The Internet communication is under threat of attacks, such as
In order to reduce overhead for adding security functions to each application protocols and systems, various kinds of services should be available. Currently, adding security functions onto the host/host communication are performed by IPsecurity like swIPe or IP/Secure. And for process/process communication, only the way to add security functions has been to enhance their own application protocol. If the security mechanisms are provided in the transport layer, the mechanism can provide the common interface to achieve process/process secure communication. Also, it does not force users to modify currently existing applications.
So we propose a new mechanism called "Secure TCP" to guard against the attacks in the transport layer. The mechanism is realized as an extension of TCP that have been widely used for various purposes by many network applications.
The Secure TCP is a framework to providing those security services with a current version of TCP. The Secure TCP consists of a cipher information exchange mechanism and a creating mechanism of the Secure TCP segment.
**Cipher Information exchange mechanism
The Secure TCP provides fundamental functions for communication security: key exchange and negotiation. These functions are activated for each TCP active connections when their three-way handshake are carried out. The key exchange function is prepared to exchange a key used in a encryption and decryption processes. The negotiation function is prepared to decide a cipher method, an integrity method and a key exchange method.
A typical usage of this mechanism is a three-way handshake. In this case, if an key exchange of challenge-reply type is used, the extension of the processes as follow:
End_A End_B (i) SYN, NEGO-SEND --------------------> (ii) <-------------------- SYN, ACK, NEGO-REPLY, KEY (iii) ACK, KEY --------------------> (iv) <-------------------- ACKFirst, (i) shows that the TCP NEGO-SEND Option is sent with SYN to the End_B. Second, (ii) shows that the TCP NEGO-REPLY Option and TCP KEY Option of authentication data are sent with SYN and ACK to the End_A. Next, (iii) shows that KEY is sent with ACK to the End_B. Finally, (iv) shows that ACK against the KEY mentioned in (iii) is sent to the End_A.
For the interoperability with current version of TCP, if the End_B does not support the Secure TCP, Only SYN and ACK are sent to the End_A in (ii), and this mechanism turns into the conventional TCP three-way handshake.
In order to realize this mechanism, we propose a extension of TCP option called TCP Option Extension(TOE) as below;
** Creating mechanism of the Secure TCP segment
We set a creating process of the Secure TCP segment after finishing to create a TCP segment in order to protect from the attacks (2) and (3). A Secure TCP segment is shown as follow:
(A) header + body (B) header + body + ENC2(random + CHK2(header + body + random)) (C) header + ENC1(body + CHK1(body)) + ENC2(random + CHK2(header + ENC1(body + CHK1(body)) + random))(A) is a normal TCP segment, (B)is a result created by integrity service and (C) is a result created by confidentiality service. "Random" is a random number data. Functions ENC1() and ENC2() are encryption operations. Functions CHK1() and CHK2() are operations that create a data to check message integrity. To guarantee integrity of TCP segment, random, Function CHK1(), CHK2() and ENC2() are used. To guarantee confidentiality of TCP segment, Function ENC1() is used.
We implemented Secure TCP on a BSD unix system. We employ the MD5 with DES(Data Encryption Standard) by way of functions of the message integrity service. And we use the DES by way of a function of the message confidentiality service (Encryption/Decryption).
We propose the Secure TCP in the transport layer as basic units of secure communication mechanism in the Internet.