CN108418811A - Negotiate the method and apparatus of common key between first and second node - Google Patents

Negotiate the method and apparatus of common key between first and second node Download PDF

Info

Publication number
CN108418811A
CN108418811A CN201810132886.3A CN201810132886A CN108418811A CN 108418811 A CN108418811 A CN 108418811A CN 201810132886 A CN201810132886 A CN 201810132886A CN 108418811 A CN108418811 A CN 108418811A
Authority
CN
China
Prior art keywords
node
bit sequence
key
section
computer network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810132886.3A
Other languages
Chinese (zh)
Other versions
CN108418811B (en
Inventor
B.黑特韦尔
R.纪尧姆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of CN108418811A publication Critical patent/CN108418811A/en
Application granted granted Critical
Publication of CN108418811B publication Critical patent/CN108418811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The present invention relates in computer network(10、11、12)First node(A)With second node(B)Between negotiate common key method(30), it is characterised in that following feature:With computer network(10、11、12)Third node(C、KM2)Negotiate the first secret bit sequence, by means of computer network(10、11、12)Arbitration, pass through second node(B)With third node(C、KM2)Third bit sequence is obtained, mode is second node(B)The second random bit sequence is sent, third bit sequence is by second node(B)Or third node(C、KM2)It is transferred to first node(A), and key is by first node(A)And second node(B)It is obtained from third bit sequence.

Description

Negotiate the method and apparatus of common key between first and second node
Technical field
The present invention relates to a kind of methods for negotiating common key between the first node and second node of computer network. Moreover, it relates to a kind of corresponding device, a kind of corresponding computer program and a kind of corresponding storage Medium.
Background technology
Control and regulation technology in it is sufficiently known be to be marked according to ISO 11898-2 in order to be applied in road vehicle The controller local area network of standardization(Controller area network, CAN).CAN is based on message-oriented agreement, wherein Each message passes through specific identifier(Identifier, ID)To indicate.Each control device being connected on CAN according to The importance for the message transmitted by common bus is independently checked according to the ID and determines the use to these message.
In bit transmission(physical layer(Physical layer), PHY)On transceiver(transceiver)For Operation control device in CAN, the transceiver is by safe floor(data link layer(Data link layer))On communication control Device processed manipulates.The latter can be directly integrated in microcontroller again(μC)In, the software of the microcontroller is handled in application layer (application layer)On message message frame(frames).
In 10 2,015 207 220 A1 of DE, it is proposed that one kind for generated in network, especially CAN it is secret or The method of key.In this case, network has at least one first member and at least one second member and at least Transmission channel between one the first member and at least one second member.First and second members can respectively will be at least one First value and at least one second value are dealt on transmission channel.First member or the second member promote first member's value sequence or Two member's value sequences for being synchronously transferred to transmission channel as far as possible each other.Based on about first member's value sequence or second The information of member's value sequence and based on being superimposed on transport channels with second member's value sequence according to first member's value sequence and Obtained superposition value sequence, the first member or the second member generate common secret or common key.Then, this method is referred to as PnS。
Invention content
The present invention provides according to a kind of in the first node of computer network and the described in independent claims Negotiate method, a kind of corresponding device, a kind of corresponding computer program and one kind of common key between two nodes Corresponding storage medium.
In this context, the PnS methods for being conventionally used to carry out key agreement in the common network segment are more commonly used for Bit sequence is obtained, according to institute's bit sequence, the node of participation can at least derive common secret indirectly(shared Secret, shared secret).Here, using the medium access control of computer network in an appropriate manner(media access Control, MAC):Value sequence sent simultaneously respectively according to scheme above to this two nodes, corresponding node pass through by(Really It is fixed or random)Bit sequence connects together with its complement code to determine the value sequence.(Below, reference-reduced is " to send position The process of sequence ", and do not refer to the complement code equally to be transmitted of corresponding bit sequence clearly on rare occasion.)
Here, being limited by used MAC protocol according to the result of " superposition " of PnS settings, because node is to connecting this The synchronization for the transmission medium of the network segment of a little nodes being used in conjunction with and therefore emulative write access needs to visit by medium Ask the arbitration that control carries out.Therefore, not only PnS but also scheme presented herein, based on PnS is certified as being suitable for scene Bus, the fieldbus regulation is verified using carrier wave carries out multiple access(carrier sense multiple access (Carrier sense multiple access), CSMA), in particular for arbitrating the CAN system of position based on CSMA/CR.
Here, the understanding that the solution then illustrated is based on is:PnS is initially used between two communication members Key generate, described two communication members directly access common bus section.However, if following two communication members should Arranging key, described two communication members and the bus segment of different bus segment connections or described two communication members are logical Cross other communication technologys(Such as " backbone network ", automobile Ethernet)Connection, then these bus segments usually pass through relay station(Net It closes)Connection.Because communication members unquestionably can not possibly directly apply PnS without directly accessing common bus section Method.For various reasons(Such as efficiency, compatibility or the ability to work of node), still can with it is desirable that, build Found common symmetric secret.
Therefore, it can be realized using the embodiment of described invention:Without directly access common bus section and Cannot common secret directly can be established using the communication members of PnS methods for this respect, without applying for not right Computing capability needed for for the key establishing method of title.In addition, can ensure depending on realizing and spending:Relay station does not know institute The secret of negotiation and it is neither possible to exerting one's influence to the secret generated, however continues to work as relay station.With hard Part in the case of realizing, substantially increases the complexity of attack.
By the measure enumerated in the dependent claims, the basic thought that illustrates in the independent claim it is advantageous Expansion scheme and improvement project are possible.It can specify that in this way:Support the so-called of ordinary node herein to Extension of Communication Networks " key host(Key Master)" common secret is established, even if " the key host " does not access common bus directly Section.It, can be to avoid in addition, depending on the implementation of key host:It is connected on relay station therebetween and knows negotiated secret Or generated secret may be influenced, the relay station is the physical point of attachment of different communication technology.
Corresponding embodiment considers following situation:In the new-type network architecture, this relay station can possess for connecting The interface of general character application, the interface can make attacker from outside access network(" long-range attack ").If relay station should It has been be compromised that, then attacker is perhaps(Unknowingly)Influence key generation process and other data exchanges, however according to The present invention does not know negotiated key such as.
It can specify that according to a further aspect:Key host is not integrated into relay station.In this case, protecting effect It is unrelated with the operational mode of relay station.Moreover, it is not necessary to which it is believed that relay station actually removes secret from its memory, because should Relay station does not know secret at any point in time.
Description of the drawings
The embodiment of the present invention is shown in the accompanying drawings and is further illustrated in the description that follows.Wherein:
Fig. 1 shows the system model of possible communication scenes.
Fig. 2 shows in the first variant scheme using key host.
Fig. 3 shows the precedence diagram of the first variant scheme.
Fig. 4 shows the second variant scheme, present in relay station meet key host function.
Fig. 5 shows third variant scheme, wherein other communication nodes with sufficient computing capability are as key master Machine(Proxy server)It works.
Specific implementation mode
Consider following initial situation:First node(A)And second node(B)Want to set up common symmetric secret(Fig. 1).Cause For the first node(A)And second node(B)It is connected to different CAN sections(11、12)On, so they can only pass through net It closes(G)It communicates with each other.The latter may not be worth trusting and therefore not it will be appreciated that symmetric key.
In the first variant scheme of the method proposed, computer network(11、12)Extended third node(KM2) And fourth node(KM1)" the key host " of form(Fig. 2).In this case, fourth node(KM1)As the first section (11)Representative occur, and third node(KM2)As the second section(12)Representative occur.Third node(KM2)With Four nodes(KM1)Possess the necessary precondition for effective and safe key management, especially possesses abundance Computing capability, the computing capability of the abundance may be for first node(A)And second node(B)It dominates.In order to meet In third node(KM2)With fourth node(KM1)Between communication secret or mutual certification, the two there is offered Key(Wildcard(pre-shared key), PKS), the key of the offered deposited for example during production It is placed in corresponding memory.For crossing gateway(G)Dynamic key exchange, third node(KM2)And fourth node(KM1) By means of asymmetric key establishing method(Such as Diffie-Hellman key protocols)Establish cryptographic key.And then, described Third node(KM2)And fourth node(KM1)Seemingly it is used as the first section(11)Or second section(12)Representative occur, and It is generated to have by means of PnS methods and is connected to the first section(11)On first node(A)Be connected to the second section(12)On Second node(B)Common secret.Thus by means of the second bus segment(12)Arbitration obtain bit sequence can pass through It is protected to connect from third node(KM2)Introduce fourth node to(KM1), this can finally be realized in first node(A)With Two nodes(B)Between guarded communication.
The flow is as follows(Fig. 3):
1. third node(KM2)And fourth node(KM1)Exchanging their public key(13、14)Later for example by means of oval bent Line(elliptic curve Diffie-Hellman key exchange(Elliptic curve Diffie-Hellman keys are handed over It changes), ECDHE)Execute Diffie-Hellman key protocols(15、16), and establish common secret K.
2. first node(A)And fourth node(KM1)With their random number RAAnd RKM1PnS keys are executed to exchange(17) And extract intermediate key KI(18).
3. fourth node(KM1)To third node(KM2)Send intermediate key KIWith other status informations(19), such as can Talk about identifier(Session identification, session ID).But message is instead of to transmit in plain text, with The secret K that negotiates in step 1 is encrypted.
4. third node(KM2)Decryption comes from fourth node(KM1)Message and therefore obtain to KIAccess.
5. second node(B)With third node(KM2)PnS keys are executed in terms of that at them to exchange(20).Second node (B)Random number R is used in this caseB, third node(KM2)It substitutes random number and uses intermediate key KI
6. being used as the second section(12)In signal level obtain bit sequence be forwarded(21)To the first section(11).
7. first node(A)And second node(B)Based on the signal level forwarded in step 6 come according to the common of PnS Way extraction common secret KAB(22).
Fig. 4 schematically illustrates the network architecture of replacement, wherein the first section(11)With the second section(12)Pass through base In the backbone network of another communication technology(23)It is connected to each other.In second variant scheme, key host is implemented as corresponding Gateway(G)Functional component.It is the simplified network architecture relative to the advantages of the first variant scheme;However it must protect Card, key host function are having to gateway(G)Attack when cannot be compromised and there are dedicated crypto key memorys.It is other Agreement flow is similar to Fig. 3.
Fig. 5 schematically illustrates the third variant scheme of key host implementation.First node(A)It is such as lower network Node, the network node are connect with following bus segment when necessary, and the bus segment does not allow to use PnS, but is directed to Asymmetric key establishing method provides sufficient computing capability.Second node(B)Should be such as lower node, the hypothesis is not suitable for The node.In addition, should not be in gateway(G)Upper realization key host function.Now, first node(A)It can build as follows Vertical and bus segment(10)In second node(B)With third node(C)The common secret of all nodes of surrounding, wherein third section Point(C)Meet key host function:
1. first node(A)With third node(C)Asymmetric key is executed to exchange(Such as ECDHE)And obtain intermediate key KAC
2. second node(B)With third node(C)PnS keys are executed to exchange and obtain KABC.Here, second node(B) Use random number RB, and third node(C)Using with first node(A)Common key KACRather than random number.
3. being used as CAN sections(10)In signal level obtain bit sequence pass through gateway(G)And other nets when necessary Pass is forwarded to first node(A).
4. by the monitoring characteristic of PnS methods, first node(A)Key K can equally be extractedABC
The mixed form that this method can for example be constituted with software or hardware or with software and hardware is for example in control device Middle realization.

Claims (10)

1. in computer network(10、11、12)First node(A)With second node(B)Between negotiate common key Method(30),
It is characterized in that following feature:
With the computer network(10、11、12)Third node(C、KM2)Negotiate the first secret bit sequence(13、14、 15、16),
By means of the computer network(10、11、12)Arbitration, pass through the second node(B)With the third node (C、KM2)It obtains(20)Third bit sequence, mode are the second nodes(B)The second random bit sequence is sent,
The third bit sequence is by the second node(B)Or third node(C、KM2)Transmission(21)To the first node (A), and
Key is by the first node(A)And second node(B)It is obtained from the third bit sequence(22).
2. according to the method for claim 1(30),
It is characterized in that following feature:
First bit sequence is in the third node(KM2)With fourth node(KM1)Between negotiate(13、14、15、16),
In the first node(A)With fourth node(KM1)Between negotiate the 4th secret bit sequence(17、18),
By means of first bit sequence, the 4th bit sequence is cryptographically by the fourth node(KM1)Transmission(19)It arrives The third node(KM2),
During arbitration, by the third node(KM2)It sends(20)4th bit sequence, and
The third bit sequence is by the third node(KM2)Pass through the fourth node(KM1)Transmission(21)To described One node(A).
3. according to the method for claim 2(30),
It is characterized in that following feature:
The first node(A)With the fourth node(KM1)In the computer network(10、11、12)The first section (11)In,
The second node(B)With the third node(KM2)In the computer network(10、11、12)The second section (12)In, and
Gateway(G)By first section(11)With second section(12)Connection.
4. according to the method for claim 2(30),
It is characterized in that following feature:
The first node(A)With the fourth node(KM1)In the computer network(10、11、12)The first section (11)In,
The second node(B)With the third node(KM2)In the computer network(10、11、12)The second section (12)In, and
The third node(KM2)And fourth node(KM1)It is by first section(11)With second section(12) The backbone network of connection(23)Gateway(G).
5. the method according to one of claim 2 to 4(30),
It is characterized in that following feature:
4th bit sequence is obtained also by way of the arbitration(17), mode is the first node(A)Send with 5th bit sequence of machine, and the fourth node(KM1)Send the 6th random bit sequence.
6. according to the method for claim 1(30),
It is characterized in that following feature:
First bit sequence is in the first node(A)With the third node(C)Between negotiate, and
During the arbitration, by the third node(KM2)Send first bit sequence.
7. method according to claim 1 to 6(30),
It is characterized in that following feature:
First bit sequence is negotiated by Diffie-Hellman key protocols preferably by means of elliptic curve.
8. a kind of computer program, the computer program is configured for implementing the side according to one of claim 1 to 7 Method(30).
9. a kind of machine readable storage medium, is stored with computer program according to claim 8 on it.
10. a kind of device(A、B、C、KM1、KM2), described device be configured for implement according to described in one of claim 1 to 7 Method(30).
CN201810132886.3A 2017-02-09 2018-02-08 Method and apparatus for negotiating a common key between a first and a second node Active CN108418811B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017202052.0 2017-02-09
DE102017202052.0A DE102017202052A1 (en) 2017-02-09 2017-02-09 Method and device for agreeing a common key between a first node and a second node of a computer network

Publications (2)

Publication Number Publication Date
CN108418811A true CN108418811A (en) 2018-08-17
CN108418811B CN108418811B (en) 2022-03-04

Family

ID=62910031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810132886.3A Active CN108418811B (en) 2017-02-09 2018-02-08 Method and apparatus for negotiating a common key between a first and a second node

Country Status (2)

Country Link
CN (1) CN108418811B (en)
DE (1) DE102017202052A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US20060182280A1 (en) * 2005-02-11 2006-08-17 Pekka Laitinen Method and apparatus for providing bootstrapping procedures in a communication network
CN1848724A (en) * 2005-04-05 2006-10-18 华为技术有限公司 Method for realizing key consultation in mobile self-organizing network
CN101194529A (en) * 2005-06-10 2008-06-04 西门子公司 Method for agreeing on a security key between at least one first and one second communications station for securing a communications link
CN105721443A (en) * 2016-01-25 2016-06-29 飞天诚信科技股份有限公司 Link session key negotiation method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102015207220A1 (en) 2014-04-28 2015-10-29 Robert Bosch Gmbh A method of creating a secret or key in a network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US20090132806A1 (en) * 2004-06-10 2009-05-21 Marc Blommaert Method for agreeing between at least one first and one second communication subscriber to security key for securing communication link
US20060182280A1 (en) * 2005-02-11 2006-08-17 Pekka Laitinen Method and apparatus for providing bootstrapping procedures in a communication network
CN1848724A (en) * 2005-04-05 2006-10-18 华为技术有限公司 Method for realizing key consultation in mobile self-organizing network
CN101194529A (en) * 2005-06-10 2008-06-04 西门子公司 Method for agreeing on a security key between at least one first and one second communications station for securing a communications link
CN105721443A (en) * 2016-01-25 2016-06-29 飞天诚信科技股份有限公司 Link session key negotiation method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
艾小川等: "基于椭圆曲线的可验证密钥协商方案", 《微计算机信息》 *

Also Published As

Publication number Publication date
CN108418811B (en) 2022-03-04
DE102017202052A1 (en) 2018-08-09

Similar Documents

Publication Publication Date Title
CN103155512B (en) System and method for providing secure access to service
CN106664311B (en) Supporting differentiated secure communications between heterogeneous electronic devices
CN106576096B (en) Apparatus, method, and medium for authentication of devices with unequal capability
CN105187376B (en) The safety communicating method of automotive interior network in car networking
CN101518023B (en) Apparatuses and methods for authenticating voice and data devices on the same port
CN104717201A (en) Network device and network system
CN103621028B (en) Control computer system, controller and the method for network access policies
Mueller et al. Plug-and-secure communication for CAN
CN104917605B (en) The method and apparatus of key agreement during a kind of terminal device switching
CN108989318A (en) A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things
WO2017010172A1 (en) Gateway device and control method therefor
JP5415563B2 (en) Methods and apparatus related to address generation, communication and / or validity checking
CN106453326A (en) Authentication and access control method for CAN (Controller Area Network) bus
CN112753203B (en) Secure communication method and device
CN103188351A (en) IPSec VPN communication service processing method and system under IPv6 environment
CN110086798B (en) Method and device for communication based on public virtual interface
CN106534050A (en) Method and device for realizing key agreement of virtual private network (VPN)
CN117201014A (en) Key updating method and related device
CN106603512A (en) SDN (software define network) architecture IS (Intermediate System)-IS (Intermediate System) routing protocol-based trusted authentication method
CN108429617B (en) Method and apparatus for provisioning a shared key between a first node and a second node
CN107453863A (en) Method for generating secret or key in a network
CN108418811A (en) Negotiate the method and apparatus of common key between first and second node
CN101102191B (en) Method for identifying the style of secret key request service in general authentication framework
CN108141359B (en) Method and apparatus for generating a common secret
US10841085B2 (en) Method for generating a secret or a key in a network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant