Agile network protocol for secure communications with assured system availability

摘要

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

主权项

1. A method of transmitting data over a computer network, comprising the steps of:
at an originating terminal connected to the computer network, receiving a stream of data and forming a first level packet payload based on the stream of data; identifying a network destination address for the stream of data; forming a first level packet including the first level packet payload and a first level header containing data representing the network destination address; encrypting at least a portion of the first level packet to form a second level packet payload; forming a second level packet including the second level packet payload and a second layer header containing a router address of an intermediate router connecting the originating terminal to the network destination address; including in one of the first and second layer headers, an indicator of a number of hops to be made by the first level packet before arriving at the network destination address; and sending the second level packet to the intermediate router at the router address; wherein the intermediate router determines, based on the indicator, whether to forward the second level packet to another intermediate router at another router address or to forward the second level packet to the network destination address.