JP2007173959A - Encryption communication apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To obtain an encryption communication apparatus transferring an ICMP message to a communication terminal on the outside of a tunnel communication path by utilizing the band efficiently. <P>SOLUTION: The encryption communication apparatus 10A for transferring each user message to a counter apparatus on an encryption communication path while encrypting and encapsulating upon receiving a user message from a communication terminal, and transferring an ICMP message received from a relay on the encryption communication path to a predetermined destination on the outside of the encryption communication path while decrypting and encapsulating comprises an ICMP reproduction data management section 60 for storing address information concerning association of information about the encryption communication path for transferring the user message and the address of the communication terminal, and a section 53 for determining the address of the transfer destination communication terminal of ICMP message based on the encryption communication path information extracted from the ICMP message received from the relay and the stored address information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an encrypted communication apparatus for transferring a communication control message on a tunnel communication path to a communication terminal outside the tunnel communication path.

  Encapsulated tunnel communication is a technique for transferring data by connecting a plurality of communication networks. In encapsulated tunnel communication, an IP (Internet Protocol) message transmitted / received by a user terminal that is a data transmission source or a user terminal that is a data reception destination is included (encapsulated) in another protocol message using IP by a communication device on a communication path. ) To transfer the communication network like a tunnel. In this encapsulated tunnel communication, the communication device that terminates the encapsulation process needs to perform a special relay operation in order to notify the user terminal of an ICMP (Internet Control Message Protocol) error notification message that has occurred on the tunnel communication path. It was.

  For example, in an IPSEC (IP Security) environment that performs ESP (Encapsulating Security Payload) encryption in tunnel mode, an encryption communication device that terminates IPSEC performs an encapsulation process on an IPSEC message, and a tunnel communication path (IPSEC_SA (hereinafter referred to as SA) (Sometimes referred to as “Security Association”).

  In such a tunnel communication path, a router on the tunnel communication path may send a response notification of an ICMP_MTU (Maximum Transmission Unit) excess message including the original IPSEC message in response to the IPSEC message transmitted by the encrypted communication apparatus. is there.

  The conventional encrypted communication apparatus extracts a part of the original IPSEC message included in the ICMP error notification message in order to transmit the ICMP error notification message to the user terminal (originating terminal) on the transmission side. The encrypted communication apparatus holds the destination address (address of the opposite encrypted communication apparatus) of this original IPSEC message, the IPSEC protocol type, and the SPI (Security Parameters Index) value for identifying the SA as keys. A DB related to SA (SADB (SA DataBase)) is searched to narrow down the address range of the calling terminal.

  When the address of the originating terminal is narrowed down to a predetermined range by this operation, the encrypted communication device calculates the path MTU value in consideration of the IPSEC header length added by IPSEC, and sends it to the predetermined originating terminal. I was sending. Further, when a plurality of calling side terminals can be considered, an ICMP error notification message is transmitted to all the calling side terminals (predetermined address ranges) that have the possibility.

  On the other hand, if the address range of the calling terminal cannot be specified, the information (for example, the route MTU value) of the encrypted communication device and ICMP error notification message is stored in the SADB held by itself. Thereafter, when an IP message from the subsequent calling terminal arrives at the encrypted communication apparatus and the IP message length is larger than the route MTU value of the corresponding SA, an ICMP error notification message is transmitted to the calling terminal. A method of returning an ICMP response by doing so is also proposed (Non-Patent Document 1).

  In an IPSEC environment where tunnel mode ESP encryption is performed, in order to confirm the validity of the ICMP error notification message, the encrypted communication device transmits an MTU confirmation request message to the opposite encrypted communication device, and the opposite encrypted communication. In the apparatus, there is a method of responding with an MTU confirmation response message for confirming that the confirmation request message is actually fragmented on the route. In this method, after confirming that a fragment is actually generated on the SA being used, the encrypted communication device transmits an ICMP error notification message to the originating terminal, and performs security protection regarding the ICMP error notification message. (Patent Document 1).

  Further, even in an IP-in-IP environment in which an IP message is encapsulated with another IP message, a problem similar to the IPSEC environment in which tunnel mode ESP encryption is performed occurs. When the IP-in-IP encapsulating apparatus in the IP-in-IP environment receives an ICMP error (MTU exceeded, etc.) notification message from a router on the IP-in-IP tunnel path, it is included in the ICMP error notification message. The original IP-in-IP message is extracted, and the flow ID (communication channel number: SPI value in the IPSEC environment) and the MTU value of this IP-in-IP message are stored in association with each other, and an ICMP error occurs. The notification message itself is discarded.

  After that, when the IP-in-IP encapsulation device receives a subsequent IP message using the IP-in-IP communication path of the corresponding flow ID from the calling side device, the IP message cannot be transmitted due to an MTU excess or the like. An ICMP error (MTU excess) message is transmitted to the IP message transmission terminal (Non-patent Documents 2 and 3).

Tatsuya Baba "Mastering IPSEC" O'Reilly Japan Publishing, February 13, 2004, P105-P106 Multimedia Communication Study Group “Internet RFC Dictionary”, ASCII Publishing, November 1, 1998 R. Woodburn, D. Mills, RFC1241, `` A Scheme for an Internet Encapsulation Protocol: Version 1 '', IETF, July 1991, Appendix B.2. Japanese Patent Laid-Open No. 2005-159688 FIG.

  As described above, for example, IP-in-IP encapsulation, tunnel mode IPSEC_ESP encapsulation, or the like as a tunneling communication method for encapsulating and transferring an IP message transmitted and received by an incoming and outgoing user terminal with another protocol using the same IP on a relay path, Examples include GRE encapsulation and mobile IP encapsulation.

  However, the first to fourth prior art tunneling communication systems have a problem that it is difficult to notify the originating terminal of the ICMP error notification message generated on the tunnel relay path.

  For example, the arrival / departure address of a tunneling message (ICMP error notification message) transmitted / received on the tunnel route becomes the address of the incoming / outgoing tunnel device (encrypted communication device), and the address of the incoming / outgoing terminal is hidden in the inner message. For this reason, there is a problem in that the originating side tunnel device may not be able to directly analyze the address of the calling terminal from the ICMP error notification message.

  In addition, there is a method in which a range of addresses is designated as a destination terminal address accommodated in a tunnel route, and messages from a plurality of destination terminal addresses are collectively accommodated in this tunnel and transferred. When the encrypted communication apparatus receives an ICMP error notification message in which such an accommodated address range is specified, simply returning this ICMP error notification message to the originating terminal results in poor error notification efficiency. That is, when the number of calling terminals that actually use this tunnel is smaller than the number of terminals in the tunnel calling address range, many unnecessary ICMP error notification messages are notified to the terminal side. . As a result, there is a problem that the bandwidth is wasted.

  On the other hand, when an ICMP error notification message is transmitted only to the originating terminal that has transmitted the message that caused the ICMP error notification message, the ICMP error notification message is sent to other originating terminals that use the same tunnel as the originating terminal. Is not sent. For this reason, the encrypted communication apparatus must deal with the ICMP error notification message for each of a plurality of originating terminals that use the same tunnel. As a result, problems such as a delay of an ICMP error notification message to the calling side terminal, wasteful bandwidth consumption, and an increase in processing load on the calling side tunnel device (encrypted communication device) have occurred.

  The present invention has been made in view of the above, and when a communication control message is received from a tunnel communication path, communication control is efficiently performed to a communication terminal outside the tunnel communication path while suppressing wasteful consumption of bandwidth. An object of the present invention is to obtain an encrypted communication device that transfers a message for use.

  In order to solve the above-described problems and achieve the object, the present invention, when receiving a user message from a plurality of communication terminals outside the encrypted communication path, encrypts and encapsulates each user message, and transmits it on the encrypted communication path. At least a part of the encrypted and encapsulated user message transmitted based on the user message from a relay device that forwards the user message to the opposite device on the encrypted communication path. When the communication control message is received, the encrypted communication device decrypts and decapsulates the communication control message and transfers it to a predetermined destination outside the encrypted communication path. Encryption related to each encrypted communication path for transferring each user message when transferring to the opposite device A storage unit that stores address information relating to correspondence between communication path information and the address of each communication terminal that is a transmission source of each user message, and encrypted communication corresponding to the user message in the encrypted user message A transmission unit that adds path information without encryption and forwards it to the opposite device; and for communication control that includes encrypted communication path information added without encryption to a user message transmitted from the transmission unit A reception unit that receives a message from the relay device, a transmission destination determination unit that determines a transmission destination of the communication control message using the communication control message received by the reception unit, and a communication control that is received by the reception unit The encrypted communication path information is extracted from the message for use, and based on the extracted encrypted communication path information and the address information stored in the storage unit, Characterized in that it comprises a transmission address determining unit for determining a destination address of said communication control message corresponding to the destination the destination determination unit has determined.

  According to the present invention, when a user message is transferred to the tunnel communication path, information related to the encrypted communication path of the user message and the source address of the user message are stored, so that the user message is transmitted within the tunnel communication path. Even when the communication control message is encrypted, when the communication control message is received, the communication control message is efficiently transmitted to the communication terminal outside the tunnel communication path while suppressing wasteful bandwidth consumption. There is an effect that the data can be transferred.

  Embodiments of an encrypted communication apparatus according to the present invention will be described below in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

Embodiment 1 FIG.
FIG. 1 is a diagram showing a configuration of a communication network including an encrypted communication device according to the present invention. The communication system 100 includes LANs (Local Area Networks) 1 to 3 which are communication networks on the user side, WAN (Wide Area Network) 5 which is a communication network connecting the LANs 1 to 3 and encrypted communication devices 10A and 10B. It is configured.

  The LAN 1 includes communication terminals X1 to Xn (n is a natural number) that are communication terminals on the user side. The LAN 2 includes communication terminals Y1 to Ym (m is a natural number), and the LAN 3 includes communication terminals Z1 to Zl (l is a natural number). Here, for convenience of explanation, the data transmission side communication terminal may be referred to as an origination terminal, and the data reception side communication terminal may be referred to as an arrival side terminal.

  The encrypted communication device (capsule-type encrypted communication device) 10A connects LAN1 and WAN5, and the encrypted communication device 10B connects LAN2, 3 and WAN5. The encrypted communication devices 10A and 10B have a function (tunneling communication function) for encapsulating and transferring an IP message transmitted / received by a calling terminal (calling terminal, called terminal) using another protocol using the same IP on a relay path. Have.

  The encrypted communication devices 10A and 10B perform, for example, IP-in-IP encapsulation, tunnel mode IPSEC_ESP encapsulation, GRE (Generic Routing Encapsulation) encapsulation, mobile IP encapsulation, and the like as tunneling communication. The encrypted communication device 10A here encrypts and encapsulates the IP message (user message) and the communication control message (ICMP error notification message 73 described later) transmitted from the LAN 1 side and transfers them to the WAN 5 . Further, the encrypted communication device 10B encrypts and encapsulates the IP message and communication control message transmitted from the LANs 2 and 3 and transfers them to the WAN 5.

  Further, the encrypted communication device 10A here decapsulates the IP message received via the other routers (relay devices) R1 to R3, decrypts it, and transfers it to the LAN1 side. Further, the encrypted communication device 10B decapsulates the IP message received via the other routers R1 to R3, decrypts it, and transfers it to one of the LANs 2 and 3.

  The WAN 5 includes routers R1 to R3 that are data relay apparatuses. The routers R1 to R3 transfer the IP message transmitted from the encrypted communication device 10A to the encrypted communication device 10B, and transfer the IP message transmitted from the encrypted communication device 10B to the encrypted communication device 10A.

  For example, the arrival / departure terminal uses an IPv4 (Internet Protocol Version) 4 or IPv6 message described in RFC (Request For Comments) of IETF (Internet Engineering Task Force) as a user message (IP message 71 described later).

  The encrypted communication devices 10A and 10B execute IPSEC processing described in, for example, IETF RFC2401-RFC2412 and use IPSEC_SA as an encryption communication path. The encrypted communication devices 10A and 10B include means for performing IPSEC encryption in the tunnel mode using, for example, an IPSEC ESP encrypted message described in RFC2406 as an encryption communication message.

  Further, the communication control message notified by the routers R1 to R3 (ordinary communication apparatuses that do not contribute to encryption) is, for example, an ICMP message (ICMP_Destination_Unreachable message or an MTU excess notification message such as a Packet_Too_Big message) described in RFC. It is.

  Here, a configuration of data transmitted and received in the communication system 100 will be described. FIG. 2 is a diagram for explaining a configuration of data transmitted and received in the communication network. Here, a configuration of data transmitted / received in the communication system 100 when data is transmitted from the communication terminal X1 (originating terminal) to the communication terminal Y1 (destination terminal) and the router R1 detects an MTU excess. Will be described.

  Data D1 (IP message) transmitted from the communication terminal X1 to the encrypted communication device 10A includes the address of the communication terminal Y1, which is a destination address, the address of the communication terminal X1, which is a transmission side address, a data portion, and the like. ing.

  When the encrypted communication device 10A receives the data D1 from the communication terminal X1, the encrypted communication device 10A performs ESP encapsulation processing on the data D1 to create data D2. Then, the encrypted communication device 10A transfers the data D2 (IPSEC message) into the WAN 5 using the tunnel communication path 130.

  The data D2 includes an address (SG2) of the encrypted communication device 10B as a receiving side address in the tunnel communication path 130, an address (SG1) of the encrypted communication device 10A as a transmitting side address, and an encapsulated message for tunneling (ESP header). , Data D1) and the like.

  When the router R1 detects an MTU excess, an ICMP error notification (data D3) is transmitted from the router R1 to the encrypted communication device 10A. This data D3 (ICMP error message 73 described later) includes the address (SG1) of the encrypted communication device 10A as the receiving side address in the tunnel communication path 130, the address (R1) of the router R1 as the transmitting side address, and the ICMP header ( These portions are used for tunnel communication when ICMP error notification is performed.

  Further, the data D3 includes the original message (data D2) (tunnel transmission side address (SG1), tunnel reception side address (SG2), IP header for tunnel communication) that caused the ICMP error. These parts are information used for tunnel communication when the encrypted communication device 10A transmits an IPSEC message.

  The data D3 includes an ESP header, information on data transmitted / received in the LAN 1 (address (Y1) of the called terminal, address (X1) of the calling terminal), an IP header, and the tunnel communication path 130. In the data D3, these parts are encrypted and concealed as a tunneling encapsulated message. For this reason, the address of the terminal is hidden in the inner message.

  Next, the configuration of the encrypted communication devices 10A and 10B will be described. Since the encrypted communication devices 10A and 10B have the same configuration, the encrypted communication device 10A will be described as an example here. In the following, a case where the communication terminal X1 is a caller terminal and the communication terminal Y1 is a callee terminal will be described as an example.

  FIG. 3 is a block diagram showing the configuration of the first embodiment of the encrypted communication apparatus according to the present invention. The encryption communication device 10A stores a sequence number corresponding to the IP message 71 received from the calling terminal and the calling terminal address, and the calling terminal address and the like when notifying the ICMP error to the calling terminal. Is a communication device that reproduces.

  The encrypted communication device 10A includes a terminal-side I / F (interface) 13, a tunnel-side I / F (receiving unit) 14, an output-side SADB 11, an input-side SADB 12, an encapsulation processing unit 20, a decapsulation processing unit 30, and an ICMP reception. A processing unit 40, an ICMP relay reproduction processing unit 50, and an ICMP reproduction data management unit 60 are provided.

  The terminal side I / F 13 is a communication interface on the LAN 1 side, and the tunnel side I / F 14 is a communication interface on the WAN 5 side (tunnel side). The terminal side I / F 13 receives the IP message 71 from the originating side terminal (communication terminal X1 or the like) on the LAN 1 to 3 side, and transmits an ICMP error notification message 74 or an IP message 76 to the originating side terminal.

  The IP messages 71 and 76 are configured to include the address of the calling terminal, the address of the called terminal, the IP message part, and the like. The ICMP error notification message 74 includes the address of the encrypted communication device 10A, the address of the calling terminal, an error message, and the like.

  The tunnel side I / F 14 transmits an IPSEC_ESP encapsulation message (hereinafter referred to as an IPSEC message 72) to the opposite encrypted communication device 10B on the tunnel side, and the ICMP error notification message 73 and the IP message are transmitted from the routers R1 to R3 on the tunnel side. 75 is received.

  The IPSEC messages 72 and 75 include an address of the encrypted communication device 10A, an address of the encrypted communication device 10B, an encrypted IP message part, and the like. The ICMP error notification message 73 includes an address such as the router R1 that performs error notification, the address of the encrypted communication device 10A, an error message, and the like.

  The output side SADB 11 stores information (output side SA information 101 described later) for determining the SA used by the IP message 71. The input side SADB 12 stores information for each SA (input side SA information to be described later) for decrypting the encrypted IP message part in the IPSEC message 75.

  The encapsulation processing unit 20 performs processing for establishing a secure communication path (SA), IPSEC_ESP encryption processing, encapsulation processing, and the like. The encapsulation processing unit 20 includes an SA search unit 21, an SA usage permission determination unit 22, an encryption processing unit 23, an ESP header processing unit (transmission unit) 24, an authentication value calculation unit 25, and an IP header processing unit 26. .

  The SA search unit 21 searches the output side SADB 11 based on the outgoing / incoming address, protocol type, outgoing / incoming port number, etc. in the IP message 71 in order to establish a safe communication path, and the SA (communication) used by the IP message 71. (Road identification information) is determined.

  The SA use permission determination unit 22 determines whether the IP message 71 can use the SA determined by the SA search unit 21. When the IP message 71 can use the SA, the SA usage permission determination unit 22 uses the SPI value (encrypted communication path information) to be used as a key to set the originating / arriving terminal address of the original IP message 71 as an ICMP reproduction data management unit 60. (Registered SA use terminal DB 61 (described later, used SA information 102)).

  The encryption processing unit 23 encrypts the entire IP message 71 in order to perform IPSEC_ESP encryption processing of the IP message 71. The encryption processing unit 23 performs encryption using information (output-side SA information 101) that the output-side SADB 11 has for each SA.

  The ESP header processing unit 24 adds an ESP header before the encrypted IP message 71. The ESP header processing unit 24 assigns, to the ESP header, a different SPI value for each SA and a sequence number (message identification information) that is counted up for each message. The ESP header processing unit 24 registers the arrival / departure terminal address of the original IP message 71 in the ICMP reproduction data management unit 60 (sequence use terminal DB 62 (described later, sequence number information 103)) using the SPI value and the sequence number as keys. .

  The authentication value calculation unit 25 calculates an ESP authentication value for the ESP header and the encrypted IP message 71 and assigns it to the end. When the ESP encapsulated message generated by the authentication value calculation unit 25 exceeds the MTU of the SA, the IP header processing unit 26 performs processing such as a fragment to add an IP header. The data created by the IP header processing unit 26 is transmitted as an IPSEC_ESP encapsulation message (IPSEC message 72) from the tunnel side I / F 14 to the opposite encrypted communication device 10B.

  The ICMP reproduction data management unit 60 has an SA using terminal DB 61 and a sequence using terminal DB 62. The SA using terminal DB 61 stores information on the address of the calling terminal and the address of the called terminal corresponding to the SPI value (use SA information 102). The sequence use terminal DB 62 stores information (sequence number information 103) regarding the address of the calling terminal and the address of the called terminal corresponding to the SPI value and the sequence number.

  The decapsulation processing unit 30 performs IPSEC_ESP decoding processing, decapsulation processing, and the like. The decapsulation processing unit 30 includes a use SA search unit 31, a sequence verification unit 32, an authentication value confirmation processing unit 33, a replay protection processing unit 34, a decryption processing unit 35, and a pre-output SADB audit unit 36.

  The used SA search unit 31 determines the SA to be used based on the address and SPI value of the encrypted communication device 10B in the received IPSEC message 75. The sequence verification unit 32 checks the sequence number in the received IPSEC message 75 to audit the replay attack, and determines whether or not the IPSEC message 75 can be accepted.

  The authentication value confirmation processing unit 33 calculates an ESP authentication value for the ESP header of the received IPSEC message 75 and the encrypted IP message unit. The authentication value confirmation processing unit 33 compares the calculated ESP authentication value with the ESP authentication value added to the end of the IPSEC message 75, and detects whether the IPSEC message 75 has been tampered with.

  Based on the sequence number in the received IPSEC message 75, the replay protection processing unit 34 operates a replay protection window held therein, and updates the replay protection window.

  The decryption processing unit 35 decrypts the encrypted IP message part in the received IPSEC message 75. The decryption processing unit 35 decrypts the IP message unit using information (input side SA information) that the input side SADB 12 has for each SA.

  The pre-output SADB audit unit 36 audits whether the decrypted IP message 76 meets a condition based on an incoming / outgoing address, protocol type, outgoing / incoming port, etc. of an input side SPD (Security Policy Database) not shown. . An IP message 76 audited by the pre-output SADB audit unit 36 and meeting a predetermined condition is transmitted from the terminal side I / F 13 into the LAN 1.

  The ICMP reception processing unit 40 includes an ICMP type determination unit 41, an ICMP internal packet extraction unit 42, and an ICMP type correspondence processing unit 43. The ICMP type determination unit 41 determines the type of the ICMP 73.

  When the data part of the ICMP error notification message 73 includes an internal message, the ICMP internal packet extraction unit 42 extracts the internal message. The ICMP internal packet extraction unit 42 analyzes the internal message itself as necessary, and can obtain it from a general IP message such as a destination address (address of the encrypted communication devices 10A and 10B), a protocol type, and a destination port number. Extract information. When the internal message is an IPSEC_ESP encapsulated message, the ICMP internal packet extraction unit 42 further analyzes the internal message and extracts the SPI value, sequence number, and the like in the ESP header.

  The ICMP type correspondence processing unit 43 updates the ICMP process (for example, updating the routing table of the encrypted communication device 10A) and the MTU value (transmission MTU value) of the output side SADB 11 according to the ICMP type.

  The ICMP relay reproduction processing unit 50 includes an ICMP relay processing determination unit 51, an ICMP reproduction unit 52, and an ICMP transmission terminal determination unit (transmission destination determination unit, transmission address determination unit) 53. Based on the message type of the ICMP error notification message 73 (hereinafter referred to as “ICMP message type”), the ICMP relay processing determination unit 51 determines whether the data relay processing to the communication terminal side of the ICMP error notification message 73 is necessary (ICMP error notification message). 73 is required to be transferred to the communication terminal side.

  The ICMP reproduction unit 52 reproduces (creates) an ICMP error notification message 74 to be transmitted to the communication terminal from the received ICMP error notification message 73. The ICMP reproduction unit 52 creates an ICMP error notification message 74 based on the use SA information 102, the originating terminal address in the sequence number information 103, the sequence number, and the like.

  The ICMP transmission terminal determination unit 53 sends an ICMP error notification to be transmitted to the communication terminal based on the message type of the received ICMP error notification message 73 and the ICMP message type of the reproduced ICMP error notification message 74 to be transmitted to the communication terminal. The transmission destination of the message 74 (the originating terminal range as the transmission destination) and its address are determined. The ICMP transmission terminal determination unit 53 determines to transmit the ICMP error notification message 74 to, for example, only the calling terminal or all the calling terminals that use SA (SPI value).

  Next, as an operation procedure of the encrypted communication device 10A according to the first embodiment, each of data transmission processing (encryption processing), decryption processing, ICMP reception processing, and ICMP reproduction processing which is the main feature of the first embodiment is described. The operation procedure will be described.

(Transmission process)
First, a data transmission process (encryption process) from the communication terminal X1 (originating terminal) to the tunnel side (WAN5 side) will be described. FIG. 4 is a flowchart showing a processing procedure of data transmission processing from the calling terminal to the tunnel side.

  When the encrypted communication device 10A receives the IP message 71 from the originating terminal via the terminal-side I / F 13, the encrypted communication device 10A performs IP reception processing and routing processing by a general router function, and outputs the IP message 71 output destination I / F (Tunnel side I / F 14) is determined (step S110). In the encrypted communication device 10A shown in FIG. 3, illustration of means for performing IP reception processing and routing processing is omitted.

  When the encrypted communication device 10A determines to output the IP message 71 to the tunnel side I / F 14 by the routing process, the encrypted communication device 10A passes the IP message 71 to the encapsulation processing unit 20.

  In the encapsulation processing unit 20, in order to establish a safe communication path (SA), the used SA search unit 21 first searches the output side SADB 11 based on the arrival / departure address, protocol type, and arrival / departure port number in the IP message 71. Then, the SA used by the IP message 71 is determined. The used SA search unit 21 determines the SA used by the IP message 71 using, for example, the output side SA information 101 stored in the output side SADB 11 (step S120).

  FIG. 5 is a diagram illustrating an example of the configuration of the output side SA information. The output-side SA information 101 is information for encrypting the IP message 71 to establish the SA, and is “source terminal”, “destination terminal”, “encryption means”, “authentication means”, “opposite device” ”,“ SPI value ”,“ shared secret key ”,“ current initial vector value ”,“ transmission MTU value ”,“ protocol type ”, and“ incoming / outgoing port number ”.

  The “calling terminal” indicates a calling terminal (address) such as the communication terminal X1, and the “calling terminal” indicates a called terminal (address) such as the communication terminal Y1. “Encryption means” indicates means for performing encryption such as “3DES (Data Encryption Standard)” and “DES”.

  “Authentication means” indicates a hash function (authentication means) used for authentication such as “MD (Message Digest) 5” and “SHA (Secure Hash Algorithm) 1”. The “opposite device” indicates the opposite encrypted communication device. Here, SG (security gateway) 2 indicates the encrypted communication device 10B, and SG3 indicates an encrypted communication device other than the encrypted communication devices 10A and 10B.

  The “SPI value” is an arbitrary value (32 bits) for uniquely identifying the SA. The “shared secret key” is a secret key for encryption / decryption shared with the opposite device such as the encrypted communication device 10B. Strictly speaking, the “shared secret key” between SGs includes a shared encrypted secret key used for encryption and a shared authentication secret key used for authentication. The “shared secret key” is encrypted between SGs below. It points to the shared encryption private key used for (nonpatent literature 1).

  The “current initial vector value” is an initial vector value (encryption parameter information) of a pseudo random number used when the IP message 71 is encrypted. The “current initial vector value” is generated from the previous transmission message, and a different value is set for each message. The “transmission MTU value” is a value (setting value) indicating the maximum value of data that can be transmitted in one transfer to the tunnel side. “Protocol type” indicates the type of communication protocol used by the incoming / outgoing communication terminal, and “Incoming / outgoing port number” indicates the port number used by the incoming / outgoing communication terminal.

  When the used SA search unit 21 cannot extract (discover) the SA used by the IP message 71 from the output-side SA information 101 (step S130, No), the used SA search unit 21 discards the IP message 71, or An ICMP error notification message 74 is transmitted (response) to the originating terminal (step S140).

  On the other hand, when the use SA search unit 21 can extract the SA used by the IP message 71 from the output-side SA information 101 (Yes in step S130), the SA use permission determination unit 22 uses the SA extracted by the IP message 71. It is determined whether or not the conditions to be satisfied are satisfied (step S150).

  The determination condition here is whether or not the corresponding SA is unusable due to a failure (condition 1), and the DF (Don't Fragment) flag is set in the IP message 71 and fragment transfer is not possible. MTU smaller than the encrypted message length after ESP processing is set, and there are conditions such as whether or not to fragment (Condition 2). For example, in the case of (Condition 2), if it is necessary to fragment, it is determined that this SA cannot be used.

  When the SA usage permission determination unit 22 determines that SA cannot be used (No at Step S150), the encrypted communication device 10A responds with an ICMP error notification message 74 to the calling terminal (Step S140).

  On the other hand, when the SA use permission determination unit 22 determines that the SA can be used (step S150, Yes), the SA use permission determination unit 22 according to the first embodiment uses the SPI value to be used as a key. Is registered in the SA use terminal DB 61 (use SA information 102) (step S160).

  FIG. 6 is a diagram illustrating an example of the configuration of usage SA information stored in the SA usage terminal DB. The use SA information 102 (address information) here shows an example in which the current time is 123 msec, for example. The used SA information 102 is information regarding the address of the calling terminal and the address of the called terminal corresponding to the SPI value (SA), and is “opposite device”, “SPI value”, “SA used calling address”, “SA used”. "Destination address" and "Estimated deletion time" are associated with each other.

  “SA use origination address” indicates the address of the originating terminal that uses SA, and “SA use destination address” indicates the address of the destination terminal that uses SA. “Erase scheduled time” indicates a time at which data is erased due to a reception timeout.

  Next, the encryption processing unit 23 encrypts the entire IP message 71 in order to perform IPSEC_ESP encryption processing of the IP message 71 (step S170). For the encryption here, information (output-side SA information 101 shown in FIG. 5) that the output-side SADB 11 has for each SA is used. Specifically, the initial vector value of the current pseudo-random number that is generated from the previous transmission message (“opposite device”, “shared secret key”, “encryption means”) of the output SA information 101 and is different for each message ( Encryption is performed using “current initial value vector value”).

  Next, the ESP header processing unit 24 adds an ESP header before the encrypted IP message 71. The ESP header here is given a different SPI value for each SA and a sequence number counted up for each message (step S180).

  Further, in the present embodiment, the ESP header processing unit 24 registers the arrival / departure terminal address of the original IP message 71 in the sequence use terminal DB 62 (sequence number information 103 described later) using the SPI value and the sequence number as keys. (Step S190).

  FIG. 7 is a diagram illustrating an example of a configuration of sequence number information stored in the sequence using terminal DB. The sequence number information 103 (address information) is information relating to the SPI value and the address of the calling terminal corresponding to the sequence number and the address of the called terminal, and includes “opposite device”, “SPI value”, “sequence number”, “ “SA use origination address” and “SA use destination address” are associated with each other.

  The sequence use terminal DB 62 deletes predetermined information (a set of associations) in the sequence number information 103 at a predetermined timing, and stores new information (a set of associations). That is, the sequence use terminal DB 62 stores the information in the sequence number information 103 for a predetermined period, for example, and deletes the information in the sequence number information 103 that has become obsolete after the predetermined period has elapsed. Further, the sequence use terminal DB 62 stores a predetermined number of information in the sequence number information 103, and deletes information in the sequence number information 103 that has become obsolete when storing new information exceeding the predetermined number. May be.

  Next, the authentication value calculation unit 25 calculates an ESP authentication value for the ESP header and the encrypted IP message 71 and assigns it to the end. When the ESP encapsulated message generated by the authentication value calculation unit 25 exceeds the SA MTU, the IP header processing unit 26 performs processing such as a fragment to add an IP header. The data created by the IP header processing unit 26 is transmitted as an IPSEC_ESP encapsulation message (referred to as an IPSEC message 72) from the tunnel side I / F 14 to the opposite encrypted communication device 10B (step S200).

(Decryption process)
Next, the decoding process of data received from the tunnel side (WAN5 side) such as the router R1 will be described. FIG. 8 is a flowchart showing a processing procedure for decrypting data received from the tunnel side.

  When the tunnel side I / F 14 receives an IPSEC_ESP encapsulation message (hereinafter referred to as an IPSEC message 75) from the tunnel side, the tunnel side I / F 14 performs IP reception processing and routing processing by a general router function. As a result, when the destination of the IPSEC message 75 is its own encrypted communication device 10A, the destination port number and the upper protocol type of the IPSEC message 75 are determined. When the upper protocol type is the IPSEC_ESP message, the IPSEC message 75 is The data is passed to the decapsulation processing unit 30. Here, since the upper protocol type of the IPSEC message 75 is an IPSEC_ESP message, the IPSEC message 75 is input to the decapsulation processing unit 30.

  In the decapsulation processing unit 30, the used SA search unit 31 first searches for and determines the SA to be used based on the address and SPI value of the encrypted communication device 10B in the received IPSEC message 75 (step S310).

  Next, the sequence verification unit 32 checks the sequence number in the received IPSEC message 75, audits the replay attack, and determines whether or not the IPSEC message 75 can be accepted (step S320). If the sequence verification unit 32 determines that the IPSEC message 75 cannot be accepted (step S320, No), the IPSEC message 75 is discarded (step S330).

  On the other hand, if the sequence verification unit 32 determines that the IPSEC message 75 can be accepted (step S320, Yes), the authentication value confirmation processing unit 33 receives the ESP header of the received IPSEC message 75 and the encrypted IP message unit. An ESP authentication value is calculated for. Then, the calculated ESP authentication value is compared with the ESP authentication value added to the end of the IPSEC message 75 to detect whether the IPSEC message 75 has been tampered with (step S340).

  Next, the replay defense processing unit 34 operates the replay defense window held therein by the sequence number in the received IPSEC message 75, and updates the replay defense window (step S350).

  Next, the decryption processing unit 35 decrypts the encrypted IP message part in the received IPSEC message 75 (step S360). For this decoding, information (input side SA information) that the input side SADB 12 has for each SA is used.

  The input-side SA information (not shown) is information having the same configuration as the output-side SA information, and “source terminal”, “destination terminal”, “encryption unit”, “authentication unit”. , “Opposite device”, “SPI value”, “shared secret key”, “current initial vector value”, and “transmission MTU value”.

  Here, the IP message part is decrypted using the “opposite device”, “shared secret key”, “encryption means”, and “current initial value vector value” of the SA information on the input side. The decrypted IP message part is input to the pre-output SADB auditing part 36 as an IP message 76.

  The pre-output SADB auditing unit 36 audits whether or not the IP message 76 obtained by decryption meets the conditions based on the incoming / outgoing address, protocol type, outgoing / incoming port, etc. of the input side SPD (step S370). The IP message 76 that is audited by the pre-output SADB auditing unit 36 and meets a predetermined condition is transmitted from the terminal side I / F 13 into the LAN 1 (step S380).

(ICMP reception processing)
Next, processing procedures of ICMP reception processing and reproduction processing will be described. First, the processing procedure of the ICMP reception process will be described. FIG. 9 is a flowchart showing a processing procedure of ICMP reception processing.

  When the tunnel side I / F 14 receives the ICMP error notification message 73 from the tunnel side, it performs IP reception processing and routing processing by a normal router function. As a result, when the destination of the ICMP error notification message 73 is the encrypted communication device 10 </ b> A, the ICMP error notification message 73 is passed to the ICMP reception processing unit 40.

  The ICMP reception processing unit 40 first determines the type of the ICMP 73 by the ICMP type determination unit 41 (step S410). Next, when an internal message is included in the data part of the ICMP error notification message 73, the ICMP internal packet extraction unit 42 extracts the internal message. The ICMP internal packet extraction unit 42 analyzes the internal message itself as necessary, and obtains it from a general IP message such as a calling / receiving address (here, addresses of the encrypted communication devices 10A and 10B), a protocol type, and a calling / receiving port number. Possible information is extracted (step S420).

  The ICMP internal packet extraction unit 42 analyzes the internal message itself, for example, when it is determined that the internal message is an IPSEC_ESP encapsulated message, analyzes the internal message further to the inside, and the SPI value in the ESP header, the sequence number, etc. Is extracted (step S430).

  Next, the ICMP type correspondence processing unit 43 performs processing to be taken by the encrypted communication device 10A according to the ICMP type. The processes to be taken include an ICMP process to be dealt with by the encrypted communication apparatus 10A itself (for example, a routing table update of the encrypted communication apparatus 10A) (process 1), and a process for updating the value of the output SADB 11 (process 2). ) (Step S440).

  For example, when the ICMP type is an ICMP redirect notification message, the ICMP type correspondence processing unit 43 updates the next hop address to the corresponding destination address in the routing table of the encrypted communication device 10A (processing 1).

  When the ICMP type is an ICMP destination unreachable message, the ICMP type correspondence processing unit 43 first registers the inability to transfer (information) to the notified destination in the routing table of the encrypted communication device 10A (processing 1). . Further, when the ICMP error notification message 73 includes an IPSEC_EPS encapsulation message in the data part, the ICMP type correspondence processing part 43 performs the following on the SA determined by the extracted SPI value and the address of the encryption communication apparatus 10B on the called side. Information related to the unusable SA is registered in the output SADB 11 (Process 2).

  When the ICMP type is an ICMP_MTU excess notification message, the ICMP type correspondence processing unit 43 first updates the MTU value to the destination notified in the routing table of the encrypted communication device 10A (processing 1). Furthermore, when the ICMP error notification message 73 includes an IPSEC_EPS encapsulated message in the data part, the ICMP type correspondence processing unit 43 determines that the SA is determined by the extracted SPI value and the address of the encryption communication device 10B on the called side. A value obtained by subtracting the overhead due to the IPSEC process from the MTU value notified to the relevant SA is registered in the output side SADB 11 (“transmission MTU value” of the output side SA information 101) as the SA update MTU value (processing 2).

(ICMP regeneration process)
Thereafter, the ICMP error notification message 73 is delivered to the ICMP relay reproduction processing unit 50 which is one of the characteristic components of the first embodiment. Next, a processing procedure of ICMP regeneration processing performed by the ICMP relay regeneration processing unit 50 will be described. FIG. 10 is a flowchart showing a processing procedure of ICMP reproduction processing according to the first embodiment.

  First, the ICMP relay process determination unit 51 determines whether or not the data relay process of the ICMP error notification message 73 to the communication terminal side is necessary based on the message type (ICMP message type) of the ICMP error notification message 73 (step S1). S510).

  When the ICMP relay process determination unit 51 determines that data relay to the communication terminal side is necessary (step S510, Yes), the ICMP playback unit 52 transmits the received ICMP error notification message 73 to the communication terminal side. The creation of the ICMP error notification message 74 to be started is started. At this time, the ICMP reproduction unit 52 creates an ICMP error notification message 74 based on the use SA information 102 and the originating terminal address in the sequence number information 103, the sequence number, and the like.

  When playing back the ICMP error notification message 74, the ICMP playback unit 52 makes the received ICMP message type the same as the ICMP message type transmitted to the terminal side, for example. That is, if the received ICMP message type is an MTU excess message, the ICMP playback unit 52 also sets the ICMP message type to be transmitted to the communication terminal side as an MTU excess message. Further, when reproducing the ICMP error notification message 74, the ICMP reproducing unit 52 may set different ICMP message types depending on the interpretation of the encrypted communication device 10A depending on the situation.

  The reproduced ICMP error notification message 74 is passed to the ICMP transmission terminal determination unit 53. The ICMP transmission terminal determination unit 53 transmits the ICMP error notification message 74 to be transmitted to the communication terminal based on the message type of the received ICMP error notification message 73 and the message type of the ICMP error notification message 74 to be transmitted to the communication terminal. The destination is determined (step S530).

  For example, when the ICMP message type is “time exceeded” and the code is “TTL (Time To Live) exceeded”, the encrypted communication device 10A transmits the message from the original communication terminal when the IPSEC message 72 is transmitted. 1 is subtracted from TTL for transmission. For this reason, it is considered that the ICMP error notification message 73 is derived from the TTL value set by the calling terminal. In this case, the ICMP transmission terminal determination unit 53 determines to notify the ICMP error notification message 74 only to the originating terminal.

  Further, when the type of the ICMP message type is “destination unreachable message” and the code is “fragment required and DF setting”, the transmission destination of the ICMP error notification message 74 is further set in the DF setting policy of the encrypted communication device 10A. Dependent.

  There are three types of DF setting policies for the encrypted communication device 10A. That is, in the DF setting policy, DF is not necessarily set in the IPSEC message to be transmitted (setting 1), DF is always set (setting 2), and the DF value from the original communication terminal (originating terminal) is copied ( There is setting 3).

  For example, in the case of setting 1, a fragment is necessary and an error of DF setting itself does not occur. Also, in the case of setting 2, it is necessary for all calling terminals that use SA to lower the transmission MTU to the notified MTU value, and the ICMP transmission terminal determination processing unit 53 uses all SAs that use this SA. It is determined that an ICMP error notification message 74 is notified to the communication terminal.

  In the case of setting 3, only the communication terminal that sets and transmits the DF using SA needs to lower the transmission MTU, and the ICMP transmission terminal determination unit 53 sets the DF and transmits the communication terminal (this ICMP) It is determined that the ICMP error notification message 74 is notified only to the originating terminal associated with the error notification message 73.

  If the ICMP message type is “destination unreachable message” and the code is “network unreachable” or the code is “host unreachable”, the SA itself is unreachable, so ICMP The transmission terminal determination unit 53 determines to send an ICMP error notification message 74 to all communication terminals using this SA.

  In this way, the ICMP transmission terminal determining unit 53 determines whether to notify the ICMP error notification message 74 to all communication terminals using the SA, or to notify the ICMP error notification message 74 only to the originating terminal. . Further, the ICMP transmission terminal determining unit 53 determines a source terminal range (source terminal ranges 301 and 302 described later) to which the reproduced ICMP error notification message 74 is transmitted (step S540).

  Here, the calling terminal range will be described. FIG. 11 is a diagram for explaining the originating terminal range. Here, the originating terminal range when the ICMP error notification message 74 is transmitted only to the originating terminal is set as the originating terminal range 301, and the originating when the ICMP error notification message 74 is transmitted to the communication terminal using the SA. The originating terminal range is shown as the originating terminal range 302 when the originating terminal range 302 is transmitted, and the ICMP error notification message 74 is transmitted to the entire SA accommodation range.

  For example, when the ICMP message type is “time exceeded” and the code is “TTL exceeded”, the ICMP error notification message 74 only needs to be notified to the originating terminal. Send to range 301.

  Further, when the ICMP message type is “Destination Unreachable Message”, the code is “Fragment Required and DF Setting”, and the DF Setting Policy is Setting 2, an ICMP error notification is sent to all communication terminals using the SA. Since it is necessary to notify the message 74, the ICMP error notification message 74 is transmitted to the calling terminal range 302.

  Also, when the ICMP message type is “Destination Unreachable Message”, the code is “Fragment Required and DF Setting”, and the DF Setting Policy is Setting 3, the ICMP error only applies to the communication terminal that sets and sends the DF. Since the notification message 74 may be notified, the ICMP error notification message 74 is transmitted to the calling terminal range 301.

  Further, when the type of the ICMP message type is “destination unreachable message” and the code is “network unreachable” or “host unreachable”, an ICMP error notification message 74 is notified to all communication terminals using the SA. Therefore, the ICMP error notification message 74 is transmitted to the calling terminal range 302.

  When notifying the ICMP error notification message 74 only to a predetermined originating terminal (originating terminal range 301), the ICMP transmitting terminal determining unit 53 includes the SPI value and sequence number in the ESP header extracted by the ICMP internal packet extracting unit 42. And the key is used to acquire the original calling terminal address (for example, the address of the communication terminal X1) from the sequence use terminal DB 62 (sequence number information 103). Then, the reproduced ICMP error notification message 74 is transmitted only to this originating terminal address via the terminal side I / F 13.

  Further, when notifying the ICMP error notification message 74 to all communication terminals (calling side terminal range 302) using SA, the SA using terminal DB 61 (using the SPI value in the ESP header extracted by the ICMP internal packet extracting unit 42 as a key). All calling terminal addresses using SA (addresses of all communication terminals in the calling terminal range 302) are acquired from the used SA information 102). Then, the reproduced ICMP error notification message 74 is transmitted to this all-terminal terminal address via the terminal-side I / F 13.

  Here, in order to clarify the difference between the encrypted communication device 10A according to the first embodiment and the conventional encrypted communication device (originating side tunnel device), problems of the conventional originating side tunnel device will be described. The ICMP error notification message 74 can be divided into the following three types 1 to 3 depending on the type. That is, as an ICMP error notification message, there is an ICMP message (type 1) that is not related to encapsulation directly exchanged between communication terminals or between encrypted communication devices, such as “Echo_Reply”. Also, as an ICMP error notification message, a message returned to a tunnel device such as the encrypted communication device 10A, such as an ICMP parameter failure / redirect / destination unreachable / time exceeded message, and encapsulated on a relay path There is an ICMP message (type 2) that is meaningless even if the source host that does not know the message receives it as it is. Further, as the ICMP error notification message, there is an ICMP message (type 3) that should be directly returned to the originating terminal, such as ICMP source transmission suppression and ICMP error notification message.

  The ICMP error notification message 73 includes causes for detecting an error in the ICMP error notification message, such as ICMP source transmission suppression, ICMP_MTU excess (fragment required and DF setting), ICMP destination unreachable, ICMP parameter error, ICMP redirect notification, etc. Some of the original messages are given as data. For this reason, the ICMP error notification message 73 containing the original message includes many ICMP messages that should be directly returned to the calling terminal such as type 3. This is because these ICMP messages have the purpose of notifying the originating terminal of the failure that the destination terminal is unreachable and the original message so that the originating terminal can analyze the cause of the failure. is there.

  For this reason, in the conventional tunnel device on the originating side, when the ICMP error notification message 73 addressed to itself is received from the IP router on the tunnel route, the type of the received ICMP error notification message 73 is checked, and the tunnel route like type 3 When the ICMP message is to be notified from the upper IP router to the calling terminal, and the ICMP error notification message 73 includes a part of the original message as a data, it is further analyzed deeply into the ICMP error notification message and the calling / receiving terminal It is necessary to determine the address and to relay and forward the ICMP error notification message 73 to a predetermined originating terminal address.

  However, when the originating tunnel device attempts to determine the destination terminal address from the ICMP error notification message 73 in the IPSEC environment, the original message attached to this data part is the tunneling encapsulation generated by the originating tunnel device itself. It has become a message.

  This is because, when sending an IP message, the originating tunnel device conceals the IP message between the sending and receiving terminals on the inside, and sends it in the outer encapsulated message for tunneling in which the sending and receiving tunnel device address is set on the outside. . That is, the actual calling terminal address is present further inside the encapsulated message that causes the error assigned to the data area of the ICMP error notification message 73 received by the calling tunnel device.

  The minimum length of the data area given in the ICMP error notification message is equal to or greater than the IP header length of the original message (in this case, the encapsulated message) +64 bytes, according to RFC specifications.

  For example, when the originating tunnel device encapsulates and transmits an IP message, there are many parameters used for encapsulation, or the number of bytes used by each parameter is large. May become larger. In such a case, the length required to restore the IP header part of the true message that is actually used by the communication terminal by the encapsulation header length is the minimum length of 64 bytes of the data area provided in the ICMP error notification message. May not fit in. At this time, the conventional calling side tunnel device cannot directly determine the arrival / departure terminal address existing inside.

  In addition, when the tunnel mode IPSEC_ESP process is executed, the inner message (the true message part actually used by the communication terminal) is concealed by encryption + encapsulation on the tunnel path. As a result, the originating tunnel device can analyze the content of the original message (the outer encapsulated message header with the incoming and outgoing tunnel device address) included in the ICMP error notification message, but it is a true message used by the inner communication terminal. The part is encrypted, and the header part cannot be directly analyzed. For this reason, the originating tunnel device cannot directly determine the originating terminal address to which the ICMP error notification message 73 should be returned.

  Furthermore, in the conventional encrypted communication device, when a range of addresses is specified as a destination terminal address accommodated in a tunnel route, and messages from a plurality of destination terminal addresses are collectively accommodated in this tunnel and transferred, the accommodated address It may not be sufficient to simply return the ICMP error notification message 73 in which the range is specified to the originating terminal. This is because the ICMP error notification message 73 such as ICMP destination unreachable received from the router on the tunnel path has a problem that should be dealt only with the originating terminal that has transmitted the message that caused the failure. In other words, this is a failure in which a problem to be dealt with has occurred for all communication terminals existing within the address range of the tunnel in which this message is accommodated.

  That is, in this case, since the trouble that becomes a problem is related to the tunnel, the originating tunnel device uses the ICMP error notification message 73 received from the router on the tunnel route using this tunnel (possibility of use). It is desirable to notify the originating terminal.

  In such a case, the calling terminal that should notify the ICMP error is present in the calling address range (calling terminal range 303) accommodated in the tunnel in which the failure has occurred. However, the ICMP error notification message 73 does not include information for determining which calling terminal is currently using (possibly using) the tunnel, and the encapsulated tunneling device itself also includes the determination information. Therefore, it is difficult to determine the calling terminal range 302 that actually uses the tunnel.

  When the ICMP error notification message 73 is sent to all of the originating terminals (originating terminal range 303) in the accommodated originating address range of the tunnel, the number of originating terminals actually using this tunnel is the number of the originating address range of the tunnel. When the number is smaller than the number of terminals, many unnecessary ICMP error notification messages 73 are notified to the communication terminal side. For example, the address of the terminal that actually uses the tunnel is (192.168.0.1−192.168.8.0) with respect to 65535 units in the tunnel source address range = (192.168.0.0/16). .10), about 10 unnecessary ICMP error notification messages 73 are notified to the communication terminal side. As a result, the bandwidth is wasted due to the ICMP error notification message 74 to the communication terminal or the accompanying ARP transmission / reception.

  On the other hand, if the ICMP error notification message 73 is notified only to the originating terminal (originating terminal range 301) of the message that caused the failure detection, the number of communication terminals that actually use this tunnel is very large. In many cases, ICMP error notification processing to many communication terminals using a tunnel becomes complicated. For example, the address of the communication terminal that actually uses the tunnel is (192.168.0.1−192.168.0.250) with respect to the originating address range of the tunnel = (192.168.0.0/24). ) Of 250 units.

  At this time, many communication terminals using the tunnel each transmit a message using the tunnel from the communication terminal, and the originating tunnel device receives the message transmitted by each communication terminal. The originating tunnel device determines the tunnel to be used for each message, and further determines that the ICMP error notification message cannot be transferred because it uses the tunnel in which this failure has occurred. It will respond only to the terminal.

  That is, the situation described in Non-Patent Document 1 occurs on a large scale for each communication terminal, the originating terminal transmits a failure due to the unavailability of the tunnel on the relay path, and each communication terminal transmits the next message. A time tag that cannot be known until an ICMP error is responded occurs. Furthermore, each originating terminal individually sends a message, and accordingly, an ICMP error notification is sent individually, so that many unnecessary sending messages are sent to the originating tunnel device, which only wastes bandwidth. In addition, the processing load on the originating tunnel device also increases.

  On the other hand, the cryptographic communication apparatus 10A according to the first embodiment includes the SA use terminal DB 61 (use SA information 102) and the sequence use terminal DB 62 (sequence number information 103), and uses the SA when transmitting the IPSEC message 72. The incoming / outgoing communication terminal and the incoming / outgoing communication terminal address for each sequence number are stored.

  The encryption communication device 10A includes an ICMP relay processing determination unit 51, an ICMP reproduction unit 52, and an ICMP transmission terminal determination unit 53. When receiving the ICMP error notification message 73, the encryption communication device 10A interprets the content of the notified ICMP error, An ICMP error notification message 74 is reproduced. Further, the originating terminal that notifies the ICMP error notification message 74 is determined according to the type of the ICMP error received, and the originating side that notifies the ICMP error notification message 74 based on the used SA information 102 and the sequence number information 103 is determined. The terminal address can be recovered.

  This makes it possible to directly determine the arrival / departure terminal address when the ICMP error notification message 73 is received from the ICMP error notification message 73. Accordingly, the encrypted communication device 10A uses tunneling communication, and the arrival / departure address of the tunneling message transmitted / received on the tunnel path becomes the address of the arrival / departure tunnel device (encrypted communication devices 10A, 10B), and the address of the arrival / departure terminal is the inner message. Even if it is concealed, the ICMP error notification message 74 can be transmitted to an appropriate originating terminal.

  As described above, according to the first embodiment, the encryption communication device 10A is on the encrypted communication path (tunnel side) even when the part of the original IP message transmitted from the calling terminal is encrypted. When the ICMP error notification message 73 including the transmission IPSEC message 72 is received, the calling terminal that needs the ICMP error notification message 73 can be appropriately determined. Therefore, the ICMP error notification message 74 can be easily notified to an appropriate originating terminal.

  Further, since the cryptographic communication device 10A narrows down the necessary originating side terminals of the ICMP error notification message 73 and notifies the ICMP error, the notification amount (data amount) of the unnecessary ICMP error transmitted from the cryptographic communication device 10A to the communication terminal. Can be reduced.

  In addition, when the encryption communication device 10A receives the ICMP error notification message 73 from the IP routers (routers R1 to R3) on the tunnel path, the encryption communication device 10A sends the ICMP error notification message 73 to the calling terminal. It is possible to shorten the time lag until the message transmitted from the originating terminal knows the failure or state change that has occurred on the encrypted communication path (tunnel path). Therefore, the calling terminal does not transmit unnecessary messages using the encrypted communication path, and the amount of unnecessary transmission messages transmitted from the calling terminal to the encryption communication device 10A can be reduced. As a result, wasteful bandwidth consumption can be suppressed, and the ICMP error notification message 74 can be efficiently notified to the calling terminal.

  Further, since the encryption communication device 10A deletes (forgets) data that has received a timeout in the SA use terminal DB 61 (use SA information 102), the SA use terminal DB 61 can be used efficiently and the memory capacity can be increased. It becomes possible to make it small.

  Further, since the encryption communication device 10A deletes data that has become obsolete after a predetermined time elapses in the sequence use terminal DB 62 (sequence number information 103), the sequence use terminal DB 62 can be efficiently used. The memory capacity can be reduced.

Embodiment 2. FIG.
Next, a second embodiment of the present invention will be described with reference to FIGS. In the second embodiment, a part of the encrypted original IP message is decrypted, and the address of the originating terminal to which the ICMP error notification message 74 should be transmitted is determined.

  FIG. 12 is a block diagram showing the configuration of the second embodiment of the encrypted communication apparatus according to the present invention. Of the constituent elements in FIG. 12, the constituent elements that achieve the same functions as those of the encrypted communication device 10A of the first embodiment shown in FIG.

  The encrypted communication device 10 </ b> A here includes an SA using terminal DB 61 in the ICMP reproduction data management unit 60. Further, the encrypted communication device 10A includes an ICMP relay reproduction processing unit 50, an ICMP relay processing determination unit 51, an ICMP decryption / reproduction processing unit 55, and an ICMP transmission terminal determination unit 53.

  The ICMP decoding / reproduction processing unit 55 obtains the IPSEC_ESP header and the initial vector value from the IPSEC message attached to the received ICMP error notification message 73 (messages M11 to M15 described later), and decodes the original IP message header. .

  Next, an operation procedure of the encrypted communication device 10A according to the second embodiment will be described. In addition, the description about the procedure which performs the same operation | movement as 10 A of encryption communication apparatuses of Embodiment 1 is abbreviate | omitted.

(Encryption processing on the sending side)
FIG. 13 is a diagram for explaining the encryption processing of the encryption communication device on the transmission side. The encryption processing unit 23 of the encrypted communication device 10A receives the IP message 71 from the originating terminal and transmits the IPSEC message 72 to the opposite encrypted communication device 10B. Do.

  At this time, the encryption processing unit 23 shares the shared secret key 81 shared with the opposing encrypted communication device 10B, the initial value 82 of the initial vector value for the first transmission message, or the previous one for the subsequent transmission message. Each message M1 to M5 (IP message 71) is encrypted using the initial vector values 131 to 134 generated from the encrypted data (the last block of the encryption block) of the transmission message. The initial vector value 82 and the initial vector values 131 to 135 are pseudo-random initial vectors different for each message, and the encryption processing unit 23 uses the initial vector value initial value 82 or the initial vector value 131 to 134 is used to encrypt the IP message 71 in units of encryption block length used for encryption.

  These initial vector values are assigned to the first part in the ESP data for each packet (messages M1 to M5). That is, the initial vector value is a portion immediately after the ESP header and is given before the IP message 71 to be encrypted (before the encrypted data). That is, the initial vector value is inserted between the ESP header and the encrypted IP message. Note that the initial vector value here is not included in the ESP header but is included in the payload portion.

(ICMP decoding process on the transmission side)
FIG. 14 is a diagram for explaining ICMP decryption processing of the encrypted communication device on the transmission side. When receiving the ICMP error notification message 73 (messages M11 to M15 corresponding to the messages M1 to M5) from the routers R1 to R3, the ICMP decryption / reproduction processing unit 55 of the encrypted communication device 10A encrypts the messages M11 to M15. The initial vector values used in the above are reproduced and the messages M11 to M15 are decoded.

  The decryption of the messages M11 to M15 here requires the shared secret key 81, the initial value 82 of the initial vector value, and the initial vector values 131 to 134. The shared secret key is unchanged as long as the SA persists, but the initial vector values 131 to 135 are variable for each message.

  Therefore, the ICMP decoding / reproduction processing unit 55 obtains an initial vector value of the IPSEC_ESP header from the IPSEC message attached to the received ICMP error notification message 73 (messages M11 to M15), and obtains the original IP message header (IP header). ).

  At this time, as the data length given to the received ICMP error notification message 73, the IPSEC_ESP header length + the initial vector length used by each encryption algorithm + the header length of the original IP message is required. Further, the original IP message header is decrypted in block cipher length units of the block cipher. For this reason, the attached message length of the ICMP error notification message 73 (messages M11 to M14) to which the routers R1 to R3 respond is the IP header length of the IPSEC message used between the encrypted communication device 10A and the encrypted communication device 10B. In addition, it responds with the following header length. That is, the routers R1 to R3 are the sum of the IP header length of the IPSEC message, the IPSEC_ESP header length, the initial vector length (A) used by each encryption algorithm, and the IP header length (B) of the encrypted original message. The messages M11 to M14 are returned to the encrypted communication device 10A with a data length equal to or greater than the value.

  The data encryption in (B) is performed by block cipher such as DES and 3DES, and the block cipher cannot be decrypted by the encrypted communication apparatus 10A unless the block unit length is 64 bits or 128 bits. The data length (IP header length of the original message length) is the length rounded up by the encryption block unit length of the block encryption algorithm to be used.

  Here, a case is shown in which the messages M12, 13, and 15 corresponding to the messages M2, 3, and 5 do not have an ICMP response from any of the routers R1 to R3. Even in such a case, when the ICMP decoding / reproduction processing unit 55 decodes the message M14, for example, the initial vector value immediately after the IPSEC_ESP header is obtained from the IPSEC message given to the message M14. The original IP message header (IP header) can be decrypted.

(Message decryption process on the receiving side)
FIG. 15 is a diagram for explaining message decryption processing of the encrypted communication device on the receiving side. When the IPSEC message 72 is transmitted from the encrypted communication device 10A to the encrypted communication device 10B without sending the ICMP error notification message 73 from any of the routers R1 to R3 to the encrypted communication device 10B, the encrypted communication is performed. The decryption processing unit 35 of the device 10B decrypts the received IPSEC message 72 (messages M21 to M25 corresponding to the messages M1 to M5). At this time, the encrypted communication device 10B reproduces the initial vector values used for encrypting the messages M21 to M25, and decrypts the messages M21 to M25.

  Here, a case where the message M22 corresponding to the message M2 is missing due to the discarding process by any of the routers R1 to R3 is shown. Even in such a case, for example, when decoding the message M23, the decoding processing unit 35 obtains an initial vector value immediately after the IPSEC_ESP header and decodes the IPSEC message portion attached to the message M23.

  Although the case where the number of messages transmitted from the encrypted communication device 10A to the encrypted communication device 10B is five messages M1 to M5 has been described here, the number of messages is not limited to five and may be four or less. There may be more than one.

  As described above, according to the second embodiment, the data length to be added to the ICMP error notification message 73 includes the IP header length of the IPSEC message, the IPSEC_ESP header length, the initial vector length (A) used by each encryption algorithm, and the encryption. Since the data length is equal to or greater than the total value of the IP header length (B) of the original original message that is generated (the data length sufficient to decode the IP header of the original original message length), the ICMP decoding / reproduction processing unit 55 It becomes possible to decode the IP header of the desired original message. Thus, the encrypted communication device 10A can obtain the address (terminal identification information) of the communication terminal to which the ICMP error notification message 73 should be transmitted, and can transmit the ICMP error notification message 74 to an appropriate communication terminal. It becomes.

  Further, since the encrypted communication device 10A can obtain the address of the communication terminal to which the ICMP error notification message 73 should be transmitted from the ICMP error notification message 73, the sequence use terminal DB 62 that stores the sequence number and the like is used. The ICMP error notification message 74 can be transmitted to an appropriate communication terminal with a simple configuration.

Embodiment 3 FIG.
Next, a third embodiment of the present invention will be described with reference to FIGS. In the third embodiment, information for identifying the IPSEC message 72 is stored when the IPSEC message 72 is transmitted, and when the ICMP error notification message 73 is received, the information is stored based on the stored information. Then, it is determined whether or not the ICMP error notification message 73 is forged. This makes it resistant to a DoS attack that notifies an ICMP error having the sequence number of the spoofed IPSEC_ESP header part and interferes with communication.

  FIG. 16 is a block diagram showing the configuration of the third embodiment of the encrypted communication apparatus according to the present invention. Of the constituent elements in FIG. 16, the constituent elements that achieve the same functions as those of the encrypted communication device 10A according to the first embodiment shown in FIG.

  Here, the encrypted communication device 10 </ b> A includes a sequence authentication value DB (storage unit) 91. In addition, the encrypted communication apparatus 10A includes an ICMP internal packet extraction / audit processing unit 45 in the ICMP reception processing unit 40.

  The sequence authentication value DB 91 stores information (authentication value information 104 described later) on an original message digest authentication value (authentication value for impersonation detection described later) calculated when the encrypted communication device 10A transmits the IPSEC message 72. Remember.

  The ICMP decryption / reproduction processing unit 55 calculates an impersonation detection authentication value for the IP header +64 bytes of the original IPSEC message 72 when an ICMP error notification message 73 or an impersonation message described later is notified to the encrypted communication device 10A. And the sequence number is extracted. The ICMP internal packet extraction / audit processing unit 45 extracts the authentication value for impersonation detection corresponding to the sequence number from the sequence authentication value DB 91 using the extracted sequence number as a key, and the authentication value for impersonation detection extracted from the sequence authentication value DB 91 And the calculated authentication value for impersonation detection is detected.

  Next, a method for detecting the camouflaged ICMP error notification message 73 will be described. An ICMP error notification message 73 transmitted by a router R1 or the like which is a regular router and an ICMP error notification message (hereinafter referred to as a forged router) transmitted by a fake router (hereinafter referred to as a forged router) have an ESP header + data portion. Slightly different.

  This is because the camouflaged router cannot know the original IPSEC message 72 that is legitimate, and therefore the camouflaged router generates a part (data part) of the original IPSEC message 72 to be included in the camouflaged message by prediction.

  The encrypted communication apparatus 10A according to the third embodiment extracts different parts in the communication system 100 between the ICMP error notification message 73 transmitted by the router R1 and the like and the forged message transmitted by the forged router, Is detected.

  The spoofed router can obtain the addresses of the originating encryption communication device 10A and the destination encryption communication device 10B, the addresses of the regular routers R1 to R3 on the relay path, the SPI value used in ESP, etc. by some means. there is a possibility. Further, there are cases where a forged message can be forged by utilizing the fact that the sequence number used in ESP starts from 1 in order.

  However, forging the IP packet 71 actually transferred by the calling terminal up to the internal packet portion of the encrypted IPSEC message 72 means that the router R1 on the regular encrypted communication path that can receive the actual IPSEC message 72 is used. It is impossible except for ~ R3.

  The value of each byte position is given as a different part (difference) between the original IPSEC_ESP message included in the regular ICMP error notification message 73 and the IPSEC_ESP message included in the fake message. However, this difference does not necessarily occur at every byte position. When comparing messages between specific one bytes, for example, if an attacker generates a forged ICMP error notification with all the values from 0x00 to 0xff for the specific bytes, the originating encryption communication device can be easily Detection of impersonation of 10A can be avoided.

  On the other hand, if all the bytes of the original IPSEC_ESP message of the transmitted true IPSEC message 72 and all the bytes of the IPSEC_ESP message included in the forged message are inspected, if even one byte is different, it is a forged message. It can be judged that there is.

  Therefore, in the third embodiment, the originating encryption communication device 10A stores all the IPSEC messages 72 to be transmitted for a predetermined period, and when an ICMP error notification message 73 or a forged message is responded, A part of the assigned original IPSEC_ESP message is compared with the stored IPSEC message 72. If there is a difference between the two, the difference is detected and the message is rejected.

  Further, in the third embodiment, the originating encryption communication device 10A performs a difference comparison between a legitimate message and a forged message and a difference extraction process using message digest authentication.

  As shown in FIG. 13, the original IPSEC message 71 is protected by being given a message digest authentication value. However, since this message digest authentication value is given at the end of the original IPSEC_ESP message, the correctness of the original IPSEC_ESP message cannot be verified from the notified ICMP error notification message 73.

  Therefore, the authentication value calculation unit (first identification information calculation unit) 25 of the encrypted communication device 10A here uses only the standard message digest authentication value that protects the entire normal IPSEC_ESP message. Another message digest authentication value (hereinafter referred to as an authentication value for impersonation detection) is calculated and held.

  FIG. 17 is a diagram for explaining a method of calculating an authentication value for impersonation detection. In the figure, the upper packet indicates an IPSEC message 72 (IPSEC_ESP packet) transmitted by the encrypted communication device 10A, and the lower packet indicates an ICMP error notification message 73 received by the encrypted communication device 10A.

  When the encrypted communication device 10A transmits the IPSEC message 72, the authentication value calculation unit 25 adds the part added to the original IPSEC_ESP message (IP header + 64 bytes of the transmitted IPSEC message 72 (ESP header + some data part)) The authentication value for impersonation detection that is unique message digest authentication is calculated and stored in the sequence authentication value DB 91. The authentication value for impersonation detection is stored in the sequence authentication value DB 91 as the authentication value information 104 described later. Keep it.

  Here, the impersonation detection authentication value (authentication value information 104) stored in the sequence authentication value DB 91 will be described. FIG. 18 is a diagram illustrating an example of the configuration of authentication value information. The authentication value information 104 is information for detecting a camouflaged message transmitted from the camouflaged router, and the “counter device” (address), “SPI value”, “sequence number”, and “authentication detection authentication value” are included. Each is associated. That is, in the authentication value information 104 here, “sequence number” and “authentication detection authentication value” are associated with each other, and the “spoof detection authentication value” stored when the IPSEC message 72 is transmitted. Can be searched based on the “sequence number”.

  Here, when the encrypted communication device 10A transmits the IPSEC message 72, the authentication value calculation unit 25 sets the authentication value for impersonation detection for the IP header +64 bytes that may be responded with the ICMP error notification message 73. Calculated and stored in the sequence authentication value DB 91 using the sequence number as a key.

  When the ICMP error notification message 73 or the spoofed message is notified to the encrypted communication device 10A, the ICMP internal packet extraction / audit processing unit (second identification information calculation unit) 45 sets the IP header +64 bytes of the original IPSEC message 72. On the other hand, an authentication value for impersonation detection is calculated and a sequence number is extracted. Then, the ICMP internal packet extraction / audit processing unit 45 extracts the impersonation detection authentication value corresponding to the sequence number from the sequence authentication value DB 91 using the extracted sequence number as a key. Further, the ICMP internal packet extraction / audit processing unit (impersonation determination unit) 45 compares the impersonation detection authentication value extracted from the sequence authentication value DB 91 with the calculated impersonation detection authentication value.

  When the calculated authentication value for impersonation detection is equal to the extracted authentication value for impersonation detection, this message is a legitimate ICMP error notification message 73, and when it is not equal, it is a forgery message. Therefore, the ICMP internal packet extraction / audit processing unit 45 accepts the message (ICMP error notification message 73) when the calculated forgery detection authentication value is equal to the extracted forgery detection authentication value. On the other hand, the ICMP internal packet extraction / audit processing unit 45 rejects acceptance of a message (spoofed message) when the calculated authentication value for impersonation detection is not equal to the extracted authentication value for impersonation detection.

  It should be noted that the calculation of the authentication value for impersonation detection can be performed by an area that can be changed by routing processing on the encrypted communication path (for example, a TOS (Type Of Service) area in the IP header part of IPSEC, a checksum area, a DS (Differentiated) Service) field, etc.) may be excluded.

  As a result, even if a camouflaged router other than the routers R1 to R3 responding to the ICMP error notification message 73 on the encrypted communication path changes these areas (TOS area, checksum area, etc.), the encrypted communication apparatus 10A Can reliably determine whether the response router of the ICMP error notification message 73 is a regular router R1 to R3 existing on the encrypted communication path or a fake router.

  Here, in order to clarify the difference between the encrypted communication device 10A according to the third embodiment and the conventional encrypted communication device (originating side tunnel device), problems of the conventional originating side tunnel device will be described. In an actual IP network, routers that do not support IPSEC send many ICMP error notifications. For this reason, until now, the validity of ICMP error notification could not be directly confirmed.

  Therefore, until now, either all accepted ICMP error notifications or forged messages are accepted, all rejected, or a predetermined check is performed on the ICMP error notification and only a valid ICMP error notification is accepted. .

  However, there has been no technology that directly checks and accepts an ICMP error notification. In addition, if all are accepted, a serious notification regarding a network failure such as ICMP_MTU excess or ICMP destination unreachable will be accepted without checking whether it is valid, and a DoS attack can be easily performed. Problem occurs.

  Further, if all are rejected, a serious notification regarding a network failure such as exceeding ICMP_MTU or ICMP destination unreachable will be completely rejected, causing a problem that an important failure cannot be detected.

  On the other hand, the encryption communication device 10A according to the third embodiment calculates the authentication value for impersonation detection based on the IPSEC message 72 when transmitting the IPSEC message 72, and the sequence number for each packet that the IPSEC message 72 always holds. It is stored in association with. When the ICMP error notification message 73 is received, an impersonation detection authentication value is calculated based on the ICMP error notification message 73.

  Based on the authentication value for impersonation detection calculated from the IPSEC message 72 and the authentication value for impersonation detection calculated from the ICMP error notification message 73, it is determined whether or not the received ICMP error notification message 73 is forged. is doing.

  This is an IPSEC-specific method that guarantees the sequence number count-up, thereby uniquely identifying each IPSEC message. For existing IP packets that do not have a sequence number, for example, a unique authentication value is calculated. However, this method cannot be used because it is not possible to compare the authentication value corresponding to which transmission packet when the ICMP error notification message is received.

  Further, paying attention to impersonation of the ICMP error notification, the encrypted communication device 10A itself transmits the reproduced ICMP error notification message 74 to the communication terminal side, thereby enabling the communication terminal to be notified of the failure on the encrypted communication path. In addition to having a function, it is configured not to accept a forged message (forged ICMP error notification) received from an unauthorized forged router on an encrypted communication path. Thus, the encrypted communication device 10A can perform flexible ICMP control under the IPSEC_ESP environment.

  As described above, according to the third embodiment, the originating encrypted communication device 10A is the ICMP error notification message 73 from the normal routers R1 to R3 that are present on the encryption path when the ICMP error is notified. It is possible to easily determine whether the message is a forged message from a forged router, and it is possible to protect against a DoS attack caused by ICMP error notification.

  Further, since the authentication value for impersonation detection is stored when the IPSEC message 72 is transmitted, the required amount of memory can be greatly reduced as compared to storing the entire IPSEC message 72 or a necessary part of the IPSEC message 72. Therefore, a forged message from a forged router can be detected with a simple configuration, and a DoS attack caused by ICMP error notification can be prevented.

  In addition, since the authentication value for impersonation detection is stored in association with the sequence number, the amount of comparison calculation for the authentication value for impersonation detection can be reduced, and the authentication value for impersonation detection can be easily and quickly compared. Become.

  As described above, in the first to third embodiments, attention is paid to the fact that the sequence number in the IPSEC_ESP header having the purpose of preventing replay attacks has an index function that makes it possible to uniquely identify the transmitted IPSEC packet. . Then, the first to third embodiments are realized by using this sequence number for managing the sending / receiving terminal address, managing the initial vector value, and managing the transmission message authentication value (authentication value for impersonation detection). In addition, since it is possible to prevent replay attacks and determine the destination terminal address with one sequence number, it is possible to reduce the IPSEC_ESP encrypted message header length.

  As described above, the encrypted communication apparatus according to the present invention is suitable for processing for transferring a communication control message on a tunnel communication path to a communication terminal outside the tunnel communication path.

It is a figure which shows the structure of the communication network containing the encryption communication apparatus which concerns on this invention. It is a figure for demonstrating the structure of the data transmitted / received within a communication network. It is a block diagram which shows the structure of Embodiment 1 of the encryption communication apparatus which concerns on this invention. It is a flowchart which shows the process sequence of the data transmission process from a calling side terminal to a tunnel side. It is a figure which shows an example of a structure of output side SA information. It is a figure which shows an example of a structure of use SA information which SA use terminal DB memorize | stores. It is a figure which shows an example of a structure of the sequence number information which sequence use terminal DB memorize | stores. It is a flowchart which shows the process sequence of the decoding process of the data received from the tunnel side. It is a flowchart which shows the process sequence of an ICMP reception process. 4 is a flowchart showing a processing procedure of ICMP reproduction processing according to the first embodiment. It is a figure for demonstrating the origin side terminal range. It is a block diagram which shows the structure of Embodiment 2 of the encryption communication apparatus which concerns on this invention. It is a figure for demonstrating the encryption process of the encryption communication apparatus of a transmission side. It is a figure for demonstrating the ICMP decoding process of the encryption communication apparatus of a transmission side. It is a figure for demonstrating the message decoding process of the encryption communication apparatus of a receiving side. It is a block diagram which shows the structure of Embodiment 3 of the encryption communication apparatus which concerns on this invention. It is a figure for demonstrating the calculation method of the authentication value for impersonation detection. It is a figure which shows an example of a structure of authentication value information.

Explanation of symbols

1-3 LAN
5 WAN
10A, 10B Encrypted communication device 11 Output side SADB
12 Input side SADB
13 Terminal side I / F
14 Tunnel side I / F
DESCRIPTION OF SYMBOLS 20 Encapsulation process part 21 SA search part 22 SA use permission judgment part 23 Encryption process part 24 ESP header process part 25 Authentication value calculation part 26 IP header process part 30 Decapsulation process part 31 Use SA search part 32 Sequence verification part 33 Authentication value confirmation processing unit 34 Replay protection processing unit 35 Decoding processing unit 36 SADB auditing unit 36 before output
40 ICMP reception processing unit 41 ICMP type determination unit 42 ICMP internal packet extraction unit 43 ICMP type corresponding processing unit 45 ICMP internal packet extraction / audit processing unit 50 ICMP relay reproduction processing unit 51 ICMP relay processing determination unit 52 ICMP reproduction unit 53 ICMP transmission Terminal determination unit 53
55 ICMP Decoding / Reproduction Processing Unit 60 ICMP Reproduction Data Management Unit 61 SA Use Terminal DB
62 Sequence use terminal DB
91 Sequence authentication value DB
DESCRIPTION OF SYMBOLS 100 Communication system 101 Output side SA information 102 Used SA information 103 Sequence number information 104 Authentication value information 301-303 Originating side terminal range D1-D3 Data M1-M5, M11-M15, M21-M25 Message R1-R3 Router X1-Xn , Y1-Ym, Z1-Zl communication terminal

Claims (12)

When a user message is received from a plurality of communication terminals outside the encrypted communication path, each user message is encrypted and encapsulated, transferred to the opposite device on the encrypted communication path, and the user message is transmitted on the encrypted communication path When a communication control message including at least a part of the encrypted and encapsulated user message transmitted from the relay device that relays to the opposite device is received, the communication control message is decrypted and decapsulated. In an encrypted communication device that transfers to a predetermined destination outside the encrypted communication path,
When each user message from each communication terminal is transferred to the opposite device, the encrypted communication path information regarding each encrypted communication path to which each user message is transferred and each communication terminal which is a transmission source of each user message A storage unit for storing address information related to the association with the address of
A transmission unit that adds the encrypted communication path information corresponding to the user message without encryption to the encrypted user message and transfers the encrypted message to the opposite device;
A receiving unit that receives the communication control message including the encrypted communication path information added without being encrypted to the user message transmitted from the transmitting unit;
A transmission destination determination unit that determines a transmission destination of the communication control message using the communication control message received by the reception unit;
The encrypted communication path information is extracted from the communication control message received by the reception section, and the transmission destination determination section determines based on the extracted encrypted communication path information and the address information stored in the storage section. A transmission address determining unit that determines a transmission destination address of the communication control message corresponding to the transmission destination;
An encrypted communication device comprising:   2. The encrypted communication path information includes message identification information assigned to each user message transferred to each encrypted communication path and communication path identification information for identifying the encrypted communication path. The encrypted communication device according to 1. The transmission address determination unit
When the transmission destination determination unit determines that the transmission destination of the communication control message is a communication terminal that has transmitted a user message corresponding to the communication control message, the transmission destination address of the communication control message is set to the communication path. Determine the identification information and the address of the communication terminal corresponding to the message identification information,
When the transmission destination determination unit determines that the transmission destination of the communication control message is a communication terminal using an encrypted communication path to which a user message corresponding to the communication control message is transferred, the communication control message The encrypted communication apparatus according to claim 2, wherein the destination address is determined to be an address of a communication terminal using an encrypted communication path corresponding to the communication path identification information.   The message identification information is a sequence number in an encryption header that is counted up for each user message transferred to each encrypted communication path and added when the user message is encrypted. The encrypted communication device according to claim 2 or 3.   The encrypted communication apparatus according to claim 2 or 3, wherein the communication path identification information is an SPI value for identifying each of the encrypted communication paths.   6. The encrypted communication apparatus according to claim 1, wherein the storage unit erases the address information at a predetermined timing for each user message. The transmission unit adds encryption parameter information relating to an encryption parameter used when encrypting the user message to the user message and transmits the encryption parameter information to the opposite device, and the relay device transmits the encryption parameter. Send a communication control message with information added,
When the reception unit receives the communication control message to which the encryption parameter information is added from the relay device, the reception unit further includes a decryption unit that decrypts the user message in the communication control message using the encryption parameter information. The encrypted communication apparatus according to claim 1. The transmission unit adds terminal identification information for identifying a communication terminal that is a transmission source of the user message to the user message transmitted to the opposite device and transmits the user message, and the relay device is a terminal added to the user message. Sending the communication control message in a message size including identification information in the communication control message;
The decoding unit decodes terminal identification information added to the user message,
The transmission address determination unit determines a transmission destination address of the communication control message corresponding to the transmission destination determined by the transmission destination determination unit based on the decoded terminal identification information and the address information stored in the storage unit. 8. The encrypted communication device according to claim 7, wherein the encryption communication device is determined. The transmission address determination unit
When the transmission destination determination unit determines that the transmission destination of the communication control message is a communication terminal that has transmitted a user message corresponding to the communication control message, the transmission destination address of the communication control message is identified as the terminal Determine the address of the communication terminal corresponding to the information,
When the transmission destination determination unit determines that the transmission destination of the communication control message is a communication terminal using an encrypted communication path to which a user message corresponding to the communication control message is transferred, the communication control message 9. The encrypted communication apparatus according to claim 8, wherein the destination address is determined to be an address of a communication terminal that uses an encrypted communication path corresponding to the communication path identification information. When a user message is received from a plurality of communication terminals outside the encrypted communication path, each user message is encrypted and encapsulated, transferred to the opposite device on the encrypted communication path, and the user message is transmitted on the encrypted communication path When a communication control message including at least a part of the encrypted and encapsulated user message transmitted from the relay device that relays to the opposite device is received, the communication control message is decrypted and decapsulated. In the encrypted communication device that transmits to a predetermined destination outside the encrypted communication path,
When the user message is transmitted to the relay device, the user message is identified by using the encrypted user message included in the communication control message corresponding to the user message transmitted from the relay device. A first identification information calculation unit for calculating first message identification information to be
A storage unit for storing the first message identification information calculated by the identification information calculation unit;
Second identification information for calculating second message identification information for identifying each user message by using an encrypted user message included in the communication control message when the communication control message is received. A calculation unit;
Based on the first message identification information and the second message identification information, it is determined whether or not the first message identification information and the second message identification information are the same, and based on the determination result A camouflage determination unit that determines whether the second message identification information is camouflaged;
An encrypted communication device comprising:   The first identification information calculation unit and the second identification information calculation unit extract a portion that is not changed when the communication control message is transmitted and received, and use the extracted portion to identify the first message The encrypted communication device according to claim 10, wherein the information and the second message identification information are calculated. The storage unit counts up for each user message transferred to each encrypted communication path, and adds a sequence number in an encryption header added when the user message is encrypted, and the first message Store the identification information in association with each other,
Whether the impersonation determining unit extracts the first message identification information from the storage unit using the sequence number included in the communication control message, and whether the second message identification information is impersonated. The encrypted communication device according to claim 10 or 11, wherein it is determined whether or not.

Images