Proposal for a Practical Cipher Communication Protocol That Can Coexist with NAT and Firewalls

摘要

Threats to network security have become a serious problem, and encryption technologies for communications are an important issue these days. Although the security of IPsec ESP (, that is a typical existing cipher communication technology) is strong, it has such problems that it can not be used in the environment where it coexists with NAT and firewalls, and that there also exists some degradation of throughput. For such reasons, ESP is used only for some limited applications such as VPN (Virtual Private Network). In this paper, we propose a new cipher communication protocol, called PCCOM (Practical Cipher COMmunication), that can verify the identity of the corresponding counterpart and assure the integrity of packets in the environment where it coexists with NAT and firewalls, without changing the format of the original packets. To confirm the effectiveness of PCCOM, we installed a trial system in FreeBSD, and confirmed the coexistibility with NAT and firewalls. We also measured its throughput, and good performance was confirmed, which is attributable to "no change" of the packet format.