WO2010024379A1 - Communication system, communication device on transmission side and reception or transfer side, method for data communication and data transmission program - Google Patents

Communication system, communication device on transmission side and reception or transfer side, method for data communication and data transmission program Download PDF

Info

Publication number
WO2010024379A1
WO2010024379A1 PCT/JP2009/065047 JP2009065047W WO2010024379A1 WO 2010024379 A1 WO2010024379 A1 WO 2010024379A1 JP 2009065047 W JP2009065047 W JP 2009065047W WO 2010024379 A1 WO2010024379 A1 WO 2010024379A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
packet
hash value
authenticator
communication device
Prior art date
Application number
PCT/JP2009/065047
Other languages
French (fr)
Japanese (ja)
Inventor
角丸 貴洋
ウグス・オスマン
ヴェストホッフ・デュルク
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2010526783A priority Critical patent/JP5556659B2/en
Publication of WO2010024379A1 publication Critical patent/WO2010024379A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to a communication system for verifying the integrity of a program image mainly for updating a program image via a network, a communication device on a transmission side and a reception or transfer side, a data communication method, and a data communication program.
  • the update of the program image starts when the program image is set in a device that distributes the program image called a base station to the sensor nodes, and is divided into sizes suitable for deployment on the network. After dividing into the appropriate size, each is expanded to the sensor node.
  • the sensor node is configured by a multi-hop such as a tree structure, the sensor node is delivered by transferring the sensor image to the next-hop sensor node.
  • Non-Patent Document 1 a method based on a public key cryptosystem is shown.
  • the base station is realized by processing as follows at the stage of dividing the program image.
  • each divided program image is expressed as a packet
  • the hash value of the last packet is calculated and attached to the previous packet.
  • the hash value of the packet is calculated and added to the previous packet.
  • the same process is repeated until the first packet is reached (hash chain).
  • the top packet is signed with a secret key held by the base station. In this way, the receiver verifies the likelihood of the packet by verifying the leading packet with the public key, and verifies the validity of the subsequent packet by verifying the hash chain (see Non-Patent Document 1). ).
  • WSN is composed of a CPU (Central Processing Unit) and a device with a limited memory whose processing speed is not sufficient compared with PC.
  • CPU Central Processing Unit
  • a device with a limited memory whose processing speed is not sufficient compared with PC.
  • PC Central Processing Unit
  • they are 8-bit microcomputers equipped with 128 Kbytes of flash memory, 4 Kbytes of SRAM, EEPROM, and the like.
  • public key cryptosystems are used on these devices, there are problems of requiring calculation time and consuming a lot of memory for storing keys.
  • Non-Patent Document 2 there is shown a method using a common key cryptosystem assuming the resource limitation of devices constituting the WSN.
  • the base station is realized by processing as follows at the stage of dividing the program image.
  • a hash value of a key is calculated based on the first determined key, and this is the next key.
  • a key chain can be generated. This key chain is used from the last generated key and is used when calculating the hash value of the divided packet.
  • the calculated hash value and the key used for the calculation are assigned to each packet, and the packet is expanded to the sensor node.
  • the sensor node that receives this packet calculates a hash value using the assigned key and verifies the probability of the packet. At the same time, it is possible to verify the certainty of the key itself by calculating the hash value of the key itself and verifying whether the hash value is the same as the previous key.
  • Non-Patent Document 2 In order to realize an efficient verification method on a device with limited resources, it is necessary to guarantee safety while using a method with the least amount of calculation as shown in Non-Patent Document 2.
  • a key is first obtained from the same packet received by another sensor node, and the obtained legitimate key is used for falsification.
  • a hash value is assigned to a packet that has been tampered with, the sensor node that has received the tampered packet has a problem of accepting the tampered packet as correct because a valid key is used.
  • the first problem is that when a packet is received, it is possible to immediately generate a falsified packet using a valid key.
  • the reason is that the same packet includes packet data, a key for calculating a hash value, and a calculated hash value.
  • an object of the present invention is to provide a communication system that verifies the accuracy of a program image using a shared key cryptosystem without using a public key cryptosystem that requires more computation processing, a transmission side, and a reception or transfer side.
  • Communication device, data communication method, and data communication program are used to provide a communication system that verifies the accuracy of a program image using a shared key cryptosystem without using a public key cryptosystem that requires more computation processing, a transmission side, and a reception or transfer side.
  • Another object of the present invention is to adopt a mechanism capable of sequentially verifying received packets so that even if a tampered packet is inserted, a communication system that immediately detects, a communication device on the transmission side and the reception or transfer side, A data communication method and a data communication program are provided.
  • the present invention includes a communication device on the transmission side, a communication device on the reception or transfer side, and a network connecting between the communication device on the transmission side and the communication device on the reception or transfer side, and guarantees integrity.
  • the transmission side communication device is configured to store a key chain in which a series of keys is formed by repeating hash values for each key, and a divided data image to be transmitted.
  • a hash value with a key is calculated from the data part and the key and attached to the packet transmitted one before, and thereafter the data part in the previous packet and Generates an authenticator for each packet by repeatedly calculating the keyed hash value from the key and the previously calculated keyed hash value and assigning it to the previous packet And means for transmitting the generated packet to the network, wherein the receiving or forwarding communication device receives the packet from the network and a key for confirming the validity of the packet.
  • a communication system comprising: means for verifying an authenticator by comparing whether the calculated hash value with a key included in a packet ahead is the same.
  • the present invention also provides means for storing a key chain in which a series of keys is formed by repeating hash values for each key, and using the key chains in order for the divided data images to be transmitted.
  • the keyed hash value is calculated from the key and attached to the previous packet to be transmitted, and thereafter the data part, key, and keyed hash value calculated in the previous packet are used.
  • a communication apparatus comprising means for transmitting a generated packet to a network.
  • the present invention also provides a means for receiving a packet from a network, a means for storing a key for confirming the validity of the packet, and a hash in which a key included in the received packet is based on the stored key. Is calculated, calculates a keyed hash value for the entire packet including the next authenticator, and compares it with the calculated keyed hash value included in the next packet And a means for verifying the authenticator.
  • a key chain in which a series of keys is formed by repeating hash values for each key is stored, and the key chains are sequentially arranged with respect to the divided data images to be transmitted.
  • the data part and the key to calculate the keyed hash value and assigning it to the previous packet to be sent, and then the data part and key in the previous packet and the key with the previously calculated key
  • Generate an authenticator for each packet by repeatedly calculating a hash value with a key from the hash value and assigning it to the packet sent one before, and sending the generated packet to the network and receiving it
  • the side stores a key for checking the validity of the packet, receives the packet from the network, and includes it in the received packet based on the stored key.
  • the keyed hash value for the entire packet including the next authenticator is calculated and is the same as the calculated keyed hash value included in the next packet. It is a data communication method characterized by verifying an authenticator by comparing whether or not.
  • the present invention also provides a process for storing a key chain in which a series of keys is composed of repeated hash values for each key, and a data portion using the key chain in order for the divided data images to be transmitted.
  • the keyed hash value is calculated from the key and attached to the previous packet to be transmitted, and thereafter the data part, key, and keyed hash value calculated in the previous packet are used.
  • Communicating the process of generating an authenticator for each packet by repeatedly calculating the keyed hash value and assigning it to the previous packet sent, and the process of sending the generated packet to the network A program that is executed by an apparatus.
  • the present invention provides a process for receiving a packet from the network, a process for storing a key for confirming the validity of the packet, and a hash in which the keys included in the received packet are based on the stored key. Is calculated, calculates a keyed hash value for the entire packet including the next authenticator, and compares it with the calculated keyed hash value included in the next packet Thus, the communication device is caused to execute processing for verifying the authenticator.
  • the hash value of the next packet is included in the previous packet in addition to the key chain, thereby making it difficult to forge the packet. Therefore, it is possible to verify the integrity of the data image even when a method based on the common key encryption method is used. Thereby, efficient verification can be performed even in an apparatus with limited resources.
  • the hash value of the next packet is included in the previous packet and sent, the relevance between successive packets is increased, so even if a packet is spoofed, the spoofing can be quickly and reliably ensured. Can be detected.
  • FIG. 1 is a diagram showing a configuration of a communication system according to a first embodiment for carrying out the present invention.
  • a communication system includes communication devices 1 to 7 and a network 10 that connects LAN (Local Area Network) lines or WAN (Wide Area Network) lines. It is composed of The network 10 may be wired or wireless.
  • LAN Local Area Network
  • WAN Wide Area Network
  • the communication devices 1 to 7 are devices that perform wired or wireless communication, and are generally terminal devices such as notebook PCs and mobile terminals.
  • the communication devices 2 to 7 may be small devices configured with limited processing capability, memory, and communication capability such as sensor devices.
  • the communication devices 2 to 7 may be configured to transfer the received packet to the next communication device. For example, when receiving a packet from the communication device 1, the communication device 2 transfers the same packet to the communication device 4 and the communication device 5. Similarly, the communication device 3 transfers to the communication device 6 and the communication device 7. It can be easily assumed that the data is transferred to a communication device (not shown).
  • FIG. 2 shows the configuration of the communication device 1 on the transmission side according to the first embodiment of the present invention.
  • the communication apparatus 1 includes a key chain storage unit 11, a data image input unit 12, a transmission packet generation unit 13, a trust anchor generation unit 14, a network communication unit 15, a hash calculation unit 16, and a cryptographic calculation unit 17.
  • the key chain storage unit 11 stores a series of keys, and each key is a hash value of the previous key.
  • FIG. 3 shows a series of (n + 1) key K relationships.
  • the key K (1) is a hash value of K (0) with respect to the master key K (0).
  • the key K (2) is a hash value of K (1).
  • K (n) is a hash value of K (n ⁇ 1).
  • the data image input unit 12 is an input unit in the communication device 1 for a data image that the communication device 1 transmits to the communication devices 2 to 7.
  • This data image is, for example, an application or a program image, and is a program code that operates on the communication devices 2 to 7.
  • the transmission packet generator 13 has a function of dividing a data image into a size suitable for transmission via the network 10. Further, by calculating a keyed hash value using the key chain stored in the key chain storage unit 11 in order from the subsequent data for the divided data image, the transmission data, the keyed hash value, and the hash A function for generating a transmission packet including a key used for calculating a value is provided.
  • the trust anchor generation unit 14 has a function of generating a trust anchor packet serving as a trust anchor at the head of the series of packets generated by the transmission packet generation unit 13. Specifically, it has a function of encrypting a key used at the beginning of a series of packets generated by the transmission packet generation unit 13 and a hash value of the leading packet with the key.
  • the network communication unit 15 has a function of communicating with other communication devices using wired or wireless communication.
  • this is an IEEE 802.15.4 transceiver.
  • the hash calculation unit 16 is a function for calculating a keyed hash value based on the secure hash algorithm. Using the data input value from the transmission packet generation unit 13 and the key as inputs, a hash value with a key is calculated. Specifically, the hash calculation unit 16 is SHA-1, MD5, HMAC, or the like.
  • the cryptographic calculation unit 17 is a function that performs cryptographic processing based on the common key cryptosystem. Encryption is performed using the data input value from the trust anchor generation unit 14 and the key as inputs. Specifically, the cryptographic calculation unit 17 is DES, 3DES, RC5, or the like.
  • FIG. 4 shows the configuration of the communication device 2 on the reception or transfer side in the present invention.
  • the communication device 2 includes a key storage unit 21, a data image reconstruction unit 22, a hash chain verification unit 23, a key chain verification unit 24, a trust anchor verification unit 25, a network communication unit 26, a hash calculation unit 27, and a cryptographic calculation unit 28. Including.
  • the configuration of the communication device 2 is similarly applied to the other communication devices 3 to 7.
  • the key storage unit 21 stores a key to be used for verifying the validity of the received packet. When the validity of the received packet is confirmed, it is updated with a new key.
  • the data image reconstruction unit 22 has a function of collecting the received packets whose validity has been confirmed and reconstructing them as a data image.
  • the reconstructed data image is installed in the communication device 2 as an application or program image.
  • the hash chain verification unit 23 has a function of verifying the hash value of the received packet. When the validity of the received packet can be confirmed, the hash value of the next packet included in the packet is held. The held hash value is used for verifying the hash value of the next received packet.
  • the key chain verification unit 24 has a function of verifying the validity of the key included in the received packet.
  • the key chain verification unit 24 confirms that the key included in the received packet is a hash value for the current key stored in the key storage unit 21.
  • the trust anchor verification unit 25 has a function of verifying the trust anchor packet transmitted first, which becomes the trust anchor. Specifically, the trust anchor packet is stored, and when the key is obtained with the next packet, the trust anchor packet is decrypted using the key, and the decrypted key is the same as the key used for decryption. By confirming this, the validity of the trust anchor packet is confirmed.
  • the hash value of the next packet included in the trust anchor packet is used by the hash chain verification unit 23.
  • the network communication unit 26 has a function of communicating with other communication devices using wired or wireless communication. In the present embodiment, this is the transmission / reception of IEEE 802.15.4. Machine.
  • the hash calculation unit 27 is a function that calculates a keyed hash value based on the secure hash algorithm, similarly to the hash calculation unit 16 in the communication device 1. Using the data input value from the hash chain verification unit 23 and the key as inputs, a hash value with a key is calculated. Specifically, the hash calculation unit 27 is SHA-1, MD5, HMAC, or the like.
  • the cryptographic calculation unit 28 is a function that performs cryptographic processing based on the common key cryptosystem, similarly to the cryptographic calculation unit 17 in the communication device 1. Encryption is performed using the data input value from the trust anchor generation unit 14 and the key as inputs.
  • the cryptographic calculation unit 17 is DES, 3DES, RC5, or the like.
  • FIG. 5 illustrates a flow of data image packetization in the communication device 1
  • FIG. 6 illustrates a flow when the communication device 2 receives a packet.
  • keys K (0) to K (L) indicate (L + 1) key chains, where key K (1) is a hash value of key K (0) and key K (2) is a key.
  • the hash value of K (1),..., Key K (L) is related to the hash value of key K (L ⁇ 1).
  • the data portions divided into (L) pieces are indicated by D (1) to D (L) in order.
  • (L + 1) key chains are used for (L) divided data images.
  • the previous packet includes a keyed hash value calculated from the divided data portion and the hash value of the next packet using the key of the key chain.
  • the keyed hash value H (1) is obtained by changing the keyed hash value H (2) for the data part D (1) and the data part D (2) to the key K.
  • only the last key K (L) of the key chain is shared in advance by each of the communication devices 2-7.
  • the key pre-distribution method is out of scope here.
  • the transmission packet generation unit 13 of the communication device 1 divides the data image input from the data image input unit 12 for each packet to be transmitted to the communication devices 2 to 7.
  • the data image D is divided into L data portions D (1) to D (L) in the order of transmission.
  • the transmission packet generation unit 13 processes the data image from the back and uses the hash calculation unit 16 to process the keyed hash value H (L) and the key K stored in the data part D (L) and the key chain storage unit 11. Calculate from (0).
  • the calculated keyed hash value H (L) is configured as a packet transmitted together with the key K (1) and data portion D (L-1) of the previous packet. Subsequently, the keyed hash value H (L-1) is calculated from the data portion D (L-1), the previously calculated keyed hash value H (L), and the key K (1). Thereafter, the same processing is performed.
  • the trust anchor generator 14 When the transmission packet generator 13 finishes calculating the keyed hash value for the first data portion D (1) of the data image, the trust anchor generator 14 generates a trust anchor packet.
  • the trust anchor generation unit 14 uses the key K (L-1) stored in the key chain storage unit 11 and uses the key K (L-1) and the hash value H with a key for the head data D (1). (1) is subjected to cryptographic processing using the cryptographic calculation unit 17.
  • Each packet generated in this way is sequentially transmitted to the communication devices 2 to 7 connected to the network 10 via the network communication unit 15.
  • the first transmitted packet is the encrypted trust anchor packet EncK (L-1), and then the key K (L-1), the data portion D (1), and the keyed hash value H (2) are one. Sent as one packet. Thereafter, it is similarly transmitted. Finally, the key K (0) and the data part D (L) are transmitted as one packet.
  • the communication device 2 When the communication device 2 receives a packet from the communication device 1 connected to the network at the network communication unit 26 (step A1), the communication device 2 determines whether this packet is a trust anchor packet (step A2). If it is a trust anchor packet, it is cached by the trust anchor verification unit 25 (step A3).
  • the key chain verification unit 24 extracts the key from the packet (step A4) and compares it with the key stored in the key storage unit 21 to determine whether the key chain is present. Verification is performed (step A5). More specifically, the key chain verification unit 24 calculates a hash value of the extracted key, and verifies that the calculated hash value is the same as the value stored in the key storage unit 21. If these values are not the same, it is determined that the packet is an illegal packet from a communication device that does not have the correct key (step A15).
  • the key chain verification unit 24 uses the key K from the packet. (L-1) is taken out. Next, a hash value of the key K (L ⁇ 1) is calculated, and it is confirmed that the value is the same as the key K (L) stored in the key storage unit 21. If the key K (L ⁇ 1) is a different key K, the calculated hash value does not become the key K (L), and the key fraud can be detected.
  • Step A7 to Step A9 More specifically, using the key chain verified key K (L-1) extracted from the second packet, the cryptographic calculation unit 28 performs a decryption process of the trust anchor packet (step A7).
  • the trust anchor verification unit 25 confirms that the key obtained by decryption is the same as the key used for decryption (step A8), and if different, determines that the trust anchor packet is an illegal packet (step A15). ). If they are the same, it is determined that the trust anchor packet is correct, and the hash chain verification unit 23 holds the hash value H (1) of the next packet included in the trust anchor packet (step A9).
  • the hash calculation unit 27 uses the keyed hash value of the second packet as the data part D (1) using the key K (L-1) included in the second packet, and the hash value H (2 of the next packet) ) (Step A10). Based on the result of the hash calculation unit 27, the hash chain verification unit 23 checks whether the previously stored hash value H (1) is the same as the keyed hash value calculated here (step A11). If they are different, it is determined that the second packet is an illegal packet (step A15).
  • the second packet is determined to be correct, the key stored in the key storage unit 21 is updated with the key K (L ⁇ 1) (step A12), and the verification hash value of the next packet is further updated.
  • the hash chain verification unit 23 holds H (2) (step A13).
  • the data portion D (1) included in the packet determined to be correct is passed to the data image reconstruction unit 22.
  • step A4 to step A6, step A10 the same processing is performed (step A4 to step A6, step A10) except that the trust anchor packet verification processing (step A7 to step A9) when the second packet is received is not performed.
  • step A13 the same processing is performed (step A4 to step A6, step A10) except that the trust anchor packet verification processing (step A7 to step A9) when the second packet is received is not performed.
  • step A4 From the verification of the key chain (step A4, step A5) to the calculation of the keyed hash value (step A10), the verification (step A11), and the key update (step A12) The same is done. Further, since it is the last packet, the hash value of the next packet is not included. In this way, all the data portions are transferred to the data image reconstruction unit 22, and the communication device 2 can acquire the data image.
  • the network 10 may be wired, but in the present embodiment, wireless communication, in particular, use of a wireless communication protocol typified by IEEE 802.15.4 or ZigBee is suitable.
  • the communication devices 3 to 7 are the same as the communication device 2 in that it is possible to verify whether or not the data image has been falsified by performing the same operation as the communication device 2.
  • the first effect of the present embodiment is that the integrity of the data image can be verified even when a method based on the common key encryption method is used. This is because the hash value of the next packet is included in the previous packet in addition to the key chain, thereby making it difficult to forge the packet.
  • the second effect of the present embodiment is that even when a packet is camouflaged, the camouflage can be detected immediately. This is because the hash value of the next packet is included in the previous packet and sent to increase the relevance between successive packets.
  • the communication device 101 on the transmission side in this embodiment includes a key chain storage unit 111, a data image input unit 112, a transmission packet generation unit 113, a trust anchor generation unit 114, a network communication unit 115, a hash calculation.
  • the communication device 102 on the reception or transfer side in this embodiment includes a key storage unit 121, a data image reconstruction unit 122, a hash chain verification unit 123, a key chain verification unit 124, a trust anchor verification. Section 125, network communication section 126, hash calculation section 127, encryption calculation section 128, and key decryption section 129.
  • This embodiment is almost the same as the first embodiment, except that the key K included in each packet is encrypted.
  • the communication device 101 has the same configuration as that of the first embodiment except that the communication device 101 includes a transmission key encryption unit 118.
  • the transmission key encryption unit 118 has a function of encrypting the key K included in each packet. More specifically, the key included in each packet has a function of encrypting with the key included in the previous packet.
  • the communication apparatus 102 has the same configuration as that of the first embodiment except that the communication apparatus 102 includes a key decryption unit 129.
  • the key decryption unit 129 has a function of decrypting the key K included in each packet. More specifically, it has a function of decrypting an encrypted key included in each packet with a key included in a previous packet stored in the key storage unit 121.
  • step A4 communication is performed to extract a key in the step of extracting a key from a received packet (step A4).
  • the key decryption unit 129 of the device 102 is different in that the encrypted key is extracted by decrypting. Other operations are the same as those in the first embodiment.
  • the effect of this embodiment is that it is possible to make it more difficult to disguise packets than in the first embodiment. This is because the key included in the packet is encrypted using the key of the previous packet, and in order to obtain the key necessary to impersonate the packet, it is necessary to intercept the exchange of packets for a longer period of time. Because there is. Further, in order to acquire the first key shared in advance that is not exchanged on the network, it is necessary to require another means such as acquiring the key by physical attack.
  • This embodiment is almost the same as the first embodiment.
  • all the communication devices 2 to 7 share the same common key in advance. Different shared keys are shared in advance.
  • communication device 201 is a communication device on the transmission side, and communication devices 202 to 207 are communication devices on the reception side (including transfer).
  • Communication devices 201 to 207 are connected via a network 210.
  • the communication device 202 and the communication device 203 belong to the same group G1.
  • the communication devices 204 to 207 belong to the same group G2.
  • a multi-hop network configuration is used, and the same number of hops from the communication device 201 belong to the same group. Note that these are not limited to groups for each number of hops, and other group configurations may be used.
  • the communication device 201 on the transmission side in this embodiment includes a plurality of key chain storage units 211a to 211b, a data image input unit 212, a transmission packet generation unit 213, a trust anchor generation unit 214, and a network communication unit. 215, a hash calculation unit 216, and a cryptographic calculation unit 217.
  • the communication device 202 on the reception or transfer side in the present embodiment includes a key storage unit 221, a data image reconstruction unit 222, a hash chain verification unit 223, a key chain verification unit 224, trust anchor verification. Section 225, network communication section 226, and hash calculation section 227.
  • the communication device 201 of the present embodiment is different from the configuration of the first embodiment shown in FIG. 2 in that a plurality of key chain storage units 211a to 211b are held.
  • the plurality of key chain storage units 211a to 211b maintain the number of key chains corresponding to the group shown in FIG.
  • the communication apparatus 201 of this embodiment has a configuration having two key chains: a key chain for group G1 and a key chain for group G2. Become.
  • the communication device 202 and the communication device 203 have a group G1 shared key set in advance, and the communication devices 204 to 207 have a group G2 shared key set in advance. It is a different configuration.
  • the packet configuration generated from the data image by the communication device 201 is shown, and the group to which the communication device belongs to each of the trust anchor packet, the key included in each packet, and the keyed hash value for the next packet. It is different from the first embodiment in that it is included in an amount equal to the number of.
  • the communication apparatus 201 of this embodiment calculates a hash value with a key using a single key chain in the first embodiment when generating a packet.
  • key-attached hash values are calculated using the same number of keys as the number of key chains to be maintained. Furthermore, the calculated keyed hash value and the key pair used for the calculation are included in the packet. However, at this time, this pair is also included in the packet by the number of key chains.
  • the trust anchor packet that is transmitted first will be described in order, but in reality, it is recursively generated from the packet that is transmitted last as in the first embodiment.
  • the communication apparatus 1 calculates a trust anchor packet T for each group as a trust anchor packet. The calculation itself is the same as in the first embodiment. If there are n groups, n trust anchor packets T (1) to T (n) (indicated by symbols B1 and B2) are generated. The communication device 1 collectively sends each trust anchor packet as the first packet (indicated by reference numeral B11).
  • the communication device 1 similarly calculates a keyed hash value for each group, and includes the keyed hash value for each group and the key pair used for the calculation in the packet (indicated by symbols B3 to B7).
  • the data portion D is common to all the groups, so only one data portion may be used.
  • the data portion D (1) (indicated by the symbol B3), the key K (1_1) (indicated by the symbol B4) used for the calculation for the group G1, and the keyed hash value H (1_1)
  • the key K (n_1) (denoted by reference B6) and the keyed hash value H (n_1) (denoted by reference B7) used for calculation for the group Gn are collectively transmitted as a packet (denoted by reference B5). (Indicated by B12).
  • the communication device 202 uses only the portion related to the group to which the communication device 202 itself belongs, and does nothing for the portion related to another group. The operation is the same as that of the first embodiment.
  • the communication apparatus 202 receives the trust anchor packet (indicated by reference numeral B11) shown in FIG. 12, only the T (1) (indicated by reference numeral B1) that is a part related to the group G1 is addressed to itself.
  • the same processing as in the first embodiment is performed using T (1) as the trust anchor packet of group G1.
  • the communication apparatus 202 receives the packet shown in FIG. 12 (indicated by reference numeral B12), the data portion D (1), the key K (1_1), and the keyed hash value H (1_1), which are locations related to the group G1. (Represented by symbols B3 to B5) is recognized as data addressed to itself, and the same processing as in the first embodiment is performed.
  • the communication device 202 performs an operation of transferring a packet received from the communication device 201 to a communication device belonging to the next hop. Taking FIG. 9 as an example, the packet is transferred to the communication device 204 and the communication device 205. At this time, the communication device 2 may be an operation for transferring the packet as it is, or an operation for transferring the packet after deleting a portion related to itself.
  • the key K (1_1) (indicated by reference numeral B4) and the hash value with key H (1_1) (reference numeral), which are locations related to the group G1. (B5) is deleted, and the others are transferred. At this time, the data portion D (1) is not deleted because it is common to all groups.
  • the effect of this embodiment is that if the key is leaked, the range of influence can be made smaller than in the first embodiment. This is because, in order to limit the range of communication devices that commonly use keys, even if a key for a certain group leaks, it does not affect the keys for other groups.
  • the communication device transfers a packet. This is because the communication device is configured to delete the part related to its own group and transfer it to the next communication device.
  • the size of the keyed hash value used in the communication apparatus is the same regardless of the group, but the size of the hash value may be different for each group.
  • a part (for example, the last few bytes) of the output 20 bytes calculated by the original hash function is used.
  • a 6-byte hash value is used for the group G1
  • a 7-byte hash value is used for the group G2.
  • the third embodiment can be used in combination with either the first embodiment or the second embodiment.
  • the first aspect of the present invention connects the communication device on the transmission side, the communication device on the reception or transfer side, and the communication device on the transmission side and the communication device on the reception or transfer side.
  • a communication system for ensuring integrity wherein the communication device on the transmitting side stores a key chain in which a series of keys is composed of repeated hash values for each key; Using the key chain in order for the divided data images to be transmitted, a hash value with a key is calculated from the data part and the key, and is added to the previous transmitted packet. Each packet is calculated by repeatedly calculating a keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value, and assigning it to the previous transmitted packet.
  • a communication system comprising: a means for verifying an authenticator by calculating a hash value and comparing whether the hash value is the same as a calculated keyed hash value included in one packet ahead.
  • the means for generating the authenticator includes a packet to be transmitted including a key included in the next packet and a keyed hash value for the entire next packet, Further, the means for verifying the authenticator by encrypting with the key included in the next packet and confirming the validity of the key included in the next packet after decrypting the received packet, It is characterized in that an attached hash value is acquired.
  • the means for generating the authenticator encrypts a key included in each packet using a key included in a previous packet, and verifies the authenticator.
  • the means is characterized in that the key is obtained by decrypting the encrypted key included in the packet with the previously obtained key.
  • the means for generating the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and the authentication The means for verifying the child is characterized by verifying one of the two or more authenticators.
  • the means for generating the authenticator comprises two or more key chains, calculates two or more authenticators using each key chain, and the authentication
  • the means for verifying the child is characterized in that the first authenticator following the data part is verified, and the verified authenticator and its key are deleted from the packet and then transferred to the next communication device.
  • the length of the authenticator included in each packet is different for each key chain.
  • the network is a wireless communication path.
  • the keyed hash value is calculated from the data part and the key and added to the previous packet to be transmitted. After that, the data part and key in the previous packet and the keyed hash previously calculated Means for generating an authenticator for each packet by repeatedly calculating a hash value with a key from the value and assigning it to a packet transmitted immediately before, and means for transmitting the generated packet to the network And a communication device.
  • the means for generating the authenticator includes a packet to be transmitted including a key included in the next packet and a keyed hash value for the entire next packet, Further, encryption is performed using a key included in the next packet.
  • a tenth aspect of the present invention is characterized in that, in the above aspect, the means for generating the authenticator encrypts a key included in each packet using a key included in a previous packet.
  • An eleventh aspect of the present invention is characterized in that, in the above aspect, the means for generating the authenticator comprises two or more key chains, and calculates two or more authenticators using each key chain.
  • the twelfth aspect of the present invention is characterized in that, in the above aspect, the length of the authenticator included in each packet is different for each key chain.
  • a thirteenth aspect of the present invention is included in the received packet based on the means for receiving a packet from the network, a means for storing a key for confirming the validity of the packet, and the stored key. Calculate that the key has a continuous hash value, calculate the keyed hash value for the entire packet including the next authenticator, and be the same as the calculated keyed hash value included in the next packet.
  • a communication device comprising means for verifying an authenticator by comparing whether or not there is an authenticator.
  • the means for verifying the authenticator confirms the validity of the key included in the next packet from the received packet, decrypts the packet, and A keyed hash value of a packet is acquired.
  • the means for verifying the authenticator obtains the key by decrypting the encrypted key included in the packet with the previously obtained key.
  • the sixteenth aspect of the present invention is characterized in that, in the above aspect, the means for verifying the authenticator verifies one of the two or more authenticators.
  • the means for verifying the authenticator verifies the first authenticator following the data portion, and deletes the verified authenticator and the key related thereto from the packet. It transfers to the next communication apparatus, It is characterized by the above-mentioned.
  • the transmitting side stores a key chain in which a series of keys is formed by repeating hash values for each key, and sequentially transmits the divided data images to be transmitted.
  • a hash value with a key is calculated from the data part and the key and given to the previous packet to be transmitted, and thereafter, the data part, key and destination in the previous packet are sent.
  • an authenticator for each packet is generated, and the generated packet is sent to the network.
  • the reception side stores a key for confirming the validity of the packet, receives the packet from the network, and receives it based on the stored key.
  • a data communication method characterized by verifying an authenticator by comparing whether or not the value is the same.
  • the authenticator is generated by configuring a packet to be transmitted with a key included in the next packet and a keyed hash value for the entire next packet, The authenticator is verified by verifying the validity of the key included in the next packet, and then decrypting the packet to obtain the keyed hash value of the next packet. It is characterized by acquiring.
  • the means for generating the authenticator includes: encrypting a key included in each packet using a key included in a previous packet; and verifying the authenticator.
  • the key is obtained by decrypting the encrypted key included in the packet with the previously obtained key.
  • the generation of the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and
  • the verification is characterized by verifying any one of two or more authenticators.
  • the generation of the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and
  • the verification is characterized in that the first authenticator subsequent to the data part is verified, and the verified authenticator and its key are deleted from the packet and then transferred to the next communication device.
  • the twenty-third aspect of the present invention is characterized in that, in the above aspect, the length of the authenticator included in each packet is different for each key chain.
  • the twenty-fourth aspect of the present invention is characterized in that, in the above aspect, the network is a wireless communication path.
  • a process for storing a key chain in which a series of keys is formed by repeating a hash value for each key, and the key chains in order for the divided data images to be transmitted Use in order to calculate a hash value with a key from the data part and the key and assign it to the previous packet to be sent, and thereafter, the data part and key in the previous packet and the key previously calculated
  • a process for generating an authenticator for each packet by repeatedly calculating a hash value with a key from the attached hash value and assigning it to the packet sent one before, and sending the generated packet to the network
  • a program that causes a communication device to execute processing to be performed A program that causes a communication device to execute processing to be performed.
  • the process for receiving a packet from the network the process for storing a key for confirming the validity of the packet, and the reception based on the stored key. Calculates that the key included in the packet is a continuous hash value, calculates the keyed hash value for the entire packet including the next authenticator, and calculates the calculated keyed hash included in the next packet It is a program characterized by causing a communication device to execute processing for verifying an authenticator by comparing whether the values are the same.
  • the twenty-seventh aspect of the present invention is a data communication program for realizing the function of the data communication method.
  • the integrity guarantee method for updating a program image according to the present invention is useful for distributing a secure program image in a network using wireless communication.
  • it is effective in a device having a limited capability as compared with a PC in a wireless sensor network field using a wireless communication protocol represented by IEEE802.15.4 or ZigBee.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A communication device on the transmission side is provided with a means for storing a key chain in which a series of keys is constituted of a repetition of hash values for the respective keys; a means which calculates a hash value with a key from a data portion and a key by using the key chain sequentially for divided data images to be transmitted, assigns the hash value with a key to a packet to be transmitted immediately before, and subsequently repeats calculating a hash value with a key from a data portion and a key which are in the preceding packet and a previously calculated hash value with a key and assigning the hash value with a key thus calculated to a packet to be transmitted immediately before, thereby generating an authentication identifier for each packet; and a means for transmitting the generated packet to a network.  A communication device on the reception or transfer side is provided with a means for receiving a packet from the network; a means for storing a key for confirming the validity of the packet; and a means which calculates that a key contained in the received packet is a continuous hash value based on the stored key, further calculates a hash value with a key for the entire packet containing a next authentication identifier, and determines by comparison whether the calculated hash value with a key and a hash value with a key which has been calculated and is contained in the subsequent packet are the same, thereby verifying the authentication identifier.

Description

通信システム、送信側及び受信又は転送側の通信装置、データ通信方法、データ通信プログラムCOMMUNICATION SYSTEM, TRANSMITTER AND RECEPTION OR TRANSFER COMMUNICATION DEVICE, DATA COMMUNICATION METHOD, DATA COMMUNICATION PROGRAM
 本発明は、ネットワークを介した主にプログラムイメージ更新のためのプログラムイメージの完全性を検証するための通信システム、送信側及び受信又は転送側の通信装置、データ通信方法、データ通信プログラムに関する。 The present invention relates to a communication system for verifying the integrity of a program image mainly for updating a program image via a network, a communication device on a transmission side and a reception or transfer side, a data communication method, and a data communication program.
 近年、IEEE802.15.4やZigBeeに代表される無線通信プロトコルを用いたワイヤレスセンサーネットワーク(Wireless Sensor Network,以後WSN)分野の急速な進展を受けて、一旦展開されたセンサーノードのプログラムイメージをネットワークを介して更新する手法の重要性が増してきている。このようなネットワークを介したプログラムイメージの更新においては、ネットワーク経路上でプログラムイメージが改ざんされる可能性があるため、オリジナルから変更されていないことを保証するための完全性の検証が重要な課題となる。 In recent years, in response to the rapid development of wireless sensor network (Wireless Sensor Network, hereinafter referred to as WSN) using wireless communication protocols such as IEEE802.15.4 and ZigBee, the program image of sensor nodes once deployed The importance of updating through the Internet has increased. In such a program image update via a network, it is important to verify the integrity to ensure that the program image has not been changed from the original because the program image may be altered on the network path. It becomes.
 プログラムイメージの更新は、ベースステーションと呼ばれるプログラムイメージをセンサーノードに対し配布する装置にプログラムイメージがセットされることから始まり、そこでネットワーク上で展開するのに適したサイズに分割される。適切なサイズに分割したのち、センサーノードにそれぞれ展開される。センサーノードはたとえばツリー構造などマルチホップで構成される場合はプログラムイメージを受信したセンサーノードが次のホップのセンサーノードに転送することで届けられる。 The update of the program image starts when the program image is set in a device that distributes the program image called a base station to the sensor nodes, and is divided into sizes suitable for deployment on the network. After dividing into the appropriate size, each is expanded to the sensor node. When the sensor node is configured by a multi-hop such as a tree structure, the sensor node is delivered by transferring the sensor image to the next-hop sensor node.
 このとき、もし途中のセンサーノードがプログラムイメージを改ざんすると、改ざんされたプログラムイメージを受信したそれ以降のセンサーノードが正しい動作をすることは期待できず、このようにプログラムイメージの完全性の検証が重要な課題となっている。 At this time, if the sensor node in the middle alters the program image, it cannot be expected that the subsequent sensor nodes that have received the altered program image will operate correctly, and thus the integrity of the program image cannot be verified. It is an important issue.
 この種の検出手法としては、たとえば非特許文献1に示されるように、公開鍵暗号方式に基づく方法が示されている。この手法では、ベースステーションはプログラムイメージを分割する段階で次のように処理することで実現される。 As this kind of detection method, for example, as shown in Non-Patent Document 1, a method based on a public key cryptosystem is shown. In this method, the base station is realized by processing as follows at the stage of dividing the program image.
 まず、分割したプログラムイメージのそれぞれをパケットと表現すると、最後のパケットのハッシュ値を算出し一つ前のパケットに付与する。同様にそのパケットのハッシュ値を算出しさらにその一つ前のパケットに付与する。以後、同様に先頭のパケットに至るまで同様に繰り返す(ハッシュチェーン)。最後に先頭のパケットをベースステーションが保持する秘密鍵で署名する。このようにして、受信者は先頭のパケットを公開鍵で検証することでそのパケットの確からしさを確かめ、以後のパケットの正当性についてはハッシュチェーンを検証することで確かめられる(非特許文献1参照)。 First, if each divided program image is expressed as a packet, the hash value of the last packet is calculated and attached to the previous packet. Similarly, the hash value of the packet is calculated and added to the previous packet. Thereafter, the same process is repeated until the first packet is reached (hash chain). Finally, the top packet is signed with a secret key held by the base station. In this way, the receiver verifies the likelihood of the packet by verifying the leading packet with the public key, and verifies the validity of the subsequent packet by verifying the hash chain (see Non-Patent Document 1). ).
 しかし、WSNはPCに比較して処理速度が十分ではないCPU(中央処理演算装置)や制限されたメモリを備える装置で構成される。例えばそれらは8ビットのマイコンで128Kバイトのフラッシュメモリや4KバイトのSRAM、EEPROMなどを備える。それらの装置上で公開鍵暗号方式を用いた場合、計算時間を要するという問題と鍵を格納するために多くのメモリを消費とするという問題がある。 However, WSN is composed of a CPU (Central Processing Unit) and a device with a limited memory whose processing speed is not sufficient compared with PC. For example, they are 8-bit microcomputers equipped with 128 Kbytes of flash memory, 4 Kbytes of SRAM, EEPROM, and the like. When public key cryptosystems are used on these devices, there are problems of requiring calculation time and consuming a lot of memory for storing keys.
 一方、非特許文献2に示されるように、WSNを構成する装置のリソース制限を想定して共通鍵暗号方式を用いた方式が示されている。この手法では、ベースステーションはプログラムイメージを分割する段階で次のように処理することで実現される。 On the other hand, as shown in Non-Patent Document 2, there is shown a method using a common key cryptosystem assuming the resource limitation of devices constituting the WSN. In this method, the base station is realized by processing as follows at the stage of dividing the program image.
 まず、一方向鍵チェーンを生成する。この鍵チェーンは最初に決めた鍵をベースに鍵のハッシュ値を算出しそれが次の鍵となる。これを繰り返し行っていくことで鍵のチェーンが生成できる。この鍵チェーンを最後に生成された鍵から利用していき、分割されたパケットのハッシュ値を算出する時に用いられる。各パケットにこの算出されたハッシュ値と算出に用いた鍵を付与し、センサーノードへ展開される。 First, generate a one-way key chain. In this key chain, a hash value of a key is calculated based on the first determined key, and this is the next key. By repeating this process, a key chain can be generated. This key chain is used from the last generated key and is used when calculating the hash value of the divided packet. The calculated hash value and the key used for the calculation are assigned to each packet, and the packet is expanded to the sensor node.
 このパケットを受信したセンサーノードは付与された鍵を用いてハッシュ値を算出し、パケットの確からしさを検証する。それと共に、鍵自体のハッシュ値を算出し、ハッシュ値が前の鍵と同一かどうかを検証することで鍵自体の確からしさも検証することができる。 The sensor node that receives this packet calculates a hash value using the assigned key and verifies the probability of the packet. At the same time, it is possible to verify the certainty of the key itself by calculating the hash value of the key itself and verifying whether the hash value is the same as the previous key.
 リソースが制限された装置で効率的な検証方式を実現するためには、非特許文献2に示すように計算量ができるだけ少ない方式をベースとしながらも安全性を保証する必要がある。しかし、非特許文献2に示す方式では、センサーノードが特定のパケットを受信する前に、別のセンサーノードが受信した同じパケットから鍵を先に取得し、その取得した正当な鍵を使って改ざんしたパケットに対してハッシュ値を付与した場合、改ざんされたパケットを受信したセンサーノードは正当な鍵が使われていることからその改ざんされたパケットを正しいものとして受け入れてしまうという課題がある。 In order to realize an efficient verification method on a device with limited resources, it is necessary to guarantee safety while using a method with the least amount of calculation as shown in Non-Patent Document 2. However, in the method shown in Non-Patent Document 2, before a sensor node receives a specific packet, a key is first obtained from the same packet received by another sensor node, and the obtained legitimate key is used for falsification. When a hash value is assigned to a packet that has been tampered with, the sensor node that has received the tampered packet has a problem of accepting the tampered packet as correct because a valid key is used.
 第1の問題点は、パケットを受信すると、正当な鍵を使って改ざんしたパケットを直ちに生成できてしまうことである。その理由は、パケットデータ、ハッシュ値を算出する鍵、算出されたハッシュ値の3つが同一のパケットに含まれているためである。 The first problem is that when a packet is received, it is possible to immediately generate a falsified packet using a valid key. The reason is that the same packet includes packet data, a key for calculating a hash value, and a calculated hash value.
 そこで、本発明の目的は、より演算処理が要求される公開鍵暗号方式を使用することなく、共有鍵暗号方式を用いてプログラムイメージの確からしさを検証する通信システム、送信側及び受信又は転送側の通信装置、データ通信方法、データ通信プログラムを提供することである。 Therefore, an object of the present invention is to provide a communication system that verifies the accuracy of a program image using a shared key cryptosystem without using a public key cryptosystem that requires more computation processing, a transmission side, and a reception or transfer side. Communication device, data communication method, and data communication program.
 本発明の他の目的は、受信するパケットを逐次検証できる仕組みを取り入れることで、もし改ざんされたパケットが挿入された場合でもすぐに検出する通信システム、送信側及び受信又は転送側の通信装置、データ通信方法、データ通信プログラムを提供することである。 Another object of the present invention is to adopt a mechanism capable of sequentially verifying received packets so that even if a tampered packet is inserted, a communication system that immediately detects, a communication device on the transmission side and the reception or transfer side, A data communication method and a data communication program are provided.
 本発明は、送信側の通信装置と、受信又は転送側の通信装置と、前記送信側の通信装置と前記受信又は転送側の通信装置との間を接続するネットワークとを備え、完全性を保証するための通信システムであって、前記送信側の通信装置は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いて、データ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、生成されたパケットを前記ネットワークに送信する手段とを備え、前記受信又は転送側の通信装置は、前記ネットワークからのパケットを受信する手段と、パケットの正当性を確認するための鍵を格納する手段と、前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段とを備えることを特徴とする通信システムである。 The present invention includes a communication device on the transmission side, a communication device on the reception or transfer side, and a network connecting between the communication device on the transmission side and the communication device on the reception or transfer side, and guarantees integrity. The transmission side communication device is configured to store a key chain in which a series of keys is formed by repeating hash values for each key, and a divided data image to be transmitted. Using the key chain in order, a hash value with a key is calculated from the data part and the key and attached to the packet transmitted one before, and thereafter the data part in the previous packet and Generates an authenticator for each packet by repeatedly calculating the keyed hash value from the key and the previously calculated keyed hash value and assigning it to the previous packet And means for transmitting the generated packet to the network, wherein the receiving or forwarding communication device receives the packet from the network and a key for confirming the validity of the packet. , And calculating that the key included in the received packet based on the stored key is a continuous hash value, calculating a keyed hash value for the entire packet including the next authenticator, A communication system comprising: means for verifying an authenticator by comparing whether the calculated hash value with a key included in a packet ahead is the same.
 また、本発明は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、
 生成されたパケットをネットワークに送信する手段とを備えたことを特徴とする通信装置である。 The present invention also provides means for storing a key chain in which a series of keys is formed by repeating hash values for each key, and using the key chains in order for the divided data images to be transmitted. The keyed hash value is calculated from the key and attached to the previous packet to be transmitted, and thereafter the data part, key, and keyed hash value calculated in the previous packet are used. Means for generating an authenticator for each packet by repeatedly calculating a keyed hash value and assigning it to the packet transmitted one before;
A communication apparatus comprising means for transmitting a generated packet to a network.
 また、本発明は、ネットワークからのパケットを受信する手段と、パケットの正当性を確認するための鍵を格納する手段と、前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段とを備えたことを特徴とする通信装置である。 The present invention also provides a means for receiving a packet from a network, a means for storing a key for confirming the validity of the packet, and a hash in which a key included in the received packet is based on the stored key. Is calculated, calculates a keyed hash value for the entire packet including the next authenticator, and compares it with the calculated keyed hash value included in the next packet And a means for verifying the authenticator.
 また、本発明は、送信側では、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納しておき、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成し、生成されたパケットをネットワークに送信し、受信側では、パケットの正当性を確認するための鍵を格納しておき、前記ネットワークからのパケットを受信し、前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証することを特徴とするデータ通信方法である。 Further, according to the present invention, on the transmission side, a key chain in which a series of keys is formed by repeating hash values for each key is stored, and the key chains are sequentially arranged with respect to the divided data images to be transmitted. Using the data part and the key to calculate the keyed hash value and assigning it to the previous packet to be sent, and then the data part and key in the previous packet and the key with the previously calculated key Generate an authenticator for each packet by repeatedly calculating a hash value with a key from the hash value and assigning it to the packet sent one before, and sending the generated packet to the network and receiving it The side stores a key for checking the validity of the packet, receives the packet from the network, and includes it in the received packet based on the stored key. And the keyed hash value for the entire packet including the next authenticator is calculated and is the same as the calculated keyed hash value included in the next packet. It is a data communication method characterized by verifying an authenticator by comparing whether or not.
 また、本発明は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する処理と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する処理と、生成されたパケットをネットワークに送信する処理とを通信装置に実行させることを特徴とするプログラムである。 The present invention also provides a process for storing a key chain in which a series of keys is composed of repeated hash values for each key, and a data portion using the key chain in order for the divided data images to be transmitted. The keyed hash value is calculated from the key and attached to the previous packet to be transmitted, and thereafter the data part, key, and keyed hash value calculated in the previous packet are used. Communicating the process of generating an authenticator for each packet by repeatedly calculating the keyed hash value and assigning it to the previous packet sent, and the process of sending the generated packet to the network A program that is executed by an apparatus.
 また、本発明は、ネットワークからのパケットを受信する処理と、パケットの正当性を確認するための鍵を格納する処理と、前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する処理とを通信装置に実行させることを特徴とするプログラムである。 Further, the present invention provides a process for receiving a packet from the network, a process for storing a key for confirming the validity of the packet, and a hash in which the keys included in the received packet are based on the stored key. Is calculated, calculates a keyed hash value for the entire packet including the next authenticator, and compares it with the calculated keyed hash value included in the next packet Thus, the communication device is caused to execute processing for verifying the authenticator.
 本発明によれば、鍵チェーンに加え次のパケットのハッシュ値を先のパケットに含めて送ることで、パケットの偽装を困難にしている。このため、共通鍵暗号方式に基づく方式を用いた場合であってもデータイメージの完全性の検証を行うことができる。これにより、リソースが制限された装置でも、効率的な検証を行うことができる。また、次のパケットのハッシュ値を先のパケットに含めて送ることで、連続するパケット間の関連性を高めているので、パケットの偽装が行われた場合であっても、その偽装を素早く確実に検出することができる。 According to the present invention, the hash value of the next packet is included in the previous packet in addition to the key chain, thereby making it difficult to forge the packet. Therefore, it is possible to verify the integrity of the data image even when a method based on the common key encryption method is used. Thereby, efficient verification can be performed even in an apparatus with limited resources. In addition, since the hash value of the next packet is included in the previous packet and sent, the relevance between successive packets is increased, so even if a packet is spoofed, the spoofing can be quickly and reliably ensured. Can be detected.
本発明の第1の実施形態の通信システムの構成を示すブロック図である。It is a block diagram which shows the structure of the communication system of the 1st Embodiment of this invention. 本発明の第1の実施形態の送信側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of the transmission of the 1st Embodiment of this invention. 本発明の第1の実施形態の鍵チェーン格納部が保持する鍵チェーンの詳細を示したブロック図である。It is the block diagram which showed the detail of the key chain which the key chain storage part of the 1st Embodiment of this invention hold | maintains. 本発明の第1の実施形態の受信又は転送側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of reception or transfer of the 1st Embodiment of this invention. 本発明の第1の実施形態の送信側と受信又は転送側の通信装置の間でやり取りされるパケットの詳細を示したブロック図である。It is the block diagram which showed the detail of the packet exchanged between the communication apparatus of the transmission side of the 1st Embodiment of this invention, and a reception or transfer side. 本発明の第1の実施形態の受信又は転送側の通信装置の動作を示すフローチャートである。It is a flowchart which shows operation | movement of the communication apparatus by the side of reception or transfer of the 1st Embodiment of this invention. 本発明の第2の実施形態の送信側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of the transmission of the 2nd Embodiment of this invention. 本発明の第2の実施形態の受信又は転送側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of reception or transfer of the 2nd Embodiment of this invention. 本発明の第3の実施形態の通信システムの構成を示すブロック図である。It is a block diagram which shows the structure of the communication system of the 3rd Embodiment of this invention. 本発明の第3の実施形態の送信側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of the transmission of the 3rd Embodiment of this invention. 本発明の第3の実施形態の受信又は転送側の通信装置の構成を示すブロック図である。It is a block diagram which shows the structure of the communication apparatus by the side of reception or transfer of the 3rd Embodiment of this invention. 本発明の第3の実施形態の送信側の通信装置と受信又は転送側の通信装置2の間でやり取りされるパケットを示したブロック図である。It is the block diagram which showed the packet exchanged between the communication apparatus of the transmission side of the 3rd Embodiment of this invention, and the communication apparatus 2 of the reception or transfer side.
 次に、本発明の実施の形態について図面を参照して詳細に説明する。尚、ここで示す実施の形態はあくまでも一例であって、必ずしもこの実施の形態に限定されるものではない。 Next, embodiments of the present invention will be described in detail with reference to the drawings. In addition, embodiment shown here is an example to the last, Comprising: It is not necessarily limited to this embodiment.
<第1の実施の形態>
 図1は、本発明を実施するための第1の形態である通信システムの構成を示す図である。 <First Embodiment>
FIG. 1 is a diagram showing a configuration of a communication system according to a first embodiment for carrying out the present invention.
 図1を参照すると、本発明の第1の実施形態である通信システムは、通信装置1~7と、それらをLAN(Local Area Network)回線またはWAN(Wide Area Network)回線などを結ぶネットワーク10とから構成されている。尚、ネットワーク10は、有線であってもよいし、無線であってもかまわない。 Referring to FIG. 1, a communication system according to a first embodiment of the present invention includes communication devices 1 to 7 and a network 10 that connects LAN (Local Area Network) lines or WAN (Wide Area Network) lines. It is composed of The network 10 may be wired or wireless.
 通信装置1~7は、有線もしくは無線を用いて通信を行う装置であり、一般的にはノートPC、携帯端末のような端末装置である。特に、通信装置2~7はセンサーデバイスのような限定された処理能力、メモリおよび通信能力で構成される小型デバイスであってもよい。 The communication devices 1 to 7 are devices that perform wired or wireless communication, and are generally terminal devices such as notebook PCs and mobile terminals. In particular, the communication devices 2 to 7 may be small devices configured with limited processing capability, memory, and communication capability such as sensor devices.
 通信装置2~7は、受信したパケットを次の通信装置へ転送する構成であってもよい。例えば、通信装置2は通信装置1からパケットを受信すると、通信装置4及び通信装置5へ同じパケットを転送する。同様に、通信装置3は通信装置6及び通信装置7へ転送する。なお、図示せぬ通信装置へ転送することも容易に想定できる。 The communication devices 2 to 7 may be configured to transfer the received packet to the next communication device. For example, when receiving a packet from the communication device 1, the communication device 2 transfers the same packet to the communication device 4 and the communication device 5. Similarly, the communication device 3 transfers to the communication device 6 and the communication device 7. It can be easily assumed that the data is transferred to a communication device (not shown).
 図2に、本発明の第1の実施形態における送信側の通信装置1の構成を示す。通信装置1は、鍵チェーン格納部11、データイメージ入力部12、送信パケット生成部13、トラストアンカ生成部14、ネットワーク通信部15、ハッシュ計算部16、暗号計算部17を含む。 FIG. 2 shows the configuration of the communication device 1 on the transmission side according to the first embodiment of the present invention. The communication apparatus 1 includes a key chain storage unit 11, a data image input unit 12, a transmission packet generation unit 13, a trust anchor generation unit 14, a network communication unit 15, a hash calculation unit 16, and a cryptographic calculation unit 17.
 鍵チェーン格納部11は、一連の鍵を格納しており、各鍵はそれぞれ一つ前の鍵のハッシュ値である。例えば、図3に一連の(n+1)個の鍵Kの関係を示す。マスターとなる鍵K(0)に対し、鍵K(1)はK(0)のハッシュ値である。同様に、鍵K(2)はK(1)のハッシュ値である。以降同様にK(n)はK(n-1)のハッシュ値である。 The key chain storage unit 11 stores a series of keys, and each key is a hash value of the previous key. For example, FIG. 3 shows a series of (n + 1) key K relationships. The key K (1) is a hash value of K (0) with respect to the master key K (0). Similarly, the key K (2) is a hash value of K (1). Hereinafter, similarly, K (n) is a hash value of K (n−1).
 データイメージ入力部12は、通信装置1が通信装置2~7に対して送信するデータイメージの通信装置1における入力部である。このデータイメージは例えばアプリケーションやプログラムイメージであり、通信装置2~7上で動作するプログラムコードである。 The data image input unit 12 is an input unit in the communication device 1 for a data image that the communication device 1 transmits to the communication devices 2 to 7. This data image is, for example, an application or a program image, and is a program code that operates on the communication devices 2 to 7.
 送信パケット生成部13は、データイメージをネットワーク10を介して送信するために適したサイズに分割する機能を備える。さらに、分割したデータイメージに対し、後ろのデータから順番に鍵チェーン格納部11に格納されている鍵チェーンを用いて鍵付きハッシュ値を算出することにより、送信データ、鍵付きハッシュ値、およびハッシュ値の算出に用いた鍵から構成される送信パケットを生成する機能を備える。 The transmission packet generator 13 has a function of dividing a data image into a size suitable for transmission via the network 10. Further, by calculating a keyed hash value using the key chain stored in the key chain storage unit 11 in order from the subsequent data for the divided data image, the transmission data, the keyed hash value, and the hash A function for generating a transmission packet including a key used for calculating a value is provided.
 トラストアンカ生成部14は、送信パケット生成部13で生成した一連のパケットに対して、先頭部分にトラストアンカとなるトラストアンカパケットを生成する機能を備える。具体的には、送信パケット生成部13で生成した一連のパケットの先頭で用いた鍵及び先頭のパケットのハッシュ値をその鍵で暗号化する機能を備える。 The trust anchor generation unit 14 has a function of generating a trust anchor packet serving as a trust anchor at the head of the series of packets generated by the transmission packet generation unit 13. Specifically, it has a function of encrypting a key used at the beginning of a series of packets generated by the transmission packet generation unit 13 and a hash value of the leading packet with the key.
 ネットワーク通信部15は、他の通信装置と有線もしくは無線を使って通信する機能であり、本実施形態ではこれはIEEE 802.15.4の送受信機である。 The network communication unit 15 has a function of communicating with other communication devices using wired or wireless communication. In the present embodiment, this is an IEEE 802.15.4 transceiver.
 ハッシュ計算部16は、セキュアハッシュアルゴリズムに基づく鍵付きハッシュ値を計算する機能である。送信パケット生成部13からのデータ入力値、及び鍵を入力とし鍵付きハッシュ値を計算する。具体的には、ハッシュ計算部16は、SHA-1やMD5、HMACなどである。 The hash calculation unit 16 is a function for calculating a keyed hash value based on the secure hash algorithm. Using the data input value from the transmission packet generation unit 13 and the key as inputs, a hash value with a key is calculated. Specifically, the hash calculation unit 16 is SHA-1, MD5, HMAC, or the like.
 暗号計算部17は、共通鍵暗号方式に基づく暗号処理を実施する機能である。トラストアンカ生成部14からのデータ入力値、及び鍵を入力とし暗号化を実施する。具体的には、暗号計算部17は、DESや3DES、RC5などである。 The cryptographic calculation unit 17 is a function that performs cryptographic processing based on the common key cryptosystem. Encryption is performed using the data input value from the trust anchor generation unit 14 and the key as inputs. Specifically, the cryptographic calculation unit 17 is DES, 3DES, RC5, or the like.
 図4に、本発明における受信又は転送側の通信装置2の構成を示す。通信装置2は、鍵格納部21、データイメージ再構成部22、ハッシュチェーン検証部23、鍵チェーン検証部24、トラストアンカ検証部25、ネットワーク通信部26、ハッシュ計算部27、暗号計算部28を含む。尚、通信装置2の構成はその他の通信装置3~7にも同様に適用される。 FIG. 4 shows the configuration of the communication device 2 on the reception or transfer side in the present invention. The communication device 2 includes a key storage unit 21, a data image reconstruction unit 22, a hash chain verification unit 23, a key chain verification unit 24, a trust anchor verification unit 25, a network communication unit 26, a hash calculation unit 27, and a cryptographic calculation unit 28. Including. The configuration of the communication device 2 is similarly applied to the other communication devices 3 to 7.
 鍵格納部21は、受信したパケットの正当性を検証するための使用する鍵を格納する。受信したパケットの正当性が確認されると、新しい鍵で更新される。 The key storage unit 21 stores a key to be used for verifying the validity of the received packet. When the validity of the received packet is confirmed, it is updated with a new key.
 データイメージ再構成部22は、受信したパケットの正当性が確認されたものを集め、データイメージとして再構成する機能である。ここで再構成されたデータイメージが、アプリケーションやプログラムイメージとして通信装置2にインストールされる。 The data image reconstruction unit 22 has a function of collecting the received packets whose validity has been confirmed and reconstructing them as a data image. The reconstructed data image is installed in the communication device 2 as an application or program image.
 ハッシュチェーン検証部23は、受信したパケットのハッシュ値を検証する機能である。受信したパケットの正当性が確認できると、そのパケットに含まれる次のパケットのハッシュ値を保持しておく。保持したハッシュ値は次に受信したパケットのハッシュ値の検証に用いられる。 The hash chain verification unit 23 has a function of verifying the hash value of the received packet. When the validity of the received packet can be confirmed, the hash value of the next packet included in the packet is held. The held hash value is used for verifying the hash value of the next received packet.
 鍵チェーン検証部24は、受信したパケットに含まれる鍵の正当性を検証する機能である。鍵チェーン検証部24は、受信したパケットに含まれる鍵が、鍵格納部21に格納されている現状の鍵に対するハッシュ値となっていることを確認する。 The key chain verification unit 24 has a function of verifying the validity of the key included in the received packet. The key chain verification unit 24 confirms that the key included in the received packet is a hash value for the current key stored in the key storage unit 21.
 トラストアンカ検証部25は、トラストアンカとなる一番最初に送信されているトラストアンカパケットを検証する機能である。具体的には、トラストアンカパケットを格納しておき、次のパケットにて鍵を取得するとその鍵を用いて、トラストアンカパケットを復号し、復号された鍵が復号に用いた鍵と同じであることを確認することでトラストアンカパケットの正当性を確認する。また、トラストアンカパケットに含まれる次のパケットのハッシュ値はハッシュチェーン検証部23で用いられる。 The trust anchor verification unit 25 has a function of verifying the trust anchor packet transmitted first, which becomes the trust anchor. Specifically, the trust anchor packet is stored, and when the key is obtained with the next packet, the trust anchor packet is decrypted using the key, and the decrypted key is the same as the key used for decryption. By confirming this, the validity of the trust anchor packet is confirmed. The hash value of the next packet included in the trust anchor packet is used by the hash chain verification unit 23.
 ネットワーク通信部26は、通信装置1でのネットワーク通信部15と同様に、他の通信装置と有線もしくは無線を使って通信する機能であり、本実施形態ではこれはIEEE 802.15.4の送受信機である。 Similar to the network communication unit 15 in the communication device 1, the network communication unit 26 has a function of communicating with other communication devices using wired or wireless communication. In the present embodiment, this is the transmission / reception of IEEE 802.15.4. Machine.
 ハッシュ計算部27は、通信装置1でのハッシュ計算部16と同様に、セキュアハッシュアルゴリズムに基づく鍵付きハッシュ値を計算する機能である。ハッシュチェーン検証部23からのデータ入力値、及び鍵を入力とし鍵付きハッシュ値を計算する。具体的には、ハッシュ計算部27は、SHA-1やMD5、HMACなどである。 The hash calculation unit 27 is a function that calculates a keyed hash value based on the secure hash algorithm, similarly to the hash calculation unit 16 in the communication device 1. Using the data input value from the hash chain verification unit 23 and the key as inputs, a hash value with a key is calculated. Specifically, the hash calculation unit 27 is SHA-1, MD5, HMAC, or the like.
 暗号計算部28は、通信装置1での暗号計算部17と同様に、共通鍵暗号方式に基づく暗号処理を実施する機能である。トラストアンカ生成部14からのデータ入力値、及び鍵を入力とし暗号化を実施する。具体的には、暗号計算部17は、DESや3DES、RC5などである。 The cryptographic calculation unit 28 is a function that performs cryptographic processing based on the common key cryptosystem, similarly to the cryptographic calculation unit 17 in the communication device 1. Encryption is performed using the data input value from the trust anchor generation unit 14 and the key as inputs. Specifically, the cryptographic calculation unit 17 is DES, 3DES, RC5, or the like.
 次に、本発明を実施するための第1の実施形態の動作について詳細に説明する。 Next, the operation of the first embodiment for carrying out the present invention will be described in detail.
 図5に、通信装置1でのデータイメージのパケット化の流れと、図6に、通信装置2でのパケット受信時の流れについて説明する。 FIG. 5 illustrates a flow of data image packetization in the communication device 1 and FIG. 6 illustrates a flow when the communication device 2 receives a packet.
 図5において、鍵K(0)~K(L)は(L+1)個の鍵チェーンを示しており、それぞれ鍵K(1)は鍵K(0)のハッシュ値、鍵K(2)は鍵K(1)のハッシュ値,,,鍵K(L)は鍵K(L-1)のハッシュ値という関係になっている。(L)個に分割されたデータ部分はそれぞれ順番にD(1)~D(L)で示される。(L)個に分割されたデータイメージには(L+1)個の鍵チェーンを使用する。分割されたデータ部分と次のパケットのハッシュ値を鍵チェーンの鍵で算出される鍵付きハッシュ値が前のパケットに含まれる。たとえば、データ部分D(1)が含まれるパケットの場合、鍵付きハッシュ値H(1)は、データ部分D(1)とデータ部分D(2)に対する鍵付きハッシュ値H(2)を鍵K(L-1)で鍵付きハッシュ値として算出した値になる。また、鍵チェーンの最後の鍵K(L)だけは各通信装置2~7にて事前に共有されている。なお、鍵の事前配布方法についてはここでは範囲外とする。 In FIG. 5, keys K (0) to K (L) indicate (L + 1) key chains, where key K (1) is a hash value of key K (0) and key K (2) is a key. The hash value of K (1),..., Key K (L) is related to the hash value of key K (L−1). The data portions divided into (L) pieces are indicated by D (1) to D (L) in order. (L + 1) key chains are used for (L) divided data images. The previous packet includes a keyed hash value calculated from the divided data portion and the hash value of the next packet using the key of the key chain. For example, in the case of a packet including the data part D (1), the keyed hash value H (1) is obtained by changing the keyed hash value H (2) for the data part D (1) and the data part D (2) to the key K. The value calculated as the keyed hash value in (L-1). Further, only the last key K (L) of the key chain is shared in advance by each of the communication devices 2-7. The key pre-distribution method is out of scope here.
 まず、通信装置1の送信パケット生成部13は、データイメージ入力部12から入力されたデータイメージを通信装置2~7に対して送信するパケット毎に分割する。本実施形態の例ではデータイメージDは送信する順番にデータ部分D(1)~D(L)のL個に分割する。 First, the transmission packet generation unit 13 of the communication device 1 divides the data image input from the data image input unit 12 for each packet to be transmitted to the communication devices 2 to 7. In the example of this embodiment, the data image D is divided into L data portions D (1) to D (L) in the order of transmission.
 送信パケット生成部13は、データイメージの後ろから処理し、鍵付きハッシュ値H(L)をハッシュ計算部16を用いてデータ部分D(L)と鍵チェーン格納部11に格納されている鍵K(0)から算出する。算出された鍵付きハッシュ値H(L)は前のパケットの鍵K(1)、データ部分D(L-1)と共に送信されるパケットとして構成される。引き続き、鍵付きハッシュ値H(L-1)をデータ部分D(L-1)、先に算出した鍵付きハッシュ値H(L)及び鍵K(1)から算出する。以降、同様に処理する。 The transmission packet generation unit 13 processes the data image from the back and uses the hash calculation unit 16 to process the keyed hash value H (L) and the key K stored in the data part D (L) and the key chain storage unit 11. Calculate from (0). The calculated keyed hash value H (L) is configured as a packet transmitted together with the key K (1) and data portion D (L-1) of the previous packet. Subsequently, the keyed hash value H (L-1) is calculated from the data portion D (L-1), the previously calculated keyed hash value H (L), and the key K (1). Thereafter, the same processing is performed.
 送信パケット生成部13にて、データイメージの最初のデータ部分D(1)に対する鍵付きハッシュ値の算出まで終了すると、次はトラストアンカ生成部14にて、トラストアンカパケットを生成する。 When the transmission packet generator 13 finishes calculating the keyed hash value for the first data portion D (1) of the data image, the trust anchor generator 14 generates a trust anchor packet.
 トラストアンカ生成部14は、鍵チェーン格納部11に格納されている鍵K(L-1)を用いて、鍵自身K(L-1)と先頭のデータD(1)に対する鍵付きハッシュ値H(1)を、暗号計算部17を用いて暗号処理を行う。 The trust anchor generation unit 14 uses the key K (L-1) stored in the key chain storage unit 11 and uses the key K (L-1) and the hash value H with a key for the head data D (1). (1) is subjected to cryptographic processing using the cryptographic calculation unit 17.
 このようにして生成された各パケットはネットワーク通信部15を介してネットワーク10に接続された通信装置2~7に対して順番に送信される。 Each packet generated in this way is sequentially transmitted to the communication devices 2 to 7 connected to the network 10 via the network communication unit 15.
 最初に送信されるパケットは、暗号処理されたトラストアンカパケットEncK(L-1)となり、次に鍵K(L-1)、データ部分D(1)及び鍵付きハッシュ値H(2)が一つのパケットとして送信される。以降、同様に送信される。最後は、鍵K(0)及びデータ部分D(L)が一つのパケットとして送信される。 The first transmitted packet is the encrypted trust anchor packet EncK (L-1), and then the key K (L-1), the data portion D (1), and the keyed hash value H (2) are one. Sent as one packet. Thereafter, it is similarly transmitted. Finally, the key K (0) and the data part D (L) are transmitted as one packet.
 次に、図6を参照して通信装置2での通信装置1から送信されたパケットを受信し、検証する流れについて説明する。 Next, the flow of receiving and verifying the packet transmitted from the communication device 1 in the communication device 2 will be described with reference to FIG.
 通信装置2は、ネットワーク通信部26にてネットワークに接続された通信装置1からのパケットを受信すると(ステップA1)、このパケットがトラストアンカパケットかどうかを判定する(ステップA2)。トラストアンカパケットであった場合、トラストアンカ検証部25にてキャッシュされる(ステップA3)。 When the communication device 2 receives a packet from the communication device 1 connected to the network at the network communication unit 26 (step A1), the communication device 2 determines whether this packet is a trust anchor packet (step A2). If it is a trust anchor packet, it is cached by the trust anchor verification unit 25 (step A3).
 ステップA2にてトラストアンカパケットではなかった場合、鍵チェーン検証部24は、パケットから鍵を取り出し(ステップA4)、鍵格納部21に格納されている鍵と比較し鍵チェーンとなっているかどうかを検証する(ステップA5)。より具体的には、鍵チェーン検証部24は取り出した鍵のハッシュ値を算出し、算出したハッシュ値が鍵格納部21に格納されている値と同じであることを検証する。もし、この値が同一ではない場合、正しい鍵を持っていない通信装置からの不正なパケットであると判定する(ステップA15)。 If the packet is not a trust anchor packet in step A2, the key chain verification unit 24 extracts the key from the packet (step A4) and compares it with the key stored in the key storage unit 21 to determine whether the key chain is present. Verification is performed (step A5). More specifically, the key chain verification unit 24 calculates a hash value of the extracted key, and verifies that the calculated hash value is the same as the value stored in the key storage unit 21. If these values are not the same, it is determined that the packet is an illegal packet from a communication device that does not have the correct key (step A15).
 たとえば、事前に鍵K(L)が通信装置2の鍵格納部21に格納されており、鍵K(L-1)を含むパケットを受信したとすると、鍵チェーン検証部24はパケットから鍵K(L-1)を取り出す。次に、鍵K(L-1)のハッシュ値を算出し、鍵格納部21に格納されている鍵K(L)と同じ値となることを確かめる。もし、鍵K(L-1)が異なる鍵Kであった場合、算出したハッシュ値は鍵K(L)とはならず、鍵の不正が検出可能となる。 For example, if the key K (L) is stored in advance in the key storage unit 21 of the communication apparatus 2 and a packet including the key K (L-1) is received, the key chain verification unit 24 uses the key K from the packet. (L-1) is taken out. Next, a hash value of the key K (L−1) is calculated, and it is confirmed that the value is the same as the key K (L) stored in the key storage unit 21. If the key K (L−1) is a different key K, the calculated hash value does not become the key K (L), and the key fraud can be detected.
 次に、鍵の検証が成功裏に完了すると、そのパケットが2番目のパケット、すなわちトラストアンカパケットの次のパケットである場合、トラストアンカ検証部25にて格納されているトラストアンカパケットの検証を実施する(ステップA7からステップA9)。より具体的には、2番目のパケットから取り出した鍵チェーン検証済みの鍵K(L-1)を用いて、暗号計算部28はトラストアンカパケットの復号処理を行う(ステップA7)。トラストアンカ検証部25は、復号して取得した鍵が復号に使用した鍵と同じであることを確認し(ステップA8)、もし異なる場合、トラストアンカパケットが不正パケットであると判定する(ステップA15)。同じである場合、トラストアンカパケットは正しいと判定し、トラストアンカパケットに含まれる次のパケットのハッシュ値H(1)をハッシュチェーン検証部23は保持する(ステップA9)。 Next, when the key verification is successfully completed, if the packet is the second packet, that is, the packet next to the trust anchor packet, the trust anchor packet stored in the trust anchor verification unit 25 is verified. Implement (Step A7 to Step A9). More specifically, using the key chain verified key K (L-1) extracted from the second packet, the cryptographic calculation unit 28 performs a decryption process of the trust anchor packet (step A7). The trust anchor verification unit 25 confirms that the key obtained by decryption is the same as the key used for decryption (step A8), and if different, determines that the trust anchor packet is an illegal packet (step A15). ). If they are the same, it is determined that the trust anchor packet is correct, and the hash chain verification unit 23 holds the hash value H (1) of the next packet included in the trust anchor packet (step A9).
 トラストアンカパケットの検証が成功裏に完了すると、2番目のパケットの検証に戻る。ハッシュ計算部27は、2番目のパケットの鍵付きハッシュ値を2番目のパケットに含まれる鍵K(L-1)を使用してデータ部分D(1)、次のパケットのハッシュ値H(2)に対して算出する(ステップA10)。ハッシュチェーン検証部23は、ハッシュ計算部27の結果に基づき、先に保持していたハッシュ値H(1)がここで算出した鍵付きハッシュ値と同じであるかを確かめる(ステップA11)。もし異なる場合、2番目のパケットが不正パケットであると判定する(ステップA15)。同じである場合、2番目のパケットは正しいと判定し、鍵K(L-1)で鍵格納部21に格納されている鍵を更新し(ステップA12)、さらに次のパケットの検証用ハッシュ値H(2)をハッシュチェーン検証部23は保持する(ステップA13)。 When the verification of the trust anchor packet is completed successfully, the process returns to the verification of the second packet. The hash calculation unit 27 uses the keyed hash value of the second packet as the data part D (1) using the key K (L-1) included in the second packet, and the hash value H (2 of the next packet) ) (Step A10). Based on the result of the hash calculation unit 27, the hash chain verification unit 23 checks whether the previously stored hash value H (1) is the same as the keyed hash value calculated here (step A11). If they are different, it is determined that the second packet is an illegal packet (step A15). If they are the same, the second packet is determined to be correct, the key stored in the key storage unit 21 is updated with the key K (L−1) (step A12), and the verification hash value of the next packet is further updated. The hash chain verification unit 23 holds H (2) (step A13).
 このようにして、正しいと判定されたパケットに含まれるデータ部分D(1)はデータイメージ再構成部22へと渡される。 In this way, the data portion D (1) included in the packet determined to be correct is passed to the data image reconstruction unit 22.
 以降のパケットを受信した場合、2番目のパケットを受信した時のトラストアンカパケットの検証処理(ステップA7からステップA9)が行われない以外は同様の処理となる(ステップA4からステップA6、ステップA10からステップA13)。 When subsequent packets are received, the same processing is performed (step A4 to step A6, step A10) except that the trust anchor packet verification processing (step A7 to step A9) when the second packet is received is not performed. To Step A13).
 さらに、最後のパケットを受信した場合も、鍵チェーンの検証(ステップA4、ステップA5)から鍵付きハッシュ値の算出(ステップA10)、及び検証(ステップA11)、鍵の更新(ステップA12)までは同様に実施される。また、最後のパケットであるため、次のパケットのハッシュ値は含まれない。このように、すべてのデータ部分がデータイメージ再構成部22へ渡され、通信装置2は、データイメージを取得することが可能となる。 Furthermore, even when the last packet is received, from the verification of the key chain (step A4, step A5) to the calculation of the keyed hash value (step A10), the verification (step A11), and the key update (step A12) The same is done. Further, since it is the last packet, the hash value of the next packet is not included. In this way, all the data portions are transferred to the data image reconstruction unit 22, and the communication device 2 can acquire the data image.
 なお、ネットワーク10は、有線であってもよいが、本実施形態では、無線通信、特にIEEE802.15.4やZigBeeに代表される無線通信プロトコルの使用が適している。 The network 10 may be wired, but in the present embodiment, wireless communication, in particular, use of a wireless communication protocol typified by IEEE 802.15.4 or ZigBee is suitable.
 また、通信装置3~7も通信装置2と同様の動作を行うことで、データイメージが改ざんされていないかどうかを検証することができる点は通信装置2と同じである。 Also, the communication devices 3 to 7 are the same as the communication device 2 in that it is possible to verify whether or not the data image has been falsified by performing the same operation as the communication device 2.
 次に、本発明の第1の実施形態の効果について説明する。本実施の形態の第1の効果は、共通鍵暗号方式に基づく方式を用いた場合であってもデータイメージの完全性の検証を行うことができることである。これは、鍵チェーンに加え次のパケットのハッシュ値を先のパケットに含めて送ることで、パケットの偽装をしにくくしているためである。 Next, effects of the first exemplary embodiment of the present invention will be described. The first effect of the present embodiment is that the integrity of the data image can be verified even when a method based on the common key encryption method is used. This is because the hash value of the next packet is included in the previous packet in addition to the key chain, thereby making it difficult to forge the packet.
 本実施形態の第2の効果は、パケットの偽装が行われた場合であってもすぐにその偽装を検出することができることである。これは、次のパケットのハッシュ値を先のパケットに含めて送ることで、連続するパケット間の関連性を高めているためである。 The second effect of the present embodiment is that even when a packet is camouflaged, the camouflage can be detected immediately. This is because the hash value of the next packet is included in the previous packet and sent to increase the relevance between successive packets.
<第2の実施形態>
 次に、本発明の第2の実施形態について図7及び図8を用いて説明する。 <Second Embodiment>
Next, a second embodiment of the present invention will be described with reference to FIGS.
 図7に示すように、本実施形態における送信側の通信装置101は、鍵チェーン格納部111、データイメージ入力部112、送信パケット生成部113、トラストアンカ生成部114、ネットワーク通信部115、ハッシュ計算部116、暗号計算部117、送信鍵暗号部118を含む。 As shown in FIG. 7, the communication device 101 on the transmission side in this embodiment includes a key chain storage unit 111, a data image input unit 112, a transmission packet generation unit 113, a trust anchor generation unit 114, a network communication unit 115, a hash calculation. Unit 116, encryption calculation unit 117, and transmission key encryption unit 118.
 また、図8に示すように、本実施形態における受信又は転送側の通信装置102は、鍵格納部121、データイメージ再構成部122、ハッシュチェーン検証部123、鍵チェーン検証部124、トラストアンカ検証部125、ネットワーク通信部126、ハッシュ計算部127、暗号計算部128、鍵復号部129を含む。 As shown in FIG. 8, the communication device 102 on the reception or transfer side in this embodiment includes a key storage unit 121, a data image reconstruction unit 122, a hash chain verification unit 123, a key chain verification unit 124, a trust anchor verification. Section 125, network communication section 126, hash calculation section 127, encryption calculation section 128, and key decryption section 129.
 本実施形態は、第1の実施形態とほぼ同じであるが、各パケットに含まれる鍵Kが暗号化されている点が異なる。 This embodiment is almost the same as the first embodiment, except that the key K included in each packet is encrypted.
 図7を参照すると、通信装置101は、送信鍵暗号部118を備える点で異なる以外、第1の実施形態と同じ構成となる。 Referring to FIG. 7, the communication device 101 has the same configuration as that of the first embodiment except that the communication device 101 includes a transmission key encryption unit 118.
 送信鍵暗号部118は、各パケットに含まれる鍵Kを暗号化する機能を備える。より具体的には、各パケットに含まれる鍵は一つ前のパケットに含まれる鍵で暗号化する機能を備える。 The transmission key encryption unit 118 has a function of encrypting the key K included in each packet. More specifically, the key included in each packet has a function of encrypting with the key included in the previous packet.
 図8を参照すると、通信装置102は、鍵復号部129を備える点で異なる以外、第1の実施形態と同じ構成となる。 Referring to FIG. 8, the communication apparatus 102 has the same configuration as that of the first embodiment except that the communication apparatus 102 includes a key decryption unit 129.
 鍵復号部129は、各パケットに含まれる鍵Kを復号する機能を備える。より具体的には、各パケットに含まれる暗号化されている鍵を、鍵格納部121に格納されている前のパケットに含まれる鍵で復号する機能を備える。 The key decryption unit 129 has a function of decrypting the key K included in each packet. More specifically, it has a function of decrypting an encrypted key included in each packet with a key included in a previous packet stored in the key storage unit 121.
 第1の実施形態との動作の違いを説明すると、図6に示す第1の実施形態での動作に対して、受信したパケットから鍵を取り出すステップ(ステップA4)において、鍵を取り出すために通信装置102の鍵復号部129は暗号化されている鍵を復号することで取り出す点が異なる部分となる。それ以外の動作は第1の実施形態と同様の動作となる。 The difference in operation from the first embodiment will be described. Compared to the operation in the first embodiment shown in FIG. 6, communication is performed to extract a key in the step of extracting a key from a received packet (step A4). The key decryption unit 129 of the device 102 is different in that the encrypted key is extracted by decrypting. Other operations are the same as those in the first embodiment.
 次に、第2の実施形態の効果について説明する。本実施形態の効果は、第1の実施形態よりもさらにパケットの偽装をしにくくすることができることである。これは、パケットに含まれる鍵を先のパケットの鍵を使って暗号化するため、パケットを偽装するために必要となる鍵を取得するためにはより長い期間のパケットのやり取りを傍受する必要があるからである。さらに、ネットワーク上ではやり取りされない事前に共有される最初の鍵を取得するためには、例えば物理的に攻撃することで鍵を取得するなど別の手段を要する必要があるからである。 Next, the effect of the second embodiment will be described. The effect of this embodiment is that it is possible to make it more difficult to disguise packets than in the first embodiment. This is because the key included in the packet is encrypted using the key of the previous packet, and in order to obtain the key necessary to impersonate the packet, it is necessary to intercept the exchange of packets for a longer period of time. Because there is. Further, in order to acquire the first key shared in advance that is not exchanged on the network, it is necessary to require another means such as acquiring the key by physical attack.
<第3の実施形態>
 次に、本発明の第3の発明を実施するための形態について図9~図12を用いて説明する。 <Third Embodiment>
Next, a mode for carrying out the third aspect of the present invention will be described with reference to FIGS.
 この実施形態は、第1の実施形態とほぼ同じであるが、第1の実施形態では通信装置2~7が全て同じ共通鍵が事前に共有されていたのに対し、本実施形態ではグループ毎に異なる共有鍵が事前に共有されている点が異なる。 This embodiment is almost the same as the first embodiment. In the first embodiment, all the communication devices 2 to 7 share the same common key in advance. Different shared keys are shared in advance.
 図9を参照すると、通信装置201~207のうち、通信装置201が送信側の通信装置、通信装置202~207が受信側(転送も含む)の通信装置である。通信装置201~207は、ネットワーク210を介して接続されている。通信装置202と通信装置203は同じグループG1に属している。同様に、通信装置204~207は同じグループG2に属している。ここでは、マルチホップネットワーク構成となっており、通信装置201からの同一ホップ数では同じグループに属している構成となる。なお、これらはホップ数毎のグループに限らず、別のグループ構成であってもかまわない。 Referring to FIG. 9, among communication devices 201 to 207, communication device 201 is a communication device on the transmission side, and communication devices 202 to 207 are communication devices on the reception side (including transfer). Communication devices 201 to 207 are connected via a network 210. The communication device 202 and the communication device 203 belong to the same group G1. Similarly, the communication devices 204 to 207 belong to the same group G2. Here, a multi-hop network configuration is used, and the same number of hops from the communication device 201 belong to the same group. Note that these are not limited to groups for each number of hops, and other group configurations may be used.
 図10に示すように、本実施形態における送信側の通信装置201は、複数の鍵チェーン格納部211a~211b、データイメージ入力部212、送信パケット生成部213、トラストアンカ生成部214、ネットワーク通信部215、ハッシュ計算部216、暗号計算部217を含む。 As shown in FIG. 10, the communication device 201 on the transmission side in this embodiment includes a plurality of key chain storage units 211a to 211b, a data image input unit 212, a transmission packet generation unit 213, a trust anchor generation unit 214, and a network communication unit. 215, a hash calculation unit 216, and a cryptographic calculation unit 217.
 また、図11に示すように、本実施形態における受信又は転送側の通信装置202は、鍵格納部221、データイメージ再構成部222、ハッシュチェーン検証部223、鍵チェーン検証部224、トラストアンカ検証部225、ネットワーク通信部226、ハッシュ計算部227を含む。 As shown in FIG. 11, the communication device 202 on the reception or transfer side in the present embodiment includes a key storage unit 221, a data image reconstruction unit 222, a hash chain verification unit 223, a key chain verification unit 224, trust anchor verification. Section 225, network communication section 226, and hash calculation section 227.
 本実施形態の通信装置201は、図2に示す第1の実施形態での構成に対して、鍵チェーン格納部211a~211bを複数保持する点が異なる。この複数の鍵チェーン格納部211a~211bは、図9に示すグループに対応するだけの数の鍵チェーンを維持している。例えば、図9に示すグループG1とグループG2の2つのグループがあったとすると、本実施形態の通信装置201はグループG1用の鍵チェーンとグループG2用の鍵チェーンの2つの鍵チェーンを持つ構成になる。 The communication device 201 of the present embodiment is different from the configuration of the first embodiment shown in FIG. 2 in that a plurality of key chain storage units 211a to 211b are held. The plurality of key chain storage units 211a to 211b maintain the number of key chains corresponding to the group shown in FIG. For example, assuming that there are two groups, group G1 and group G2, shown in FIG. 9, the communication apparatus 201 of this embodiment has a configuration having two key chains: a key chain for group G1 and a key chain for group G2. Become.
 通信装置202と通信装置203はグループG1用の共有鍵が事前に設定されており、通信装置204~207はグループG2用の共有鍵が事前に設定されている点が、第1の実施形態と異なる構成である。 The communication device 202 and the communication device 203 have a group G1 shared key set in advance, and the communication devices 204 to 207 have a group G2 shared key set in advance. It is a different configuration.
 図12を参照すると、通信装置201がデータイメージから生成するパケット構成を示しており、トラストアンカパケット、各パケットに含まれる鍵、次のパケットに対する鍵付きハッシュ値のそれぞれが通信装置が所属するグループの数に等しい分だけ含まれる点が、第1の実施形態と異なる。 Referring to FIG. 12, the packet configuration generated from the data image by the communication device 201 is shown, and the group to which the communication device belongs to each of the trust anchor packet, the key included in each packet, and the keyed hash value for the next packet. It is different from the first embodiment in that it is included in an amount equal to the number of.
 第1の実施形態との動作の違いを説明すると、本実施形態の通信装置201は、パケットを生成するときに第1の実施形態では一つの鍵チェーンを使用して、鍵付きハッシュ値の算出、パケットへの付与を行っていたのに対し、本実施形態では維持する鍵チェーンの数だけそれぞれの鍵を用いて鍵付きハッシュ値の算出を行う。さらに、算出した鍵付きハッシュ値と算出に用いた鍵のペアをパケットに含めるが、このとき、このペアも鍵チェーンの数だけパケットに含める点が異なる。 Explaining the difference in operation from the first embodiment, the communication apparatus 201 of this embodiment calculates a hash value with a key using a single key chain in the first embodiment when generating a packet. In this embodiment, key-attached hash values are calculated using the same number of keys as the number of key chains to be maintained. Furthermore, the calculated keyed hash value and the key pair used for the calculation are included in the packet. However, at this time, this pair is also included in the packet by the number of key chains.
 図12を用いてより具体的に説明する。ここで、説明を簡単にするため最初に送信されるトラストアンカパケットから順に説明するが、実際は第1の実施形態と同様に最後に送信されるパケットから再帰的に生成される。 This will be described more specifically with reference to FIG. Here, in order to simplify the description, the trust anchor packet that is transmitted first will be described in order, but in reality, it is recursively generated from the packet that is transmitted last as in the first embodiment.
 通信装置1はトラストアンカパケットとしてグループ毎にトラストアンカパケットTを算出する。算出の計算自体は第1の実施形態と同様である。グループがn個存在していたとすると、n個のトラストアンカパケットT(1)~T(n)(符号B1、B2で示す)がそれぞれ生成される。通信装置1は、各トラストアンカパケットをまとめて最初のパケットとして送信する(符号B11で示す)。 The communication apparatus 1 calculates a trust anchor packet T for each group as a trust anchor packet. The calculation itself is the same as in the first embodiment. If there are n groups, n trust anchor packets T (1) to T (n) (indicated by symbols B1 and B2) are generated. The communication device 1 collectively sends each trust anchor packet as the first packet (indicated by reference numeral B11).
 次に、通信装置1は、グループ毎に同様に鍵付きハッシュ値を算出し、グループ毎の鍵付きハッシュ値及び算出に用いた鍵のペアをそれぞれパケットに含める(符号B3~B7で示す)。なお、このときデータ部分Dは全グループで共通なので一つのみでかまわない。すなわち、2番目のパケットとして、データ部分D(1)(符号B3で示す)と、グループG1向けの算出に用いた鍵K(1_1)(符号B4で示す)と鍵付きハッシュ値H(1_1)(符号B5で示す)から、グループGn向けの算出に用いた鍵K(n_1)(符号B6で示す)と鍵付きハッシュ値H(n_1)(符号B7で示す)とをまとめてパケットとして送信する(符号B12で示す)。 Next, the communication device 1 similarly calculates a keyed hash value for each group, and includes the keyed hash value for each group and the key pair used for the calculation in the packet (indicated by symbols B3 to B7). At this time, the data portion D is common to all the groups, so only one data portion may be used. That is, as the second packet, the data portion D (1) (indicated by the symbol B3), the key K (1_1) (indicated by the symbol B4) used for the calculation for the group G1, and the keyed hash value H (1_1) The key K (n_1) (denoted by reference B6) and the keyed hash value H (n_1) (denoted by reference B7) used for calculation for the group Gn are collectively transmitted as a packet (denoted by reference B5). (Indicated by B12).
 以降、同様にパケット生成及び送信を行う。最後のパケットについては第1の実施形態と同様の処理に基づきグループ毎の鍵K(1_L)からK(n_L)(符号B9、B10で示す)を最後のデータ部分D(L)(符号B8で示す)とともにパケットとして送信する(符号B13で示す)。 Thereafter, packet generation and transmission are performed in the same manner. For the last packet, based on the same processing as in the first embodiment, the keys K (1_L) to K (n_L) (indicated by reference symbols B9 and B10) for each group are changed to the last data portion D (L) (reference symbol B8). (Shown by reference sign B13).
 次に、本実施形態のグループG1に属する通信装置2でのパケット受信時の動作について第1の実施形態と異なる部分を中心に説明する。 Next, the operation at the time of packet reception in the communication device 2 belonging to the group G1 according to the present embodiment will be described with a focus on differences from the first embodiment.
 この実施形態の通信装置2は、通信装置1からのパケットを受信すると通信装置202自身が属するグループに関係する箇所のみを使用し、他のグループに関係する箇所に対しては何もしない以外は第1の実施形態と同様の動作となる。 When the communication device 2 of this embodiment receives a packet from the communication device 1, the communication device 202 uses only the portion related to the group to which the communication device 202 itself belongs, and does nothing for the portion related to another group. The operation is the same as that of the first embodiment.
 より具体的に説明すると、通信装置202は図12に示すトラストアンカパケット(符号B11で示す)を受信すると、グループG1に関係する箇所であるT(1)(符号B1で示す)のみを自身宛のデータと認識し、T(1)をグループG1のトラストアンカパケットとして第1の実施形態と同様の処理を行う。 More specifically, when the communication apparatus 202 receives the trust anchor packet (indicated by reference numeral B11) shown in FIG. 12, only the T (1) (indicated by reference numeral B1) that is a part related to the group G1 is addressed to itself. The same processing as in the first embodiment is performed using T (1) as the trust anchor packet of group G1.
 さらに、通信装置202は図12に示すパケット(符号B12で示す)を受信すると、グループG1に関係する箇所であるデータ部分D(1)と鍵K(1_1)そして鍵付きハッシュ値H(1_1)(符号B3からB5で示す)を自身宛のデータと認識し、第1の実施形態と同様の処理を行う。 Furthermore, when the communication apparatus 202 receives the packet shown in FIG. 12 (indicated by reference numeral B12), the data portion D (1), the key K (1_1), and the keyed hash value H (1_1), which are locations related to the group G1. (Represented by symbols B3 to B5) is recognized as data addressed to itself, and the same processing as in the first embodiment is performed.
 以降、同様に処理することにより、グループ毎に異なる鍵チェーンを用いることが可能となる。 Thereafter, by processing in the same manner, it becomes possible to use a different key chain for each group.
 なお、通信装置202は通信装置201から受信したパケットを次のホップに属する通信装置へ転送する動作を行う。図9を例にとると、通信装置204及び通信装置205へパケットが転送される。このとき、通信装置2は、パケットをそのまま転送するような動作であってもよいし、自身に関係する部分を削除したのちパケットを転送するような動作であってもかまわない。 Note that the communication device 202 performs an operation of transferring a packet received from the communication device 201 to a communication device belonging to the next hop. Taking FIG. 9 as an example, the packet is transferred to the communication device 204 and the communication device 205. At this time, the communication device 2 may be an operation for transferring the packet as it is, or an operation for transferring the packet after deleting a portion related to itself.
 より具体的には、図12の符号B12で示すパケットを例にとると、グループG1に関係する箇所である鍵K(1_1)(符号B4で示す)及び鍵付きハッシュ値H(1_1)(符号B5で示す)を削除し、それ以外を転送するような構成となる。このとき、データ部分D(1)は全グループ共通となるため削除しない。 More specifically, taking the packet indicated by reference numeral B12 in FIG. 12 as an example, the key K (1_1) (indicated by reference numeral B4) and the hash value with key H (1_1) (reference numeral), which are locations related to the group G1. (B5) is deleted, and the others are transferred. At this time, the data portion D (1) is not deleted because it is common to all groups.
 次に、第3の実施形態の効果について説明する。この実施形態の効果は、もし鍵が漏れてしまった場合に第1の実施形態よりもその影響範囲を小さくすることができることである。これは、鍵を共通で使用する通信装置の範囲を限定するため、あるグループ用の鍵が漏れた場合であっても他のグループ用の鍵には影響しないからである。 Next, the effect of the third embodiment will be described. The effect of this embodiment is that if the key is leaked, the range of influence can be made smaller than in the first embodiment. This is because, in order to limit the range of communication devices that commonly use keys, even if a key for a certain group leaks, it does not affect the keys for other groups.
 さらに、通信装置がパケットを転送するときの通信オーバーヘッドを削減できることである。これは、通信装置が自身のグループに関する箇所を削除してから次の通信装置へ転送するよう構成されているからである。 Furthermore, it is possible to reduce communication overhead when the communication device transfers a packet. This is because the communication device is configured to delete the part related to its own group and transfer it to the next communication device.
 本実施形態では通信装置で用いる鍵付きハッシュ値のサイズはグループによらず同一の構成としていたが、このハッシュ値のサイズはグループ毎に異なる値であってもよい。この場合、オリジナルのハッシュ関数が算出する出力20バイトのうち一部(例えば最後の数バイト)を用いる。サイズの例としては、グループG1用には6バイトのハッシュ値を用いて、グループG2用には7バイトのハッシュ値を用いる。 In this embodiment, the size of the keyed hash value used in the communication apparatus is the same regardless of the group, but the size of the hash value may be different for each group. In this case, a part (for example, the last few bytes) of the output 20 bytes calculated by the original hash function is used. As an example of the size, a 6-byte hash value is used for the group G1, and a 7-byte hash value is used for the group G2.
 ハッシュ値のサイズをグループ毎に異なる値にする構成と、上述の通信装置が自身のグループに関する箇所を削除してから次の通信装置へ転送するよう構成が組み合わせて利用されている場合、さらにパケットの偽装をしにくくすることができることである。これは、前の通信装置から転送された不要な箇所が削除されたパケットを受け取って初めて通信装置は自身に関係する箇所が判明するため、攻撃者がもし正当な鍵を用いた場合であっても途中に含まれる鍵及び鍵付きハッシュ値の区切りを見分けるのが困難にできるからである。 If the configuration in which the size of the hash value is different for each group and the configuration in which the above-described communication device deletes a location related to its own group and forwards it to the next communication device are used in combination, further packets It is possible to make it difficult to disguise. This is the case when an attacker uses a valid key because the communication device can only find out the location related to itself after receiving a packet from which unnecessary portions transferred from the previous communication device are deleted. This is because it is difficult to distinguish between the key and the hash value with key included in the middle.
 第3の実施形態は、第1の実施形態もしくは第2の実施形態のどちらとも組み合わせて利用することが可能である。 The third embodiment can be used in combination with either the first embodiment or the second embodiment.
 以上の如く、本発明の第1の態様は、送信側の通信装置と、受信又は転送側の通信装置と、前記送信側の通信装置と前記受信又は転送側の通信装置との間を接続するネットワークとを備え、完全性を保証するための通信システムであって、前記送信側の通信装置は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いて、データ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、生成されたパケットを前記ネットワークに送信する手段とを備え、前記受信又は転送側の通信装置は、前記ネットワークからのパケットを受信する手段と、パケットの正当性を確認するための鍵を格納する手段と、前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段とを備えることを特徴とする通信システムである。 As described above, the first aspect of the present invention connects the communication device on the transmission side, the communication device on the reception or transfer side, and the communication device on the transmission side and the communication device on the reception or transfer side. A communication system for ensuring integrity, wherein the communication device on the transmitting side stores a key chain in which a series of keys is composed of repeated hash values for each key; Using the key chain in order for the divided data images to be transmitted, a hash value with a key is calculated from the data part and the key, and is added to the previous transmitted packet. Each packet is calculated by repeatedly calculating a keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value, and assigning it to the previous transmitted packet. Means for generating an authenticator for the network, and means for transmitting the generated packet to the network, wherein the communication device on the receiving or forwarding side receives the packet from the network, and the validity of the packet. And a means for storing a key for confirming that the key included in the packet received based on the stored key is a continuous hash value, and is attached to the entire packet including the next authenticator A communication system comprising: a means for verifying an authenticator by calculating a hash value and comparing whether the hash value is the same as a calculated keyed hash value included in one packet ahead.
 また、本発明の第2の態様は、上記態様において、前記認証子を生成する手段は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化し、前記認証子を検証する手段は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得することを特徴とする。 In addition, in a second aspect of the present invention, in the above aspect, the means for generating the authenticator includes a packet to be transmitted including a key included in the next packet and a keyed hash value for the entire next packet, Further, the means for verifying the authenticator by encrypting with the key included in the next packet and confirming the validity of the key included in the next packet after decrypting the received packet, It is characterized in that an attached hash value is acquired.
 また、本発明の第3の態様は、上記態様において、前記認証子を生成する手段は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化し、前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得することを特徴とする。 In a third aspect of the present invention, in the above aspect, the means for generating the authenticator encrypts a key included in each packet using a key included in a previous packet, and verifies the authenticator. The means is characterized in that the key is obtained by decrypting the encrypted key included in the packet with the previously obtained key.
 また、本発明の第4の態様は、上記態様において、前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、前記認証子を検証する手段は、2以上の認証子のうちどれか1つの認証子を検証することを特徴とする。 According to a fourth aspect of the present invention, in the above aspect, the means for generating the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and the authentication The means for verifying the child is characterized by verifying one of the two or more authenticators.
 また、本発明の第5の態様は、上記態様において、前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、前記認証子を検証する手段は、データ部分に引き続く最初の認証子を検証し、検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送することを特徴とする。 According to a fifth aspect of the present invention, in the above aspect, the means for generating the authenticator comprises two or more key chains, calculates two or more authenticators using each key chain, and the authentication The means for verifying the child is characterized in that the first authenticator following the data part is verified, and the verified authenticator and its key are deleted from the packet and then transferred to the next communication device.
 また、本発明の第6の態様は、上記態様において、前記各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする。 In addition, according to a sixth aspect of the present invention, in the above aspect, the length of the authenticator included in each packet is different for each key chain.
 また、本発明の第7の態様は、上記態様において、前記ネットワークは、無線通信路であることを特徴とする。 In addition, according to a seventh aspect of the present invention, in the above aspect, the network is a wireless communication path.
 本発明の第8の態様は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、生成されたパケットをネットワークに送信する手段とを備えたことを特徴とする通信装置である。 According to an eighth aspect of the present invention, there is provided means for storing a key chain in which a series of keys is formed by repeating a hash value for each key, and sequentially using the key chains for the divided data images to be transmitted. The keyed hash value is calculated from the data part and the key and added to the previous packet to be transmitted. After that, the data part and key in the previous packet and the keyed hash previously calculated Means for generating an authenticator for each packet by repeatedly calculating a hash value with a key from the value and assigning it to a packet transmitted immediately before, and means for transmitting the generated packet to the network And a communication device.
 また、本発明の第9の態様は、上記態様において、前記認証子を生成する手段は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化することを特徴とする。 In addition, in a ninth aspect of the present invention, in the above aspect, the means for generating the authenticator includes a packet to be transmitted including a key included in the next packet and a keyed hash value for the entire next packet, Further, encryption is performed using a key included in the next packet.
 また、本発明の第10の態様は、上記態様において、前記認証子を生成する手段は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化することを特徴とする。 Further, a tenth aspect of the present invention is characterized in that, in the above aspect, the means for generating the authenticator encrypts a key included in each packet using a key included in a previous packet.
 また、本発明の第11の態様は、上記態様において、前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出することを特徴とする。 An eleventh aspect of the present invention is characterized in that, in the above aspect, the means for generating the authenticator comprises two or more key chains, and calculates two or more authenticators using each key chain. And
 また、本発明の第12の態様は、上記態様において、各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする。 Also, the twelfth aspect of the present invention is characterized in that, in the above aspect, the length of the authenticator included in each packet is different for each key chain.
 また、本発明の第13の態様は、ネットワークからのパケットを受信する手段と、パケットの正当性を確認するための鍵を格納する手段と、前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段とを備えたことを特徴とする通信装置である。 A thirteenth aspect of the present invention is included in the received packet based on the means for receiving a packet from the network, a means for storing a key for confirming the validity of the packet, and the stored key. Calculate that the key has a continuous hash value, calculate the keyed hash value for the entire packet including the next authenticator, and be the same as the calculated keyed hash value included in the next packet. A communication device comprising means for verifying an authenticator by comparing whether or not there is an authenticator.
 また、本発明の第14の態様は、上記態様において、前記認証子を検証する手段は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得することを特徴とする。 In addition, in a fourteenth aspect of the present invention, in the above aspect, the means for verifying the authenticator confirms the validity of the key included in the next packet from the received packet, decrypts the packet, and A keyed hash value of a packet is acquired.
 また、本発明の第15の態様は、上記態様において、前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得することを特徴とする。 According to a fifteenth aspect of the present invention, in the above aspect, the means for verifying the authenticator obtains the key by decrypting the encrypted key included in the packet with the previously obtained key. Features.
 また、本発明の第16の態様は、上記態様において、前記認証子を検証する手段は、2以上の認証子のうちどれか1つの認証子を検証することを特徴とする。 The sixteenth aspect of the present invention is characterized in that, in the above aspect, the means for verifying the authenticator verifies one of the two or more authenticators.
 また、本発明の第17の態様は、上記態様において、前記認証子を検証する手段は、データ部分に引き続く最初の認証子を検証し,検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送することを特徴とする。 According to a seventeenth aspect of the present invention, in the above aspect, the means for verifying the authenticator verifies the first authenticator following the data portion, and deletes the verified authenticator and the key related thereto from the packet. It transfers to the next communication apparatus, It is characterized by the above-mentioned.
 また、本発明の第18の態様は、送信側では、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納しておき、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成し、生成されたパケットをネットワークに送信し、受信側では、パケットの正当性を確認するための鍵を格納しておき、前記ネットワークからのパケットを受信し、前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証することを特徴とするデータ通信方法である。 In the eighteenth aspect of the present invention, the transmitting side stores a key chain in which a series of keys is formed by repeating hash values for each key, and sequentially transmits the divided data images to be transmitted. Using the key chain in order, a hash value with a key is calculated from the data part and the key and given to the previous packet to be transmitted, and thereafter, the data part, key and destination in the previous packet are sent. By generating a keyed hash value from the calculated keyed hash value and assigning it to the packet sent before, an authenticator for each packet is generated, and the generated packet is sent to the network. The reception side stores a key for confirming the validity of the packet, receives the packet from the network, and receives it based on the stored key. Calculates that the key included in the packet is a continuous hash value, calculates the keyed hash value for the entire packet including the next authenticator, and calculates the calculated keyed hash included in the next packet A data communication method characterized by verifying an authenticator by comparing whether or not the value is the same.
 また、本発明の第19の態様は、上記態様において、前記認証子の生成は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化し、前記認証子の検証は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得することを特徴とする。 In addition, in a nineteenth aspect of the present invention, in the above aspect, the authenticator is generated by configuring a packet to be transmitted with a key included in the next packet and a keyed hash value for the entire next packet, The authenticator is verified by verifying the validity of the key included in the next packet, and then decrypting the packet to obtain the keyed hash value of the next packet. It is characterized by acquiring.
 また、本発明の第20の態様は、上記態様において、前記認証子の生成は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化し、前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得することを特徴とする。 In addition, in a twentieth aspect of the present invention, in the above aspect, the means for generating the authenticator includes: encrypting a key included in each packet using a key included in a previous packet; and verifying the authenticator. The key is obtained by decrypting the encrypted key included in the packet with the previously obtained key.
 また、本発明の第21の態様は、上記態様において、前記認証子の生成は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、前記認証子の検証は、2以上の認証子のうちどれか1つの認証子を検証することを特徴とする。 According to a twenty-first aspect of the present invention, in the above aspect, the generation of the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and The verification is characterized by verifying any one of two or more authenticators.
 また、本発明の第22の態様は、上記態様において、前記認証子の生成は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、前記認証子の検証は、データ部分に引き続く最初の認証子を検証し、検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送することを特徴とする。 According to a twenty-second aspect of the present invention, in the above aspect, the generation of the authenticator includes two or more key chains, calculates two or more authenticators using each key chain, and The verification is characterized in that the first authenticator subsequent to the data part is verified, and the verified authenticator and its key are deleted from the packet and then transferred to the next communication device.
 また、本発明の第23の態様は、上記態様において、各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする。 Further, the twenty-third aspect of the present invention is characterized in that, in the above aspect, the length of the authenticator included in each packet is different for each key chain.
 また、本発明の第24の態様は、上記態様において、前記ネットワークは、無線通信路であることを特徴とする。 The twenty-fourth aspect of the present invention is characterized in that, in the above aspect, the network is a wireless communication path.
 また、本発明の第25の態様は、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する処理と、分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する処理と、生成されたパケットをネットワークに送信する処理とを通信装置に実行させることを特徴とするプログラムである。 According to a twenty-fifth aspect of the present invention, a process for storing a key chain in which a series of keys is formed by repeating a hash value for each key, and the key chains in order for the divided data images to be transmitted. Use in order to calculate a hash value with a key from the data part and the key and assign it to the previous packet to be sent, and thereafter, the data part and key in the previous packet and the key previously calculated A process for generating an authenticator for each packet by repeatedly calculating a hash value with a key from the attached hash value and assigning it to the packet sent one before, and sending the generated packet to the network A program that causes a communication device to execute processing to be performed.
 また、本発明の第26の態様は、上記態様において、ネットワークからのパケットを受信する処理と、パケットの正当性を確認するための鍵を格納する処理と、前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する処理とを通信装置に実行させることを特徴とするプログラムである。 According to a twenty-sixth aspect of the present invention, in the above aspect, the process for receiving a packet from the network, the process for storing a key for confirming the validity of the packet, and the reception based on the stored key. Calculates that the key included in the packet is a continuous hash value, calculates the keyed hash value for the entire packet including the next authenticator, and calculates the calculated keyed hash included in the next packet It is a program characterized by causing a communication device to execute processing for verifying an authenticator by comparing whether the values are the same.
 また、本発明の第27の態様は、上記データ通信方法の機能を実現するためのデータ通信プログラムである。 The twenty-seventh aspect of the present invention is a data communication program for realizing the function of the data communication method.
 以上、実施の形態及び態様をあげて本発明を説明したが、本発明は必ずしも上記実施の形態及び態様に限定されるものではなく、その技術的思想の範囲内において様々に変形し実施することが出来る。 The present invention has been described above with reference to the embodiments and aspects. However, the present invention is not necessarily limited to the above-described embodiments and aspects, and various modifications may be made within the scope of the technical idea. I can do it.
 本出願は、2008年8月29日に出願された日本出願特願2008-221872号を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2008-221872 filed on Aug. 29, 2008, the entire disclosure of which is incorporated herein.
 本発明によるプログラムイメージ更新のための完全性保証方式は、無線通信を用いたネットワークにおける安全なプログラムイメージの配布に有用である。特にIEEE802.15.4やZigBeeに代表される無線通信プロトコルを用いたワイヤレスセンサーネットワーク分野でのPCに比べて能力が制限された装置において有効である。 The integrity guarantee method for updating a program image according to the present invention is useful for distributing a secure program image in a network using wireless communication. In particular, it is effective in a device having a limited capability as compared with a PC in a wireless sensor network field using a wireless communication protocol represented by IEEE802.15.4 or ZigBee.
1~7,201~207 通信装置
10,210 ネットワーク
11,111,211 鍵チェーン格納部
12,112,212 データイメージ入力部
13,113,213 送信パケット生成部
14,114,214 トラストアンカ生成部
15,115,215,26,126,226 ネットワーク通信部
16,116,216,27,127,227 ハッシュ計算部
17,117,217,28,128,228 暗号計算部
118 送信鍵暗号部
21,121,221 鍵格納部
22,122,222 データイメージ再構成部
23,123,223 ハッシュチェーン検証部
24,124,224 鍵チェーン検証部
25,125,225 トラストアンカ検証部
129 鍵復号部
  1 to 7, 201 to 207 Communication device 10, 210 Network 11, 111, 211 Key chain storage unit 12, 112, 212 Data image input unit 13, 113, 213 Transmission packet generation unit 14, 114, 214 Trust anchor generation unit 15 115, 215, 26, 126, 226 Network communication unit 16, 116, 216, 27, 127, 227 Hash calculation unit 17, 117, 217, 28, 128, 228 Cryptographic calculation unit 118 Transmission key encryption unit 21, 121, 221 Key storage unit 22, 122, 222 Data image reconstruction unit 23, 123, 223 Hash chain verification unit 24, 124, 224 Key chain verification unit 25, 125, 225 Trust anchor verification unit 129 Key decryption unit

Claims (26)

  1.  送信側の通信装置と、受信又は転送側の通信装置と、前記送信側の通信装置と前記受信又は転送側の通信装置との間を接続するネットワークとを備え、完全性を保証するための通信システムであって、
     前記送信側の通信装置は、
     一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、
     分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いて、データ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、
     生成されたパケットを前記ネットワークに送信する手段と
    を備え、
     前記受信又は転送側の通信装置は、
     前記ネットワークからのパケットを受信する手段と、
     パケットの正当性を確認するための鍵を格納する手段と、
     前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段と
    を備えることを特徴とする通信システム。     Communication for guaranteeing integrity, comprising a communication device on the transmission side, a communication device on the reception or transfer side, and a network connecting the communication device on the transmission side and the communication device on the reception or transfer side A system,
    The transmission side communication device is:
    Means for storing a key chain in which a series of keys consists of repeated hash values for each key;
    Using the key chain in order for the divided data images to be transmitted, a hash value with a key is calculated from the data part and the key, and is added to the previous transmitted packet. By repeating the calculation of the keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value, and assigning it to the previous transmitted packet, Means for generating an authenticator;
    Means for transmitting the generated packet to the network;
    The communication device on the receiving or transferring side is:
    Means for receiving packets from the network;
    Means for storing a key for verifying the validity of the packet;
    Based on the stored key, calculate that the key included in the received packet is a continuous hash value, calculate the keyed hash value for the entire packet including the next authenticator, And a means for verifying the authenticator by comparing whether it is the same as the calculated keyed hash value.
  2.  前記認証子を生成する手段は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化し、
     前記認証子を検証する手段は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得する
     ことを特徴とする請求項1に記載の通信システム。     The means for generating the authenticator comprises a packet to be transmitted composed of a key included in the next packet and a keyed hash value for the entire next packet, and further encrypted with a key included in the next packet,
    The means for verifying the authenticator confirms the validity of the key included in the next packet of the received packet, and then decrypts the packet to obtain a keyed hash value of the next packet. Item 12. The communication system according to Item 1.
  3.  前記認証子を生成する手段は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化し、
     前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得する
     ことを特徴とする請求項1又は請求項2に記載の通信システム。     The means for generating the authenticator encrypts the key included in each packet using the key included in the previous packet,
    The communication system according to claim 1 or 2, wherein the means for verifying the authenticator acquires the key by decrypting the encrypted key included in the packet with the previously acquired key. .
  4.  前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、
     前記認証子を検証する手段は、2以上の認証子のうちどれか1つの認証子を検証する
    ことを特徴とする請求項1から請求項3のいずれかに記載の通信システム。     The means for generating the authenticator comprises two or more key chains, and calculates two or more authenticators using each key chain,
    The communication system according to any one of claims 1 to 3, wherein the means for verifying the authenticator verifies one of the two or more authenticators.
  5.  前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、
     前記認証子を検証する手段は、データ部分に引き続く最初の認証子を検証し、検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送する
    ことを特徴とする請求項1から請求項3のいずれかに記載の通信システム。     The means for generating the authenticator comprises two or more key chains, and calculates two or more authenticators using each key chain,
    The means for verifying the authenticator verifies an initial authenticator subsequent to the data portion, and deletes the verified authenticator and a key related thereto from the packet and then forwards it to the next communication device. The communication system according to claim 3.
  6.  前記各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする請求項4又は請求項5に記載の通信システム。 The communication system according to claim 4 or 5, wherein the length of the authenticator included in each packet is different for each key chain.
  7.  前記ネットワークは、無線通信路であることを特徴とする請求項1から請求項6のいずれかに記載の通信システム。 The communication system according to any one of claims 1 to 6, wherein the network is a wireless communication path.
  8.  一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する手段と、
     分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する手段と、
     生成されたパケットをネットワークに送信する手段と
     を備えたことを特徴とする通信装置。     Means for storing a key chain in which a series of keys consists of repeated hash values for each key;
    A hash value with a key is calculated from the data portion and the key using the key chain in order for the divided data image to be transmitted, and is given to the packet transmitted one before, and thereafter one Authenticate each packet by repeatedly calculating the keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value and assigning it to the previous packet A means of creating children;
    Means for transmitting the generated packet to the network.
  9.  前記認証子を生成する手段は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化することを特徴とする請求項8に記載の通信装置。 The means for generating the authenticator comprises a packet to be transmitted composed of a key included in the next packet and a hash value with a key for the entire next packet, and further encrypted with a key included in the next packet. The communication device according to claim 8.
  10.  前記認証子を生成する手段は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化することを特徴とする請求項8又は請求項9に記載の通信装置。 10. The communication device according to claim 8, wherein the means for generating the authenticator encrypts a key included in each packet by using a key included in a previous packet.
  11.  前記認証子を生成する手段は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出することを特徴とする請求項8から請求項10のいずれかに記載の通信装置。 The means for generating the authenticator comprises two or more key chains, and calculates two or more authenticators using each key chain. Communication device.
  12.  各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする請求項11に記載の通信装置。 The communication device according to claim 11, wherein the length of the authenticator included in each packet is different for each key chain.
  13.  ネットワークからのパケットを受信する手段と、
     パケットの正当性を確認するための鍵を格納する手段と、
     前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する手段と
     を備えたことを特徴とする通信装置。     Means for receiving packets from the network;
    Means for storing a key for verifying the validity of the packet;
    Calculate that the key included in the received packet is a continuous hash value based on the stored key, calculate a keyed hash value for the entire packet including the next authenticator, And a means for verifying the authenticator by comparing whether or not the hash value with the key is already included.
  14.  前記認証子を検証する手段は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得することを特徴とする請求項13に記載の通信装置。 The means for verifying the authenticator confirms the validity of the key included in the next packet of the received packet, and then decrypts the packet to obtain a keyed hash value of the next packet. Item 14. The communication device according to Item 13.
  15.  前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得することを特徴とする請求項13又は請求項14に記載の通信装置。 The communication device according to claim 13 or 14, wherein the means for verifying the authenticator acquires the key by decrypting the encrypted key included in the packet with the previously acquired key. .
  16.  前記認証子を検証する手段は、2以上の認証子のうちどれか1つの認証子を検証することを特徴とする請求項13から請求項15のいずれかに記載の通信装置。 16. The communication apparatus according to claim 13, wherein the means for verifying the authenticator verifies one of two or more authenticators.
  17.  前記認証子を検証する手段は、データ部分に引き続く最初の認証子を検証し,検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送することを特徴とする請求項13から請求項15のいずれかに記載の通信装置。 14. The means for verifying the authenticator verifies an initial authenticator subsequent to the data portion, and deletes the verified authenticator and a key related thereto from the packet and then forwards them to the next communication device. The communication device according to claim 15.
  18.  送信側では、一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納しておき、
     分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成し、生成されたパケットをネットワークに送信し、
     受信側では、パケットの正当性を確認するための鍵を格納しておき、
     前記ネットワークからのパケットを受信し、
     前記格納した鍵に基づき受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する
    ことを特徴とするデータ通信方法。     On the sending side, a key chain consisting of a series of keys consisting of repeated hash values for each key is stored,
    Using the key chain in order for the divided data image to be transmitted, a hash value with a key is calculated from the data part and the key, and given to the packet transmitted one before, and thereafter one Authenticate each packet by repeatedly calculating the keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value, and assigning it to the previous packet sent Creates a child, sends the generated packet to the network,
    On the receiving side, a key for checking the validity of the packet is stored,
    Receiving packets from the network;
    Based on the stored key, calculate that the key included in the received packet is a continuous hash value, calculate the keyed hash value for the entire packet including the next authenticator, A data communication method characterized by verifying an authenticator by comparing whether or not it is the same as a calculated keyed hash value.
  19.  前記認証子の生成は、送信するパケットを次のパケットに含まれる鍵と、次のパケット全体に対する鍵付きハッシュ値で構成し、さらに次のパケットに含まれる鍵で暗号化し、
     前記認証子の検証は、受信するパケットを次のパケットに含まれる鍵の正当性を確認した後、パケットを復号して次のパケットの鍵付きハッシュ値を取得する
     ことを特徴とする請求項18に記載のデータ通信方法。     The authenticator is generated by configuring a packet to be transmitted with a key included in the next packet and a keyed hash value for the entire next packet, and further encrypting with a key included in the next packet,
    19. The verification of the authenticator is performed by confirming a validity of a key included in a next packet of a received packet and then decrypting the packet to obtain a keyed hash value of the next packet. The data communication method described in 1.
  20.  前記認証子の生成は、各パケットに含まれる鍵を先のパケットに含まれる鍵を用いて暗号化し、
     前記認証子を検証する手段は、パケットに含まれる暗号化された鍵を先に取得した鍵で復号することにより鍵を取得する
     ことを特徴とする請求項18又は請求項19に記載のデータ通信方法。     The generation of the authenticator encrypts the key included in each packet using the key included in the previous packet,
    The data communication according to claim 18 or 19, wherein the means for verifying the authenticator obtains the key by decrypting the encrypted key included in the packet with the previously obtained key. Method.
  21.  前記認証子の生成は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、
     前記認証子の検証は、2以上の認証子のうちどれか1つの認証子を検証する
    ことを特徴とする請求項18から請求項20のいずれかに記載のデータ通信方法。     The generation of the authenticator includes two or more key chains, and calculates two or more authenticators using each key chain,
    21. The data communication method according to claim 18, wherein the verification of the authenticator is performed by verifying any one of two or more authenticators.
  22.  前記認証子の生成は、2以上の鍵チェーンを備え、それぞれの鍵チェーンを用いて2以上の認証子を算出し、
     前記認証子の検証は、データ部分に引き続く最初の認証子を検証し、検証した認証子及びそれに関する鍵をパケットから削除したのち次の通信装置へ転送する
    ことを特徴とする請求項18から請求項20のいずれかに記載のデータ通信方法。     The generation of the authenticator includes two or more key chains, and calculates two or more authenticators using each key chain,
    19. The verification of the authenticator is performed by verifying a first authenticator subsequent to a data portion, and transferring the verified authenticator and a key related thereto to a next communication apparatus after deleting the verified authenticator and a key related thereto from the packet. Item 21. The data communication method according to any one of Items 20.
  23.  各パケットに含まれる認証子の長さは各鍵チェーン毎に異なる長さであることを特徴とする請求項21又は請求項22に記載のデータ通信方法。 The data communication method according to claim 21 or 22, wherein the length of the authenticator included in each packet is different for each key chain.
  24.  前記ネットワークは、無線通信路であることを特徴とする請求項18から請求項23のいずれかに記載のデータ通信方法。 The data communication method according to any one of claims 18 to 23, wherein the network is a wireless communication path.
  25.  一連の鍵がそれぞれの鍵に対するハッシュ値の繰り返しで構成される鍵チェーンを格納する処理と、
     分割された送信するデータイメージに対して順に前記鍵チェーンを順に用いてデータ部分と鍵とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与し、以後、一つ前のパケットでのデータ部分と鍵と先に算出した鍵付きハッシュ値とから鍵付きハッシュ値を算出して一つ前に送信されるパケットに対して付与することを繰り返すことによって各パケットに対する認証子を生成する処理と、
     生成されたパケットをネットワークに送信する処理と
    を通信装置に実行させることを特徴とするプログラム。     A process of storing a key chain in which a series of keys consists of repeated hash values for each key;
    Using the key chain in order for the divided data image to be transmitted, a hash value with a key is calculated from the data part and the key, and given to the packet transmitted one before, and thereafter one Authenticate each packet by repeatedly calculating the keyed hash value from the data part of the previous packet, the key, and the previously calculated keyed hash value, and assigning it to the previous packet sent The process of creating children,
    A program that causes a communication device to execute processing for transmitting a generated packet to a network.
  26.  ネットワークからのパケットを受信する処理と、
     パケットの正当性を確認するための鍵を格納する処理と、
     前記格納した鍵に基づき前記受信したパケットに含まれる鍵が連続したハッシュ値となっていることを計算し、次の認証子を含むパケット全体に対する鍵付きハッシュ値を算出し、一つ先のパケットに含まれる計算済みの鍵付きハッシュ値と同じであるかを比較することによって認証子を検証する処理と
    を通信装置に実行させることを特徴とするプログラム。
     
          Processing to receive packets from the network;
    A process of storing a key for checking the validity of the packet;
    Calculate that the key included in the received packet is a continuous hash value based on the stored key, calculate a keyed hash value for the entire packet including the next authenticator, A program for causing a communication device to execute processing for verifying an authenticator by comparing whether or not the hash value with a key included in the key is the same.

PCT/JP2009/065047 2008-08-29 2009-08-28 Communication system, communication device on transmission side and reception or transfer side, method for data communication and data transmission program WO2010024379A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010526783A JP5556659B2 (en) 2008-08-29 2009-08-28 COMMUNICATION SYSTEM, TRANSMITTER AND RECEPTION OR TRANSFER COMMUNICATION DEVICE, DATA COMMUNICATION METHOD, DATA COMMUNICATION PROGRAM

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-221872 2008-08-29
JP2008221872 2008-08-29

Publications (1)

Publication Number Publication Date
WO2010024379A1 true WO2010024379A1 (en) 2010-03-04

Family

ID=41721542

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/065047 WO2010024379A1 (en) 2008-08-29 2009-08-28 Communication system, communication device on transmission side and reception or transfer side, method for data communication and data transmission program

Country Status (2)

Country Link
JP (1) JP5556659B2 (en)
WO (1) WO2010024379A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120233461A1 (en) * 2011-03-07 2012-09-13 Kabushiki Kaisha Toshiba Data transmitting apparatus and data authenticating method
CN103813320A (en) * 2014-01-14 2014-05-21 东北大学 Grouping cluster and master key based key management method
US9088421B2 (en) 2012-03-13 2015-07-21 Kabushiki Kaisha Toshiba Data transmitting device, data receiving device, and computer-readable storage medium
WO2016058487A1 (en) * 2014-10-16 2016-04-21 阿里巴巴集团控股有限公司 Information processing method and apparatus
GB2479520B (en) * 2010-03-17 2016-07-13 Signatrol Ltd Remote Sensor Data Transmission
GB2541950A (en) * 2015-09-07 2017-03-08 Arm Ip Ltd Methods for verifying data integrity
US9871786B2 (en) 2015-07-23 2018-01-16 Google Llc Authenticating communications
CN108123960A (en) * 2018-01-02 2018-06-05 武汉斗鱼网络科技有限公司 Room popularity verification method, device and electronic equipment is broadcast live
US10412069B2 (en) 2015-01-19 2019-09-10 Mitsubishi Electric Corporation Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
CN110602142A (en) * 2019-09-29 2019-12-20 成都安恒信息技术有限公司 Background authentication method based on cipher chain
JP2021500816A (en) * 2017-10-24 2021-01-07 ホアウェイ インターナショナル ピーティーイー. リミテッド Vehicle-mounted equipment upgrade method and related equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101967855B1 (en) * 2017-05-25 2019-04-11 김영후 Method and system for verifying electronic document security using 2D barcode block division

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10135945A (en) * 1996-11-01 1998-05-22 Toshiba Corp Mobile computer system, packet processor and communication control method
JP2001251296A (en) * 2000-03-06 2001-09-14 Kddi Corp Message-authenticating device
JP2003051821A (en) * 2001-05-11 2003-02-21 Lucent Technol Inc Message processing method for authentication
JP2006019975A (en) * 2004-06-30 2006-01-19 Matsushita Electric Ind Co Ltd Cipher packet communication system, receiving device and transmitting device with which same is equipped , and communication method, receiving method, transmitting method, receiving program and transmitting program for cipher packet which are applied thereto
JP2008141360A (en) * 2006-11-30 2008-06-19 Oki Electric Ind Co Ltd Message authentication system and message authentication method
JP2009065326A (en) * 2007-09-05 2009-03-26 Kddi Corp Update system of encryption key, update method of encryption key, and program

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002208922A (en) * 2001-01-12 2002-07-26 Ntt Docomo Inc Encrypting device, decrypting device and authentication information applicator, encrypting method, decrypting method and authentication information application method
BRPI0415314B8 (en) * 2003-10-14 2018-05-02 Magnus Nystroem method and arrangement for managing generations of security code information in an information environment, and consumer and security code producing entities in an information environment
JP4631423B2 (en) * 2004-12-13 2011-02-16 沖電気工業株式会社 Message authentication method, message authentication apparatus and message authentication system using the authentication method
JP4665617B2 (en) * 2005-06-10 2011-04-06 沖電気工業株式会社 Message authentication system, message transmission device, message reception device, message transmission method, message reception method, and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10135945A (en) * 1996-11-01 1998-05-22 Toshiba Corp Mobile computer system, packet processor and communication control method
JP2001251296A (en) * 2000-03-06 2001-09-14 Kddi Corp Message-authenticating device
JP2003051821A (en) * 2001-05-11 2003-02-21 Lucent Technol Inc Message processing method for authentication
JP2006019975A (en) * 2004-06-30 2006-01-19 Matsushita Electric Ind Co Ltd Cipher packet communication system, receiving device and transmitting device with which same is equipped , and communication method, receiving method, transmitting method, receiving program and transmitting program for cipher packet which are applied thereto
JP2008141360A (en) * 2006-11-30 2008-06-19 Oki Electric Ind Co Ltd Message authentication system and message authentication method
JP2009065326A (en) * 2007-09-05 2009-03-26 Kddi Corp Update system of encryption key, update method of encryption key, and program

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
A. PERRIG ET AL.: "The TESLA broadcast authentication protocol", CRYPTOBYTES, vol. 5, no. 2, 2002, pages 2 - 13 *
ROSARIO GENNARO ET AL.: "How to Sing Digital Streams", PROCEEDINGS OF THE 17TH ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE ON ADVANCES IN CRYPTOLOGY, 1997, LNCS, vol. 1294, 1997, pages 180 - 197 *
RYUYA UDA: "Voice Stream Authentication Method for IP Telephony", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, IPSJ JOURNAL, vol. 47, no. 8, pages 2535 - 2547 *
SHUICH ETO: "Message Authentication Method dynamically responding to the Change of Transmission Quality for the Phone with Public-Key Signatures", COMPUTER SECURITY SYMPOSIUM 2002, vol. 2002, no. 16, 30 October 2002 (2002-10-30), pages 315 - 318 *
TAKASHI MATSUNAKA: "An Effective Authentication Procedure Considering Security Risks for Seamless Handover", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, IPSJ JOURNAL, vol. 49, no. 1, 15 January 2008 (2008-01-15), pages 312 - 321 *
TAKETSUGU YAO: "Reliable broadcast authentication in sensor networks", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, IPSJ SIG TECHNICAL REPORTS, vol. 2005, no. 33, 23 March 2005 (2005-03-23), pages 241 - 246 *
TOSHIAKI TANAKA: "Study on Practical Message Authentication Mechanisms for Digital Streaming Services", TRANSACTIONS OF INFORMATION PROCESSING SOCIETY OF JAPAN, IPSJ SIG NOTES, vol. 2001, no. 75, 25 July 2001 (2001-07-25), pages 15 - 22 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2479520B (en) * 2010-03-17 2016-07-13 Signatrol Ltd Remote Sensor Data Transmission
US8732463B2 (en) * 2011-03-07 2014-05-20 Kabushiki Kaisha Toshiba Data transmitting apparatus and data authenticating method
US20120233461A1 (en) * 2011-03-07 2012-09-13 Kabushiki Kaisha Toshiba Data transmitting apparatus and data authenticating method
US9088421B2 (en) 2012-03-13 2015-07-21 Kabushiki Kaisha Toshiba Data transmitting device, data receiving device, and computer-readable storage medium
CN103813320A (en) * 2014-01-14 2014-05-21 东北大学 Grouping cluster and master key based key management method
CN103813320B (en) * 2014-01-14 2017-01-11 东北大学 Grouping cluster and master key based key management method
CN105577379B (en) * 2014-10-16 2020-04-28 阿里巴巴集团控股有限公司 Information processing method and device
CN105577379A (en) * 2014-10-16 2016-05-11 阿里巴巴集团控股有限公司 Information processing method and apparatus thereof
WO2016058487A1 (en) * 2014-10-16 2016-04-21 阿里巴巴集团控股有限公司 Information processing method and apparatus
US10412069B2 (en) 2015-01-19 2019-09-10 Mitsubishi Electric Corporation Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
US9871786B2 (en) 2015-07-23 2018-01-16 Google Llc Authenticating communications
US11146400B2 (en) 2015-09-07 2021-10-12 Arm Ip Limited Methods for verifying data integrity
GB2541950A (en) * 2015-09-07 2017-03-08 Arm Ip Ltd Methods for verifying data integrity
GB2541950B (en) * 2015-09-07 2020-01-08 Arm Ip Ltd Methods for verifying data integrity
US10595207B2 (en) 2015-09-07 2020-03-17 Arm Ltd Methods for verifying data integrity
US11662991B2 (en) 2017-10-24 2023-05-30 Huawei International Pte. Ltd. Vehicle-mounted device upgrade method and related device
JP7139424B2 (en) 2017-10-24 2022-09-20 ホアウェイ インターナショナル ピーティーイー. リミテッド Vehicle-mounted equipment upgrade method and related equipment
JP2021500816A (en) * 2017-10-24 2021-01-07 ホアウェイ インターナショナル ピーティーイー. リミテッド Vehicle-mounted equipment upgrade method and related equipment
CN108123960A (en) * 2018-01-02 2018-06-05 武汉斗鱼网络科技有限公司 Room popularity verification method, device and electronic equipment is broadcast live
CN108123960B (en) * 2018-01-02 2020-10-16 武汉斗鱼网络科技有限公司 Live broadcast room popularity verification method and device and electronic equipment
CN110602142A (en) * 2019-09-29 2019-12-20 成都安恒信息技术有限公司 Background authentication method based on cipher chain

Also Published As

Publication number Publication date
JP5556659B2 (en) 2014-07-23
JPWO2010024379A1 (en) 2012-01-26

Similar Documents

Publication Publication Date Title
JP5556659B2 (en) COMMUNICATION SYSTEM, TRANSMITTER AND RECEPTION OR TRANSFER COMMUNICATION DEVICE, DATA COMMUNICATION METHOD, DATA COMMUNICATION PROGRAM
US8254581B2 (en) Lightweight key distribution and management method for sensor networks
KR101684076B1 (en) A secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment
CN101512537B (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
JP2005286989A (en) Communication terminal and ad hoc network rout controlling method
CN111614621B (en) Internet of things communication method and system
US7139679B1 (en) Method and apparatus for cryptographic protection from denial of service attacks
CN114157415A (en) Data processing method, computing node, system, computer device and storage medium
KR102437864B1 (en) Method of receiving firmware and method of transmitting firmware
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN101938500A (en) Method and system for verifying source address
Shaheen et al. Confidential and secure broadcast in wireless sensor networks
CN107534552B (en) Method executed at server device, client device and server device
CN108965266B (en) User-to-User identity authentication system and method based on group key pool and Kerberos
WO2010032391A1 (en) Communication system for verification of integrity, communication device, communication method using same, and program
JP2004194196A (en) Packet communication authentication system, communication controller and communication terminal
Krontiris et al. Authenticated in-network programming for wireless sensor networks
JP4631423B2 (en) Message authentication method, message authentication apparatus and message authentication system using the authentication method
JP5664104B2 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND PROGRAM
RU2278477C2 (en) Authentication method for stationary regional wireless broadband access systems
JP5768622B2 (en) Message authentication system, communication device, and communication program
Nasiraee et al. DSBS: A novel dependable secure broadcast stream over lossy channels
de Oliveira et al. NEKAP: Intruder Resilient and Energy Efficient Key Establishment in Sensor Networks
CN108964900B (en) Improved Kerberos identity authentication system and method based on group key pool
KR100794792B1 (en) Broadcast frame protection method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09810027

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2010526783

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09810027

Country of ref document: EP

Kind code of ref document: A1