Tech Note #110: Concept for a Secure Network Computer
©
2000 Bionic Buffalo Corporation; All Rights Reserved.
Tuesday, 11 January 2000
http://www.tatanka.com
[tn0110]
Page 5 of 18
Host
Computer
(HC)
Remote
Computer
(RC)
Tunnel
Boundary
Controller
(BC)
Remote
Boundary
Controller
1: requests connection to
remote enclave
2: negotiates with
remote boundary
controller to
construct tunnel
3: both
boundary
controllers
jointly create
SNC user
remote enclave
network
SNC local
enclave
tn011004 ©2000 Bionic Buffalo Corp
Authentication may involve dynamic reference to one or more certificate authorities (CAs).
Various protocols (such as LDAP) are used to communicate with the CAs, and these protocols
may themselves be encapsulated within IPsec. In general, a CA may be found within a boundary
controller of the enclave to which connection is to be made, or within a separate node on the
network.
Host
Computer
(HC)
Remote
Computer
(RC)
Certificate
Authority
(CA)
Boundary
Controller
(BC)
Remote
Boundary
Controller
(RBC)
tn011005 ©2000 Bionic Buffalo Corp
In the SNC, all of these negotiations are handled by the BC. The HC has no role until after the
tunnel is created.
To prevent a single failure from allowing a security breach, the BC is implemented as two
separate BCs, each checking the work of the other. A separate CPU hosts each BC, and the two
CPUs are connected in series. Even if one BC allows passage of inappropriate traffic, the second
BC will block the inappropriate messages. This requires two CPUs in the SM, and two internal
networks.