EP2979390A1 - Method and device for establishing session keys - Google Patents
Method and device for establishing session keysInfo
- Publication number
- EP2979390A1 EP2979390A1 EP14709651.5A EP14709651A EP2979390A1 EP 2979390 A1 EP2979390 A1 EP 2979390A1 EP 14709651 A EP14709651 A EP 14709651A EP 2979390 A1 EP2979390 A1 EP 2979390A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- entity
- key
- target
- source
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000004891 communication Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 5
- 239000003999 initiator Substances 0.000 description 68
- 238000013459 approach Methods 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 6
- 230000032258 transport Effects 0.000 description 6
- 101000578928 Homo sapiens Macrophage immunometabolism regulator Proteins 0.000 description 3
- 102100028329 Macrophage immunometabolism regulator Human genes 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000000779 depleting effect Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to the field of network communications and in particular that of encrypted communications between the entities of a network. State of the art
- the establishment of a session key between two entities of a communication network is a fundamental prerequisite for the implementation of the vast majority of cryptographic services intended to secure the exchanges between these entities.
- the protection of data exchanged against attacks intended to modify them or simply to read them is generally based on symmetric cryptographic primitives, in which the entities communicating with each other use the same key when sending (encryption, integrity protection) and receiving (decryption, integrity checking) of a message.
- a session key is a procedure intended to intervene many times in the lifetime of a communicating entity.
- a new symmetric key must be used for any secure exchange with any new correspondent.
- These correspondents are all the more numerous as the entity participates in a scenario favoring interactions between members, for example of the type of sensor network (Wireless Sensor Network, WSN), Machine to Machine (M2M) or Internet of Things (loT ).
- WSN Wireless Sensor Network
- M2M Machine to Machine
- LoT Internet of Things
- a session key is characterized by a limited life, and should be regularly refreshed. Thus, the procedure implemented to establish a session key is particularly important, and requires a neat design.
- the security of the protocol must be guaranteed. Thus, the confidentiality of the established key and the mutual authentication of the two correspondents must be ensured. Added to this are other security settings, such as Denial of Service (DDoS) protection that protects entities involved in protocol execution from attacks aimed at depleting their energy resources and / or system resources.
- DDoS Denial of Service
- the session key setup protocol must be efficient in terms of bandwidth requirements and power consumption, and in particular from the point of view of the cryptographic computations implemented. This second criterion is particularly important when the session key establishment protocol must be implemented by entities having only low energy resources, such as a battery, or a low computing capacity and / or memory .
- the protocol can offer additional functionalities, such as the interoperability of the authentication mechanisms between two nodes implementing it or the possibility of a centralized control over the exchange of keys and / or the possibility of a definition. centralized security policies accompanying established keys.
- Three main approaches have been developed to establish session keys between two nodes.
- the first family is the key transport, known as Anglicism
- key transport which consists in securely transporting by encryption one or more secret values from one of the two participants from one session to the other.
- These secret value transports can be made in one direction only and this mode is known by the Anglicism "one-pass key transport protocol” is to be made in both directions, and this mode is known then under the anglicism "two-pass key transport protocol”.
- the session key is then derived from these secret values.
- the second family of session keying solutions is the key agreement, known as the "key agreement”.
- This approach consists of an exchange of public values between the two nodes from which a common session key is recovered by the two entities participating in the exchange without the public values exchanged having to be decrypted.
- the main known protocol of "key agreement” is the Diffie-Hellman protocol. In terms of resources consumed, mainly at the level of energy consumed in cryptographic operations, the "key agreement" is a costly approach.
- a third family of session keying solutions is key distribution, known as key distribution.
- key distribution In this approach, a third entity often called “trusted third party” intervenes to provide the other two participants a secret value that allows them to calculate the session key or the session key itself.
- key distribution also involves direct exchanges between the two participants. Indeed, they must prove their involvement in the protocol, establish the freshness of the messages they send and prove their knowledge of the established secret.
- Key distribution although a simple solution to implement, light in terms of cryptographic operations required and energy consumed, has disadvantages not yet solved by existing solutions.
- Needham and Schroeder key transport protocol presented in the document "Using encryption for authentication in large networks of computers," Communication of the ACM, Volume 21, Number 12, 1978, contains five message exchanges between two entities, one initiator (I) and an answering machine (R) that each share an encryption key with a trusted third party (TC). The exchange of the five messages is shown in FIG.
- One of the major issues in the Needham and Schroeder protocol is an impersonation attack by an attacker posing as the initiator and replaying the third message (Message3) between the initiator and the responder.
- the attacker who can know the key generated by the trusted third party, can then decipher the fourth message and impersonate the session by sending the last message.
- a disadvantage of the Kerberos protocol is that it is not symmetrical with respect to the initiator and the receiver.
- the trusted third party has no assurance that the receiver has been contacted or has agreed to participate in the secure transaction.
- the Kerberos protocol is limited in its applications and rather intended to allow access from a client initiator to a resource supposed not to be subject to malicious behavior, such as a printer or a file server.
- WO 2009/070075 A1 to Blom et al. Entitled “Key management for secure communication” presents a method for establishing session keys for secure communications between two entities.
- the method relies on the MIKEY-Ticket key distribution protocol specified in RFC 6043 of Mattsson and Tian, "MIKET-Ticket: Ticket-based modes of key distribution in Multimedia Internet KEYing (MIKEY)".
- MIKEY Multimedia Internet KEYing
- this protocol can be the target of denial of service attacks.
- the skilled person knows the different forms of denial of service attacks.
- An attacker can create a denial of service by exploiting implementation errors in communication protocols, for example, if the protocol used is implemented to block nodes when they receive unknown data. An attacker can then make a denial of service attack by sending messages containing erroneous fields to the responder, his target.
- Another way to perform a denial of service is to initiate a communication with the target and then stop sending messages to block the target in an acknowledgment state and saturate its receiving stack.
- denial of service can be distributed by using several attackers at the same time to saturate the target as quickly as possible and to make it more difficult for the attacker to trace.
- An object of the present invention is to provide a method for setting session keys that is secure and protected against denial of service attacks.
- the invention offers both an initiating node and an answering node protection against denial of service attacks.
- Another object of the present invention is to provide an efficient session key setting method in terms of consumed resources.
- the method of the invention allows the establishment of a session in four or five message exchanges and relies on the use of symmetric cryptographic primitives.
- the present invention will be implemented in the fields of machine-to-machine (M2M) communications security, or in the context of networks of nodes constrained in resources such as sensors and / or actuators, which are among the nodes most resource-intensive and may need to dynamically set session keys.
- M2M machine-to-machine
- a for the authentication code are derived from an initial key obtained after a step of authenticating the target entity with the third-party trusted entity.
- the message received from the source entity further comprises a source nonce (Ni) to prove the freshness of the message of the source entity.
- Ra for the source entity includes the steps of concatenating the key K
- the message sent to the target entity further comprises the nonce (Ni) and the authentication code based on the second target key K Ra is calculated on the nonce.
- the message received from the target entity further comprises the source nonce (Ni) and a target nonce (N R ) to prove the freshness of the target message.
- the message sent to the source entity further comprises the source and target nonces (Ni, N R ).
- the identifiers of the source and target entities are either IPv6 addresses, MAC addresses or URLs.
- the nuncio is either a timestamp information, a random number or a counter.
- the message sent by the third-party trusted entity to the target entity also contains a key encrypted by the keys K
- the method further comprises a step of sending a message from the source entity to the target entity that contains the identifiers of the source entity and the target entity, the source and target nonces (Ni , N R ) and an authentication code calculated with the key K
- the invention further relates to a system for establishing a session key between a source entity and a target entity, the source entity sharing with a third-party trusted entity a first source key K
- the invention may operate in the form of a computer program product that includes code instructions for performing the claimed process steps when the program is run on a computer.
- Figure 1 illustrates the message exchanges according to the method of Needham and Schroeder
- Figure 2 illustrates the message exchanges according to the method of
- FIG. 3 illustrates the message exchanges according to the method of Otway and Rees
- Figure 4 is a topological representation of a network infrastructure in which to advantageously implement the invention.
- FIG. 5 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 4 according to the MIKEY-Ticket method
- Figure 6 shows the procedures performed between initiator, responder and trusted third party entities of the network of Figure 4 in an advantageous implementation of the invention
- FIG. 7 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 1 in an implementation variant of the invention.
- FIG. 4 illustrates an example of an infrastructure of communication 100 in which advantageously implement the invention.
- the example of FIG. 4 only shows a finite number of entities (or nodes) and connections, but the person skilled in the art will extend the principles described to a plurality and a variety of entities and types of connections (wireless, mobile, very high speed).
- the communication network (1 00) comprises fixed or mobile entities that can form an object network (102). Entities can be heavily resource constrained (102-1, 102-n) or resource constrained (1 12-1, 112-m).
- the entities with strong resource constraints may be wireless sensors or actuators, having limited computing and / or storage capacities. They can also be active tags. However, an entity that is not intrinsically resource-limited may be temporarily so long as it uses a large portion of its CPU resources for another task, or its battery level reaches a critical threshold value. And this entity can be brought to implement less energy-efficient protocols such as that of the invention.
- Entities with lesser resource constraints may be mobile phones equipped with an internet connection and a camera. It can also be interconnection gateways between a network of constrained entities and the Internet. These entities offer more computing power and storage capacity, can have a higher energy reserve (battery, mains power supply) and can communicate over a network, either directly to an internet network (104) such as illustrated or through gateways and intermediate servers (not shown).
- an internet network (104) such as illustrated or through gateways and intermediate servers (not shown).
- the node network (102) may be based on level 2 (e.g., 802.1 5.4 or 802.11) and / or level 3 (e.g., IP) communications between the entities of which it is composed. Following the protocols on which it relies, multicast or broadcast communication schemes can be used.
- level 2 e.g., 802.1 5.4 or 802.11
- level 3 e.g., IP
- the present invention may be advantageously applied in the environment of FIG. 4 between two nodes of the network, a source entity that is called an 'initiator' and a target entity that is called a 'responder'. Both entities need to establish a security association with each other.
- a central key distribution server (106) that is known as a trusted third party is responsible for authenticating the nodes. It may be remote and accessible via a third party communications network (104) which may be a cellular network or the Internet.
- the trusted third party stores cryptographic data necessary for the authentication of each of the nodes.
- each initiator and responder node authenticates to the central server using its own credentials, identity templates, and independent authentication methods most in accordance with each their own specificities and constraints.
- two nodes can for example establish a session key and associate with their respective identities while the latter are respectively validated by means of a smart card for one and a biometric authentication for the other.
- the trusted server distributes the same two-node session key that wants to establish a security association between them, allowing decorrelated authentications for each node, as well as centralized control over the key establishment and / or the policies that accompany it. these last.
- FIG. 5 shows the procedures performed according to the known Mikey-Ticket protocol between an initiator node (I), a responder node (R) and a trusted third party (TC) of the network of FIG. 4.
- E ⁇ K, (Datai, Data 2 , ...) ⁇ designates the encryption of the concatenated data (Datai, Data 2 , 7) with an encryption algorithm using a key K.
- MAC ⁇ K, (Datai, Data 2 , ...) ⁇ designates the Message Authentication Code (MAC) on the concatenated data (Datai, Data 2 , ...) using a K key
- MIKEY-Ticket protocol has been defined to extend the MIKEY protocol by the use of a trusted third party and is based on the exchange of six messages between the three initiator entities (I), responder (R) and trusted third party (TC).
- An initiating node sends the trusted third party a first message in the form of an initialization request "Request_init”.
- the request contains a MAC authentication code which is calculated with its key "Kia”.
- TC checks the validity of the MAC and the authenticity of the data (Datai) sent by the initiator.
- This data mainly contains an identifier of the answering node with which the initiator node wants to establish a session, a nonce and information on the MAC encryption and computation algorithms supported by the initiator.
- the trusted third party generates a "KIR” key and transmits it to the initiator in a "Request_resp” response message.
- R is encrypted by the encryption key "Ki e " of the initiator.
- the second message also contains a ticket "Ticketi” for the initiator and a MAC calculated with the key K ! a .
- the initiator verifies the validity of the MAC and retrieves his key K ! R which will allow him to derive with the answering machine two keys "KiRa" and "K
- Ra will be used to calculate MACs while the KiRe key will encrypt data.
- the initiator then sends the responder a message "Transfert_init” which contains its ticket “Ticketi”.
- This third message contains a MAC calculated with the key K
- the answering node (R) has not yet received the key K
- the answering machine On receipt of the fifth message, the answering machine checks the MAC calculated by the trusted third party and retrieves the key K
- the answering node only checks the MAC sent by the initiator in the third message, after having exchanged the fourth and fifth messages with the trusted third party, it can then be the target of denial of service attack.
- An attacking node may bombard the answering node with an unlimited number of "Transfe nit” messages (third message) to force him to compute a large number of messages “Resolve_init” (fourth message) and thus exhaust all energy and computing resources of the answering node.
- Figure 6 shows the procedures performed between entities
- An important advantage of the invention lies in the energy efficiency of the method implemented which is obtained by means of a reduced number of exchanged messages.
- the proposed method makes it possible to establish secure communication between an initiating node and an answering node in five message exchanges in the implementation of FIG. 6, or in four message exchanges according to the implementation of FIG. note that the last message described for both examples is exchanged between the initiator and the responder and corresponds to a confirmation of key by the initiator which can be implicit.
- the secure exchange of data between the initiator and the responder can begin respectively after the fourth and the third message of Figures 6 and 7.
- the message exchanges give roles equivalent to the initiating node (I) and the receiving node (R) with respect to the trusted third party (TC). Indeed, the interactions are of type (l) e (TC), (TC) el (l), (R) tt (TC) and (TC) al (R) and thus offer the trusted third party a better control of session key establishment.
- the implementation illustrated in FIG. 6 can advantageously be applied when establishing a secure communication between two nodes that do not share any secret directly, but which each share one or more secrets with a trusted third party (TC) .
- the trusted third party and the initiator initially share two keys (K
- K ! E and K ! A can be derived from a master key following authentication of the initiator with the trusted third party.
- the answering machine (R) also shares a key pair (K Re , K Ra ) with the trusted third party.
- the initiator and the responder each designate a simple entity, but that in a more general case, it may be a group of initiating nodes and / or a group of answering nodes using individual keys and / or group keys.
- the initiator (I) contacts the trusted third party (TC) to create one or more keys for them.
- the trusted third generates a single key KIR for both nodes (I) and (R). Then, the trusted third party sends the encrypted key KIR with the key K
- the integrity of the messages exchanged is ensured by the addition of MACs, respectively calculated using the keys Kia and K RA .
- the initiator starts the process by sending a first "Messagel" message to the trusted third party.
- This message contains the identifiers of the initiator (IDi), the trusted third party (ID T c) and the responder (ID R ). It also contains a nuncio (Ni) that serves to prove the freshness of the session and to avoid replay attacks.
- the initiator adds to the messagel a MAC (MACn) calculated on (ID ,, ID T c, ID R and N,) with the key K ! A.
- MACn MAC
- the identifiers may depend on the technology used and the type of network deployed. These identifiers may be, for example, IPv6 addresses, MAC addresses or URLs. In the particular case of IP networks, the identifiers ID
- the nonce can be a timestamp information, a random number, or a counter (sequence number). It must be a variable and unique information in time that distinguishes the different executions of the known protocol of Menezes, Van Oorschot and Vanstone, described in the document "Handbook of Applied Cryptography", Chapter 10.
- the Nuncio can also be formed by the combination of the techniques mentioned above. For example, a nonce can be formed by timestamp information and a random number.
- the trusted third party On receipt of the first message, the trusted third party checks the freshness of the Nuncio Ni and uses the key K ! A to calculate the MAC (MAC T ci) on (ID
- MACTC2 MAC
- the trusted third concatenates the key K
- This second message also contains the identifiers (IDi, I DTC, I DR), the nonce N, and the MAC (MACTC 2 ).
- the MAC (MACTC 2 ) is calculated with the key K Ra on the following fields: ID T c, I DR, I DI, NI, and E ⁇ K Re , (K
- the answering machine On receipt of the second message, the answering machine checks the equality between the received MAC T c2 and its own MAC value (MAC R2 ) which it calculates using the key K RA . If the value of MAC T C2 is good, the answering machine decrypts the content of E ⁇ K Re , (K
- the answering machine generates a nonce (N R ) and calculates a MAC (MAC R
- the MAC (MACRI) will be transmitted by the trusted third party to the initiator to enable him to verify that the answering machine has received the
- the responder uses the nonces (Ni, N R ) and the key K ! R as inputs to a pseudo-random function to generate two keys "K
- Ra is used for calculating the MACs
- the KiR e key is used to encrypt data between the initiator and the responder.
- the trusted third party In a second variant, the trusted third party generates two keys, "K
- R is subsequently used to designate both the key used to calculate the MACs and for the encryption, independently of the methods which made it possible to generate the keys K
- the responder generates a third message "Message3" for the trusted third party.
- the message contains the identifiers (ID R ) and (ID T c), the nuncios (N R ) and (N,), the MAC R
- the trusted third party checks the freshness of the nonce N R and calculates the MAC T c3 using the key K Ra and the identifier data (ID R , ID T c), of nonces (N R , Ni) and MAC (MACRI).
- the trusted third party then verifies that the computed MAC T c3 is equal to the MAC R3 received from the receiver. If the value of the MAC T c3 received is valid, the trusted third party generates a message "Message4" to the initiator.
- the fourth message contains the nonces N R and N
- the key KIR is concatenated with the identifiers of the responder ID R and the trusted third party ID T c, and the nonces Ni and N R before being encrypted with the key K
- the message sent by the trusted third party to the initiator also contains a MAC (MAC T c 4 ) calculated with the key K ! A which allows the initiator to check the integrity of the data received.
- the initiator Upon receipt of the fourth message, the initiator calculates its MAC (MAC
- the initiator uses the key K
- the initiator locally calculates a MAC (MACIR) on the same fields as those used by the receiver when calculating the (MACRI), namely the identifiers (ID R , ID T c, ID
- the initiator compares if there is a tie between his MACIR and the MAC TM. If both MACs are equal, it means that the answering machine has received the key K
- the initiator sends directly to the responder the fifth message 5 which contains the respective identifiers of the initiator and the responder (I Di and ID R ), their nuncios (N
- FIG. 7 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 4 in an implementation variant of the invention consisting of four exchanged messages.
- the initiator starts the process by sending a first message "Messagel" to the trusted third party.
- the content of the first message is identical to that described with reference to FIG.
- the trusted third party TC After receiving the Messagel, the trusted third party TC generates a nonce (N T c), as well as the key K
- the nonce N T c is an optional parameter that allows to add freshness to the second message in the case where the responder combines the freshness of the message to the receipt of a new nuncio of the initiator but also the trusted third party.
- N T c The addition of the Nunc (N T c) can be decided during the establishment of the security policy by the network administrator.
- the trusted third digit with the key K RE , the nuncio, the key KIR, and this same key K
- the cipher is sent in a second message "Message2bis" to the answering machine.
- the message further contains a MAC calculated with the key K Ra , to allow the responder to verify the integrity of the data received.
- the responder After receiving the second message, the responder verifies the integrity and authenticity of the received message using its key K Ra . If the result of the check is positive, the answering machine decrypts the message to retrieve the shared key K
- the answering machine generates a nunc (N R ) then sends in a third message "Message3bis", the data received from the third party.
- N R the number of bits
- the answering machine also sends a calculated MAC with this key KIR.
- the initiator Upon receipt of the third message, the initiator verifies the integrity of the first part of the message generated by the trusted third party by using the key K
- the initiator then sends directly to the responder a fourth message which contains the identifiers of the initiator and the responder (ID
- the answering machine checks the value of the MAC
- the present invention can be implemented from hardware and / or software elements. It may be available as a computer program product on a computer readable medium.
- the support can be electronic, magnetic, optical, electromagnetic or be an infrared type of diffusion medium.
- Such media are, for example, Random Access Memory RAMs (ROMs), magnetic or optical tapes, floppies or disks (Compact Disk - Read Only Memory (CD-ROM)). ROM), Compact Disk - Read / Write (CD-R / W) and DVD).
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1352812A FR3004041B1 (en) | 2013-03-28 | 2013-03-28 | METHOD AND DEVICE FOR ESTABLISHING SESSION KEYS |
PCT/EP2014/054791 WO2014154482A1 (en) | 2013-03-28 | 2014-03-12 | Method and device for establishing session keys |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2979390A1 true EP2979390A1 (en) | 2016-02-03 |
Family
ID=49231587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP14709651.5A Withdrawn EP2979390A1 (en) | 2013-03-28 | 2014-03-12 | Method and device for establishing session keys |
Country Status (6)
Country | Link |
---|---|
US (1) | US9787651B2 (en) |
EP (1) | EP2979390A1 (en) |
JP (1) | JP2016514913A (en) |
CN (1) | CN105075175A (en) |
FR (1) | FR3004041B1 (en) |
WO (1) | WO2014154482A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102021213B1 (en) * | 2014-10-31 | 2019-09-11 | 콘비다 와이어리스, 엘엘씨 | End-to-end service layer authentication |
WO2016118131A1 (en) * | 2015-01-22 | 2016-07-28 | Hewlett Packard Enterprise Development Lp | Session key repository |
JP2018518854A (en) | 2015-03-16 | 2018-07-12 | コンヴィーダ ワイヤレス, エルエルシー | End-to-end authentication at the service layer using a public key mechanism |
CN106452770B (en) * | 2015-08-12 | 2020-10-13 | 深圳市腾讯计算机系统有限公司 | Data encryption method, data decryption method, device and system |
PL3590242T3 (en) * | 2017-03-02 | 2022-01-31 | Actility | Communication interface for a low power wide area network, wireless device and server using such communication interface |
WO2020000428A1 (en) * | 2018-06-29 | 2020-01-02 | Nokia Shanghai Bell Co., Ltd. | Methods, devices and computer readable medium for key management |
JP7208383B2 (en) * | 2018-11-05 | 2023-01-18 | ヤンジョン・インテリジェント・エレクトリカル・インスティテュート,ノース・チャイナ・エレクトリック・パワー・ユニバーシティ | Video data transmission system, method and apparatus |
CN110086627B (en) * | 2019-04-22 | 2023-08-04 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp |
CN114553412B (en) * | 2022-02-28 | 2024-02-23 | 百果园技术(新加坡)有限公司 | Data transmission method, device, equipment and storage medium |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7596690B2 (en) * | 2004-09-09 | 2009-09-29 | International Business Machines Corporation | Peer-to-peer communications |
US7864731B2 (en) * | 2006-01-04 | 2011-01-04 | Nokia Corporation | Secure distributed handover signaling |
NZ585054A (en) | 2007-11-30 | 2013-08-30 | Ericsson Telefon Ab L M | Key management for secure communication |
EP2484084B1 (en) * | 2009-09-30 | 2019-03-27 | Orange | Method and devices allowing communication secure against denial of services (dos) and against flooding attacks in a telecommunications network |
-
2013
- 2013-03-28 FR FR1352812A patent/FR3004041B1/en not_active Expired - Fee Related
-
2014
- 2014-03-12 WO PCT/EP2014/054791 patent/WO2014154482A1/en active Application Filing
- 2014-03-12 CN CN201480018723.2A patent/CN105075175A/en active Pending
- 2014-03-12 EP EP14709651.5A patent/EP2979390A1/en not_active Withdrawn
- 2014-03-12 JP JP2016504550A patent/JP2016514913A/en not_active Withdrawn
- 2014-03-12 US US14/779,487 patent/US9787651B2/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
"Chapter 13: Key Management Techniques ED - Menezes A J; Van Oorschot P C; Vanstone S A", 1 October 1996 (1996-10-01), XP001525013, ISBN: 978-0-8493-8523-0, Retrieved from the Internet <URL:http://www.cacr.math.uwaterloo.ca/hac/> * |
Also Published As
Publication number | Publication date |
---|---|
US20160044007A1 (en) | 2016-02-11 |
WO2014154482A1 (en) | 2014-10-02 |
FR3004041B1 (en) | 2015-04-17 |
CN105075175A (en) | 2015-11-18 |
JP2016514913A (en) | 2016-05-23 |
FR3004041A1 (en) | 2014-10-03 |
US9787651B2 (en) | 2017-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2979390A1 (en) | Method and device for establishing session keys | |
FR2988942A1 (en) | METHOD AND SYSTEM FOR ESTABLISHING A SESSION KEY | |
Kalra et al. | Secure authentication scheme for IoT and cloud servers | |
EP3506556B1 (en) | Method of authenticated key exchange via blockchain | |
Mahalle et al. | Identity establishment and capability based access control (iecac) scheme for internet of things | |
EP2850774A1 (en) | Method and system for authenticating the nodes of a network | |
EP3174241B1 (en) | Method for establishing secure end-to-end communication between a user terminal and a connected object | |
EP2484084B1 (en) | Method and devices allowing communication secure against denial of services (dos) and against flooding attacks in a telecommunications network | |
WO2013190003A1 (en) | Device and method for generating a session key between entities with small resources | |
CN113014379B (en) | Three-party authentication and key agreement method, system and computer storage medium supporting cross-cloud domain data sharing | |
EP2186252B1 (en) | Method for distributing cryptographic keys in a communication network | |
Shi et al. | Resource-efficient authentic key establishment in heterogeneous wireless sensor networks | |
WO2010007267A1 (en) | Method of securing exchanges between an applicant node and a destination node | |
Chung et al. | DiscoverFriends: Secure social network communication in mobile ad hoc networks | |
Schliep et al. | Consistent synchronous group off-the-record messaging with sym-gotr | |
Chandrakar et al. | Blockchain based security protocol for device to device secure communication in internet of things networks | |
Babu et al. | Trust-based permissioned blockchain network for identification and authentication of internet of smart devices: An e-commerce prospective | |
Durgam et al. | Dynamic time assisted authentication protocol (DTAAP) for client-server in WSN-IoT environment | |
Kumar et al. | LiSP: A lightweight signcryption using PHOTON hash for Internet-of-Things infrastructure | |
Domb | Advanced Lightweight Encryption Key Management Algorithms for IoT Networks | |
Alshahrani et al. | Lightweight IoT Mutual Authentication Scheme Based on Transient Identities and Transactions History | |
Ahmad et al. | The Performance Analysis of Daffier-Hellman Key Exchange Algorithm for Secure Transmission of Data in Cryptography Networks | |
Jadhav et al. | A survey on security based spontaneous wireless ad hoc networks for communication based elliptical curve cryptography | |
Lin et al. | Researches on secure data transmission mechanisms in cloud Internet of Things architectures | |
WO2021133153A1 (en) | Transaction signing with ergonomic addressing and compact encapsulation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20150824 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/08 20060101AFI20170505BHEP Ipc: H04L 29/06 20060101ALI20170505BHEP |
|
17Q | First examination report despatched |
Effective date: 20170517 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20180319 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20180731 |