TWI404393B - Node for securing wireless communications and mathod thereof - Google Patents
Node for securing wireless communications and mathod thereof Download PDFInfo
- Publication number
- TWI404393B TWI404393B TW095128389A TW95128389A TWI404393B TW I404393 B TWI404393 B TW I404393B TW 095128389 A TW095128389 A TW 095128389A TW 95128389 A TW95128389 A TW 95128389A TW I404393 B TWI404393 B TW I404393B
- Authority
- TW
- Taiwan
- Prior art keywords
- node
- key
- secret
- impulse response
- channel impulse
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0875—Generation of secret information including derivation or calculation of cryptographic keys or passwords based on channel impulse response [CIR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
本發明係有關無線通信安全。更特別是,本發明係有關使用未由他人分享聯合隨機(JRNSO)衍生秘鑰之方法及系統。The present invention relates to wireless communication security. More particularly, the present invention relates to methods and systems for using shared random access (JRNSO) derived secret keys that are not shared by others.
IEEE 802.11i係被用來確保IEEE 802.11標準下操作之無線區域網路(WLAN)可藉由使用計數器模式(CTR)與依序使用先進加密標準(AES)演算法之訊息驗證碼(CBC-MAC)協定(CCMP)概括技術鏈結之加密阻隔安全地作資料通信。為達成此目的,IEEE 802.11i係提供可促使一對通信節點衍生可被用來加密被交換封包之鑰匙之兩方案。IEEE 802.11i is used to ensure that the wireless local area network (WLAN) operating under the IEEE 802.11 standard can use the Counter Authentication Mode (CTR) and the Message Authentication Code (CBC-MAC) using the Advanced Encryption Standard (AES) algorithm in sequence. The Protocol (CCMP) outlines the encryption barrier of the technology link for secure data communication. To achieve this, IEEE 802.11i provides two schemes that can cause a pair of communication nodes to derive keys that can be used to encrypt the exchanged packets.
第一方案係以需遠端驗證伺服器(如RADIUS伺服器)之IEEE 802.1x驗證技術為基礎。IEEE 802.1x中,一存取點(AP)可當作欲與該存取點連結之一無線傳送/接收單元(WTRU)及一驗證伺服器間之一路由器。該驗證伺服器可經由該存取點對該無線傳送/接收單元提供一公共鑰匙。無線傳送/接收單元可藉由該驗證伺服器所提供之數位憑證對其檢查來驗證此公共鑰匙。無線傳送/接收單元接著衍生隨機秘密(也就是主秘密),並以所提供之公共鑰匙對其加密傳送該主秘密至該驗證伺服器。因此,僅該驗證伺服器可使用對應私用鑰匙來解密該主秘密。該驗證伺服器及該無線傳送/接收單元可使用此主秘密來衍生主鑰匙(MK)。該驗證伺服器及該無線傳送/接收單元接著從該主鑰匙衍生成對主鑰匙(PMK)。該驗證伺服器提供此成對主鑰匙至該存取點。該存取點及該無線傳送/接收單元接著使用該成對主鑰匙來衍生成對瞬變鑰匙(PTK)。一部分此成對瞬變鑰匙係為被用於加密封包之訊息驗證碼協定技術中之實際鑰匙之暫時鑰匙(TK)。因為此方案使用遠端驗證伺服器及及數位憑證(目前很昂貴),所以該方案通常被實施於企業無線區域網路中。The first solution is based on IEEE 802.1x authentication technology that requires a remote authentication server such as a RADIUS server. In IEEE 802.1x, an access point (AP) can be regarded as one of the routers between a wireless transmit/receive unit (WTRU) and a authentication server to be connected to the access point. The authentication server can provide a public key to the WTRU via the access point. The wireless transmitting/receiving unit can check the public key by checking it by the digital certificate provided by the verification server. The WTRU then derives the random secret (i.e., the master secret) and encrypts the master secret to the authentication server with the provided public key. Therefore, only the authentication server can decrypt the master secret using the corresponding private key. The authentication server and the wireless transmitting/receiving unit can use the master secret to derive a master key (MK). The authentication server and the wireless transmit/receive unit then derive from the master key into a master key (PMK). The verification server provides the pair of master keys to the access point. The access point and the wireless transmit/receive unit then use the pair of master keys to derive into a transient key (PTK). A portion of this pair of transient keys is the temporary key (TK) of the actual key used in the message verification code protocol technique used to seal the package. Because this solution uses a remote authentication server and digital credentials (currently expensive), this solution is typically implemented in an enterprise wireless local area network.
較適用於家庭或小型企業網路之第二方案係使用先分享鑰匙(PSK)。此方案中,256位元使用者可配置秘鑰係被儲存於該通信節點上。正如同IEEE 802.1x系統中,當無線傳送/接收單元欲與該存取點連結時,該無線傳送/接收單元可將先分享鑰匙當作成對主鑰匙(不衍生主秘密及主鑰匙),並衍生成對瞬變鑰匙及使用一部分該成對瞬變鑰匙當作暫時鑰匙。The second option that is more suitable for home or small business networks uses the first shared key (PSK). In this scheme, a 256-bit user configurable key is stored on the communication node. As in the IEEE 802.1x system, when the WTRU is to be connected to the access point, the WTRU can treat the first shared key as a paired master key (not deriving the master secret and the master key), and Derived into a transient key and use part of the pair of transient keys as a temporary key.
IEEE 802.11i系統中係具有至少兩問題。首先,最終暫時鑰匙僅如被交換於IEEE 802.1x網路例中之主秘密,或如家庭或小型企業網路例中之先分享鑰匙般安全。IEEE 802.11x系統中,入侵者可藉由竊取該驗證伺服器之私用鑰匙來解密該主秘密。家庭網路中,先分享鑰匙可使用蠻力入侵者(家中先分享鑰匙被不定期改變或被產生自”弱”密碼作業)或藉由竊取該鑰匙而被推演。知道主秘密或先分享鑰匙係使該入侵者可以如兩合法通信節點之相同方式到達成對主鑰匙之同等值,並衍生同等成對瞬變鑰匙值。因此,知道認證係足以知道被衍生秘鑰。再者,當鑰遲於對話期間被更新時,主鑰匙及成對主鑰匙通常保持不變,僅使用成對主鑰匙及清除中被交換之資訊來衍生新成對瞬變鑰匙(其被假設為秘密)。當成對主鑰匙不改變時,成對瞬變鑰匙並不是新的,所以不是新鑰匙。There are at least two problems in the IEEE 802.11i system. First, the final temporary key is only as secure as the primary secret exchanged in the IEEE 802.1x network instance, or as the first shared key in a home or small business network. In an IEEE 802.11x system, an intruder can decrypt the master secret by stealing the private key of the authentication server. In the home network, the first key to share can be derived using a brute force intruder (the first key in the family is changed from time to time or generated from a "weak" password) or by stealing the key. Knowing the master secret or sharing the key first allows the intruder to reach the same value for the master key in the same way as the two legitimate communication nodes, and derive the equivalent pair of transient key values. Therefore, knowing that the authentication is sufficient is sufficient to know the derived key. Furthermore, when the key is updated later than the session, the master key and the paired master key are usually left unchanged, and only the paired master key and the exchanged information in the purge are used to derive the new pair of transient keys (which are assumed) For the secret). When the paired master key does not change, the paired transient key is not new, so it is not a new key.
再者,鑰匙衍生程序非常複雜且具有許多階段(如主鑰匙,成對主鑰匙,成對瞬變鑰匙及暫時鑰匙)。此消耗時間及資源。Furthermore, key derivations are complex and have many stages (such as master keys, paired master keys, paired transient keys and temporary keys). This consumes time and resources.
鑰匙可被認為是位元序列。N位元長度之完全隨機秘鑰係為實體所分享之N位元序列,S。假設所有資訊均於系統中可得,則任何人對有關此鑰持序列可為何之估測粗略同等機率地被分配於所有可能2N N位元序列上。The key can be thought of as a sequence of bits. The completely random key of the N-bit length is the N-bit sequence shared by the entity, S. Assuming that all information is available in the system, anyone can be assigned a rough and equitable probability of all possible 2 N N bit sequences for the reason why this key sequence can be approximated.
先前技術密碼系統係仰賴其極難從可計算資源觀點來猜測該密碼鑰匙之事實。然而,大多數這些系統中,一旦產生正確猜測,則非常容易驗證此的確為該正確猜測。事實上,先前技術係意指此可應用至任何公共鑰匙系統(也就是秘鑰為公共,而解密鑰匙保持秘密者)。Prior art cryptosystems rely on the fact that it is extremely difficult to guess the cryptographic key from the point of view of computable resources. However, in most of these systems, once a correct guess is made, it is very easy to verify that this is indeed the correct guess. In fact, prior art means that this can be applied to any public key system (ie, the secret key is public and the decryption key remains secret).
例如,假設p及q為兩大質數而s=pq,則熟知解出兩大質數乘積因子之問題係極難以計算。若一方秘密選擇p及q並公開地獲得其乘積s,其接著被當作加密系統之秘鑰,則除非知道p及q,否則其不能輕易地被解密。欲攔截加密訊息之偷聽者可能藉由嘗試已知很難計算之因子s來開始。然而,若該偷聽者猜測p,則其相當容易驗證其具有正確答案。知道該正確答案之能力係以區別可計算秘密及完全秘密之猜測來獲得。完全秘密意指即使該入侵者正確猜測該鑰匙,其均無決定其的確如此之能力。For example, assuming that p and q are two large prime numbers and s=pq, it is extremely difficult to calculate the problem of solving two large prime product factors. If a party secretly selects p and q and publicly obtains its product s, which is then treated as the secret key of the encryption system, it cannot be easily decrypted unless it knows p and q. An eavesdropper who wants to intercept an encrypted message may start by trying a factor s that is known to be difficult to calculate. However, if the eavesdropper guesses p, it is fairly easy to verify that it has the correct answer. The ability to know the correct answer is obtained by guessing the difference between the computable secret and the complete secret. Completely secret means that even if the intruder correctly guesses the key, it does not have the ability to determine it.
因此,預期藉由不限於先前技術之鑰匙來產生加密。IEEE 802.11i係被用來確保IEEE 802.11標準下操作之無線區域網路(WLAN)可藉由使用計數器模式(CTR)與依序使用先進加密標準(AES)演算法之訊息驗證碼(CBC-MAC)協定(CCMP)概括技術鏈結之加密阻隔安全地作資料通信。為達成此目的,IEEE 802.11i係提供可促使一對通信節點衍生可被用來加密被交換封包之鑰匙之兩方案。Therefore, it is expected that encryption will be generated by a key that is not limited to the prior art. IEEE 802.11i is used to ensure that the wireless local area network (WLAN) operating under the IEEE 802.11 standard can use the Counter Authentication Mode (CTR) and the Message Authentication Code (CBC-MAC) using the Advanced Encryption Standard (AES) algorithm in sequence. The Protocol (CCMP) outlines the encryption barrier of the technology link for secure data communication. To achieve this, IEEE 802.11i provides two schemes that can cause a pair of communication nodes to derive keys that can be used to encrypt the exchanged packets.
第一方案係以需遠端驗證伺服器(如RADIUS伺服器)之IEEE 802.1x驗證技術為基礎。IEEE 802.1x中,一存取點(AP)可當作欲與該存取點連結之一無線傳送/接收單元(WTRU)及一驗證伺服器間之一路由器。該驗證伺服器可經由該存取點對該無線傳送/接收單元提供一公共鑰匙。無線傳送/接收單元可藉由該驗證伺服器所提供之數位憑證對其檢查來驗證此公共鑰匙。無線傳送/接收單元接著衍生隨機秘密(也就是主秘密),並以所提供之公共鑰匙對其加密傳送該主秘密至該驗證伺服器。因此,僅該驗證伺服器可使用對應私用鑰匙來解密該主秘密。該驗證伺服器及該無線傳送/接收單元可使用此主秘密來衍生主鑰匙(MK)。該驗證伺服器及該無線傳送/接收單元接著從該主鑰匙衍生成對主鑰匙(PMK)。該驗證伺服器提供此成對主鑰匙至該存取點。該存取點及該無線傳送/接收單元接著使用該成對主鑰匙來衍生成對瞬變鑰匙(PTK)。一部分此成對瞬變鑰匙係為被用於加密封包之訊息驗證碼協定技術中之實際鑰匙之暫時鑰匙(TK)。因為此方案使用遠端驗證伺服器及及數位憑證(目前很昂貴),所以該方案通常被實施於企業無線區域網路中。The first solution is based on IEEE 802.1x authentication technology that requires a remote authentication server such as a RADIUS server. In IEEE 802.1x, an access point (AP) can be regarded as one of the routers between a wireless transmit/receive unit (WTRU) and a authentication server to be connected to the access point. The authentication server can provide a public key to the WTRU via the access point. The wireless transmitting/receiving unit can check the public key by checking it by the digital certificate provided by the verification server. The WTRU then derives the random secret (i.e., the master secret) and encrypts the master secret to the authentication server with the provided public key. Therefore, only the authentication server can decrypt the master secret using the corresponding private key. The authentication server and the wireless transmitting/receiving unit can use the master secret to derive a master key (MK). The authentication server and the wireless transmit/receive unit then derive from the master key into a master key (PMK). The verification server provides the pair of master keys to the access point. The access point and the wireless transmit/receive unit then use the pair of master keys to derive into a transient key (PTK). A portion of this pair of transient keys is the temporary key (TK) of the actual key used in the message verification code protocol technique used to seal the package. Because this solution uses a remote authentication server and digital credentials (currently expensive), this solution is typically implemented in an enterprise wireless local area network.
較適用於家庭或小型企業網路之第二方案係使用先分享鑰匙(PSK)。此方案中,256位元使用者可配置秘鑰係被儲存於該通信節點上。正如同IEEE 802.1x系統中,當無線傳送/接收單元欲與該存取點連結時,該無線傳送/接收單元可將先分享鑰匙當作成對主鑰匙(不衍生主秘密及主鑰匙),並衍生成對瞬變鑰匙及使用一部分該成對瞬變鑰匙當作暫時鑰匙。The second option that is more suitable for home or small business networks uses the first shared key (PSK). In this scheme, a 256-bit user configurable key is stored on the communication node. As in the IEEE 802.1x system, when the WTRU is to be connected to the access point, the WTRU can treat the first shared key as a paired master key (not deriving the master secret and the master key), and Derived into a transient key and use part of the pair of transient keys as a temporary key.
IEEE 802.11i系統中係具有至少兩問題。首先,最終暫時鑰匙僅如被交換於IEEE 802.1x網路例中之主秘密,或如家庭或小型企業網路例中之先分享鑰匙般安全。IEEE 802.11x系統中,入侵者可藉由竊取該驗證伺服器之私用鑰匙來解密該主秘密。家庭網路中,先分享鑰匙可使用蠻力入侵者(家中先分享鑰匙被不定期改變或被產生自”弱”密碼作業)或藉由竊取該鑰匙而被推演。知道主秘密或先分享鑰匙係使該入侵者可以如兩合法通信節點之相同方式到達成對主鑰匙之同等值,並衍生同等成對瞬變鑰匙值。因此,知道認證係足以知道被衍生秘鑰。再者,當鑰遲於對話期間被更新時,主鑰匙及成對主鑰匙通常保持不變,僅使用成對主鑰匙及清除中被交換之資訊來衍生新成對瞬變鑰匙(其被假設為秘密)。當成對主鑰匙不改變時,成對瞬變鑰匙並不是新的,所以不是新鑰匙。There are at least two problems in the IEEE 802.11i system. First, the final temporary key is only as secure as the primary secret exchanged in the IEEE 802.1x network instance, or as the first shared key in a home or small business network. In an IEEE 802.11x system, an intruder can decrypt the master secret by stealing the private key of the authentication server. In the home network, the first key to share can be derived using a brute force intruder (the first key in the family is changed from time to time or generated from a "weak" password) or by stealing the key. Knowing the master secret or sharing the key first allows the intruder to reach the same value for the master key in the same way as the two legitimate communication nodes, and derive the equivalent pair of transient key values. Therefore, knowing that the authentication is sufficient is sufficient to know the derived key. Furthermore, when the key is updated later than the session, the master key and the paired master key are usually left unchanged, and only the paired master key and the exchanged information in the purge are used to derive the new pair of transient keys (which are assumed) For the secret). When the paired master key does not change, the paired transient key is not new, so it is not a new key.
再者,鑰匙衍生程序非常複雜且具有許多階段(如主鑰匙,成對主鑰匙,成對瞬變鑰匙及暫時鑰匙)。此消耗時間及資源。Furthermore, key derivations are complex and have many stages (such as master keys, paired master keys, paired transient keys and temporary keys). This consumes time and resources.
鑰匙可被認為是位元序列。N位元長度之完全隨機秘鑰係為實體所分享之N位元序列,S。假設所有資訊均於系統中可得,則任何人對有關此鑰持序列可為何之估測粗略同等機率地被分配於所有可能2N N位元序列上。The key can be thought of as a sequence of bits. The completely random key of the N-bit length is the N-bit sequence shared by the entity, S. Assuming that all information is available in the system, anyone can be assigned a rough and equitable probability of all possible 2 N N bit sequences for the reason why this key sequence can be approximated.
先前技術密碼系統係仰賴其極難從可計算資源觀點來猜測該密碼鑰匙之事實。然而,大多數這些系統中,一旦產生正確猜測,則非常容易驗證此的確為該正確猜測。事實上,先前技術係意指此可應用至任何公共鑰匙系統(也就是秘鑰為公共,而解密鑰匙保持秘密者)。Prior art cryptosystems rely on the fact that it is extremely difficult to guess the cryptographic key from the point of view of computable resources. However, in most of these systems, once a correct guess is made, it is very easy to verify that this is indeed the correct guess. In fact, prior art means that this can be applied to any public key system (ie, the secret key is public and the decryption key remains secret).
例如,假設p及q為兩大質數而s=pq,則熟知解出兩大質數乘積因子之問題係極難以計算。若一方秘密選擇p及q並公開地獲得其乘積S,其接著被當作加密系統之秘鑰,則除非知道p及q,否則其不能輕易地被解密。欲攔截加密訊息之偷聽者可能藉由嘗試已知很難計算之因子s來開始。然而,若該偷聽者猜測p,則其相當容易驗證其具有正確答案。知道該正確答案之能力係以區別可計算秘密及完全秘密之猜測來獲得。完全秘密意指即使該入侵者正確猜測該鑰匙,其均無決定其的確如此之能力。For example, assuming that p and q are two large prime numbers and s=pq, it is extremely difficult to calculate the problem of solving two large prime product factors. If a party secretly selects p and q and publicly obtains its product S, which is then treated as the secret key of the encryption system, it cannot be easily decrypted unless it knows p and q. An eavesdropper who wants to intercept an encrypted message may start by trying a factor s that is known to be difficult to calculate. However, if the eavesdropper guesses p, it is fairly easy to verify that it has the correct answer. The ability to know the correct answer is obtained by guessing the difference between the computable secret and the complete secret. Completely secret means that even if the intruder correctly guesses the key, it does not have the ability to determine it.
因此,預期藉由不限於先前技術之鑰匙來產生加密。Therefore, it is expected that encryption will be generated by a key that is not limited to the prior art.
本發明係有關使用未由他人分享聯合隨機衍生秘鑰之方法及系統。通信實體係從頻道脈衝響應(CIR)估測產生未由他人分享聯合隨機位元,而該未由他人分享聯合隨機位元係被用於產生秘鑰。該驗證類型可為IEEE 802.1x或先分享鑰匙系統。IEEE 802.1x系統中,主鑰匙,成對主鑰匙及/或成對瞬變鑰匙係可使用該未由他人分享聯合隨機位元來產生。該秘鑰可使用Diffie-Hellman鑰匙衍生演算法來產生。The present invention relates to a method and system for using a joint random derivative key that is not shared by others. The communication real system generates a joint random bit that is not shared by others from the channel impulse response (CIR) estimation, and the unshared joint random bit system is used to generate the secret key. This type of authentication can be an IEEE 802.1x or a shared key system. In an IEEE 802.1x system, a master key, a paired master key, and/or a pair of transient key systems can be generated using the shared random bit that is not shared by others. This key can be generated using the Diffie-Hellman key derivative algorithm.
此後,”無線傳送/接收單元”名詞係包含但不限於使用者設備,站(STA),固定或行動用戶單元,呼叫器,或可操作於無線環境中之任何其他類型元件。此後,當被稱為”存取點(AP)”名詞者係包含但不限於B節點,基地台,位址控制器,或無線環境中之任何其他接介裝置。Hereinafter, the term "wireless transmitting/receiving unit" includes, but is not limited to, a user equipment, a station (STA), a fixed or mobile subscriber unit, a pager, or any other type of component operable in a wireless environment. Hereinafter, the term "access point (AP)" is used to include, but is not limited to, a Node B, a base station, an address controller, or any other interface device in a wireless environment.
本發明特性可被併入積體電路(IC)或被配置於包含複數互連組件之電路中。本發明可被實施為數位信號處理器(DSP),軟體,中間件,硬體,應用或未來系統架構。該元件可為大型通信系統或特定應用積體電路(ASIC)之子組件,而若干或所有該處理元件可被其他元件分享。Features of the invention may be incorporated into an integrated circuit (IC) or configured in a circuit comprising a plurality of interconnected components. The invention can be implemented as a digital signal processor (DSP), software, middleware, hardware, application or future system architecture. The component can be a sub-component of a large communication system or an application specific integrated circuit (ASIC), and some or all of the processing elements can be shared by other components.
無線通信系統中,雖然相關隨機資源為無先前通信難以產生之先驗,但無線頻道係提供頻道脈衝響應型式之該資源。明確地說,特定通信系統中,雙方(如Alice及Bob)通信將測量非常類似頻道脈衝響應估測。寬頻分碼多重存取(WCDMA)分時多工(TDD)系統係具有此特性。另一方面,任何不與Alice及Bob實際共處之一方係可能觀察到與Alice及Bob非常少連結之頻道脈衝響應。此差異可被開發來產生完全秘鑰。該頻道係為未由他人分享聯合隨機資源,而該頻道脈衝響應估測係為被採用自該頻道之樣本。In a wireless communication system, although the associated random resource is a priori that is difficult to generate without prior communication, the wireless channel provides the resource of the channel impulse response pattern. Specifically, in a particular communication system, communication between two parties (such as Alice and Bob) will measure a very similar channel impulse response estimate. Broadband Code Division Multiple Access (WCDMA) Time Division Multiplexing (TDD) systems have this feature. On the other hand, any channel that does not actually coexist with Alice and Bob may observe a very small channel impulse response with Alice and Bob. This difference can be exploited to produce a full secret key. The channel is a joint random resource that is not shared by others, and the channel impulse response estimate is a sample taken from the channel.
Diffie-Hellman鑰匙衍生程序係被解釋如下。Alice及Bob同意使用質數p及基數g。Alice選擇秘密整數a,接著傳送ga模p給Bob。Bob選擇秘密整數b,接著傳送gb 模p給Alice。Alice計算(gb 模p)a 模p。Bob計算(ga 模p)b 模p。(gb 模p)a 模p及(ga 模p)b 模p係為相同。例如,Alice及Bob同意使用質數p=23及基數g=3。Alice選擇秘密整數a=6,接著傳送ga模p=36模23=16給Bob。Bob選擇秘密整數b=15,接著傳送gb 模p=31 5 模23=12給Alice。Alice計算(gb 模p)a 模p=126 模23=9。Bob計算(ga 模p)b 模p=161 5 模23=9。The Diffie-Hellman key derivative program is explained below. Alice and Bob agree to use the prime number p and the base g. Alice selects the secret integer a and then passes ga mod p to Bob. Bob selects the secret integer b and then passes g b mod p to Alice. Alice calculates (g b mod p) a modulo p. Bob calculates (g a mod p) b mod p. (g b mode p) a mode p and (g a mode p) b mode p system is the same. For example, Alice and Bob agree to use the prime number p=23 and the base number g=3. Alice selects the secret integer a=6, and then transmits ga mod p=36 modulo 23=16 to Bob. Bob selects the secret integer b=15, and then transmits g b modulo p=3 1 5 modulo 23=12 to Alice. Alice calculates (g b mod p) a modulo p = 12 6 modulo 23 = 9. Bob calculation (g a mod p) b modulo p = 16 1 5 modulo 23 = 9.
使此方案安全係需許多較大數字。若p為大於300數位之質數,而a及b大於100數位,則因為該計算太資源密集,所以實際上不可能入侵(即使是合法通信方)。如此,此使該協定不致被實施於電池受限之行動裝置上。Making this scenario secure requires many larger numbers. If p is a prime number greater than 300 digits, and a and b are greater than 100 digits, since the calculation is too resource intensive, it is virtually impossible to invade (even if it is a legitimate communication party). As such, this prevents the agreement from being implemented on battery-restricted mobile devices.
若使用未由他人分享聯合隨機來秘密同意數字p及q之一(或兩者),則此會促成該兩通信節點針對a,b,p及/或q使用較小數而達成相當安全性。Diffie-Hellman分享鑰匙可當作秘鑰或被用來加密及傳送該實際秘鑰。所使用較小數可使該鑰匙衍生處理較不資源密集,而使其得以被用於行動裝置上。If one of the numbers p and q (or both) is secretly agreed to by sharing the joint random number, this will cause the two communication nodes to achieve a relatively safe use of a smaller number for a, b, p and/or q. . The Diffie-Hellman shared key can be used as a key or used to encrypt and transmit the actual key. The smaller number used allows the key derivation process to be less resource intensive, allowing it to be used on mobile devices.
第1圖為依據本發明包含可衍生未由他人分享聯合隨機位元及秘鑰之兩通信實體(第一節點110及第二節點150)之系統100區塊圖。1 is a block diagram of a system 100 in accordance with the present invention including two communication entities (a first node 110 and a second node 150) that can derive a joint random bit and a secret key that are not shared by others.
該實體之一可為無線傳送/接收單元而另一者可為存取點。為了簡化,僅具有兩通信實體110,150之點對點通信系統係被說明於第1圖。然而,本發明可被應用至牽涉兩實體以上之點對多點通信系統。亦應注意該第一節點及第二節點實質上係為包含相同元件之相同實體,但為了簡化,第1圖僅描繪該第一節點及第二節點之相關元件,該第一節點被假設率先產生未由他人分享聯合隨機位元及秘鑰,其將被詳細解釋如下。One of the entities may be a wireless transmit/receive unit and the other may be an access point. For simplicity, a point-to-point communication system having only two communicating entities 110, 150 is illustrated in FIG. However, the present invention can be applied to a point-to-multipoint communication system involving more than two entities. It should also be noted that the first node and the second node are substantially the same entity including the same elements, but for the sake of simplicity, FIG. 1 only depicts the relevant elements of the first node and the second node, and the first node is assumed to be the first. The joint random bit and the secret key are not shared by others, which will be explained in detail as follows.
依據本發明,該通信實體之一率先。假設第一節點110率先。第一節點110係包含一頻道估測器112,一後處理器114(可選),一誤差修正編碼器118,一同步化編碼產生器120(可選),一秘鑰產生器116及一多工器122。According to the invention, one of the communicating entities takes the lead. Assume that the first node 110 takes the lead. The first node 110 includes a channel estimator 112, a post processor 114 (optional), an error correction encoder 118, a synchronization code generator 120 (optional), a key generator 116 and a plurality of Worker 122.
第一節點之頻道估測器112係以被接收自第二節點150之信號111為基礎來產生頻道脈衝響應估測113。第二節點150中之頻道估測器152亦以第一節點110所傳送之傳輸為基礎來產生頻道脈衝響應估測153。頻道估測器112,152係為該頻道脈衝響應估測之數位化表示。任何先前技術方法均可被用來產生頻道脈衝響應估測。例如,實體110,150可傳送特殊信號或前導序列至其他節點來協助產生頻道脈衝響應估測。頻道脈衝響應估測可以包含但不限於時域,頻域或可使用抽象向量空間表示或類似者之任何方式來產生或儲存。可產生頻道脈衝響應估測及表示方案之方法於第一節點110及第二節點150中應相同。The channel estimator 112 of the first node generates a channel impulse response estimate 113 based on the signal 111 received from the second node 150. Channel estimator 152 in second node 150 also generates channel impulse response estimate 153 based on the transmissions transmitted by first node 110. Channel estimator 112, 152 is a digital representation of the channel impulse response estimate. Any prior art method can be used to generate a channel impulse response estimate. For example, entities 110, 150 may transmit special signals or preamble sequences to other nodes to assist in generating channel impulse response estimates. The channel impulse response estimate may include, but is not limited to, the time domain, the frequency domain or may be generated or stored in any manner using an abstract vector space representation or the like. The method of generating the channel impulse response estimation and representation scheme should be the same in the first node 110 and the second node 150.
視實施而定,僅頻道脈衝響應估測部分資訊可為互反而適用於產生共用秘鑰。例如,實體110,150可選擇僅使用該頻道脈衝響應估測之振幅/功率輪廓資訊且可忽略相位資訊。Depending on the implementation, only the channel impulse response estimation portion information may be reciprocal and applicable to generate a shared secret key. For example, the entity 110, 150 may select only the amplitude/power profile information estimated using the channel impulse response and may ignore the phase information.
後處理器114可選擇性使用先前技術方法來處理該頻道脈衝響應估測。後處理器114(如低通濾波器或內插濾波器)係可移除雜訊及冗餘。實體被裝設用於多輸入多輸出(MIMO)之多天線之例中亦需後處理器114,因此天線數量及天線圖案差異可能導致該頻道脈衝響應估測有所不同。此例中,實體110,150可能必須交換其天線配置相關資訊。Post processor 114 can optionally process the channel impulse response estimate using prior art methods. Post processor 114 (such as a low pass filter or an interpolation filter) removes noise and redundancy. The post processor 114 is also required in the case where the entity is installed in multiple antennas for multiple input multiple output (MIMO), so the difference in the number of antennas and the antenna pattern may cause the channel impulse response estimation to be different. In this example, entities 110, 150 may have to exchange their antenna configuration related information.
因為頻道互反,第一節點110及第二節點150所產生之頻道脈衝響應估測係被預期非常類似。然而,具有導入該頻道脈衝響應估測差異之三個主要誤差源。第一,該頻道互反係假設兩實體處之頻道同時估測。該同時性差異會導致頻道估測中某些差異。第二,該被數位化頻道脈衝響應估測可能必須與該起始點同步化。例如,若該頻道脈衝響應估測於時域中被數位化,則該頻道脈衝響應估測有意義部分起始可能發生於該兩實體110,150中之參考零時不同位置處。此問題係被描繪於第2圖中。另一例,若該頻道脈衝響應估測使用頻域表示被儲存,則決定儲存參數時可能假設不同起始頻率/參考相位。第三,該頻道脈衝響應估測亦會因無線通信中固有之干擾所產生之誤差而有所不同。Because the channels are reciprocal, the channel impulse response estimates generated by the first node 110 and the second node 150 are expected to be very similar. However, there are three main sources of error for introducing the channel impulse response estimate differences. First, the channel reciprocal assumes that the channels at both entities are simultaneously estimated. This simultaneity difference can lead to some differences in channel estimation. Second, the digitized channel impulse response estimate may have to be synchronized with the starting point. For example, if the channel impulse response estimate is digitized in the time domain, then the channel impulse response estimate meaningful portion initiation may occur at a different location in the two entities 110, 150 at reference zero. This problem is depicted in Figure 2. In another example, if the channel impulse response estimate is stored using a frequency domain representation, then a different starting frequency/reference phase may be assumed when deciding to store the parameters. Third, the channel impulse response estimate will also vary due to errors due to interference inherent in wireless communications.
有關第一誤差源,為了確保頻道估測同時性,該頻道估測時點可被連結至特定系統時間,如無線幀或槽邊界。可替代是,同步化信號可被嵌入實體110,150傳送以支援頻道估測之信號中(如前導信號)。同步化在不需嵌入特殊信號下即可從該前導信號獲得。可替代是,頻道估測可參考如全球定位系統(GPS)之絕對時間參考來執行。可替代是,來回延遲可被測量,而同步化可以此來回延遲為基礎來達成。Regarding the first source of error, in order to ensure channel estimation simultaneity, the channel estimation time point can be linked to a specific system time, such as a radio frame or slot boundary. Alternatively, the synchronization signal can be transmitted by the embedded entities 110, 150 to support channel estimation signals (e.g., preamble signals). Synchronization is obtained from the preamble signal without embedding a special signal. Alternatively, the channel estimate can be performed with reference to an absolute time reference such as the Global Positioning System (GPS). Alternatively, the round trip delay can be measured, and synchronization can be achieved based on this back and forth delay.
有關第二誤差源,該頻道脈衝響應估測起始點可被紀錄於第一節點110處且可被傳送至第二節點150。可替代是,特殊同步化節點(如無逗點密碼)可被使用。因為同步化問題通常被限制為僅若干樣本,所以該密碼僅需有限效能。與共用時序源相關之特殊同步化信號係可藉由終端來產生,而頻道脈衝響應量測可針對該信號而達成。該同步化問題可藉由於並非議題之領域中處理該頻道脈衝響應來處理。例如,假設相位資訊可被忽略,則該同步化問題不會出現於頻域中。Regarding the second error source, the channel impulse response estimate starting point can be recorded at the first node 110 and can be transmitted to the second node 150. Alternatively, special synchronization nodes (such as no comma) can be used. Because the synchronization problem is usually limited to only a few samples, the password requires only limited performance. The special synchronization signal associated with the shared timing source can be generated by the terminal, and the channel impulse response measurement can be achieved for the signal. This synchronization problem can be handled by processing the channel impulse response in a field that is not an issue. For example, assuming that phase information can be ignored, the synchronization problem does not occur in the frequency domain.
視頻道干擾位準而定,秘密比率損失可大或最小。例如,非常吵雜頻道中,相位資訊可能高度不可靠,因而忽略其將產生最小秘密比率損失。The video channel interference level can be large or small, and the secret rate loss can be large or small. For example, in very noisy channels, phase information can be highly unreliable, so ignoring it will result in a minimum secret ratio loss.
再參考第1圖,後處理頻道脈衝響應估測115係被饋送至秘鑰產生器116,誤差修正編碼器118及同步化編碼產生器120。秘鑰產生器116可從頻道脈衝響應估測115產生秘鑰117,其為未由他人分享聯合隨機位元。Referring again to FIG. 1, post-processing channel impulse response estimate 115 is fed to key generator 116, error correction encoder 118 and synchronization code generator 120. Key generator 116 may generate secret key 117 from channel impulse response estimate 115, which is a joint random bit not shared by others.
同步化編碼產生器120可產生用於同時性及同步化”起始點”之同步化信號/編碼121。誤差修正編碼器118可對頻道脈衝響應估測115執行誤差修正編碼並產生同位位元119。誤差修正編碼可為區塊編碼或迴旋編碼。本發明使用系統誤差修正編碼,使得原始訊息(也就是係頻道脈衝響應估測115之編碼器輸入)亦被輸出自誤差修正編碼器118。依據本發明,僅同位位元119於被多工器122以同步化信號/編碼121多工之後被傳送至第二節點150。該被多工位元流123係被傳送至第二節點150。The synchronization code generator 120 can generate a synchronization signal/code 121 for the simultaneous and synchronized "starting point". Error correction encoder 118 may perform error correction coding on channel impulse response estimate 115 and generate parity bits 119. The error correction coding can be block coding or convolutional coding. The present invention uses systematic error correction coding such that the original message (i.e., the encoder input of the channel impulse response estimate 115) is also output from the error correction encoder 118. In accordance with the present invention, only the parity bit 119 is transmitted to the second node 150 after being multiplexed by the multiplexer 122 with the synchronization signal/code 121. The multiplexed bit stream 123 is transmitted to the second node 150.
第二節點150包含一頻道估測器152,一同步化位元解調器154,一同位位元解調器156,一後處理器158(可選),一同步化單元160,一誤差修正解碼器162及一秘鑰產生器164。頻道估測器152可從第一節點110所傳送之被接收信號151產生之頻道脈衝響應估測。頻道脈衝響應估測153係選擇性藉由上述同位位元解調器156來處理。同步化位元解調器154可解調該被接收信號151來回復同步化信號/編碼155。同位位元解調器156可解調該被接收信號151來回復同位位元157。同步化信號/編碼155係被饋送至同步化單元160,而同位位元157係被饋送至誤差修正解碼器162。後處理頻道脈衝響應估測159係藉由同步化單元160處理。同步化單元160可依據同步化信號/編碼155來修正因缺乏同時性及/或起始點錯誤校準導致之頻道脈衝響應估測差異。The second node 150 includes a channel estimator 152, a synchronization bit demodulator 154, a parity bit demodulator 156, a post processor 158 (optional), a synchronization unit 160, and an error correction. The decoder 162 and a key generator 164. Channel estimator 152 can estimate the channel impulse response generated by received signal 151 transmitted by first node 110. The channel impulse response estimate 153 is selectively processed by the co-located bit demodulator 156 described above. Synchronization bit demodulator 154 may demodulate the received signal 151 to reply to the synchronization signal/code 155. The parity bit demodulator 156 can demodulate the received signal 151 to reply to the parity bit 157. The synchronization signal/code 155 is fed to the synchronization unit 160, and the parity bit 157 is fed to the error correction decoder 162. The post-processing channel impulse response estimate 159 is processed by the synchronization unit 160. The synchronization unit 160 may correct the channel impulse response estimation difference due to lack of simultaneity and/or starting point error calibration in accordance with the synchronization signal/code 155.
誤差修正解碼器162可執行誤差修正解碼將同步化單元160所處理之頻道脈衝響應估測159當作編碼字元訊息部分,其可能包含誤差並使用該被接收同位位元157來修正該誤差。若區塊編碼被良好選擇,則誤差修正解碼器162之輸出163係與第一節點110以非常高機率所產生之頻道脈衝響應估測相同。因此,第一節點110及第二節點150成功獲得相同資料序列,但僅公開地揭示其若干部分(也就是同位位元)且可衍生相同未由他人分享聯合隨機位元。Error correction decoder 162 may perform error correction decoding to treat channel impulse response estimate 159 processed by synchronization unit 160 as a coded word message portion, which may contain errors and use the received parity bit 157 to correct the error. If the block coding is well selected, the output 163 of the error correction decoder 162 is the same as the channel impulse response estimate produced by the first node 110 at a very high probability. Therefore, the first node 110 and the second node 150 successfully obtain the same data sequence, but only disclose some parts thereof (ie, the same bit) and can derive the same unshared random bit that is not shared by others.
誤差修正解碼器162可被用來支援被數位化頻道脈衝響應估測起始點之同步化。第二節點150可產生一組頻道脈衝響應估測,並以同位位元157解碼各可能頻道脈衝響應估測。誤差修正解碼器162可計數各頻道脈衝響應估測中之誤差數。由於非常高機率,僅修正者會產生非常高修正數;而修正者產生非常低修正數。此法中,誤差修正解碼處理可支援該起始點同步化。Error correction decoder 162 can be used to support synchronization of the digital channel impulse response estimate starting point. The second node 150 can generate a set of channel impulse response estimates and decode the possible channel impulse response estimates with the parity bits 157. Error correction decoder 162 can count the number of errors in each channel impulse response estimate. Due to the very high probability, only the corrector will produce very high corrections; the corrector will produce very low corrections. In this method, the error correction decoding process can support the synchronization of the starting point.
一旦頻道脈衝響應估測已於第一節點110及第二節點150之間被校準,秘鑰產生器164係可產生與第一節點110所產生之秘鑰117相同之秘鑰165。Once the channel impulse response estimate has been calibrated between the first node 110 and the second node 150, the key generator 164 can generate the same secret key 165 as the secret key 117 generated by the first node 110.
第3圖為依據本發明衍生用於無線系統之未由他人分享聯合隨機位元及秘鑰之處理300流程圖。第一節點可從被第二節點傳送之傳輸產生頻道脈衝響應估測,而第二節點可從被第一節點傳送之傳輸產生頻道脈衝響應估測(步驟302)。為了修正第一節點所產生之頻道脈衝響應估測及第二節點所產生之頻道脈衝響應估測間之差異(及選擇性支援該頻道脈衝響應估測之同步化),該第一節點可傳送同位位元(及選擇性同步化信號/編碼)至該第二節點(步驟304)。該同位位元可藉由該第一節點所產生之頻道脈衝響應估測上之誤差修正編碼來產生。該第二節點可使用該第一節點所傳送之同步化信號/編碼或使用上述某些其他方案將該第二節點所產生之頻道脈衝響應估測與該第一節點所產生之頻道脈衝響應估測同步化(步驟306)。該第二節點接著藉由該同位位元對該被同步化頻道脈衝響應估測執行誤差修正解碼來修正對該被同步化頻道脈衝響應估測及該第一節點所產生之頻道脈衝響應估測間之差異(步驟308)。步驟302-308可被重複若干次。此法中,第一節點及第二節點可獲得相同頻道脈衝響應估測(未由他人分享聯合隨機位元)。第一節點及第二節點接著可從該相同頻道脈衝響應估測產生秘鑰(步驟310)。Figure 3 is a flow diagram of a process 300 for deriving a joint random bit and key that is not shared by others in accordance with the present invention. The first node may generate a channel impulse response estimate from the transmission transmitted by the second node, and the second node may generate a channel impulse response estimate from the transmission transmitted by the first node (step 302). In order to correct the difference between the channel impulse response estimate generated by the first node and the channel impulse response estimate generated by the second node (and selectively support synchronization of the channel impulse response estimate), the first node may transmit The parity bit (and selectively synchronizing the signal/encoding) to the second node (step 304). The parity bit can be generated by an error correction code on the channel impulse response estimate generated by the first node. The second node may estimate the channel impulse response generated by the second node and the channel impulse response generated by the first node using the synchronization signal/encoding transmitted by the first node or using some other scheme described above Synchronization is measured (step 306). The second node then performs error correction decoding on the synchronized channel impulse response estimate by the parity bit to correct the estimated channel impulse response estimate and the channel impulse response estimate generated by the first node. The difference between the steps (step 308). Steps 302-308 can be repeated several times. In this method, the first node and the second node can obtain the same channel impulse response estimate (the joint random bit is not shared by others). The first node and the second node can then generate a secret key from the same channel impulse response estimate (step 310).
第4圖為依據本發明一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理400流程圖。一旦無線傳送/接收單元於步驟402被與存取點連結,則可決定無線網路所支援之驗證類型是IEEE802.1x或先分享鑰匙(步驟404)。若IEEE802.1x被支援,則驗證,授權及會計(AAA)伺服器及無線傳送/接收單元可使用數位憑證來彼此驗證(步驟406)。當部份驗證信號發送時,無線傳送/接收單元係傳送使用該驗證,授權及會計伺服器之公共鑰匙被加密之秘密至該驗證,授權及會計伺服器,使得僅該驗證,授權及會計伺服器得以使用對應私用鑰匙來解密它。此秘密係被當作衍生秘鑰之種子。該驗證,授權及會計伺服器接著傳送該秘密至存取點(步驟408)。若被支援驗證類型為先分享鑰匙,則該先分享鑰匙係被設定為預設秘密(步驟410)。4 is a flow diagram of a process 400 for using a joint random bit-derived secret key that is not shared by others in accordance with an embodiment of the present invention. Once the WTRU is connected to the access point in step 402, it may be determined that the type of authentication supported by the wireless network is IEEE 802.1x or a shared key (step 404). If IEEE 802.1x is supported, the Authentication, Authorization and Accounting (AAA) server and the WTRU can use the digital credentials to authenticate each other (step 406). When a part of the verification signal is sent, the WTRU transmits the secret that the authentication and accounting server's public key is encrypted to the authentication, authorization and accounting server, so that only the verification, authorization and accounting servo are used. The device can decrypt it using the corresponding private key. This secret is used as the seed of the derivative key. The verification, authorization and accounting server then transmits the secret to the access point (step 408). If the supported authentication type is the first shared key, the first shared key is set as the preset secret (step 410).
存取點及無線傳送/接收單元可使用上述說明之處理來產生未由他人分享聯合隨機位元(步驟412)。應注意,未由他人分享聯合隨機位元不僅於秘密被轉送之後,並於該秘鑰產生之前任何步驟被產生。存取點及無線傳送/接收單元可使用該秘密及未由他人分享聯合隨機位元來衍生秘鑰(步驟414)。存取點及無線傳送/接收單元接著交換一部份秘鑰來確認鑰匙及身分(步驟416)。群組鑰匙可如IEEE 802.1i目前所做者使用秘鑰當作成對瞬變鑰匙被衍生及傳送至無線傳送/接收單元(步驟418)。The access point and the wireless transmit/receive unit may use the process described above to generate a joint random bit that is not shared by others (step 412). It should be noted that the joint random bit is not shared by others not only after the secret is forwarded, but also at any step prior to the generation of the key. The access point and the wireless transmit/receive unit may use the secret and the shared random bit not shared by others to derive the secret key (step 414). The access point and the WTRU then exchange a portion of the secret key to confirm the key and identity (step 416). The group key can be derived and transmitted to the wireless transmit/receive unit as a pair of transient keys, as currently done by IEEE 802.1i, using the secret key (step 418).
秘鑰準備被衍生時尚未產生充足未由他人分享聯合隨機位元之事件中,依據IEEE 802.11i標準之處理係可被遵循。應注意,起始衍生係需步驟402-410,而秘鑰更新或再新僅可藉由衍生新未由他人分享聯合隨機位元來執行。The processing according to the IEEE 802.11i standard can be followed in the event that the key preparation is not yet generated enough to share the joint random bit. It should be noted that the initial derivative system requires steps 402-410, and the key update or renewed can only be performed by deriving new unshared random bits that are not shared by others.
為了更新鑰匙,802.1x例中,新秘密可被交換且新未由他人分享聯合隨機位元可被產生,或可替代地,具有舊秘密之新未由他人分享聯合隨機位元可被使用。僅第二部份可用於先分享鑰匙例。歷史資料可被用來驗證未由他人分享聯合隨機位元。雙方可快取某些早期鑰匙事先同意部份。入侵者不能僅使用被偷竊私用鑰匙,還必須猜測被衍生之先前鑰匙來解密該主秘密。In order to update the key, in the 802.1x example, the new secret can be exchanged and the new unshared random bit can be generated by others, or alternatively, the new unshared joint random bit with the old secret can be used. Only the second part can be used to share the key case first. Historical data can be used to verify that joint random bits are not shared by others. Both parties can cache some of the early key prior consent sections. The intruder cannot use only the stolen private key, but must also guess the derived previous key to decrypt the master secret.
此處理明確地分隔系統中之驗證及鑰匙產生角色。驗證,授權及會計伺服器僅處理驗證客戶,而存取點處理鑰匙產生。此與IEEE 802.1x不同,其中驗證,授權及會計伺服器被牽涉鑰匙衍生及驗證。未由他人分享聯合隨機可促使新及最新秘鑰動態地每幾百分之一秒(視頻道情況而定)被衍生。此與先前技術不同,其中鑰匙更新係被事先程式設計且不為新密碼,而新秘密係於產生新鑰匙之處必須被交換。本發明處理400中並無主鑰匙或成對主鑰匙。因此,該處理較先前技術簡單。This process explicitly separates the verification and key generation roles in the system. Verification, authorization and accounting servers only process authentication clients, while access points handle key generation. This is different from IEEE 802.1x, where authentication, authorization, and accounting servers are involved in key derivation and verification. Sharing the joint randomness by others can cause the new and latest keys to be dynamically derived every few hundredths of a second (depending on the video channel). This differs from the prior art in that the key update is pre-programmed and not a new password, and the new secret must be exchanged where a new key is generated. There is no master key or pair of master keys in the process 400 of the present invention. Therefore, this process is simpler than the prior art.
既存802.11i協定中,知道驗證憑據(802.1x例中)或先分享鑰匙(先分享鑰匙驗證例中)之入侵者僅必須偷聽信號發送交換來知道秘鑰。相對地,使用本發明方法時,當處理驗證憑據(如數位憑證或先分享鑰匙驗證)之入侵者不分享無線傳送/接收單元及存取點所分享之相同頻道時,其不能衍生秘鑰,因而不能做出相同未由他人分享聯合隨機位元。In the existing 802.11i protocol, an intruder who knows the authentication credentials (in the 802.1x case) or shares the key first (in the shared key authentication example) only has to eavesdrop on the signal exchange to know the key. In contrast, when using the method of the present invention, when an intruder processing a verification credential (such as a digital credential or a shared key verification) does not share the same channel shared by the WTRU and the access point, it cannot derive the secret key. Cannot make the same unshared random bit that is not shared by others.
現行IEEE 802標準下,鑰匙更新並不真正密碼安全,因為僅成對瞬變鑰匙改變而主鑰匙及成對主鑰匙維持相同。若入侵者猜到成對主鑰匙,則當成對瞬變鑰匙剛好是成對主鑰匙加上清除中被交換之隨機資訊時,更新鑰匙並不服務任何密碼術目的。被用來衍生主鑰匙及成對主鑰匙之主秘密係服務密碼術目的而非常長(如48位元組)。因此,針對IEEE 802.11i中之新鑰匙,必須交換已被真正隨機衍生之長48位元組數(其為資源密集)。然而,依據本發明,該被交換秘密可驗證被衍生自未由他人分享聯合隨機位元之秘鑰,而僅需長得足以阻止蠻力入侵者(如約16位元組)。此使其可於每次鑰匙必須以未由他人分享聯合隨機更新時重新產生它。本發明提供僅一被交換短秘密及一組被衍生鑰匙,而非一被交換長鑰匙及3組被衍生鑰匙(也就是主鑰匙,成對主鑰匙及成對瞬變鑰匙)之較簡單鑰匙衍生方法。此可節省行動裝置之電源。Under the current IEEE 802 standard, key updates are not really password-safe because only pairs of transient keys change and the master key and the paired master keys remain the same. If the intruder guesses the paired master key, then when the paired transient key happens to be the paired master key plus the random information exchanged in the purge, the update key does not serve any cryptographic purposes. The master secret used to derive the master key and the paired master key is very long (eg 48-bit) for the purpose of service cryptography. Therefore, for the new key in IEEE 802.11i, the number of long 48-bit tuples that have been truly randomly derived must be exchanged (which is resource intensive). However, in accordance with the present invention, the exchanged secret verifiable is derived from a key that does not share the joint random bit by others, but only needs to be long enough to prevent brute force intruders (e.g., about 16 bytes). This makes it possible to regenerate the key each time it has to share a joint random update without being shared by others. The present invention provides only one exchanged short secret and a set of derived keys, rather than a simple key exchanged with a long key and three sets of derived keys (ie, a master key, a paired master key, and a pair of transient keys) Derivative method. This saves power to the mobile device.
第5圖為依據本發明另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理500流程圖。處理500類似處理400。步驟502-512與步驟402-412相同,為了簡化不再解釋。秘密被轉送至存取點且未由他人分享聯合隨機位元被產生之後,存取點及無線傳送/接收單元可使用該秘密及未由他人分享聯合隨機位元來衍生成對主鑰匙(步驟514)。群組鑰匙接著可如IEEE 802.11i目前所做者被衍生及傳送至無線傳送/接收單元(步驟516)。Figure 5 is a flow diagram 500 of a process 500 for using a shared random bit derived key that is not shared by others in accordance with another embodiment of the present invention. Process 500 is similar to process 400. Steps 502-512 are the same as steps 402-412 and will not be explained again for simplicity. After the secret is forwarded to the access point and the shared random bit is not shared by others, the access point and the WTRU can use the secret and the shared random bit is not shared by others to derive the master key (step 514). The group key can then be derived and transmitted to the wireless transmit/receive unit as currently done by IEEE 802.11i (step 516).
第6圖為依據本發明再另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理600流程圖。一旦無線傳送/接收單元於步驟602被與存取點連結,則可決定無線網路所支援之驗證類型是IEEE802.1x或先分享鑰匙(步驟604)。若IEEE802.1x被支援,則驗證,授權及會計伺服器及無線傳送/接收單元可使用數位憑證來彼此驗證並交換主秘密(步驟606)。驗證,授權及會計伺服器及無線傳送/接收單元接著使用該主秘密來衍生主鑰匙(步驟608)。驗證,授權及會計伺服器及無線傳送/接收單元接著從該主鑰匙衍生成對主鑰匙,而驗證,授權及會計伺服器將此成對主鑰匙傳送至存取點(步驟610)。若被支援驗證類型為先分享鑰匙,則該先分享鑰匙係被設定為成對主鑰匙(步驟611)。Figure 6 is a flow diagram of a process 600 for using a joint random bit-derived secret key that is not shared by others in accordance with yet another embodiment of the present invention. Once the WTRU is connected to the access point in step 602, it may be determined that the type of authentication supported by the wireless network is IEEE 802.1x or a shared key (step 604). If IEEE 802.1x is supported, the authentication, authorization and accounting server and the WTRU can use the digital credentials to authenticate and exchange the master secrets with each other (step 606). The verification, authorization and accounting server and the wireless transmit/receive unit then use the master secret to derive the master key (step 608). The verification, authorization and accounting server and the wireless transmit/receive unit then derive the master key from the master key, and the verification, authorization and accounting server transmits the paired master key to the access point (step 610). If the supported verification type is the first shared key, the first shared key is set as the paired master key (step 611).
存取點及無線傳送/接收單元使用上述說明之處理來產生未由他人分享聯合隨機位元(步驟612)。應注意,未由他人分享聯合隨機位元不僅於成對主鑰匙被轉送之後,並於該秘鑰產生之前任何步驟被產生。其可於衍生成對主鑰匙之前被執行(802.1x例中)來加速鑰匙衍生處理。亦可於4向交握處理期間被達成以衍生成對瞬變鑰匙。此使系統得以與先分享鑰匙驗證相容。同位檢查亦可於衍生成對瞬變鑰匙之前任何時間被執行。The access point and the wireless transmit/receive unit use the process described above to generate a joint random bit that is not shared by others (step 612). It should be noted that the joint random bit is not shared by others not only after the paired master key is forwarded, but also at any step prior to the generation of the key. It can be executed before being derived into the master key (in the 802.1x case) to speed up the key derivation process. It can also be achieved during the 4-way handshake process to derive into a transient key. This allows the system to be compatible with the first shared key verification. The parity check can also be performed any time before it is derived into a transient key.
存取點及無線傳送/接收單元使用成對主鑰匙及未由他人分享聯合隨機位元來衍生成對瞬變鑰匙(步驟614)。成對瞬變鑰匙可被衍生如下:PTK=PRF(成對主鑰匙,清除中之資訊,未由他人分享聯合隨機位元)。The access point and the wireless transmit/receive unit derive the paired transient key using the paired master key and the shared random bit not shared by others (step 614). Paired transient keys can be derived as follows: PTK=PRF (paired master key, clearing information, not shared random bits by others).
群組鑰匙接著可如IEEE 802.11i目前所做者被衍生及交換(步驟616)。The group key can then be derived and exchanged as currently done by IEEE 802.11i (step 616).
第7圖為依據本發明仍再另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理700流程圖。一旦無線傳送/接收單元於步驟702被與存取點連結,則可決定無線網路所支援之驗證類型是IEEE802.1x或先分享鑰匙(步驟704)。此實施例中,先分享鑰匙不被支援而僅IEEE802.1x被支援。若先分享鑰匙為網路所支援類型,則該處理結束。若IEEE802.1x被支援,則驗證,授權及會計伺服器及無線傳送/接收單元可交換先主秘密,而驗證,授權及會計伺服器傳送該主秘密至存取點(步驟706)。Figure 7 is a flow diagram of a process 700 for using a joint random bit-derived secret key that is not shared by others in accordance with yet another embodiment of the present invention. Once the WTRU is connected to the access point in step 702, it may be determined that the type of authentication supported by the wireless network is IEEE 802.1x or a shared key (step 704). In this embodiment, the first share key is not supported and only IEEE 802.1x is supported. If the key is first shared by the network, the process ends. If IEEE 802.1x is supported, the authentication, authorization and accounting server and the WTRU can exchange the master secret, and the authentication, authorization and accounting server transmits the master secret to the access point (step 706).
驗證,授權及會計伺服器及存取點使用該先主秘密來衍生主鑰匙(步驟710)。無線傳送/接收單元及存取點接著使用該主鑰匙及未由他人分享聯合隨機位元來衍生成對主鑰匙(步驟712)。存取點及無線傳送/接收單元使用該成對主鑰匙來衍生成對瞬變鑰匙(步驟714)。群組鑰匙接著可如IEEE 802.11i目前所做者被衍生及交換(步驟716)。The verification, authorization, and accounting server and access point use the master secret to derive the master key (step 710). The WTRU/access point then uses the master key and shares the joint random bit not shared by others to derive the master key (step 712). The access point and the wireless transmit/receive unit use the pair of master keys to derive into a transient key (step 714). The group key can then be derived and exchanged as currently done by IEEE 802.11i (step 716).
第8圖為依據本發明使用Diffie-Hellman協定衍生秘鑰之處理800流程圖。無線傳送/接收單元802及存取點804同意使用未由他人分享聯合隨機藉由交換未由他人分享聯合隨機起始訊息來驅動鑰匙至存取點及未由他人分享聯合隨機起始確認(步驟812,814)。無線傳送/接收單元802及存取點804係以頻道脈衝響應估測為基礎從彼此間之傳輸產生未由他人分享聯合隨機位元(步驟816,818)。無線傳送/接收單元802(率先)藉由對被產生頻道脈衝響應估測執行誤差修正編碼來產生同位位元並傳送該同位位元至存取點804(步驟820)。存取點804使用該被接收同位位元來執行誤差修正解碼且可選擇性傳送確認(步驟822)。步驟816-822可被重複若干次。Figure 8 is a flow diagram of a process 800 for deriving a secret key using a Diffie-Hellman protocol in accordance with the present invention. The WTRU 802 and the access point 804 agree to use the unshared joint random exchange by others to exchange the joint random start message to drive the key to the access point and not share the joint random start confirmation by others (steps) 812,814). The WTRU 802 and the access point 804 generate a joint random bit that is not shared by others based on the channel impulse response estimate (steps 816, 818). The WTRU 802 (first) generates a parity bit by performing error correction coding on the generated channel impulse response estimate and transmits the parity bit to the access point 804 (step 820). Access point 804 uses the received parity bit to perform error correction decoding and selectively transmits an acknowledgment (step 822). Steps 816-822 can be repeated several times.
無線傳送/接收單元802及存取點804係具有可儲存映射未由他人分享聯合隨機位元至p及q值之秘密數p及q(質數)之預定查找表(LUT)。例如,若未由他人分享聯合隨機測量可產生5位元秘密資料,無線傳送/接收單元802及存取點804可針對質數p選擇16可能唯一值之一及針對基數g選擇另16值。應注意,熟練技術人士所明瞭之其他方案係可替代查找表被使用。因為依據本發明具有p及g秘密之安全性附加層,所以被儲存質數應該很大,但不必與傳統Diffie-Hellman協定般大。較佳地,該質數大小階亦應不同使入侵者很難猜測模數值範圍。雖然公開已知未由他人分享聯合隨機位元對查找表值之映射,但因為入侵者不能偷聽未由他人分享聯合隨機測量,所以其並不知何值實際被選用。The WTRU 802 and the access point 804 have a predetermined lookup table (LUT) that can store secret numbers p and q (primary numbers) that are not shared by others from the joint random bits to the p and q values. For example, if the joint random measurement is not shared by others to generate 5-bit secret data, the WTRU 802 and the access point 804 can select one of the 16 possible unique values for the prime number p and another 16 for the base g. It should be noted that other schemes as would be apparent to the skilled artisan are available instead of lookup tables. Since the security add-on layer with p and g secrets in accordance with the present invention, the stored quality should be large, but not necessarily as large as the traditional Diffie-Hellman protocol. Preferably, the magnitude of the prime number should also be different to make it difficult for an intruder to guess the range of modulo values. Although it is known that the mapping of joint random bits to lookup table values is not shared by others, since the intruder cannot overhear the joint random measurement that is not shared by others, it does not know what value is actually selected.
無線傳送/接收單元802及存取點804分別選擇秘密整數a及b,並分別傳送ga 模p及gb 模q至另一方,並分別驅動b及a(步驟824,826)。無線傳送/接收單元802及存取點804使用此來衍生共享秘密(步驟828)。無線傳送/接收單元802及存取點804使用該共享秘密來傳送被加密未由他人分享聯合隨機鑰匙或將該共享秘密當作未由他人分享聯合隨機鑰匙(步驟830)。The WTRU 802 and the access point 804 select the secret integers a and b, respectively, and transmit the g a modulo p and the g b modulo q to the other, respectively, and drive b and a, respectively (steps 824, 826). The wireless transmit/receive unit 802 and the access point 804 use this to derive a shared secret (step 828). The wireless transmitting/receiving unit 802 and the access point 804 use the shared secret to transmit the shared random key that is encrypted and not shared by others or treat the shared secret as if the joint random key was not shared by others (step 830).
雖然本發明之特性及元件被以特定組合說明於較佳實施例中,但各特性及元件係不需較佳實施例之其他特性及元件,或有或無本發明其他特性及元件之各種組合中被單獨使用。The features and elements of the present invention are described in the preferred embodiments in the preferred embodiments, and the various features and elements are not required to be further Used separately.
100...區塊圖100. . . Block diagram
110、150...節點110, 150. . . node
113、115、153、159...頻道脈衝響應估測113, 115, 153, 159. . . Channel impulse response estimation
117、165...秘鑰117, 165. . . Secret key
119、157...位元119, 157. . . Bit
121、155...信號/編碼121, 155. . . Signal/coding
123...位元流123. . . Bit stream
163...輸出163. . . Output
300、400、500、600、700、800...流程圖300, 400, 500, 600, 700, 800. . . flow chart
AP...存取點AP. . . Access point
a、b...秘密整數a, b. . . Secret integer
g...基數g. . . Cardinal number
p、q...質數p, q. . . Prime number
PSK...先分享鑰匙PSK. . . Share the key first
WTRU...無線傳送/接收單元WTRU. . . Wireless transmission/reception unit
第1圖為依據本發明包含可衍生秘鑰之兩通信實體之系統區塊圖。BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a system block diagram of two communicating entities including derivable secret keys in accordance with the present invention.
第2圖說明因第一節點及第二節點處之不同起始點所造成之頻道脈衝響應估測差異問題。Figure 2 illustrates the difference in channel impulse response estimates due to different starting points at the first node and the second node.
第3圖為依據本發明衍生秘鑰之處理流程圖。Figure 3 is a flow chart showing the process of deriving a secret key in accordance with the present invention.
第4圖為依據本發明一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理流程圖。Figure 4 is a flow diagram showing the process of using a joint random bit-derived secret key that is not shared by others in accordance with an embodiment of the present invention.
第5圖為依據本發明另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理流程圖。FIG. 5 is a flow chart showing a process of using a joint random bit-derived secret key that is not shared by others according to another embodiment of the present invention.
第6圖為依據本發明再另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理流程圖。Figure 6 is a flow chart showing the process of using a joint random bit-derived secret key that is not shared by others according to still another embodiment of the present invention.
第7圖為依據本發明仍再另一實施例使用未由他人分享聯合隨機位元衍生秘鑰之處理流程圖。Figure 7 is a flow chart showing a process for using a joint random bit-derived secret key that is not shared by others in accordance with still another embodiment of the present invention.
第8圖為依據本發明使用Diffie-Hellman鑰匙衍生演算法衍生秘鑰之處理流程圖。Figure 8 is a flow diagram of the process of deriving a secret key using a Diffie-Hellman key derivation algorithm in accordance with the present invention.
800...流程圖800. . . flow chart
AP...存取點AP. . . Access point
a、b...秘密整數a, b. . . Secret integer
g...基數g. . . Cardinal number
p、q...質數p, q. . . Prime number
WTRU...無線傳送/接收單元WTRU. . . Wireless transmission/reception unit
Claims (45)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US64748205P | 2005-01-27 | 2005-01-27 | |
US71617705P | 2005-09-12 | 2005-09-12 | |
US73433105P | 2005-11-07 | 2005-11-07 | |
US11/318,381 US8280046B2 (en) | 2005-09-12 | 2005-12-23 | Method and system for deriving an encryption key using joint randomness not shared by others |
Publications (2)
Publication Number | Publication Date |
---|---|
TW200723818A TW200723818A (en) | 2007-06-16 |
TWI404393B true TWI404393B (en) | 2013-08-01 |
Family
ID=36740955
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW095102241A TWI378701B (en) | 2005-01-27 | 2006-01-20 | Method and wireless transmit /receive unit for deriving an encryption key using joint randomness not shared by others |
TW095128389A TWI404393B (en) | 2005-01-27 | 2006-01-20 | Node for securing wireless communications and mathod thereof |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW095102241A TWI378701B (en) | 2005-01-27 | 2006-01-20 | Method and wireless transmit /receive unit for deriving an encryption key using joint randomness not shared by others |
Country Status (9)
Country | Link |
---|---|
EP (1) | EP1847060A4 (en) |
JP (1) | JP4734344B2 (en) |
KR (3) | KR20110076992A (en) |
CN (1) | CN101951383B (en) |
CA (1) | CA2596067C (en) |
MX (1) | MX2007009063A (en) |
NO (1) | NO20074210L (en) |
TW (2) | TWI378701B (en) |
WO (1) | WO2006081122A2 (en) |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101123993B1 (en) * | 2006-04-18 | 2012-04-16 | 인터디지탈 테크날러지 코포레이션 | Method and system for securing wireless communications |
US20080075280A1 (en) * | 2006-09-21 | 2008-03-27 | Interdigital Technology Corporation | Group-wise secret key generation |
KR20090067209A (en) | 2006-10-12 | 2009-06-24 | 인터디지탈 테크날러지 코포레이션 | A method and system for enhancing cryptographic capabilities of a wireless device using broadcasted random noise |
GB2447674B (en) * | 2007-03-21 | 2011-08-03 | Lancaster University | Generation of a cryptographic key from device motion |
US10091648B2 (en) | 2007-04-26 | 2018-10-02 | Qualcomm Incorporated | Method and apparatus for new key derivation upon handoff in wireless networks |
WO2009014063A1 (en) * | 2007-07-20 | 2009-01-29 | Nec Corporation | Encrypted communication method and encrypted communication system |
US9198033B2 (en) * | 2007-09-27 | 2015-11-24 | Alcatel Lucent | Method and apparatus for authenticating nodes in a wireless network |
WO2009061962A2 (en) | 2007-11-06 | 2009-05-14 | Interdigital Patent Holdings, Inc. | Method and apparatus for enabling physical layer secret key generation |
KR101323060B1 (en) | 2008-05-12 | 2013-10-29 | 인터디지탈 패튼 홀딩스, 인크 | Information-theoretically secure secrecy generation |
US8433894B2 (en) | 2008-07-08 | 2013-04-30 | Interdigital Patent Holdings, Inc. | Support of physical layer security in wireless local area networks |
FR2976431B1 (en) * | 2011-06-07 | 2014-01-24 | Commissariat Energie Atomique | SECRET KEY GENERATION METHOD FOR WIRELESS COMMUNICATION SYSTEM |
KR101269026B1 (en) * | 2011-12-21 | 2013-05-29 | 한국전자통신연구원 | Apparatus and method for group key generation using wireless channel status |
US9665638B2 (en) | 2012-10-30 | 2017-05-30 | FHOOSH, Inc. | Systems and methods for secure storage of user information in a user profile |
US20140269362A1 (en) * | 2013-03-15 | 2014-09-18 | Shahrnaz Azizi | Techniques to Update a Wireless Communication Channel Estimation |
US9124580B1 (en) * | 2014-02-07 | 2015-09-01 | The Boeing Company | Method and system for securely establishing cryptographic keys for aircraft-to-aircraft communications |
DE102014208975A1 (en) | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | A method for generating a key in a network and subscribers to a network and network |
DE102014209046A1 (en) | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | A method for generating a secret, cryptographic key in a mobile terminal |
DE102014208964A1 (en) | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | Method for generating a key in a network as well as network subscribers established for this purpose |
DE102014208965A1 (en) | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | Method for authenticating a network participant and network participant, network and computer program for this purpose |
DE102014208974A1 (en) | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | Method for determining information about the distance between two devices and devices and computer programs set up for this purpose |
DE102014217330A1 (en) | 2014-08-29 | 2016-03-03 | Robert Bosch Gmbh | Method for comparing information between devices and device set up for this purpose |
DE102014217320A1 (en) | 2014-08-29 | 2016-03-03 | Robert Bosch Gmbh | Method for generating a cryptographic key in a device and device set up for this purpose |
US10579823B2 (en) | 2014-09-23 | 2020-03-03 | Ubiq Security, Inc. | Systems and methods for secure high speed data generation and access |
US9842227B2 (en) | 2014-09-23 | 2017-12-12 | FHOOSH, Inc. | Secure high speed data storage, access, recovery, and transmission |
DE102015215569A1 (en) | 2015-08-14 | 2017-02-16 | Robert Bosch Gmbh | Method for generating a secret between subscribers of a network and subscribers of the network established for this purpose |
WO2017063716A1 (en) * | 2015-10-16 | 2017-04-20 | Huawei Technologies Co., Ltd. | Secure paring method for mimo systems |
DE102015225222A1 (en) | 2015-12-15 | 2017-06-22 | Robert Bosch Gmbh | Method for generating a secret sequence of values in a device depending on measured physical properties of a transmission channel |
DE102015225220A1 (en) | 2015-12-15 | 2017-06-22 | Robert Bosch Gmbh | Method for generating a secret sequence of values in a device depending on measured physical properties of a transmission channel |
FR3046315B1 (en) * | 2015-12-29 | 2018-04-27 | Thales | METHOD FOR UNIVALENT AND UNIVERSAL EXTRACTION OF KEYS FROM THE PROPAGATION CHANNEL |
KR20180097903A (en) | 2017-02-24 | 2018-09-03 | 삼성전자주식회사 | Apparatus and method for generating secure key in wireless communication system |
US11349656B2 (en) * | 2018-03-08 | 2022-05-31 | Ubiq Security, Inc. | Systems and methods for secure storage and transmission of a data stream |
GB201817117D0 (en) * | 2018-10-19 | 2018-12-05 | Nat Univ Ireland Maynooth | Encryption method |
EP3697052A1 (en) * | 2019-02-14 | 2020-08-19 | Siemens Aktiengesellschaft | Method and system for transfer of data in a network |
US20240259795A1 (en) * | 2021-07-16 | 2024-08-01 | Qualcomm Incorporated | Secret key verification in wireless communication |
KR102675382B1 (en) * | 2022-01-18 | 2024-06-17 | 광주과학기술원 | Apparatus for signal transmission , apparatus for signal reception, method for signal transmission and method for signal reception in cryptographic key generation system based on autoencoder |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4882737A (en) * | 1987-07-31 | 1989-11-21 | Bbc Brown Boveri Ag | Signal transmission method |
US5450456A (en) * | 1993-11-12 | 1995-09-12 | Daimler Benz Ag | Method and arrangement for measuring the carrier frequency deviation in a multi-channel transmission system |
US5970060A (en) * | 1995-10-06 | 1999-10-19 | Siemens Aktiengesellschaft | Method and system for radio transmission of digital signals |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5745578A (en) * | 1996-06-17 | 1998-04-28 | Ericsson Inc. | Apparatus and method for secure communication based on channel characteristics |
JP2006180549A (en) * | 2002-02-28 | 2006-07-06 | Matsushita Electric Ind Co Ltd | Communication apparatus and communication method |
JP2004032679A (en) * | 2002-02-28 | 2004-01-29 | Matsushita Electric Ind Co Ltd | Communication apparatus and communication system |
JP2003273856A (en) * | 2002-03-14 | 2003-09-26 | Communication Research Laboratory | Communication apparatus and communication method |
JP4245972B2 (en) * | 2002-05-29 | 2009-04-02 | Nttエレクトロニクス株式会社 | Wireless communication method, wireless communication device, communication control program, communication control device, key management program, wireless LAN system, and recording medium |
US7587598B2 (en) * | 2002-11-19 | 2009-09-08 | Toshiba America Research, Inc. | Interlayer fast authentication or re-authentication for network communication |
JP2004187197A (en) * | 2002-12-06 | 2004-07-02 | Doshisha | Radio communication system, radio communication method and radio station |
JP2004208073A (en) * | 2002-12-25 | 2004-07-22 | Sony Corp | Radio communication system |
JP2005130127A (en) * | 2003-10-22 | 2005-05-19 | Sumitomo Electric Ind Ltd | Confidential communication method and communication terminal |
US7505596B2 (en) * | 2003-12-05 | 2009-03-17 | Microsoft Corporation | Automatic detection of wireless network type |
WO2006011345A1 (en) * | 2004-07-29 | 2006-02-02 | Matsushita Electric Industrial Co., Ltd. | Wireless communication apparatus and wireless communication method |
BRPI0513074A (en) * | 2004-08-04 | 2008-04-22 | Matsushita Electric Ind Co Ltd | radio communication device, radio communication system and radio communication method |
KR20070042160A (en) * | 2004-08-04 | 2007-04-20 | 마쓰시다 일렉트릭 인더스트리얼 컴패니 리미티드 | Radio communication method, radio communication system, and radio communication device |
-
2006
- 2006-01-19 CN CN2010102981704A patent/CN101951383B/en not_active Expired - Fee Related
- 2006-01-19 MX MX2007009063A patent/MX2007009063A/en not_active Application Discontinuation
- 2006-01-19 KR KR1020117010823A patent/KR20110076992A/en not_active Application Discontinuation
- 2006-01-19 CA CA2596067A patent/CA2596067C/en not_active Expired - Fee Related
- 2006-01-19 KR KR1020077018514A patent/KR101253370B1/en not_active IP Right Cessation
- 2006-01-19 WO PCT/US2006/001839 patent/WO2006081122A2/en active Application Filing
- 2006-01-19 JP JP2007553138A patent/JP4734344B2/en not_active Expired - Fee Related
- 2006-01-19 EP EP06718847A patent/EP1847060A4/en not_active Withdrawn
- 2006-01-19 KR KR1020077018125A patent/KR101011470B1/en not_active IP Right Cessation
- 2006-01-20 TW TW095102241A patent/TWI378701B/en not_active IP Right Cessation
- 2006-01-20 TW TW095128389A patent/TWI404393B/en not_active IP Right Cessation
-
2007
- 2007-08-16 NO NO20074210A patent/NO20074210L/en not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4882737A (en) * | 1987-07-31 | 1989-11-21 | Bbc Brown Boveri Ag | Signal transmission method |
US5450456A (en) * | 1993-11-12 | 1995-09-12 | Daimler Benz Ag | Method and arrangement for measuring the carrier frequency deviation in a multi-channel transmission system |
US5970060A (en) * | 1995-10-06 | 1999-10-19 | Siemens Aktiengesellschaft | Method and system for radio transmission of digital signals |
Also Published As
Publication number | Publication date |
---|---|
WO2006081122A2 (en) | 2006-08-03 |
EP1847060A2 (en) | 2007-10-24 |
CA2596067A1 (en) | 2006-08-03 |
CN101951383B (en) | 2013-06-19 |
MX2007009063A (en) | 2007-10-02 |
CA2596067C (en) | 2013-09-17 |
CN101951383A (en) | 2011-01-19 |
TW200633460A (en) | 2006-09-16 |
EP1847060A4 (en) | 2011-09-14 |
KR20070088821A (en) | 2007-08-29 |
TWI378701B (en) | 2012-12-01 |
WO2006081122A3 (en) | 2007-11-22 |
NO20074210L (en) | 2007-10-24 |
JP4734344B2 (en) | 2011-07-27 |
JP2008529413A (en) | 2008-07-31 |
KR20110076992A (en) | 2011-07-06 |
KR101253370B1 (en) | 2013-04-11 |
KR101011470B1 (en) | 2011-01-28 |
KR20070096008A (en) | 2007-10-01 |
TW200723818A (en) | 2007-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI404393B (en) | Node for securing wireless communications and mathod thereof | |
US8280046B2 (en) | Method and system for deriving an encryption key using joint randomness not shared by others | |
CN101288260A (en) | Method and system for deriving an encryption key using jointrandomness not shared by others | |
CN106411521B (en) | Identity authentication method, device and system for quantum key distribution process | |
Zhang et al. | Design of an OFDM physical layer encryption scheme | |
US10536269B2 (en) | Method and system for authentication and preserving the integrity of communication, secured by secret sharing | |
JP5349619B2 (en) | Identity-based authentication key agreement protocol | |
CN109075973B (en) | Method for carrying out unified authentication on network and service by using ID-based cryptography | |
JP6548172B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
WO2013175324A1 (en) | Determination of cryptographic keys | |
Kim et al. | SFRIC: a secure fast roaming scheme in wireless LAN using ID-based cryptography | |
Yao et al. | Post Quantum KEM authentication in SPDM for secure session establishment | |
Karati et al. | QuDPas-FHA: Quantum-Defended Privacy-Preserved Fast Handover Authentication in Space Information Networks | |
AU2010100115A4 (en) | Secured key exchange in WiFi networks using quantum key distribution | |
Aizan et al. | Implementation of BB84 Protocol on 802.11 i | |
US20240340164A1 (en) | Establishment of forward secrecy during digest authentication | |
Wan et al. | Access control protocols with two-layer architecture for wireless networks | |
Zhu et al. | A secure non-interactive chaotic maps-based deniable authentication scheme with privacy protection in standard model | |
Lu et al. | An advanced elliptic curve cryptography based mutual authentication scheme for session initiation protocol. | |
Koo et al. | Authenticated public key distribution scheme without trusted third party | |
Liu et al. | A simple balanced password-authenticated key agreement protocol | |
Cao et al. | Efficient Mobile IP registration from pairings | |
Wan et al. | Anonymous dos-resistant access control protocol using passwords for wireless networks | |
Patrick | Wireless LAN Security | |
Sherr et al. | Measurable security through isotropic channels |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |