CN1323523C - Method of forming dynamic key in radio local network - Google Patents
Method of forming dynamic key in radio local network Download PDFInfo
- Publication number
- CN1323523C CN1323523C CNB031090478A CN03109047A CN1323523C CN 1323523 C CN1323523 C CN 1323523C CN B031090478 A CNB031090478 A CN B031090478A CN 03109047 A CN03109047 A CN 03109047A CN 1323523 C CN1323523 C CN 1323523C
- Authority
- CN
- China
- Prior art keywords
- key
- wlan
- wep
- sta
- generates dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The present invention relates to a method of forming a dynamic key in a radio local network, which is suitable for being applied between a wireless access terminal (STA) with a preshared key and a wireless local network access point (AP) and comprises the following steps: a, generating a random number between STA and AP; b, generating an encryption key ki by the random number together with the preshared key; c, between STA and AP, carrying out communication by taking the generated encryption key ki as the encryption key and using a wired equivalent privacy (WEP) cipher mode. The present invention has simple and effective realization, passes a key number by means of the filling (6 bits) of iv in a message and uses an anti-rebroadcast mechanism on the key number, which resists the message rebroadcast to a certain extent and effectively realizes the secrecy on the user information.
Description
Technical field
The present invention relates to field of data encryption, relate in particular to a kind of method that in WLAN (wireless local area network), generates dynamic key.
Technical background
In WLAN (wireless local area network), information between the access point (AP) of wireless access terminal (STA) and WLAN (wireless local area network) utilizes public electromagnetic wave to transmit, any prison hearer who has similar STA equipment can receive these electromagnetic waves, if these electromagnetic waves are expressly transmitted, user's privacy and other key messages all might be divulged a secret.As shown in Figure 1, be in the WLAN (wireless local area network), the schematic diagram that information is transmitted.
Prior art 1:
In order to resist the prison hearer, the communication between STA and AP can be protected by the mode of encrypting.IEEE 802.11b standard provides WEP (Wired Equivalent Privacy), guarantees the safety of WLAN.WEP adopts the RC4 symmetric cryptosystem at link layer, just can get permission the resource of access network when the key of STA must be identical with the key of AP, thereby prevent the monitoring of unauthorized user and disabled user's visit.Because up to the present, 802.11 standards do not have the concrete standard that regulation manages key, and therefore existing implementation generally is to use static keys to encrypt.So-called static keys is exactly to dispose identical key by manual mode at STA and AP end, and encryption and decryption is used this key, unless configuration change, the key of encryption and decryption can not change.WEP encrypts can pre-configured maximum 4 keys, show that key of use in encrypting message by two flag bits, make deciphering can reach correct solving expressly.
WEP uses the IV with 24 in encryption, reuse in a quite short time because the same key of same IV fails to be convened for lack of a quorum.One 24 field comprises 2 24 powers, 16777216 possible values just, supposes that network traffics are 11M, transmits the bag of 1500 bytes, and about five hours, IV will reuse so.In case this reusing taken place, the assailant just had 2 not isolog with identical keys encrypt content, might be able to obtain the value of the XOR of these 2 plaintexts by XOR 2 ciphertexts, this XOR result can be used for decrypted data packet.(when using identical key, the XOR value expressly and the XOR value of ciphertext are the same.If) therefore the assailant know when IV reuses clear content when taking place, can not decrypt another one content expressly even know the key stream that any encryption is used yet.
Prior art one adopts the way to manage of static keys, can only dispose 4 keys at most, as the fail safe that will guarantee that WLAN inserts, and must frequent manual change key.Fig. 2 is a WEP ciphered data plot structure, and the WEP static encryption is distinguished the static keys of use by Key ID.
Prior art makes mode by hand change key, has increased key management loaded down with trivial details of STA and AP.It is particularly evident when this hangs many user STA under AP.
If the user can not in time change key, user's safety just may be on the hazard so.
Prior art 2:
Present many authentication protocols are EAP-TLS for example, keys such as EAP-TTLS generate agreement and are suggested and are applied in the WEP encryption, for present equipment, must do more change, require server and user side to support this quasi-protocol, increased the complexity of whole system.
As shown in Figure 3, be to use the networking diagram of authentication protocol.STA and AS are by AP (or AC) transparent transmission or transmit negotiation message, finally generate key at STA and AS end through consultation, and by some approach key are sent to the AP use.
Present numerous equipment is not supported this authentication.This system realizes complicated, and AS is had very high requirement.It is also higher that STA implements complexity.Prior art does not have regulation to carry out the key that how the index negotiation obtained when WEP encrypted in addition, and how the key of front and back is distinguished.
Summary of the invention
The object of the invention is to use simple method to realize the dynamic replacing of key, and applies it in the WEP encryption, and need not to change WEP ciphered data frame structure.
For this reason, the present invention adopts following scheme:
A kind of method that generates dynamic key in WLAN (wireless local area network) WLAN is applicable between the wireless access terminal STA and wireless local network connecting point AP that has wildcard, it is characterized in that may further comprise the steps:
A, between STA and AP, generate a random number random;
B, generate an encryption key Ki by the Hash verification method by described random number random and wildcard;
Between c, STA and the AP, be encryption key, adopt Wired Equivalent Privacy WEP cipher mode to communicate with above-mentioned generation encryption key Ki.
Described step b, in the following way:
Ki=PRF(MasterKey,K(i-1)),K0=random,1<=i<64;
Described PRF represents generating function, and MasterKey is a wildcard.
Described step b, in the following way:
Ki=PRF(MasterKey,K(i-1)‖K(i-2)……‖K0),1<=i<64;
Described PRF represents generating function, and " ‖ " represents serial connection, and MasterKey is a wildcard.Described PRF is HMAC_MD5, HMAC_SHA1.
The described method that generates dynamic key in WLAN when key generates each time, produces a random number random.
Described step c, in the following way:
In the IV field that WEP encrypts, use 6bits as the index that WEP uses encryption key, select key at receiving terminal with this index.
Described receiving terminal, the WEP that only accepts i and i-1, i+1 encrypts message.
The described method that in WLAN, generates dynamic key, AP and STA can initiate key and change, in WEP encrypts, the WEP encrypted secret key number pointed out in the WEP ciphertext during replacing, and the value of the opposite end cipher key number of updating maintenance.
The described method that generates dynamic key in WLAN, the opposite end uses the key of this cipher key number that message is decrypted after receiving the ciphertext that has cipher key number, also verifies the value of the opposite end cipher key number of passing through the back updating maintenance at successful decryption.
Described wireless local network connecting point AP can replace with wireless local net access controller AC.
The present invention has following beneficial effect:
1, the advantage of this scheme is to generate dynamic key to adopt AP and STA to handle, and has alleviated load of server.
2, owing to wildcard does not use in WEP encrypts, thus even decoded the WEP encryption key, just leaked the information of using this secret key encryption, and wildcard or safety, because hash function itself is irreversible.
3, because key upgrades,, adopt bob-weight to broadcast mechanism, resisted the message replay to a certain extent for cipher key number so transmit cipher key number by means of the filling (6bits) of the iv in the message.
4, this scheme realizes simply, can just can obtain than adopting the higher safety of static wep in very little cost, realizes simply effectively need not WEP ciphered data frame is done any expansion, has just utilized filler in the past.
5, this programme can be realized the negotiation to a user one key, effectively user profile is realized maintaining secrecy.
Description of drawings
Fig. 1 is the interface schematic diagram of WLAN (wireless local area network) in the prior art;
Fig. 2 is that WEP encrypts the data frame structure schematic diagram that uses in the prior art;
Fig. 3 is an authentication protocol networking schematic diagram in the prior art;
Fig. 4 is a schematic flow sheet of the present invention.
Embodiment
Below in conjunction with the specific embodiment of the present invention is described.
Can guarantee the dynamic replacing of key between STA of the present invention and the AP by synchronous mode, its thought is based on wildcard MasterKey, by the random number random that produces at random, dynamically generate an encryption key, and finish the transmission of data with this encryption key that dynamically generates.Here, AP also can be a wireless local net access controller (AC), does not have the difference of essence on realization flow.
As shown in Figure 4, be particular flow sheet of the present invention, as can be seen from the figure, the present invention specifically may further comprise the steps:
A, STA and AP set up a random number random by sending message.This random number need not to maintain secrecy, but will confirm that the opposite end has this random number really.This random number can produce at STA, also can produce at AP, also can produce jointly at two ends, and it produces the position does not have substantial influence to the solution of the present invention.
B, AP and STA use this random number random as seed, generate dynamic encryption key K1 (comprising IV) according to wildcard MasterKey.Follow-up encryption key (comprising IV) is defined as Ki (1<=i<64), adds 1 at i at every turn, earthquake became 1 by 64 o'clock; Follow-up Ki is according to the K1 of front, K2 ..., K (i-1) and MasterKey and random number random generate.
The method that generates derive subsequent keys Ki by master key MasterKey and random number random is a lot: followingly represent generating function explanation with PRF, wherein PRF can be HMAC_MD5, HMAC_SHA1, perhaps other Hash verification method.
Mode 1:
Ki=PRF(MasterKey,K(i-1)),K0=random
K0 does not use in encryption, and the key that uses during encryption is Ki (1<=i<64).
Mode 2:
Ki=PRF (MasterKey, K (i-1) ‖ K (i-2) ... ‖ K0), " ‖ " expression herein will be connected in series.
In order to ensure higher fail safe, can when generating, use each key a random number random.Do seed with this random number then and generate dynamic key with master key MasterKey.
C, STA adopt WEP to encrypt and communicate with AP, this moment, encryption key was K1 (key K 1 is generated by random number random and wildcard MasterKey), as shown in Figure 2, the IV field provides the actual IV of 24bits, the filling of 6bits and the key ID of 2bits in WEP encrypts.The present invention uses the filling of 6bits that the key that uses is carried out index.
D, AP read the WEP enciphered data that STA sends, key is selected in filling according to 6bits, but in order to prevent Replay Attack, AP safeguards the cipher key number state of a STA, the WEP that only accepts current key number and 1 cipher key number in front and back encrypts message, other packet loss.
AP and STA can initiate key and change, and need not to notify the other side during replacing, only need in WEP encrypts the WEP encrypted secret key number is pointed out in the WEP ciphertext, and the value of the opposite end cipher key number of updating maintenance.The opposite end uses the key of this cipher key number that message is decrypted after receiving this message, and the value of the opposite end cipher key number of updating maintenance (be generally add 1 mould 64, but will skip 0).
The present invention realizes effectively simple, need not WEP ciphered data frame is done any expansion, the filler before just having utilized.Because wildcard does not use in WEP encrypts, thus even decoded the WEP encryption key, just leaked the information of using this secret key encryption, and wildcard or safety.In addition, the present invention transmits cipher key number by means of the filling (6bits) of the iv in the message, adopts bob-weight to broadcast mechanism for cipher key number, has resisted the message replay to a certain extent, effectively user profile is realized maintaining secrecy.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (10)
1, a kind of method that generates dynamic key in WLAN (wireless local area network) WLAN is applicable between the wireless access terminal STA and wireless local network connecting point AP that has wildcard, it is characterized in that may further comprise the steps:
A, between STA and AP, generate a random number random;
B, generate an encryption key Ki by the Hash verification method by described random number random and wildcard;
Between c, STA and the AP, be encryption key, adopt Wired Equivalent Privacy WEP cipher mode to communicate with above-mentioned generation encryption key Ki.
2, the method that generates dynamic key in WLAN as claimed in claim 1 is characterized in that described step b, in the following way:
Ki=PRF(MasterKey,K(i-1)),K0=random,1<=i<64;
Described PRF represents generating function, and MasterKey is a wildcard.
3, the method that generates dynamic key in WLAN as claimed in claim 1 is characterized in that described step b, in the following way:
Ki=PRF(MasterKey,K(i-1)‖K(i-2)……‖K0),1<=i<64;
Described PRF represents generating function, and " ‖ " represents serial connection, and MasterKey is a wildcard.
4, as claim 2 or the 3 described methods that in WLAN, generate dynamic key, it is characterized in that described PRF is HMAC_MD5, HMAC_SHA1.
5, the method that generates dynamic key in WLAN as claimed in claim 1 when it is characterized in that key generates each time, produces a random number random.
6, the method that generates dynamic key in WLAN as claimed in claim 1 is characterized in that described step c, in the following way:
In the IV field that WEP encrypts, use 6bits as the index that WEP uses encryption key, select key at receiving terminal with this index.
7, the method that generates dynamic key in WLAN as claimed in claim 6 is characterized in that described receiving terminal, and the WEP that only accepts i and i-1, i+1 encrypts message.
8, the method that in WLAN, generates dynamic key as claimed in claim 1, it is characterized in that AP and STA can initiate key and change, in WEP encrypts, the WEP encrypted secret key number is pointed out in the WEP ciphertext during replacing, and the value of the opposite end cipher key number of updating maintenance.
9, the method that in WLAN, generates dynamic key as claimed in claim 8, it is characterized in that the opposite end is after receiving the ciphertext that has cipher key number, use the key of this cipher key number that message is decrypted, also verify the value of the opposite end cipher key number of passing through the back updating maintenance at successful decryption.
10, the method that generates dynamic key in WLAN as claimed in claim 1 is characterized in that described wireless local network connecting point AP, and AC replaces with the wireless local net access controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031090478A CN1323523C (en) | 2003-04-02 | 2003-04-02 | Method of forming dynamic key in radio local network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031090478A CN1323523C (en) | 2003-04-02 | 2003-04-02 | Method of forming dynamic key in radio local network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1534931A CN1534931A (en) | 2004-10-06 |
| CN1323523C true CN1323523C (en) | 2007-06-27 |
Family
ID=34283248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031090478A Expired - Fee Related CN1323523C (en) | 2003-04-02 | 2003-04-02 | Method of forming dynamic key in radio local network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1323523C (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100612255B1 (en) * | 2005-01-11 | 2006-08-14 | 삼성전자주식회사 | Apparatus and method for data security in wireless network system |
| CN100495963C (en) | 2006-09-23 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | Public key certificate state obtaining and verification method |
| CN101155092B (en) * | 2006-09-29 | 2010-09-08 | 西安电子科技大学 | Wireless local area network access method, device and system |
| CN101394664B (en) * | 2007-09-19 | 2012-01-04 | 华为技术有限公司 | Mobile node, method and system for implementing media irrelevant switching |
| CN101163145B (en) * | 2007-11-13 | 2011-09-14 | 成都市华为赛门铁克科技有限公司 | Method and device of transmitting data packet and method of negotiating key |
| US8422513B2 (en) * | 2008-05-23 | 2013-04-16 | Nokia Siemens Networks Oy | Providing station context and mobility in a wireless local area network having a split MAC architecture |
| CN101521882B (en) * | 2009-03-24 | 2014-03-12 | 中兴通讯股份有限公司南京分公司 | Method and system for updating preshared key |
| CN101902324B (en) * | 2010-04-29 | 2012-11-07 | 天维讯达无线电设备检测(北京)有限责任公司 | Method and system for establishing communication key between nodes |
| CN103249047B (en) | 2012-02-10 | 2018-11-23 | 南京中兴新软件有限责任公司 | The access authentication method and device of WLAN hot spot |
| CN104243409A (en) * | 2013-06-14 | 2014-12-24 | 中国普天信息产业股份有限公司 | Terminal-to-terminal data transmission method |
| DK2955871T3 (en) * | 2014-06-12 | 2017-05-01 | Nagravision Sa | Cryptographic method for securely exchanging messages and apparatus and system for performing this method |
| CN107659396B (en) * | 2016-07-23 | 2022-07-22 | 东莞宏大动力科技有限公司 | Dynamic encryption method |
| CN107872315B (en) * | 2017-07-28 | 2020-09-22 | 深圳和而泰智能控制股份有限公司 | Data processing method and intelligent terminal |
| CN109040108B (en) * | 2018-08-31 | 2020-10-30 | 桂林电子科技大学 | Privacy protection data collection method for mobile phone sensing task |
| CN109714176B (en) * | 2019-03-13 | 2021-11-30 | 苏州科达科技股份有限公司 | Password authentication method, device and storage medium |
| CN110650016B (en) * | 2019-09-02 | 2022-09-23 | 南京南瑞继保电气有限公司 | Method for realizing network data security of AC/DC control protection system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5991407A (en) * | 1995-10-17 | 1999-11-23 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
| WO2003017568A1 (en) * | 2001-08-17 | 2003-02-27 | Nokia Corporation | Security in communications networks |
| US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
| CN1406034A (en) * | 2001-09-13 | 2003-03-26 | 株式会社东芝 | Electronic apparatus with relay function in wireless data communication |
-
2003
- 2003-04-02 CN CNB031090478A patent/CN1323523C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5991407A (en) * | 1995-10-17 | 1999-11-23 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
| WO2003017568A1 (en) * | 2001-08-17 | 2003-02-27 | Nokia Corporation | Security in communications networks |
| US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
| CN1406034A (en) * | 2001-09-13 | 2003-03-26 | 株式会社东芝 | Electronic apparatus with relay function in wireless data communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1534931A (en) | 2004-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8788802B2 (en) | Constrained cryptographic keys | |
| CN101473668B (en) | Method and apparatus for security protection of an original user identity in an initial signaling message | |
| US6931132B2 (en) | Secure wireless local or metropolitan area network and related methods | |
| CN1323523C (en) | Method of forming dynamic key in radio local network | |
| CN101600204B (en) | File transmission method and system | |
| CN102257842A (en) | Enhanced security for direct link communications | |
| JP2012019511A (en) | System and method of safety transaction between wireless communication apparatus and server | |
| CN100452697C (en) | Conversation key safety distributing method under wireless environment | |
| CN112073115B (en) | Lora-based low-orbit satellite Internet of things registration security verification method, Internet of things terminal, network server and user server | |
| JP2000083018A (en) | Method for transmitting information needing secrecy by first using communication that is not kept secret | |
| WO2007059558A1 (en) | Wireless protocol for privacy and authentication | |
| CN102036238A (en) | Method for realizing user and network authentication and key distribution based on public key | |
| CN102884756A (en) | Communication device and communication method | |
| US20020199102A1 (en) | Method and apparatus for establishing a shared cryptographic key between energy-limited nodes in a network | |
| Borsc et al. | Wireless security & privacy | |
| CN107659405B (en) | The encrypting and decrypting method of data communication between a kind of substation boss station | |
| CN108540287A (en) | Internet of Things safety management encryption method | |
| Luo | A simple encryption scheme based on wimax | |
| CN101640840B (en) | Broadcast or multicast-based safe communication method and broadcast or multicast-based safe communication device | |
| CN111093193A (en) | MAC layer communication security mechanism suitable for Lora network | |
| WO2005117334A1 (en) | State based secure transmission for a wireless system | |
| CN110650016B (en) | Method for realizing network data security of AC/DC control protection system | |
| CN114339740B (en) | AKA authentication method and system for 5G communication | |
| JP7160443B2 (en) | Wireless communication system, server, terminal, wireless communication method, and program | |
| Eren et al. | WiMAX-Security–Assessment of the Security Mechanisms in IEEE 802.16 d/e |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070627 Termination date: 20130402 |