DE3325349C2 - - Google Patents

Description

The method according to the invention is used for monitoring and restoration the synchronous operation of encryption devices in remote data transmission systems. Those in such as the European one Patent specification 22 986 or described in German Auslegeschrift 12 16 921 Data encryption devices used in systems contain facilities to synchronize the devices before the actual message transmission. Also facilities for maintaining the Synchronization of the devices provided during the message transmission. However, every link in the chain of a communication is interference exposed from the environment. The spectrum of malfunctions is enough from a brief mains voltage interruption to electromagnetic Influences, and the probability or frequency of Malfunctions increase with the number of links in the chain of remote data transmission.  

Known solutions

In data transmission devices (modems), it is common to monitor the received signal level and to notify the connected devices via a signal via an agreed interface that the received signal level has dropped below a limit value and that the received signal can no longer be demodulated.
Example: CCITT recommendation V. 24 Line 109 receive signal level. The on state of this line indicates that the received signal is within agreed limits. The off state of this line indicates that the received signal is not within the agreed limits.

Another message from data transmission devices says something about the reception quality.
Example: CCITT V. 24 Line 110 reception quality. The off state of this line indicates that the received data is likely to contain errors.

If available, these two message lines can be fed to the data encryption device via interface V. 24 and evaluated.
Disadvantage: These messages only record a part of the possible malfunctions. In addition, the data encryption device cannot assume that each data transmission device carries out this monitoring and transfers it via a standardized interface.

Another known solution in data encryption devices is the insertion of test characters or test words into the crypto text to be transmitted on the transmission side and the reception text for monitoring the received text for the agreed test characters.
The disadvantages of this solution are:

• 1. During the transfer of test marks no information can be transmitted.
• 2. The certification marks and the time of a transfer must agreed between sender and recipient. In order to code transparency intervenes on the transmission path the data key devices are lost.
• 3. The test characters can be simulated by the crypto text, and measures must be taken that reduce the probability the pretense.

The invention has for its object for data encryption devices an independent, safe and simple Monitoring device to create the malfunction recognizes and for every conceivable malfunction Stimulates restoration of synchronous operation.

The solution to the problem is described in claim 1. The subclaims indicate advantageous further developments.

The invention solves the task of monitoring and restoration synchronous operation regardless of the monitoring devices in the others involved in data transmission Devices in a very simple and economical way avoids the disadvantages of the above transfer of Checkmark during message transmission.

The invention is explained in more detail below with the aid of FIG .

Fig. 1 shows the basic block diagram of an encrypted data transmission.
Here means:

DTE data terminal DQ data source DS data sink DSG data encryption device DUE data transmission device STR transmission path K / G plaintext / ciphertext converter Sync synchronization device D 1 transmission data D 2 reception data Ü _{D 1} monitoring of the transmission data Ü _{D 2} monitoring of the reception data

Fig. 2 shows the block diagram of a data encryption system monitoring.

Fig. 3 shows the circuit arrangement of a monitoring circuit of variant a).

Fig. 4 shows the circuit arrangement of a monitoring circuit of variant b).

Fig. 5 shows the circuit arrangement of a monitoring circuit of the variant c).

Fig. 6 shows the symbolic representation of the autocorrelation function (AKF).

According to FIG. 1, data is transmitted from a data station 1 via a transmission link STR to a data station 2 and vice versa. The data transmission system can be operated half-duplex or duplex. The transmission link can be a wire connection, a radio link, a switching system or a worldwide communication system. One can therefore imagine a multitude of other system components in the transmission path that pass the data on. One can still imagine a multitude of possible malfunctions to which such a system is exposed. Many of the possible disturbances occur only temporarily, such as: B. atmospheric disturbances, local mains voltage interruptions, electrical or electromagnetic interference pulses, etc. and have an effect as temporary interruptions in the data flow. The data encryption device must recognize such malfunctions that have an impact on the transmitted crypto text and automatically re-establish synchronous operation between the key devices after the malfunction has subsided.

The method according to the invention makes itself statistical Uniform distribution of the binary character combination in crypto texts take advantage of and monitor the data to be sent and the received crypto texts on their internal structural composition or statistical distribution of the binary strings. There are three alternative monitoring methods applied:

• a) Monitoring for continuous signals in the data sequence.
• b) Monitoring the equal distribution of "0" and "1" in the data string.
• c) Monitoring the data sequence through autocorrelation analysis according to defined limit values.

Re a) In a cryptotext sequence to be monitored with statistically good properties, certain data words with a length of n bits occur with a probability p ∼0.5 · 2 ^{- n} . One can choose n as a limit value so large that the probability that a defined monitoring word with n bits occurs is very very small under undisturbed operating conditions. In addition, the monitoring word can be selected so that its appearance is typical for certain error symptoms, such as line interruption or mains voltage interruption.

To b) In a crypto text sequence with statistically good properties is in the data sequence in each sample the sum of the "ones" is equal to the sum of the "zeros", if you have the mathematically definable tolerance, the on the length of the sample and the properties of the crypto generator is taken into account. The permissible deviation from the even distribution is So to be specified as a limit. Will this limit exceeded, one speaks of a "skewness" in one Episode. If a "skew" in a crypto text sequence found, this always indicates an error and is therefore used as the criterion of the monitoring variant b) used.

Re c) The autocorrelation function AKF is defined:

The following applies to the evaluation of the autocorrelation function AKF:

AKF = 1.0: periodic sequence f ₁ ( t)
AKF = 0 for all ≠ 0: ideal random sequence with statistical uniform distribution
AKF ≠ 0: sub-periods of the sequence f ₁ ( t)
AKF = 1 and AKF = 0.5. . .1,0: are therefore evaluated as errors when monitoring crypto texts.

According to FIG. 2 in each Datenverschlüsselgerät two monitoring circuits Ü Ü _{D 1} and _{D 2} are used. With Ü _{D 1} , the crypto data D 1 to be transmitted are monitored on the transmission side. If the monitoring circuit Ü _{D 1} finds the expected error structure, which in this case can only have been caused by the local data station, the further transmission of data is blocked and an alarm message is issued.

The received crypto data D 2 are monitored on the reception side with Ü _{D 2} . If the monitoring circuit Ü _{D 2} finds the expected error structure, the cause of the error can lie both in the local station, in the transmission link, and in the remote transmitting data station.

A recognized faulty structure in the received crypto data leads to an error message in Ü _{D 2} and this is used as a normalization signal for the relevant data key device, ie a basic position is established for the key device and a new synchronization between the data stations is initialized.

Fig. 3 shows an example of a monitoring circuit of the variant a), which can be used as Ü _{D 1} and / or Ü _D2. A binary counter with a limit address 2 ⁿ is incremented by one digit for each crypto text bit to be transmitted until a reset pulse is applied to the reset input of the counter and the counter reading is reset to zero.

The reset pulse is obtained from the polarity changes "0" / "1" of the crypto data to be monitored. For this purpose, the data are applied directly to input 1 of an exclusive-OR circuit, and secondly to input 2, delayed by the time τ = R · C. A reset pulse of width τ is generated at output 3 of the EX-OR gate whenever the data signal changes its polarity "0" → "1" or "1" → "0". Because the EX-OR gate corresponds to the following truth table:

e 1 e 2 a

0 0 = 01 1 = 00 1 = 11 0 = 1

An error message f is always issued when the counter reaches the set limit address 2 ⁿ , ie whenever a reset pulse from crypto data changes could not be derived for 2 ⁿ transmission cycles. Crypto data values with n · "0" and n · "1" are thus recognized as faulty. This error pattern is e.g. B. symptomatic of voltage interruptions, line interruptions, squelch etc.

Fig. 4 shows an example of a monitoring circuit of the variant b), which can be used as Ü _{D 1} and / or Ü _D2. The crypto data to be monitored control an up-down counter ZR in such a way that a "1" makes the counter count up with the clock T 1 , while a "0" makes it count down. If an average counter value is defined as the starting address, limit values p for an overweight on "ones" and q for an overweight on "zeros" can also be specified. A sample counter SZ with the limit address 2 ⁿ determines the scope of the sample. After 2 ⁿ bits of a sample from the crypto data sequence, the error detection logic is queried as to whether the measured "skewness" lies within the limit values p and q . Then, after a delay τ, the counter ZR is reset to the initial value and a new sample is measured.

With the monitoring variant b) all "skewed" error structures recognized.

Fig. 5 shows an exemplary monitor circuit of variant c), which can be used as Ü _{D 1} and / or Ü _D2.

The crypto data to be monitored are written bit by bit with the clock T 1 into the memory stage S 1 and the memory location 1 of a delay register VR . After writing, the changeover switch u is switched so that the delay register VR becomes a ring shift register. With the clock T 2 from the clock multiplier TV = n · T 1 , the ring shift register is now shifted n times. The last n bits from the previous history of the crypto text are already contained in the n memory locations of the ring shift register, continuously in the order in which they occur in time. The modulo-2 adder M now compares the current crypto data bit in S 1 with the n preceding crypto data bits from the shift register according to the rule:

0 0 = 01 1 = 00 1 = 11 0 = 1

This creates a series of n binary additions according to the relationship f ₁ ( t ₁) f ₁ ( t ₁- n · t ₂).

The result of this addition is summed up in a counting register ZR , which is organized as an up-down counter with connected result memory SR .

It applies

m = 0 count down with T 2
m = 1 count up with T 2 .

With m = 0 the number of matches is counted, with m = 1 the number of non-matches is counted. The storage registers SR with n storage locations for each of the y counter locations serve to store the measurement results for each of the n displacements of the delay register VR .

If one defines a middle output address of the counter ZR as the autocorrelation value AKF = 0, one can define a positive limit value p and a negative limit value q for the AKF. If one of these limit values is exceeded, there is an error in the monitored data sequence. A delay element τ in the error detection logic ensures that a minimum number of measured values must be evaluated before an error detection is possible during the start of operation. With this monitoring variant c), periodic error structures in the crypto text sequences are also recognized.

Claims (7)

1. A method for monitoring and synchronizing data encryption devices, data being transmitted from a first station to a second station and vice versa and the stations being synchronized with one another by an agreed single-phase procedure, characterized by the following method steps during a transmission:

• a) that the crypto data to be transmitted ( D 1 ) are checked by a first monitoring circuit ( Ü _{D 1} ) on their internal structural composition on the transmission side, that deviations from the expected structure are used as criteria to block further transmission of crypto data and To cause alarm
• b) that the received crypto data ( D 2 ) are checked by a second monitoring circuit ( Ü _{D 2} ) for their structural composition and that deviations from this expected structure are used as criteria to set the receiving data station in a basic position and a To cause resynchronization between the sending and receiving data station.

2. The method according to claim 1, characterized in that both monitoring circuits ( Ü _D) recognize and display or report continuous signal sequences above the limit of n characters. 3. The method according to claim 1, characterized in that both monitoring circuits ( Ü _D) check the uniform distribution of "0" and "1" within defined limit values and report their exceeding. 4. The method according to claim 1, characterized in that the two monitoring circuits ( Ü _{D) form} the autocorrelation function (AKF) and control an AKF limit value, when it is exceeded a message is issued. 5. Arrangement for performing the method according to claim 1, characterized in that the monitoring circuits are constructed with an "exclusive OR gate" and a counter that the crypto data to be monitored is applied directly to the first input of the "exclusive OR gate" are that the crypto data delayed by the delay T _Ü are applied to the second input of the "exclusive OR gate", that the output of the "exclusive OR gate" is connected to the reset input of the counter, that at the clock input of the Counter of the transmission clock T _{Ü is} connected and that the counter has a limit address 2 ⁿ , when reached an error message f can be issued ( Fig. 3). 6. Arrangement for performing the method according to claim 1, characterized in that the monitoring circuits ( Ü _D) with an up-down counter ( ZR) , a sample counter ( SZ) and an error detection logic is constructed that the crypto data to be monitored at the input of the upward -Down counter are created that the transmission clock ( T 1 ) is applied to the clock input of the up-down counter and at the input of the sample counter ( SZ) , that the limit address 2 ^{n of} the sample counter on the one hand via a delay element ( τ ) with the reset input of the upward -Down counter and on the other hand connected to the first input of a first AND gate ( U 1 ) that the last two addresses of the up-down counter ( ZR) are viewed in a positive way with the two inputs of a second AND gate and in a negative way of counting are connected via an inverting element to the two inputs of a third AND gate, that the outputs of the second and third AND gates ( U 1 , U 3 ) are connected to the inputs of an OR gate, that the output of the OR gate is connected to the second input of the first AND gate ( U 1 ) and that at the output the error message ( f) of the first AND gate can be output ( FIG. 4). 7. Arrangement for performing the method according to claim 1, characterized in that the monitoring circuits Ü _D with a shift register ( VR) , modulo-2 adder ( M) , an up-down counter ( ZR) with memory registers ( SR) and error detection logic is built up that the crypto data to be monitored are supplied on the one hand to a memory stage ( S 1 ) and on the other hand to a shift register ( VR) , that the shift register ( VR) can be switched to a ring shift register by a changeover switch ( u) , that the output of the shift register ( VR ) and the output of the memory stage ( S 1 ) is each connected to an input of a modulo-2 adder, that the output of the modulo-2 adder is connected to the input of the up-down counter ( ZR) , that the transmission clock ( T 1 ) on the one hand with a clock multiplier ( TV) , at whose output the clock T 2 = n · T 1 is present, and on the other hand is connected to the clock input of the memory stage ( S 1 ) that d he output of the clock multiplier ( TV) is connected to the clock inputs of the up-down counter ( ZR) , the memory register ( SR) and the shift register ( VR) , so that the address outputs of the up-down counter ( ZR) are each connected to the inputs of the memory register ( SR) and the outputs of the memory registers ( SR) are each connected to the inputs of the addresses of the up-down counter ( ZR) , that the last two addresses of the up-down counter ( ZR) are considered on the one hand in positive counting with the two inputs of a first AND -Gatters and, on the other hand, viewed in negative counting, each connected via an inverter to the two inputs of a second AND gate, that the outputs of the first and second AND gates are each connected to the inputs of an OR gate, that the output of the OR Gate with an input of a third AND gate and the other input of the third AND gate with a delay element ver is bound and that the error message f can be issued at the output of the third AND gate ( Fig. 5).