DE102020000635A1 - Perfectly secure communication between participants in cellular networks - Google Patents

Abstract

Because mobile participants in communication networks can only exchange messages wirelessly, it is possible for unauthorized third parties to receive and change them. The methods previously used in mobile communication for message encryption, in which the keys are less than the message lengths, have proven to be insecure and methods that are currently still considered secure will be broken in the near future. All remote data transmissions between mobile participants are therefore perfectly secured in terms of information theory by means of one-time keys of message length, so that messages can only be meaningfully decrypted by their authorized recipients and thus their senders are inherently authenticated. The keys are generated by a sovereign authority using genuine random processes and, together with clear identifications, are stored in a tamper-proof memory on read-only memories that are given to the participants in direct contact. Messages are written in a formal language that is restricted to the needs of the respective area of application and transmitted in compressed form, which minimizes the amount of data and key requirements required for the information content to be transmitted. Two participants each communicate via a network of relay stations. These stations have copies of the key stocks of all participants, block unauthorized communication participants and suppress unwanted messages. Process sketch overleaf.

Description

Automation devices often have to be able to communicate digitally with one another. The information and communication technologies used are increasingly being transferred to everyday applications - a phenomenon also known as the “Internet of Things”. If communication is to be wireless, the following three requirements must be met.

Uniformity: The industry is characterized by a very heterogeneous manufacturer landscape. An organizationally and technically uniform architecture for networking all systems must therefore be provided.

Safety: In a safety-critical environment, the highest possible functional safety of the entire processing must be guaranteed. Since the transmission medium is accessible to everyone in the case of wireless communication, unauthorized reading and modification of messages must be prevented.

Real-time capability: Messages must be transmitted within defined times in order to be able to recognize and correct critical system states in good time.

To meet these requirements, the “Reference Architecture Model Industry 4.0” [1] was used to specify a general structure for networking individual systems to form the Internet of Things. The model sees individual layers for the implementation of, among other things. Data protection and ICT security. As an alternative to end-to-end encryption on the communication links, consciously interconnected servers with an insight into the data transfer are considered useful, for example in order to be able to detect information leaks or attacks via the communication links [2].

For security-critical applications with long periods of use, as can be found in the Internet of Things, the greatest possible degree of security and scalability must be permanent, i.e. H. can be guaranteed over product lifetimes of at least several decades. I. This affects the core aspects of encryption procedures, network topology, key exchange and generation as well as organization.

The usual encryption methods cannot guarantee perfect security over decades of use.

The asymmetrical methods that satisfy Kerckhoff's principle (e.g. according to [3]) can always be broken with sufficient time or computing power, since the mathematical relationships between private and public keys are known. Their security is based solely on the fact that the calculations required to break the encryption would take too long with current computers. Another weakness that is more relevant in practice is its susceptibility to side-channel attacks, since no secure authentication is possible without key exchange via secure channels (Janus attacks) [4].

However, asymmetric encryption is used in various mobile communication applications. This is how in EP2950506B1 discloses a method for setting up a secure communication channel, which secures the transmission of the required key using asymmetrical methods. To EP3086587A1 every text message is encrypted with the recipient's public key as it is entered. Disclosed for the frequent application of data exchange between motor vehicles WO2008 / 063899A2 a procedure in which security is based on a public key infrastructure.

With WEP and A5 (GSM), symmetrical encryption procedures that had previously been considered secure were repeatedly broken. It must therefore i. A. It can be assumed that symmetrical encryption methods (e.g. AES [5] or WPA) that are currently still considered secure will be broken in the future.

Only methods [6] of one-time encryption according to information-theoretical security are demonstrably non-breakable US1310719 or DE102005006713 . Their security is based on the fundamental impossibility of solving an equation with two unknowns. Due to practical difficulties regarding key needs and exchange, this concept has been used less and less in the last few decades. In DE202011110926U1 one of the few methods is disclosed which overcomes the practical difficulties of using perfectly secure encryption in automation technology. However, there is still no process that adapts perfectly secure encryption to the special requirements of mobile communication in the Internet of Things. Existing network architectures are not suitable for the use of perfectly secure encryption while at the same time guaranteeing hard real-time requirements, because they were designed for voice transmission that only made soft real-time requirements.

In principle, a network can be used with ("infrastructure mode") or without switching stations ("ad- hoc mode "). Switching stations are also known as "relays".

Concepts for the ad-hoc mode are, for example, in EP3468294A1 and EP2490183B1 disclosed here for direct data exchange between motor vehicles. Since in ad-hoc mode the number of intermediate stations required is not known before transmission, the length of the transmission path in an ad-hoc network cannot be foreseen. Therefore, messages cannot be transmitted in predictable periods of time.

In infrastructure mode, transmission is handled via a dedicated relay. The messages are transmitted from a communication participant (K ₁ ) to this relay (R _s ) and passed on from there to the receiver (K ₂ ). Logically, there are therefore always exactly two transmission links, K ₁ → R _s and R _s → K ₂ . The infrastructure mode is used in particular in cellular networks for voice and data transmission between cell phones. To use this communication between subscribers in mobile radio networks, namely the three essential requirements of user management between systems from different manufacturers, perfectly secure encryption of the data to be exchanged and hard real-time capability of data transmission not or not permanently, through the use of perfectly secure encryption and a predetermined length the transmission path fixed. 1 shows the system architecture according to the invention for the general case of communication between two participants.

A set of participants is given (T = {t ₁ , ..., t _n }). by a sovereign authority HB (a) each be provided with a unique identification ID _i . At the same time, HB generates one-time keys with the help of a genuinely random process. In the event of physical contact between the subscriber t _i and HB (b) the identifier ID _i and a supply of keys (K _i ) are transferred to the subscriber in a tamper-proof memory on a read-only memory.

Furthermore, there are a number of relay stations R, which are networked with one another by means of a dedicated, for example by quantum cryptography tap-proof and manipulation-proof communication network in such a way that the maximum message transmission time in this network meets the real-time requirements of the respective area of application. The authority HB also has tap-proof and manipulation-proof access to this network in order to transmit copies of the subscribers' key sets to the relay stations (c) . The result is _{a symmetrical key set for t i} ∈ T and all relay stations (d) .

Each participant has a possibility to determine their own position. In order to always be able to determine its position relative to the relay stations, the positions of the relay stations are also stored in the read-only memories. The latter can filter out unwanted messages by checking received messages for compliance with given conventions and plausibility.

Alternatively, the keys can be generated using protocols running synchronously at HB, the participants and in the relay stations, for example through chaos processes [9].

1. 1. Die hoheitliche Behörde erzeugt und verteilt Schlüssel nach dem zuvor dargestellten Verfahren.
2. 2. Der sendende Teilnehmer wählt einen beliebigen Schlüssel mit Index i aus seinem Vorrat zur Verschlüsselung seiner Nachricht aus.
3. 3. Die Nachricht wird mit der Verschlüsselungsfunktion e verschlüsselt.
4. 4. Die verschlüsselte Nachricht wird mit dem Index des im Vorrat ausgewählten Schlüssels und der Adresse des empfangenden Teilnehmers an die nächstgelegene Relaisstation R_i geschickt.

The exchange of messages (e) between two participants is handled according to the following protocol. 2 graphically depicts this protocol.

1. 1. The sovereign authority generates and distributes keys according to the procedure outlined above.
2. 2. The sending subscriber selects any key with index i from his supply to encrypt his message.
3. 3. The message is encrypted with the encryption function e.
4. 4. The encrypted message is sent _{to the nearest relay station R i} with the index of the key selected in the stock and the address of the receiving subscriber.

The concept to other protocols is used, for example, in EP2952039B1 discloses a method for data transmission in cellular mobile radio communication networks such as 3G (UMTS) or 4G (LTE).

With conventional cellular network architectures, there is no longer a secure channel for handing over keys after a subscriber's first contact with the network operator. So far there has been no method which solves the problem of key exchange and replenishment under the scaling requirements existing in mobile communication in a constant complexity class.

und bei asymmetrischer n =

(n) Schlüsselpaare erforderlich. Wird ein weiterer Teilnehmer hinzugefügt, müssen bei symmetrischer Verschlüsselung n =

(n) neue Schlüsselpaare und bei asymmetrischer 1 =

(1) neues Schlüsselpaar erzeugt werden, um die Kommunikation zwischen den dann n + 1 Teilnehmern individuell abzusichern. Zur Verteilung ist in jedem Fall einmalig die Verwendung eines sicheren Kanals zu jedem der n + 1 Teilnehmer notwendig.For encrypted communication between n participants, an individual key pair is required for every possible pairing of communication participants. With symmetric encryption,

and with asymmetrical n =

(n) Key pairs required. If another participant is added, n =

(n) new key pairs and with asymmetrical 1 =

(1) A new key pair can be generated in order to individually secure the communication between the n + 1 participants. In each case, a single secure channel to each of the n + 1 participants must be used for distribution.

Previous methods for exchanging symmetrical keys assume that all communication participants meet directly. So revealed DE102015117022A1 a method according to which the one-time keys are exchanged by means of data carriers based on electrically erasable programmable read-only memories. EP1152567A2 discloses a method according to which one-time keys are deposited as a library at all communication points.

Methods for generating true random numbers from physical processes are also known, for example according to DE102010021307A1 for encryption in automation technology.

Organizational solutions are based exclusively on the trustworthiness of the respective certification authorities. The basic vulnerability of asymmetric encryption methods is not eliminated by the known administrative approaches.

For authentication and authorization in the context of digital communication systems, the "Security Credential Management System (SCMS)" [7] and in the EU the "EU C-ITS Security Credential Management System (EU CCMS)" [8] were developed. The defining concept of both approaches is the construction of a public key infrastructure based on asymmetric encryption. So revealed US2018 / 0176209 as one of the few patents in this area an SCMS procedure for certificate distribution and recall - in this case for data exchange between motor vehicles. Out W02019 / 124953 a method is known which enables authentication and key distribution based on pseudonyms by a certification authority.

• 5. R₁ entschlüsselt die Nachricht unter Verwendung des Schlüssels mit dem übermittelten Index i.
• 6. R₁ und der sendende Teilnehmer kennzeichnen den verwendeten Schlüssel mit dem Index i als verbraucht.
• 7. R₁ sendet die Nachricht über das relaisinterne Netz an die dem empfangenden Teilnehmer nächstgelegene Relaisstation R₂.
• 8. R₂ wählt einen Schlüssel mit Index j aus dem Schlüsselsatz des empfangenden Teilnehmers aus und verschlüsselt damit die Nachricht mit der Verschlüsselungsfunktion e.
• 9. R₂ sendet die verschlüsselte Nachricht mit dem Index j des verwendeten Schlüssels an den empfangenden Teilnehmer.
• 10. Der empfangende Teilnehmer entschlüsselt die Nachricht unter Verwendung des Schlüssels mit dem übermittelten Index j.
• 11. R₂ und der empfangende Teilnehmer kennzeichnen den verwendeten Schlüssel mit dem Index j als verbraucht.

According to the invention, the shortcomings of conventional methods for

• 5. R ₁ decrypts the message using the key with the transmitted index i.
• 6. R ₁ and the sending subscriber mark the key used with the index i as used.
• 7. R ₁ sends the message via the relay's internal network to the relay station R ₂ closest to the receiving subscriber.
• 8. R ₂ selects a key with index j from the key set of the receiving participant and uses it to encrypt the message with the encryption function e.
• 9. R ₂ sends the encrypted message with the index j of the key used to the receiving participant.
• 10. The receiving party decrypts the message using the key with the transmitted index j.
• 11. R ₂ and the receiving subscriber mark the key used with the index j as being used up.

Explicit authentication of the sender of such encrypted and transmitted messages is not necessary because the messages can only be meaningfully decrypted by their authorized recipients due to their one-time encryption. Additional test options can be created by integrating suitable markings into the messages.

In order to minimize the amount of data required for the information content to be transmitted and thus also the key requirement, the messages are written in a formal language that is restricted to the needs of the specific area of application and compressed using compact syntax and coding of the key words.

3 shows the invention in the exemplary embodiment of a motor vehicle. If a participant is a motor vehicle, a new key _{stock K i} , or a new seed value K _s and other parameters for key generation, are provided by a sovereign authority (a) generated and in a prescribed vehicle maintenance to the vehicle F _i (b) and copies to the relay stations R (c) distributed. Vehicle maintenance is carried out by a registration office (d) initiated, during which the new key stock is handed over to the driver on a physical data carrier. If an electronic card is used for this purpose, it can also serve as a driver's license and / or vehicle key. The news broadcasts (e) are handled according to the method according to the invention.

To regulate the distance within a column of vehicles, the vehicle in front of a column transmits its speed to the relay stations and these then to all following vehicles. The latter can therefore adapt their speeds to the column even without visual contact with the vehicle in front. As a result, constant speeds and consequently constant distances within the column can always be maintained. Reducing the distances increases the capacity of a Road. A distance is information that is to be kept secret, since its compromise could lead to a dangerous system state (e.g. vehicle distance that is too short). The message must therefore be transmitted in encrypted form. Due to the perfectly secure encryption according to the method according to the invention, it is impossible for attackers to cause dangerous situations such as collision courses by means of falsified messages. The real-time capability of message transmission via two wireless communication links and the relay-internal network ensures timely transmission to all vehicles involved.

If a construction site vehicle positioned at the beginning of a construction site sends messages about the temporarily changed traffic routing in the construction site area to every passing vehicle, this is public information that actually does not need to be encrypted. The construction site vehicle must, however, authenticate itself, which is done by encrypting its messages once and the identifier contained therein, which serves as proof of identity for the construction site vehicle. The data processing devices of the passing vehicles, for example navigation devices, can use this information to update their databases. Based on this, the necessary calculations can be carried out, e.g. for automatic vehicle control in the changed route area.

4th represents the invention in the embodiment of a telecommunication device. If a subscriber is a mobile telecommunication device, a new key supply (a) can be provided during a loading process. For this purpose, the device is connected to another digital computer (b) connected by cable. Just like the relay, the digital computer has the key supply beforehand via a dedicated, tap-proof communication channel (c) by a sovereign authority (d) Receive. All for the applications (e) Required messages are then transmitted over the communication channel (f) settled.

Theft and / or device manipulation could give third parties physical access to a participant's key supply and thus endanger the entire system. In order to protect the devices used against unauthorized access, in the event of a compromise, due to the architecture, only the subscriber concerned needs to be marked accordingly. It is therefore sufficient to configure a sabotage switch in such a way that it generates a sabotage signal in the event of manipulation and sends a message to the next relay station in order to remove the subscriber concerned from the system and to declare his key invalid. In addition, the sabotage signal can deactivate the participant's read-only memory with the remaining keys. The sabotage switch can also be connected to the other electronics of the subscriber in such a way that every use by an unauthorized user triggers the sabotage signal.

The architecture according to the invention enables communication between devices from different manufacturers. All messages are perfectly and securely encrypted and therefore completely immune to all conceivable and future attacks, including those carried out using quantum computers. The method implements all aspects of correctly implemented one-time encryption [10] in data processing devices. The complexity of the key exchange and withdrawal is only O (1), since if the number of participants increases from n to n + 1, the newly created key stock next to the new participant only needs to be made known to the number of relay stations R. Any falsifications made to the messages are automatically detectable. The amount of data to be transmitted and the key requirement are very small due to the compact formulation of the messages. Key replenishment is guaranteed in a simple way. The exchange of messages is carried out over transmission links of defined lengths, which is why the transmission times can be determined a priori.

literature

• [1] Manzei, C., Heinze, R., Schleupner, L. (2015), Industry 4.0 in an international context: core concepts, results, trends. Beuth, Berlin
• [2] Anderl, R. et al. (2016), Software Architectures for Industry 4.0 - RAMI and IIRA from the perspective of the projects in the technology program AUTONOMIK for Industry 4.0. VDI / VDE Institute for Innovation and Technology, Berlin
• [3] Rivest, RL, Shamir, A., Adleman, L. (1977), A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. MIT Press, Cambridge, MA
• [4] Paar, C. (2010), Understanding Cryptography. Springer, Berlin
• [5] Daemen, J., Rijmen, V. (2002), The Design of Rijndael. AES: The Advanced Encryption Standard. Springer, Berlin
• [6] Shannon, CE (1949), Communication Theory of Secrecy Systems. Bell Systems Technical Journal, 28, 656-715
• [7] its.dot.gov, Security Credential Management System (SCMS), https: // www. its.dot.gov/resources/scms.htm
• [8th] Baldini, G., Menzel, G. (2019), C-ITS Point of Contact (CPOC) Protocol. Publications Office of the European Union, Luxembourg
• [9] Li, P. (2007), Spatiotemporal Chaos-based Multimedia Cryptosystems. Update report VDI, series 10 No. 777. VDI-Verlag, Düsseldorf
• [10] Rijmenants, D. (2014), The Complete Guide to Secure Communications with the One Time Pad Cipher. Cipher Machines & Cryptology

QUOTES INCLUDED IN THE DESCRIPTION

This list of the documents listed by the applicant was generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Patent literature cited

• EP 2950506 B1 [0009]
• EP 3086587 A1 [0009]
• WO 2008/063899 A2 [0009]
• US 1310719 [0011]
• DE 102005006713 [0011]
• DE 202011110926 U1 [0011]
• EP 3468294 A1 [0013]
• EP 2490183 B1 [0013]
• EP 2952039 B1 [0020]
• DE 102015117022 A1 [0023]
• EP 1152567 A2 [0023]
• DE 102010021307 A1 [0024]
• US 2018/0176209 [0026]
• WO 2019/124953 [0026]

Non-patent literature cited

• Manzei, C., Heinze, R., Schleupner, L. (2015), Industry 4.0 in an international context: core concepts, results, trends. Beuth, Berlin [0035]
• Anderl, R. et al. (2016), Software Architectures for Industry 4.0 - RAMI and IIRA from the perspective of the projects in the technology program AUTONOMIK for Industry 4.0. VDI / VDE Institute for Innovation and Technology, Berlin [0035]
• Rivest, R.L., Shamir, A., Adleman, L. (1977), A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. MIT Press, Cambridge, MA [0035]
• Paar, C. (2010), Understanding Cryptography. Springer, Berlin [0035]
• Daemen, J., Rijmen, V. (2002), The Design of Rijndael. AES: The Advanced Encryption Standard. Springer, Berlin [0035]
• Shannon, C.E. (1949) Communication Theory of Secrecy Systems. Bell Systems Technical Journal, 28, 656-715 [0035]
• Baldini, G., Menzel, G. (2019), C-ITS Point of Contact (CPOC) Protocol. Publications Office of the European Union, Luxembourg [0035]
• Li, P. (2007), Spatiotemporal Chaos-based Multimedia Cryptosystems. Update report VDI, series 10 No. 777. VDI-Verlag, Düsseldorf [0035]
• Rijmenants, D. (2014), The Complete Guide to Secure Communications with the One Time Pad Cipher. Cipher Machines & Cryptology [0035]

Claims (3)

Devices and methods for authenticated and confidential communication between subscribers in mobile radio networks, characterized in that two subscribers are connected to each other by means of relay stations via two wireless communication links, that the messages to be exchanged are written in a formal language restricted to the needs of the application areas and transmitted in compressed form, that any message exchange between two participants is secured by one-time keys of message length, whereby messages can only be meaningfully decrypted by their authorized recipients and thus their senders are inherently authenticated a read-only memory issued by this authority, containing an identification and a key supply, is provided, that key chub is physically handed over in the event of occasional contact with the authority and that the relay stations have copies of the key supplies of all participants and block unauthorized communication participants. Procedure according to Claim 1 , the relay stations filtering out unwanted messages. Procedure according to Claim 1 , where the participants are vehicles.

Images