WO2007059558A1 - Protocole sans fil pour confidentialité et authentification - Google Patents

Protocole sans fil pour confidentialité et authentification Download PDF

Info

Publication number
WO2007059558A1
WO2007059558A1 PCT/AU2006/001729 AU2006001729W WO2007059558A1 WO 2007059558 A1 WO2007059558 A1 WO 2007059558A1 AU 2006001729 W AU2006001729 W AU 2006001729W WO 2007059558 A1 WO2007059558 A1 WO 2007059558A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packets
packet
initialization vectors
session
initialization
Prior art date
Application number
PCT/AU2006/001729
Other languages
English (en)
Inventor
Abbas Jamalipour
Jonathan Yi-Kwang Teo
Original Assignee
The University Of Sydney
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2005906530A external-priority patent/AU2005906530A0/en
Application filed by The University Of Sydney filed Critical The University Of Sydney
Publication of WO2007059558A1 publication Critical patent/WO2007059558A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W56/00Synchronisation arrangements

Definitions

  • the present invention relates generally to communications and more particularly to protocols suitable for wireless communications such as the wireless LAN protocol defined by the IEEE 802.1 Ix standard.
  • Wired Equivalent Privacy WEP
  • a stream cipher operates by expanding a short key into an infinite pseudo-random key stream.
  • the transmitter XORs the key stream with the plaintext to produce ciphertext.
  • the receiver has a copy of the same key, and uses it to generate an identical key stream. XOR-ing the key stream with the ciphertext yields the original plaintext.
  • VPNs virtual private networks
  • a VPN provides end-to-end security for users, but requires the use of a VPN server to administer the network. This approach may be suitable for some large private networks, but is far from a universal solution.
  • WLAN wireless local area network
  • WEP wired equivalent privacy
  • the security protocol described hereinafter can be instituted throughout a communications network and is described, in particular, with reference to IEEE 802.11- based wireless data networks.
  • This security protocol is termed Self-Synchronized Authentication Privacy (SSAP) and can serve as a standalone protocol for secure packet communication over a lossy channel or as a replacement for WEP, as described above.
  • SSAP is intended for integration as a preferred security protocol in existing IEEE 802.11- based wireless data networks.
  • SSAP does not require any special firmware, and does nor require significantly more processing power than is used for WEP.
  • SSAP allows different ciphers to be used, as required.
  • SSAP can be used in infrastructure mode between an access point and a mobile station, or in an ad hoc mode between two mobile stations.
  • a synchronization algorithm co-ordinates, between the transmitter and the receiver, corresponding encrypting/decrypting initialization vectors that are used in a selected encryption cipher for encrypting and decrypting individual packets.
  • the encrypting/decrypting initialization vectors vary for each packet.
  • the synchronization algorithm accounts for dropped packets that may be lost in transmission in a loss-prone wireless communications channel.
  • Synchronization is achieved though the use of a nonce counter, which is transmitted with each data packet.
  • a random nonce is generated at a receiver, for each session, and transmitted to the transmitter for use during the session.
  • the current value of the nonce counter increments in a predetermined manner for each transmitted data packet.
  • the current value of the nonce counter is transmitted with each encrypted data packet and, once received, provides synchronization information to the receiver. The receiver can thus detect whether packets are dropped, within the capacity of a look-ahead window. The base key is not revealed.
  • the corresponding encrypting/decrypting initialization vectors which are used for encrypting and subsequently decrypting successive packets, are generated based upon a session initialization vector, and packet initialization vectors.
  • a session initialization vector is generated at the transmitter and receiver for each session, and is used to tie the transmitter and receiver to the base key.
  • a session initialization vector is generated as the output of a keyed hash function that takes as input the base key, in combination with a common Basic Service Set Identifier (BSSID), and the Media Access Control (MAC) addresses of the transmitter and receiver.
  • BSSID Basic Service Set Identifier
  • MAC Media Access Control
  • Packet initialization vectors are generated for successive packets at the transmitter and receiver, based upon the output of a pseudorandom function.
  • the pseudorandom function takes as input a base key and the current value of the nonce counter.
  • synchronization provides an appropriate value of the nonce counter for use in generating a packet initialization vector.
  • SSAP addresses some recognized vulnerabilities of WEP, and adds further security enhancements to prevent or at least reduce attacks on the transmitted data.
  • the protocol can operate with a variety of hardware implementations, and can be used with different ciphers. Examples of a block cipher, offset codebook (OCB), and a stream cipher, Rivest Cipher 4 (RC4) are described hereinafter.
  • An aspect of the present invention provides a method for conducting an encrypted communications session.
  • the method comprises the steps of: generating for successive data packets, respective packet initialization vectors based upon counter values that change in a predetermined manner for each of the successive data packets; encrypting the ⁇ 6 001729
  • Another aspect of the present invention provides a method for conducting an encrypted wireless communications session.
  • the method comprises the steps of: receiving with encrypted data packets, corresponding counter values that change in a predetermined manner for each of the successively transmitted data packets; generating, for the encrypted data packets, respective packet initialization vectors based upon the counter values received with the encrypted data packets; and decrypting the received data packets using decrypting initialization vectors based upon the respective packet initialization vectors generated for each of the received data packets and a session initialization vector.
  • the wireless transceiver device comprises: a processor for generating for successive data packets respective packet initialization vectors based upon counter values that change in a predetermined manner for each of the successive data packets, and for encrypting the data packets using respective encrypting initialization vectors based upon the respective packet initialization vectors generated for each of the data packets and a session initialization vector; and an antenna unit for transmitting with each of the encrypted data packets, the corresponding counter value used to generate the packet initialization vector corresponding with each packet.
  • the wireless transceiver device for conducting a wireless communications session.
  • the wireless transceiver device comprises: an antenna unit for receiving with encrypted data packets corresponding counter values that change in a predetermined manner for each of the successively transmitted data packets; and a processor for generating for the encrypted data packets respective packet initialization vectors based upon the counter values received with the encrypted data packets, and for decrypting the received data packets using decrypting - - initialization vectors based upon the respective packet initialization vectors generated for each of the received data packets and a session initialization vector.
  • the computer program product comprises: computer software code means for generating for successive data packets respective packet initialization vectors based upon counter values that change in a predetermined manner for each of the successive data packets; computer software code means for encrypting the data packets io using respective encrypting initialization vectors based upon the respective packet initialization vectors generated for each of the data packets and a session initialization vector; and computer software code means for transmitting with each of the encrypted data packets the corresponding counter value used to generate the packet initialization vector corresponding with each packet.
  • the computer program product comprises: computer software code means for receiving with encrypted data packets corresponding counter values that 0 change in a predetermined manner for each of the successively transmitted data packets; computer software code means for generating for the encrypted data packets respective packet initialization vectors based upon the counter values received with the encrypted data packets; and computer software code means for decrypting the received data packets using decrypting initialization vectors based upon the respective packet initialization 5 vectors generated for each of the received data packets and a session initialization vector.
  • FIGS. 1 and 2 are corresponding schematic representations of encryption blocks used in implementing the SSAP protocol, which respectively incorporate a block cipher (OCB) and a stream cipher (RC4).
  • OCB block cipher
  • RC4 stream cipher
  • Figs. 3 and 4 are corresponding schematic representations of decryption blocks matching the encryption blocks of Figs. 1 and 2, and which also respectively incorporate the same block cipher and stream cipher.
  • Figs. 5 is a schematic representation of a frame format for SSAP that can be used with the o SSAP protocol
  • Fig. 6 is a schematic representation of a modified SKA frame 2 format that can be used with the SSAP protocol.
  • Figs. 7 and 8 are corresponding flow diagrams of a method for conducting an encrypted communications session, which respectively relate to transmission and reception. s
  • Fig. 9 is a schematic representation of a computer system having a network interface and suitable for use as an access point or base station in a wireless network implementing the SSAP protocol.
  • the SSAP protocol is a mechanism by which a transmitter and a receiver can exchange encrypted data across a wireless or other medium such that the authenticity of the message is trusted.
  • the encrypting and decrypting procedure for a transmitter and a 5 receiver are both described hereinafter, for example block and stream ciphers, as well as how synchronization is achieved in the event of packet loss. Frame formats for the example block and stream ciphers are also described.
  • SSAP can be implemented using software drivers for the transceiving hardware used in existing Wireless LANs.
  • SKA Shared Key Authentication
  • a 128-bit session initialization vector is generated at the transmitter and receiver using a keyed hash function (in this case MD5-HMAC).
  • the BSS Identifier (BSSID), the transmitter's MAC address and the receiver's MAC address are concatenated in that order io to form a 144-bit value (6 bytes for each field). This concatenated value is provided as input to the keyed hash function together with the secret Base Key, generating a 128-bit value SW.
  • the MD5-HMAC used in this context can be implemented in software at the receiver if legacy hardware does not support the generation of such a cryptographically secure hash.
  • the SrV is generated only once per session, each time a new channel of communication is established.
  • the ordering of the MAC addresses (that is, the transmitter's MAC address and the receiver's MAC address) is predetermined, and specifies a direction of communication. This particular order is thus maintained in the keyed hash function. 0
  • a random 32-bit Nonce Counter is generated at the receiver, and passed to the transmitter during initialization. Both transmitter and receiver are then able to seed independent Pseudorandom Functions (PRF) using RQ, the bitwise XOR of the Base Key with the random Nonce Counter. This is performed only once, with subsequent seeds following 5 from the previous output of the PRF. With each transmitted packet, the 32-bit nonce is incremented by a value of one. The nonce thus functions as a counter, and exposes no information about the secret Base Key.
  • PRF Pseudorandom Functions
  • the PRF then generates a 96-bit random sequence R /c which is concatenated with the 32- o bit nonce to produce the per-packet initialization vector (PIV).
  • PIV per-packet initialization vector
  • Fig. 1 schematically represents an encryption block for SSAP with an OCB block cipher.
  • a session initialization vector (SIV) is generated for the session as described hereinbefore using the keyed hash function 140.
  • a packet initialization vector (PIV) is generated as follows.
  • a Nonce Counter k and the Base Key are concatenated in block 110, the output of which is provided to a pseudorandom function (PRF) 120.
  • the Nonce Counter k is concatenated with the Base Key to provide an additional source of randomness to the PRF o 120.
  • the 96-bit output of the PRF 120, R k is iteratively provided as a supplementary input, Ri c -i, to the PRF 120 for use in generating the successive value of R /c . This feedback synchronizes the two PRF outputs, which are seeded by the same value, which changes with each packet sent. This is the self-synchronizing part.
  • the 96-bit R / ⁇ and the 32-bit Nonce Counter k are concatenated in block 130 to produce the 128-bit PIV.
  • the PIV and SIV are bitwise XOR-ed by the XOR function 150 to produce an encrypting initialization vector (EIV) that is provided to the OCB cipher block 160.
  • EIV encrypting initialization vector
  • the OCB cipher 160 uses the Data Payload, Base Key and the XOR-ed value of the PW and SW (the EW) to produce ciphertext.
  • the 0 frame or packet 170 includes the Nonce Counter k, the ciphertext produced by the OCB cipher block 160, and an Authentication Tag.
  • the Authentication Tag is generated in the case of an OCB cipher, and appended to the end of the data payload in a single pass.
  • the format of the frame or packet 170 is described in further detail hereinafter.
  • the random Nonce Counter functions as protection against replay attacks and is transmitted across the network together with the encrypted data.
  • the Nonce Counter replaces the W of a conventional WEP encrypted packet.
  • the Nonce Counter exposes no part of the secret Base Key to a prospective attacker.
  • the combination of the random Nonce Counter and the pseudorandom number generator (PRNG) sequence output prevents reuse of the W even after exhausting the period of the PRNG sequence.
  • PRNG pseudorandom number generator
  • the SIV provides bi-directional session authentication, and is resilient against spoofing attacks, as the Base Key is not exposed and the SIV cannot be reused.
  • the SIV cannot be reused as the receiver generates the nonce counter, and an adverse third party initiating a session is unable to induce a receiver to generate a nonce counter that was used in a previous session.
  • the SIV also removes the Base Key from direct attack and weakly ties the session key to the transmitter and receiver participating in the communication session, typically an access point (AP) and station (STA) in a Wireless LAN.
  • AP access point
  • STA station
  • Fig. 2 schematically represents an encryption block for SSAP, which uses a RC4 stream cipher rather than an OCB block cipher.
  • the encryption block operates in a similar manner as the encryption block of Fig. 1, in connection with generating a SIV and PIV, which is XOR-ed by XOR block 250 to generate an EW, which is provided to a RC4 cipher block 260. This EIV is then used with the selected cipher mode of operation, RC4.
  • An authentication tag is generated and appended to the end of the data payload in a single pass in the case of OCB.
  • the CRC32 checksum is calculated and appended to the end of the unencrypted data by block 264 before encryption using the EIV.
  • the Data Payload and Appended CRC32 Checksum is XOR-ed with the output of the RC4 block 260 by XOR block 266 to generate the ciphertext used in the frame or packet 270.
  • the data transmitted in the frame or packet 270 includes the Nonce Counter and the Data Payload, with either the integrity check value or authentication tag.
  • Fig. 3 schematically represents a decryption block for SSAP, corresponding with the encryption block of Fig. 1 in which OCB block cipher is also used.
  • LAW Look Ahead Window
  • SIV session initialization vector
  • the output SIV is XOR-ed with the PTV by XOR block 350 to form the decrypting IV used by the decrypting OCB cipher block 360, as described hereinafter.
  • the SSAP decryption process begins when the receiver receives the encrypted packet 370.
  • the receiver encryption block Upon receiving an encrypted packet or frame 370, the receiver encryption block generates the required PIV for combination with the SIV.
  • the receiver generates the PIV for each incoming packet or frame. This scheme reduces computational requirements as a hash calculation (performed by the key hash block 340) is performed only once during each communications session.
  • the PIV is generated by concatenating the received Nonce Counter k and the output of the PRF 320 using block 330.
  • the Nonce Counter k is provided first to the LAW Algorithm block 325, which operates in the event of dropped packets to synchronize the PIV of the receiver with that of the transmitter, as described in further detail hereinafter.
  • the Nonce Counter k is also concatenated with the Base Key by block 310, and provided to the PRF block 320.
  • the 96-bit output of the PRF 320, R k is iteratively provided as a supplementary input, R ⁇ , to the PRF 120 for use in generating the succeeding value of R f c.
  • the 96-bit R /( and the 32-bit Nonce Counter k are concatenated in block 330 to produce the 128-bit PIV, which is an identical reconstruction of the PIV generated for the corresponding packet in the encryption block at the transmitter, as described hereinbefore with reference to Fig. 1.
  • the decrypting IV (DIV) produced from the SIV and PIV is then used as input to the OCB decryption block 360, together with the ciphertext and Base Key.
  • An integrity check is performed on the sent data by verification of the authentication tag in the case that OCB is used.
  • the Authentication Tag is stripped from the output of the OCB block 360 by block 362 to produce a Plaintext Payload corresponding to the Data Payload transmitted by the transmitter.
  • the block 364 accepts the Authentication Tag from the received frame 370, and the Authentication Tag derived from the output of the OCB block 360. A check is made by block 366 that these Tags are the same and legitimate.
  • Fig. 4 schematically represents decryption block for SSAP corresponding with the encryption block of Fig. 2, which also uses a RC4 stream cipher.
  • the decryption block operates in a similar manner as the decryption block of Fig. 3, in connection with generating a SIV and PIV.
  • the RC4 block 460 receives the decryption IV from the XOR block 450, and the XOR block 462 combines the output of the RC4 block 460 with the Checksum of the received frame or packet 470.
  • the resulting data is separated into a Plaintext Payload corresponding to the Data Payload transmitted from the transmitter, and a decrypted checksum value (ICV).
  • the CRC32 Algorithm block 464 interrogates the Plaintext Payload to derive the checksum value (ICV) 5 which is compared with the decrypted checksum value ICV to determine that these values are the same and legitimate.
  • This integrity check is performed on the sent data by verification of the CRC32 checksum in the case of RC4/CRC32 encryption. The integrity of the message is then checked and positive acknowledgement is made to the transmitter only upon successful verification of the message's integrity.
  • a look-ahead window is, with reference to Fig. 3, implemented by the LAW block 325, which initiates synchronization in the event of any dropped or missing packets.
  • the function of the synchronization algorithm is described hereinafter.
  • the size of the LAW is defined as a positive integer L, which specifies the number of packets that can be lost while synchronization can still be achieved.
  • L The Nonce Counter k is extracted at the receiver and verified to be within the range of the LAW. If the Nonce Counter Jc is successfully verified by the LAW block 325, the PRNG sequence is iterated through by the offset provided by the received Nonce Counter k. As in the case of encryption, the PRNG sequence is then concatenated to produce the PIV that was used to encrypt the received packet, and can likewise be used to decrypt the packet.
  • r S k ⁇ S k .
  • S k is the current value of the 32-bit Nonce Counter transmitted with the received data packet
  • S k -i is the same value transmitted with the last previously received data packet.
  • the value of the packet counter r is ordinarily also "1", when all transmitted data packets are safely received in sequence and without error.
  • the LAW algorithm compares the value of r against the size of the look-ahead window L for the following cases.
  • the received packet is in error if the packet count is determined as r ⁇ O. This may indicate either a retransmitted or compromised frame.
  • the receiver discards the received frame, and can return a status code to the transmitter indicating that the received frame was sent in error.
  • the receiver is out of synchronization with the transmitter by a count greater than the size of the LAW. This can occur if an excessive number of frames are dropped by the medium, or an attacker is blocking packets through the channel. In either case, the session is unstable and vulnerable to attack, and would thus be terminated. Re- establishment of the session between transmitter and receiver is required for further communications to take place.
  • the receiver Nonce Counter at the receiver is incremented, in correspondence with the transmitter Nonce Counter. Decryption operates without the direct intervention of the LAW block 325.
  • a packet count value r that is greater than one but not exceeding the window capacity L indicates that one or more packets have been dropped during transmission, but that synchronization is possible with assistance of the LAW block 325.
  • the transmitter and the receiver are, in other words, out of synchronization, but can be re- synchronized.
  • the LAW block 325 provides the initial information (namely the packet count r) that can be used to resume communications.
  • the PRNG sequences are, as described above, iteratively updated to a state determined by the packet counter r, and can then be used to generate the appropriate PIV to resume decrypting received packets.
  • the receiver Nonce Counter is reset to match that of the last successful packet received. This may follow, for example, an unsuccessful attempt at synchronization in a noisy channel. Synchronization can be attempted again with subsequently received packets in the manner described above.
  • Integrity checking of the received packet can be performed, and status codes can be returned to indicate whether the packet is received without error, or otherwise.
  • Synchronization can operate in environments with significant packet loss, limited by the size of the look-ahead window (LAW).
  • LAW look-ahead window
  • Environmental modeling can be performed to determine an optimal window size.
  • Fig. 5 schematically represents a frame format for SSAP.
  • the SSAP frame format 500 is similar to that of WEP, and uses a nonce counter in place of an IV (sent in the clear) used in WEP.
  • the size of the frame format 500 varies according to the type of cipher used.
  • the fields used in the frame format 500 are as follows: • Nonce counter (32 bits) 510
  • FIG. 6 schematically represents a modified SKA Frame 2 format 600 that is used during initialization.
  • the fields used in the frame format 600 are as follows:
  • Fig. 7 is a flow diagram of a transmission-side method for conducting an encrypted communications session.
  • Packet initialization vectors for successive data packets are generated based upon counter values that change in a predetermined manner for each of the successive data packets, at step 710.
  • the data packets are encrypted using respective encrypting initialization vectors that are based upon the respective packet initialization vectors generated for each of the data packets (in step 710) and a session initialization vector.
  • the corresponding counter value used to generate the packet initialization vector corresponding to each packet is transmitted with each of the encrypted data packets, at step 730.
  • Fig. 8 is a flow diagram of a reception-side method for conducting an encrypted communications session.
  • Encrypted data packets and corresponding counter values that change in a predetermined manner for each of the successively transmitted data packets are received at step 810.
  • packet initialization vectors are generated for the respective encrypted data packets based upon the counter values received with the encrypted data packets (in step 810).
  • the received data packets are decrypted using decryption initialization vectors based upon the respective packet initialization vectors generated (in step 820) for each of the received data packets and a session initialization vector.
  • Fig. 9 is a schematic representation of a computer system 900 of a type that may act as an access point or a base station in a wireless LAN incorporating the SSAP protocol described herein.
  • Computer software executes under a suitable operating system installed on the computer system 900, and may be thought of as comprising various software code means for achieving particular steps.
  • Particular computer software can be coded to implement the SSAP protocol described herein.
  • the components of the computer system 900 include a computer 920, a keyboard 910 and mouse 915, and a video display 990.
  • the computer 920 includes a processor 940, a memory 950, an input/output (I/O) interface 960, a network interface 965, a video interface 945, and a storage device 955.
  • I/O input/output
  • the processor 940 comprises one or more central processing unit(s) (CPU) that execute(s) the operating system and the computer software executing under the operating system.
  • the memory 950 is accessed under the direction of the processor 940 and may include random access memory (RAM), read-only memory (ROM), flash memory and/or any other suitable type of memory known in the art.
  • the video interface 945 is connected to video display 990 and provides video signals for display on the video display 990.
  • User input to operate the computer 920 is provided from the keyboard 910 and/or the mouse 915.
  • the storage device 955 can include a disk drive or any other suitable storage medium known in the art.
  • Each of the components of the computer 920 is connected to an internal bus 930 that includes data, address, and control buses, to allow components of the computer 920 to communicate with each other via the bus 930.
  • the computer system 900 can be connected to one or more other similar computers via a wireless network interface card (NIC) 965 using a communication channel 985 to a wireless network, represented as WLAN 980.
  • NIC wireless network interface card
  • the wireless network interface card 965 can have a variety of configurations, but typically incorporates an antenna unit and its own on-card processor, as well as volatile storage means. Selected computing tasks can be passed to the processor 940, or delegated to dedicated computing hardware units, as required.
  • the computer software may be recorded on a portable storage medium, in which case, the computer software program is accessed by the computer system 900 from the storage device 955.
  • the computer software can be accessed directly from the WLAN 980 by the computer 920.
  • a user can interact with the computer system 900 using the keyboard 910 and the mouse 915 to operate the programmed computer software executing on the computer 920.
  • computer system 900 represents only one possible means for implementing the methods described herein and that other configurations or types of computer systems can be equally well used to execute computer software that assists in implementing the methods described herein.
  • computer software that assists in implementing the methods described herein may be executed on a portable or mobile computer system such as a personal digital assistant (PDA) and a mobile telephone.
  • PDA personal digital assistant
  • SSAP is described for use in IEEE 802.11 Wireless LAN equipment and may function as a standalone protocol for secure communications over a lossy channel or as a replacement for the existing WEP security mechanism specified by the Wireless LAN standard.
  • SSAP can advantageously be implemented in conjunction with existing hardware.
  • the use of SSAP may, however, be extended beyond IEEE 802.11 networks, and may be applied to other communications networks in which transaction-based communications are conducted.
  • SSAP can be used in other environments, particularly when transaction-based security is required, and enables the use of either block or stream ciphers, which is typically not possible with other security mechanisms.
  • SSAP is modular in structure, in the sense that different computational algorithms may be independently used to provide the pseudo-random function (PRF), keyed hash, and the encryption cipher. Furthermore, different combinations of these components can advantageously be used as required. Accordingly, the security protocol can be used in conjunction with more complex ciphers. This design flexibility is desirable to combat increasingly efficient attacks that use increasing levels of computing power. More complex algorithms than those described herein may be practiced, especially if efficient computation is supported by future hardware developments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un protocole de sécurité pour des communications sans fil qui utilise un algorithme de synchronisation pour coordonner des vecteurs d'initialisation de chiffrement/déchiffrement correspondants au niveau d'un émetteur et d'un récepteur. La synchronisation peut prendre en compte des paquets perdus au moyen d'un compteur nonce, qui est transmis avec chaque paquet de données. Un nonce aléatoire est généré au niveau d'un récepteur, pour chaque session, et est transmis à l'émetteur pendant la session. Le compteur nonce est incrémenté pour chaque paquet de données transmis, et est transmis avec chaque paquet de données chiffré. Une fois reçu, le compteur nonce envoie des informations de synchronisation au récepteur pour effectuer le déchiffrement. Le récepteur peut ainsi détecter si les paquets sont perdus, et procéder à une resynchronisation si nécessaire, dans les limites de capacité d'une fenêtre d'anticipation.
PCT/AU2006/001729 2005-11-23 2006-11-17 Protocole sans fil pour confidentialité et authentification WO2007059558A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2005906530 2005-11-23
AU2005906530A AU2005906530A0 (en) 2005-11-23 Wireless protocol for privacy authentication

Publications (1)

Publication Number Publication Date
WO2007059558A1 true WO2007059558A1 (fr) 2007-05-31

Family

ID=38066825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2006/001729 WO2007059558A1 (fr) 2005-11-23 2006-11-17 Protocole sans fil pour confidentialité et authentification

Country Status (1)

Country Link
WO (1) WO2007059558A1 (fr)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008134819A1 (fr) * 2007-05-07 2008-11-13 Jurox Pty Ltd Forme posologique améliorée et procédé associé
WO2012071597A1 (fr) * 2010-12-02 2012-06-07 Cordes Rene-Michael Procédé et dispositif permettant d'effectuer un chiffrement de flux symétrique de données
DE102011082741A1 (de) * 2011-09-15 2013-03-21 Rohde & Schwarz Gmbh & Co Kg Verschlüsselung basierend auf Netzwerkinformationen
US8842828B2 (en) 2012-08-01 2014-09-23 Qualcomm Incorporated System and method for hybrid multiple source decryption
WO2014159189A1 (fr) * 2013-03-14 2014-10-02 Robert Bosch Gmbh Système et procédé pour la communication chiffrée en mode compteur à bande passante réduite
US8990556B1 (en) 2014-08-13 2015-03-24 Gimbal, Inc. Sharing beacons
US9107152B1 (en) 2015-03-11 2015-08-11 Gimbal, Inc. Beacon protocol advertising bi-directional communication availability window
AT515814A1 (de) * 2014-05-20 2015-12-15 Logodynamic Unit Gmbh Verfahren und Vorrichtung zur Durchführung einer symmetrischen Stromverschlüsselung von Daten
US9544075B2 (en) 2012-02-22 2017-01-10 Qualcomm Incorporated Platform for wireless identity transmitter and system using short range wireless broadcast
WO2018090339A1 (fr) * 2016-11-18 2018-05-24 海能达通信股份有限公司 Procédé et dispositif de communication sans fil, et appareil de communication
EP3361669A4 (fr) * 2015-10-06 2018-08-29 Fujitsu Limited Unité montée, procédé de vérification d'unité montée et programme de vérification d'unité montée
US10360593B2 (en) 2012-04-24 2019-07-23 Qualcomm Incorporated Retail proximity marketing
US10419907B2 (en) 2012-02-22 2019-09-17 Qualcomm Incorporated Proximity application discovery and provisioning
JP2020513117A (ja) * 2017-04-05 2020-04-30 トレリスウェア テクノロジーズ インコーポレイテッド カウンタベースの暗号システムにおける改良型認証付き暗号化のための方法及びシステム
US20210266175A1 (en) * 2018-06-18 2021-08-26 Koninklijke Philips N.V. Device for data encryption and integrity
WO2022073330A1 (fr) * 2020-10-05 2022-04-14 Huawei Technologies Co., Ltd. Procédés, codeur et décodeur utilisant des fonctions de chiffrement et d'authentification pour chiffrer et déchiffrer un message

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002051058A2 (fr) * 2000-12-19 2002-06-27 At & T Wireless Services, Inc. Synchronisation de chiffrement dans un systeme de communication sans fil
US6708273B1 (en) * 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6708273B1 (en) * 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
WO2002051058A2 (fr) * 2000-12-19 2002-06-27 At & T Wireless Services, Inc. Synchronisation de chiffrement dans un systeme de communication sans fil

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008134819A1 (fr) * 2007-05-07 2008-11-13 Jurox Pty Ltd Forme posologique améliorée et procédé associé
WO2012071597A1 (fr) * 2010-12-02 2012-06-07 Cordes Rene-Michael Procédé et dispositif permettant d'effectuer un chiffrement de flux symétrique de données
US9602479B2 (en) 2011-09-15 2017-03-21 Rohde & Schwarz Gmbh & Co. Kg Encryption based on network information
DE102011082741A1 (de) * 2011-09-15 2013-03-21 Rohde & Schwarz Gmbh & Co Kg Verschlüsselung basierend auf Netzwerkinformationen
US10419907B2 (en) 2012-02-22 2019-09-17 Qualcomm Incorporated Proximity application discovery and provisioning
US9544075B2 (en) 2012-02-22 2017-01-10 Qualcomm Incorporated Platform for wireless identity transmitter and system using short range wireless broadcast
US10360593B2 (en) 2012-04-24 2019-07-23 Qualcomm Incorporated Retail proximity marketing
US8842828B2 (en) 2012-08-01 2014-09-23 Qualcomm Incorporated System and method for hybrid multiple source decryption
EP2974114A4 (fr) * 2013-03-14 2016-11-23 Bosch Gmbh Robert Système et procédé pour la communication chiffrée en mode compteur à bande passante réduite
WO2014159189A1 (fr) * 2013-03-14 2014-10-02 Robert Bosch Gmbh Système et procédé pour la communication chiffrée en mode compteur à bande passante réduite
US8983069B2 (en) 2013-03-14 2015-03-17 Robert Bosch Gmbh System and method for counter mode encrypted communication with reduced bandwidth
AT515814A1 (de) * 2014-05-20 2015-12-15 Logodynamic Unit Gmbh Verfahren und Vorrichtung zur Durchführung einer symmetrischen Stromverschlüsselung von Daten
US8990556B1 (en) 2014-08-13 2015-03-24 Gimbal, Inc. Sharing beacons
US9107152B1 (en) 2015-03-11 2015-08-11 Gimbal, Inc. Beacon protocol advertising bi-directional communication availability window
EP3361669A4 (fr) * 2015-10-06 2018-08-29 Fujitsu Limited Unité montée, procédé de vérification d'unité montée et programme de vérification d'unité montée
US10785034B2 (en) 2015-10-06 2020-09-22 Fujitsu Limited Implementation unit, implementation unit verification method, and computer-readable recording medium
WO2018090339A1 (fr) * 2016-11-18 2018-05-24 海能达通信股份有限公司 Procédé et dispositif de communication sans fil, et appareil de communication
JP2020513117A (ja) * 2017-04-05 2020-04-30 トレリスウェア テクノロジーズ インコーポレイテッド カウンタベースの暗号システムにおける改良型認証付き暗号化のための方法及びシステム
JP7008725B2 (ja) 2017-04-05 2022-01-25 トレリスウェア テクノロジーズ インコーポレイテッド カウンタベースの暗号システムにおける改良型認証付き暗号化のための方法及びシステム
US20210266175A1 (en) * 2018-06-18 2021-08-26 Koninklijke Philips N.V. Device for data encryption and integrity
WO2022073330A1 (fr) * 2020-10-05 2022-04-14 Huawei Technologies Co., Ltd. Procédés, codeur et décodeur utilisant des fonctions de chiffrement et d'authentification pour chiffrer et déchiffrer un message
US11546146B2 (en) 2020-10-05 2023-01-03 Huawei Technologies Co., Ltd. Methods, encoder and decoder using encryption and authentication functions for encrypting and decrypting a message

Similar Documents

Publication Publication Date Title
WO2007059558A1 (fr) Protocole sans fil pour confidentialité et authentification
EP2416524B1 (fr) Système et procédé de transaction sécurisée de données entre un dispositif de communication sans fil et un serveur
CN101512537B (zh) 在自组无线网络中安全处理认证密钥资料的方法和系统
US9674204B2 (en) Compact and efficient communication security through combining anti-replay with encryption
US20080170691A1 (en) Encryption And Decryption Device In Wireless Portable Internet System,And Method Thereof
US20070189528A1 (en) Wireless LAN transmitting and receiving apparatus and key distribution method
EP3607694A1 (fr) Systèmes et procédés destinés au cryptage authentifié amélioré dans des systèmes chiffrés basés sur compteur
US7039190B1 (en) Wireless LAN WEP initialization vector partitioning scheme
US20130202111A1 (en) Wireless security protocol
Xiao et al. Security services and enhancements in the IEEE 802.15. 4 wireless sensor networks
CN116321129B (zh) 一种轻量级的基于动态密钥的电力交易专网通信加密方法
Yao et al. Enhancing RC4 algorithm for WLAN WEP protocol
Junaid et al. Vulnerabilities of IEEE 802.11 i wireless LAN CCMP protocol
AU2010284792B2 (en) Method and apparatus for reducing overhead for integrity check of data in wireless communication system
US20170272405A1 (en) Security Improvements in a Wireless Data Exchange Protocol
McGrew Low power wireless scenarios and techniques for saving bandwidth without sacrificing security
Michell et al. State based key hop protocol: a lightweight security protocol for wireless networks
Petroni et al. The dangers of mitigating security design flaws: a wireless case study
CN111093193B (zh) 一种适用于Lora网络的MAC层安全通信的方法
Pepyne et al. SPRiNG: Synchronized random numbers for wireless security
WO2005117334A1 (fr) Transmission securisee fondee sur l'etat pour systeme sans fil
Junaid et al. Per packet authentication for IEEE 802.11 wireless LAN
Eren et al. WiMAX-Security–Assessment of the Security Mechanisms in IEEE 802.16 d/e
KR100798921B1 (ko) Mac 보안 서비스망에서의 보안 채널 제어 방법 및 이를구현하는 단말 장치
Ahmad et al. Attack Robustness and Security Enhancement with Improved Wired Equivalent Protocol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06804541

Country of ref document: EP

Kind code of ref document: A1