CN101073221B - Method of distributing keys over EPON - Google Patents

Method of distributing keys over EPON Download PDF

Info

Publication number
CN101073221B
CN101073221B CN2005800419669A CN200580041966A CN101073221B CN 101073221 B CN101073221 B CN 101073221B CN 2005800419669 A CN2005800419669 A CN 2005800419669A CN 200580041966 A CN200580041966 A CN 200580041966A CN 101073221 B CN101073221 B CN 101073221B
Authority
CN
China
Prior art keywords
key
olt
onu
random value
frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2005800419669A
Other languages
Chinese (zh)
Other versions
CN101073221A (en
Inventor
殷知淑
韩景洙
俞泰皖
权栗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020050103791A external-priority patent/KR100809393B1/en
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority claimed from PCT/KR2005/004168 external-priority patent/WO2006062345A1/en
Publication of CN101073221A publication Critical patent/CN101073221A/en
Application granted granted Critical
Publication of CN101073221B publication Critical patent/CN101073221B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0227Operation, administration, maintenance or provisioning [OAMP] of WDM networks, e.g. media access, routing or wavelength allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided is a key distribution method of applying link security technology to an Ethernet passive optical network (EPON). An optical line terminal (OLT) and an optical network unit (ONU) respectively generate first random values and exchange the first random values with each other. The OLT and the ONU generate a pairwise master key (PMK) based on the exchanged first random values and a pre-distributed master key using a hash function. The OLT and the ONU respectively generate second random values and exchange the second random values with each other. The OLT and the ONU generate a temporary key based on the exchanged second random values, respective media access control (MAC) addresses of the OLT and the ONU, and the PMK using the hash function. Therefore, keys can be safely distributed over the EPON without using a separate secure channel.

Description

The method of distributed key on Ethernet passive optical network
Technical field
The present invention relates to cryptographic key distribution method, and more specifically, relate at Ethernet passive optical network (EPON) and go up distributed key and the method for channel safe in utilization not.
Background technology
When entity A on the communication network when entity B transmits message, unauthorized user is addressable and use the message that just is being transmitted.If there is such risk, then must uses and encrypt, to guarantee the fail safe of message.Usually, the encryption technology that is used for fail safe is divided into symmetric key encryption technology and public key encryption technology.These two encryption technologies are used very different cryptographic algorithm, and distributed key in a different manner.
In the symmetric key encryption technology, being used for encrypted secret key is the same with the key that is used to decipher.For example, if entity A is used key K CCome message encryption, then entity B must be used key K CCome decrypt messages from the entity A reception.The cryptographic algorithm of using in the symmetric key encryption technology comprises data encryption standard (DES) algorithm and Advanced Encryption Standard (AES) algorithm, and they use 56 and 128 bit cipher key lengths respectively.
Longer key length brings stronger fail safe, but causes the longer Message Processing time.Under the situation of current treatment technology, 128 or bigger key length are enough for the symmetric key encryption technology.Because can use symmetric key algorithm to come message is encrypted apace or deciphered, so it is used to the information security in most of encrypting modules.
Yet, because need every pair of entity of intercommunication mutually must have identical unique key, so, if on communication network, there be N entity, need N (N-1)/2 key.And, in communication network, need to be used for the KDC of distributed key.KDC gives the key distribution of first entity and wants by next second entity of communicating by letter with first entity of predetermined safe channel.In addition, because must periodically replace key, the cost of distributed key has increased.
In public key encryption technology, being used for encrypted secret key is different with the key that is used to decipher.For example, if entity A is used key K PCome message encryption, then entity B should be used Rivest-Shamir-Adleman (RSA) algorithm, uses key K P' come the decrypt messages from the entity A reception.Here, entity A is created key K PAnd K P', and on communication network, announce key K to other entities PThereby the entity of wanting to communicate by letter with entity A uses key K PCome encrypting messages, and the message after will encrypting sends entity A to.
Key K PAnd K P' as unique to and exist.Even announced key K P, but on calculating, can not determine key K P'.Different with the symmetric key encryption technology, in public key encryption technology, each entity needs two keys, and distributed key K PDo not need safe lane.Thus, easier distributed key, and can reduce the number of the key that will in communication network, distribute.
Yet, need 1024 or bigger key length to guarantee to use the fail safe of the message that RSA Algorithm encrypts.Therefore, it consumes and uses RSA Algorithm to encrypt or decrypt for a long time.Thus, RSA Algorithm is difficult to be used as the information security algorithm in the communication network.
Need encrypting module and key management module on network layer, to adopt security technique.Encrypting module uses cryptographic algorithm to come message encryption.Encrypting module uses symmetric key encryption technology or public key encryption technology, comes message encryption so that the key that is provided by key management module to be provided.The key management module management will be provided for the key of encrypting module.Key management relate to key establishment, storage, distribution, upgrade and abandon.When using the symmetric key encryption technology, KDC's channel safe in utilization comes distributed key.When using public key encryption technology, come distributed key by non-safe lane.
Summary of the invention
Technical problem
The invention provides a kind of on Ethernet passive optical network (EPON) distributed key and the method for channel safe in utilization not safely, this method is applied to data link layer.
Technical scheme
According to an aspect of the present invention, provide that a kind of distributed key is to generate the method for clean culture safe lane on EPON, this method comprises: exchange is respectively by first random value of OLT and ONU generation between light terminal (OLT) and optical network unit (ONU); Based on the master key of first random value that is exchanged and pre-distribution, use ha sh (hash) function to generate pairwise master key (PMK); Second random value that exchange is generated by OLT and ONU respectively between OLT and ONU; And, use the hash function to generate temporary key based on second random value, OLT and the ONU that are exchanged media interviews control (MAC) address and PMK separately.
According to a further aspect in the invention, provide that a kind of distributed key is to generate the method for broadcast safe channel on EPON, this method comprises: will be transferred to ONU by first random value that OLT generates; Based on the master key of first random value that is transmitted and pre-distribution, use the hash function to generate PMK; To send ONU to by second random value that OLT generates; And, use the hash function to generate temporary key based on MAC Address and the PMK of second random value, OLT and the ONU that are transmitted.
Thereby, can be on EPON distributed key safely, and do not use independent safe lane.
Beneficial effect
As mentioned above, for internet security cryptographic key distribution method according to the present invention is applied to EPON.Thus, can use the key management module in each of the OLT of EPON and ONU to distribute the key that uses by encrypting module safely and effectively.The concrete effect of cryptographic key distribution method is as follows according to an embodiment of the invention.
At first, because used PRF, so do not need the independent safe lane that is used for key distribution.PRF is known unidirectional nothing conflict hash function.When output valve was set to larger than 160, PRF was stable on cryptography.The present invention advises using the cryptographic key distribution method of PRF, avoids the direct cipher key delivery on the channel thus.Because do not need independent safe lane, so can reduce the complexity of key management module.
The second, used slow agreement (slow protocol).Slow agreement is used the mac frame in the data link layer.Thereby, use the present invention of slow agreement not allow the key management frame to be intercepted by the assailant of EPON outside.Because can not be at the outside intercepting of EPON key management frame, so it is safe in EPON.In addition, slow agreement is restricted to 10 with the maximum number of the transmissible frame of per second, and frame length is restricted to 128 bytes.Thereby frame transmits the flow that can not influence among the EPON.
The 3rd, use simple relatively agreement to come distributed key.The present invention uses IKMP to come distributed key, and comprises five processes: request key updating, response key update request, request key verification, response key check request and affirmation key verification.Because the information that comprises in the frame that will transmit is made up of the simple algorithm with simple input and output value, so can simplify protocol complexities.
At last but be not least important, the present invention is scalable.In other words, when the data link layer that security technique is applied in the general networking, key management module can be independent of the cryptographic algorithm of encrypting module and use the present invention.When device being installed and be provided with master key (master key) on network, come automatic distributed key according to key distribution step (procedure).For applying the present invention to have the shared Local Area Network of network configuration, need act as the central control unit of KDC, as OLT.
Although specifically illustrate and described the present invention with reference to example embodiment of the present invention, it will be understood by those skilled in the art that and to carry out the change of various forms and details therein, and can not break away from the spirit and scope of the present invention that define by claims.
Description of drawings
Describe example embodiment of the present invention in detail by the reference accompanying drawing, above-mentioned and other feature and advantage of the present invention will become clearer, in the accompanying drawing:
Fig. 1 illustrates the block diagram that the structure of using Ethernet passive optical network of the present invention (EPON) is shown;
Fig. 2 be diagram according to embodiments of the invention, on EPON the flow chart of the method for distributed key;
Fig. 3 illustrates the structure of traditional media interviews control (MAC) frame that uses in data link layer;
Fig. 4 illustrates according to embodiments of the invention, be used to distribute and the structure of the mac frame of managing keys;
Fig. 5 illustrates the structure of message key management frames according to an embodiment of the invention;
Fig. 6 A and Fig. 6 B illustrate according to embodiments of the invention, be used to ask the structure of the key management frame of key updating;
Fig. 7 A and Fig. 7 B illustrate according to embodiments of the invention, are used for the structure of the key management frame of response key update request;
Fig. 8 illustrates according to embodiments of the invention, be used to ask the structure of the key management frame of key verification;
Fig. 9 illustrates according to embodiments of the invention, is used for the structure of the key management frame of response key check request;
Figure 10 illustrates according to embodiments of the invention, be used to confirm the structure of the key management frame of key verification;
Figure 11 illustrates the step state in the cryptographic key distribution method according to an embodiment of the invention;
Figure 12 is the diagram flow chart of key updating method according to an embodiment of the invention; And
Figure 13 is the flow chart of diagram key updating method according to another embodiment of the present invention.
Embodiment
According to an aspect of the present invention, provide that a kind of distributed key is to generate the method for clean culture safe lane on EPON, this method comprises: exchange is respectively by first random value of OLT and ONU generation between light terminal (OLT) and optical network unit (ONU); Based on the master key of first random value that is exchanged and pre-distribution, use the hash function to generate pairwise master key (PMK); Second random value that exchange is generated by OLT and ONU respectively between OLT and ONU; And, use the hash function to generate temporary key based on second random value, OLT and the ONU that are exchanged media interviews control (MAC) address and PMK separately.
According to a further aspect in the invention, provide that a kind of distributed key is to generate the method for broadcast safe channel on EPON, this method comprises: will be transferred to ONU by first random value that OLT generates; Based on the master key of first random value that is transmitted and pre-distribution, use the hash function to generate PMK; To send ONU to by second random value that OLT generates; And, use the hash function to generate temporary key based on MAC Address and the PMK of second random value, OLT and the ONU that are transmitted.
Thereby, can be on EPON distributed key safely, and do not use independent safe lane.
More completely describe the present invention now with reference to accompanying drawing, example embodiment of the present invention has been shown in the accompanying drawing.Yet the present invention can realize with many different forms, and should not be understood that to be confined to embodiment set forth herein; More accurately, provide these embodiment,, and pass on notion of the present invention fully to those skilled in the art so that this is thoroughly open and complete.
Fig. 1 is the block diagram that the structure of Ethernet passive optical network of the present invention (EPON) is used in diagram.EPON has the tree structure of point-to-multipoint (P2MP).If the asymmetric-key encryption technology is applied to EPON, then can guarantee the operation faster of encrypting module, but the complexity of key distribution is inevitable.
Yet EPON does not have network configuration.In logic, although it physically has the P2MP structure, structure that EPON has point-to-point (P2P).In other words, all optical network units (ONU) 110 to 11N are connected to single light terminal (OLT) 100.Thereby, unnecessary as needed in the symmetric key encryption technology, distribute a plurality of keys to each entity.
That is to say that ONU110 each in the 11N only needs a key to communicate by letter with OLT 100.When ONU 110 communicates by letter with another ONU 112, because the data that transmitted must be passed through OLT 100, so two ONU110 use identical key with 112.The security technique that will use in EPON is applied to data link layer.
Thereby even when using the symmetric key encryption technology in EPON, the number of encrypting required key is also identical with the number that next channel of communicating by letter with OLT 100 is set by ONU 110 to 11N.Therefore, the number of the approaching key of when using public key encryption technology, distributing of the number of required key in the symmetric key encryption technology.On EPON, OLT 100 can pass through control procedure, comes each distributed key in the 11N to ONU110.
On EPON, broadcasting is from the OLT 100 descending data (hereinafter, being called " downlink data ") that are sent to ONU110 to 11N, and clean culture is sent to the upstream data (hereinafter, being called " upstream data ") of OLT from ONU110 to 11N.
Even, in fact also have no idea to prevent that downlink data is broadcasted when when single target transmits downlink data.Thereby downlink data may be transmitted to ONU that do not expect or undelegated.This is the place that needs fail safe to protect message or prevent unauthorized user visit and use the data on the EPON.
For security technique is applied to EPON, needs the encrypting module of encrypting messages and the key management module of key is provided to this encrypting module.Cryptographic key distribution method is the link security technology that is applied to data link layer according to an embodiment of the invention.In addition, use cryptographic key distribution method by key management module.When realizing link security on EPON, key management module can be used cryptographic key distribution method.
OLT 100 generates the key that will be provided for encrypting module, and the key distribution that is generated is arrived 11N to ONU110, and perhaps, ONU110 generates the key that will be provided for encrypting module to 11N, and gives OLT 100 with the key distribution that is generated.For fail safe, be updated periodically the key that is generated, and need be used for this cryptographic key distribution method.Must use possible, safest cryptographic key distribution method to come distributed key.
The safe lane that provides by encrypting module can be provided or use the independent safe lane of creating by key management module to come distributed key.Yet, when the safe lane that provides by encrypting module has been provided, if encrypting module is operation in one direction only, promptly, if to the data encryption that transmits to 11N to ONU110 from OLT 100 and the not data encryption to transmitting to OLT 100 from ONU 110 to 11N, then key management module must be created independent safe lane.
Yet if key management module is created independent safe lane, it must comprise and use module cryptographic algorithm, that be similar to encrypting module, and with those keys that provide by encrypting module managing keys separately.Thereby it is quite complicated that key management becomes.
The best bet of avoiding this problem is safe lane not to be used for key distribution.Consider this point, the present invention proposes on EPON distributed key safely and do not use the method for independent safe lane.
Fig. 2 be diagram according to embodiments of the invention, on EPON the flow chart of the method for distributed key.With reference to Fig. 2, OLT generates the first random value Anonce, and this first random value Anonce is sent to ONU, and ONU also generates the first random value Bnonce, and sends this first random value Bnonce to OLT.Replacedly, only OLT generates the first random value Anonce and sends the first random value Anonce that is generated to ONU (S200).Each of OLT and ONU to the first random value Anonce that generates by self or Bnonce, the first random value Bnonce that receives mutually or Anonce and in advance distribution and the master key (MK) shared carry out ha sh function, and generate pairwise master key (PMK) (S210).
Before carrying out encryption, MK is distributed to OLT and ONU, and can uses various conventional methods to distribute MK.The present invention uses pseudo-random function (PRF) as the algorithm that is used to generate key, and it is a kind of hash function.The hash function has following characteristic.
1. the incoming bit stream x of any length is converted into the output bit stream H (x) of regular length.
2. given H and x are easy to calculate H (x).
3. given output is calculated and can not be found input value.
4. given input can not be found another input that produces identical output in the calculating.
5. can not find any two the different inputs that produce identical output on calculating.
When using unidirectional and conflict free PRF to produce the output valve of being longer than 160, be difficult to find key, even use force attack.Thus, PRF is a high safety.Here, rough power attack is the attack that all possible value of wherein substitution is sought key value.In the case, the assailant must average 280 times trial and find key.
After generating PMK, OLT generates the second random value Anonce, and the second random value Anonce is sent to ONU, and ONU also generates the second random value Bnonce, and the second random value Bnonce is sent to OLT (S220).Replacedly, OLT generates second random value Anonce and the Bnonce, and sends the second random value Anonce and Bnonce to ONU (S220).OLT uses by the second random value Anonce that self generates, receives or carry out ha sh function by MAC Address and the PMK of the second random value Bnonce that self generates, its MAC Address, ONU from ONU, and generates temporary key (TK) (S230).ONU also uses the method for being used by OLT, generates TK.
TK is a session key.Broadcasting TK is divided into broadcast key (BK) and is used for the initial value (IV) of broadcast safe channel.The IV that clean culture TK is divided into authentication key (AK), safety associated key (SAK) and is used for the clean culture safe lane.The function of each key has been shown in the table 1 below.
Table 1
Key Tpe Function
Authentication key (AK) Be used to verify OLT and ONU
Broadcast key (BK) When OLT encrypts broadcast data and when ONU deciphers broadcast data, use
Safety associated key (SAK) Be used for the unicast data encryption and decryption between OLT and the ONU
Initial value Be used for the algorithm that initialization is used by encrypting module
Based on following equation, can use PRF to generate key.
PMK=PRF(Anonce||Bnonce||MK)
TK=PRF(Anonce||Bnonce||Aaddr||Baddr||PMK)....(1)
Wherein, PMK has 16 bytes, and Anonce is the random value by 16 bytes of A generation, and Bnonce is that TK has 64 bytes by the random value of 16 bytes of B generation, and Aaddr is the 6 byte MAC Address of A, and Baddr is the 6 byte MAC Address of B.
Can avoid using directly transmission security key of channel with reference to what Fig. 2 described according to cryptographic key distribution method of the present invention.Thus, do not need to be used for the independent safe lane of transmission security key.When not using this cryptographic key distribution method and passing through the safe lane transmission security key, if the safe lane key is exposed to the assailant, then data encryption key also is exposed to the assailant.Therefore, in such system, always there is so dual risk.Yet embodiments of the invention can be avoided such risk.
Even when TK is exposed to the assailant, the PMK that generates TK does not expose yet.Therefore, the TK of use that can be safe through upgrading.In addition, because be updated periodically the PMK that seldom exposes, so it is safer.In addition, because never be exposed to channel, so it brings the highest fail safe according to its MK that generates key.
Present embodiment is used for data link layer, and thus, uses the frame that between OLT and ONU, generates and disappear.The mac frame that generates on EPON and disappear is the OAM frame.According to the cryptographic key distribution method use of present embodiment as the slow agreement of in the OAM agreement, using.
Hereinafter, to Figure 10, the mac frame that uses is in an embodiment of the present invention described with reference to Fig. 3.
Fig. 3 illustrates the structure of the traditional mac frame 300 that uses in data link layer.With reference to Fig. 3, the FCS field 350 that traditional mac frame 300 comprises destination address (DA) field 310, source address (sa) field 320, length/type field 330, is used for data/filling (data/pad) field 340 of record data and is used for identification mistake frame (frame errors).
Fig. 4 illustrates according to embodiments of the invention, be used to distribute and the structure of the mac frame 400 of managing keys.With reference to Fig. 4, mac frame 400 comprises da field 405, sa field 410, length/type field 415, sub-type field 420, tag field 425, code field 430, data/filling field 435 and FCS field 440.
The mac frame 400 that is suitable for according to IKMP of the present invention can be called the key management frame, now, will be described below its each field.
According to slow agreement, da field 405 has value ' 01-80-C2-00-00-02 ', and length/type field 415 has value ' 80-09 ', to indicate slow agreement.Among the 4-10 that sub-type field 420 is used the 1-3 that uses except tradition ' 4 '.
Because the minimum length of the mac frame of Fig. 3 300 is 64 bytes, so data/filling field 435 must have the minimum length of 43 bytes.Even when the maximum length of mac frame 400 is 1522 bytes, the data/filling field 435 of key management frame (being mac frame 400) can only be extended to 107 bytes, and this is because the maximum frame size that uses in slow agreement is restricted to 128 bytes.
Tag field 425 comprises 1 byte, and among Fig. 2 below the function of each has been shown.
The position Title Describe
0 The local setting finished 0=is unavailable or encrypting module is not set in local device, and 1=is available or be provided with encrypting module in local device
The position Title Describe
1 Long-range setting is finished 0=is unavailable or encrypting module is not set in remote-control device, and 1=is available or be provided with encrypting module in remote-control device
2-7 Keep
Completion bit is set to be classified as this locality completion bit and the long-range completion bit that is provided with is set.For example, as OLT during to ONU transmission security key management frames, this locality is provided with the encrypting module information of completion bit indication OLT, and the long-range encrypting module information that completion bit indication ONU is set.
When the value that completion bit is set is 0, because the encryption setting of OLT and ONU does not match, so there is not the encrypting module can be with maybe operating.But when there not being the encrypting module time spent, key management module may or can not be available.In other words, when key management module is unavailable, to the not response of request of key management.When key management module can with but encrypting module can not operate the time completion bit is set is set to " 0 ", and remaining position is set to " sky " (null).Because either way indicate encrypting module correctly not operate,, that is, be " 0 " so they are handled in the same manner.
When the value that completion bit is set was 1, because the encryption of OLT and ONU is provided with coupling, so encrypting module can be used, and encrypting module can be operated.Thereby when this locality was provided with completion bit and the long-range value that completion bit is set and all is " 1 ", encrypting module can be operated.
Tag field 425 is included in all key management frames, and is treated to the first information of key management frame.Tag field 425 makes key management module can respond the change in the encrypting module that encrypting module is provided with under the state that completion bit is " 1 " in tag field 425 local and remote, take place during normal running apace.In other words, when this locality was provided with completion bit and the long-range value that completion bit is set and becomes " 0 ", encrypting module must stop.
When transmitting the key management frame, the transmission end have all the time its long-range setting at the key management frame finish in the state information of encrypting module that have, receiving terminal, and send this key management frame to receiving terminal.Thereby receiving terminal can identify the state information whether transmission end correctly manages the encrypting module of receiving terminal based on the key management frame that is received.
Code field 430 comprises 1 byte, and the type of indication key management frame.Type according to the key management frame of code value has been shown in table 3.
Code value Title Describe
1 The message key management frames The configuration information of encrypting module and key management module
2 Be used to ask the key management frame of key updating The request key updating
Code value Title Describe
3 The key management frame that is used for the response key update request The response key update request
4 Be used to ask the key management frame of key verification The request key verification
5 The key management frame that is used for the response key check request The response key check request
6 Be used to confirm the key management frame of key verification Confirm successful key verification
Fig. 5 illustrates the structure of message key management frames 500 according to an embodiment of the invention.With reference to Fig. 5, the structure of the key management frame of the structure of message key management frames 500 and Fig. 4 (that is, mac frame 400) is identical.Yet in message key management frames 500, the value of code field 530 is " 1 " (seeing Table 3) of indication message key management frames 500.In addition, data/filling field 535 comprises the local_config field 537 of the configuration information of indicating key management module and the remote_config field 539 of indicating the configuration information of encrypting module.
The configuration information of record in data/filling field 535 has been shown in the table 4 below.
Table 4
The position Title Describe
0 Mode of operation The 0=encrypting module closes the 1=encrypting module to be opened
1-2 Encryption mode 0=only encrypts 1=and only deciphers
The 2=encryption and decryption
3-6 Cryptographic algorithm 0=GCM-AES-128 1=CCM-AES-128 2=OCB-AES-128 3=RSA
7-10 The key distribution algorithm 0=no-Diff ie-Hellman 1=Diffie-Hellman
The position Title Describe
11-15 Keep
But when there not being the encrypting module time spent, if the value that completion bit is set of tag field 525 is " 0 ", then all configuration informations are set to " sky ".Yet, when encrypting module can with but can not operate the time,, when the mode of operation position indication " opening " of configuration information, also insert corresponding value to all configuration informations even the value that completion bit is set of tag field 525 is " 0 ".
Whether the mode of operation position shown in the table 4 indicates current encrypting module in fact can operate in system.In other words, when mode of operation position indication " opening " and during the remaining bit phase mutually synchronization of configuration information, the value that completion bit is set of tag field 525 can be " 1 ".Yet when the encrypting module inoperation, when also the mode of operation position is set to " 0 " thus, the remaining bit of configuration information all is set to " sky ".
The function that encryption mode position indication shown in the table 4 is provided by encrypting module.Because under the situation of EPON, downlink data is a broadcast data, and upstream data is a unicast data, so may upstream data not encrypted sometimes, perhaps may downlink data not encrypted sometimes.If after having handled encryption mode information, the security module of OLT and ONU can not be synchronous, and then the completion bit that is provided with of tag field 525 is set to " 0 ".
The indication of cryptographic algorithm position shown in the table 4 is used for encrypting by encrypting module or the algorithm of data decryption.In table 4, all algorithms except RSA all are symmetry algorithms.Encrypting module can have or can not have the standalone module of a plurality of encrypting modules of operation.If after having handled cryptographic algorithm information, the security module of OLT and ONU can not be synchronous, and then the completion bit that is provided with of tag field 525 is set to ' 0 '.
The cryptographic key distribution method that key distribution algorithmic bit indication shown in the table 4 is used by key management module.At two algorithms shown in the table 4 as example.Yet, when being formed for the independent encryption channel of key distribution, the algorithm information that the indication of key distribution algorithmic bit is used by the key distribution encrypting module.
When being formed for the independent encryption channel of key distribution, can change the data/filling field 535 of message key management frames 500, perhaps definable and use new key management frame.Yet the key distribution algorithm is the revision of Diffie-Hellman method according to an embodiment of the invention, and does not need independent encryption channel.If after having handled the key distribution algorithm information, the security module of OLT and ONU can not be synchronous, and then the completion bit that is provided with of tag field 525 is set to " 0 ".
Fig. 6 A and Fig. 6 B illustrate according to embodiments of the invention, be used to ask the structure of the key management frame 600 of key updating.With reference to Fig. 6 A, be used to ask the structure of key management frame 600 of key updating identical with the structure of the key management frame 400 of Fig. 4.Yet code field 630 has the value " 2 " (seeing Table 3) of indication key management frame 600.In addition, data/filling field 635 comprise the key that indication will be upgraded type cipher key index field 637 and be designated as key updating and the Nonce field 639 of the random value that exchanges.
Encrypting messages is easy person's under attack attack all the time.Thus, when the assailant intercepted encrypting messages, the key that is used to encrypt the message that this quilt steals may expose.Therefore, for fail safe, must be used for encrypted secret key by periodic variation.
Key management frame 600 shown in Fig. 6 A or Fig. 6 B is used to upgrade TK and PMK, and the two must be updated periodically.PMK is not used in enciphered data, therefore has the long relatively update cycle.Yet, because TK is used to enciphered data, thereby often be exposed to channel, so it has the short update cycle.
Here, although be not used for data encryption, also must be updated periodically PMK for fail safe, this is because it is used to upgrade TK, and the factor (factor) that is used to generate TK is exposed to channel.
Be used to ask the type (PMK or TK) of the key that cipher key index field 637 indications of data/filling field 635 of the key management frame 600 of key updating will upgrade, and Nonce field 639 comprises and generates the required random value of key.For example, if cipher key index field 637 is " 0 ", then should upgrade PMK.If cipher key index field 637 is " 1 ", then should upgrade TK.
Key management frame 600 shown in Fig. 6 A is used to upgrade singlecast key, and the key management frame 600 shown in Fig. 6 B is used to upgrade broadcast key.Singlecast key is used for the P2P communication between OLT and the ONU, and broadcast key is used for OLT and be connected to P2MP communication between all ONU of OLT.Because broadcast key must be distributed to all ONU, so use the random value that generates by OLT to generate it.
When the transmission end transmission was used to ask the key management frame 600 of key updating, before, it can not generate key to receive the key management frame 700 (seeing Fig. 7 A or Fig. 7 B) that is used for the response key update request up to it from receiving terminal.When the key management module of transmission end receives the key management frame 700 of response key update request, it uses by the random value Anonce of self generation and the random value Bnonce that is generated by the other end, upgrades the key by cipher key index field 637 indications of key management frame 700.When generating broadcast key, because OLT also distributes random value Bnonce, so ONU does not generate random value.
Fig. 7 A and Fig. 7 B illustrate according to embodiments of the invention, are used for the structure of the key management frame 700 of response key update request.With reference to Fig. 7 A, be used for the response key update request key management frame 700 structure and Fig. 6 be used to ask the structure of key management frame 600 of key updating identical.Yet code field 730 has the value " 3 " (seeing Table 3) of indication key management frame 700.
Only after receiving the key management frame 600 that is used to ask key updating, just transmit key management frame 700.Be used for the key management frame 700 of response key update request data/filling field 735 cipher key index field 737 indication keys type (for example, 0:PMK, 1:TK), and 739 indications of Nonce field generate the required value of keys.
After the key management frame 700 that transmits the response key update request, the key management module of transmission end be used to ask key updating key management frame 600 random value Anonce and by the random value Bnonce of self generation, upgrade target cipher key.
Fig. 8 illustrates according to embodiments of the invention, be used to ask the structure of the key management frame 800 of key verification.With reference to Fig. 8, be used to ask the structure of key management frame 800 of key verification identical with the structure of the key management frame 400 of Fig. 4.Yet code field 830 has the value " 4 " (seeing Table 3) of indication key management frame 800.Data field 835 comprises the cipher key index 836 of type of the key that indication will be verified and the Anonce field 837 and the Nonce field 838 of the required data of indication key verification.
Even when using key management frame 600 and 700 to come more new key, must transmission transmission security key whether exactly, this is because the key in the embodiments of the invention is not directly transmission.
Be used to ask the key management frame 800 of key verification to comprise the cipher key index 836 of the key of wanting verification and the random value of indicating and be used to generate key by Anonce field 837 and Bnonce field 838.Provide the check key (VK) that is used for key verification by following formula
VK=PRF(Anonce||Bnonce||K i)...(2)
K wherein iType (i:(0) AK of the key of verification, (1) BK, (2) SAK are wanted in indication).
The key management module of transmission end transmitted be used to ask the key management frame 800 of key verification after, generate the VK and key management frame 900 (see figure 9)s of wait-for-response key verification request.
Fig. 9 illustrates according to embodiments of the invention, is used for the structure of the key management frame 900 of response key check request.With reference to Fig. 9, the structure of key management frame 900 that is used for the response key check request is identical with the structure of the key management frame 400 of Fig. 4.Yet code field 930 has the value ' 5 ' (seeing Table 3) of indication key management frame 900.
Transmit the key management frame 900 that is used for the response key check request with the factor that can generate VK.Thereby, the key management module of the receiving terminal of the key management frame 900 of reception response key check request generates key management frame 1000 (see figure 10)s that are used to confirm key verification, and transmits cipher key index field 937 that comprises the key of wanting verification and the key management frame 1000 Y field 939, that be used to confirm key verification of indicating the VK that is generated.Use equation 2 to generate VK.
Figure 10 illustrates according to embodiments of the invention, be used to confirm the structure of the key management frame 1000 of key verification.With reference to Figure 10, be used to confirm that the structure of key management frame 1000 of key verification is identical with the structure of the key management frame 400 of Fig. 4.Yet code field 1030 has the value ' 6 ' (seeing Table 3) of indication key management frame 1000.
After interchange key management frames 800 and 900 was with the key that verification was generated, an end of request key verification must be to receiving terminal transfer check result.If key is updated, then by verification, then must check check results.Yet,, needn't transmit the key management frame 1000 that is used to confirm key verification if key is updated and does not have verification.
The transmission end of having transmitted the key management frame 800 that is used to ask key verification received the key management frame 900 of response key check request from receiving terminal after, the key management frame 1000 that is used to confirm key verification was transmitted in the transmission end to receiving terminal.If the check results value indication in the key management frame 1000 that is received by receiving terminal is check key not also, new key more not then.
Upload to serve at EPON and state the key management frame and do not encrypt, this be because: because the security feature of PRF, even when the information that comprises in the key management frame is exposed to the assailant, the assailant can not determine key in one period effective time.
Figure 11 illustrates the step transition in cryptographic key distribution method according to an embodiment of the invention.With reference to Figure 11, the key distribution step comprises key updating step 1100, key distribution step 1110 and key verification step 1120.
When carrying out key updating during the cycle, key updating step 1100 generates key, and carries out key distribution step 1110, to distribute the key that is generated.The key that the distribution of key distribution step 1110 is generated, and after finishing key distribution, carry out key verification step 1120.In verification after the key that is generated, key verification step 1120 is carried out key updating step 1110.Then, key updating step 1100 is upgraded the key through verification.
Figure 12 is the diagram flow chart of key updating method according to an embodiment of the invention.With reference to Figure 12, after generation is used for encrypted secret key and is distributed to OLT and ONU on EPON, start key updating timer (S1200).When the key updating timer stops (S1205) after one period scheduled time, one end (OLT or the ONU of distributed key, hereinafter be referred to as the transmission end) transmit the key management frame 600 (S1210) be used to ask key updating to the other end (OLT or ONU hereinafter are referred to as receiving terminal).
In response to the key management frame 600 that is used to ask key updating, the transmission end receives the key management frame 700 (S1215) that is used for the response key update request from receiving terminal.Then, the transmission end generates the key management frame 800 that is used to ask key verification, and transmits the key management frame 800 (S1220) that is used to ask key verification to receiving terminal.
In response to the key management frame 800 that is used to ask key verification, the transmission end receives the key management frame 900 (S1225) that is used for the response key check request from receiving terminal.Then, the key management frame 900 that is used for the response key check request is checked in the transmission end, to have determined whether successfully verification key (S1230).If successfully verification key, then the key management frame 1000 be used to confirm key verification is transmitted to receiving terminal in the transmission end, then new key (S1235) more.
Use the mac frame of slow agreement to exchange above-mentioned key management frame.
Figure 13 is the flow chart of diagram key updating method according to another embodiment of the present invention.The flow chart of Figure 12 illustrates key updating method from the angle of an end of request key updating, and the flow chart of Figure 13 is used for the angle of an end of the request of key updating and illustrates key updating method from reception.
With reference to Figure 13, when receiving terminal receives the key management frame 600 that is used to ask key updating (S1300), its generation is used for the key management frame 700 of response key update request, and transmits the key management frame 700 (S1305) that is used for the response key update request to the transmission end.When receiving terminal receives when being used to ask the key management frame 800 of key verification, its generation is used for the key management frame 900 of response key check request, and transmits the key management frame 900 (S1315) that is used for the response key check request to the transmission end.When receiving terminal receives when being used to confirm the key management frame 1000 of key verification, it is new key (S1325) more.
Industrial applicibility
For internet security, cryptographic key distribution method according to the present invention is applied to EPON. Thus, the key management module in the OLT that can use at EPON and each of ONU is come safety and is effectively distributed the key that is used by encrypting module.

Claims (13)

1. the method for a distributed key on Ethernet passive optical network EPON, this method comprises:
First random value that exchange is generated by OLT and ONU respectively between light terminal OLT and optical network unit ONU is to generate the clean culture safe lane;
Based on the master key of first random value that is exchanged and pre-distribution, use hash function to generate pairwise master key PMK;
Second random value that exchange is generated by OLT and ONU respectively between OLT and ONU; And
Based on second random value, OLT and the ONU that are exchanged media interviews control MAC Address and PMK separately, use hash function to generate temporary key.
2. the method for claim 1, wherein said temporary key be used as the check key of OLT and ONU, as the encryption key of broadcast data, as the encryption key of unicast data and with the value that acts on initialization encrypting module algorithm.
3. the method for claim 1, wherein OLT and ONU use the mac frame of slow agreement to exchange described first random value and described second random value mutually.
4. the method for claim 1 also comprises: upgrade PMK or temporary key according to predetermined period.
5. method as claimed in claim 4, wherein said renewal PMK or temporary key comprise:
Comprise the type of the key that will upgrade and be used for the more frame the 3rd random value, that be used to ask key updating of new key to the OLT transmission to the ONU transmission or from ONU from OLT, comprise frame the 4th random value, that be used for the response key update request from OLT or ONU reception, and generate new key; And
Transmit the frame that is used to ask key verification of the type, the 3rd random value and the 4th random value that comprise the key that will upgrade to OLT or ONU, and receive from OLT or ONU and to comprise frame check key, that be used for the response key check request that uses described the 3rd random value and the 4th random value and generate.
6. method as claimed in claim 5 also comprises: transmit to OLT or ONU and comprise that the described check key that use comprises at the described frame that is used for the response key check request comes the frame result, that be used to confirm key verification of check key.
7. the method for claim 1 also comprises: between OLT and ONU, exchange mac frame, wherein this mac frame comprise among OLT and the ONU each encrypting module and the configuration information of key management module.
8. the method for a distributed key on EPON, this method comprises:
To be transferred to ONU by first random value that OLT generates, to generate the broadcast safe channel;
Based on the master key of first random value that is transmitted and pre-distribution, use hash function to generate PMK;
To send ONU to by second random value that OLT generates; And
Based on MAC Address and the PMK of second random value, OLT and the ONU that are transmitted, use hash function to generate temporary key.
9. method as claimed in claim 8, wherein said temporary key be used as the check key of OLT and ONU, as the encryption key of broadcast data, as the encryption key of unicast data and with the value that acts on initialization encrypting module algorithm.
10. method as claimed in claim 8 also comprises: upgrade PMK or temporary key according to predetermined period.
11. method as claimed in claim 10, wherein said renewal PMK or temporary key comprise:
Comprise the type of the key that will upgrade and be used for the more frame the 3rd random value, that be used to ask key updating of new key to OLT or ONU transmission, comprise frame the 4th random value, that be used for the response key update request from OLT or ONU reception, and generate new key; And
Transmit the frame that is used to ask key verification of the type, the 3rd random value and the 4th random value that comprise the key that will upgrade to OLT or ONU, and receive from OLT or ONU and to comprise frame check key, that be used for the response key check request that uses described the 3rd random value and the 4th random value and generate.
12. method as claimed in claim 11 also comprises: transmit to OLT or ONU and to comprise that the described check key that use comprises at the described frame that is used for the response key check request comes the frame result, that be used to confirm key verification of check key.
13. method as claimed in claim 8 also comprises: between OLT and ONU, exchange mac frame, wherein this mac frame comprise among OLT and the ONU each encrypting module and the configuration information of key management module.
CN2005800419669A 2004-12-07 2005-12-07 Method of distributing keys over EPON Expired - Fee Related CN101073221B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
KR10-2004-0102394 2004-12-07
KR1020040102394A KR20060063271A (en) 2004-12-07 2004-12-07 The key distribution technique of link security on epon
KR1020040102394 2004-12-07
KR10-2005-0103791 2005-11-01
KR1020050103791A KR100809393B1 (en) 2005-11-01 2005-11-01 Key distribution method on EPON
KR1020050103791 2005-11-01
PCT/KR2005/004168 WO2006062345A1 (en) 2004-12-07 2005-12-07 Method of distributing keys over epon

Publications (2)

Publication Number Publication Date
CN101073221A CN101073221A (en) 2007-11-14
CN101073221B true CN101073221B (en) 2010-06-02

Family

ID=37159299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2005800419669A Expired - Fee Related CN101073221B (en) 2004-12-07 2005-12-07 Method of distributing keys over EPON

Country Status (2)

Country Link
KR (1) KR20060063271A (en)
CN (1) CN101073221B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072094B (en) * 2006-05-14 2011-10-05 华为技术有限公司 Key agreement method and system for PON system
KR101021708B1 (en) * 2009-01-20 2011-03-15 성균관대학교산학협력단 Group Key Distribution Method and Server and Client for Implementing the Same
CN101931830B (en) * 2009-06-18 2014-03-19 中兴通讯股份有限公司 Method for upgrading secret key in Gigabit passive optical network and optical line terminal
WO2011017847A1 (en) * 2009-08-14 2011-02-17 华为技术有限公司 Method and device for exchanging key
CN103812645B (en) * 2014-03-05 2017-03-01 中国科学院半导体研究所 Receive a visitor key sharing system and method based on optic communication
CN107231373A (en) * 2017-06-28 2017-10-03 深圳市欧乐在线技术发展有限公司 A kind of internet data safe transmission method and device
WO2021208025A1 (en) * 2020-04-16 2021-10-21 北京小米移动软件有限公司 Management message frame transmission method and apparatus, and storage medium
CN117318941B (en) * 2023-11-29 2024-02-13 合肥工业大学 Method, system, terminal and storage medium for distributing preset secret key based on in-car network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1404267A (en) * 2002-10-01 2003-03-19 华中科技大学 Safe network transmission method and system
CN1459724A (en) * 2002-05-25 2003-12-03 三星电子株式会社 Method and apparatus for producing sequence number

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1459724A (en) * 2002-05-25 2003-12-03 三星电子株式会社 Method and apparatus for producing sequence number
CN1404267A (en) * 2002-10-01 2003-03-19 华中科技大学 Safe network transmission method and system

Also Published As

Publication number Publication date
CN101073221A (en) 2007-11-14
KR20060063271A (en) 2006-06-12

Similar Documents

Publication Publication Date Title
CN101073221B (en) Method of distributing keys over EPON
CN107453868B (en) A kind of safe and efficient quantum key method of servicing
US9698979B2 (en) QKD key management system
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
US8600063B2 (en) Key distribution system
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN107124266B (en) Video communication system and method based on quantum encryption
WO2023082599A1 (en) Blockchain network security communication method based on quantum key
CN102656838A (en) Optical network terminal management control interface-based passive optical network security enhancement
US20090177889A1 (en) Method for sharing a link key in a zigbee network and a communication system therefor
JP2007174083A (en) Key updating system, key management apparatus, communication terminal and key information buildup method in multihop network
WO2023082600A1 (en) Quantum key-based blockchain network and data secure transmission method
CN108964897B (en) Identity authentication system and method based on group communication
JPWO2020072476A5 (en)
CN101150391A (en) A method, system and device for preventing optical network unit in passive optical network from being counterfeiting
KR101608815B1 (en) Method and system for providing service encryption in closed type network
CN113630248B (en) Session key negotiation method
US20140380049A1 (en) Management of group secrets by group members
CN111080299B (en) Anti-repudiation method for transaction information, client and server
US20170019256A1 (en) Method to authenticate two devices to establish a secure channel
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
US20090232313A1 (en) Method and Device for Controlling Security Channel in Epon
JP5102701B2 (en) Secret key distribution method and secret key distribution system
WO2006062345A1 (en) Method of distributing keys over epon
US11297063B2 (en) Method for user administration of a field device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100602

Termination date: 20111207