DE102016008267A1 - Establishment of a secure communication channel - Google Patents

Establishment of a secure communication channel

Info

Publication number
DE102016008267A1
DE102016008267A1 DE102016008267.4A DE102016008267A DE102016008267A1 DE 102016008267 A1 DE102016008267 A1 DE 102016008267A1 DE 102016008267 A DE102016008267 A DE 102016008267A DE 102016008267 A1 DE102016008267 A1 DE 102016008267A1
Authority
DE
Germany
Prior art keywords
terminal
sensor values
random number
method according
characterized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
DE102016008267.4A
Other languages
German (de)
Inventor
Michael Fiedler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient Mobile Security GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient Mobile Security GmbH filed Critical Giesecke and Devrient Mobile Security GmbH
Priority to DE102016008267.4A priority Critical patent/DE102016008267A1/en
Publication of DE102016008267A1 publication Critical patent/DE102016008267A1/en
Application status is Pending legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Abstract

The present invention is directed to a method for securely communicating between a first and a second terminal, wherein it is possible to establish a secure communication channel with the first terminal after delivery. The invention is further directed to a suitably configured communication arrangement comprising the first and second terminals. Furthermore, a computer program product is provided which has control commands which implement the proposed method or operate the proposed communication arrangement. In addition, a communication protocol is provided which implements the proposed method steps.

Description

  • The present invention is directed to a method for securely communicating between a first and a second terminal, wherein it is possible to establish a secure communication channel with the first terminal after delivery. The invention is further directed to a suitably configured communication arrangement comprising the first and second terminals. Furthermore, a computer program product is provided which has control commands which implement the proposed method or operate the proposed communication arrangement. In addition, a communication protocol is provided which implements the proposed method steps.
  • Known methods show a variety of cryptographic algorithms, which are generally suitable for encrypting secret information. For this purpose, for example, various asymmetric methods are known. It can be provided that information is encrypted using a public and a secret key. This may, for example, be done in such a way that first information, which is generally known, is used and, further, secret information is associated with this public key by a user himself. In particular, methods are known which provide an e-mail address or a user name as the public key. It is also known to use a so-called Internet Protocol IP address. In particular, passwords, pin numbers or security queries are known as secret keys.
  • If, for example, a user is to authenticate himself to an authentication point, he uses a security query to which only the authorized user knows the answer. In this case, the security query may be a public key and the answer to this question may be the secret key.
  • Also known are so-called man-in-the-middle attacks. In a man-in-the-middle attack, a communication link is established between a first communication unit and a second communication unit. Between these two communication units, an unauthorized third party gains access to the communication signal and listens to the exchanged messages. This is particularly safety-critical, since such a man-in-the-middle attack either can not be noticed, or even that a falsified message exchange between the communication components has taken place. It is thus possible for the unauthorized third party to simply pass on the message exchange between the two communication partners unchanged. In this way, while no change in the message exchange, but it can be read confidential information from the message exchange. Furthermore, the third party, ie the man-in-the-middle, can also change the message exchange such that secure communication between the two communication partners is no longer possible.
  • In order to counter this, it is known to provide a particularly secure communication connection and, if necessary, secure it by means of hardware components. The disadvantage here, however, that typically already at a delivery of communication partners, ie the physical provision must be known that the connection should be established secured. Thus, methods are necessary that allow retrofitting already delivered terminals or to enable secure communication with these devices with little technical effort.
  • It is thus an object of the present invention to provide a method for secure communication between two communication partners, which despite the secure connection can be provided with little technical effort. It is a further object of the present invention to propose a communication arrangement which carries out the method according to the invention. In addition, it is an object of the present invention to provide a correspondingly configured computer program product with control commands which implement the method steps or are set up to operate the communication arrangement.
  • The object is achieved by a method for secure communication according to the subject-matter of claim 1. Further advantageous embodiments are specified in the subclaims.
  • Accordingly, a method for securely communicating between a first terminal and a second terminal is proposed. In this case, a random number is generated as a function of measured sensor values, which is encrypted by means of an identity-based encryption method. Further, provision of a connection-specific public key is performed using a default public master key. This is followed by generating a secret key using the connection-specific public key and decrypting the generated random number by the second terminal using the generated secret key. This is followed by establishing a secure connection between the first terminal and the second terminal using the decrypted random number. Once the connection has been established, the measured values are retrieved by the second terminal from the first terminal by means of the established secure connection and the identity of the first terminal is checked by the second terminal by means of comparing the retrieved sensor values and sensor values stored in the second terminal ,
  • According to the invention, secure communication is essentially ensured by the fact that the measured sensor values can not be reproduced by an attacker in such a way that they can output themselves as the first terminal. Even if it were possible to establish a secure connection between the first terminal and the second terminal, it is nevertheless recognized by means of checking that a man-in-the-middle is not the first terminal. Thus, while generally the first terminal and the second terminal communicate with each other in such a way that an attacker can bring in the communication line, but this is at least recognized by the second terminal such that the communication link can be canceled.
  • The first terminal may be a hardware component having a processor, nonvolatile memory and sensors. For example, it is possible in a scenario, the so-called "Internet of Things" or "Industry 4.0" retrofit any device, such that it can be inventively established as a first terminal. For this typically only one communication interface is necessary.
  • The second terminal can be a secure environment, for example a backend. A backend generally provides a communications environment that provides, for example, a central computer, that is, a server. This backend is set up to take on network-technical tasks and if necessary also to implement the proposed method. Thus, it is also possible according to the invention to designate the second terminal as a backend, a server or generally as a communication partner. In general, however, it is also possible to provide other terminals, such as a mobile terminal, which should establish a secure connection with the first terminal. The person skilled in the art will recognize here two further method steps, which are typically necessary in order to provide a communication relationship between two terminals.
  • In generating a random number, known algorithms may be used which output randomized values. In the present case, it is particularly advantageous that this takes place as a function of measured sensor values. A sensor value can be measured, for example, in the first terminal and thus can also serve as an attribute for the generation of the random number. In this case, all imaginable sensor values are possible which can be measured in the first terminal. Thus, it is also necessary to focus on the hardware equipment of the first terminal. For example, this can also be a timer, such that a conventional time or a system time is used. A system time here is a logical time which prevails within a predetermined system comprising the first terminal and the second terminal. For example, a system time or system clock may be a consecutive numbering. All of these values can be used to generate the random number, such that a random number or a pseudorandom number is generated.
  • If this random number exists, then this is encrypted with an example known identity-based encryption method. The concept of identity-based encryption is generally known and is often referred to as an identity-based cryptography method. In this case, identity-based cryptography is a special form of public-key cryptography in which, for example, the identity of a user also represents a public key. Certificates that confirm the affiliation of a public key to an identity are therefore no longer necessary. In general, identity-based cryptography methods are known to the person skilled in the art, which, according to the invention, need only be carried out in such a way that precisely the measured sensor values are taken into account. In this case, less attention should be paid to the concrete design of identity-based cryptography, but rather any general concept that serves identity-based cryptography should be used. Essential to the invention in this context is merely the generation of a random number as a function of measured sensor values.
  • Furthermore, a connection-specific public key of the second terminal is provided. Here, a public key is known, which is used here. In general, the skilled person knows how public keys are provided, since they are public and thus can be transmitted or retrieved. A public key may be, for example, an IP address of one of the communication partners, which is well known and typically also one Initializing a connection is used. In general, it must first be specified with which communication partners you want to establish a secure connection. Thus, the public keys are well known.
  • In addition, it is proposed to generate a secret key, for example by the second terminal, using the connection-specific public key. This is followed by decryption of the generated random number, which has been encrypted in advance according to the identity-based encryption method. For this purpose, the generated secret key is known to the second terminal.
  • Since now all the parameters are present, which are necessary to establish a secure connection, this is just made. Starting from this secure connection, the measured measured sensor values are retrieved by the second terminal from the first terminal. Since this retrieval of the sensor values can be falsified, for example because an attacker picks up, modifies and modifies the sensor values from the first terminal to the second terminal, the identity of the first terminal is now checked by the second terminal by means of comparing the retrieved sensor values with stored sensor values.
  • These stored sensor values can already be present, for example, to the second terminal or can be determined by the second terminal without communication with the first terminal. For example, a history of a communication between the first and the second terminal can be evaluated and thus concluded on the behavior of the first terminal. If it is now recognized on the basis of the received sensor values that these deviate considerably from the stored sensor values, then it is possible that these deviating sensor values were generated by an attacker. For this purpose, certain behavioral parameters of the first terminal can be analyzed and extrapolated. This can be done, for example, such that existing data describing the first terminal, which are additionally trusted, are interpolated or extrapolated. Thus, it is possible to identify characteristic data of the first terminal and also to compare such characteristic data with actually retrieved sensor values of the first terminal. Since the attacker can not generate such characteristic data, that is to say fetched sensor values, or can generate them only with additional knowledge, it is possible to check whether the identity of the first terminal is actually safeguarded.
  • For this purpose, for example, a threshold value can be provided which gives an indication of the extent to which the retrieved sensor values must match the stored sensor values. If the expected retrieved sensor values deviate considerably from the stored sensor values, for example to at least 10%, then it can be assumed that these retrieved sensor values do not represent the actual sensor values of the first terminal, but have just been incorrectly falsified. However, if the retrieved sensor values substantially coincide with the expected, stored sensor values, a positive check of the identity of the first terminal follows in such a way that it can actually be concluded that an unadulterated communication connection has been established between the first terminal and the second terminal ,
  • Thus, the proposed method can also be described as a method for securely communicating between a first terminal and a second terminal, wherein an authentication algorithm is compared with expected sensor values as a function of actually measured sensor values of the first terminal.
  • Accordingly, a cryptographic method is also proposed, which makes it possible to perform an authentication as a secret key as a function of measured sensor values, which uses sensor values stored as second secret key. Thus, the stored sensor values are calculated sensor values, for example as a function of an estimation of sensor values or simply also known sensor values which are known only to the second terminal. Thus, it is particularly advantageous according to the invention that the first sensor values which are called up are actually measured by the first terminal and the second sensor values stored by the second terminal are predetermined.
  • In this case, a comparison of the retrieved sensor values and the stored sensor values can take place in such a way that they must match at least to a certain percentage. If these do not agree with the predetermined percentage, the identity of the first terminal is negatively checked by the second terminal, and further error handling steps can be carried out. Error handling can be done, for example, by interrupting the communication between the first and the second terminal. Furthermore, it may be necessary to block the first terminal, which has been negatively checked, in such a way that no further communication connection is established can. It can be done by means of a blocking of an address of the first terminal. Thus, a blacklist can be created, which maintains an IP address of the first terminal. In further communication attempts, the blacklist can then be checked first, and if the address of the first terminal is in the blacklist, then immediately any further communication setup can be aborted immediately.
  • According to one aspect of the present invention, the generated random number is asymmetrically encrypted. This has the advantage that known cryptographies, which provide a public key and a private key, can be used again. For example, it is possible according to the invention to reuse known cryptography methods, for example identity-based encryption, and to resort to freely available implementations.
  • According to another aspect of the present invention, the random number is encrypted in response to an IP address. This has the advantage that the proposed method is particularly easy to implement and an IP address can be provided without much effort or is already known.
  • According to another aspect of the present invention, the random number is encrypted using a padding method. This has the advantage that the parameters used can be adapted in such a way that they can also be used according to the invention in existing systems. For example, according to the invention, the format of parameters may be adjusted such that, if a parameter value of a certain size is expected, an existing parameter value may be padded with additional locations that do not carry any semantics. If, for example, random numbers are provided which are coded by means of a number of small 8 bits, then the missing positions can be filled up with zero.
  • According to another aspect of the present invention, the secret key is generated using at least the second terminal. This has the advantage that the second terminal as well as the typically provided "Trusted Third Party PKG" of the cryptography method coincide with the instance of the typically provided "Private Key Generator" and with the backend. This means that the method step of generating a secret key using the connection-specific public key can be carried out in such a way that the so-called private key generator, as used in conventional methods, is not needed. Rather, it is advantageous here that the essential method steps which lead to the generation of the secret key can always be carried out by the second terminal. In particular, it is advantageous to provide a so-called backend as the second terminal. In particular, further devices can be used, since only at least the second terminal is used.
  • According to a further aspect of the present invention, the generation of the random number, the provision of the connection-specific public key and / or the generation of the secret key are carried out by the first terminal. This has the advantage that in the proposed method, only the first terminal and the second terminal must be held and no further devices must be provided. The person skilled in the art recognizes that only network-typical components are to be provided for setting up a network.
  • According to a further aspect of the present invention, in a preparatory method step, control commands are provided to the first terminal by the second terminal, which allow the method steps to be carried out. This has the advantage that the method steps as proposed, apart from the preparatory method step, can be executed by the first device in such a way that only those method steps that are carried out by the second device are outsourced. This has the advantage that any conventional terminal having a processor, a nonvolatile memory and sensors can be adapted according to the invention so that it can carry out the advantageous method. Thus, it is sufficient on the part of the first terminal, only aufzuspielen the proposed control commands and create a secure channel hereby. Thus, it is also possible to adapt already delivered first terminals advantageous.
  • According to another aspect of the present invention, the measured sensor values include a time, a noise level, a spectral characteristic, a power consumption, a battery voltage, a system time, and / or calibration data. This has the advantage that any data measured by the first terminal can be used. In this case, it is particularly advantageous to provide a plurality of these parameters, which then also have to be made available for comparison by the second terminal.
  • For example, the first terminal may measure a battery voltage, and the second terminal may estimate the battery voltage. For example, the second terminal has information about how long the first terminal has already been turned on is. This can be determined, for example, on the basis of a delivery date. Further, the encrypted battery voltage may be requested by the first terminal and estimated by the second terminal. If the recalled battery voltage differs from the expected battery voltage, it is possible that an attacker has corrupted this value. The attacker must falsify this value because he has no information regarding the battery voltage. Thus, it is easy to detect a change in the message exchange.
  • According to another aspect of the present invention, the measured sensor values provide at least one characteristic feature of the first terminal. This has the advantage that it is a specific feature of the first terminal, which precisely characterizes this terminal and no other terminals. Typically, end devices are always supplied by the manufacturer in the same design. Thus, such generic features are not a suitable feature for the identification of the first terminal. Thus, therefore, features must be selected which typically always refer to a single terminal. This may be, for example, the power consumption or a battery voltage, which is typically present in the form only in a special terminal. The more characteristic the characteristic to be chosen, the higher the security of the proposed method. In particular, it is advantageous to combine a plurality of sensor values such that a characteristic feature is provided. In this case, it is again possible to increase the security of the proposed method in such a way that a multiplicity of sensor values is linked. This results in a clear identification, since a plurality of sensor values can typically only be measured in this form at a specific terminal.
  • According to a further aspect of the present invention, the sensor values stored in the second terminal are estimated. This has the advantage that the second terminal does not need to be informed in advance of the sensor values, but rather a method can be implemented which estimates the parameter values of the first terminal. In this case, for example, previous communication or any background knowledge about the first terminal can be used.
  • According to a further aspect of the present invention, the sensor values stored in the second terminal are interpolated or extrapolated. This has the advantage that further measuring points can be derived as characteristic features from known measuring points of parameters of the first terminal. If, for example, five battery voltages of the first terminal are known, then at least one sixth battery voltage can be extrapolated such that an expected value arises. If the first terminal, for example, a disposable terminal, which is not loadable, it is expected that the battery voltage holds with further use of the terminal. Now, if a battery voltage is transmitted as a characteristic feature, which in turn has risen, this is an indication that the communication between the first terminal and the second terminal has been deflected.
  • According to a further aspect of the present invention, the sensor values to be measured can be selected such that they can not be generated by other devices. This has the advantage that particularly characteristic and unique sensor values are generated, to which an attacker has no influence. Thus, it is also possible to uniquely identify the first terminal since the attacker can not provide any characteristic features of the first terminal.
  • According to another aspect of the present invention, the second terminal is present as a backend. This has the advantage that the second terminal may include, for example, a server and in this case, other components are available. For example, it allows a backend to provide a technical environment that generally allows communication between two terminals at all.
  • The object is also achieved by a communication arrangement for securely communicating between a first terminal and a second terminal, wherein a protocol is provided, which causes the following steps, namely generating a random number depending on measured sensor values, which are identified by means of an identity-based Encryption method is encrypted and providing a connection-specific public key using a preset public master key. Furthermore, generating a secret key is initiated using the connection-specific public key and decrypting the generated random number by the second terminal using the generated secret key. Thereupon, a secure connection is established between the first terminal and the second terminal using the decrypted random number. The measured sensor values are then retrieved by the second terminal from the first terminal by means of the established secure connection and the identity of the first terminal is checked by the second terminal by means of comparing the retrieved sensor values and sensor values stored in the second terminal.
  • Furthermore, a computer program product with control commands is proposed, which implement the method or operate the inventive communication arrangement.
  • Furthermore, a protocol is proposed, which causes the method steps.
  • According to the invention, it is particularly advantageous that the method can be imaged in the communication arrangement by means of structural features. Conversely, the structural features of the communication arrangement are also to be implemented as method steps. It is also advantageous that the control commands of the computer program product implement the method steps or are set up to operate the structural features of the communication arrangement.
  • In the following the invention will be explained by way of example with reference to the accompanying figures. Show it:
  • 1 a communication arrangement according to an aspect of the present invention;
  • 2 FIG. 3 is a schematic flow diagram of a method or protocol according to an aspect of the present invention; FIG. and
  • 3 a schematic flow diagram of a method or a protocol according to another aspect of the present invention.
  • 1 shows on the left side of a terminal G on which an application A is played. This application A contains control commands which implement the inventive method at least on the side of the first terminal. On the right side, a second terminal is shown, for example by an operator B. Now, if a communication connection between the first terminal G and the second terminal B is established, it is possible that a so-called man-in-the-middle attack takes place , In this case, it is particularly advantageous to establish a secure communication connection, shown here by a bidirectional arrow. The objective is to circulate Smart Connected Devices, such as devices, sensors or tags, for specific purposes within the framework of the emerging "Internet-of-Things" and the security requirement of "Industry 4.0". Thus, the terminals are largely beyond the control of the operator, except for communication over the given by the respective connectivity channels. For the first time, a secure communication is not required for most devices. An example here are the condition sensors of construction machinery. In some cases, however, you will need a secure channel (post-issuance), such as when the terminal is upgraded for valuable transactions, such as renting, or when the operator is exposed to attacks. For widely distributed components, a method that operates remotely is necessary for establishing a secure connection.
  • According to one aspect of the present invention, it is a prerequisite that the terminal has a processor, a non-volatile memory and any sensors. Furthermore, a known, preset and unique IP address is advantageous. Applications can be reloaded via the data connection. As an attacker, it can be given a so-called man-in-the-middle MIM, which can intercept, suppress and / or read communication in both directions. There is no secret key on the terminal, the operating system or the application image on the terminal is the copy of a standard template.
  • Thus, according to the invention, a secure channel is established, and it is recognized whether the backend of the operator actually communicates with the terminal, which dictates a certain identity or with a man-in-the-middle.
  • To solve this problem, it is therefore proposed to download in a first step, an application from the backend to the terminal, which performs the following steps.
  • If the download of the application was successful, the terminal now generates an arbitrary random number by: u. a. the time and a certain proportion of the measurement results are included in the memory. This random number is encrypted asymmetrically according to identity-based encryption. The terminal uses its own IP address, for example a version 6 IP address, and possibly a padding specified in the application, to calculate the quasi-connection-specific public key of the backend. The required public master is included in the distributed application.
  • A secret private key can be created for this quasi arbitrarily chosen public key. The second communication partner as well as the Trusted Third Party PKG of the ID-based encryption scheme coincide here with the instance of the private key generator and with the backend.
  • The backend decrypts the random numbers with the calculable private key associated with that specific connection, thus building a secure channel as a key. Through this channel, the backend requests the terminal to send a replay of the stored measurement results and / or the current characteristic sensor or device properties for quasi-authentication. These device characteristics may be a noise level, a spectral characteristic, a power consumption, a battery voltage, a system clock, and / or calibration data. These are compared with previously recorded possibly statistically evaluated or the backend a priori known parameters. For this purpose, for example statistical mean values or trends can be determined or known parameters, which are determined, for example, during calibration, can be used.
  • If the man-in-the-middle pretends to be the first terminal in relation to the backend, he can establish a secure connection by means of the application, but can not (or with sufficient probability) use the values for (soft) authentication requested in the subsequent method step deliver. The backend then lists the IP address until a later attempt.
  • If the man-in-the-middle pretends to be backend to the end device, he is unable to decrypt the random number but can only either completely interrupt communication or be completely transparent. In the former case, the backend detects the communication termination, in the second case, the secure channel is established as normal.
  • 2 shows a method for securely communicating between the first terminal and a second terminal with the steps of generating 100 a random number as a function of measured sensor values which are encrypted by means of an identity-based-encription method 101 becomes. It is further provided to provide a connection-specific public key 102 using a default public master key. Furthermore, a generation takes place 103 a secret key using the specific public key. This is followed by decryption 104 the generated random number by the second terminal using the generated 103 secret key. Then a secure connection is established 105 between the first terminal and the second terminal using the decrypted random number. This is followed by a retrieval 106 the measured sensor values by the second terminal from the first terminal by means of the established secure connection. Finally, a check is made 107 the identity of the first terminal by the second terminal by means of comparing the retrieved sensor values and sensor value stored in the second terminal.
  • 3 shows a further aspect of the proposed method or proposed protocol. If devices are circulated, a secure communication connection between the devices and the operator is usually dispensed with. To subsequently establish a secure connection and to ensure that only the terminal and the operator communicate with each other, the following procedure is proposed:
    The operator B loads an application A onto the terminal G, 201 ;
    The application A generates a random number on the terminal G, z. By time, memory metrics, and scrambling the random number asymmetrically according to identity-based encryption, 202 ;
    Application A generates a connection-specific public key of the operator B by means of public master, which is contained in the application A, and by means of the communication address of the device G, 203 ;
    The terminal G sends the random number to the operator G who decrypts it with a calculable private key belonging to this connection, 204 ;
    The terminal B uses the decrypted random number as key to establish a secure connection with the terminal G, 205 ; and
    The operator B requests the terminal G to authenticate by means of characteristic values.
  • The advantage here is that while a man-in-the-middle can establish a secure connection with operator B, it can not authenticate itself because characteristic values are unknown. Compared to the terminal G, the man-in-the-middle can not decrypt the random number.
  • The described method steps can be executed partly iteratively or in parallel. In particular, it is advantageous that the proposed method steps can also be implemented as a protocol.
  • Thus, an advantageous method, a communication arrangement, a communication protocol and a computer program product are described, according to which a secure connection to delivered devices can be made without this being provided for the delivery time on the devices. Consequently, a secure connection can be made subsequently.

Claims (15)

  1. Method for securely communicating between a first terminal (G) and a second terminal (B), comprising the steps of: - generating ( 100 ) of a random number depending on measured sensor values, which encrypted using an identity-based encryption ( 101 ) becomes; - Provide ( 102 ) a connection-specific public key using a default public master key; - Produce ( 103 ) a secret key using the connection-specific public key; - Decrypt ( 104 ) of the generated random number by the second terminal (B) using the generated ( 103 ) secret key; - Build up ( 105 ) a secure connection between the first terminal (G) and the second terminal (B) using the decrypted ( 104 ) Random number; - Recall ( 106 ) of the measured sensor values by the second terminal (B) from the first terminal (G) by means of the established ( 105 ) secured connection; and - checking ( 107 ) of the identity of the first terminal (G) by the second terminal (B) by means of a comparison of the retrieved ( 106 ) Sensor values and in the second terminal (B) stored sensor values.
  2. Method according to Claim 1, characterized in that the generated random number is asymmetrically encrypted ( 101 ) becomes.
  3. Method according to Claim 1 or 2, characterized in that the random number is encrypted as a function of an IP address ( 101 ) becomes.
  4. Method according to one of the preceding claims, characterized in that the random number is encrypted using a padding method ( 101 ) becomes.
  5. Method according to one of the preceding claims, characterized in that the generating ( 103 ) of a secret key using at least the second terminal (B).
  6. Method according to one of the preceding claims, characterized in that the generation ( 100 ) of the random number, providing ( 102 ) of the connection-specific public key and / or the generation ( 103 ) of the secret key is executed by the first terminal (G).
  7. Method according to one of the preceding claims, characterized in that in a preparatory method step, the first terminal control commands (A) are provided by the second terminal, which allow performing the method steps.
  8. Method according to one of the preceding claims, characterized in that the measured sensor values include a time, a noise level, a spectral characteristic, a power consumption, a battery voltage, a system time and / or calibration data.
  9. Method according to one of the preceding claims, characterized in that the measured sensor values provide at least one characteristic feature of the first terminal (G).
  10. Method according to one of the preceding claims, characterized in that the sensor values stored in the second terminal (B) are estimated.
  11. Method according to one of the preceding claims, characterized in that the sensor values stored in the second terminal (B) are interpolated or extrapolated.
  12. Method according to one of the preceding claims, characterized in that the sensor values to be measured are selected such that they can not be generated by further terminals.
  13. Method according to one of the preceding claims, characterized in that the second terminal (B) is present as a backend.
  14. A communication arrangement for securely communicating between a first terminal (G) and a second terminal (B), wherein a protocol is provided that causes the following steps: - Generate ( 100 ) of a random number as a function of measured sensor values which are encrypted by means of an identity-based encryption method ( 101 ) becomes; - Provide ( 102 ) a connection-specific public key using a default public master key; - Produce ( 103 ) a secret key using the connection-specific public key; - Decrypt ( 104 ) of the generated random number by the second terminal (B) using the generated ( 103 ) secret key; - Build up ( 105 ) a secure connection between the first terminal and the second terminal (B) using the decrypted ( 104 ) Random number; - Recall ( 106 ) of the measured sensor values by the second terminal (B) from the first terminal (G) by means of the established ( 105 ) secured connection; and - checking the identity of the first terminal (G) by the second terminal (B) by means of a comparison of the retrieved ( 106 ) Sensor values and in the second terminal (B) stored sensor values.
  15. Computer program product with control instructions implementing the method according to one of claims 1 to 13.
DE102016008267.4A 2016-07-07 2016-07-07 Establishment of a secure communication channel Pending DE102016008267A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE102016008267.4A DE102016008267A1 (en) 2016-07-07 2016-07-07 Establishment of a secure communication channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102016008267.4A DE102016008267A1 (en) 2016-07-07 2016-07-07 Establishment of a secure communication channel

Publications (1)

Publication Number Publication Date
DE102016008267A1 true DE102016008267A1 (en) 2018-01-11

Family

ID=60676176

Family Applications (1)

Application Number Title Priority Date Filing Date
DE102016008267.4A Pending DE102016008267A1 (en) 2016-07-07 2016-07-07 Establishment of a secure communication channel

Country Status (1)

Country Link
DE (1) DE102016008267A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004047614A1 (en) * 2004-09-30 2006-04-20 Giesecke & Devrient Gmbh Portable data medium e.g. smart card, has sensor for generation of sensor signal which depends on physical parameter acting on sensor and derivable from input value for random number generator
US20090055648A1 (en) * 2007-08-20 2009-02-26 Samsung Electronics Co., Ltd. Method of and apparatus for sharing secret information between device in home network
US7590236B1 (en) * 2004-06-04 2009-09-15 Voltage Security, Inc. Identity-based-encryption system
US20100104094A1 (en) * 2007-01-19 2010-04-29 Mitsubishi Electric Corporation Ciphertext generating apparatus, cryptographic communication system, and group parameter generating apparatus
US20130266139A1 (en) * 2012-04-06 2013-10-10 Kapsch Trafficcom Ag Method for Detecting a Speed Violation of a Vehicle
US20150046715A1 (en) * 2013-08-06 2015-02-12 Ologn Technologies Ag Systems, Methods and Apparatuses for Prevention of Unauthorized Cloning of a Device
DE102014206943A1 (en) * 2014-04-10 2015-10-15 Siemens Aktiengesellschaft Key generation apparatus and method for generating a key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7590236B1 (en) * 2004-06-04 2009-09-15 Voltage Security, Inc. Identity-based-encryption system
DE102004047614A1 (en) * 2004-09-30 2006-04-20 Giesecke & Devrient Gmbh Portable data medium e.g. smart card, has sensor for generation of sensor signal which depends on physical parameter acting on sensor and derivable from input value for random number generator
US20100104094A1 (en) * 2007-01-19 2010-04-29 Mitsubishi Electric Corporation Ciphertext generating apparatus, cryptographic communication system, and group parameter generating apparatus
US20090055648A1 (en) * 2007-08-20 2009-02-26 Samsung Electronics Co., Ltd. Method of and apparatus for sharing secret information between device in home network
US20130266139A1 (en) * 2012-04-06 2013-10-10 Kapsch Trafficcom Ag Method for Detecting a Speed Violation of a Vehicle
US20150046715A1 (en) * 2013-08-06 2015-02-12 Ologn Technologies Ag Systems, Methods and Apparatuses for Prevention of Unauthorized Cloning of a Device
DE102014206943A1 (en) * 2014-04-10 2015-10-15 Siemens Aktiengesellschaft Key generation apparatus and method for generating a key

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
(1) Liang, L. [et.al.]: A Networking Identity Authentication Scheme Combining Fingerprint Coding and Identity Based Encryption, 2007 IEEE Intelligence and Security Informatics, Pages: 129 - 132, DOI: 10.1109/ISI.2007.379545, IEEE Conference Publications, URL http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4258685 [abgerufen im Internet am 20.03.2017] *
(1) Liang, L. [et.al.]: A Networking Identity Authentication Scheme Combining Fingerprint Coding and Identity Based Encryption, 2007 IEEE Intelligence and Security Informatics, Pages: 129 - 132, DOI: 10.1109/ISI.2007.379545, IEEE Conference Publications, URL http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4258685 [abgerufen im Internet am 20.03.2017]

Similar Documents

Publication Publication Date Title
US8209744B2 (en) Mobile device assisted secure computer network communication
US8413221B2 (en) Methods and apparatus for delegated authentication
US9887838B2 (en) Method and device for secure communications over a network using a hardware security engine
KR101952601B1 (en) APPARATUS AND METHOD FOR Authentication BETWEEN Devices based on PUF over Machine-to-Machine Communications
US6539479B1 (en) System and method for securely logging onto a remotely located computer
US9065637B2 (en) System and method for securing private keys issued from distributed private key generator (D-PKG) nodes
CN1708942B (en) Secure implementation and utilization of device-specific security data
US9911010B2 (en) Secure field-programmable gate array (FPGA) architecture
EP2548353B1 (en) Devices and method of enforcing a computer policy
DE102015101620A1 (en) Provision of security credentials
US6950523B1 (en) Secure storage of private keys
US8144874B2 (en) Method for obtaining key for use in secure communications over a network and apparatus for providing same
US8930700B2 (en) Remote device secure data file storage system and method
US8132020B2 (en) System and method for user authentication with exposed and hidden keys
KR100979576B1 (en) Methods for remotely changing a communications password
US20060041642A1 (en) Secure proximity verification of a node on a network
TWI497336B (en) Data security devices and computer program
US20160119291A1 (en) Secure communication channel with token renewal mechanism
US9935954B2 (en) System and method for securing machine-to-machine communications
CN1659821A (en) Method for secure data exchange between two devices
WO2009137371A2 (en) Enterprise device recovery
US8719952B1 (en) Systems and methods using passwords for secure storage of private keys on mobile devices
US7913085B2 (en) System and method of per-packet keying
US8775794B2 (en) System and method for end to end encryption
CN102843234B (en) A semiconductor device and a method of writing data to a semiconductor device

Legal Events

Date Code Title Description
R163 Identified publications notified