Proposal for a Practical Cipher Communication Protocol That Can Coexist with NAT and Firewalls

  • Shinya Masuda
  • Hidekazu Suzuki
  • Naonobu Okazaki
  • Akira Watanabe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3961)


Threats to network security have become a serious problem, and encryption technologies for communications are an important issue these days. Although the security of IPsec ESP (, that is a typical existing cipher communication technology) is strong, it has such problems that it can not be used in the environment where it coexists with NAT and firewalls, and that there also exists some degradation of throughput. For such reasons, ESP is used only for some limited applications such as VPN (Virtual Private Network). In this paper, we propose a new cipher communication protocol, called PCCOM (Practical Cipher COMmunication), that can verify the identity of the corresponding counterpart and assure the integrity of packets in the environment where it coexists with NAT and firewalls, without changing the format of the original packets. To confirm the effectiveness of PCCOM, we installed a trial system in FreeBSD, and confirmed the coexistibility with NAT and firewalls. We also measured its throughput, and good performance was confirmed, which is attributable to “no change” of the packet format.


Port Number Trial System Virtual Private Network Network Address Translator Tunnel Mode 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, RFC2401 (August 1998)Google Scholar
  2. 2.
    Atkinson, R.: IP Encapsulation Security Payload (ESP), RFC2406 (December 1998)Google Scholar
  3. 3.
    Harkins, D., Carrel, D.: The internet key exchange (IKE), RFC2409, (December 1998)Google Scholar
  4. 4.
    Watanabe, A., Koui, Y., Ideguchi, T., Yokoyama, Y., Seno, S.: Realization Method of Secure Communication Groups Using Encryptions and Its Implementation. Trans. IPS Japan 38(4), 904–914 (1997)Google Scholar
  5. 5.
    Braden, R., Borman, D., Partridge, C.: Computing the Internet Checksum”, RFC1071 (September 1988)Google Scholar
  6. 6.
    Mallory, T., Kullberg, A.: Incremental Updating of the Internet Checksum”, RFC1141 (January 1990)Google Scholar
  7. 7.
    Rijsinghani, A.: Computation of the Internet Checksum via Incremental Update, RFC1624 (May 1994)Google Scholar
  8. 8.
    Huttunen, A., Swander, B., Volpe, V., Diburro, L., Stenberg, M.: UDP Encapsulation of IPsec Packets, RFC3948 (January 2005)Google Scholar
  9. 9.
    Egevang, K., Francis, P.: The IP Network Address Translator (NAT), RFC1631 (May 1994)Google Scholar
  10. 10.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Shinya Masuda
    • 1
  • Hidekazu Suzuki
    • 1
  • Naonobu Okazaki
    • 2
  • Akira Watanabe
    • 1
  1. 1.Graduate School of Science and TechnologyMeijo UniversityAichiJapan
  2. 2.Faculty of Computer Science and Systems EngineeringUniversity of MiyazakiMiyazakiJapan

Personalised recommendations