1. Field of the Invention
The present invention relates to the field of computer networking. More specifically, the present invention relates to improving security between a client and a server in a computer network.
2. The Background Art
The use of computer networks has increased dramatically in recent years, with the rise of the Internet and with more and more businesses creating internal networks to increase worker efficiency. Along with this surge in network usage, however, comes an ever-growing concern over security issues. With highly secretive pieces of information now being placed on computer networks, the potential for serious security breaches is at an all-time high.
Within a computer network, most or all of the pieces of hardware and software programs comply with a series of protocols that define how the network is to operate. Examples of these protocols include Internet Protocol (IP), Remote Authorization Dial In User Server (RADIUS), Terminal Access Controller Access Control System (TACACS), and Internetwork Operating System (IOS).
FIG. 1 is a diagram depicting a typical network environment. Generally, the act of accessing a computer network proceeds as follows. First, a user uses his or her computer (known as the client) 10 to connect to a computer network 12, either through dialing a phone number through a modem 14 to connect to a network access server 16 or by directly connecting to a network access server 16 on the network. A network access server is a device which has one or more modems, access points, or other communications devices and facilitates access to the network from the outside world. The user may then be prompted for a user name and password, which is then authenticated by an authentication server 18. If the user name and password are accurate, the user is granted access to the network 12.
However, just because the user has access to the network does not mean that the user has access to every piece of information on the network. Many networks have a hierarchy of access privileges, wherein some users are granted unlimited access while some users may have access to only certain types of information. Many times the restricted information is contained on a specific server 20 on the network. This makes it easy to keep users with low-level access privileges (or unauthorized users who nevertheless were able to gain access to the network) from accessing restricted information.
A problem arises, however, in that even without access privileges to a specific server, a user may still be able to determine the location of the server. Typically, when a user requests the restricted information, some sort of database (such as a Domain Name Sever (DNS) or a local configuration) is accessed and the location of the server is acquired. The location of the server may include an Internet Protocol (IP) address as well as a port number. At this point, the client contacts the server and attempts to negotiate a session with it. This is known as the session negotiation phase. While an unauthorized user will not normally be granted access to the server (because during the session negotiation stage the server will determine that the user does not have the proper level of access privileges), the unauthorized user nevertheless has already found out the location of the server.
The information regarding the location of the server may be misused in several ways. First, the user may continuously send a very large number of messages to the server, thus bombarding it with traffic. This could bog down the server to a point where it is not functional, or at least create a logjam on the server such that productivity is severely limited. Second, by knowing the location of the server the client may be able to make many attempts at communications between itself and the server and feel the system out for weak spots. For example, after many attempts at communication, the client may be able to determine the format of data sent from the server, and through cryptoanalysis may then be able to find the key, which unlocks encrypted data. With the key, the client could even impersonate a user with high-level access and may thus be able to break in to the server and steal or change vital information.
After negotiation between a client and server is successful, the session begins the data exchange phase. At this phase, the client sends a request to the server, to which the server responds. The response may involve transmission of data. Another security problem arises when an unauthorized user interrupts a pre-existing session between an authorized user and the server with a request of its own. Since the server is in a mode where it is responding to requests, it may respond to the request of the unauthorized client, thus revealing secured data. Additionally, even if the server does not reveal secured data because it determines that the request was made from an unauthorized user, it will generally still respond in some way, even if it is simply a message stating, in effect, xe2x80x9caccess deniedxe2x80x9d. This leads to the same potential misuse of the information regarding the server""s location as occurred in the session negotiation stage.
Another security concern that arises in network communication is the protection of the data itself as it is transmitted. Numerous encryption schemes have been devised which prevent unauthorized users who manage to gain access to secured data from reading or understanding it. Modern encryption systems are generally based on a cryptographic algorithm, also called a cipher, which is essentially just a mathematical algorithm used for encryption and decryption. Within the algorithm, there is a variable called a key, which is any one of a large number of different values. Generally, the sender and the receiver have a predefined key, and thus nobody can decrypt the encrypted data without knowing the value of that key.
While data encryption has been hugely successful in maintaining data security, there are still several issues that arise. First, it is possible that an unauthorized user may determine the value of the key, and then be able to view encrypted information. Additionally, with the rise of networking capabilities, there has also been a rise in the need for flexibility of systems. A single encryption algorithm may not be sufficient to support the large number of varied devices that communicate across the network.
A concern that arises when trying to remedy these security issues is compatibility. Existing networks have been designed for use with specific protocols and software, and altering them too much may be too much of a burden to place on the operators of the existing networks. It is preferable to have solutions that will not require pre-existing networks to drastically alter the protocols or software currently being used.
Improved security between a client and a server in a computer network is provided by allowing either endpoint (the client or the server) to initiate request messages. In this way, it is possible to configure the system so that the server always makes the opening move of negotiation, allowing the location of the server to remain hidden until a legal session is established. Dynamic relocation of the server further hides the location of the server from unauthorized users. Additionally, each message may be authenticated individually as it is received, with the endpoint making no response to an unauthentic message, thus preventing attacks on its security. Finally, negotiation of both the encryption method and the key used in the encryption process allows for the rapid reconfiguration of encryption to protect against unauthorized users who may have broken the code.