View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 1, 1995

DEC ADDS RSA ENCRYPTION TO ITS INTERNET TUNNEL

By CBR Staff Writer

Tunnelling, a technique that involves the encapsulation of data in wrapper packets to transport it from one point to another is a networking technique that has been around for some years. Claiming to have its neck ahead of the pack, Digital Equipment Corp said its Internet Tunnel has extended this capability to provide encryption and authentication technologies for the Internet, enabling corporate data to be transmitted securely over the Internet. Digital Internet Tunnel uses a regular Internet Protocol jacket, encrypted and encapsulated inside a TCP/IP packet. The source and destination IP applications work as normal but data on the network between the two tunnel servers appears scrambled. When a client wants to initiate a connection with an Internet Group Tunnel server, a connection request is sent over the network. The connection request message contains an identification message that is encrypted by the client with the server’s public key, and then decrypted by the server with its own private key. The server’s database contains a list of clients authorised to establish tunnels. If and when the request has been granted, the tunnel server sends a response, encrypted using the client’s public key, which is then decrypted by the client using its private key. After the authentication session, the two parties exchange portions of a session key, which is then combined to form a secret session key. DEC uses the RSA encryption technology. Versions for the US and Canada use a 128-bit RC4 key, international versions (because of US government restrictions) use a 40-bit version only. The session key is changed periodically to enhance security. The tunnel comes as a Group tunnel and Personal tunnel. The Group tunnel software runs under Digital Unix, with a SLIP Serial Line Internet Protocol, Point-to-Point Protocol, Ethernet or FDDI connection.

Personal Tunnel Software

It manages the construction and operation of tunnels from other tunnel servers. Performance depends on system configuration and end-to-end network throughput: DEC claims to support up to 512 tunnel connections. The authentication key generation and management software is included with the Tunnel product. Personal Tunnel software installed on a personal computer must have Windows95 TCP/IP software active, connected to a network with communications and using a valid IP address for the local subnet. Personal Tunnel includes a Win32 Windows application to enable the request, operation and management of an encrypted tunnel. The Internet Tunnel is intended to complement firewall products, and unlike other tunnel products is said to be firewall-independent. DEC reckons its tunnelling technology differs from that of router and firewall vendors because it offers connections from home or mobiles to the corporate network, whereas routers provide only a single private data circuit and do not support end-to-end or trans-Internet privacy. Firewall tunnelling prodcts require the use of their tunnels at both ends, since interoperability standards don’t exist. DEC said its approach also wins out over Netscape’s SSL Secure Socket Layer protocol, which also uses RSA encryption, since it is used at a different level of the IP stack. Secure Socket Layer encrypts information for applications, while tunnels establish a link for all connections between two networks. With Netscape applications the need to encrypt a specific session, such as Web browsers, Telnet or File Transfer Protocol must be modified to enable the request for an encrypted link. In contrast, Digital Internet tunnel applications are not modified, and all the traffic between the tunnels is encrypted. The international version is due out this month and costs from $10,000 under Digital Unix.

Content from our partners
How designers are leveraging tech to apply the brakes to fast fashion
Why the tech sector must embrace faster, smarter talent recruitment
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU