WO2019150175A1 - Authenticated packets from identified sources - Google Patents

Authenticated packets from identified sources Download PDF

Info

Publication number
WO2019150175A1
WO2019150175A1 PCT/IB2018/050707 IB2018050707W WO2019150175A1 WO 2019150175 A1 WO2019150175 A1 WO 2019150175A1 IB 2018050707 W IB2018050707 W IB 2018050707W WO 2019150175 A1 WO2019150175 A1 WO 2019150175A1
Authority
WO
WIPO (PCT)
Prior art keywords
destination server
identification
hmac
source
key
Prior art date
Application number
PCT/IB2018/050707
Other languages
French (fr)
Inventor
Pratik Sharma
Original Assignee
Pratik Sharma
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pratik Sharma filed Critical Pratik Sharma
Priority to PCT/IB2018/050707 priority Critical patent/WO2019150175A1/en
Publication of WO2019150175A1 publication Critical patent/WO2019150175A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Definitions

  • source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc.
  • source IP Internet Protocol
  • source MAC Media Access Control
  • an identification symbol representing the source machine itself etc.
  • the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc.
  • HMAC keyed-hash message authentication code
  • the source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.
  • HMAC keyed-hash message authentication code
  • the destination server maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
  • HMAC message authentication code
  • identification packet Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet.
  • the destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously.
  • the destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet.
  • HMAC keyed-hash message authentication code

Abstract

Here we have different source machines when booted up send an identification packet to the destination server with information containing source IP address, source MAC address, an identification symbol representing the source machine itself, etc. Also the source machine and the destination server secretly choose a key which is used in generating a HMAC attached to the end of the message forming the data or identification packet by the source machine. The destination server verifies the authentication of the message by matching the HMAC generated by it using the same secret key against the HMAC sent by the source machine as part of the identification or data packet.

Description

Authenticated Packets from Identified Sources
In this invention we have different source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc. In addition to this the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc. The source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.The destination server on the other hand maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
machine(encryption is done by using a private key stored in the text section of the destination server program) as the value in cache or main memory, and an updated copy of the hash map is maintained in persistent storage. This hash map gets populated when identification packets are sent by new source machines that are booted up. The destination server program then generates the keyed-hash
message authentication code (HMAC) by using the secret cryptographic key which is decrypted using a private key stored in the text section of the destination server program to verify data integrity and the authentication of the identification message by matching it against the HMAC sent by the source machine as part of the
identification packet. Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet. The destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously. The destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet.

Claims

Claims
Following is the claim for this invention: -
1> In this invention we have different source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc. In addition to this the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc. The source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.The destination server on the other hand maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
machine(encryption is done by using a private key stored in the text section of the destination server program) as the value in cache or main memory, and an updated copy of the hash map is maintained in persistent storage. This hash map gets populated when identification packets are sent by new source machines that are booted up. The destination server program then generates the keyed-hash
message authentication code (HMAC) by using the secret cryptographic key which is decrypted using a private key stored in the text section of the destination server program to verify data integrity and the authentication of the identification message by matching it against the HMAC sent by the source machine as part of the
identification packet. Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet. The destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously. The destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet. The above novel technique by which authenticated packets are sent by the source machine to the destination server program is the claim for this invention.
PCT/IB2018/050707 2018-02-05 2018-02-05 Authenticated packets from identified sources WO2019150175A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/050707 WO2019150175A1 (en) 2018-02-05 2018-02-05 Authenticated packets from identified sources

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/050707 WO2019150175A1 (en) 2018-02-05 2018-02-05 Authenticated packets from identified sources

Publications (1)

Publication Number Publication Date
WO2019150175A1 true WO2019150175A1 (en) 2019-08-08

Family

ID=67477929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/050707 WO2019150175A1 (en) 2018-02-05 2018-02-05 Authenticated packets from identified sources

Country Status (1)

Country Link
WO (1) WO2019150175A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040199774A1 (en) * 2003-04-07 2004-10-07 Vasileios Zissimopoulos Secure method for roaming keys and certificates

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040199774A1 (en) * 2003-04-07 2004-10-07 Vasileios Zissimopoulos Secure method for roaming keys and certificates

Similar Documents

Publication Publication Date Title
US10652015B2 (en) Confidential communication management
US9985782B2 (en) Network bound decryption with offline encryption
US7996675B2 (en) Host identity protocol method and apparatus
US10263965B2 (en) Encrypted CCNx
US11329835B2 (en) Apparatus and method for authenticating IoT device based on PUF using white-box cryptography
CN101938500B (en) Method and system for verifying source address
CN105025019A (en) Data safety sharing method
US20190268145A1 (en) Systems and Methods for Authenticating Communications Using a Single Message Exchange and Symmetric Key
EP3627763B1 (en) Password authentication using white-box
US10404451B2 (en) Apparatus and method for message communication
CN113347198B (en) ARP message processing method, device, network equipment and storage medium
GB2488753A (en) Encrypted communication
US10764065B2 (en) Admissions control of a device
WO2017008556A1 (en) Authentication method and device for wireless access point and management platform
CN111147236A (en) Encryption and decryption method and system based on RSA and AES
WO2019150175A1 (en) Authenticated packets from identified sources
WO2022174739A1 (en) Message sending method, signature information generating method, and device
WO2018166333A1 (en) Method and device for content verification
WO2021129681A1 (en) Scheduling method and apparatus, and medium and device
CN105122774B (en) Control the write-access to the resource in RELOAD networks
Ohba et al. Definition of master key between pana client and enforcement point
ES2936141T3 (en) Method to create a remote electronic signature using the fido protocol
Jacobs Providing better confidentiality and authentication on the Internet using Namecoin and MinimaLT
JP6549518B2 (en) Proxy device for content delivery network, transfer device, client device and program
JP2011015042A (en) Encryption communication device, encryption communication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18903720

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18903720

Country of ref document: EP

Kind code of ref document: A1