication Networks”, filed May 29, 1998, describes the original method by which the Tor project operated. In 2004, the Tor Project altered the Tor protocol to avoid onion routing due to several issues. The new version of the Tor protocol leverages telescoping path building as described in the paper to Dingledine et al. titled “Tor: The Second-Generation Onion Router” (The Proceedings of the 13th USENIX Security Symposium, Aug. 9-13, 2004). Even with the change from onion routing to telescoping path building, the issues discussed above remain because all peers or nodes that host hidden services in a Tor network can be discovered due to being edge devices.
Others have put forth effort to address various issues associated with onion routing, including the efforts described in U.S. Pat. No. 8,370,627 to Yamazaki et al. titled, “Confidential Communication Method”, filed internationally on Dec. 30, 2008. Yamazaki seeks to make anonymous communication channels robust against slow traffic or node failure. A client is able to determine if routes to information sources relate to the client while ensuring the information source remains hidden. Although useful for ensuring that communication channels are solid and reliable, Yamazaki fails to address the issue that hidden services are hosted on edge devices that can be observed.
There are quite a number of varied uses of Tor-like anonymous networks. One example includes those described by U.S. Pat. No. 7,996,891 to Cardone et al. titled, “Systems, Methods, and Computer Program Products for Generating Anonymous Assertions,” filed Jan. 30, 2008. Cardone leverages an onion routing network to present assertion tokens from devices in an anonymous manner. Another example includes U.S. patent application publication 2010/0002882 to Reiger et al. titled, “Method and Device for Anonymous Encrypted Mobile Data Speech Communication”, filed Jul. 17, 2008. Reiger discusses using hidden services via hidden circuits to provide for secure communications. Yet another example includes the privacy communication system described in International Patent application publication WO 2013/186061 to Nandi et al. titled, “Architecture of Privacy Protection System for Recommended Services”, filed May 31, 2013. Nandi also uses Tor-based networks and hidden services. As with the previous examples, Nandi also merely instantiates hidden services nodes on edge devices
Hidden services in a Tor network are accessed through virtual circuits established among a set of Tor peers at the IP layer. Data is exchanged between an edge device and the hidden service through an exchange of fixed sized “cells;” data segments having 512 bytes. The virtual circuits run over a packet switched network from one node to another while satisfying a hop requirement. Such an approach is adequate when all nodes are edge devices on the network, but exposes the hidden service to threats as discussed above as well as incurring latency costs.
The virtual circuits leveraged by Tor have some similarity to virtual circuits used by asynchronous transfer mode (ATM) networks that establish virtual circuits between end-points before communication begins (e.g., permanent virtual circuits, switched virtual circuits, etc.). U.S. patent application publication 2003/00012184 to Walker III et al. titled, “Integrated Access Device,” filed Jul. 9, 2002, describes various devices for use in an ATM network. Virtual circuits have also be used in packet switched networks as discussed in U.S. patent application publication 2001/0030969 to Donaghey et al. titled, “Systems and Methods for Implementing Global Virtual Circuits in a Packet-Switched Networks”, filed Nov. 30, 2000. Although virtual circuits have been used outside of Tor-like networks, such virtual circuits also fail to protect the anonymity of hidden services.
Thus, there remains considerable need for systems or methods by which hidden services can be deployed within a network fabric in a manner that protects the anonymity of the hidden services while also respecting established anonymity protocols; Tor for example, that the no known effort has been directed to integrating anonymous Tor-like networks directly into network fabric devices.
All publications identified herein are incorporated by reference to the same extent as if each individual publication or patent application were specifically and individually indicated to be incorporated by reference. Where a definition or use of a term in an incorporated reference is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.
The following description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
In some embodiments, the numbers expressing quantities of ingredients, properties such as concentration, reaction conditions, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term “about.” Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.
Unless the context dictates the contrary, all ranges set forth herein should be interpreted as being inclusive of their endpoints and open-ended ranges should be interpreted to include only commercially practical values. Similarly, all lists of values should be considered as inclusive of intermediate values unless the context indicates the contrary.
As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
The recitation of ranges of values herein is merely intended to serve as a shorthand method of referring individually to each separate value falling within the range. Unless otherwise indicated herein, each individual value is incorporated into the specification as if it were individually recited herein. All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g. “such as”) provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.
Groupings of alternative elements or embodiments of the invention disclosed herein are not to be construed as limitations. Each group member can be referred to and claimed individually or in any combination with other members of the group or other elements found herein. One or more members of a group can be included in, or deleted from, a group for reasons of convenience and/or patentability. When any such inclusion or deletion occurs, the specification is herein deemed to contain the group as modified thus fulfilling the written description of all Markush groups used in the appended claims.