AU2010284792B2 - Method and apparatus for reducing overhead for integrity check of data in wireless communication system - Google Patents
Method and apparatus for reducing overhead for integrity check of data in wireless communication system Download PDFInfo
- Publication number
- AU2010284792B2 AU2010284792B2 AU2010284792A AU2010284792A AU2010284792B2 AU 2010284792 B2 AU2010284792 B2 AU 2010284792B2 AU 2010284792 A AU2010284792 A AU 2010284792A AU 2010284792 A AU2010284792 A AU 2010284792A AU 2010284792 B2 AU2010284792 B2 AU 2010284792B2
- Authority
- AU
- Australia
- Prior art keywords
- message
- key
- terminal
- base station
- icv
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Abstract
A method and an apparatus for reducing overhead for an integrity check of data in a wireless communication system are provided. In the method for reducing overhead of information for an integrity check in a wireless communication system, upon receiving a message, a first integrity check parameter is compared with a second integrity check parameter to detect an integrity error of the message. When the integrity error exists in the message, a frequency of occurrence of the integrity error is counted. When the frequency of occurrence of the integrity error is more than a threshold, a key update procedure is performed. Therefore, the overhead of the information for integrity check may be reduced in the wireless communication system.
Description
METHOD AND APPARATUS FOR REDUCING OVERHEAD FOR INTEGRITY CHECK OF DATA IN WIRELESS COMMUNICATION SYSTEM TECHNICAL FIELD OF THE INVENTION 5 The present invention relates to a method and an apparatus for reducing overhead for integrity check of data in a wireless communication system. More particularly, the present invention relates to an apparatus and a method for reducing overhead caused by a Cipher-based Message Authentication Code (CMAC) added to 10 every control message when authenticating a message using a CMAC, or an overhead caused by an Integrity Check Value (ICV) added to every Medium Access Control (MAC) layer Protocol Data Unit (MPDU) when encrypting MPDU according to an Advanced Encryption Standard (AES)-CTR mode with CBC-MAC (CCM). 15 BACKGROUND OF THE INVENTION A wireless communication system performs a verification and authentication procedure on a terminal in order to provide a service safely. Such an authentication function for a terminal emerges as a basic requirement necessary for stability of a 20 service and stability of a network. For example, the Institute of Electrical and Electronics Engineers (IEEE) 802.16-based wireless communication system recommends a new Privacy Key Management version 2 (PKMv2) in order to provide stronger authentication framework. 25 The PKMv2 supports a Rivest Shamir Adleman (RSA)-based authentication scheme for mutually authenticating a terminal and a base station, and an Extensible Authentication Protocol (EAP)-based authentication scheme for performing authentication of a terminal through an upper authentication protocol. The PKMv2 performs authentication of a terminal, a base station, and a user through various combinations of these authentication 30 schemes. In addition, after mutual authentication between a terminal and a base station is completed in the IEEE 802.16-based wireless communication system, a Message Authentication Code (MAC) is used for authentication of a control message exchanged 35 between the terminal and the base station. After a Traffic Encryption Key (TEK) is generated, an MAC Protocol Data Unit (MPDU) is encrypted in an AES-CCM mode using the TEK. When a message is generated at a base station or a terminal, the MAC is added at the base station and decrypted at the terminal, or added at the terminal and -1 5382057_1 (GHMatters) P89185.AU 14/05/2014 decrypted at the base station in order to verify that the message is not changed by a different base station or terminal. FIG 1 illustrates a format in which an MAC is added to a control message 5 according to the conventional art. As the MAC, either a Cipher based Message Authentication Code (CMAC) or a Keyed-Hash Message Authentication Code (HMAC) may be used. A case where the CMAC is generated and added to a control message is described. 10 Referring to FIG 1, when a control message is generated, a base station or a terminal generates a CMAC 110, adds it to the last portion of the control message 100, and transmits the control message 100 to which the CMAC 110 has been added to a terminal or a base station. When receiving the control message 100 including the CMAC 110, a terminal or a base station in a reception side generates a CMAC in the 15 same way as the base station or terminal in the transmission side and performs an integrity check of the control message by comparing the generated CMAC with the CMAC of the received control message. The CMAC is generated based on Equation (1), as described in IEEE 802.16 standard. CMAC.=Truncate(AES-MAC(CMACKEY_*,AKIDICMACPN_*|STIDIFIDI 20 24-bit zero padding|MACcontrolMessage),64) CMACKEY_UICMAC KEYD=Dot 16KDF(CMAC-TEK prekey, "CMAC KEYS", 256) AKID=Dot 16KDF(AK, 0b0000|PMK SNIAMSID* or MS MAC address |BS ID|"AKID", 64) 25 CMAC-TEK prekey = Dot16KDF (AK, AKCOUNTl"CMAC-TEK prekey", 160) AMSID*=Dot 16KDF(MS MAC address|80-bit zero padding, |NONCEAMS, 48) ............ (1 ) The CMAC is generated by selecting the lower 64 bits (=8 bytes) of 128 bits, 30 which are the result values of AES-CMAC (refer to IETF RFC 4493 or IEEE P802.16m/D7) as in Equation (1). Here, CMACKEY_* is CMAC_KEY for Uplink/Downlink generated from an Authentication Key (AK), CMAC_PN_* is a value that increases by 1 whenever a 35 control message is transmitted, and is a packet number counter value for Uplink/Downlink. STID is an identifier allocated to a relevant terminal, BSID is an identifier of a relevant base station, FID (Flow ID) is an identifier allocated to connection of a relevant terminal, MAC_controlMessage is control message contents -2 5382057_1 (GHMatters) P89185.AU 14/05/2014 to be transmitted, and NONCE_AMS is a random number generated by an AMS during a network entry. Though CMAC generation has been exemplarily described for message authentication in FIG 1, IMAC may be used as a control message. 5 FIG 2 illustrates a format in which an integrity check value is added to an MPDU according to the conventional art. Referring to FIG. 2, when an MPDU including an MAC header 200 and a plaintext payload 210 is generated, the L-byte plaintext payload 210 is encrypted into an 10 encrypted plaintext payload 211 based on an AES-CCM scheme, a Packet Number (PN) 202 is added to a front portion of the encrypted plaintext payload 211, and an 8-byte Integrity Check Value (ICV) is added to a rear portion of the encrypted plaintext payload 211, so that an encrypted MPDU is formed. Consequently, the encrypted MPDU includes the MAC header 200, the PN 202, the encrypted plaintext payload 211, 15 and an Integrity Check Value 220. Therefore, when receiving the encrypted MPDU, a reception side decodes the encrypted MPDU and then determines whether the ICV 220 is valid to check integrity of the MPDU. The 8-byte ICV 220 is generated according to an AES-CCM scheme using a 20 TEK, an MAC header, a PN, and a plaintext payload as inputs. As described above, for integrity check of a control message and an MPDU, an overhead of 8 bytes (that is, 64 bits) is added. The overhead increases in proportion to the number of control messages or the number of MPDUs. This may act as a factor 25 deteriorating system performance. Therefore, an alternative for authentication overhead (i.e., overhead for an integrity check) for a control message and an MPDU in a wireless communication system is required such as to reduce its size. 30 SUMMARY OF THE INVENTION Generally, in an embodiment, the invention is directed at providing a method and an apparatus for reducing the size of authentication overhead used for an integrity 35 check added to a message transmitted in a (wireless) telecommunication system. Such overhead can be said to comprise an integrity check parameter such as a MAC or an ICV -3 5382057_1 (GHMatters) P89185.AU 14/05/2014 Accordingly, in an embodiment, an aspect of the present invention is to provide a method and an apparatus for reducing the size of an MAC for checking integrity of a control message in a wireless communication system. 5 Another aspect of the present invention, in a further embodiment, is to provide a method and an apparatus for reducing the size of an ICV for checking integrity of an MPDU in a wireless communication system. Still another aspect of the present invention, in a still further embodiment, is to 10 provide a method and an apparatus for, when decoding of an MPDU encrypted according to an AES-CCM scheme fails, determining whether the failure is due to non coincidence of a TEK or due to invalidity of an ICV to process the MPDU. In accordance with an aspect of the present invention, there is provided a 15 method of reducing overhead of information comprising an integrity check parameter for an integrity check in a wireless communication system, the method comprising: detecting an integrity check value (ICV) error of a received message; and performing a key update procedure a plurality of times, when reception of messages with the ICV error is detected more than a threshold number of times, 20 wherein performing the key update procedure a first time comprises discarding a first key used for encrypting downlink data, using a second key used for encrypting uplink data as the first key, and deriving a first new key for encrypting uplink data, and wherein performing the key update procedure a second time comprises 25 discarding the second key used for encrypting downlink data, using the first new key for encrypting uplink data as the first key, and deriving a second new key for encrypting uplink data. In accordance with another aspect of the present invention, there is provided an 30 apparatus for reducing overhead of information for integrity check in a wireless communication system, the apparatus comprising: a message authenticator configured to detect an integrity check value (ICV) error of a received message; and a controller configured to perform a key update procedure a plurality of 35 times, when reception of messages with the ICV error is detected more than a threshold number of times, wherein the controller is configured to perform the key update procedure a first time by discarding a first key used for encrypting downlink data, using a -4 5382057_1 (GHMatters) P89185.AU 14/05/2014 second key used for encrypting uplink data as the first key, and deriving a first new key for encrypting uplink data, and wherein the controller is configured to perform the key update procedure a second time by discarding the second key used for encrypting downlink data, using the 5 first new key for encrypting uplink data as the first key, and deriving a second new key for encrypting uplink data. In accordance with still another aspect of the present invention, a method for reducing overhead for a Cipher-based Message Authentication Code (CMAC) of a 10 control message in a wireless communication system is provided. The method includes, upon receiving a control message, comparing a first Pair-wise Master Key (PMK) Sequence Number (SN) used for the control message with a second PMK SN to determine whether the control message is valid, checking whether a CMAC included in the control message is valid, when the CMAC is invalid, counting a frequency of 15 generation of the control message including the invalid CMAC, and when the frequency of generation of the control message including the invalid CMAC is more than a predetermined threshold, updating an AK. In accordance with yet another aspect of the present invention, a method for 20 reducing overhead for an integrity check of a Media Access Control (MAC) Protocol Data Unit (MPDU) in a wireless communication system is provided. The method includes, upon receiving an MPDU, comparing an Encryption Key Sequence (EKS) of a first Traffic Encryption Key (TEK) used for the MPDU with an EKS of a second TEK to determine whether the MPDU is valid, determining whether an Integrity Check Value 25 (ICV) included in the MPDU is valid; when the ICV is invalid, counting a frequency of generation of the MPDU including the invalid ICV, and when the frequency of generation of the MPDU including the invalid ICV is more than a predetermined threshold, updating a TEK. 30 Before presenting the DETAILED DESCRIPTION OF THE INVENTION below, it may be advantageous to set forth definitions of certain words and phrases used throughout this patent document: the terms "include" and "comprise," as well as derivatives thereof, mean inclusion without limitation; the term "or," is inclusive, meaning and/or; the phrases "associated with" and "associated therewith," as well as 35 derivatives thereof, may mean to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, or the like; and the term "controller" means any device, system or part -5 5382057_1 (GHMatters) P89185.AU 14/05/2014 thereof that controls at least one operation, such a device may be implemented in hardware, firmware or software, or some combination of at least two of the same. It should be noted that the functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. Definitions for certain words 5 and phrases are provided throughout this patent document, those of ordinary skill in the art should understand that in many, if not most instances, such definitions apply to prior, as well as future uses of such defined words and phrases. BRIEF DESCRIPTION OF THE DRAWINGS 10 The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings in which: FIG 1 illustrates a message format in which an MAC is added to a control 15 message according to the conventional art; FIG 2 illustrates a format in which an integrity check value ICV is added to an MlPDU according to the conventional art; FIG 3 is a flowchart for reducing overhead for an integrity check of a control message in a wireless communication system according to an exemplary embodiment of 20 the present invention; FIG 4 is a flowchart for reducing overhead for an integrity check of an MPDU encrypted based on an AES-CCM in a wireless communication system according to an exemplary embodiment of the present invention; FIG 5 is a view illustrating a signal flow for updating an encryption key (PMK 25 and AK) when a base station receives a control message from a relevant terminal according to an exemplary embodiment of the present invention; FIG 6 illustrates a signal flow for updating an encryption key (PMK and AK) when a terminal receives a control message from a base station according to an exemplary embodiment of the present invention; 30 FIG 7 illustrates a signal flow for updating an encryption key (TEK or EKS) when a base station receives an MPDU from a relevant terminal according to an exemplary embodiment of the present invention; FIG 8 illustrates a signal flow for updating an encryption key (TEK or EKS) when a base station receives an MPDU from a relevant terminal according to an 35 exemplary embodiment of the present invention; and FIG 9 is a block diagram illustrating an apparatus for reducing an overhead for integrity check of data in a wireless communication system. -6 5382057_1 (GHMatters) P89185.AU 14/05/2014 DETAILED DESCRIPTION OF THE INVENTION FIGURES 3 through 9, discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of 5 illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged communication system. Preferred embodiments of the present invention will be described herein below 10 with reference to the accompanying drawings. In the following description, detailed descriptions of well-known functions or constructions will be omitted since they would obscure the invention in unnecessary detail. Also, the terms used herein are defined according to the functions of the present invention. Thus, the terms may vary depending on user's or operator's intentions or practices. Therefore, the terms used 15 herein should be understood based on the descriptions made herein. Exemplary embodiments of the present invention provide a method and an apparatus for reducing overhead for data integrity in a wireless communication system. More particularly, exemplary embodiments of the present invention provide a method 20 and an apparatus for counting a frequency of generation of an invalid control message and an MPDU, and when the frequency of generation exceeds a predetermined frequency, newly generating an AK or TEK to reduce overhead for an integrity check. FIG 3 is a flowchart for reducing an overhead for integrity check of a control 25 message in a wireless communication system according to an exemplary embodiment of the present invention. Referring to FIG 3, the base station initializes Invalid CMAC COUNTER for counting integrity of a control message received from a terminal to 0 in step 300. 30 The base station receives a control message including a CMAC for integrity check of a control message from the terminal in step 302. The CMAC is generated by the terminal using at least one of CMACKEY, AKID, CMACPN, STID, FID, MACControlMessage information, e.g., as in Equation (1). In the conventional art, 35 the CMAC has a size of 64 bits (8 bytes), but in an exemplary embodiment of the present invention, 32 bits (4 bytes) are used. The base station derives the PMK SN from data included in the received control -7 5382057_1 (GHMatters) P89185.AU 14/05/2014 message and that was used by the terminal to generate the CMAC as added to the control message in step 304. Also in step 304, the base station extracts the CMAC as added to the control message. The AK is derived from Pair-wise Master Key (PMK) 5 The base station compares the PMK SN that was used by the terminal to generate the CMAC added to the control message with a PMK SN negotiated during a mutual authentication procedure to check validity of the control message or AK in step 306. 10 When the control message is invalid in step 306, the base station discards the control message and waits for the next control message or a retransmitted control message in step 308. Also, in another embodiment, the base station may check validity of the control message received from the terminal using the CMAC included in the control message. 15 In contrast, when the received control message is valid, that is, when the PMK SN derived from the received control message and used by the terminal for generating the CMAC as added to the control message is valid in step 306, the base station checks validity of the CMAC added to the control message received from the terminal. In 20 other words, then, the base station checks integrity of the control message received from the relevant terminal by checking whether the CMAC added to the control message received from the terminal is the same as a CMAC generated by the base station. This latter CMAC is generated by the base station based on the content of the received control message using the same calculation as performed earlier by the terminal. 25 When the CMAC added to the control message received from the terminal is the same as the CMAC generated by the base station and is, therefore, valid in step 310, the base station normally, i.e. in accordance with the prior art, processes the received control message and waits for the next control message in step 312. 30 In contrast, in accordance with an embodiment of the invention, when the CMAC included in the control message received from the terminal is not the same as the CMAC generated by the base station and is, therefore, not valid in step 310, the base station counts a frequency of generation of invalid CMACs by increasing 35 InvalidCMAC COUNTER by 1, and discards the received control message in step 314. When the increased InvalidCMAC COUNTER is less than a predetermined threshold in step 316, the base station maintains the AK currently in use and waits for -8 5382057_1 (GHMatters) P89185.AU 14/05/2014 the next control message or a control message to be retransmitted. When the increased InvalidCMAC COUNTER is more than the predetermined threshold in step 316, the base station updates the AK used for generating CMAC in 5 step 318. Detailed description is made with reference to FIGS. 5 and 6. Depending on the embodiment, the PMK from which the AK is derived may be updated. The base station resets InvalidCMAC COUNTER to 0 whenever the AK is updated in step 320. 10 As described above, an exemplary embodiment of the present invention uses a CMAC value of 4 bytes, which is a smaller overhead than that of the conventional art, but counts a generation frequency by which an invalid message passes through an integrity check, and updates a key (AK or PMK) for generating a CMAC depending on 15 a result thereof (for example: when the generation frequency is equal to or greater than 212), so that a required probability of maximum 220 that an invalid message passes through integrity check is met. That is, when a required risk (i.e., the probability that an invalid message passes through an integrity check) is 2 20 and a generation frequency by which an invalid message passes through the integrity check is equal to or greater 20 than 212, a size of CMAC may be equal to or greater than log (threshold/risk) according to a National Institute of Standards and Technology (NIST) standard, so that a required security level may be maintained using only CMAC of 32 bits, that is, 4 bytes. In contrast, the conventional art does not count a generation frequency by which 25 an invalid message passes through the integrity check. Though FIG 3 illustrates the case where a base station receives a control message from a terminal, the foregoing description is applicable to a case where a terminal receives a control message from a base station and where the terminal performs 30 the actions shown in figure 3. FIG 4 is a flowchart for reducing overhead for an integrity check of an MPDU encrypted based on an AES-CCM in a wireless communication system according to an exemplary embodiment of the present invention. AES is a sequence-open type 35 symmetric key encryption scheme replaced by NIST as the next generation international standard code of a Data Encryption Standard (DES). Referring to FIG 4, the base station initializes InvalidTEK COUNTER for -9 5382057_1 (GHMatters) P89185.AU 14/05/2014 counting integrity of an MPDU encrypted using AES-CCM and received from a terminal to 0 in step 400. The base station receives an MPDU including ICV for integrity check from the 5 terminal in step 402. The ICV has been generated by the terminal in a CCM mode using at least one of a TEK, an MAC header, a PN, and a plaintext payload. The base station extracts the TEK used by the terminal to generate the ICV and the ICV from the MPDU received from the terminal in step 404. 10 When the base station checks the EKS for the TEK used for encryption and the EKS is invalid in step 406, the base station allows the terminal to synchronize with the TEK and discards the received MPDU in step 408. To synchronize with the TEK, the base station transmits an InvalidTEK message to the terminal, and the terminal that has 15 received the InvalidTEK message performs key negotiation with the base station to synchronize with a TEK of the base station. A synchronization procedure of a TEK is described with reference to FIGS. 7 and 8. In contrast, when the EKS is valid in step 406, the base station decodes the 20 MPDU received from the relevant terminal to check ICV in step 410. The base station generates a new ICV from the data in the received MPDU in the same way as used by the terminal. The base station checks whether the received ICV is valid from comparing the received ICV from the MPDU with the generated new ICV. 25 When the received ICV and generated ICV are equal the received ICV is valid, and the base station normally processes the MPDU in step 412. In contrast, when the ICV is not valid, the base station counts a generation frequency of invalid ICVs by increasing InvalidTEK COUNTER by 1, and discards the received MPDU in step 414. 30 When the increased InvalidTEK COUNTER is less than a predetermined threshold in step 416, the base station maintains a TEK currently in use and waits for the next MPDU or MPDU to be retransmitted. 35 When the increased InvalidTEK COUNTER is more than the predetermined threshold in step 416, the base station updates a new TEK in step 418. Here, the TEK is updated first by the base station. -10 5382057_1 (GHMatters) P89185.AU 14/05/2014 A TEK update procedure in an environment where a base station receives an MPDU from a terminal is described now. When InvalidTEK COUNTER is equal to or greater than the predetermined threshold, the base station discards an existing downlink encryption key TEKD and replaces the existing downlink encryption key 5 TEKD by an uplink encryption key TEKU (TEKD :=TEK U). In addition, the base station generates a new encryption key TEK using Equation (2) and replaces the uplink encryption key by the new encryption key (TEKU:= new TEK): TEKi=Dot16KDF (CMAC-TEK prekey, SAIDICOUNTERTEK = il "TEK", 10 128) .... (2) Here, CMAC-TEK prekey = Dot16KDF (AK, AK_COUNTl"CMAC-TEK prekey", 160) Here, TEK is generated from CMAC-TEK prekey , which is derived from an 15 AK and has the same lifetime as AK. In addition, a counter COUNTER TEK is increased by 1 whenever a new TEK is generated. Security Association ID (SAID) is an identifier of SA to which TEK corresponds. The terminal and the base station have two TEKs: uplink encryption key TEKU is used when the terminal performs encryption, and downlink encryption key 20 TEKD is used when the base station performs encryption. During decoding, TEK (one of TEKU and TEKD) is used when a transmitter performs decryption. In addition, to expedite a TEK update procedure, the base station transmits a message informing that TEK is not valid to the terminal. 25 At this point, in an embodiment, since the base station continues to use TEK_U or TEKD having a higher risk of exposure, which means some attackers may obtain the TEKs by eavesdropping to reduce a risk of exposure, the base station performs a TEK update procedure one more time after a terminal recognizes TEK update ends 30 during the TEK update procedure, so that the base station discards TEKD having a risk of exposure and generates a new TEK to allow both TEKD and TEKU to get out of an exposure risk. In addition, the base station may perform the TEK update procedure based on a 35 Key agreement process or a reauthentication process. Then, a base station transmits a key agreement MSG#1 message to a terminal to perform a key agreement process. Upper encryption keys such as PMK and AK are -11 5382057_1 (GHMatters) P89185.AU 14/05/2014 updated through the key agreement process, so that TEK update is induced. At this point, since TEKU and TEKD are keys generated from a previous upper encryption key (for example, AK) in the TEK update process, a base station uses TEKU as TEKD and generates a first new TEK to be replaced in place of TEKU. When the 5 terminal recognizes that the TEK update ends, the base station discards TEKD one more time, uses TEK_U, which is now the first new TEK, as TEKD, and generates a second new TEK to be replaced in place of TEKU. Then again, the base station replaces the present TEKD by the present TEK_U, such as to make TEKD equal to the second new TEK. By doing so, the base station discards a TEK having a higher risk 10 of exposure by applying the TEK update process two times. In other words, during a first TEK update process, a first TEKD is replaced by a first TEKU to be come a second TEKD, a previous first TEKD is discarded, a first new TEK is generated and set as a second TEKU. After that, during a second TEK 15 update process, the second TEKD is discarded and replaced by the second TEK_U, and a second new TEK is generated and set as a third TEKU. Meanwhile, during the reauthentication process, a base station transmits an EAP-Transfer message to a terminal to allow the terminal to perform a network 20 reauthentication process. After the reauthentication process ends, the base station discards TEK having a risk of exposure by applying the TEK update process two times by performing the key agreement process. Now, a TEK update procedure in an environment where a terminal receives an 25 MPDU from a base station is described. When the InvalidTEK COUNTER is equal to or greater than a predetermined threshold, the terminal transmits an InvalidTEK message to inform the base station of the result. . When InvalidTEK COUNTER is equal to or greater than the predetermined threshold, the base station discards an existing downlink encryption key TEKD and replaces the existing downlink 30 encryption key TEKD by an uplink encryption key TEKU (TEKD :=TEK U). In addition, the base station generates a new encryption key TEK using Equation (2) and replaces the uplink encryption key by the new encryption key (TEKU.= new TEK). In addition, a counter COUNTERTEK is increased by 1 whenever a new TEK is generated. 35 After that, when recognizing that the MPDU received from the base station is encrypted using TEKU held by the terminal, the terminal transmits a key request (including SAID) message to a base station, and the base station transmits a key reply -12 5382057_1 (GHMatters) P89185.AU 14/05/2014 message (including SAID, PMK, SN, COUNTER TEK) to the terminal. In addition, when COUNTERTEK is updated, the terminal updates TEK. That is, the terminal discards an existing TEKD and replaces an existing TEKD by TEK_U (TEKD :=TEK U). In addition, the terminal generates a new TEK by using Equation 5 (2) as defined above. Moreover, COUNTERTEK is increased by +1 when a new TEK is generated. The base station resets InvalidTEK COUNTER to 0 whenever TEK is updated in step 420. 10 As described above, an exemplary embodiment of the present invention uses ICV of 4 bytes, which is a smaller overhead than that of the conventional art, but counts a generation frequency by which an invalid MPDU passes through an integrity check, and updates TEK for generating an ICV depending on a result thereof (for example: 15 when the generation frequency is equal to or greater than 212), so that the probability 2 20 that an invalid MPDU passes through the integrity check is met. That is, when a required risk is 2 20 and a generation frequency by which an invalid MPDU passes through the integrity check is equal to or greater than 212, a size of ICV may be equal to or greater than log (threshold/risk) according to a NIST standard, so that a security level 20 may be maintained using only an ICV of 32 bits, that is, 4 bytes. In contrast, the conventional art does not count a generation frequency by which an invalid MPDU passes through the integrity check. 25 Though FIG 4 illustrates the case where a base station receives an MPDU from a relevant terminal, the foregoing description is applicable to a case where a terminal receives an MPDU from a relevant base station and where the terminal performs the actions shown in figure 4. 30 FIG 5 illustrates a signal flow for updating an encryption key (PMK and AK) when a base station receives a control message from a relevant terminal according to an exemplary embodiment of the present invention. When the frequency of InvalidCMAC COUNTER becomes equal to or higher 35 than a predetermined frequency in step 500, the base station transmits a Key-agreement MSG#1 message to the terminal in order to update a new encryption key (PMK and AK). -13 5382057_1 (GHMatters) P89185.AU 14/05/2014 When receiving the Keyagreement MSG#1 message in step 510, the terminal transmits a Keyagreement MSG#2 message to the base station. The base station transmits a Keyagreement MSG#3 message to the relevant 5 terminal in response to the Keyagreement MSG#2 in step 520. Therefore, the terminal and the base station share a new encryption key (PMK and AK) between them by exchanging necessary information to update AK or PMIK through Key-agreement messages. Those key agreement messages are used to confirm 10 validity of the new key(PMIK and AK). After successful key agreement the new key can be applied to other control messages and MPDUs. FIG 6 illustrates a signal flow for updating an encryption key (PKM and AK) when a terminal receives a control message from a base station according to an 15 exemplary embodiment of the present invention. When the frequency of InvalidCMAC COUNTER becomes equal to or higher than a predetermined frequency in step 600, the terminal transmits an Invalid CMAC message informing this to the base station. 20 When receiving the Invalid CMAC message in step 610, the base station transmits a Keyagreement MSG#1 message to the relevant terminal in order to update a new encryption key (PMK and AK). 25 When receiving the Keyagreement MSG#1 message in step 620, the terminal transmits a Keyagreement MSG#2 message to the base station. The base station transmits a Keyagreement MSG#3 message to the relevant terminal in response to the Keyagreement MSG#2 in step 630. 30 Therefore, the terminal and the base station share a new encryption key (PKM and AK) between them by exchanging necessary information to update AK or PKM through Key-agreement messages. Those key agreement messages are used to confirm validity of the new key(PMIK and AK). After successful key agreement the new key can 35 be applied to other control messages and MPDUs. FIG 7 illustrates a signal flow for updating an encryption key (TEK) when a base station receives an MPDU from a terminal according to an exemplary embodiment -14 5382057_1 (GHMatters) P89185.AU 14/05/2014 of the present invention. Referring to FIG 7, when EKS is not valid in step 700, the base station transmits an Invalid TEK message to a terminal. 5 The terminal that has received the Invalid TEK message transmits a TEK-REQ message to the base station in step 710. The base station transmits a TEK-RSP message to the terminal in response to 10 the TEK-REQ message in step 720. Therefore, the relevant terminal and the base station use the same TEK between them by sharing information for generating TEK because TEK-REQ notices its associated SA, and its response TEK-RSP replies EKS, PMK SN and 15 COUNTERTEK which ABS maintains about the SA noticed in the TEK-REQ. FIG 8 illustrates a signal flow for updating an encryption key (TEK) when a base station receives an MPDU from a relevant terminal according to an exemplary embodiment of the present invention. 20 Referring to FIG 8, when EKS is not valid in step 800, the terminal transmits a TEK-REQ message to the base station. The base station transmits a TEK-RSP message to the terminal in response to 25 the TEK-REQ message in step 810. Therefore, the relevant terminal and the base station use the same TEK between them by sharing information for generating TEK because TEK-REQ notices its associated SA, and its response TEK-RSP replies EKS, PMK SN and 30 COUNTERTEK which ABS maintains about the SA noticed in the TEK-REQ. FIG 9 is a block diagram illustrating an apparatus (base station or terminal) for reducing overhead for an integrity check of data in a wireless communication system. 35 The block diagram is described according to an operation of a terminal. Referring to FIG 9, the terminal includes a duplexer 900, a receiver 910, a data processor 920, a message authenticator 930, a controller 940, a data generator 950, and a transmitter 960. -15 5382057_1 (GHMatters) P89185.AU 14/05/2014 The duplexer 900 transmits a transmission signal provided by the transmitter 960 via an antenna, and provides a reception signal from the antenna to the receiver 910 according to a duplexing scheme. For example, in the case of using a Time Division 5 Duplexing (TDD) scheme, the duplexer 900 transmits a transmission signal provided by the transmitter 960 via the antenna during a transmission section, and provides a reception signal from the antenna to the receiver 910 during a reception section. The receiver 910 converts a Radio Frequency (RF) signal provided by the 10 duplexer 900 into a baseband signal, and demodulates and decodes the baseband signal. For example, the receiver 910 includes an RF process block, a demodulation block, and a channel-decoding block. The RF process block converts an RF signal received via the antenna into a baseband signal. The demodulation block converts a signal provided by the RF process block into a signal in a frequency domain by performing 15 Fast Fourier Transform (FFT). The channel-decoding block may include a demodulator, a deinterleaver, and a channel decoder. At this point, the receiver 910 receives a signal using an allocated terminal identifier. In addition, the receiver 910 provides control information checked by 20 demodulation and decoding to the controller 940, and provides data to the data processor 920. The data processor 920 detects a packet from data received from the receiver 910. After that, the data processor 920 determines whether the packet is a control 25 message and whether the packet is encrypted using header information of the detected packet. When the packet comprises a control message, the data processor 920 extracts a control message from the relevant packet and transmits the same to the message 30 authenticator 930. When the packet is encrypted, the data processor 920 transmits the relevant packet to a decoder 922. The decoder 922 determines validity of the relevant packet using EKS and ICV of the packet provided by the data processor 920. When EKS is 35 not valid, the controller 940 generates a KEY-REQ message and transmits the same together with authentication information to a base station via the message authenticator 930, and receives a KEY-RSP message from the base station in response to the KEY REQ message to receive information regarding TEK currently used by the base station. -16 5382057_1 (GHMatters) P89185.AU 14/05/2014 Also, when the ICV of the packet is not valid, the decoder 922 counts the number of InvalidTEK COUNTER. When the Invalid TEK COUNTER reaches a predetermined number, the controller 940 generates an Invalid TEK message and 5 transmits the same together with authentication information to the base station via the message authenticator 930, so that the base station updates TEK. When the packet is valid, the decoder 922 decodes the relevant packet to process the packet. The message authenticator 930 determines whether a control message provided 10 by the data processor 920 is valid. At this point, when AKID used for generating CMAC is valid, the message authenticator 930 determines whether the CMAC value is valid. When determining that the CMAC value is not valid, the message authenticator 930 counts the number of InvalidCMAC COUNTER. When the InvalidCMAC COUNTER reaches a predetermined number, the controller 940 generates an Invalid 15 CMAC message and transmits the same together with authentication information to the base station via the message authenticator 930. The base station sends Keyagreement MSG#1 to update an encryption key (that is, PMK and AK) through a key agreement procedure. A control message in which CMAC is valid is transmitted to the controller 940. 20 Also, when receiving control information requiring message authentication from the controller 940, the message authenticator 930 adds a CMAC to the control information to transmit the same to the data generator 950. At this point, the message authenticator 930 generates the CMAC using AK generated using information of a 25 target base station obtained through an EAP. The data generator 950 generates and outputs a packet including control information provided by the message authenticator 930. For example, the data generator 950 generates a packet including an Invalid CMAC message to which a 30 CMAC provided by the message authenticator 930 has been added, and an Invalid TEK message. The transmitter 960 converts data provided by the data generator 950 and control information provided by the controller 940 into an RF signal to transmit the 35 same to the duplexer 900. For example, the transmitter 960 includes a channel-coding block, a modulation block, and an RF process block. The channel-coding block includes a channel encoder, an interleaver, and a modulator. The modulation block converts a signal provided by the modulator into a signal in a time domain by -17 5382057_1 (GHMatters) P89185.AU 14/05/2014 performing Inverse Fast Fourier Transform (IFFT). The RF process block converts a baseband signal provided by the modulation block into an RF signal to transfer the same to the duplexer 900. 5 In the above exemplary embodiment, the controller 940 and the message authenticator 930 are configured independently. In another exemplary embodiment, the controller 940 and the message authenticator 930 may be configured in one module. In general, the functional blocks shown in figure 9 are intended to refer to the explained functionalities only. They may be implemented in less or more blocks and may be 10 organized in different ways than the one shown in figure 9, in software and/or in hardware, as a person skilled in the art will understand. A block diagram is described according to an operation of a base station. Referring to FIG 9, the base station includes a duplexer 900, a receiver 910, a data 15 processor 920, a message authenticator 930, a controller 940, a data generator 950, and a transmitter 960. The duplexer 900 transmits a transmission signal provided by the transmitter 960 via an antenna, and provides a reception signal from the antenna to the receiver 910 20 according to a duplexing scheme. For example, in the case of using a Time Division Duplexing (TDD) scheme, the duplexer 900 transmits a transmission signal provided by the transmitter 960 via the antenna during a transmission section, and provides a reception signal from the antenna to the receiver 910 during a reception section. 25 The receiver 910 converts a Radio Frequency (RF) signal provided by the duplexer 900 into a baseband signal, and demodulates and decodes the baseband signal. For example, the receiver 910 includes an RF process block, a demodulation block, and a channel-decoding block. The RF process block converts an RF signal received via the antenna into a baseband signal. The demodulation block converts a signal 30 provided by the RF process block into a signal in a frequency domain by performing Fast Fourier Transform (FFT). The channel-decoding block may include a demodulator, a deinterleaver, and a channel decoder. At this point, the receiver 910 receives a signal of a relevant mobile station 35 using a used mobile station identifier. In addition, the receiver 910 provides control information checked by demodulation and decoding to the controller 940, and provides data to the data processor 920. -18 5382057_1 (GHMatters) P89185.AU 14/05/2014 The data processor 920 detects a packet from data received from the receiver 910. After that, the data processor 920 determines whether the packet is a control message and whether the packet is encrypted using header information of the detected packet. 5 When the packet comprises a control message, the data processor 920 extracts a control message from the relevant packet and transmits the same to the message authenticator 930. 10 When the packet is encrypted, the data processor 920 transmits the relevant packet to a decoder 922. The decoder 922 determines validity of the relevant packet using EKS and ICV of the packet provided by the data processor 920. When EKS is not valid, the controller 940 generates a KEY-REQ challenge message and transmits the same together with authentication information to a terminal via the message 15 authenticator 930, and receives a KEY-REQ message from the terminal in response to the KEY-REQ challenge message to transmit information regarding TEK currently in use to the terminal through a KEY-RSP message in response to the KEY-REQ message. Also, when the ICV of the packet is not valid, the decoder 922 counts the 20 number of InvalidTEK COUNTER. When the InvalidTEK COUNTER reaches a predetermined number, the controller 940 updates TEK. In contrast, when the packet is valid, the decoder 922 decodes the relevant packet to process the packet. The message authenticator 930 determines whether a control message provided 25 by the data processor 920 is valid. At this point, when AKID used for generating CMAC is valid, the message authenticator 930 determines whether the CMAC value is valid. When determining that the CMAC value is not valid, the message authenticator 930 counts the number of InvalidCMAC COUNTER. When the InvalidCMAC COUNTER reaches a predetermined number, the message authenticator 930 generates a 30 Keyagreement MSG#1 message through the controller 940, transmits the same together with authentication information to the terminal via the message authenticator 930, and updates encryption keys (that is, PKM and AK) through a key agreement procedure. A control message in which CMAC is valid is transmitted to the controller 940. 35 Also, when receiving control information requiring message authentication from the controller 940, the message authenticator 930 adds a CMAC to the control information to transmit the same to the data generator 950. At this point, the message -19 5382057_1 (GHMatters) P89185.AU 14/05/2014 authenticator 930 generates the CMAC using AK generated using information of the base station obtained through an EAP. The data generator 950 generates and outputs a packet including control 5 information provided by the message authenticator 930. For example, the data generator 950 generates a packet including a key agreement MSG#1 to which a CMAC provided by the message authenticator 930 has been added. The transmitter 960 converts data provided by the data generator 950 and 10 control information provided by the controller 940 into an RF signal to transmit the same to the duplexer 900. For example, the transmitter 960 includes a channel-coding block, a modulation block, and an RF process block. The channel-coding block includes a channel encoder, an interleaver, and a modulator. The modulation block converts a signal provided by the modulator into a signal in a time domain by 15 performing Inverse Fast Fourier Transform (IFFT). The RF process block converts a baseband signal provided by the modulation block into an RF signal to transfer the same to the duplexer 900. In the above exemplary embodiment, the controller 940 and the message 20 authenticator 930 are configured independently. In another exemplary embodiment, the controller 940 and the message authenticator 930 may be configured in one module. In general, the functional blocks shown in figure 9 are intended to refer to the explained functionalities only. They may be implemented in less or more blocks and may be organized in different ways than the one shown in figure 9, in software and/or in 25 hardware, as a person skilled in the art will understand. Although the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the 30 spirit and scope of the invention as defined by the appended claims and their equivalents. Therefore, the scope of the present invention should not be limited to the above-described embodiments but should be determined not only by the appended claims but also by the technical equivalents thereof 35 As described above, a wireless communication system performs integrity check for a control message or an MPDU, and then counts the number of generations of invalidness, i.e. the frequency of occurrence of integrity errors, and changes an AK or an encryption key TEK before the number of such generations reaches a security danger -20 5382057_1 (GHMatters) P89185.AU 14/05/2014 level, so that a predetermined security level may be maintained even when a smaller CMAC/HMAC or ICV than in the conventional art is used. As will be evident to persons skilled in the art, other integrity check parameters than CMAC/HMAC or ICV may be used in relation to (other types) of control messages or MPDUs. 5 -21 5382057_1 (GHMatters) P89185.AU 14/05/2014
Claims (29)
1. A method of reducing overhead of information comprising an integrity check parameter for an integrity check in a wireless communication 5 system, the method comprising: detecting an integrity check value (ICV) error of a received message; and performing a key update procedure a plurality of times, when reception of messages with the ICV error is detected more than a threshold number of times, wherein performing the key update procedure a first time comprises 10 discarding a first key used for encrypting downlink data, using a second key used for encrypting uplink data as the first key, and deriving a first new key for encrypting uplink data, and wherein performing the key update procedure a second time comprises discarding the second key used for encrypting downlink data, using the first new 15 key for encrypting uplink data as the first key, and deriving a second new key for encrypting uplink data.
2. The method of claim 1, wherein the first key comprises one of an Authorization Key (AK) and a Traffic Encryption Key (TEK). 20
3. The method of claim 1, wherein the message comprises one of a control message and an Medium Access Control (MAC) Protocol Data Unit (MPDU). 25
4. The method of claim 1, wherein detecting an integrity check value (ICV) error of a received message comprises detecting an ICV error of the message by comparing a first ICV with a second ICV, and wherein the first and second ICVs comprise one of a Cipher-based Message Authentication Code (CMAC) and an Integrity Check Value (ICV) based 30 on an Advanced Encryption Standard-Counter with Cipher Block Chaining (CBC)-MAC (AES-CCM).
5. The method of claim 1, further comprising, when the ICV error is detected, discarding the corresponding received message. 35
6. The method of claim 1, further comprising receiving a next message using the first and second new keys. -22 5382057_1 (GHMatters) P89185.AU 14/05/2014
7. The method of claim 4, wherein the first ICV comprises a value included in the message, and the second ICV comprises a value derived from the first key. 5
8. The method of claim 1, wherein performing the key update procedure the first time further comprises, when a base station receives the message from a terminal, transmitting, at the base station, a notification message indicating that current keys are invalid to the terminal. 10
9. The method of claim 1, wherein performing the key update procedure the first time further comprises, when a terminal receives the message from a base station: receiving, at the base station, a notification message from the terminal indicating that current keys are invalid. 15
10. The method of claim 1, further comprising: determining, at a base station, whether an Encryption Key Sequence (EKS) for the first and second keys is synchronized; when the EKS is not synchronized, transmitting, at the base station, a 20 TEKInvalid message to a terminal; receiving, at the base station, a TEKRequest message transmitted from the terminal in response to the TEKInvalid message; and in response to the TEK Request message, transmitting, at the base station, a TEK reply message to the terminal. 25
11. The method of claim 10, wherein the TEK Request message is transmitted from the terminal, when the terminal recognizes that a MPDU received from the base station is encrypted using an uplink TEK held by the terminal. 30
12. The method of claim 10, wherein the TEKreply message comprises at least one of a Security Association Identifier (SAID), an Encryption Key sequence number (SN) and a COUNTERTEK. 35
13. The method of claim 1, wherein the first key is updated based on a key agreement algorithm.
14. The method of claim 1, further comprising: -23 5382057_1 (GHMatters) P89185.AU 14/05/2014 determining whether the first key is valid; and when the first key is invalid, discarding the corresponding message.
15. An apparatus for reducing overhead of information for 5 integrity check in a wireless communication system, the apparatus comprising: a message authenticator configured to detect an integrity check value (ICV) error of a received message; and a controller configured to perform a key update procedure a plurality of times, when reception of messages with the ICV error is detected more than a 10 threshold number of times, wherein the controller is configured to perform the key update procedure a first time by discarding a first key used for encrypting downlink data, using a second key used for encrypting uplink data as the first key, and deriving a first new key for encrypting uplink data, and 15 wherein the controller is configured to perform the key update procedure a second time by discarding the second key used for encrypting downlink data, using the first new key for encrypting uplink data as the first key, and deriving a second new key for encrypting uplink data. 20
16. The apparatus of claim 15, wherein the first key comprises one of an Authorization Key (AK) and a Traffic Encryption Key (TEK).
17. The apparatus of claim 15, wherein the message comprises one of a control message and a Medium Access Control (MAC) Protocol Data Unit 25 (MPDU).
18. The apparatus of claim 15, wherein the message authenticator is configured to detect the ICV error of the received message by comparing a first ICV with a second ICV, and 30 wherein the first and second ICVs comprise one of a Cipher-based Message Authentication Code (CMAC) and an Integrity Check Value ICV) based on an Advanced Encryption Standard-Counter with Cipher Block Chaining (CBC)-MAC (AES-CCM). 35
19. The apparatus of claim 15, wherein when the ICV error is detected, the controller discards the corresponding received message.
20. The apparatus of claim 15, wherein the controller receives a next -24 5382057_1 (GHMatters) P89185.AU 14/05/2014 message using the first and second new keys.
21. The apparatus of claim 18, wherein the first ICV comprises a value included in the received message, and the second ICV comprises a value 5 derived from the first key.
22. The apparatus of claim 15, wherein when a base station receives the message from a terminal, the controller transmits a notification message indicating that current keys are not valid to the terminal. 10
23. The apparatus of claim 15, wherein when a base station receives the message from a terminal, the controller is configured to perform the key update procedure. 15
24. The apparatus of claim 15, wherein when a terminal receives the message from a base station, the controller receives a notification message from the terminal indicating that current keys are not valid.
25. The apparatus of claim 15, wherein the controller is further 20 configured to: determine whether Encryption Key Sequence (EKS) for the first and second keys is synchronized, when the EKS is not synchronized, configured to transmit a TEKInvalid message to a terminal, 25 configured to receive a TEK Request message transmitted from the terminal in response to the TEKInvalid message, and in response to the TEK Request message, configured to transmit a TEK reply message to the terminal. 30
26. The apparatus of claim 25, wherein the TEK Request message is transmitted from the terminal, when the terminal recognizes that a MPDU received from the base station is encrypted using an uplink TEK held by the terminal. 35
27. The apparatus of claim 25, wherein the TEKreply message comprises at least one of a Security Association Identifier (SAID), an Encryption Key sequence number (SN) and a COUNTERTEK. -25 5382057_1 (GHMatters) P89185.AU 14/05/2014
28. The apparatus of claim 15, wherein the first key is updated based on a key agreement algorithm.
29. The apparatus of claim 15, wherein the controller is further 5 configured to determine whether the first key is valid, and to discard the message when the first key is invalid. -26 5382057_1 (GHMatters) P89185.AU 14/05/2014
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR20090077039 | 2009-08-20 | ||
| KR10-2009-0077039 | 2009-08-20 | ||
| KR10-2010-0020566 | 2010-03-08 | ||
| KR1020100020566A KR101759191B1 (en) | 2009-08-20 | 2010-03-08 | Method and apparatus for reducing overhead for integrity check of data in wireless communication system |
| PCT/KR2010/005527 WO2011021883A2 (en) | 2009-08-20 | 2010-08-20 | Method and apparatus for reducing overhead for integrity check of data in wireless communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2010284792A1 AU2010284792A1 (en) | 2012-02-02 |
| AU2010284792B2 true AU2010284792B2 (en) | 2014-07-03 |
Family
ID=43776957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2010284792A Ceased AU2010284792B2 (en) | 2009-08-20 | 2010-08-20 | Method and apparatus for reducing overhead for integrity check of data in wireless communication system |
Country Status (8)
| Country | Link |
|---|---|
| JP (2) | JP2011045064A (en) |
| KR (1) | KR101759191B1 (en) |
| CN (1) | CN101998393A (en) |
| AU (1) | AU2010284792B2 (en) |
| BR (1) | BR112012003848B1 (en) |
| MY (1) | MY162255A (en) |
| RU (1) | RU2509445C2 (en) |
| TW (1) | TW201119423A (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101029969B1 (en) * | 2009-12-24 | 2011-04-19 | 고려대학교 산학협력단 | Apparatus and method for selective encryption of multimedia data, method for ensuring integrity and confidentiality of multimedia data, and recording medium thereof |
| KR102059079B1 (en) | 2011-12-23 | 2020-02-12 | 삼성전자주식회사 | Method and system for secured communication of control information in a wireless network environment |
| EP3621334B1 (en) * | 2012-07-24 | 2022-05-04 | Huawei Technologies Co., Ltd. | Counter check and reconfiguration method, apparatus, and system |
| KR102183958B1 (en) * | 2015-11-23 | 2020-11-27 | 에스케이텔레콤 주식회사 | Method and apparatus for controlling data transmission |
| JP6825296B2 (en) * | 2016-10-11 | 2021-02-03 | 富士通株式会社 | Edge server and its encrypted communication control method |
| CN110831062B (en) | 2018-08-10 | 2022-02-25 | 华为技术有限公司 | Communication method and related equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090181643A1 (en) * | 2008-01-14 | 2009-07-16 | Telefonaktiebolaget Lm Ericsson ( Publ) | Integrity check failure detection and recovery in radio communications system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002060150A2 (en) * | 2001-01-24 | 2002-08-01 | Broadcom Corporation | Method for processing multiple security policies applied to a data packet structure |
| US20030091048A1 (en) * | 2001-11-13 | 2003-05-15 | Jiang Sam Shiaw-Shiang | Detection of ciphering parameter unsynchronization in a RLC entity |
| CA2454983A1 (en) * | 2004-01-07 | 2005-07-07 | Jean Beaucage | System for high-speed applications over serial multi-drop communication networks |
| KR100704675B1 (en) * | 2005-03-09 | 2007-04-06 | 한국전자통신연구원 | authentication method and key generating method in wireless portable internet system |
| US7724899B2 (en) * | 2005-12-07 | 2010-05-25 | Electronics And Telecommunications Research Insitute | Method for controlling security channel in MAC security network and terminal using the same |
| US20080044012A1 (en) * | 2006-08-15 | 2008-02-21 | Nokia Corporation | Reducing Security Protocol Overhead In Low Data Rate Applications Over A Wireless Link |
| US9225518B2 (en) * | 2006-12-08 | 2015-12-29 | Alcatel Lucent | Method of providing fresh keys for message authentication |
| JP2009188751A (en) * | 2008-02-06 | 2009-08-20 | Fujitsu Ltd | Encryption and decryption method, transmission device, and reception device in radio communication system |
-
2010
- 2010-03-08 KR KR1020100020566A patent/KR101759191B1/en active IP Right Grant
- 2010-08-19 JP JP2010183804A patent/JP2011045064A/en active Pending
- 2010-08-19 TW TW099127775A patent/TW201119423A/en unknown
- 2010-08-20 MY MYPI2012000221A patent/MY162255A/en unknown
- 2010-08-20 BR BR112012003848-6A patent/BR112012003848B1/en active IP Right Grant
- 2010-08-20 CN CN2010102603683A patent/CN101998393A/en active Pending
- 2010-08-20 RU RU2012105929/08A patent/RU2509445C2/en active
- 2010-08-20 AU AU2010284792A patent/AU2010284792B2/en not_active Ceased
-
2015
- 2015-01-26 JP JP2015012812A patent/JP2015122764A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090181643A1 (en) * | 2008-01-14 | 2009-07-16 | Telefonaktiebolaget Lm Ericsson ( Publ) | Integrity check failure detection and recovery in radio communications system |
Also Published As
| Publication number | Publication date |
|---|---|
| RU2012105929A (en) | 2013-08-27 |
| RU2509445C2 (en) | 2014-03-10 |
| TW201119423A (en) | 2011-06-01 |
| KR101759191B1 (en) | 2017-07-19 |
| JP2011045064A (en) | 2011-03-03 |
| CN101998393A (en) | 2011-03-30 |
| AU2010284792A1 (en) | 2012-02-02 |
| MY162255A (en) | 2017-05-31 |
| BR112012003848A2 (en) | 2016-03-22 |
| JP2015122764A (en) | 2015-07-02 |
| BR112012003848B1 (en) | 2021-06-08 |
| KR20110019694A (en) | 2011-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2288195B1 (en) | Method and apparatus for operating a base station in a wireless communication system | |
| US8627092B2 (en) | Asymmetric cryptography for wireless systems | |
| JP5422835B2 (en) | Network access authentication and authorization method, and authorization key update method | |
| US11617082B2 (en) | Methods providing NAS connection identifications and related wireless terminals and network nodes | |
| US20090274302A1 (en) | Method for deriving traffic encryption key | |
| CN108880813B (en) | Method and device for realizing attachment process | |
| US20090240944A1 (en) | Generation method and update method of authorization key for mobile communication | |
| AU2010284792B2 (en) | Method and apparatus for reducing overhead for integrity check of data in wireless communication system | |
| US20090307483A1 (en) | Method and system for providing a mesh key | |
| WO2007059558A1 (en) | Wireless protocol for privacy and authentication | |
| WO2009132598A1 (en) | Method for deriving traffic encryption key | |
| CN101405987A (en) | Asymmetric cryptography for wireless systems | |
| WO2006136090A1 (en) | A method for preventing the replay attack and a method for ensuring the non-repetition of the message sequence number | |
| KR102205625B1 (en) | Security of ciphering and integrity protection | |
| EP3745756B1 (en) | Methods providing security for multiple nas connections using separate counts and related network nodes and wireless terminals | |
| WO2010094206A1 (en) | Method for link security authentication in wireless relay networks, device and system thereof | |
| CN101610511A (en) | The guard method of terminal privacy and device | |
| US9794072B2 (en) | Certificate exchange mechanism for wireless networking | |
| KR20070108038A (en) | Authentication method using privacy key management protocol in wireless broadband internet system and thereof system | |
| US9071964B2 (en) | Method and apparatus for authenticating a digital certificate status and authorization credentials | |
| Aikaterini | Security of IEEE 802.16 | |
| WO2012112124A1 (en) | Communication terminal and method for performing communication | |
| KR20100026722A (en) | Apparatus and method for reduction of encryption overhead in wireless access system | |
| KR20110041963A (en) | Method and system for encryption in wireless communicaton system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |