Some communication networks, particularly complex ones, support multiple communication protocols or “layers.” Each layer specifies some functionality or “service” of the network and interacts with the layers immediately above and below, using services of the layer immediately below, while providing services to the layer immediately above. The lowest layer in a communication network typically governs direct communication between the hardware at different network nodes, while the highest layer handles direct communication with application programs executing on the network nodes.
The layered approach to implementing communication networks simplifies the creation and modification of complex communication architectures by providing for incremental changes on a layer-by-layer basis, which are transparent to other layers in the architecture. Two examples of layered communication protocols are the Transmission Control Protocol/Internet Protocol (TCP/IP), which has five layers, and the International Standards Organization's (ISO) Open Systems Interconnection (OSI) Reference Model (RM), which has seven layers.
The proliferation of communication networks and increased frequency of security breaches has underscored the importance of providing secure network communications. Many communication networks depend upon a secure communication connection or “channel” to maintain security. In the context of secure communication networks, a secure communication channel is a connection which provides for the encryption, authentication or otherwise secure transmission of data between network nodes.
Sometimes, setup negotiation is used to establish security for a communication channel. In the context of network communications, setup negotiation refers to specifying and agreeing to the details about security for a communication channel, such as the details of a particular encryption scheme to be used. Once setup negotiation is complete, all communication during the session conforms to the agreed upon security protocol, which provides secure communication.
Setup negotiation is an effective tool for providing secure communication during a communication session. However, when the amount of information included in each session is small, for example when a session contains only a single message, then the overhead attributable to setup negotiation can adversely affect communication performance. Moreover, some communication architectures do not include a session layer, which requires that a session layer be added to support session type security, further degrading performance.
Another approach for providing a secure communication channel involves encrypting or encoding data at a specific layer on a transmitting network node and then decrypting or decoding the data at a corresponding layer on a destination network node. Encrypting data at a specific layer typically involves applying an encryption algorithm based upon the format of data at a particular layer. Header data added by higher layers is also encrypted. Layer-specific encryption is particularly useful in datagram-based or packet-based networks which are typically sessionless and encapsulate data in datagram packets or some other type of data packet. For example, header data may be added to a data packet so that the data packet conforms to a particular format. This approach also provides for multiple encryptions to be performed at different layers.
Although layer-specific encryption can provide a secure communication channel while avoiding the overhead penalty associated with setup negotiation, it does have several limitations. First, all encryption and decryption must occur at the same corresponding layer on both the transmitting and receiving network nodes, according to the specific protocol supported by that layer. For example, Simple Key Management for Internet Protocols (SKIP) is designed to be used with internet protocol packets at the network layer, which requires internet layer specific function calls. On the other hand, Netscape Communications Corporation's Secure Sockets Layer (SSL) is designed to be used at the (Unix) socket layer and requires socket layer-specific function calls to encrypt and decrypt data. The result is that one application implementing security according to SKIP cannot interact with another application implementing security according to SSL.
In addition, layer-specific encryption can be difficult to employ in object-oriented environments because of the inherent level of abstraction required. For example, some layers operate on data bytes, which often is a much lower level than objects in an object oriented environment.
In view of both the need to provide secure communication channels and the limitations in the prior approaches, an approach for providing a secure communication channel which does not rely upon layer-specific encryption and which does not require setup negotiation is highly desirable.