Digital devices often exchange messages to communicate with each other. These messages can contain not only the information meant to be communicated, but also other information such as routing information. In some cases, network topology information can be determined by examining, for example, routing information exchanged between digital devices. For example, when sending a message, a sender may insert routing information into the message and send the message to a receiver on a path that travels through various other devices. Some of these devices may add further routing information, such as their network addresses, to the routing information associated with the message. The receiver of the message can include the routing information in its response so that the response can be correctly routed back to the sender. However, network providers may wish to keep this routing information away from, for example, attackers, other networks, network subscribers, or any entity that does require access to the information.
One reason to keep network topology information private is that attackers can use this information to identify parts of a network for attack. For example, an attacker masquerading as a legitimate user may examine the headers of a packet it receives from a network to determine the address of a critical component of that network. The attacker may then directly target the critical component with an attack, such as, for example, a denial-of-service (DoS) attack. A network provider may also want to keep network topology information private for reasons other than attack avoidance. For example, an IP address read from a packet header may reveal that a network provider has contracted to use the equipment of another entity (e.g., a competitor, a sub contractor, etc.). However, the network provider may have preferred to keep this information confidential for business reasons.
One method that can be used to protect network routing information in packets is encryption. For example, a network component that sends a packet to a mobile device can encrypt topology information that is needed by the network for routing responses from mobile devices, but is not directly needed by the mobile devices. A mobile device can insert the encrypted topology information into its response to the network component. The network can then decrypt the encrypted topology information and use it as necessary. However, mere encryption of the header may still leave the network vulnerable. For example, topology information may be inadvertently or maliciously removed such that the packet lacks proper routing information. Alternatively, an encrypted header may be altered so that a response cannot be routed or is routed improperly. It is also possible that an attacker may be able to decrypt an encrypted header and thus access the header and its now unprotected topology information.