CN108418811A - Negotiate the method and apparatus of common key between first and second node - Google Patents
Negotiate the method and apparatus of common key between first and second node Download PDFInfo
- Publication number
- CN108418811A CN108418811A CN201810132886.3A CN201810132886A CN108418811A CN 108418811 A CN108418811 A CN 108418811A CN 201810132886 A CN201810132886 A CN 201810132886A CN 108418811 A CN108418811 A CN 108418811A
- Authority
- CN
- China
- Prior art keywords
- node
- bit sequence
- key
- section
- computer network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The present invention relates in computer network(10、11、12)First node(A)With second node(B)Between negotiate common key method(30), it is characterised in that following feature:With computer network(10、11、12)Third node(C、KM2)Negotiate the first secret bit sequence, by means of computer network(10、11、12)Arbitration, pass through second node(B)With third node(C、KM2)Third bit sequence is obtained, mode is second node(B)The second random bit sequence is sent, third bit sequence is by second node(B)Or third node(C、KM2)It is transferred to first node(A), and key is by first node(A)And second node(B)It is obtained from third bit sequence.
Description
Technical field
The present invention relates to a kind of methods for negotiating common key between the first node and second node of computer network.
Moreover, it relates to a kind of corresponding device, a kind of corresponding computer program and a kind of corresponding storage
Medium.
Background technology
Control and regulation technology in it is sufficiently known be to be marked according to ISO 11898-2 in order to be applied in road vehicle
The controller local area network of standardization(Controller area network, CAN).CAN is based on message-oriented agreement, wherein
Each message passes through specific identifier(Identifier, ID)To indicate.Each control device being connected on CAN according to
The importance for the message transmitted by common bus is independently checked according to the ID and determines the use to these message.
In bit transmission(physical layer(Physical layer), PHY)On transceiver(transceiver)For
Operation control device in CAN, the transceiver is by safe floor(data link layer(Data link layer))On communication control
Device processed manipulates.The latter can be directly integrated in microcontroller again(μC)In, the software of the microcontroller is handled in application layer
(application layer)On message message frame(frames).
In 10 2,015 207 220 A1 of DE, it is proposed that one kind for generated in network, especially CAN it is secret or
The method of key.In this case, network has at least one first member and at least one second member and at least
Transmission channel between one the first member and at least one second member.First and second members can respectively will be at least one
First value and at least one second value are dealt on transmission channel.First member or the second member promote first member's value sequence or
Two member's value sequences for being synchronously transferred to transmission channel as far as possible each other.Based on about first member's value sequence or second
The information of member's value sequence and based on being superimposed on transport channels with second member's value sequence according to first member's value sequence and
Obtained superposition value sequence, the first member or the second member generate common secret or common key.Then, this method is referred to as
PnS。
Invention content
The present invention provides according to a kind of in the first node of computer network and the described in independent claims
Negotiate method, a kind of corresponding device, a kind of corresponding computer program and one kind of common key between two nodes
Corresponding storage medium.
In this context, the PnS methods for being conventionally used to carry out key agreement in the common network segment are more commonly used for
Bit sequence is obtained, according to institute's bit sequence, the node of participation can at least derive common secret indirectly(shared
Secret, shared secret).Here, using the medium access control of computer network in an appropriate manner(media access
Control, MAC):Value sequence sent simultaneously respectively according to scheme above to this two nodes, corresponding node pass through by(Really
It is fixed or random)Bit sequence connects together with its complement code to determine the value sequence.(Below, reference-reduced is " to send position
The process of sequence ", and do not refer to the complement code equally to be transmitted of corresponding bit sequence clearly on rare occasion.)
Here, being limited by used MAC protocol according to the result of " superposition " of PnS settings, because node is to connecting this
The synchronization for the transmission medium of the network segment of a little nodes being used in conjunction with and therefore emulative write access needs to visit by medium
Ask the arbitration that control carries out.Therefore, not only PnS but also scheme presented herein, based on PnS is certified as being suitable for scene
Bus, the fieldbus regulation is verified using carrier wave carries out multiple access(carrier sense multiple access
(Carrier sense multiple access), CSMA), in particular for arbitrating the CAN system of position based on CSMA/CR.
Here, the understanding that the solution then illustrated is based on is:PnS is initially used between two communication members
Key generate, described two communication members directly access common bus section.However, if following two communication members should
Arranging key, described two communication members and the bus segment of different bus segment connections or described two communication members are logical
Cross other communication technologys(Such as " backbone network ", automobile Ethernet)Connection, then these bus segments usually pass through relay station(Net
It closes)Connection.Because communication members unquestionably can not possibly directly apply PnS without directly accessing common bus section
Method.For various reasons(Such as efficiency, compatibility or the ability to work of node), still can with it is desirable that, build
Found common symmetric secret.
Therefore, it can be realized using the embodiment of described invention:Without directly access common bus section and
Cannot common secret directly can be established using the communication members of PnS methods for this respect, without applying for not right
Computing capability needed for for the key establishing method of title.In addition, can ensure depending on realizing and spending:Relay station does not know institute
The secret of negotiation and it is neither possible to exerting one's influence to the secret generated, however continues to work as relay station.With hard
Part in the case of realizing, substantially increases the complexity of attack.
By the measure enumerated in the dependent claims, the basic thought that illustrates in the independent claim it is advantageous
Expansion scheme and improvement project are possible.It can specify that in this way:Support the so-called of ordinary node herein to Extension of Communication Networks
" key host(Key Master)" common secret is established, even if " the key host " does not access common bus directly
Section.It, can be to avoid in addition, depending on the implementation of key host:It is connected on relay station therebetween and knows negotiated secret
Or generated secret may be influenced, the relay station is the physical point of attachment of different communication technology.
Corresponding embodiment considers following situation:In the new-type network architecture, this relay station can possess for connecting
The interface of general character application, the interface can make attacker from outside access network(" long-range attack ").If relay station should
It has been be compromised that, then attacker is perhaps(Unknowingly)Influence key generation process and other data exchanges, however according to
The present invention does not know negotiated key such as.
It can specify that according to a further aspect:Key host is not integrated into relay station.In this case, protecting effect
It is unrelated with the operational mode of relay station.Moreover, it is not necessary to which it is believed that relay station actually removes secret from its memory, because should
Relay station does not know secret at any point in time.
Description of the drawings
The embodiment of the present invention is shown in the accompanying drawings and is further illustrated in the description that follows.Wherein:
Fig. 1 shows the system model of possible communication scenes.
Fig. 2 shows in the first variant scheme using key host.
Fig. 3 shows the precedence diagram of the first variant scheme.
Fig. 4 shows the second variant scheme, present in relay station meet key host function.
Fig. 5 shows third variant scheme, wherein other communication nodes with sufficient computing capability are as key master
Machine(Proxy server)It works.
Specific implementation mode
Consider following initial situation:First node(A)And second node(B)Want to set up common symmetric secret(Fig. 1).Cause
For the first node(A)And second node(B)It is connected to different CAN sections(11、12)On, so they can only pass through net
It closes(G)It communicates with each other.The latter may not be worth trusting and therefore not it will be appreciated that symmetric key.
In the first variant scheme of the method proposed, computer network(11、12)Extended third node(KM2)
And fourth node(KM1)" the key host " of form(Fig. 2).In this case, fourth node(KM1)As the first section
(11)Representative occur, and third node(KM2)As the second section(12)Representative occur.Third node(KM2)With
Four nodes(KM1)Possess the necessary precondition for effective and safe key management, especially possesses abundance
Computing capability, the computing capability of the abundance may be for first node(A)And second node(B)It dominates.In order to meet
In third node(KM2)With fourth node(KM1)Between communication secret or mutual certification, the two there is offered
Key(Wildcard(pre-shared key), PKS), the key of the offered deposited for example during production
It is placed in corresponding memory.For crossing gateway(G)Dynamic key exchange, third node(KM2)And fourth node(KM1)
By means of asymmetric key establishing method(Such as Diffie-Hellman key protocols)Establish cryptographic key.And then, described
Third node(KM2)And fourth node(KM1)Seemingly it is used as the first section(11)Or second section(12)Representative occur, and
It is generated to have by means of PnS methods and is connected to the first section(11)On first node(A)Be connected to the second section(12)On
Second node(B)Common secret.Thus by means of the second bus segment(12)Arbitration obtain bit sequence can pass through
It is protected to connect from third node(KM2)Introduce fourth node to(KM1), this can finally be realized in first node(A)With
Two nodes(B)Between guarded communication.
The flow is as follows(Fig. 3):
1. third node(KM2)And fourth node(KM1)Exchanging their public key(13、14)Later for example by means of oval bent
Line(elliptic curve Diffie-Hellman key exchange(Elliptic curve Diffie-Hellman keys are handed over
It changes), ECDHE)Execute Diffie-Hellman key protocols(15、16), and establish common secret K.
2. first node(A)And fourth node(KM1)With their random number RAAnd RKM1PnS keys are executed to exchange(17)
And extract intermediate key KI(18).
3. fourth node(KM1)To third node(KM2)Send intermediate key KIWith other status informations(19), such as can
Talk about identifier(Session identification, session ID).But message is instead of to transmit in plain text, with
The secret K that negotiates in step 1 is encrypted.
4. third node(KM2)Decryption comes from fourth node(KM1)Message and therefore obtain to KIAccess.
5. second node(B)With third node(KM2)PnS keys are executed in terms of that at them to exchange(20).Second node
(B)Random number R is used in this caseB, third node(KM2)It substitutes random number and uses intermediate key KI。
6. being used as the second section(12)In signal level obtain bit sequence be forwarded(21)To the first section(11).
7. first node(A)And second node(B)Based on the signal level forwarded in step 6 come according to the common of PnS
Way extraction common secret KAB(22).
Fig. 4 schematically illustrates the network architecture of replacement, wherein the first section(11)With the second section(12)Pass through base
In the backbone network of another communication technology(23)It is connected to each other.In second variant scheme, key host is implemented as corresponding
Gateway(G)Functional component.It is the simplified network architecture relative to the advantages of the first variant scheme;However it must protect
Card, key host function are having to gateway(G)Attack when cannot be compromised and there are dedicated crypto key memorys.It is other
Agreement flow is similar to Fig. 3.
Fig. 5 schematically illustrates the third variant scheme of key host implementation.First node(A)It is such as lower network
Node, the network node are connect with following bus segment when necessary, and the bus segment does not allow to use PnS, but is directed to
Asymmetric key establishing method provides sufficient computing capability.Second node(B)Should be such as lower node, the hypothesis is not suitable for
The node.In addition, should not be in gateway(G)Upper realization key host function.Now, first node(A)It can build as follows
Vertical and bus segment(10)In second node(B)With third node(C)The common secret of all nodes of surrounding, wherein third section
Point(C)Meet key host function:
1. first node(A)With third node(C)Asymmetric key is executed to exchange(Such as ECDHE)And obtain intermediate key
KAC。
2. second node(B)With third node(C)PnS keys are executed to exchange and obtain KABC.Here, second node(B)
Use random number RB, and third node(C)Using with first node(A)Common key KACRather than random number.
3. being used as CAN sections(10)In signal level obtain bit sequence pass through gateway(G)And other nets when necessary
Pass is forwarded to first node(A).
4. by the monitoring characteristic of PnS methods, first node(A)Key K can equally be extractedABC。
The mixed form that this method can for example be constituted with software or hardware or with software and hardware is for example in control device
Middle realization.
Claims (10)
1. in computer network(10、11、12)First node(A)With second node(B)Between negotiate common key
Method(30),
It is characterized in that following feature:
With the computer network(10、11、12)Third node(C、KM2)Negotiate the first secret bit sequence(13、14、
15、16),
By means of the computer network(10、11、12)Arbitration, pass through the second node(B)With the third node
(C、KM2)It obtains(20)Third bit sequence, mode are the second nodes(B)The second random bit sequence is sent,
The third bit sequence is by the second node(B)Or third node(C、KM2)Transmission(21)To the first node
(A), and
Key is by the first node(A)And second node(B)It is obtained from the third bit sequence(22).
2. according to the method for claim 1(30),
It is characterized in that following feature:
First bit sequence is in the third node(KM2)With fourth node(KM1)Between negotiate(13、14、15、16),
In the first node(A)With fourth node(KM1)Between negotiate the 4th secret bit sequence(17、18),
By means of first bit sequence, the 4th bit sequence is cryptographically by the fourth node(KM1)Transmission(19)It arrives
The third node(KM2),
During arbitration, by the third node(KM2)It sends(20)4th bit sequence, and
The third bit sequence is by the third node(KM2)Pass through the fourth node(KM1)Transmission(21)To described
One node(A).
3. according to the method for claim 2(30),
It is characterized in that following feature:
The first node(A)With the fourth node(KM1)In the computer network(10、11、12)The first section
(11)In,
The second node(B)With the third node(KM2)In the computer network(10、11、12)The second section
(12)In, and
Gateway(G)By first section(11)With second section(12)Connection.
4. according to the method for claim 2(30),
It is characterized in that following feature:
The first node(A)With the fourth node(KM1)In the computer network(10、11、12)The first section
(11)In,
The second node(B)With the third node(KM2)In the computer network(10、11、12)The second section
(12)In, and
The third node(KM2)And fourth node(KM1)It is by first section(11)With second section(12)
The backbone network of connection(23)Gateway(G).
5. the method according to one of claim 2 to 4(30),
It is characterized in that following feature:
4th bit sequence is obtained also by way of the arbitration(17), mode is the first node(A)Send with
5th bit sequence of machine, and the fourth node(KM1)Send the 6th random bit sequence.
6. according to the method for claim 1(30),
It is characterized in that following feature:
First bit sequence is in the first node(A)With the third node(C)Between negotiate, and
During the arbitration, by the third node(KM2)Send first bit sequence.
7. method according to claim 1 to 6(30),
It is characterized in that following feature:
First bit sequence is negotiated by Diffie-Hellman key protocols preferably by means of elliptic curve.
8. a kind of computer program, the computer program is configured for implementing the side according to one of claim 1 to 7
Method(30).
9. a kind of machine readable storage medium, is stored with computer program according to claim 8 on it.
10. a kind of device(A、B、C、KM1、KM2), described device be configured for implement according to described in one of claim 1 to 7
Method(30).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102017202052.0 | 2017-02-09 | ||
DE102017202052.0A DE102017202052A1 (en) | 2017-02-09 | 2017-02-09 | Method and device for agreeing a common key between a first node and a second node of a computer network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108418811A true CN108418811A (en) | 2018-08-17 |
CN108418811B CN108418811B (en) | 2022-03-04 |
Family
ID=62910031
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810132886.3A Active CN108418811B (en) | 2017-02-09 | 2018-02-08 | Method and apparatus for negotiating a common key between a first and a second node |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108418811B (en) |
DE (1) | DE102017202052A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6766453B1 (en) * | 2000-04-28 | 2004-07-20 | 3Com Corporation | Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party |
US20060182280A1 (en) * | 2005-02-11 | 2006-08-17 | Pekka Laitinen | Method and apparatus for providing bootstrapping procedures in a communication network |
CN1848724A (en) * | 2005-04-05 | 2006-10-18 | 华为技术有限公司 | Method for realizing key consultation in mobile self-organizing network |
CN101194529A (en) * | 2005-06-10 | 2008-06-04 | 西门子公司 | Method for agreeing on a security key between at least one first and one second communications station for securing a communications link |
CN105721443A (en) * | 2016-01-25 | 2016-06-29 | 飞天诚信科技股份有限公司 | Link session key negotiation method and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015207220A1 (en) | 2014-04-28 | 2015-10-29 | Robert Bosch Gmbh | A method of creating a secret or key in a network |
-
2017
- 2017-02-09 DE DE102017202052.0A patent/DE102017202052A1/en active Pending
-
2018
- 2018-02-08 CN CN201810132886.3A patent/CN108418811B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6766453B1 (en) * | 2000-04-28 | 2004-07-20 | 3Com Corporation | Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party |
US20090132806A1 (en) * | 2004-06-10 | 2009-05-21 | Marc Blommaert | Method for agreeing between at least one first and one second communication subscriber to security key for securing communication link |
US20060182280A1 (en) * | 2005-02-11 | 2006-08-17 | Pekka Laitinen | Method and apparatus for providing bootstrapping procedures in a communication network |
CN1848724A (en) * | 2005-04-05 | 2006-10-18 | 华为技术有限公司 | Method for realizing key consultation in mobile self-organizing network |
CN101194529A (en) * | 2005-06-10 | 2008-06-04 | 西门子公司 | Method for agreeing on a security key between at least one first and one second communications station for securing a communications link |
CN105721443A (en) * | 2016-01-25 | 2016-06-29 | 飞天诚信科技股份有限公司 | Link session key negotiation method and device |
Non-Patent Citations (1)
Title |
---|
艾小川等: "基于椭圆曲线的可验证密钥协商方案", 《微计算机信息》 * |
Also Published As
Publication number | Publication date |
---|---|
CN108418811B (en) | 2022-03-04 |
DE102017202052A1 (en) | 2018-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103155512B (en) | System and method for providing secure access to service | |
CN106664311B (en) | Supporting differentiated secure communications between heterogeneous electronic devices | |
CN106576096B (en) | Apparatus, method, and medium for authentication of devices with unequal capability | |
CN105187376B (en) | The safety communicating method of automotive interior network in car networking | |
CN101518023B (en) | Apparatuses and methods for authenticating voice and data devices on the same port | |
CN104717201A (en) | Network device and network system | |
CN103621028B (en) | Control computer system, controller and the method for network access policies | |
Mueller et al. | Plug-and-secure communication for CAN | |
CN104917605B (en) | The method and apparatus of key agreement during a kind of terminal device switching | |
CN108989318A (en) | A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things | |
WO2017010172A1 (en) | Gateway device and control method therefor | |
JP5415563B2 (en) | Methods and apparatus related to address generation, communication and / or validity checking | |
CN106453326A (en) | Authentication and access control method for CAN (Controller Area Network) bus | |
CN112753203B (en) | Secure communication method and device | |
CN103188351A (en) | IPSec VPN communication service processing method and system under IPv6 environment | |
CN110086798B (en) | Method and device for communication based on public virtual interface | |
CN106534050A (en) | Method and device for realizing key agreement of virtual private network (VPN) | |
CN117201014A (en) | Key updating method and related device | |
CN106603512A (en) | SDN (software define network) architecture IS (Intermediate System)-IS (Intermediate System) routing protocol-based trusted authentication method | |
CN108429617B (en) | Method and apparatus for provisioning a shared key between a first node and a second node | |
CN107453863A (en) | Method for generating secret or key in a network | |
CN108418811A (en) | Negotiate the method and apparatus of common key between first and second node | |
CN101102191B (en) | Method for identifying the style of secret key request service in general authentication framework | |
CN108141359B (en) | Method and apparatus for generating a common secret | |
US10841085B2 (en) | Method for generating a secret or a key in a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |