Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
  • H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

• This invention relates to mobile wireless terminals communicating one with another via radio access networks through a secure communication channel in which only one node is in charge of obtaining and exchanging all parameters for a secure communication.
• IPsec IP Security
• ESP Encapsulating Security Payload
• AH Authentication Header
• ESP provides proof of data origin on received packets, data integrity, and anti-replay protection.
• ESP provides all that AH provides in addition to optional data confidentiality.
• IPsec The security services that IPsec provides require shared keys to perform authentication and or confidentiality. A mechanism to manually add keys for these services is mandatory to implement. This ensures interoperability of the base IPsec protocols.
• a standard method of dynamically authenticating IPsec peers, negotiating security services, and generating shared keys is also defined. This key management protocol is called IKE - the Internet Key Exchange.
• IPsec The shared keys used with IPsec are for either a symmetric cipher when confidentiality is needed or for data integrity, or for both. IPsec must be fast and existing public key technologies are too slow to operate on a packet-by- packet basis.
• public key technology is limited to initial authentication during key exchange.
• IPsec protocol that in turn may deploy other protocols e.g. IKE or Public Key Infrastructure (PKI).
• PKI public key infrastructure
• each communications node has two keys, namely a private key known only to the node itself and a public key known to the node but also available from the PKI.
• a node does not already know the node with which it plans to communicate, it can obtain the public key of that node from the PKI.
• node A can encrypt messages with its private key for decryption by node B using node A's public key, or node A can encrypt message for node B with node B's public key to be decrypted with node B's private key.
• Figure 1 shows a secure channel being established between two parties, node A and node B, where each of them has to contact a third party - PKI.
• the party who wishes to set up such a channel here node A, sends a request message to PKI, msg(l).
• PKI responds by sending the session key, additional information which includes type of encryption algorithm, and node B's certificate back to node A, msg(2).
• node A sends a message to node B requesting the establishment of a secure communication channel, msg(3).
• node B Upon receipt of such request node B sends a message to PKI requesting node A's certificate, msg(4).
• PKI responds by sending node A's certificate, session key and additional information back to node B, msg(5).
• Node B uses the certificate to verify node A's request, (msg3), and the session key to share the secure channel with node A. Finally, node B sends an acknowledgement back to node A in order to inform and to allow node A to start the secure communication, msg(6).
• a dormant node may be a mobile terminal not currently connected to the network for which a secure communication needs to be available at the next connection to the network. It means that when the dormant node becomes active it needs to contact PKI to obtain required information in order to reveal the encrypted message.
• Kerberos protocol is based on symmetric system.
• security of IPsec based on Kerberos is vulnerable to logon attacks.
• This invention allows a smaller number of signalling messages to be used in order to establish a secure communication channel between two parties compared to IPsec based on IKE.
• the invention also allows only one node (party) to be responsible for the negotiation of all security parameters required to set up a secure communication channel hence when a dormant node becomes active it does not need to contact any party to decrypt the stored/received message.
• the invention allows mobile equipments with limited processing power to benefit from high level of security when it is needed as a trusted third party (PKI) can generate stronger keys.
• PKI trusted third party
• the present invention provides a method of establishing a communication channel between two nodes in a communications network using an asymmetric key system in which each node has a unique certificate used to authenticate communications from that node, and the certificates are registered with a trusted third party (T), characterised in that: the initiating node (A) sends a request for communication with a receiving node (B) to the trusted third party (T), and T responds with a message for A to forward to B including the certificate of A encrypted such that only B can decrypt the part of the message containing the certificate of A.
• T trusted third party
• this method avoids the need for the receiving node to obtain A's certificate directly from the trusted third party, and hence the number of signals required is reduced. Having decrypted A's certificate which has been sent via A by T, B can then authenticate subsequent messages sent by A to which it A has attached its certificate.
• the response from T would usually include a session key which is decrypted by A before being passed on to B. At this point A can begin sending packets to B without waiting for B to respond, which is particularly useful if B is dormant.
• the response from T would include the certificate of B, encrypted such that only A could open it after B has decrypted the certificate of A. B would then return this part of the message to A after extracting the certificate of A.
• Figure 1 schematically illustrates, a secure communication between two nodes when they both contact the PKI to obtain all required parameters for such a channel.
• Figure 2 schematically illustrates, a secure communication between two nodes when only one node contacts the PKI to obtain all required parameters for such a channel.
• Figure 3 illustrates steps 1 to 4 of the signal flow diagram for a single node, node A, to obtain all required parameters needed for a secure communication link.
• Figure 4 presents a flowchart that the flow of messages between nodes and the PKI as well as the recipient node are given for setting up a secure communication link.
• Figure 2 shows an establishment of a secure channel according to this invention whereby node A, the initiator node, sends a request message for communication with node B to PKI, msg(l).
• the reply message from PKI contains a session key, information which includes the encryption algorithm and node A and B certificates, msg(2).
• the two certificates are cryptographically compound which means these two certificates can be opened first by node B to extract A's certificate although node A receives it first.
• node A receives the response message from PKI, first it extracts and stores the session key, KA B , and any other required information for a secure data communication.
• node A forwards the shared key, information and the certificates that all are encrypted and signed using node B public key and node A private key respectively.
• node B On receiving the encrypted message by node B, it first extracts the shared session key, KA B> and type of the encryption algorithm. Then pulls out the certificate of node A and verifies it by using its own private key and PKI's public key respectively.
• Node B which has all the information for a secure communication sends its own certificate to node A. The certificate is encrypted and signed by public key of node A and private key of node B. It should be noted that node B's certificate that was sent by node A to node B could not be opened by node B. Node B uses it as proof of its authenticity and certifies itself to node A.
• node A accepts the authenticity and certificate of node B by opening node B's message using node B public key, node A private key and PKI public key.
• the message must have been sent by node B because it is decrypted using node B public key.
• the message can only be decrypted by node A because node A's private key is required.
• the certificate must have been issued by PKI as PKI's public key is used to open it.
• Step 1 request message for secure communication with another node, node B, is initially being transferred from node A to PKI
• Step 2 - the PKI sends the session key, info that includes type of encryption algorithm and encrypted compound certificates of A and B nodes to the node A requesting information for the set up of a secure channel
• Step 3 - node A passes on all the information as well as encrypted compound certificates of A and B nodes to node B which in turn extracts the session key and type of encryption algorithm and verifies node A's certificate as node B is the first one that can decrypt this compound part of the message
• Step 4 node B's acknowledge message (reply) is provided within the signed and encrypted node A's certificate message. This acknowledge message sent from node B is verified by node A as A is the only node that can decrypt node B's certificate This completes the distribution of key, type of encryption algorithm and certificates steps. The same steps are illustrated in the flowchart of figure 4.
• This invention minimizes the number of messages used to complete the initial agreement of setting up a secure channel.
• the invention also seeks to use only one node to set up a secure link as the verification of nodes is obtained by using encrypted compound certificates of the two nodes.
• node A can begin sending packets to node B after step 3. After step 4, nodes A and B can commence symmetric communication using K AB thereby benefiting from the increased speed which this allows.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computing Systems (AREA)
• Computer Hardware Design (AREA)
• General Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Mobile Radio Communication Systems (AREA)
• Communication Control (AREA)
• Small-Scale Networks (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=32321075

Family Applications (1)

Country Status (8)

Families Citing this family (7)

Family Cites Families (4)

• 2004
  • 2004-04-19 GB GB0408687A patent/GB2414144B/en not_active Expired - Fee Related
• 2005
  • 2005-04-12 KR KR1020067024202A patent/KR20070006913A/ko not_active Application Discontinuation
  • 2005-04-12 CN CNA2005800117673A patent/CN1943207A/zh active Pending
  • 2005-04-12 JP JP2007508957A patent/JP2007533278A/ja active Pending
  • 2005-04-12 RU RU2006140776/09A patent/RU2006140776A/ru not_active Application Discontinuation
  • 2005-04-12 EP EP05732863A patent/EP1738555A1/de not_active Withdrawn
  • 2005-04-12 WO PCT/GB2005/001394 patent/WO2005101787A1/en not_active Application Discontinuation
  • 2005-04-12 BR BRPI0509969-2A patent/BRPI0509969A/pt not_active Application Discontinuation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events