JP4674494B2 - Packet receiver - Google Patents

Description

The present invention relates to a packet receiving apparatus, be especially intercepted on the network about the packet receiving apparatus for receiving a packet difficult to know the source or destination.

  As information technology (IT) progresses in various fields and various types of information are handled by computers, there is an increasing demand for computer security. Therefore, for example, network monitoring devices are used in order to realize computer forensic for tracking unauthorized access to computers and preserving evidence. The network monitoring device is connected to a network such as a LAN (Local Area Network) and monitors communication performed between communication terminals belonging to the network, and communication performed by these communication terminals with a communication terminal outside the network. Is also monitored.

  Such network monitoring by the network monitoring device is preferably performed without being noticed by other communication terminals on the network. This is because if the network monitoring device itself is attacked by unauthorized access, the original function of monitoring the network may not be performed. Therefore, for example, even if a command such as “ping” that confirms the IP (internet protocol) address is received from another communication terminal, a setting is made such that no response is made. Among devices used as network monitoring devices, there is a device called a packet black hole (registered trademark) of Net Agent. However, the technical principle of the monitoring is not disclosed, and details such as the configuration are unknown.

  By the way, in a network composed of a plurality of subnets connected by routers such as a large-scale in-house LAN, a network monitoring device is installed for each of these subnets to adopt a distributed monitoring system. In this case, every time the settings of each network monitoring device are changed or the monitored content is checked, it takes time and labor for the worker to go to the place where these network monitoring devices are installed. Will be applied. Therefore, it is common to provide a management device that communicates with these network monitoring devices via the network, and to perform management work such as setting change of each network monitoring device and confirmation of monitoring contents from this remote management device. .

  However, in this case, there is a risk that a packet used when the management apparatus communicates with each network monitoring device is intercepted by another communication terminal. If the presence of the network monitoring device is clarified from the address information such as the destination or transmission source IP address stored in the packet header, there is a possibility that the network monitoring device may be attacked by unauthorized access.

Therefore, a packet communication method using an address translation device that translates the IP address of the packet has been proposed (see, for example, Patent Document 1). In this proposal, the network monitoring device that is the transmission source of a packet does not transmit the packet to the management device that is the destination, but instead transmits it to the address translation device. When the address translation device receives the packet, the address translation device selects one of the IP addresses of the transmission source from the original IP address of the network monitoring device and the alternative IP address (alternate address) possessed by the address translation device. The IP address is converted into a one-to-one correspondence with. Then, the packet is transmitted to the destination management apparatus in a state where the IP address after conversion is set as the transmission source address. Therefore, in this packet communication method, the network monitoring device can transmit the packet to the management apparatus while keeping its own IP address secret. As a result, even if a packet is intercepted, the source address does not represent the IP address of the network monitoring device, making it difficult for a third party to identify the network monitoring device and reducing the possibility of an attack due to unauthorized access. be able to.
JP 2003-69605 A (paragraph 0036 to paragraph 0040, FIG. 1)

  By the way, in the packet communication method according to this proposal, when an attack by unauthorized access is set on the address translation device, the address translation device changes the IP address of the packet destination to the original IP address of the network monitoring device and sends it out. Therefore, it leads to an attack of network monitoring equipment. Therefore, this method cannot prevent an attack on the network monitoring device after all, and does not provide a very strong defense.

  The description has been given above of the packet transmission / reception performed between the network monitoring device and the management apparatus as an example, but the present invention is not limited to this. Even when packets are communicated between other devices or devices, there is a high demand for a third party not to know the transmission source. For example, a communication quality monitoring apparatus that monitors network communication quality is an example. The communication quality monitoring device monitors communication packets for the purpose of promptly responding to a network failure or distributing an appropriate load. Therefore, when this communication quality monitoring apparatus is attacked, there is a risk that the monitored communication content will leak. A device to which address information such as an IP address can be attached is called a node, and a node that should hide its own device from other nodes is called a secret node in this specification. Even in a secret node, some communication traffic is generated by communication in a normal case. This is because if it is attempted to manage this secret node from a remote location, it is necessary to perform communication between the management node that performs management and the secret node. In order to perform distributed monitoring, communication may be performed between a plurality of secret nodes. When the traffic generated by the secret node is detected by other nodes in the network and the communication method is grasped, the secret node itself is monitored or attacked as described above. Thus, the original function of the secret node cannot be performed.

  Of course, if the worker directly manages the secret node without remotely monitoring the secret node or does not perform any distributed processing between the secret nodes, the secret node traffic does not occur. However, not only does the management man-hour increase significantly, but the function of the secret node is limited if the distributed processing cannot be performed. Therefore, such a method cannot be adopted unless it is a special environment in which there is a request for extremely high security.

It is an object of the present invention, the transmission and reception of packets is performed between a plurality of nodes, it is performed intercept packets even difficult to detect, yet does not require the intervention of specialized equipment between nodes for transmitting and receiving packets To provide a receiving apparatus .

In the present invention , (a) a packet receiving means for receiving a packet whose destination address matches the address of its own device, and (b) the above described from the location of the source address in the packet received by this packet receiving means . A source address reading unit for reading out an address existing in a communication network where the packet receiving unit receives the packet as a source address ; and (c) a portion other than a portion where the source address is described in the packet received by the packet receiving unit. Specific information reading means for reading specific information determined in advance with a specific transmission source from a specific location; and (d) the specific information read by the specific information reading means corresponds to the transmission source address read by the transmission source address reading means. A coincidence detecting means for detecting whether the above-mentioned specific transmission source coincides with a predetermined identifier. If, as an address indicating the (e) a particular source to a predetermined specific address other than the transmission source address read source address reading means described above when the coincidence detection means detects a match has the determination And a packet source receiving means for discriminating that the source address read by the source address reading means is an address indicating the source when the match detection means does not detect a match. Install in the device.

In the present invention, (a) a packet receiving means for receiving a packet whose destination address matches a predetermined specific address, and (b) from a location where the destination address is described in the packet received by the packet receiving means. A destination address reading means for reading out an address existing in a communication network where the packet receiving means receives the packet as a destination address; and (c) a place other than a place where the destination address is described in the packet received by the packet receiving means. Specific information reading means for reading specific information determined in advance with a specific transmission source from the specific location of the information, and (d) the specific information read by the specific information reading means corresponds to the destination address read by the destination address reading means To detect whether the specified sender matches the identifier determined in advance. Detection means, determines that a (e) address indicating a predetermined certain addresses other than destination address read destination address reading means described above when the coincidence detection means detects a match is own device, and the When the coincidence detecting means does not detect a coincidence , the packet receiving apparatus is provided with destination address determining means for determining that the destination address read by the destination address reading means is an address indicating the destination.

  As described above, in the present invention, address information indicating the transmission source of a packet transmitted from a certain node or address information indicating the destination of a packet destined for that node is substituted with other address information to specify a specific destination. Therefore, it is possible to prevent the third party from noticing the existence of the node. Moreover, if an identifier indicating that the substitute address information is substituted is incorporated in a packet communicated between a certain node and a specific destination, the substitute address information is converted into the original address information. Even if there is a communication means possessed as, the packet handled by the person and the packet handled by the node substituting the address information can be distinguished and handled.

  Hereinafter, the present invention will be described in detail with reference to examples.

FIG. 1 shows a main part of a communication system for transmitting and receiving packets in an embodiment of the present invention. The communication system 100 performs packet communication using an IP (Internet Protocol) network 101 represented by the Internet. A secret node 102 that conceals the IP address of its own apparatus and a management node 103 that communicates with the IP node 101 for managing the secret node 102 are connected to the IP network 101. An intercepting terminal 104 representatively shown as a terminal that intercepts packets is also connected to the IP network 101. Confidential node 102 is connected to the first to third terminal 106 ₁ to 106 ₃ through the switch 105.

In this communication system 100, the IP address of the first terminal 106 ₁ is A ₁ , the IP address of the second terminal 106 ₂ is A ₂ , and the IP address of the third terminal 106 ₃ is A ₃ . Further, it is assumed that the IP address of the management node 103 is K and the IP address of the secret node 102 is H. In this embodiment, the secret node 102 and the management node 103 perform packet communication of various data for managing the secret node 102, and the intercepting terminal 104 analyzes the address information of the packet that communicates with the IP network 101 to conceal the data. It is assumed that there is a possibility of unauthorized access to the node 102. In the present embodiment, the first to third terminals 106 _{1 to} 106 ₃ have their own IP addresses A _{1 to} A ₃ , and arbitrary terminals (not shown) via the IP network 101 by switching operation of the switch 105. Packet communication can be performed with the device. The first to third terminals 106 _{1 to} 106 ₃ have consented to the secret node 102 using these IP addresses A _{1 to} A ₃ . However, if the packet exchanged between the secret node 102 and the management node 103 does not pass to the first to third terminals 106 _{1 to} 106 ₃ , these consents may not be required. As a result, the secret node 102 can perform packet communication using the IP addresses A _{1 to} A ₃ instead of the original IP address H. In this specification, a packet in which address information other than that of the device itself is incorporated is referred to as a secret packet.

Assuming that the secret node 102 transmits a secret packet to the management node 103 using, for example, the IP address A ₁ of the first terminal 106 ₁ as a transmission source, the intercepting terminal 104 that intercepted the packet receives the address of the secret node 102. I can't know the information. Therefore, there is no danger of unauthorized access to the secret node 102. However, the management node 103 itself cannot know the IP address H of the secret node 102, and if it is left as it is, the source of the packet is erroneously recognized as the first terminal 106 ₁ .

Therefore, in this embodiment, as described later, when an identifier for notifying that a packet is a secret packet is incorporated in a specific area of the packet, the IP address indicating the transmission source is set as the IP address indicating the original transmission source. I do not handle it. On the other hand, when the identifier for notifying that the packet is a secret packet is not incorporated in a specific area of the packet, the management node 103 treats the IP address indicating the transmission source as the IP address indicating the original transmission source. become. However, the first to third terminal 106 ₁ to 106 ₃ If there is no possibility to use any of these IP addresses A ₁ to A _3, or the first to third terminal 106 ₁ to 106 ₃ are independently An exception is when communication with the management node 103 is not performed. In this case, when the IP addresses A _{1 to} A ₃ are used as transmission source addresses, information indicating that they are “borrowed” by the secret node 102 is only between the secret node 102 and the management node 103. If it is acquired as information that can be known, the use of an identifier is not required.

In the present embodiment, the secret node 102 switches between the IP addresses A _{1 to} A ₃ of the _{first to third} terminals 106 _{1 to} 106 ₃ as appropriate. This is a device for preventing the interception terminal 104 from grasping the relationship between the management node 103 and these “borrowed” IP addresses A _{1 to} A ₃ . Specific matters regarding the switching of the IP addresses A _{1 to} A ₃ of the _{first to third} terminals 106 _{1 to} 106 ₃ and the designation of the switching destination are determined between the secret node 102 and the management node 103. Can be done freely. Hereinafter, a specific configuration of the communication system 100 will be described, and subsequently, actual transmission and reception of packets in the communication system 100 will be described.

FIG. 2 shows an outline of the configuration of the secret node. The secret node 102 includes an input interface 151 that receives packets via the IP network 101 or the switch 105 shown in FIG. 1, a reception buffer 152 that temporarily stores packets received by the input interface 151, and the reception buffer. The packet detector 153 for detecting the packet addressed to the own device among the packets stored in the packet 152, and the packet detected by the packet detector 153 for the device itself are detected as addressed to the own device. A packet processing unit 154 that performs the above processing. The own device packet detection unit 153 is connected to the alternative address management unit 155. The alternative address management unit 155 is a device for managing that the secret node 102 uses an IP address of another device as an alternative address instead of the original IP address, and includes an alternative address table 156. The alternative address table 156 is a table for managing an alternative address as the source or destination address of the secret packet. Here, the alternative address is an IP address that the secret node 102 uses instead of its own original IP address H. In this embodiment, IP address, A ₁ to A ₃ are true for the first to third terminal 106 ₁ to 106 ₃ shown in FIG.

The alternative address management unit 155 is connected to a packet generation unit 157 for generating a packet to be transmitted. The packet generation unit 157 incorporates _one of the IP addresses A _{1 to} A ₃ of the _{first to third} terminals 106 _{1 to} 106 3 as the source address in the generated packet. The packet generated in this way or the packet that is determined not to be addressed to the device itself by the packet detector 153 addressed to the device itself and to be transferred is temporarily stored in the transmission buffer 160. Then, it is sent via the output interface 161 to the management node 103, the switch 105, or a terminal (not shown) shown in FIG.

  Although the secret node 102 is shown as a functional block in FIG. 2, such a device can be configured by a personal computer having a communication function, for example. That is, the secret node 102 includes a CPU (Central Processing Unit), a storage medium such as a hard disk storing a control program executed by the CPU, a RAM (Random Access Memory) used as a working memory, and a hardware such as a communication circuit. It can be configured with wear. In this case, a storage medium such as a RAM or a hard disk can be allocated to the alternative address table 156, the reception buffer 152, and the transmission buffer 160.

FIG. 3 shows a main part of the alternative address table. The alternative address table 156 represents the column of the table number 181 managed by serial numbers, the column of the start time 182 indicating the start of use of the alternative address, and the alternative address used by the secret node 102 illustrated in FIG. It consists of a column of an alternative address 183 and a column of a secret node identifier 184 indicating a secret node identifier indicating that the alternative address is used. For example, when the table number 181 is “1”, the use start time is 19:00 on May 19, 2005, and the end of use is entered in the column of the start time 182 in the table number 181 “2”. It can be seen that it is up to 14:00 on May 19, 2005, in relation to the time. The alternative address is the IP address A ₁ for the _first terminal 106 ₁ . The secret node identifier is “0x4b6a”.

FIG. 4 shows an example of a secret packet generated by the packet generator. Here, the format of a packet transmitted by the secret node 102 when the table number 181 described in FIG. 3 is “1” is shown. The secret packet 201 is composed of a header 202 and a payload 203. The header 202 is configured by an IP header or a UDP (User datagram protocol) header. In this example the storage area 204 of the source address of the header 202 IP address A ₁ of the first terminal 106 ₁ is stored as a replacement address. In this embodiment, the top area of the payload 203 is a secret node identifier storage area 205, and in the case of a packet transmitted by the secret node 102, the secret node identifier “0x4b6a” corresponding to the IP address A ₁ is stored here. Has been.

FIG. 5 shows an example of packets other than the secret packet generated by the packet generator. Here, the packet transmitted by the first terminal 106 ₁ shown in FIG. 1 is shown in a form corresponding to FIG. Packets other than the secret packet are referred to as normal packets. In the normal packet 211, the original address information of the transmission source is stored in the transmission source address storage area 204 of the header 202. In this example, since the IP address A ₁ of the first terminal 106 ₁ is stored, it coincides with the secret packet 201 of FIG. 4 by chance. However, in the case of the normal packet 211, the original transmission data is stored in the payload 203, and the secret node identifier is not stored at the leading end.

  As can be seen from FIGS. 4 and 5 above, when the secret node identifier storage area 205 is provided at the tip of the payload 203 and a predetermined secret node identifier 184 is stored, the packet is the secret packet 201 (FIG. 4). In this case, an alternative address 183 that is not the original source address is stored in the source address storage area 204. In the case of the normal packet 211 (FIG. 5), the original transmission source address is stored in the transmission source address storage area 204. At this time, the secret node identifier 184 is not stored in a predetermined location such as the top of the payload 203.

  FIG. 6 shows the configuration of the management node. The management node 103 receives an input interface 221 that receives a packet via the IP network 101 shown in FIG. 1, a reception buffer 222 that temporarily stores the packet received by the input interface 221, and stores the packet in the reception buffer 222. A packet processing unit 223 is provided for detecting and processing a packet addressed to the own apparatus from among the packets being processed. The packet processing unit 223 is connected to the alternative address management unit 225. The alternative address management unit 225 includes an alternative address table 226 that stores the transmission source of the secret packet and the alternative address corresponding to each secret node. Here, each secret node refers to each secret node (not shown) connected to the IP network 101 in the same manner as the secret node 102 shown in FIG.

The alternative address management unit 225 and the management data creation unit 227 are connected to a packet generation unit 228 for generating a packet to be transmitted. The management data creation unit 227 creates management data for a secret node such as the secret node 102 shown in FIG. When the secret node 102 is the destination, the packet generator 228 incorporates any of the IP addresses A _{1 to} A ₃ of the _{first to third} terminals 106 _{1 to} 106 3 as the source address in the generated packet. Become. The packet generated in this way is temporarily stored in the transmission buffer 229. Then, it is sent to the destination such as the secret node 102 shown in FIG.

  The alternative address table 226 is prepared by using the alternative address table 156 shown in FIG. 3 for each secret node to be managed by the management node 103. For this reason, the illustration is omitted. The alternative address table 156 indicates that the management data creation unit 227 corresponds to the secret node to which the management data creation unit 227 corresponds according to an instruction of the system administrator or the like when a configuration of a terminal that can be selected as an alternative address by the secret node such as the secret node 102 is changed. Requests the new creation of the alternative address table 156 and the transmission of data relating to each of the created alternative address tables 156. The management node 103 updates the contents of the table by rewriting the contents of the corresponding part of the alternative address table 226 based on the data every time data related to the alternative address table 156 is sent from each secret node.

The management node 103 shown in FIG. 6 can also be configured by a personal computer having a communication function in the same manner as the secret node 102 shown in FIG. That is, the management node 103 can be composed of a CPU, a storage medium such as a hard disk storing a control program executed by the CPU, and a RAM used as a working memory and hardware such as a communication circuit. Detailed description thereof will be omitted. Further, the first to third terminals 106 _{1 to} 106 ₃ and the intercepting terminal 104 shown in FIG. 1 may be the same as a communication terminal composed of a general personal computer or a workstation. Therefore, specific descriptions of these configurations are omitted.

  Next, the operation of each unit in the communication system 100 configured as described above will be described.

FIG. 7 shows how the secret node creates the alternative address table shown in FIG. The above-described CPU of the secret node 102 performs an alternative address when the setting of the alternative address table 156 is specified (step S302: Y) at the time of initial setting according to an instruction from the system administrator (step S301: Y). Check whether the manual setting mode or automatic setting mode is set. When the manual setting mode is set (step S303: Y), a list of alternative addresses input by the administrator of the secret node 102 is read (step S304). That is, at this time, the administrator of the secret node 102 may be allowed to input an IP address that can be used as an alternative address, or a list of IP addresses that can be used as an alternative address that has already been input by the administrator is read. May be. Concealment node as shown in FIG. 1 102 is the IP network 101 side and has two ports on the switch 105 side, alternate addresses the first to third connecting to the latter port terminals 106 ₁ to 106 ₃ It is more convenient to choose from. These first to third terminals 106 _{1 to} 106 ₃ exist under the secret node 102 when viewed from the intercepting terminal 104 connected to the IP network 101. For this reason, the intercepting terminal 104 shown in FIG. 1 is highly likely to determine that the _first to third terminals 106 _{1 to} 106 ₃ have transmitted packets in which these alternative addresses exist at the transmission source. The presence of the secret node 102 becomes difficult to be noticed. However, even if it is such a subordinate terminal, the terminal itself and its subordinate terminal are excluded, as is the case with the secret node 102. This is because if another secret node is the target of an alternative address, the address will be disclosed, which is not preferable. In addition, when terminals having the same secret node are selected as alternative address targets, there is a possibility that the secret node identifiers coincide with each other. To avoid this, each secret node has a different alternative address table so that two or more secret nodes do not select the same terminal as an alternative address target at the same timing. Alternatively, it is only necessary that two or more secret nodes do not select the same secret identifier at the same timing.

  On the other hand, when the automatic setting mode is selected for the setting of the alternative address table 156 (step S303: N), the above-described CPU of the secret node 102 transmits the packet transmitted from the subordinate terminal and the IP network 101. Intercept packets sent from a terminal (not shown) toward a subordinate terminal and collect address information thereof (step S305).

  If an alternative address is obtained in step S304 or step S305, a dedicated alternative address table 156 dedicated to the secret node 102 is newly created or the contents of the alternative address table 156 are updated (step S306). The packet generation unit 157 generates a packet incorporating the contents of the alternative address table 156, incorporates the destination by encrypting the address information of the management node 103, and further incorporates identification information of the secret node 102 itself in the payload. The packet is transmitted to the management node 103 as an alternative address update packet (step S307). At this time, the transmission source address of the packet is the corresponding alternative address in the alternative address table 156.

  When the automatic setting mode is selected for the setting of the alternative address table 156 and the alternative address is collected from the address information of the packet that actually flows through the network, the address that has been confirmed to exist on the network at that time Thus, the contents of the alternative address table 156 can be updated. Therefore, for example, the terminal is not used due to a failure or the like, and there is no possibility that the interception terminal 104 shown in FIG.

  FIG. 8 shows the processing flow of the management node when receiving a packet incorporating the contents of the alternative address table. When the CPU of the management node 103 receives the substitute address update packet incorporating the contents of the substitute address table 156 (step S321: Y), it analyzes the payload and interprets the identifier of the source secret node 102. (Step S322). Here, the identifier of the secret node 102 is an identifier predetermined between the secret node 102 and the management node 103. Therefore, even if the intercepting terminal 104 shown in FIG. 1 intercepts this alternative address update packet, it is not detected.

  Similarly, the CPU of the management node 103 decodes and decodes the contents of the alternative address table 156 from the payload of the alternative address update packet (step S323). Then, the portion of the alternative address table related to the secret node of the read identifier in the alternative address table 226 shown in FIG. 6 is overwritten. If the sent alternative address table is from a new secret node, an area related to the secret node is newly created in the alternative address table 226, and the part of the alternative address table sent there is designated as the secret node. The data is written in association with each other (step S324). In this way, processing is performed in which the contents of the alternative address table 156 of each secret node and the alternative address table 226 of the management node 103 are always the same.

  FIG. 9 shows the flow of processing when the secret node receives a packet. When receiving the packet from the input interface 151 shown in FIG. 2 (step S341: Y), the secret node 102 determines whether or not the packet is addressed to the own node by the own device packet detection unit 153 (step S342). Otherwise (N), the packet is stored in the transmission buffer 160 and transmitted to the next node (step S343).

  On the other hand, if the received packet is addressed to the own node (step S342: Y), the packet is transferred to the packet processing unit 154, and processing according to the content of the packet is performed (step S344). For example, when information for managing the secret node 102 is sent from the management node 103, management of the secret node 102 is executed according to the information.

FIG. 10 specifically shows the determination processing of the packet addressed to the own node sent from the management node by the secret node in step S342. When the CPU of the secret node 102 receives the packet sent from the management node 103, it first acquires the current time (step S361). Then, an alternative address corresponding to the current time is obtained from the alternative address table 156 shown in FIG. 3 (step S362). For example, if the current time is 13:30 on May 19, 2005, the alternative address is “A ₁ ”.

Here, when the current time is a time at which an alternative address may be switched when a transmission delay occurs in a packet sent from the management node 103 as in the case of 14:00 on May 19, 2005 The determination of alternative addresses becomes a problem. If data that originally represents the transmission time of the transmission source is stored in the packet, there is no problem if it is followed. When such data is not stored in the packet, the alternative address may be acquired in such a manner that possible alternative addresses coexist in a time zone where an error in transmission delay may occur. In the case of this example, for example, from 14:00 to 14:05 on May 19, 2005, the alternative addresses “A ₁ ” and “A ₂ ” coexist.

When the alternative address is acquired, it is determined whether or not the destination of the received packet matches (step S363). If they do not match (N), it is determined that the packet is addressed to another node (step S364). On the other hand, when the alternative address matches the destination of the received packet (step S363: Y), the corresponding secret node identifier is acquired from the alternative address table 156 shown in FIG. 3 (step S365). For example, when the alternative address “A ₁ ” matches, “0x4b6a” is acquired as the secret node identifier. When the alternative addresses “A ₁ ” and “A ₂ ” coexist and the alternative addresses “A ₂ ” match, “0xac9b” is acquired as the secret node identifier.

  Next, the CPU reads data in an area corresponding to the secret node identifier storage area 205 shown in FIG. 4 in the received packet (step S366). Then, it is determined whether or not the secret node identifier 184 acquired in step S365 matches the read data (step S367). If they match (Y), it is determined that the packet is sent from the management node 103 to the secret node 102, that is, a packet addressed to the own node (step S368). If they do not match (step S367: N), it is determined that the packet is addressed to another node (step S364).

  FIG. 11 shows processing when a packet is transmitted from the secret node to the management node. The packet generation unit 157 of the secret node 102 illustrated in FIG. 2 acquires the current time for transmission (step S381). Then, an alternative address corresponding to the current time is obtained from the alternative address table 156 shown in FIG. 3 (step S382). Here, it is assumed that the acquired time is not substantially different from the time received by the management node 103. Therefore, the acquired current time is very close to 14:00, for example, 13:59 on May 19, 2005, and is received by the management node 103 due to internal processing in the secret node 102 and transmission delay in the transmission path. If it is certain that the time will be after 14:00 on May 19, 2005, a correction will be made to obtain an alternative address that switches from 14:00 on May 19, 2005 May be. The alternative address acquired in step S382 is incorporated in the storage area 204 (FIG. 4) of the transmission source address of the packet transmitted to the management node 103 (step S383).

  Next, the packet generation unit 157 acquires a secret node identifier corresponding to the alternative address from the alternative address table 156 (step S384). This is incorporated into the secret node identifier storage area 205 (FIG. 4) arranged at the beginning of the payload of the packet to be transmitted to the management node 103 (step S385). Then, after being stored in the transmission buffer 160, the packet is transmitted to the next node by the output interface 161 (step S386).

  FIG. 12 shows packet reception processing in the management node. A description will be given with FIG. In the management node 103, when the input interface 221 receives the packet (step S401: Y), the current time is acquired, and the received packet is stored in the reception buffer 222 together with this (step S402). The packet processing unit 223 reads the packet and the time when it was received (step S403), and obtains identification information representing the secret node in which the alternative address corresponding to the time is described in the alternative address column from the alternative address table 226. (Step S404). In this embodiment, since the management node 103 manages a plurality of secret nodes including the secret node 102 shown in FIG. 2, it is necessary to determine from which secret node the packet has been sent. Because.

  Of course, the management node 103 can send a reply to the secret node by using the source address as the destination and copying and using the transmitted secret node identifier, as in this embodiment. When the alternative address and the secret node identifier of the secret node are used properly depending on the time zone, the reply time may be the time after switching of the alternative address. Therefore, it is necessary to determine from which secret node the packet has been sent. Note that the process for acquiring the current time performed in step S402 is executed instead of the process of reading the current time when the time of transmission is written in the received packet.

  If it is determined that a packet has been sent from the secret node 102 shown in FIG. 2, the packet processing unit 223 analyzes the contents of the packet and performs processing according to the packet (step S405). As a result, when a reply is required for the secret node 102 (step S406: Y), the packet generation unit 228 acquires the current time when the contents of the reply packet are assembled (step S407). ). Then, the packet generation unit 228 acquires the alternative address and the secret node identifier at the corresponding time in the corresponding secret node 102 in the alternative address table 226 (step S408). Then, the packet is transmitted from the output interface 230 with the alternative address as the destination, the secret node identifier incorporated into the leading end of the payload (step S409). Of course, the current time acquired in step S407 may be transmitted by being incorporated in a predetermined position of the packet to be transmitted.

FIG. 13 shows the state of the secret node identifier generation process used in this embodiment. First, an initial setting value S set manually in advance is read (step S421), a parameter n of the table number is initialized to "1" (step S422), and the value S is used as the first secret node identifier. Stored as the corresponding secret node identifier 184 of the alternative address table 156 (step S423). Subsequently, the parameter n is incremented by “1” (step S424). If the parameter n does not exceed the maximum value n _max of the table numbers prepared in the alternative address table 156 (step S425: N), Only a predetermined constant C is added to the value S (step S426), and this value is stored as the corresponding secret node identifier 184 of the alternative address table 156 as the second secret node identifier (step S423). In the same manner, the secret node identifiers 184 of the third and subsequent table numbers 181 are sequentially set while sequentially adding a predetermined constant C to the value S.

  In the above processing, the constant C is added to the predetermined initial setting value S. However, subtraction processing may be performed. Such processing makes it difficult to decipher the secret node identifier. However, if even stronger security is required, even if the secret node identifier can be read once, it will be intercepted what the next secret node identifier will be. It is necessary to make it impossible to guess from the terminal 104. For this purpose, for example, REC (Request For Comments) of IETF (The Internet Engineering Task Force). A one-time password proposed in 1760 may be used. This is a disposable password that can only be used once, so even if it is known to a third party, the same password is never used again, so it is possible to maintain high security. In order to generate such a one-time password, a secure hash function (Secure Hash Function) as a one-way function is used. According to this, first, the value to be set to the “N” th as the secret node identifier is determined, and the result obtained by the secure hash function using the value as an argument is set as the “N−1” th value. By repeating this, the “1” to “N” -th values can be generated. Even if the value of the secret device identifier 184 at a certain moment is detected, it is almost impossible to predict the next value to be used because of the property of this function that it is difficult to obtain an argument from the result.

In the embodiment described above, it can be seen that the alternative address is used as the address information indicating the secret node by incorporating the secret node identifier into the payload in the packet communicated between the secret node 102 and the management node 103. I made it. As a result, even if the intercepting terminal 104 shown in FIG. 1 intercepts a packet communicated between the secret node 102 and the management node 103, it cannot acquire the address information of the secret node 102 itself. In addition, as an alternative address corresponding to the address of the secret node 102, the intercepting terminal 104 changes the addresses “A ₁ ” to “A ₃ ” of the _first to _third terminals 106 _{1 to} 106 ₃ at different times in the embodiment. Since it is set, it is difficult to clarify the existence of the secret node 102 itself.

Moreover, alternative addresses confidential node 102 using "A _1" - "A _3" is the first to third terminal 106 ₁ to 106 ₃ addresses actually present "A _1" - "A _3" is itself is there. Therefore, there is an advantage that other terminals such as the intercepting terminal 104 can detect their presence on the network, and as a result, it is difficult to notice the presence of the secret node 102.

Further, it is assumed that the intercepting terminal 104 detects that a node using the address “A ₁ ” is communicating with the management node 103. In this case, even if the intercepting terminal 104 performs a filtering process for extracting all packets having the address “A ₁ ” as the transmission source address, the packet used by the secret node 102 and the first terminal 106 are used for this packet. _{The one} used by ₁ is mixed. In order to divide these packets by the original transmission source, it is necessary to specify the secret node identifier in order to determine the presence or absence of the secret node identifier. However, the position and content of the secret node identifier in the packet are determined by the eavesdropping terminal 104 side. It is extremely difficult to guess.

In addition, in this embodiment, there are a plurality of types of secret node identifiers corresponding to the alternative addresses “A ₁ ” to “A ₃ ”, and even if the alternative addresses are the same, the secret node identifiers are changed depending on the time Have to fluctuate. Therefore, even if one alternative address and the corresponding secret node identifier can be read at a certain point in time, the packet can be read for a limited time, and if the alternative address or time zone is different, the packet can be read. Again changes to a packet whose source is unknown.

  For the reasons described above, in the case of the present embodiment, it is virtually impossible for the intercepting terminal 104 to detect the secret node 102 and to attack such as hacking.

  In this embodiment, the IP address of the secret node 102 is set to H. However, since the secret node 102 can communicate using the address of another terminal, there is no particular assignment of such a unique address. May be. In a network where the number of addresses that can be allocated is limited, the number of devices that can be installed is limited, and a new device cannot be installed unless there is a free address. In addition, when constructing a large-scale network, systematic address assignment is performed, so if a new device is added after the network construction, whether or not an unscheduled assignment method is permitted even if there is an empty address Need to be carefully considered, and it may be difficult to adapt to the circumstances. However, according to the method of the present embodiment, it is possible to easily install an apparatus such as a network monitoring device while avoiding these problems.

  <First Modification of Invention>

FIG. 14 shows a configuration of an alternative address table in the secret node according to the first modification of the present invention. The alternative address table 156A of this modification is provided with a column for the number of available times 182A instead of the column for the start time 182 of the embodiment shown in FIG. Other configurations of the table number 181, the alternative address 183, and the secret node identifier 184 are the same as those of the alternative address table 156 of the embodiment. In the column of the number of available times 182A, the number of available times is set as an upper limit value of the number of times that each set of the alternative address 183 and the secret node identifier 184 can be used continuously. For example, in the case of the table number “1”, the usable number is 24 times. Therefore, for example, when the number of transmissions of packets transmitted from the secret node 102 to the management node 103 is from the first time to the 24th time, the alternative address is the address “A ₁ ” and the secret node identifier is “0x4b6a”. However, the table number “2” is applied from the 25th time. That is, from the 25th time to the 32nd time for a total of 8 times, the alternative address is the address “A ₂ ” and the secret node identifier is “0xac9b”. In the same manner, the alternative address and the secret node identifier are sequentially switched according to the number of uses.

  Therefore, according to the alternative address table 156A of this modification, if the contents of the alternative address and secret node identifier pair are always fixed, the finite table number 181 is cyclically circulated. This can be used permanently without updating the alternate address table 156A. Of course, security can be further enhanced by randomly changing the secret node identifier corresponding to each alternative address and notifying the contents between the secret node 102 and the management node 103. Of course, the update of the table can be performed by notifying the calculation formula between the two in advance at the start of the system operation regarding the change of the secret node identifier corresponding to each alternative address and the change of the usable number of times 182A. Can be omitted.

  If an error occurs in the count of the number of usable times for some reason, in the case of this modification, packets cannot be transmitted / received until the update process of the alternative address table 156A is performed between the secret node 102 and the management node 103. . In order to eliminate such drawbacks, a numerical value indicating the number of times of use for the set of the current alternative address 183 and the secret node identifier 184 may be stored in a specific area of the payload when each packet is transmitted. . Further, when the secret node 102 or the management node 103 sends a packet to the other side without fail, a reply packet is always requested, and if this is not sent to the sending side within a predetermined time, the alternative address table 156A is set between them. Processing for performing initialization may be performed, or for the time being, a combination of a special alternative address 183 and a secret node identifier 184 that enable communication between the two only in the case of such an abnormality may be enabled.

FIG. 15 corresponds to FIG. 10 and shows a state of the own node address discrimination process for the packet received by the secret node in the first modification. The secret node 102 stores the table number 181 of the alternative address table 156A used last time and the number of uses in a nonvolatile memory area (not shown). The own-device-destined packet detection unit 153 shown in FIG. 2 acquires the table number and the current number of uses from the nonvolatile memory area (step S501). Then, the number of times the corresponding table number can be used is acquired from the alternative address table 156A (step S502). Based on this, the packet detector 153 addressed to its own device calculates a value F represented by the following equation (1) (step S503).
F = (number of times used + 1) −number of times available for use …… (1)

  For example, assume that the table number read in step S501 is “1” and the current number of uses read is “24”. Then, the value F becomes “1”, which is a positive numerical value. Thus, when the value F takes a positive value (step S504: Y), the alternative address and the secret node identifier to be referred to this time are those of the next table number. In this example, specifically, an alternative address whose table number 181 is “2” and a secret node identifier are to be referred to. Therefore, in this case, the table number of the nonvolatile memory area is changed to the next number, and the use count is initialized to “1” (step S505). However, the previous value stored in the non-volatile memory area at this time is temporarily held in another area such as a RAM (random access memory). This is because when the secret node 102 receives a packet other than that of the management node 103, it is necessary to restore the value of the non-volatile memory area after the end of the self-node determination process.

  When the process of step S505 is completed, the self-device-destined packet detection unit 153 acquires the alternative address of the changed table number and the secret node identifier from the alternative address table 156A (step S506). Then, the alternative address of the currently received packet is compared with the secret node identifier. As a result of the comparison, if the two match completely (step S507), the received packet is determined to be addressed to the own node (step S508).

  On the other hand, when both the alternative address and the secret node identifier of the currently received packet or a part thereof do not match the alternative address and the secret node identifier acquired in step S426 (step S507: N), the nonvolatile memory The table number of the area and the number of times of use are restored (step S509). Then, it is determined that the received packet is destined for another node (step S510).

  Next, the case where the value F is 0 or negative in step S504 will be described. For example, assume that the table number read in step S501 is “1” and the current number of uses read is “15”. Then, the value F becomes “−8”, which is a negative numerical value. In this way, when the value F takes a negative value (step S504: N), the previously used alternative address and secret node identifier in the alternative address table 156A can be used this time. Therefore, an alternative address and a secret node identifier with the same table number are acquired from the alternative address table 156A (step S511). These are compared with the alternative address of the currently received packet and the secret node identifier. If they match (step S512: Y), the number of uses stored in the non-volatile memory area is incremented by “1” (step S513). Then, the process proceeds to step S508 to determine that the packet is addressed to the own node.

  On the other hand, when both the alternative address and the secret node identifier of the currently received packet or a part thereof do not match the alternative address and the secret node identifier acquired in step S511 (step S512: N), the packet is changed. It is determined that the address is for another node (step S510).

  In the processing shown in FIG. 14, the table number and the number of times of use of the alternative address table 156A used immediately before are stored in the nonvolatile memory area, but the table number and the number of times of use when this time used are stored. You may make it leave. In this case, a comparison process with the available number of times 182A described in the alternative address table 156A is necessary as a pre-process of this storage, but this time each time it is determined whether or not the received packet is addressed to its own node There is no need to repeat the process of reading the alternative address and secret node identifier to be referenced from the alternative address table 156A and the calculation process of step S503.

  As an application of the first modification, it is also possible to change the alternative address each time a packet is transmitted. Of course, the secret node identifier may be changed each time.

  <Second Modification of Invention>

  FIG. 16 shows a configuration of an alternative address table in the secret node according to the second modified example of the present invention. Compared with the alternative address table 156 of the embodiment shown in FIG. 3, the alternative address table 156B of the second modified example has an identifier flag 185 column added. Here, the column of the identifier flag 185 is a column composed of, for example, one bit immediately after the secret node identifier in the payload, and indicates whether the secret node identifier 184 is necessary. When the identifier flag 185 is “1”, the secret node identifier 184 is required, and the data present in the secret node identifier 184 column represents the secret node identifier 184 itself. When the identifier flag 185 is “0”, the secret node identifier 184 is unnecessary, and the data existing in the column of the secret node identifier 184 is other data that is not the secret node identifier or a part thereof. It is also possible to arrange a dummy bit string for pretending to be a secret node identifier in this part.

In the example shown in FIG. 16, since the first terminal 106 ₁ whose alternative address 183 is “A ₁ ” has the possibility of communicating with the management node 103 independently, the identifier flag 185 is “1”. . When the management node 103 confirms that the identifier flag 185 is “1”, the management node 103 reads the secret node identifier 184, and if this is the content shown in the alternative address table 156B, the packet sent from the secret node 102 It is determined that

On the other hand, there is no possibility that the second terminal 106 ₂ having the alternative address 183 “A ₂ ” communicates with the management node 103 independently in this modification. Therefore, the identifier flag 185 is “0”. When the management node 103 confirms that the identifier flag 185 is “0”, the management node 103 determines that the packet is sent from the secret node 102 without reading the secret node identifier 184. The same applies to the third terminal 106 ₃ whose alternative address 183 is “A ₃ ”.

  In the embodiment and the modification, the secret node identifier is arranged at the leading end of the payload. However, it is natural that the secret node identifier may be arranged at another place in the header or the payload. Further, the location of the identifier flag is not limited to the modified example of the present invention. In addition, the present invention is not applied only to devices that monitor a network, and it is natural that the present invention can be widely applied even when address information is used in an expanded manner. Further, in the embodiment, the IP network 101 is a network through which packets are communicated. However, the present invention can be applied to any network as long as it communicates using address information.

It is a system configuration | structure figure showing the principal part of the communication system which transmits / receives the packet in one Example of this invention. It is a block diagram showing the outline | summary of the structure of the secret node of a present Example. It is explanatory drawing showing the principal part of the alternative address table of a present Example. It is explanatory drawing which showed an example of the secret packet which a packet generation part produces | generates in a present Example. It is explanatory drawing which showed an example of packets other than the secret packet which a packet generation part produces | generates in a present Example. It is a block diagram showing the structure of the management node in a present Example. It is a flowchart showing the mode of the process which a secret node produces an alternative address table in a present Example. It is a flowchart showing the flow of the process of the management node at the time of receiving the packet incorporating the content of the alternative address table in the present embodiment. It is a flowchart showing the flow of a process when a secret node receives a packet in a present Example. 6 is a flowchart specifically illustrating a determination process of a packet addressed to a self node sent from a management node by a secret node according to the present exemplary embodiment. It is a flowchart showing the process in the case of transmitting a packet from a secret node to a management node in a present Example. It is a flowchart showing the packet reception process in a management node in a present Example. It is a flowchart showing the mode of the production | generation process of the secret node identifier used in the present Example. It is explanatory drawing showing the structure of the alternative address table in the secret node of the 1st modification of this invention. It is a flowchart showing the mode of the self-addressed discrimination | determination process about the packet which the secret node in the 1st modification of this invention received. It is explanatory drawing showing the structure of the alternative address table in the secret node of the 2nd modification of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Communication system 101 IP network 102 Secret node 103 Management node 104 Interception terminal 106 Terminal 153 Self-addressed packet detection part 154, 223 Packet processing part 156, 156A, 156B, 226 Alternative address table 157, 228 Packet generation part 183 Alternative address 184 Secret node identifier 185 Identifier flag 201 Secret packet 204 Source address storage area 205 Secret node identifier storage area

Claims (4)

A packet receiving means for receiving a packet whose destination address matches the address of its own device;
A source address reading means for reading out, as a source address, an address existing in a communication network in which the packet receiving means receives a packet from a location where a source address in the packet received by the packet receiving means is described;
Specific information reading means for reading specific information determined in advance with a specific transmission source from a specific location other than the location where the transmission source address is described in the packet received by the packet reception means;
Coincidence detecting means for detecting whether the specific information read by the specific information reading means matches the identifier determined in advance with the specific transmission source corresponding to the transmission source address read by the transmission source address reading means;
When the coincidence detection unit detects a coincidence, it is determined that a predetermined address other than the transmission source address read by the transmission source address reading unit is an address indicating the specific transmission source, and the coincidence detection unit A source address discriminating means for discriminating that the source address read by the source address reading means is an address indicating the source when no match is detected.
And a packet receiving apparatus. A packet receiving means for receiving a packet whose destination address matches a predetermined specific address;
Destination address reading means for reading out, as a destination address, an address existing in a communication network where the packet receiving means receives a packet from a location where a destination address in the packet received by the packet receiving means is described;
Specific information reading means for reading specific information determined in advance with a specific transmission source from a specific location other than the location where the destination address is described in the packet received by the packet reception means;
Coincidence detecting means for detecting whether the specific information read by the specific information reading means matches the identifier determined in advance with the specific transmission source corresponding to the destination address read by the destination address reading means;
When the coincidence detecting unit detects a coincidence, it is determined that a predetermined address other than the destination address read by the destination address reading unit is an address indicating the own apparatus, and the coincidence detecting unit does not detect a coincidence. Destination address determining means for determining that the destination address read by the destination address reading means is an address indicating the destination
And a packet receiving apparatus. 3. The packet receiving apparatus according to claim 1, wherein the specific information is read from a payload of the packet. Identifier group storage means for storing an identifier group generated in advance by a one-way function;
Identifier selection means for sequentially selecting each identifier stored in the identifier group storage means when receiving a packet;
The source address discriminating means is an address indicating the specific source depending on whether the same address as the identifier selected by the identifier selecting means is detected from the specific information reading means, or 2. The packet receiving apparatus according to claim 1, wherein it is determined whether the source address is read by the source address reading means.

Images