Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
6092191
Shimbo , ; et al.
July 18, 2000
Title
Packet authentication and packet encryption/decryption scheme for security gateway
Abstract
A packet authentication and packet encryption/decryption scheme for a security gateway suitable for a hierarchically organized network system and a mobile computing environment. For the packet authentication, in addition to the end-to-end authentication at the destination side packet processing device, the link-by-link authentication at each intermediate packet processing device in the packet transfer route is used. The link-to-link authentication data being inspected by intermediate nodes and end-to-end data (different from link-to-link data) being inspected by destination node but not being inspected by intermediate nodes. For the packet encryption/decryption, each packet processing device determines whether or not to encrypt/decrypt the packet according to: an information on the computers which are directly managed by this packet processing device; or the encryption information and the signature information provided in the packet; or the encryption information, the signature information, and the encryption/decryption level information provided in the packer.
Inventors:
Shimbo; Atsushi
(Chiba,
JP
)
, Inoue; Atsushi
(Kanagawa,
JP
)
, Ishiyama; Masahiro
(Kanagawa,
JP
)
, Okamoto; Toshio
(Kanagawa,
JP
)
Assignee:
Kabushiki Kaisha Toshiba
(Kawasaki,
JP
)
Appl. No.:
758479
Filed:
November 29, 1996
Foreign Application Priority Data
Nov 30, 1995 [JP] P07-312593
Nov 30, 1995 [JP] P07-313307
Nov 07, 1996 [JP] P08-295116
Current U.S. Class:
713/153
713/162
713/168
713/181
380/258
709/228
709/229
709/238
709/240
709/242
709/243
709/244
709/245
Field of Search:
380/23,25,49,50,258 395/200.58,200.59,200.68,200.75 709/228,229,238,245,240,242,243,244 713/162,153,168,181
U.S. Patent Documents
5455865
October 1995
Perlman
Other References
Computer Dictionary, by Microsoft Press, third edition, p. 36, 1997. .
"Information Technology-Security Techniques-Data Integrity Mechanism Using a Cruptographic Check Function Employing a Block Cipher Algorithm", International Standard, ISO/IEC 9797: (1993) (E). pp. 1-7..~
Primary Examiner:
Hayes; Gail O.
Assistant Examiner:
Sayadian; Hrayr A.
Attorney, Agent or Firm:
Foley & Lardner
Claims
What is claimed is:
1. A method for transferring a packet from a source computer to a destination computer in a network system formed by a plurality of computer networks in which a packet processing device is provided it a boundary between each computer network and an external of said each computer network, the method comprising the steps of:
(a) transferring the packet transmitted by the source computer from a source side packet processing device managing the source computer to an adjacent packet processing device in a packet transfer route, after attaching to the packet an end-to-end authentication data for inspection by a destination side packet processing device managing the destination computer and not by any intermediate packet processing device in the packet transfer route and a link-by-link authentication data for inspection by at least one intermediate packet processing device in the packet transfer route;
(b) inspecting the link-by-link authentication data attached to the packet at said at least one intermediate packet processing device without inspecting the end-to-end authentication data, and transferring the packet from said at least one intermediate packet processing device to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the link-by-link authentication data; and
(c) inspecting the end-to-end authentication data attached to the packet at the destination side packet processing device, and transferring the packet from the destination side packet processing device to the destination computer when the packet is authenticated by an inspection of the end-to-end authentication data.
2. The method of claim 1, wherein at the step (a) the source side packet processing device attaches the link-by-link authentication data for inspection by said at least one intermediate packet processing device which is said adjacent packet processing device in the packet transfer route; and
at the step (b) a corresponding link-by-link authentication data attached to the packet is inspected at each intermediate packet processing device in the packet transfer route including said adjacent packet processing device, and the packet is transferred from said each intermediate packet processing device to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the corresponding link-by-link authentication data.
3. The method of claim 2, wherein the source side packet processing device generates the end-to-end authentication data at the step (a) by using an authentication key corresponding to the destination side packet processing device which is determined from an address information in the packet, and the destination side packet processing device inspects the end-to-end authentication data at the step (c) by using an authentication key corresponding to the source side packet processing device which is determined from the address information in the packet.
4. The method of claim 2, wherein the source side packet processing device generates the link-by-link authentication data at the step (a) by using an authentication key corresponding to said adjacent packet processing device which is determined from an address information in the packet.
5. The method of claim 2, wherein said each intermediate packet processing device inspects the corresponding link-by-link authentication data at the step (b) by using an authentication key determined from the address information in the packet.
6. The method of claim 2, wherein sa-d each intermediate packet processing device transfers the packet as received when the packet is authenticated at the step (b).
7. The method of claim 2, wherein said each intermediate packet processing device transfers the packet after removing the corresponding link-by-link authentication data from the packet when the packet is authenticated at the step (b).
8. The method of claim 2, wherein said each intermediate packet processing device generates a new link-by-link authentication data for inspection by the next packet processing device, and transfers the packet after attaching the new link-by-link authentication data to the packet at the step (b).
9. The method of claim 8, wherein said each intermediate packet processing device generates the new link-by-link authentication data at the step (b) by using an authentication key corresponding to the next packet processing device which is determined from an address information in the packet.
10. The method of claim 2, wherein the source side packet processing device generates each corresponding link-by-link authentication data to be inspected by said each intermediate packet processing device, and transfers the packet after attaching all the corresponding link-by-link authentication data for all intermediate packet processing devices in the packet transfer route to the packet at the step (a).
11. The method of claim 10, wherein the source side packet processing device generates said each corresponding link-by-link authentication data at the step (a) by using an authentication key corresponding to said each intermediate packet processing device which is determined from an address information in the packet.
12. The method of claim 2, wherein the source side packet processing device generates a common link-by-link authentication data to be inspected by
every intermediate packet processing device in the packet transfer route at the step (a), and said each intermediate packet processing device inspects said common link-by-link authentication data as the corresponding link-by-link authentication data at the step (b).
13. The method of claim 12, wherein the source side packet processing device generates said common link-by-link authentication data at the step (a) by using an authentication key common to all intermediate packet processing devices in the packet transfer route which is determined from an address information in the packet.
14. The method of claim 2, wherein the source computer is a mobile computer capable of carrying out communications by moving among the computer networks in the network system, and the source side packet processing device is implemented in the mobile computer, so that the packet is transferred by the source side packet processing device in the mobile computer at the step (a).
15. The method of claim 2, wherein he destination computer is a mobile computer capable of carrying out communications by moving among the computer networks in the network system, and the destination side packet processing device is implemented in the mobile computer, so that the packet is inspected by the destination side packet processing device in the mobile computer at the step (c).
16. The method of claim 2, wherein at the step (a), the source side packet processing device generates the end-to-end authentication data depending on all bits of the packet transmitted by the source computer, and the link-by-link authentication data depending on selective bits corresponding to a part of data formed by the packet transmitted by the source computer and the end-to-end authentication data which contains the end-to-end authentication data.
17. The method of claim 2, wherein at the step (a), the source side packet processing device generates the end-to-end authentication data and the link-by-link authentication data depending on all bits of the packet transmitted by the source computer.
18. A packet processing device for transferring a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the device being provided at a boundary between one computer network and an external of said one computer network, and the device comprising:
authentication data generation means for generating an end-to-end authentication data for inspection by a destination side packet processing device managing the destination computer and not by any intermediate packet processing device in a packet transfer route and a link-by-link authentication data for inspection by at least one intermediate packet processing device in the packet transfer route;
packet formatting means for attaching the end-to-end authentication data and the link-by-link authentication data generated by the authentication data generation means to the packet transmitted by the source computer; and
transfer means for transferring the packet with the end-to-end authentication data and the link-by-link authentication data attached thereto by the packet formatting means, to an adjacent packet processing device in the packet transfer route.
19. The device of claim 18, wherein the authentication data generation means generates the link-by-link authentication data for inspection by said at least one intermediate packet processing device which is said adjacent packet processing device in the packet transfer route.
20. The device of claim 19, wherein the authentication data generation means generates the end-to-end authentication data by using an authentication key corresponding to the destination side packet processing device which is determined from an address information in the packet.
21. The device of claim 19, wherein the authentication data generation means generates the link-by-link authentication data by using an authentication key corresponding to said adjacent packet processing device which is determined from an address information in the packet.
22. The device of claim 19, further comprising:
an authentication key memory for storing a first authentication key corresponding to the destination side packet processing device and a second authentication key corresponding to said adjacent packet processing device, in correspondence to an address information in the packet;
wherein the authentication data generation means generates the end-to-end authentication data by using the first authentication key stored in the authentication key memory, and the link-by-link authentication data by using the second authentication key stored in the authentication key memory.
23. The device of claim 19, wherein tie authentication data generation means generates each corresponding link-by-link authentication data to be inspected by each intermediate packet processing device in the packet transfer route, and the packet formatting means attaches all the corresponding link-by-link authentication data for all intermediate packet processing devices in the packet transfer route to the packet.
24. The device of claim 23, wherein the authentication data generation means generates said each corresponding link-by-link authentication data by using an authentication key corresponding to said each intermediate packet processing device which is determined from an address information in the packet.
25. The device of claim 23, Further comprising:
an authentication key memory for storing authentication keys corresponding to the destination side packet processing device and all the intermediate packet processing devices in the packet transfer route, in correspondence to an address information in the packet;
wherein the authentication data generation means generates the end-to-end authentication data and said each corresponding link-by-link authentication data by using the authentication keys stored in the authentication key memory.
26. The device of claim 19, wherein the authentication data generation means generates a common link-by-link authentication data to be inspected by every intermediate packet processing device in the packet transfer route.
27. The device of claim 26, wherein the authentication data generation means generates said common link-by-link authentication data by using an authentication key common to all intermediate packet processing devices in the packet transfer route which is determined from an address information in the packet.
28. The device of claim 26, further comprising:
an authentication key memory for storing a first authentication key corresponding to the destination side packet processing device and a second authentication key corresponding to all the intermediate packet processing devices in the packet transfer route, in correspondence to an address information in the packet;
wherein the authentication data generation means generates the end-to-end authentication data by using the first authentication key stored in the authentication key memory, and said common link-by-link authentication data by using the second authentication key stared in the authentication key memory.
29. A packet processing device for relaying a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the device being provided at a boundary between one computer network and an external of said one computer network, and the device comprising;
inspection means for inspecting a corresponding link-by-link authentication data attached to the packet received from an adjacent packet processing device in the packet transfer route, without inspecting an end-to-end authentication data for inspection by a destination side packet processing device managing the destination computer and not by any intermediate packet processing device in the packet transfer route which is also attached to the packet; and
transfer means for transferring the packet to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the corresponding link-by-link authentication data by the inspection means.
30. The device of claim 29, wherein the inspection means inspects the corresponding link-by-link authentication data by using an authentication key determined from the address information in the packet.
31. The device of claim 29, wherein the transfer means transfers the packet as received when the packet is authenticated by the inspection means.
32. The device of claim 29, farther comprising:
packet formatting means for removing the corresponding link-by-link authentication data from the packet when the packet is authenticated by the inspection means;
wherein the transfer means transfers the packet after the corresponding link-by-Link authentication data is removed from the packet by the packet formatting means.
33. The device of claim 29, further comprising:
authentication data generation means for generating a new link-by-link authentication data which is to be inspected by the next packet processing device; and
packet formatting means for attaching the new link-by-link authentication data generated by the authentication key generation means to the packet received from the adjacent packet processing device;
wherein the transfer means transfers the packet after the new link-by-link authentication data is attached to the packet by the packet formatting means.
34. An article of manufacture, comprising;
a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet processing device for transferring a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the packet processing device being provided at a boundary between one computer network and an external of said one computer network, the computer readable program code means including:
first computer readable program code means for causing said computer to generate an end-to-end authentication data for inspection by a destination side packet processing device managing the destination computer and not by any intermediate packet processing device in a packet transfer route and a link-by-link authentication data for inspection by at least one intermediate packet processing device in the packet transfer route;
second computer readable program code means for causing said computer to attach the end-to-end authentication data and the link-by-link authentication data generated by the first computer readable program code means to the packet transmitted by the source computer; and
third computer readable program code means for causing said computer to transfer the packet with the end-to-end authentication data and the link-by-link authentication data attached thereto by the second computer readable program code means, to an adjacent packet processing device in the packet transfer route.
35. An article of manufacture, comprising:
a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet processing device for relaying a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the packet processing device being provided at a boundary between one computer network and an external of said one computer network, the compute readable program code means including:
first computer readable program code means for causing said computer to inspect a corresponding link-by-link authentication data attached to the packet received from an adjacent packet processing device in the packet transfer route, without inspecting an end-to-end authentication data for inspection by a destination side packet processing device managing the destination computer and not by any intermediate packet processing device in the packet transfer route which is also attached to the packet; and
second computer readable program code means for causing said computer to transfer the packet to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the corresponding link-by-link authentication data by the first computer readable program code means.
Description
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a packet authentication scheme for a security gateway which authenticates whether a received packet is from a proper computer/user or not in order to transfer only proper packets, and a packet packet encryption/decryption scheme for a security gateway which encrypts/decrypts packets in order to prevent the information leakage in a data transfer to an external organization, in a data communication through an open network among a plurality of computers including mobile computers.
2. Description of the Background Art
Due to the spread of the Internet, it has now become possible to login to a remote computer or transfer files to a remote computer. It has also become possible to utilize services such as the electronic mall and the WWW (World Wide Web). On the other hand, in the Internet, the construction of protocols and systems with due consideration to security is delaying so that there are possibilities for illegal conducts such as stealing of secret information or deletion of important files by a malicious user who sneaks into a computer of a remote network, and wiretapping of communication data.
In order to deal with such illegal conducts, a system called firewall or security gateway is often constructed in a network of an organization such as a company. The firewall is a system to be provided at a boundary of the local network of the organization and the global Internet, which realizes the filtering of communication (the control for blocking/passing communication) in order to prevent the information leakage to the external and the improper intrusion from the external.
The firewall has an advantage in that there is no need to provide any special measure to strengthen the security at a computer (host) connected to the internal network (internal net) because the firewall can block all the dangerous communications from the external.
The basic technique used in the firewall is a packet filter, which judges whether a communication packet is for permitted communications or not according to a source host address, a destination host address, and a port number corresponding to the utilized service (such as remote login (telnet), file transfer (ftp), electronic mail (SMTP), electronic news (NNTP), WWW service (http), etc.) which are attached to the communication packet, and relays only the communication packets for the permitted communications. In this technique, a sufficient security function can be provided assuming that the host addresses and the service port number within the packet are hard to alter, However, in practice, it is possible to send a packet with an altered source host address. In order to deal with such an alteration, a system for realizing the packet filtering by means of authentication function using cryptography is available.
For the packet authentication based on cryptography, a technique called MAC (Message Authentication Code) is used in general. In this technique, it is assumed that packet source and destination sides are sharing a secret key information. The source side calculates a digest information for each packet which depends on all bits of data of that packet and a key K, and attaches this digest information to the packet. Namely, the source side calculates MAC=f(K. data), where "f" denotes a MAC calculation algorithm, "data" denotes a packet content. On the other hand, the destination side carries out the same calculation as the source side using the packet content of the received packet and the key K, and when the calculated MAC value coincides with the MAC value attached to the packet, the sender and the fact that the packet content is the transmitted data itself can be authenticated.
The introduction of the authentication function based on MAC into the firewall is described in J. Ioannidis and M. Blaze, "The Architecture and Implementation of Network-Layer Security Under Unix", USENIX/4th UNIX Security Symposium, pp. 29-39
(1993), for example.
In this manner, the sending of a packet with an altered address or port number and the alteration of a packet in a course of packet transfer can be detected, so that the safety of the firewall system can be improved drastically. This system will be referred hereafter as a firewall with authentication function.
However, the applicability of the conventional firewall with authentication function is Limited only to a case where the network to be protected has a single hierarchical level. Namely, the mechanism of the conventional firewall with authentication function is that the source host or the firewall of the network which accommodates the source host attaches the MAC to the packet, and the firewall of the network which accommodates the destination host inspects the MAC, and this mechanism cannot sufficiently deal with a case where networks to be protected are hierarchically
organized. This is because, in a case where networks to be protected on the destination side are organized in two hierarchical levels, the key K is shared by the firewall on the source side and the firewall of the first hierarchical level on the destination side so that the MAC can be inspected at the first hierarchical level on the destination side, but the firewall of the second hierarchical level on the destination side is not provided with the key K so that the MAC inspection cannot be carried out at the second hierarchical level on the destination side even when the same packet as received at the first hierarchical Level is also received at the second hierarchical level.
If the key K is shared by all of the firewall on the source side, the firewall, of the first hierarchical level on the destination side, and the firewall of the second hierarchical level on the destination side, then it would be possible for the firewall of the first hierarchical level on the destination side to pretend the firewall of the source side and send packets to the firewall of the second hierarchical level on the destination side improperly.
On the other hand, the portable computers are utilized in various situations recently, and there are, many situations where a portable computer is connected to a multi-sectional network as a mobile computer in order to carry out communications with a server computer of the home network of that mobile computer or a computer of the visited network. Even in such situations, the function of the conventional firewall with authentication function is limited. Namely, in the rirewall with authentication function, the packet inspection can be carried out between the firewall of the visited network and the firewall of the communication target network, but there is no known procedure for consistently realizing the authentication between the mobile computer and the firewall of the visited network and the authentication between the mobile computer and the communication target network.
Apart from the problem of the authentication described so far, there is also a problem regarding the protection of the communication packet content. Namely, for a case of a communication using transfer of highly secret data through an external network, there is a scheme for encrypting the packet content before the data packet is transmitted to the external, and decrypting the encrypted packet at the receiving site. In this scheme, in a case where the network to be protected has a single hierarchical level, it suffices to utilize the directionality of the packet in the judgement of a need for encryption/decryption.
However, in a case where networks to be protected are hierarchically organized, or in the mobile computer environment utilizing the mobile computer, there is an unresolved problem regarding which machine should carry out the control of encryption/decryption by what criteria. In particular, in a case of transferring packets between different hierarchical levels, it has been difficult to secure the safety and at the same time avoid the lowering of the processing efficiency due to the repeated decryption and re-encryption at each hierarchical level. Also, it has been difficult to secure the safety and at the same time flexibly control a part which should be transferred by a cipher communication and a part which should be transferred by a plain text communication.
As described, in the prior art, in a computer network in which networks to be protected are hierarchically organized, it has been difficult to safely protect the network of each hierarchical level. In addition, it has been difficult to carry out the cipher communication efficiently and safely.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a packet authentication scheme for a security gateway which is capable of protecting each network safely, even in a case where networks to be protected are hierarchically organized or in a mobile computing environment which supports mobile computers.
It is another object of the present invention to provide a packet encryption/decryption scheme for a security gateway which is capable of protecting a communication data content efficiently and safely, even in a case where networks Lo be protected are hierarchically organized or in a mobile computing environment which supports mobile computers.
According to one aspect of the present invention there is provided a method for transferring a packet from a source computer to a destination computer in a network system formed by a plurality of computer networks in which a packet processing device is provided at a boundary between each computer network and an external of said each computer network, the method comprising the steps of: (a) transferring the packet transmitted by the source computer from a source side packet processing device managing the source computer to an adjacent packet processing device in a packet transfer route, after attaching to the packet an end-to-end authentication data to be inspected by a destination side packet processing device managing the destination computer and a link-by-link authentication data to be inspected by at least one intermediate packet processing device in the packet transfer route: (b) inspecting the link-by-link authentication data attached to the packet at said at least one intermediate packet processing device, and transferring the packet from said at least one intermediate packet processing device to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the link-by-link authentication data; and (c) inspecting the end-to-end authentication data attached to the packet at the destination side packet processing device, and transferring the packet from the destination side packet processing device to the destination computer when the packet is authenticated by an inspection of the end-to-end authentication data.
According to another aspect of the present invention there is provided a method for transferring i packet from a source computer to a destination computer in a network system formed by a plurality of computer networks in which a packet processing device is provided at a boundary between each computer network and an external of said each computer network, the method comprising the steps of: (a) transferring the packet transmitted by the source computer from a source side packet processing device managing the source computer to an adjacent packet processing device in a packet transfer route, after attaching to the packet an end-to-end authentication data to be inspected by a destination side packet processing device managing the destination computer: (b) transferring the packet from each intermediate packet processing device in the packet transfer route to a next packet processing device in the packet transfer route when the packet is destined to another packet processing device in the packet transfer route; and (c) inspecting the end-to-end authentication data attached to the packet at the destination side packet processing device, and transferring the packet from the destination side packet processing device to the destination computer when the packet is authenticated by an inspection of the end-to-end authentication data.
According to another aspect of the present invention there is provided a packet processing device for transferring a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computes networks, the device being provided at a boundary between one computer network and an external of said one computer network, and the device comprising: authentication data generation means for generating an end-to-end to-end authentication data to be inspected by a destination side packet processing device managing the destination computer and a link-by-link authentication data to be inspected by at least one intermediate packet processing device in a packet transfer route; packet formatting means for attaching the end-to-end authentication data and the link-by-link authentication data generated by the authentication data generation means to the packet transmitted by the source computer; and transfer means for transferring the packet with the end-to-end authentication data and the link-by-link authentication data attached thereto by the packet formatting means, to an adjacent packet processing device in the packet transfer route.
According to another aspect of the present invention there is provided a packet processing device for relaying a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the device being provided at a boundary between one computer network and an external of said one computer network, and the device comprising: inspection means for inspecting a corresponding link-by-link authentication data attached to the packet received from an adjacent packet processing device in the packet transfer route; and transfer means for transferring the packet to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the corresponding link-by-link authentication data by the inspection means.
According to another aspect of the present invention there is provided a method for encrypting a packet at a packet processing device provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the method comprising the steps of: storing an address information for computers which are directly managed by the packet processing device; judging whether a source computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a source address in the packet with the address information stored at the storing step: and encrypting a data portion of the packet at the packet processing device when the source computer of the packet is judged as one of the computers which are directly managed by the packet processing device at the judging step.
According to another aspect of the present invention there is provided a method for encrypting a packet at a packet processing device provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the method comprising the steps of: checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or nonencrypted; and encrypting a data portion of the packet at the packet processing device when the encrypt-on information indicates that the packet is non-encrypted and the signature information is absent as a result of the checking step, while changing the encryption information in the packet to indicate that the packet is encrypted, and attaching the signature information of the packet processing device to the packet.
According to another aspect of the present invention there is provided a method for encrypting a packet at a packet processing device provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the method comprising the steps of: storing an address information for computers which are connected to lower level computer networks of said one computer network, in correspondence to a level information for each computer indicating a number of packet processing devices to be passed in reaching to each computer; checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or non-encrypted; obtaining the level information for a source computer of the packet from a source address in the packet, according to the address information and the level information stored at the storing step, when the encryption information indicates that the packet is non-encrypted and the signature information is absent as a result of the checking step; and encrypting a data portion of the packet at the packet processing device when an encryption level information in the packet coincides with the level information for the source computer of the packet obtained at the obtaining step, while changing the encryption information in the packet to indicate that the packet is encrypted, and attaching the signature information of the packet processing device to the packet.
According to another aspect of the present invention there is provided a method for decrypting a packet at a packet processing device provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the method comprising the steps of: storing an address information for computers which are directly managed by the packet processing device; judging whether a destination computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a destination address in the packet with the address information stored at the storing step; and decrypting a data portion of the packet at the packet processing device when the destination computer of the packet is judged as one of the computers which are directly managed by the packet processing device at the judging step.
According to another aspect of the present invention there is provided a method for decrypting a packet at a packet processing device provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the method comprising the steps of: storing an address information for computers which are connected to lower level computer networks of said one computer network, in correspondence to a level information for each computer indicating a number of packet processing devices to be passed in reaching to each computer; checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or non-encrypted; obtaining the level information for a destination computer of the packet from a destination address in the packet, according to the address information and the level information stored at the storing step, when the encryption information indicates that the packet is encrypted and the signature information is present as a result of the checking step; and decrypting a data portion of the packet at the packet processing device when a decryption level information in the packet coincides with the level information for the destination computer of the packet obtained at the obtaining step.
According to another aspect of the present invention there is provided a packet processing device for encrypting a packet, the device being provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, and the device comprising: a memory for storing an address information for computers which are directly managed by the packet processing device; judging means for judging whether a source computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a source address in the packet with the address information stored in the memory; and encryption means for encrypting a data portion of the packet when the source computer of the packet is judged as one of the computers which are directly managed by the packet processing device by the judging means.
According to another aspect of the present invention there is provided a packet processing device for encrypting a packet, the device being provided at a boundary between one computer network and en external of said one computer network in a network system formed by a plurality of computer networks, and the device comprising: checking means for checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or non-encrypted; and encryption means for encrypting a data portion of the packet when the encryption information indicates that the packet is non-encrypted and the signature information is absent as a result of checking by the checking means, while changing the encryption information in the packet to indicate that the packet is encrypted, and attaching the signature information of the packet processing device to the packet.
According to another aspect of the present invention there is provided a packet processing device for encrypting a packet, the device being provided at a boundary between one computer network and an external of
said one computer network in a network system formed by a plurality of computer networks, and the device comprising: a memory for storing an address information for computers which are connected to lower level computer networks of said one computer network, in correspondence to a level information for each computer indicating a number of packet processing devices to be passed in reaching to each computer; checking means for checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or non-encrypted; obtaining means for obtaining the level information for a source computer of the packet from a source address in the packet, according to the address information and the level information stored in the memory, when the encryption information indicates that the packet is non-encrypted and the signature information is absent as a result of checking by the checking means; and encryption means for encrypting a data portion of the packet when an encryption level information in the packet coincides with the level information for the source computer of the packet obtained by the obtaining means, while changing the encryption information in the packet to indicate that the packet is encrypted, and attaching the signature information of the packet processing device to the packet.
According to another aspect of the present invention there is provided a packet processing device for decrypting a packet, the device being provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, and the device comprising: a memory for storing an address information for computers which are directly managed by the packet processing device; judging means for judging whether a destination computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a destination address in the packet with the address information stored in the memory; and decryption means for decrypting a data portion of the packet when the destination computer of the packet is judged as one of the computers which are directly managed by the packet processing device by the judging means.
According to another aspect of the present invention there is provided a packet processing device for decrypting a packet, the device being provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, and the device comprising: a memory for storing an address information for computers which are connected to lower level computer networks of said one computer network, in correspondence to a level information for each computer indicating a number of packet processing devices to be passed in reaching to each computer; checking means for checking an encryption information and a presence/absence of a signature information in a packet passing through the packet processing device, the encryption information indicating whether the packet is encrypted or non-encrypted: obtaining means for obtaining the level information for a destination computer of the packet from a destination address in the packet, according to the address information and the level information stored in the memory, when the encryption information indicates that the packet is encrypted and the signature information is present as a result of checking by the checking means; and decryption means for decrypting a data portion of the packet when a decryption level information in the packet coincides with the level information for the destination computer of the packet obtained by the obtaining means.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet processing device for transferring a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the packet processing device being provided at a boundary between one computer network and an external of said one computer network, the computer readable program code means including; first computer readable program code means for causing said computer to generate an end-to-end authentication data to be inspected by a destination side packet processing device managing the destination computer and a link-by-link authentication data to be inspected by at least one intermediate packet processing device in a packet transfer route; second computer readable program code means for causing said computer to attach the end-to-end authentication data and the link-by-link authentication data generated by the first computer readable program code means to the packet transmitted by the source computer; and third computer readable program code means for causing said computer to transfer the packet with the end-to-end authentication data and the link-by-link authentication data attached thereto by the second computer readable program code means, to an adjacent packet processing device in the packet transfer route.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet processing device for relaying a packet transmitted from a source computer to a destination computer in a network system formed by a plurality of computer networks, the packet processing device being provided at a boundary between one computer network and an external of said one computer network, the computer readable program code means including: first computer readable program code means for causing said computer to inspect a corresponding link-by-link authentication data attached to the packet received from an adjacent packet processing device in the packet transfer route; and second computer readable program code means for causing said computer to transfer the packet to a next packet processing device in the packet transfer route when the packet is authenticated by an inspection of the corresponding link-by-link authentication data by the first computer readable program code means.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a Computer to function as a packet processing device for encrypting a packet, the packet processing device being provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the computer readable program code means including: first computer readable program code means for causing said computer to store an address information for computers which are directly managed by the packet processing device; second computer readable program code means for causing said computer to judge whether a source computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a source address in the packet with the address information stored by the first computer readable program code means; and third computer readable program code means for causing said computer to encrypt a data portion of the packet when the source computer of the packet is judged as one of the computers which are directly managed by the packet processing device by the second computer readable program code means.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet processing device for decrypting a packet, the packet processing device being provided at a boundary between one computer network and an external of said one computer network in a network system formed by a plurality of computer networks, the computer readable program code means including: first computer readable program code means for causing said computer to store an address information for computers which are directly managed by the packet processing device; second computer readable program code means for causing said computer to judge whether a destination computer of a packet passing through the packet processing device is one of the computers which are directly managed by the packet processing device, by comparing a destination address in the packet with the address information stored by the first computer readable program code means; and third computer readable program code means for causing said computer to decrypt a data portion of the packet when the destination computer of the packet is judged as one of the computers which are directly managed by the packet processing device by the second computer readable program code means.
Other features and advantages of the present invention will become apparent from the following description taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of an exemplary computer network system using security gateways according to the present invention.
FIG. 2 is a diagram showing an exemplary packet flow in the computer network system of FIG. 1 according to the present invention.
FIG. 3 is a block diagram of an exemplary configuration of a security gateway in the first embodiment of the present invention.
FIG. 4 is a diagram showing one exemplary format for a content of a packet to be transferred in the first embodiment of the present invention.
FIG. 5 is a diagram showing another exemplary format for a packet to be transferred in the first embodiment of the present invention.
FIG. 6 is a diagram showing an exemplary authentication key table used in the first embodiment of the present invention.
FIG. 7 is a diagram showing an exemplary packet transfer processing in the first embodiment of the present invention.
FIG. 8 is a flow chart for the processing procedure of a security gateway in the first embodiment of the present invention.
FIG. 9 is a diagram showing an exemplary configuration of a packet with parts to be protected by different authentication codes in the first embodiment of the present invention.
FIG. 10 is a block diagram of an exemplary configuration of a security gateway at a source side in the second embodiment of the present invention.
FIG. 11 is a block diagram of an exemplary configuration of a security gateway on a transfer route in the second embodiment of the present invention.
FIG. 12 is a diagram showing an exemplary packet transfer processing in the second embodiment of the present invention.
FIG. 13 is a diagram showing an exemplary authentication key table used in the second embodiment of the present invention.
FIG. 14 is a flow chart for the processing procedure of a security gateway in the second embodiment of the present invention.
FIG. 15 is a diagram showing an exemplary packet transfer processing in the third embodiment of the present invention.
FIG. 16 is a flow chart for one part of the processing procedure of a security gateway in the third embodiment of the present invention.
FIG. 17 is a flow chart for another part of the processing procedure of a security gateway in the third embodiment of the present invention.
FIG. 18 is a diagram showing an exemplary packet transfer processing in the fourth embodiment of the present invention.
FIG. 19 is a block diagram of an exemplary configuration of a host incorporating the packet authentication function of the present invention.
FIG. 20 is a diagram showing an exemplary packet transfer processing in a case of using a mobile computer according to the present invention.
FIG. 21 is a block diagram of a basic configuration of a type I security gateway in the fifth embodiment of the present invention.
FIG. 22 is a diagram showing an exemplary format of a data packet for the type I security gateway of FIG. 21 in the fifth embodiment of the present invention.
FIG. 23 is a flow chart for the operation of the type I security gateway of FIG. 21 in the fifth embodiment of the present invention.
FIG. 24 is a block diagram showing an exemplary packet encryption/decryption processing in the fifth embodiment of the present invention.
FIG. 25 is a block diagram of a basic configuration of a type II security gateway in the fifth embodiment of the present invention.
FIG. 26 is a flow chart for the operation of the type II security gateway of FIG. 25 in the fifth embodiment of the present invention.
FIG. 27 is a block diagram of an exemplary network system for using a type III or type IV security gateway in the fifth embodiment of the present invention.
FIG. 28 is a block diagram of a basic configuration of a type III or type IV security gateway in the fifth embodiment of the present invention.
FIG. 29 is a diagram showing an exemplary format of a data packet for the type III security gateway of FIG. 28 in the fifth embodiment of the present invention.
FIG. 30 is a diagram showing an exemplary format of a data packet for the type IV security gateway of FIG. 28 in the fifth embodiment of the present invention.
FIG. 31 is a block diagram of an exemplary network system showing a case in which a use of the type III or type IV security gateway in the fifth embodiment of the present invention is effective.
FIG. 32 is a flow chart for the error judgement processing in the type III or type IV security gateway in the fifth embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
First, an overview of various aspects of the present invention will be described briefly.
FIG. 1 shows an exemplary computer network system suitable for the present invention.
In the following description, a network which is to be protected and managed by a security gateway will be referred to as a management target network.
In the present invention, for each security gateway, management target networks and external networks which are networks other than the management target networks are defined, and the security gateway functions to prevent an intrusion of suspicious packets from the external network into the management target network, and an outflow of suspicious packets from the management target network to the external network. For instance, in the computer network system of FIG. 1, a management target network of a security gateway GA1 is a section-A1 network, and a management target network of a security gateway GA11 is a section-A11 network.
Here, a computer which is directly accommodated in the management target network implies the following. Namely, from a viewpoint of one computer, there is a security gateway which must be passed first at a time of transmitting packets to the external network and which must be passed last at a time of receiving packets from the external network, and this one computer is said to be directly accommodated in the management target network of such a security gateway (or such a security gateway is said to directly manage this one computer). For instance, in the computer network system of FIG. 1. a computer H3 is directly accommodated in the management target network A1 (section-A1 network), and a computer H4 is directly accommodated in the management target network A (organizition-A network).
In the computer network to which the present application is applied, a packet passes through several security gateways while it reaches from a source host to a final destination host. At a time of packet transmission to the external or packet inflow from the external, each security gateway executes the authentication processing (attaching or inspecting authentication information) according to the need.
The first aspect of the present invention relates to the packet authentication function. In this first aspect, an authentication key is shared link-by-link along a packet transfer route among security gateways
existing on the packet transfer route. In addition, another authentication key is shared end-to-end between a security gateway (referred hereafter as a source side gateway) of a network which directly accommodates the source host and a security gateway (referred hereafter as a destination side gateway) of a network which directly accommodates the final destination host.
The source side gateway calculates two authentication codes including a 1st authentication code using a 1st authentication key which is shared end-to-end, and a 2nd authentication code using a 2nd authentication key which is shared link-by-link with a next security gateway along the packet transfer route. The packet is transferred after these two authentication codes are attached thereto.
The next security gateway inspects the 2nd authentication code attached to the packet by using the 2nd authentication key which is shared link-by-link with the source side gateway. When the inspection passes, a 3rd authentication code for the packet data is generated by using a 3rd authentication key which is shared link-by-link with a further next security gateway along the packet transfer route. The packet is transferred after the 2nd authentication code is removed therefrom and the 3rd authentication code is attached thereto instead.
In this manner, each security gateway existing on the packet transfer route carries out the packet transfer by repeating the inspection of the authentication code and the replacement of the inspected authentication code by a newly generated authentication code with its neighboring security gateways. Consequently, each security gateway can confirm that the packet is transferred from a neighboring security gateway along the packet transfer route, and that the packet content is not altered.
In addition, the destination side gateway inspects not just the authentication code attached by the security gateway of the immediately preceding hop, jut also the 1st authentication code attached by the source side gateway. By means of this inspection of the 1st authentication code, it is possible to confirm that the packet is transmitted from the source side gateway and that the packet content is not altered.
The second aspect of the present invention also relates to the packet authentication function. In this second aspect, different authentication keys are shared by different pairs of security gateways among the source side gateway and all the security gateways existing on the packet transfer route. The source side gateway generates a plurality of authentication codes using respective authentication keys, and the packet is transferred after all these authentication codes are attached thereto.
Each security gateway existing on the packet transfer route inspects the authentication code corresponding to that security gateway, and the packet is transferred when the inspection passes. Consequently, each security gateway can confirm that the packet is transmitted from the source side gateway and that the packet content is not altered.
The third aspect of the present invention relates to the packet encryption/decryption function. In this third aspect, the security gateway functions to encrypt/decrypt communication data packets in a case of data communication among a plurality of computer networks. Each security gateway manages address information for a group of computers which are directly connected with this security gateway, and judges whether the source of the passing data packet is one of the computers which are directly connected with this security gateway or not. Then, data are encrypted only when it is judged that the source of the passing data packet is one of the computers which are directly connected with this security gateway. Also, each security gateway judges whether the destination of the passing data packet is one of the computers which arc directly connected with this security gateway or not. Then, data are decrypted only when it is judged that the destination of the passing data packet is one of the computers which are directly connected with this security gateway.
The fourth aspect of the present invention also relates to the packet encryption/decryption function. In this fourth aspect, the security gateway functions to encrypt/decrypt communication data packets in a case of data communication among a plurality of computer networks. When data of a data packet is encrypted at each security gateway, this security gateway attaches an information indicating a completion of encryption and a signature information of this security gateway to the encrypted data.
Each security gateway inspects the information indicating a completion of encryption in the passing data packet, and if the encryption is completed and the signature information is attached, this security gateway is controlled not to encrypt data, whereas if the encryption is completed but the signature information is not attached, an error is notified. Also, if the encryption is not completed and the signature information is not attached, this security gateway is controlled to encrypt data and attach an information indicating a completion of encryption and a signature information of this security gateway to the encrypted data, whereas if the encryption is not completed but the signature information is attached, an error is notified.
Also, each security gateway manages address information for a group of computers which are directly connected with this security gateway, and judges whether the destination of the passing data packet is one of the computers which are directly connected with this security gateway or not. Then, data are decrypted only when it is judged that the destination of the passing data packet is one of the computers which are directly connected with this security gateway, similarly as in the third aspect.
Referring now to FIG. 1 to FIG. 9, the first embodiment of a packet authentication scheme for a security gateway according to the present invention will be described in detail.
FIG. 1 shows an exemplary computer network system using the security gateways according to this first embodiment. This computer network system of FIG. 1 includes: an external network 101 such as Internet which mutually connects a plurality of organization networks; a plurality of organization networks including an organization-A network 102, an organization-B network 103, an organization-C network 104, and an organization-D network 105; a section-A1 network, a section-A2 network, and a section-A3 network contained in th(e organization-A network 102; a section-A11 network contained in the section-A1 network; and a section-B1 network and a section-B2 network contained in the organization-B network 103.
In addition, a security gateway GA for the organization-A network 102, a security gateway GA1 for the section-A1 network, a security gateway GA11 for the section-A11 network, a security gateway GB for the organization-B network 103, a security gateway GB1 for the section-B1 network, a security gateway GC for the organization-C network 104, and a security gateway GD for the organization-D network 105 are provided at positions indicated in FIG. 1. as the security gateways according to this first embodiment.
Each security gateway is provided at a boundary between the network to be protected and the networks outside of that network, so that both packets to be transmitted from the network to be protected and packets to be received at the network to be protected must pass through this security gateway. Each security gateway provides functions similar to those of the firewall. Here, the firewall is a system which limits both the service requests from the internal hosts to the external and the service requests from the external to the internal hosts to only permitted ones.
Note that, in this first embodiment, the section network used in FIG. 1 is set to be a unit of network to be protected by the security gateway.
Now, the authentication function of the security gateway in this first embodiment will be described.
A management target network which is to be a target of management by the security gateway is a network to be protected by that security gateway. For instance, in the computer network system of FIG. 1, a management target network of a security gateway GA1 is a section-A1 network, and a management target network of a security gateway GA11 is a section-A11 network.
Here, a computer which is directly accommodated in the management target network implies the following. Namely, from a viewpoint of one computer, there is a security gateway which must be passed first at a time of transmitting packets to the external network and which must be passed last at a time of receiving packets from the external network, and this one computer is said to be directly accommodated in the management target network of such a security gateway. For instance, in the computer network system of FIG. 1, a computer H3 is directly accommodated in the management target network A1 (section-A1 network), and a computer H4 is directly accommodated in the management target network A (organization-A network).
Note that a host H5 is connected to a network for which no security gateway exists in FIG. 1. In order to carry out communications with such a host H5 safely, there is a need for this host H5 itself to have a function of the security gateway.
FIG. 2 shows an exemplary packet flow in the computer network system of FIG. 1. A packet transmitted from a host H1 within the section-A11 network to a host H2 within the section-B1 network will pass through a route of: source host H1.fwdarw.security gateway GA11.fwdarw.security gateway GA1.fwdarw.security gateway GA.fwdarw.security gateway GB.fwdarw.security gateway GB1.fwdarw.destination host H2.
In this first embodiment, a packet from the host H2 to the host H1 will flow through the above route in an opposite order. However, it is also possible to provide a plurality of security gateways for one network to be protected in some cases, and in such cases, the security gateways to be passed may be different depending on a packet transmission direction and a communication target.
When a plurality of security gateways exists on a packet transfer route rather than just a pair of security gateways at the source side and the destination side, the problem arises conventionally as to how individual security gateways should cooperate in order to authenticate the packet. In this first embodiment, this problem is resolved as each security gateway is made to be capable of protecting its own management target network while confirming a properness of a packet.
FIG. 3 shows an exemplary configuration of the security gateway in this first embodiment. This security gateway 310 of FIG. 3 comprises a packet receiving unit 301, an authentication code inspection unit 302, an authentication key management unit 303, a packet filtering unit 304, an authentication code generation unit 305, a packet formatting unit 306, and a packet transfer unit 307.
The packet receiving unit 301 receives a packet passing the network to be protected by the security gateway 310.
The authentication key management unit 303 manages an authentication table to store authentication keys for proof which are to be used in generating authentication codes and authentication keys for inspection which are to be used in inspecting authentication codes.
The authentication code inspection unit 302 inspects a properness of the authentication code of a received packet by using the authentication key for inspection obtained from the authentication key management unit 303.
The packet filtering unit 304 judges whether or not to allow a transfer of a packet according to a source host address, a destination host address, and a connection ID which are contained in a received packet.
The authentication code generation unit 305 generates the authentication code to be used in the inspection at a next transfer destination side, by using the authentication key for proof obtained from the authentication key management unit 303.
The packet formatting unit 306 removes the already inspected authentication code from a packet and attaches a newly generated authentication code to a packet.
The packet transfer unit 307 transfers a packet according to a routing information.
Note that, among the above described elements of the security gateway 310 of FIG. 3, the packet filtering unit 304 may be provided in a form of a packet filtering device separated from the security gateway itself, which cooperates with the security gateway without the packet filtering unit 304. In such a case, the security gateway without the packet filtering unit 304 has a configuration in which an output of the authentication code inspection unit 302 is connected with an input of the authentication code generation unit 305.
For the calculation of the authentication code (called MAC: Message Authentication Code), either one of the following two methods can be used.
The first method is a method in which a packet data is encrypted by the CBC (Cipher-Block-Chaining) mode of the DES (Data Encryption Standard) which is the secret key cryptosystem, and a 64 bit data at the last block of the obtained ciphertext is used as the MAC (see ISO/IEC JTC1/IS 9797 for detail).
The second method is a method in which data formed by concatenating authentication key in front and back of a packet data is compressed by using the MD5 (Message Digest algorithm 5) which is the hash function, and a resulting 128 bit data is used as the MAC (see IETF RFC1828 for detail).
The authentication code used in this first embodiment reflects all data of fields within a pack(et except for those which are changed in a course of transfer (such as a TTL (Time-To-Live) field which is decremented every time a packet arrive to a router, for example).
As for a unit to set up an authentication key to be used for the generation and the inspection of the authentication code, either one of the following two methods can be used.
The first method is to set up one authentication key for a set of source host address and destination host address. In this case, the authentication code will De generated by using the same authentication key for all packets between the same hosts regardless of utilized services.
The second method is to set up one authentication key for a set of source host address, destination host address, source port number, and destination port number. In this case, a set of port numbers corresponds to a connection, so that the authentication key is defined for each communication session in effect.
In the following, it is assumed that a set of source port number and destination port number defines a connection ID, and the authentication key is set up for each connection. Note however that the present invention is equally applicable to the other units for setting up the authentication key.
FIG. 4 shows one exemplary format for a content of a packet to be transferred in this first embodiment. This format of FIG. 4 includes a source host address field 1501. a destination host address field 1502, a connection ID field 1503, an authentication code field 1504, and a data field 1505. It is possible to attach a plurality of authentication codes in the authentication code field 1504. and in such a case serial numbers or authentication code IDs may be additionally attached in order to distinguish individual authentication codes.
FIG. 5 shows another exemplary format for a packet to be transferred in this first embodiment. In this packet of FIG. 5, a data portion (Data) and an IP header-1 (IP1) constitutes an IP packet transmitted from the source host. The source host address and the destination host address are contained in this IP header-1 (IP1). The authentication code is contained in an authentication header (AH), and a plurality of authentication headers are used in a case of attaching a plurality of authentication codes to a packet (see IETF RFC1826 for detail of the authentication header). In FIG. 5, an IP header-2 (IP2) is inserted at an outer side of an authentication header-1 (AH1), and an IP header-3 (IP3) is inserted at an outer side of an authentication header-2 (AH2). This configuration implies that the authentication code in the authentication header-2 (AH2) is inspected at a destination node specified by the IP header-3 3(IP3), and the authentication code in the authentication header-1 (AH1) is inspected at a destination node specified by the IP header-2 (IP2).
For example, in a case where the source host H1 transmits a packet to the destination host H2 through intermediate nodes as indicated in FIG. 2, the host H1 sends an IP packet (IP1 and Data) with a setting of source
address=host H1 and destination address=host H2. At the security gateway GA11, when this IP packet is received, the authentication header-1 (AH1) and the IP header-2 (IP2) are added. Here, the IP header-2 (IP2) has a seating of source address=gateway GA11 and destination address=gateway GB1. In addition, the authentication header-2 (AH2) and the IP header-3 (IP3) are added to this packet. Here, the IP header-3 (IP3) has a setting of source address=gateway GA11 and destination address=gateway GA1. Subsequently, each security gateway for relaying a packet transfers this packet while changing a content of the IP header-3 (IP3). Also, each relaying security gateway carries out the inspection and removing of the authentication header-2 (AH2) and the generation and attaching of a new authentication header-2 (AH2).
FIG. 6 shows an exemplary authentication key table stored in the authentication key management unit 303. The authentication key table registers the authentication key for inspection and the authentication key for proof in correspondence to each set of source host address, destination host address, and connection ID. Either one of the authentication key for inspection and the authentication key for proof may be empty in some cases. Namely, when the source host is within the management target network, the authentication key for inspection will be empty, and in such a case at most two authentication keys for proof can be registered. On the other hand, when the destination host is within the management target network, the authentication key for proof will be empty, and in such a case at most two authentication keys for inspection can be registered. Note that both of the authentication key for inspection and the authentication key for proof cannot be empty at the same time. A method for delivering and sharing the authentication keys among a plurality of security gateways will be described in detail below.
Now, the packet transfer processing carried out in this first embodiment by a cooperation of the security gateways as described above will be described for an exemplary case shown in FIG. 7. Here, it is assumed that the security gateways GA11. GA1, GA, GB and GB1 on the packet transfer route are sharing the authentication keys as follows. Namely, the security gateways GA11 and GA1 share the authentication key K1, the security gateways GA1 and GA share the authentication key K2, the security gateways GA and GB share the authentication key K3, the security gateways GB and GB1 share the authentication key K4, and the security gateways GA11 and GB1 share the authentication key K0.
At the security gateway GA11, the source host address. the destination host address, and the connection ID specified in a packet received from the host H1 are checked, and the authentication code MAC0 for data corresponding to a content of the packet is calculated by using the corresponding authentication key K0. Also, the authentication code MAC1 is calculated similarly by using the authentication key K1. Then, the packet is transferred after attaching these two authentication codes. This packet then reaches to the next security gateway GA1 according to the routing processing.
At the security gateway GA1, the source host address. the destination host address, and the connection ID attached to the received packet are checked, and the authentication code MAC1 is inspected by using the corresponding authentication key K1. When the properness of MAC1 is confirmed, the authentication code MAC2 for the packet data is calculated by using the authentication key K2. Then, the packet is transferred after removing the inspected authentication code MAC1 attached thereto and attaching the newly generated authentication code MAC2 instead.
Thereafter, at the security gateways GA and GB, the packet is transferred while carrying cut the inspection of the authentication code, the generation of the authentication code, and the replacement of the authentication codes similarly as in the security gateway GA1. If no abnormality occurs, the packet then reaches to the security gateway GB1.
At the security gateway GB1, the authentication code MAC4 is inspected by using the authentication key K4 first, and when no abnormality is detected by this inspection, the authentication code MAC0 is inspected by using the authentication key K0. When no abnormality is detected by this inspection either, it is confirmed that the received packet is transmitted from the network which accommodates the host H1 and received via the upper level security gateway GB without being altered in its course. Finally. the packet transfer is completed by transferring the packet to the host H2 after removing the inspected authentication codes MAC4 and MAC0.
It is also possible to modify this first embodiment in such a manner that the authentication key K4 is not shared between the security gateways GB and GB1, and the security gateway GB inspects the authentication code MAC3 of the packet transferred from the security gateway GA and transfers the packet (with only the authentication code MAC0 attached thereto) to the security gateway GB1 after removing the inspected authentication code MAC3 when no abnormality is detected by this inspection.
In such a case, it suffices for the security gateway GB1 to just inspect the authentication code MAC3 by using the authentication key K0. The above described scheme in which the security gateway GB attaches the authentication code MAC4 is a scheme for first confirming that the received packet is received via the security gateway GB, and then confirming that the received packet is transmitted from the security gateway GA11 of the network which accommodates the host H1, but it is more important for the security gateway GB1 to confirm that the received packet is transmitted from the security gateway GA11, so that the extra inspection of the authentication code MAC4 may be omitted.
Moreover, in a case where the prevention of the improper intrusion from the external to the management target network is the only concern, the generation and the inspection of the authentication code MAC1 between the security gateways GA11 and GA1 as well as the generation and the inspection of the authentication code MAC2 between the security gateways GA1 and GA at the packet source side network will be unnecessary.
In a concrete example of such a case, the security gateway GA11 attaches the authentication code MAC0 to the packet by using the authentication key K0, and the security gateway GA1 only inspects whether the packet is outgoing (that is, from the internal network to the external network) or incoming (that is, from the external network to the internal network) and transfers the packet as received when the packet is outgoing. The security gateway GA inspects whether the packet is outgoing or incoming, generates the authentication code MAC3 by using the authentication key K3 when the packet is outgoing, and transfers the packer after attaching this authentication code MAC3. In this case, the authentication keys K1 and K2 will be unnecessary.
FIG. 8 shows the processing procedure of the security gateway in this first embodiment as described above.
In the security gateway of this first embodiment, when a packet is received (step S801), the source host address of the packet is checked first, and whether the packet is sent from the host within the directly accommodated management target network or not is judged (step S802). This judgement can be realized in principle by holding a list of addresses of all hosts which are directly accommodated in the management target network and comparing the source host address of the packet with this list. When the host addresses are given systematically, it suffices to check only a part of the addresses in the list. For example, when the addresses of the directly accommodated hosts are set to be in a certain range, it suffices to check whether the source host address of the packet is within that range or not.
When the packet is sent from the host outside the directly accommodated management target network as a result of the judgement at the step S802, the received packet should have the authentication code attached thereto, so that the authentication code inspection processing of the steps S803 to S806 is carried out. Otherwise, the received packet has no authentication code attached thereto, so that the processing proceeds to the step S807 next.
In the authentication code inspection processing, whether the authentication code is attached to the packet or not is checked first (step S803).
In a case where no authentication is attached to the packet, the packet is judged as an improper communication packet and the error processing is carried out (step S812). An exemplary error processing to be carried out here is to make a record in a log without carrying out the transfer of the received packet.
When the authentication code is attached to the packet, the inspection of the authentication code is carried out (step S804). At this point, the authentication key for inspection is obtained by referring to an entry for the corresponding source host, destination host, and connection ID in the authentication key table of FIG. 6. When an abnormality is detected as a result of this inspection of the authentication code, the error processing is carried out (step S812), ashen no abnormality is detected by this inspection, the received packet is regarded as normal. Note that the inspection of the authentication code from the step S803 to the step S805 is to be carried out for as many times as a number of authentication keys for inspection that are registered in the corresponding table of the authentication table.
Then, only when all the authentication codes are proper, the processing proceeds to the step S806 at which all the inspected authentication codes are removed.
The integrity of the packet (that, it has the host addresses and port numbers which are not altered and that it is from a proper source host) is confirmed by this point, so that the packet filtering processing is carried out at the step S807
next.
In the packet filtering processing of the step S807, whether this packet should be allowed to pass or not is judged according to the host addresses and port numbers of both source and destination sides. This judgement can be realized by providing a table describing the filtering rules in advance, and sequentially matching the packet with each filtering rule in the table. The transfer is not carried out for the packet which is not allowed to pass by the filtering processing, and an appropriate processing such as a processing to make a record in a log is carried out. Note that, as already described above, the packet filtering unit 304 to carry out this packet filtering processing may be provided by a separate device, and in such a case this packet filtering processing will be omitted from the processing procedure of the security gateway.
Next, whether the packet is sent to the host inside the directly accommodated management target network or not is judged, according to the destination host address (step S808). If so, the packet transfer processing is carried out directly (step S811).
On the other hand, when the packet is sent to the host outside the directly accommodated management target network, the processing proceeds to the following authentication code generation processing.
In the authentication code generation processing, the authentication key for proof is obtained from the authentication key table. Then, the authentication codes are generated by using all the authentication keys registered in the corresponding entry of the authentication key table (step S809), and the generated authentication codes are attached to the packet (step S810). Then, the packet transfer processing is carried out (step S811).
In the above description, it is assumed that, in the authentication code generation and inspection processing, the authentication code is calculated according to all bits except for those in particular areas which change in a course of transfer, but this is not absolutely necessary. In this first embodiment, the end-to-end authentication code and the link-by-link authentication code are used together. For end-to-end, there is a need to guarantee that the transmitted packet is received without alternation on any bit at all, but for link-by-link, it is not absolutely necessary to guarantee that all bits are received without alteration, and it may be considered sufficient to guarantee that the neighboring security gateway is involved in the transfer of that packet.
In terms of the format shown in FIG. 4, it suffices for the link-by-link authentication code to be generated from only the source host address 1501, the destination host address 1502, the connection ID 1503, and the end-to-end authentication code
1504.
In terms of the configuration of FIG. 5, the end-to-end authentication code is to be contained in the authentication header-1 (AH1), so that the authentication code in the authentication header-1 (AH1) should be generated from the IP header-2
(IP2), the authentication header-1 (AH1) (with "0" inserted into the authentication code area), the IP header-1 (IP1), and the data portion (Data). On the other hand, the link-by-link authentication code is to be contained in the authentication header-2
(AH2), and it suffices for this link-by-link authentication code to be generated from only the IP header-3 (IP3), the authentication header-2 (AH2), and the authentication header-1 (AH1).
FIG. 9 shows respective parts of the packet which are to be protected by the authentication codes in the authentication headers AH1 and AH2.
Note that it is not absolutely necessary for a part to be protected by the link-by-link authentication code to include all the shaded regions shown in FIG. 9. In fact, what must be protected by the link-by-link authentication code are the IP header-3 (IP3) and the authentication header-2 (AH2) which are not protected by the end-to-end authentication code. In addition, a part to be protected by the link-by-link authentication code should also include data which changes every time among data to be protected by the end-to-end authentication code. For example, a sequence number which is incremented every time or a random data with a sufficient length should be included. Here, the sufficient length can be 128 bits, for example. The end-to-end authentication code can be regarded as a 128 bit random data for practical purpose, so that the end-to-end authentication code is included in the authentication header-1 (AH1) in the above description.
With this provision, in the exemplary packet transfer processing of FIG. 7, the generation and the inspection of the authentication codes MAC1, MAC2, MAC3 and MAC4 can be made more efficient, and this in turn can lead to the improved efficiency of the packet transfer.
The combined use of multiple message authentication codes as described above is not only applicable to this first embodiment but also to the second embodiment described below.
Referring now to FIG. 10 to FIG. 14, the second embodiment of a packet authentication scheme for a security gateway according to the present invention will be described in detail.
In this second embodiment, the computer network system has an overall configuration similar to that of FIG. 1, but the security gateways used in the computer network are largely classified into a security gateway connected with the packet source network which has a configuration as shown in FIG, 10 and a security gateway on the packet transfer route which has a configuration as shown in FIG. 11. Note however that it is also possible to use a security gateway with a configuration similar to that of FIG. 3 in which the configurations of FIG. 10 and FIG. 11 are effectively merged.
As shown in FIG. 10, the security gateway 510 of the packet source network comprises a packet receiving unit 501, a packet transfer unit 502, an authentication key management unit 503, an authentication code generation unit 504, a packet formatting unit 505, and a packet filtering unit 506.
The packet receiving unit 501 receives a packet transmitted from the network to be protected by the security gateway 510.
The packet filtering unit 506 judges whether or not to allow a transfer of a packet according to a source host address, a destination host address, a connection ID, and an authentication code.
The authentication key management unit 503 manages an authentication table to store authentication keys for proof in correspondence to each set of a source host address, a destination host address, and a connection ID. This authentication table is characterized in that a plurality of authentication keys for proof are registered for each set of a source host
address, a destination host address, and a connection ID. Each of these authentication keys for proof is shared with a respective security gateway through which the packet passes.
The authentication code generation unit 504 generates a plurality of authentication codes to be used in the inspections at the other security gateways on the packet transfer route, by using a plurality of authentication keys for proof obtained from the authentication key management unit 303.
The packet formatting unit 505 attaches a plurality of authentication codes generated by the authentication code generation unit 504 to a packet in an order by which the inspections are to be carried out along the packet transfer route.
The packet transfer unit 502 transfers a packet according to a routing information.
As shown in FIG. 11, the security gateway 610 of the packet transfer route (that is, the security gateway other than the security gateway of the packet source network) comprises a packet receiving unit 601, a packet transfer unit 602, an authentication key management unit 603, an authentication code inspection unit 604, a packet formatting unit 605, and a packet filtering unit 606.
Here, the packet receiving unit 601, the packet transfer unit 602, and the packet filtering unit 606 are substantially similar to the corresponding elements in the configuration of FIG. 10.
The authentication key management, unit 603 manages an authentication table to store one authentication key for inspection in correspondence to each set of a source host address, a destination host address, and a connection ID.
The authentication code inspection unit 604 inspects a properness of the authentication code attached to a received packet by using the authentication key for inspection obtained from the authentication key management unit 603.
The packet formatting unit 605 removes one authentication code which is inspected at this security gateway 610 from a packet.
Note that, among the above described elements of the security gateways 510 and 610 of FIG. 10 and FIG. 11. the packet filtering unit 506 or 606 may be provided in a form of a packet filtering device separated from the security gateway itself, which cooperates with the security gateway without the packet filtering unit 506 or 606. In such a case, the security gateway without the packet filtering unit 506 has a configuration in which an output of the packet receiving unit 501 is connected with an input of the authentication code generation unit 504, and the security gateway without the packet filtering unit 606 has a configuration in which an output of the authentication code inspection unit 604 is connected with an input of the packet formatting unit 605.
Now, the packet transfer processing carried out in this second embodiment by a cooperation of the security gateways as described above will be described for an exemplary case shown in FIG. 12. Here, It is assumed that the security gateways GA11, GA1, GA, GB and GB1 on the packet transfer route are sharing the authentication keys as follows. Namely, the security gateways GA11 and GA1 share the authentication key K1, the security gateways GA11 and GA share the authentication key K2, the security gateways GA11 and GB share the authentication key K3, the security gateways GA11 and GB1 share the authentication key K4.
At the security gateway GA11, the source host address, the destination host address, and the connection ID specified in a packet received from the host H1 are checked, and the authentication code MAC1 for data corresponding to a content of the packet is calculated by using the corresponding authentication key K1. Also, the authentication codes MAC2, MAC3, and MAC4 are calculated similarly by using the authentication keys K2, K3, and K4, respectively. Then, the packet is transferred after attaching all these four authentication codes. This packet then reaches to the next security gateway GA1 according to the routing processing.
At the security gateway GA1, the source host address, the destination host address, and the connection ID attached to the received packet are checked, and the authentication code MAC1 is inspected by using the corresponding authentication key K1. At this point, when the authentication code MAC1 is not attached or when the properness of the authentication code MAC1 is not confirmed, the error processing is carried out. When the properness of MAC1 is confirmed, the packet is transferred after removing the inspected authentication code MAC1 attached thereto.
Thereafter, at the security gateways GA and GB, the packet is transferred while carrying out the inspection Or the authentication code and the removal of the authentication code similarly as in tile security gateway GA1. If no abnormality occurs, the packet then reaches to the security gateway GB1.
At the security gateway GB1, the authentication code MAC4 is inspected by using the authentication key K4, and when no abnormality is detected by this inspection, it is confirmed that the received packet is transmitted from the network which accommodates the host H1 and received without being altered in its course. Finally, the packet transfer is completed by transferring the packet to the host H2 after removing the inspected authentication code MAC4.
As a modification to this second embodiment, in a case where the prevention of the improper intrusion from the external to the management target network is the only concern, the generation and the inspection of the authentication code MAC1
between the security gateways GA11 and GA1 as well as the generation and the inspection of the authentication code MAC2 between the security gateways GA1 and GA at the packet source side network will be unnecessary.
In a concrete example of such a close, the security gateways GA11 and GB share the authentication key K3 while the security gateway GA11 and GB1 share the authentication key K4. The security gateway GA11 generates the authentication codes MAC3
and MAC4 by using the authentication keys K3 and K4, respectively, and transfers the packet after attaching these authentication codes. Each of the security gateways GA1 and GA only inspects whether the packet is outgoing or incoming, and transfers the packet as received when the packet is outgoing. Hereafter, the processing at the security gateways GB and GB1 is the same as described above. In this case, the authentication keys K1 and K2 will be unnecessary.
In addition, in the processing of this second embodiment or its modification as described above, it is also possible to use the security gateways on the packet transfer route which do not carry out the removal of the inspected authentication codes. In such a case, the packet length will be unchanged from the security gateway GA11 of the source side to the security gateway GB1 of the destination side because no authentication code will be removed by the intermediate security gateways.
FIG. 13 shows an exemplary authentication key table stored in the authentication key management unit 503 or 606 of the security gateway in this second embodiment. The authentication key table registers the authentication key for inspection and the authentication key for proof in correspondence to each set of source host address, destination host address, and connection ID. Either one of the authentication key for inspection and the authentication key for proof is always empty, but both of the authentication key for inspection and the authentication key for proof cannot be empty at the same time. Namely, when the source host is within the management target network, the authentication key for inspection will be empty, and a plurality of authentication keys for proof are registered in general, but a number of authentication keys for proof is at most a number of the other security gateways existing on the packet transfer route. For eases other than that, when this security gateway is on the packet transfer route, one authentication key for inspection is registered.
FIG. 14 shows the processing procedure of the security gateway in this second embodiment as described above.
In the security gateway of this second embodiment, when a packet is received (step S901), the source host address of the packet is checked first, and whether the packet is sent from the host within the directly accommodated management target network or not is judged (step S902).
When the packet is sent from the host outside the directly accommodated management target network, the authentication code inspection processing of the steps S903 to S906 is carried out.
In the authentication code inspection processing, whether the authentication code is attached to the packet or not is checked first (step S903).
In a case where no authentication is attached to the packet, the packet is judged as an improper communication packet and the error processing is carried out (step S909).
When the authentication code is attached to the packet, the inspection of the authentication code is carried out (step S904). At this point, the authentication key for inspection is obtained by referring to an entry for the corresponding source host, destination host, and connection ID in the authentication key table of FIG. 13. When an abnormality is detected as a result of this inspection of the authentication code, the error processing is carried out (step S909). When no abnormality is detected by this inspection, the received packet is regarded as normal, and the inspected authentication code is removed (step S906). Then, the packet filtering processing is carried out (step S907), and only the packet which passed the packet filtering processing is transferred (step S908).
On the other hand, when the packet is sent from the host inside the directly accommodated management target network at the step S902, whether the packet is sent to the host inside the directly accommodated management target network or not is judged (step S910). If so, this is a communication packet within the management target network, so that the processing of the security gateway is terminated without any further processing.
On the other hand, when the packet is sent to the host outside the directly accommodated management target network, the packet filtering processing is carried out next (step S911). Then, for the packet which passed the packet filtering processing, the authentication code generation processing of the steps S912 and S913 is carried out. Here, a plurality of authentication codes are generated by using all the authentication keys for proof registered in the corresponding entry of the authentication key table of FIG. 13 (step S912), and all the generated authentication codes are attached to the packet (step S913). Then, the packet transfer processing is carried out (step S914).
Note that, as already described above, the packet filtering unit 506 and/or 606 may be provided by a separate device, and in such a case the packet filtering processing at the steps S907 and/or S911 will be omitted from the processing procedure of the security gateway.
Referring now to FIG. 15 to FIG. 17, the third embodiment of a packet authentication scheme for a security gateway according to the present invention will be described in detail. This third embodiment is directed to a provision for reducing an amount of processing at the security gateway on the packet transfer route.
FIG. 15 shows an exemplary case of the packet transfer processing carried out in this third embodiment. In this case, a case shown in FIG. 7 for the first embodiment is modified in that the authentication codes to be inspected at the security gateways (GA1, GA, GB) on the packet transfer route (referred hereafter as authentication codes for passing) are all set identical to each other, while the security gateway (GB1) at the end inspects another end-to-end authentication code (referred hereafter as an authentication for receiving). Consequently, as shown in FIG. 15, the source side security gateway GA11 possesses the authentication keys for proof K0 and K1 while the destination side security gateway GB1 possesses the authentication key for inspection K0 (and possibly the authentication key for inspection K1 as well), and the security gateways GA1, GA, GB on the packet transfer route share the authentication key for inspection K1.
The source side security gateway generates the authentication code for receiving MAC0 and the authentication code for passing MAC1 for the packet, and transmits the packet after attaching these authentication codes MAC0 and MAC1. Each security gateway on the packet transfer route inspects only the authentication code for passing MAC1, and when the inspection passes, the packet is transferred as received. Finally, the destination side security gateway inspects the authentication code for receiving MAC0 (and possibly the authentication code for passing MAC1 as well), and when the inspection passes, the packet is transferred to the destination host after removing the authentication codes.
In this third embodiment, the source side security gateway has a configuration identical to that of FIG. 10. and the destination side security gateway has a configuration identical to that shown in FIG. 11. Each security gateway on the packet transfer route has a configuration similar to that of FIG. 11 except that the packet formatting unit 605 is omitted.
FIG. 16 and FIG. 17 show the processing procedure of the security gateway in this third embodiment as described above.
In the security gateway of this third embodiment, when a packet is received (step S1301), the source host address of the packet is checked first, and whether the packet is sent from the host within the directly accommodated management target network or not is judged (step S1302).
When the packet is sent from the host outside the directly accommodated management target network (step S1302 NO), the following authentication code inspection processing is carried out.
In the authentication code inspection processing, the destination host address of the packet is checked first, and whether the packet is sent to the host inside the directly accommodated management target network or not is judged (step S1303). If so, this security gateway is a destination side security gateway, so that the authentication code for receiving inspection processing from the step S1309 to the step S1314 is carried out.
In the authentication code for receiving inspection processing, whether the authentication code for receiving is attached to the packet or not is checked first (step S1309). When the authentication code for receiving is attached to the packet, the inspection of the authentication code for receiving is carried out (step S1310). When no abnormality is detected by this inspection (S1311 NO), all the attached authentication codes (both one for passing and one for receiving) are removed (step S1312), the packet filtering processing is carried out (step S1313), and only the packet which passed the packet filtering processing is transferred (step S1314).
On the other hand, when the packet is sent to the host outside the directly accommodated management target network (step S1303 NO), this security gateway is a security gateway on the packet transfer route, so that the authentication code for passing inspection processing from the step S1304 to the step S1308 is carried out.
In the authentication code for passing inspection processing, whether the authentication code for passing is attached to the packet of nor is checked first (step S1304). When the authentication code for passing is attached to the packet, the inspection )f the authentication code for passing is carried out (step S1305). When no abnormality is detected by this inspection (step S1306 NO), the packet filtering processing is carried out (step S1307), and only the packet which passed the packet filtering processing is transferred (step S1308).
In either of the above described authentication code inspection processes, when an abnormality is detected as a result of the inspection of the authentication code (step S1304 NO, step S1306 YES, step S1303 NO, or step S1311 YES), the error processing is carried out (step S1320).
On the other hand, when the packet is sent from the host inside the directly accommodated management target network (step S1302 YES), the destination host address of the packet is checked first, and whether the packet is sent to the host inside the directly accommodated management target network or not is judged (step S1315). If so, this is a communication packet within the management target network, so that the
processing of the security gateway is terminated without any further processing (step S1321).
On the other hand, when the packet is sent to the host outside the directly accommodated management target network (step S1315 NO), this security gateway, is a source side security gateway so that the processing from the step S1318 to the step S1319 is carried out. Namely, the packet filtering processing is carried out first (step S1316). Then, for the packet which passed the packet filtering processing, the authentication code generation processing is carried out (step S1317), and all the generated authentication codes are attached to the packet (step S1318). Then, the packet transfer processing is carried out (step S1319). At this point, except for a case where the destination side security gateway does not exist on the packet transfer route, two types of authentication codes (authentication code for receiving and authentication code for passing) are generated.
Note that, as already described above, the packet filtering unit may be provided by a separate device, and in such a case the packet filtering processing at the steps S1307, S1313, and/or S1316 will be omitted from the processing procedure of the security gateway.
Referring now to FIG. 18, the fourth embodiment of a packet authentication scheme for a security gateway according to the present invention will be described in detail. This fourth embodiment is directed to a provision for further reducing an amount of processing at the security gateway on the packet transfer route.
FIG. 18 shows an exemplary case of the packet transfer processing carried out in this fourth embodiment in transferring a packet from the host H1 to the host H2. Here, it is assumed that the authentication key K is shared by the security gateways GA11 and GB1 for the management target networks which accommodate the hosts H1 and H2. Also, it is assumed that each security gateway comprehends a position of the other security gateway on the network, and a corresponding address of the security gateway for the management target network which accommodate the destination host can be determined from the destination host address. For example, each security gateway manages a table of all host addresses with respect to which the communication is possible from this security gateway and their corresponding security gateways.
In this case, when the packet from the host H1 is received, the security gateway GA11 first obtains an address of the security gateway GB1 corresponding to the destination host address H2 of the received packet. Then, the security gateway GA11
carries out a processing called capsulization in which a new packet is generated by regarding the entire received packet as data and attaching the address of the security gateway GA11 as a source address and the address of the security gateway GB1 as a destination address. In addition, the security gateway GA11 calculates the authentication code for the received packet by using the authentication key K, and the capsulized packet is transferred after attaching the authentication code.
When this capsulized packet reaches to the security gateway GA1 by the routing processing, the security gateway GA1 recognize that its destination address is another security gateway, so that this capsulized packet is transferred as received. This capsulized packet similarly reaches to the security gateways GA and GB, and transferred as received by these security gateways GA and GB when it is recognized that the destination address is another security.
Finally, at the security gateway GB1 which is the destination of the capsulized packet, the de-capsulization processing is carried out by removing headers containing the source address, the destination address, the authentication code, etc. Then, the inspection of the authentication code for the de-capsulized packet is carried out by using the authentication key K, When the authentication is successful, the packet is transferred to the host H2.
In this fourth embodiment, as long as the destination is another security gateway, it can be expected that the properness of the packet will be eventually inspected at the destination side security gateway, so that the inspection of the properness of the packet at an intermediate security gateway is omitted so as to simplify the processing at the security gateway on the packet transfer route.
Now, an exemplary method for sharing the authentication keys among a plurality of security gateways in any of the first to fourth embodiments described above will be described.
The exemplary method described in the following is based on the public key cryptosystem. It is assumed that each security gateway is assigned with unique secret key and public key. Also, it is assumed that each security gateway comprehends a position of the other security gateway on the network, and knows which security gateways are to be passed in transferring a packet to its destination. In addition, it is assumed that each security gateway possesses a table registering the public keys of all the security gateways.
Under these assumptions, the source side security gateway randomly determines the authentication key, generates an encrypted data which is encrypted by the public key of the destination side security gateway, and t