Agile network protocol for secure communications with assured system availability

摘要

A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

主权项

1. A method of securely transmitting a datastream comprising a plurality of IP packets from a first computer to a second computer over a communication channel, the method carried out at the first computer and comprising the steps of:
(1) interleaving a block of the plurality of IP packets; (2) encrypting the interleaved packets in the block; and (3) creating an IP header for each of the encrypted interleaved packets, each header including: an interleave sequence identifier for deinterleaving the encrypted interleaved packet, an identification of the second computer as the destination of the interleaved encrypted packet, and a counter parameter indicating a number of hops the interleaved encrypted packet is required to undergo before the interleaved encrypted packet is delivered to the second computer.