Secure communication system and method of IPV4/IPV6 integrated network system

Abstract

An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system includes at least one first node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the created identification information with each second node in a secure negotiating process. Each second node creates identification information capable of identifying each secret key shared with each first node, and performs the secure negotiating process based on the secret keys corresponding to the identification information exchanged through the secure negotiating process. Thereby, secure communication complying with Security Architecture for the Internet Protocol (IPSec) can be implemented based on the secret keys in the IPv4/IPv6 integrated network system of a Network Address Translation-Protocol Translation (NAT-PT) environment.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete appreciation of the invention, and many of the attendant advantages thereof, will be readily apparent as the same becomes better understood by reference to the following detailed description when considered in conjunction with the accompanying drawings in which like reference symbols indicate the same or similar components, wherein:

FIG. 1 is a block diagram of an Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network according to an exemplary embodiment of the present invention;

FIG. 2 illustrates a Pre-Shared Key (PSK) set for an ordinary IPv4 node;

FIG. 3 illustrates a PSK set for an ordinary IPv6 node;

FIG. 4 illustrates PSKs set for each IPv6 node according to an exemplary embodiment of the present invention;

FIG. 5 illustrates PSKs set for each IPv4 node according to an exemplary embodiment of the present invention;

FIG. 6 illustrates creation of a KEY-ID according to an exemplary embodiment of the present invention;

FIG. 7 is a signal flow diagram illustrating a secure communication method of an IPv4/IPv6 integrated network system according to an exemplary embodiment of the present invention;

FIG. 8 illustrates the format of a header (HDR) according to the present invention;

FIG. 9 illustrates the format of a payload type according to the present invention;

FIG. 10 illustrates a KEY-ID payload according to the present invention; and

FIG. 11 is a flowchart of a secure communication method of an IPv4/IPv6 integrated network system according to an exemplary embodiment of the present invention

Claims

1. An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system having at least one node included in a different network, the IPv4/IPv6 integrated network system comprising: at least one first node for creating KEY-IDs capable of identifying each secret key shared with at least one IPv4 node, and for exchanging the KEY-IDs with each said at least one IPv4 node in a secure negotiating process; anda second node for creating KEY-IDs capable of identifying each secret key shared with each IPv6 node, and for performing the secure negotiating process based on the secret keys corresponding to the exchanged KEY-IDs.

2. The IPv4/IPv6 integrated network system according to claim 1, wherein each of the KEY-IDs has a lower 32-bit value which is a result value obtained by processing a key value of the shared secret key by means of a hash function.

3. The IPv4/IPv6 integrated network system according to claim 1, wherein each said at least one node constructs an Internet Key Exchange (IKE) payload in which an IKE header (HDR), secure association (SA) information, and the KEY-ID are included.

4. The IPv4/IPv6 integrated network system according to claim 1, wherein each said at least one node sets a payload value indicating the KEY-ID among reserved next payload values for a Next Payload field, and transmits the KEY-ID by means of an Internet Key Exchange (IKE) payload in which the KEY-ID is set for the Next Payload field.

5. The IPv4/IPv6 integrated network system according to claim 1, wherein each said at least one node is one of an IPv6 node included in an IPv6 network and an IPv4 node included in an IPv4 network.

6. The IPv4/IPv6 integrated network system according to claim 1, further comprising a Network Address Translation-Protocol Translation (NAT-PT) server having an address pool capable of assigning an IPv4 address to each said at least one first node included in an IPv6 network, for managing an address table based on IPv4 addresses assigned to said at least one first node, and for performing mutual translation between an IPv6 packet and an IPv4 packet based on the address table.

7. The IPv4/IPv6 integrated network system according to claim 1, wherein each said at least one the node creates an encryption key based on a value of the secret key selected in the secure negotiating process and values of key exchange and random numbers shared in an encryption key sharing process, and when an authentication process based on the key exchange is completed, each said at least one mode encrypts data based on the encryption key to perform secure communication.

8. An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system having at least one node included in a different network, the IPv4/IPv6 integrated network system comprising: at least one IPv4 node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the identification information with each said at least one second node in a secure negotiating process based on an Internet Key Exchange (IKE); andan IPv6 node for creating identification information capable of identifying each secret key shared with each said at least one Ipv4 node, and for performing the secure negotiating process using secret keys corresponding to the identification information exchanged in the secure negotiating process.

9. A secure communication method of an Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system, the secure communication method comprising the steps of: sharing, by at least one node included in a different kind of Internet Protocol (IP) network, a value of a secret key;creating, by each said at least one node, KEY-IDs capable of identifying the shared secret key value; andexchanging, by each said at least one node, the KEY-IDs to perform a secure negotiating process.

10. The secure communication method according to claim 9, wherein the creating step comprises setting to a KEY ID a lower 32-bit value which is a result value obtained by processing the secret key value by means of a hash function.

11. The secure communication method according to claim 9, wherein performing the secure negotiating process comprises the steps of: transmitting, by a first node to a second node, a first packet containing an Internet Key Exchange (IKE) payload in which an IKE header (HDR), secure association (SA) information, and a KEY-ID are included; andtransmitting, by the second node to the first node, a second packet containing the IKE payload in which the IKE HDR, the SA information and the KEY-ID are included.

12. The secure communication method according to claim 11, further comprising the step of dynamically assigning an IPv4 address to the first node, and performing mutual translation between the first packet and the second packet.

13. The secure communication method according to claim 11, wherein the IKE payload has a value defined as a value of the KEY-ID among reserved next payload values set for a Next Payload field, and includes an identification payload for which the KEY-ID is set.

14. The secure communication method according to claim 9, wherein each node is one of an IPv6 node included in an IPv6 network and an IPv4 node included in an IPv4 network.

15. The secure communication method according to claim 9, further comprising the steps of: creating encryption keys based on a value of the secret key selected in the secure negotiating process and values of key exchange and random numbers shared in an encryption key sharing process; andwhen an authentication process based on key exchange of encryption keys is completed, encrypting data based on the encryption keys to perform secure communication.

16. A secure communication method of an Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system, the secure communication method comprising the steps of: sharing, by at least one IPv6 node and an IPv4 node, a value of a secret key;creating, by each node, identification information capable of identifying each said secret key;exchanging, by each said at least one IPv6 node and the IPv4 node, the identification information in a secure negotiating process based on an Internet Key Exchange (IKE); andperforming, by each said at least one IPv6 node and the IPv4 node, the secure negotiating process based on secret keys corresponding to the identification information.

17. The secure communication method according to claim 16, further comprising the steps of: creating encryption keys based on a value of the secret key selected in the secure negotiating process and values of key exchange and random numbers shared in an encryption key sharing process; andwhen an authentication process based on key exchange of encryption keys is completed, encrypting data based on the encryption keys to perform secure communication.