1. Field of the Invention
The present invention relates to an apparatus and method for secure communications between computers, and more particularly to the application of end-to-end encryption to ensure secure communications on standard communications media.
2. Background Information
In the design of a secure computing environment the communication links are the most difficult to protect and therefore the easiest to compromise. Terminals and computers can be placed in limited access, physically secure areas to limit exposure to hostile agents. But any computer with an electrical connection extending outside the physically secure area is subject to penetration and compromise. Communication links can be attacked in a variety of ways. Active attacks are those in which masquerading "imposter" hardware or software is inserted into the link. For example, hardware might be inserted that emulates a user with extensive access privileges in order to access sensitive information. Or a shell program may be constructed that deceives a user into revealing sensitive information such as a password. Passive attacks are those in which data on the link intended for one user is copied and sent to another user, or captured by other individuals.
As computers have proliferated various methods have developed for computer-to-computer and computer-to-terminal communication. The first communications were point-to-point. However, as the number of points increased, point-to-point communications became too complex and costly. For large networks over relatively short distances, point-to-point connections have been replaced with local area networks (LANs) such as Ethernet or Token Ring which permit communication between a number of different computers and terminals on one or two wires.
For longer distances, modems offer a point-to-point link over a telephone line. Wide area networks (WANs) using combinations of fiber optic and copper telephone lines connect local area networks into larger networks.
Networks are at great risk in a security breach. The typical computer network functions like a telephone party line; anyone on the line can listen to and participate in the conversation. Passive attacks can eavesdrop on all communication on the network while active attacks have the potential to gain access to each network computer.
There are two aspects to security in a computer network with remote nodes. The first is authenticating the identity of both the source and the destination node in a communication. The second is making sure that communication between the nodes remains confidential.
Prior art systems have typically addressed one or the other of these security aspects. Perhaps the best known identity authentication method is the use of a password on logging into a system. Passwords provide a level of user authentication by tying a series of keystrokes to a user. The user must enter the password at the beginning of a session, or when moving to a higher level of access privilege.
A second method is the use of a dial-back modem. Dialback modems are used to verify that the location of the remote device is one of the acceptable places for remote devices. This reduces the chances of an unauthorized user accessing the computer by requiring all remote access be performed from a set of authorized sites.
These techniques and others like them rely on restricting access to a computer service to authenticated users. Once the restriction is overcome, access is achieved and there is no more checking. These methods offer limited feedback to the user; security is geared toward authenticating the remote site, not the computer being addressed. This approach is flawed in a security sense. There are certain functions where one wants to make sure that both ends--the computer and the user--are sure who is at the other end. The computer needs to make sure that it is talking to the authorized user and the authorized user needs to make sure he or she is talking to the computer and not some piece of malicious software masquerading as the computer.
Efforts to keep communications confidential have typically revolved around encrypting data prior to sending it on an unsecured medium or securing the medium by building a barrier around it to restrict access (hardening). Attempts to encrypt data traffic to improve security have encountered little commercial success due to a reliance on costly cryptographic devices which depend on complex and error-prone procedures for management of cryptographic keys and which may be subject to export restrictions. Hardening is often costly and may be impossible to accomplish (for instance, on public telephone lines).
It is clear that there is a need for an improved method of communication between computers and between computers and terminals that provides a high degree of security in data transfers. The method should provide a mechanism for authenticating the source node and the destination node in each message transfer and for maintaining confidentiality within each transfer. It should limit cost by permitting the use of standard communications methods and media.