KR102164904B1 - Method for generating session key and electronic apparatus thereof - Google Patents

Abstract

A method of generating a session key is disclosed. The method of generating a session key includes a process of receiving a first key generated based on a first random number, a process of generating a second key based on a second random number, and a process of generating a second key based on the first key and the second random number. A process of generating a third key, a process of generating a plurality of secret keys based on the first key, the second key, and the third key, a first secret key that is one of the plurality of secret keys, and a user ID A process of generating a pseudorandom function (PRF) value based on (identification) and password, a second secret key that is one of the first key, the second key, and the plurality of secret keys, and the A process of transmitting a first mass authentication code (MAC) value generated based on a PRF value and a second key and a process of receiving a second MAC value, and the first key, the second key, and the A process of generating a session key based on a third secret key, the PRF value, the first MAC value, and the second MAC value, which is one of a plurality of secret keys.

Description

Method of generating a session key and its electronic device {METHOD FOR GENERATING SESSION KEY AND ELECTRONIC APPARATUS THEREOF}

The present invention relates to a method for generating a session key and an electronic device thereof, and more particularly, a method for efficiently generating a session key in an Internet of Things (IoT) environment, and an electronic device thereof. will be.

The Internet of Things means a technology for connecting to the Internet by embedding computer chips and communication functions in various things.

The user can remotely control the IoT device using the user terminal. The user terminal and the IoT device may be connected to each other through various communication technologies such as wireless communication, short-range communication, and home network, and communication protocols.

Meanwhile, since the IoT system is based on a communication (or wireless communication) environment, reliability of transmitted/received messages must be guaranteed. In other words, security is essential for IoT systems. In the IoT system, messages transmitted from the sender to the receiver are encrypted for information security.

Methods for such encryption include a symmetric key encryption method that uses the same key for encryption and decryption, and a public key encryption method that uses different keys for encryption (public key) and decryption key (secret key).

In particular, the public key encryption technique is a method of using differently between a public key for encryption and a secret key for decryption, and is also referred to as an asymmetric encryption technique. For example, a user can publish his or her public key in a public key directory. In this case, another user who wants to send a message requiring confidentiality to the user may encrypt the message using the public key and transmit the message. Since the information encrypted with the public key can be decrypted only by the corresponding key, that is, the secret key, confidentiality of the message content can be ensured.

The present invention can provide a method and apparatus for generating a session key in which an authentication process and a key exchange process are lightened to be suitable for an IoT environment.

A method of generating a session key according to various embodiments of the present invention includes a process of receiving a first key generated based on a first random number, a process of generating a second key based on a second random number, the first key And generating a third key based on the second random number, generating a plurality of secret keys based on the first key, the second key, and the third key, one of the plurality of secret keys. A process of generating a pseudorandom function (PRF) value based on a first secret key, a user's identification and password, and the first key, the second key, and the plurality of secret keys One of the second secret key and the process of transmitting a first mass authentication code (MAC) value and the second key generated based on the PRF value, a process of receiving a second MAC value, and the second A process of generating a session key based on 1 key, the second key, and a third secret key that is one of the plurality of secret keys, the PRF value, the first MAC value, and the second MAC value. Can include.

An electronic device for generating a session key according to various embodiments of the present disclosure controls the transmission/reception unit and the transmission/reception unit to receive a first key generated based on a first random number, and a second key based on a second random number. Generate, generate a third key based on the first key and the second random number, generate a plurality of secret keys based on the first key, the second key, and the third key, and the plurality of Generates a pseudorandom function (PRF) value based on a first secret key, which is one of the secret keys, and the user's ID (identification) and password, and the first key, the second key, and the plurality of A second secret key that is one of the secret keys of and a first mass authentication code (MAC) value generated based on the PRF value and the second key are controlled to transmit the transmission/reception unit, and a second MAC value Control the transmission/reception unit to receive, and based on the first key, the second key, and a third secret key that is one of the plurality of secret keys, the PRF value, the first MAC value, and the second MAC value Thus, it may include a processor that generates a session key.

According to various embodiments of the present disclosure, by minimizing operations required for an authentication process and a key exchange process, a session key generation process in an IoT environment can be lightened.

According to various embodiments of the present disclosure, ID (identification) and PW (password) information of the IoT device may not be exposed to a manufacturer of an IoT device and a third-party attacker who became a malicious attacker.

1 illustrates an IoT system according to an embodiment of the present invention.
2 is a flowchart of a session key generation process according to an embodiment of the present invention.
3 is a block diagram of a first electronic device according to an embodiment of the present invention.
4 is a block diagram of a second electronic device according to an embodiment of the present invention.
5 is a block diagram of a first electronic device or a second electronic device according to an embodiment of the present invention.
6 is a flowchart illustrating a method of generating a session key according to an embodiment of the present invention.

Hereinafter, the operating principle of a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings. In addition, when it is determined that a detailed description of a related known function or configuration may obscure the subject matter of the present disclosure in describing an exemplary embodiment of the present disclosure, a detailed description thereof will be omitted. In addition, terms used in the following are terms defined in consideration of functions in the present invention, which may vary according to the intention or custom of users or operators. Therefore, the definition of the terms used should be interpreted based on the contents throughout the specification and functions corresponding thereto.

The process of generating a session key according to various embodiments of the present invention includes a pseudorandom function (PRF), a message authentication code (MAC), and a Diffie-Hellman key exchange. It is based on the protocol.

)를 입력 받아

를 출력하는 함수이다. 유사 난수 함수는 키 공간

에서 임의로 선택된 키

에 대해 정의된

가 동일한 정의역과 공역에서 정의된 랜덤함수

와 구별되기 어렵기 때문에 유사 난수 함수의 입력 값 정보를 숨김으로써 안전성이 확보될 수 있다.The pseudorandom function has two values (

Enter)

Is a function that prints. Pseudorandom function is key space

Randomly selected key from

Defined for

Is a random function defined in the same domain and conjugate

Since it is difficult to distinguish from, safety can be ensured by hiding the input value information of the pseudorandom function.

입력받고, 임의 길이의 메시지

인증할 수 있다. 또한, 메시지 인증 코드에 기초하여 MAC 값으로

이 출력될 수 있다. MAC 값은 검증자(비밀 키를 소유한 사람)의 허가에 기초하여 발신자에 대한 인증과 메시지의 무결성을 검증하는 수단이 될 수 있다.The message authentication code provides a method of authenticating the sender (or the sender's message) and verifying the integrity of the message at the receiver side. The message authentication code is a secret key

Receive input, message of arbitrary length

You can authenticate. Also, based on the message authentication code, the MAC value

Can be output. The MAC value can be a means of authenticating the sender and verifying the integrity of the message based on the authorization of the verifier (the person who owns the secret key).

MAC includes the following algorithm.

) 과정: 서명자는 서명할 메시지

및 비밀키

입력으로,

를 출력할 수 있다.signature(

) Process: Signer is the message to be signed

And secret key

As input,

Can be printed.

) 과정: 검증자는 상기

, 메시지

및 비밀키

를 입력으로,

이면 T(true)를 출력하고,

이면 F(false)를 출력할 수 있다.Verification(

) Process: Verifier reminded

, message

And secret key

As input,

If is, T(true) is output,

If it is, F(false) can be output.

곱셈 군(multiplicative group)

와 임의의 원소

에 대하여

를 만족하는

를 찾는 문제이다. 디피-헬만 키 교환 방법은 제1 전자장치 및 제2 전자장치의 원소

를 각각 선택하여 상대방에게

및

를 전송하고, 세션 키

를 생성한다. 제1 전자장치는

를 생성하고, 제2 전자장치는

를 생성한다. 여기서, 제1 전자장치 및 제2 전자장치의 채널 상에 송수신되는

및

를 획득하여

및

판단하는 것은 이산로그의 문제를 풀어야 하므로 매우 어렵다. 따라서, 제3 자는 추가적인 정보 없이 세션 키를 알아내기 어렵다.The discrete log problem of Diffie-Hellman key exchange is prime

Multiplicative group

And any element

about

Satisfying

It is a matter of finding. The Diffie-Hellman key exchange method is an element of the first electronic device and the second electronic device.

To each other by selecting

And

And the session key

Create The first electronic device

And the second electronic device

Create Here, the first electronic device and the second electronic device transmitted and received on the channel

And

By obtaining

And

It is very difficult to judge because it has to solve the problem of discrete logarithms. Therefore, it is difficult for a third party to find out the session key without additional information.

Hereinafter, the IoT system will be described in detail.

1 illustrates an IoT system according to an embodiment of the present invention.

The IoT system 10 may include a first electronic device 100 and a second electronic device 200. In addition, the IoT system 10 may additionally include at least one electronic device in addition to the first electronic device 100 and the second electronic device 200.

The first electronic device 100 may be an object or an electronic device. For example, the first electronic device 100 may be various home appliances such as refrigerators, CCTVs, TVs, washing machines, and dehumidifiers, lights, fire alarms, and in-house devices. In this case, the first electronic device 100 may include various sensors such as a temperature sensor, a humidity sensor, an acoustic sensor, a motion sensor, a proximity sensor, a gas detection sensor, and a heat detection sensor.

The second electronic device 100 includes a smart device such as a smartphone and a tablet computer, a portable electronic device, a wearable device, a home terminal capable of connecting to a home network, a smart TV, and a set top box. ) May be various electronic devices.

The first electronic device 100 and the second electronic device 200 may be connected to each other through various communication technologies such as wireless communication, short-range communication, and a home network, communication protocols, and the like.

For example, the first electronic device 100 and the second electronic device 200 may generate a session key that is an encryption key. The first electronic device 100 and the second electronic device 200 may exchange information (or messages) by performing communication during a predefined communication session based on the generated session key.

As an example, the first electronic device 100 and the second electronic device 200 may perform a process for generating a session key. The first electronic device 100 and the second electronic device 200 may perform a process of exchanging a key according to a protocol for generating a session key, a process of performing authentication, a process of generating a session key, and the like.

를 입력받아 위수가 소수

인 곱셈 군(multiplicative group)

의 생성원

선택할 수 있다. 또는, 키 생성 장치는 보안 상수

를 입력받아 위수가 소수

인 타원곡선 위 그룹

를 설정하고 생성원 g를 선택할 수 있다. 또한, 키 생성 장치는 해쉬함수(암호학적)

와 MAC 알고리즘을 포함하여 공개 파라미터

을 설정할 수 있다.Hereinafter, a process of generating a session key by the first electronic device 100 and the second electronic device 200 will be described in detail. In the following process, it is assumed that the system setup process has been performed. For example, in the system setup process, the key generation device (which may be the first electronic device 100, the second electronic device 200, or a third electronic device) is a security constant

Take the input and place the decimal

Multiplicative group

Source of

You can choose. Alternatively, the key generating device is a security constant

Take the input and place the decimal

Group on an elliptic curve

Can be set and the generator g can be selected. In addition, the key generation device has a hash function (cryptographic)

Public parameters including and MAC algorithm

Can be set.

2 is a flowchart of a session key generation process according to an embodiment of the present invention.

Hereinafter, the process of generating the session key will be described as being performed by the first electronic device 100 and the second electronic device 200, but included in the first electronic device 100 and the second electronic device 200 It goes without saying that it can also be performed by a component. For example, the process of generating a session key may be performed by controlling each of a processor included in the first electronic device 100 and a processor included in the second electronic device 200.

에 대한 정보를 기 저장하고, 제2 전자장치(200)는

에 대한 정보를 기 저장함을 가정한다.Hereinafter, the first electronic device 100 includes ID, PW, and

Pre-store information on, and the second electronic device 200

It is assumed that information about

)를 선택할 수 있다(2001). 또한, 제1 전자장치(100)는 선택된 제1 난수에 기초하여 제1 키(

)를 생성할 수 있다(2002). 제1 전자장치(100)는 생성된 제1 키를 제2 전자장치(200)로 송신할 수 있다(2003).The first electronic device 100 includes a first random number (

) Can be selected (2001). Also, the first electronic device 100 includes a first key (

) Can be generated (2002). The first electronic device 100 may transmit the generated first key to the second electronic device 200 (2003).

The second electronic device 200 may receive an ID/PW (2004). For example, the second electronic device 200 may read a QR code including ID/PW information to receive an ID/PW.

)를 선택할 수 있다(2005). 또한, 제2 전자장치(200)는 선택된 제2 난수에 기초하여 제2 키(

)를 생성할 수 있다(2006).The second electronic device 200 includes a second random number (

) Can be selected (2005). Also, the second electronic device 200 includes a second key based on the selected second random number.

) Can be generated (2006).

The second electronic device 200 may generate a first MAC value (2007).

)를 생성할 수 있다. First, the second electronic device 200 uses a third key (

) Can be created.

,

및

를 포함할 수 있다. 여기서, 비밀 키

,

및

은

,

및

를 입력으로 하는 해쉬 함수

의 출력 값에 기초하여 생성될 수 있다.The second electronic device 200 may generate a plurality of secret keys based on the first key, the second key, and the third key generated in the above-described example. For example, multiple secret keys

,

And

It may include. Here, the secret key

,

And

silver

,

And

Hash function as input

Can be generated based on the output value of.

,

및

은 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합(concatenation) 연산자이다. 또한,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트다.For example, if the length of the output string of the hash function is 512 bits,

,

And

Is the equation

Can be generated based on here,

Is a concatenation operator. In addition,

String length of,

String length of and

The string length of is 128 bits.

,

및

은 수학식

및 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합 연산자이다. 또한,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트다.For example, if the length of the output string of the hash function is 256 bits,

,

And

Is the equation

And the equation

Can be generated based on here,

Is a concatenation operator. In addition,

String length of,

String length of and

The string length of is 128 bits.

Next, the second electronic device 200 may generate a pseudorandom function (PRF) value based on a first secret key that is one of a plurality of secret keys, an ID of a user, and a PW. The PRF value may be generated based on Equation 1 below.

는 PRF 값,

는 사용자의 ID,

는 패스워드,

은 유사 난수 함수다.here,

Is the PRF value,

Is the user's ID,

Is the password,

Is a pseudorandom function.

값(

)을 생성할 수 있다. In addition, the second electronic device 200

value(

) Can be created.

), 제2 키(

), 제2 비밀 키(

) 및 PRF 값(

)에 기초하여 생성될 수 있다.Also, the second electronic device 200 may generate a first MAC (massage authentication code) value based on the generated PRF value. The first MAC value may be generated based on Equation 2 below. Specifically, the first MAC value is the first key (

), the second key (

), the second secret key (

) And PRF values (

) Can be generated based on.

는 제1 MAC 값,

는

,

는 메시지 인증 코드 함수다.here,

Is the first MAC value,

Is

,

Is the message authentication code function.

When the first MAC value is generated as in the above example, the second electronic device 200 may transmit the generated first MAC value and the second key to the first electronic device 100 (2008).

The first electronic device 100 performs an authentication process (2009).

) 및 수신된 제2 키(

)에 기초하여 제3 키(

)를 생성할 수 있다.First, the first electronic device 100 is a first random number (

) And the received second key (

) Based on the third key (

) Can be created.

,

및

를 포함할 수 있다. 여기서, 비밀 키

,

및

은

,

및

를 입력으로 하는 해쉬 함수

의 출력 값에 기초하여 생성될 수 있다.The first electronic device 100 may generate a plurality of secret keys based on the first key, the second key, and the third key. . For example, multiple secret keys

,

And

It may include. Here, the secret key

,

And

silver

,

And

Hash function as input

Can be generated based on the output value of.

,

및

은 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합(concatenation) 연산자이다. 또한,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트다.For example, if the length of the output string of the hash function is 512 bits,

,

And

Is the equation

Can be generated based on here,

Is a concatenation operator. In addition,

String length of,

String length of and

The string length of is 128 bits.

,

및

은 수학식

및 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합 연산자이다. 또한,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트다.For example, if the length of the output string of the hash function is 256 bits,

,

And

Is the equation

And the equation

Can be generated based on here,

Is a concatenation operator. In addition,

String length of,

String length of and

The string length of is 128 bits.

Next, the first electronic device 100 may generate a pseudorandom function (PRF) value based on a first secret key that is one of a plurality of secret keys, an ID of a user, and a PW. The PRF value may be generated based on Equation 1 described above.

값(

)을 생성할 수 있다.

인 경우, 제1 전자장치(100)는 세션 키 생성 과정을 종료(또는 중단, 중지)한다.

인 경우, 제1 전자장치(100)는 세션 키 생성 과정을 계속 진행한다.Here, the first electronic device 100

value(

) Can be created.

If yes, the first electronic device 100 ends (or stops, stops) the session key generation process.

If yes, the first electronic device 100 continues the session key generation process.

값(

)를 생성할 수 있다.In addition, the first electronic device 100

value(

) Can be created.

Also, the first electronic device 100 may generate a second MAC value based on the generated PRF value (2010). The second MAC value may be generated based on Equation 3 below.

는 제2 MAC 값,

는

,

는 메시지 인증 코드 함수다.here,

Is the second MAC value,

Is

,

Is the message authentication code function.

When the second MAC value is generated as in the above example, the first electronic device 100 may transmit the generated second MAC value to the second electronic device 200 (2011).

)를 생성할 수 있다(2013-1).The first electronic device 100 is based on the first key, the second key, the first MAC value, the second MAC value, and the third secret key.

) Can be created (2013-1).

When the second electronic device 200 receives the second MAC value, the second electronic device 200 may perform an authentication process (2012).

인 경우, 제2 전자장치(200)는 세션 키 생성 과정을 종료(또는 중단, 중지)한다.

인 경우, 제1 전자장치(100)는 제1 키, 제2 키, 제1 MAC 값, 제2 MAC 값 및 제3 비밀 키에 기초하여 세션 키(

)를 생성한다(2013-2)first,

If yes, the second electronic device 200 ends (or stops, stops) the session key generation process.

In the case of, the first electronic device 100 includes a session key (

) To create (2013-2)

According to the example of the session key generation process described above, a message exchanged between the first electronic device 100 and the second electronic device 200 can be multiplexed through ID and PW, Diffie Hellman key exchange, and MAC and PRF. Do. Through this, messages can be secured from external attackers and highly-but-curious manufacturers.

In addition, according to the example of the session key generation process described above, the first electronic device 100 and the second electronic device 200 each have an exponential power of 2 times, a simple MAC operation, and a simple PRF based on an elliptic curve encryption (ECC). Efficiency is improved because you only need to perform calculations.

Also, as an example, the second electronic device 200 may change the existing PW.

In conclusion, it is possible to lighten the session key generation process in the IoT environment by minimizing operations required for the authentication process and the key exchange process. Through this, identification (ID) and password (PW) information embedded in the IoT device can be protected.

Hereinafter, configurations of the first electronic device 100 and the second electronic device 200 will be described in detail with reference to FIGS. 3 and 4. Here, the contents overlapping with the above-described session key generation process will be omitted for convenience of description.

3 is a block diagram of a first electronic device according to an embodiment of the present invention.

The first electronic device 100 includes a transceiver 110 and a processor 120.

The transceiver 110 may perform communication. For example, the transmission/reception unit 110 may communicate with the second electronic device 200. The transmission/reception unit 110 may exchange at least one key by performing communication with the second electronic device 200.

The processor 120 overall controls the first electronic device 100. In particular, the processor 120 may perform a process of generating a session key with the second electronic device 200.

4 is a block diagram of a second electronic device according to an embodiment of the present invention.

The second electronic device 200 includes a transceiver 210 and a processor 220.

The transceiver 210 may perform communication. For example, the transceiving unit 210 may communicate with the first electronic device 100. The transceiving unit 210 may exchange at least one key by performing communication with the first electronic device 100.

The processor 220 overall controls the second electronic device 200. In particular, the processor 220 may perform a process of generating a session key with the first electronic device 200.

5 is a detailed block diagram of a first electronic device or a second electronic device according to an embodiment of the present invention.

Referring to FIG. 5, a first electronic device (or second electronic device) 500 includes a communication unit 510, a storage unit 520, and a processor 530.

The communication unit 510 performs communication.

The communication unit 510 communicates with an external electronic device through wired or various communication methods such as BT (BlueTooth), WI-FI (Wireless Fidelity), Zigbee, IR (Infrared), NFC (Near Field Communication). I can.

, 키 값 등을 저장할 수 있다.The storage unit 520 stores an O/S (Operating System) software module for driving the first electronic device (or second electronic device) 500, and data for configuring various UI screens provided in the display area. I can. As an example, the storage unit 520 may include UX/UI data, and the like. In addition, the storage unit 520 is a PW/ID,

, Key values, etc. can be stored.

The processor 530 generally controls the operation of the first electronic device (or the second electronic device) 500 by using various programs stored in the storage unit 520.

Specifically, the processor 530 includes a RAM 531, a ROM 532, a graphic processing unit 533, a main CPU 534, the first to n interfaces 535-1 to 535-n, and a bus 537. Include.

The RAM 531, the ROM 532, the graphic processing unit 533, the main CPU 534, the first to nth interfaces 535-1 to 535-n, and the like may be connected to each other through the bus 537.

The ROM 532 stores an instruction set for booting the system, and the like. When the turn-on command is input and power is supplied, the main CPU 534 copies the O/S stored in the storage unit 520 to the RAM 532 according to the instruction stored in the ROM 532 and executes the O/S. Boot the system. When booting is completed, the main CPU 534 copies various application programs stored in the storage unit 520 to the RAM 531 and executes the application programs copied to the RAM 531 to perform various operations.

The graphic processing unit 533 generates a screen including various objects such as icons, images, and texts using an operation unit and a rendering unit.

The main CPU 534 accesses the storage unit 520 and performs booting using the O/S stored in the storage unit 520. Then, various operations are performed using various programs, contents, data, etc. stored in the storage unit 520.

The first to nth interfaces 535-1 to 535-n are connected to the various components described above. As an example, one of the interfaces may be a network interface that is connected to an external device through a network.

The processor 530 may select a random number and generate a key based on the selected random number. Also, the processor 530 may generate a secret key based on the generated key. Also, the processor 530 may generate a PRF value based on the user's ID and password. Also, the processor 530 may generate a MAC value based on the RPF value. Also, the processor 530 may generate a session key based on the key and MAC value.

6 is a flowchart illustrating a method of generating a session key according to an embodiment of the present invention.

The session key generation method includes a process of receiving a first key generated based on a first random number (610), a process of generating a second key based on a second random number (620), and a first key and a second random number. A process of generating a third key based on 630, a process of generating a plurality of secret keys based on a first key, a second key, and a third key (640), a first secret key that is one of a plurality of secret keys , The process of generating a pseudorandom function (PRF) value based on the user's identification and password (650), one of the first key, the second key, and the plurality of secret keys A process of transmitting a first mass authentication code (MAC) value and a second key generated based on a second secret key and a PRF value (660), a process of receiving a second MAC value (670), and A process of generating a session key based on a first key, a second key, and a third secret key that is one of the plurality of secret keys, the PRF value, the first MAC value, and the second MAC value (680). It may include.

에서 선택될 수 있다.Here, the first random number and the second random number are a set

Can be chosen from

이고, 제2 난수는

이고, 제1 키는

이고, 제2 키는

이고, 제3 키는

이다.Also, the first random number is

And the second random number is

And the first key is

And the second key is

And the third key is

to be.

이고, 제2 비밀 키는

이고, 제3 비밀 키는

일 수 있다. 여기서,

,

및

은,

,

및

를 입력으로 하는 해쉬 함수

의 출력 값에 기초하여 생성될 수 있다.For example, the first secret key is

And the second secret key is

And the third secret key is

Can be here,

,

And

silver,

,

And

Hash function as input

Can be generated based on the output value of.

,

및

은 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합(concatenation) 연산자이고,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트이다.For example, if the length of the output string of the hash function is 512 bits,

,

And

Is the equation

Can be generated based on here,

Is the concatenation operator,

String length of,

String length of and

The string length of is 128 bits.

,

및

은 수학식

및 수학식

에 기초하여 생성될 수 있다. 여기서,

은 결합 연산자이고,

의 스트링 길이,

의 스트링 길이 및

의 스트링 길이는 128비트이다.As another example, if the length of the output string of the hash function is 256 bits,

,

And

Is the equation

And the equation

Can be generated based on here,

Is the associative operator,

String length of,

String length of and

The string length of is 128 bits.

기초하여 생성될 수 있다. 여기서,

는 PRF 값,

는 사용자의 ID,

는 패스워드,

은 유사 난수 함수이다.In the above example, the PRF value is the following equation

It can be created on the basis of. here,

Is the PRF value,

Is the user's ID,

Is the password,

Is a pseudorandom function.

에 기초하여 생성될 수 있다.In addition, the first MAC value is Equation

Can be generated based on

는 제1 MAC 값,

는

,

는 메시지 인증 코드 함수일 수 있다.here,

Is the first MAC value,

Is

,

May be a message authentication code function.

Meanwhile, the session key generation method according to various embodiments of the present disclosure described above is implemented as a computer-executable program code and stored in various non-transitory computer readable mediums so that they are executed by a processor. It may be provided to servers or devices.

For example, a process of receiving a first key generated based on a first random number, a process of generating a second key based on a second random number, a process of generating a third key based on the first key and the second random number , A process of generating a plurality of secret keys based on a first key, a second key, and a third key, a first secret key that is one of a plurality of secret keys, based on the user's ID (identification) and password (Password) A process of generating a pseudorandom function (PRF) value, the first key, the second key, a second secret key that is one of the plurality of secret keys, and a first massage (MAC) generated based on a PRF value. authentication code, message authentication code) transmitting a value and a second key, receiving a second MAC value, a first key, a second key, a third secret key that is one of the plurality of secret keys, and the PRF value , A non-transitory computer readable medium storing a program for generating a session key based on the first MAC value and the second MAC value may be provided.

The non-temporary readable medium refers to a medium that stores data semi-permanently and can be read by a device, rather than a medium that stores data for a short moment, such as a register, cache, or memory. Specifically, the above-described various applications or programs may be provided by being stored in a non-transitory readable medium such as a CD, DVD, hard disk, Blu-ray disk, USB, memory card, and ROM.

In addition, although the preferred embodiments of the present disclosure have been illustrated and described above, the present disclosure is not limited to the specific embodiments described above, and the technical field to which the present invention belongs without departing from the gist of the present disclosure claimed in the claims. In addition, various modifications may be possible by those of ordinary skill in the art, and these modifications should not be individually understood from the technical idea or perspective of the present disclosure.

IoT system: 10 First electronic device: 100
Second electronic device: 200 Transmitting/receiving unit: 110, 210
Processor: 120, 220, 530 Communication unit: 510
Storage: 520

Claims (16)

In the method of generating a session key,
Receiving a first key generated based on a first random number;
Generating a second key based on a second random number;
Generating a third key based on the first key and the second random number;
Generating a plurality of secret keys based on the first key, the second key, and the third key;
Generating a pseudorandom function (PRF) value based on a first secret key that is one of the plurality of secret keys, an identification (ID) and a password of a user;
The first key, the second key, a second secret key that is one of the plurality of secret keys, and a first mass authentication code (MAC) value generated based on the PRF value and the second key Transmitting process;
Receiving a second MAC value; And
Generating a session key based on the first key, the second key, and a third secret key that is one of the plurality of secret keys, the PRF value, the first MAC value, and the second MAC value; and How to generate a session key.
The method of claim 1,
The first random number and the second random number are a set

Session key generation method selected from.
The method of claim 1,
The first random number is

And the second random number is

And the first key is

And the second key is

And the third key is

In, session key generation method.
The method of claim 3,
The first secret key is

ego,
The second secret key is

ego,
The third secret key is

ego,
remind

, remind

And above

silver,
remind

, remind

And above

Hash function as input

Generated based on the output value of, session key generation method.
The method of claim 4,
If the length of the output string of the hash function is 512 bits, the

, remind

And above

Is the equation

Is created on the basis of, where,

Is the concatenation operator,
remind

String length, above

String length and above

The string length of is 128 bits, the method of generating the session key.
The method of claim 4,
When the length of the output string of the hash function is 256 bits, the

, remind

And above

Is the equation

And the equation

Is created on the basis of, where,

Is the associative operator,
remind

String length, above

String length and above

The string length of is 128 bits, the method of generating the session key.
The method of claim 4,
The PRF value is generated based on the following equation,

here,

Is the PRF value,

Is the user's ID,

Is the password,

Is a pseudo-random function, a method of generating a session key.
The method of claim 7,
The first MAC value is generated based on the following equation,

here,

Is the first MAC value,

Is

,

Is a message authentication code function, how to generate a session key.
In an electronic device that generates a session key,
A transceiver; And
Controlling the transceiver to receive a first key generated based on a first random number,
Generate a second key based on a second random number,
Generate a third key based on the first key and the second random number,
Generating a plurality of secret keys based on the first key, the second key, and the third key,
Generates a pseudorandom function (PRF) value based on a first secret key, which is one of the plurality of secret keys, and a user's identification and password,
The first key, the second key, a second secret key that is one of the plurality of secret keys, and a first mass authentication code (MAC) value generated based on the PRF value and the second key Controlling the transceiver to transmit,
Controlling the transceiver to receive a second MAC value,
A processor for generating a session key based on the first key, the second key, and a third secret key that is one of the plurality of secret keys, the PRF value, the first MAC value, and the second MAC value; The electronic device.
The method of claim 9,
The first random number and the second random number are a set

Selected from, electronics.
The method of claim 9,
The first random number is

And the second random number is

And the first key is

And the second key is

And the third key is

Phosphorus, electronics.
The method of claim 9,
The first secret key is

ego,
The second secret key is

ego,
The third secret key is

ego,
remind

, remind

And above

silver,
remind

, remind

And above

Hash function as input

Generated based on the output value of, electronic device.
The method of claim 12,
If the length of the output string of the hash function is 512 bits, the

, remind

And above

Is the equation

Is created on the basis of, where,

Is the concatenation operator,
remind

String length, above

String length and above

The electronic device has a string length of 128 bits.
The method of claim 12,
When the length of the output string of the hash function is 256 bits, the

, remind

And above

Is the equation

And the equation

Is created on the basis of, where,

Is the associative operator,
remind

String length, above

String length and above

The electronic device has a string length of 128 bits.
The method of claim 12,
The PRF value is generated based on the following equation,

here,

Is the PRF value,

Is the user's ID,

Is the password,

Is a pseudorandom function, an electronic device.
The method of claim 15,
The first MAC value is generated based on the following equation,

here,

Is the first MAC value,

Is

,

Is a message authentication code function, an electronic device.

Images