1. Field of the Invention
The present invention relates generally to asynchronous transfer mode (ATM) networks, and more specifically to a secure Internet communication using TCP(transmission control protocol/IP (Internet protocol) protocol over ATM networks.
2. Description of the Related Art
In a communication system using TCP/IP protocols over an ATM network, the IP protocol is used as a network-layer protocol and the TCP/UDP protocol is used as a transport-layer protocol for routing packets and these protocol functions are provided by routers. Usually, the router has a number of network interfaces and handles processes up to the network layer. Some routers handle part of the transport layer. One of the functions of the router is the technique known as "packet filtering" to ensure security of communication at the edge of a network. When an IP node outside of a network wishes to communicate with an IP node inside the network, the router examines every arriving packet by reading the headers of the network and transport layers to determine whether the packet is allowed or discarded. Specifically, the IP addresses and TCP (UDP, i.e., user datagram protocol) port numbers of those IP nodes that are allowed are set into the router and the network and transport addresses of every incoming packets are checked against the stored data to determine accessibility to internal nodes. Depending on the layer at which filtering occurs, packet filtering is classified as network-layer filtering or transport-layer filtering.
On the other hand, communications system specified by the ATM Forum and IETF (Internet Engineering Task Force) use ATM as the second layer of the OSI (Open System Interconnection) reference model and the TCP/IP protocol as the third and fourth layers of the OSI reference model. Studies currently undertaken include the use of NHRP (next hop resolution protocol) scheme and MPOA (multiprotocol over ATM) system, where high speed ATM switches are provided, instead of conventional routers. ATM switches use a signaling procedure to establish a virtual connection between source and destination IP nodes prior to the transmission of transport-layer (TCP/UDP) packets. These packets are segmented into fixed-length cells at the source IP node and transmitted over the established virtual connection and reassembled at the destination IP node into a TCP/UDP packet.
However, since the TCP/UDP and IP headers of cells are not examined by transit switches as they propagate through the ATM network, the router's packet filtering function at the network-layer and transport-layer levels is not performed. Therefore, a need exists for ATM communication systems where security is a critical problem.