GB2319150A - A security method for making secure an authentication method that uses a secret key algorithm - Google Patents
A security method for making secure an authentication method that uses a secret key algorithm Download PDFInfo
- Publication number
- GB2319150A GB2319150A GB9722907A GB9722907A GB2319150A GB 2319150 A GB2319150 A GB 2319150A GB 9722907 A GB9722907 A GB 9722907A GB 9722907 A GB9722907 A GB 9722907A GB 2319150 A GB2319150 A GB 2319150A
- Authority
- GB
- United Kingdom
- Prior art keywords
- result
- security method
- secret key
- random
- key algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/005—Countermeasures against attacks on cryptographic mechanisms for timing attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Abstract
It is well known to use secret or private keys in authentication processes. However, secret keys can be stolen and modified by external means (eg. ion bombardment) to learn their value. To prevent this an authentication method with an associated security method is proposed. The authentication method comprises the steps of obtaining a calculated result (3) from a random number (1) subjected to a secret key algorithm (2). The security method includes steps of calculating a test result (5) from a reference random number (4) subjected to the secret key algorithm (2), of comparing the test result (5) with a reference result (6), and of ensuring that the calculated result is transmitted only when the test result (5) is identical to the reference result (6).
Description
2319150 A SECURITY METHOD FOR MAKING SECURE AN AUTHENTICATION METHOD THAT
USES A SECRET KEY ALGORITHM The present invention relates to a security method for making secure an authentication method that uses a 5 secret key algorithm.
Authentication methods are known that make use of a secret key algorithm for the purpose of controlling access to a terminal, to a memory zone, or to a machine. For example, in the case of accessing a terminal by means of an integrated circuit card, the authentication method includes the steps of causing the terminal to issue a random number, of subjecting said random number to the secrete key algorithm contained in the memory of the integrated circuit and inaccessible from the outside for reading and for writing, and in transmitting the calculated result that is obtained to the terminal. In parallel, the terminal has available an authentication result obtained either by performing an analogous calculation in a security module present in the terminal or else by a link with a central organization that performs an analogous calculation or that has a correspondence table between the issued random number and the authentication result that ought to be obtained. The result calculated in the card and the authentication result are then compared and access is authorized only if the calculated result and the authentication result are identical.
A person attempting to get round the authentication method needs to discover the secret key which is stored in inaccessible manner in the card, given that the algorithm itself is generally of a known type. Physical access to the secret key is made practically impossible by existing protection techniques and, without being able to gain access directly to the secret key, attackers with access to powerful computer means have developed algorithms for reconstituting a secret key on the basis of calculation errors in the secret key algorithm, which 2 calculation errors can be provoked by subjecting a memory zone containing the secret key algorithm or a working memory zone of the microprocessor to abnormal stresses such as ion bombardment, mechanical stress, heat stress, 5 light stress, electrical stress, magnetic stress, Certain types of secret key reconstitution algorithm proceed by issuing the same number to be subjected to the secret key algorithm on successive occasions and in analyzing the different results obtained when the secret key algorithm is subjected to disturbances that give rise to calculation errors. In order to counter such reconstitution algorithms, proposals have been made to disable the secret key algorithm in the event of the same number being submitted on successive occasions. However is that technique is not very effective because it is possible to present different numbers cyclically or to provide some kind of correlation between successive numbers as presented, thus enabling the calculated results that are obtained to be used in reconstituting the secret key.
In order to disturb the operation of the secret key reconstitution algorithm, proposals have also been made to replace transmission of the calculated result in random manner with a result that is independent of the result actually calculated by the secret key algorithm. Thus, regardless of the disturbances inflicted by the attacker, the result received is independent of the originally issued number, thus causing the algorithm for reconstituting the secret key to search in erroneous manner for a correlation between the number issued and the result received. Unfortunately, transmitting a random result leads to a negative comparison with the authentication result, thereby causing an anomaly signal to be generated, and runs the risk of disturbing a bona fide user.
The invention provides a security method for making secure an authentication method of the above-specified 3 type, the security method comprising steps of calculating a,test result from a reference random number subjected to the secret key algorithm, of comparing the test result with a reference result, and of ensuring that the calculated result is transmitted only when the test result is identical to the reference result.
Thus, when the algorithm is subjected to disturbances by an attacker, then the attacker is prevented from receiving information that results from the disturbances caused.
In an advantageous version of the invention, a random result is transmitted when the test result is different from the reference result. Thus, the attacker has the impression of receiving information that is the result of the generated disturbance, whereas in fact the information received is entirely independent thereof and is of no use in determining the secret key.
In another advantageous version of the invention, the steps of the security method are performed on a random basis. This reduces the average time taken to verify the algorithm.
In yet another advantageous version of the invention, the secret key algorithm includes at least one intermediate stage and a comparison between an intermediate test result and an intermediate reference result is performed at the end of at least each intermediate stage. Verification can then be performed systematically without excessively increasing total execution time. In a preferred implementation of this version of the invention, the number of intermediate stages subjected to steps of the security method and/or the selection of said stages is determined in random manner. Under such circumstances, the security method preferably further includes a time delay step of duration that is determined so that a response is transmitted in a length of time that is not correlated with the stages of the algorithm that are subjected to the security method.
4 This prevents an attacker being informed about the verification performed by observing the time that elapses between transmitting the random number and receiving the result.
Other characteristics and advantages of the invention appear on reading the following description of two preferred implementations of the security method of the invention, described with reference to the accompanying figures, in which:
0 Figure 1 is a block diagram of a first implementation of the security method of the invention; and Figure 2 is a block diagram of a second implementation of the security method of the invention.
With reference to Figure 1, the authentication method comprises in conventional manner the steps of submitting a random number 1 to a secret key encrypting algorithm 2 in order to obtain a calculated result 3.
According to the invention, the security method includes the steps of submitting a reference random number 4 to the secret key algorithm 2 to obtain a test result 5, and comparing the test result with a reference result 6, where the test result will be identical thereto providing the operation of the secret key algorithm has not been disturbed. In the preferred implementation shown in Figure 1, the security method includes, for the case where the test result is not identical with the reference result, a step 7 in which a random result is transmitted, i.e. a number that has the same structure as the calculated result but in which at least a portion has been obtained in a random manner, it being possible f or the remainder to be constituted by portions of the calculated result. Otherwise, if the test result is indeed identical to the reference result, that means the algorithm has operated normally and the security method then includes a step 8 of transmitting the calculated result 3.
Concerning the random reference number and the reference result, it should be observed that these may be constituted by a single pair which is used on each occasion that the security method steps are implemented, or by a pair that is extracted randomly from a table having a plurality of reference random numbers and corresponding reference results.
As mentioned above, the security method steps are preferably not performed on each occasion that a number is submitted to the secret key algorithm, but are performed, on the contrary, on a random basis. This makes it possible for the total duration of processing time to be increased only from time to time, while still making it possible to detect attempts at fraud on a statistical basis.
Figure 2 shows another implementation of the method of the invention in which steps identical to those of Figure 1 are given the same numerical references. The method of the second implementation differs from the method shown in Figure 1 essentially by the fact that the reference random number is constituted in this case by the received random number which is then subjected to the secret key cryptographic algorithm twice running, a first time to give a calculated result that also serves as the reference result, and a second time to give a test result, and it is these two results that are compared with each other.
In addition, in this embodiment the secret key algorithm is subdivided into two stages, an intermediate stage 2.1 serving to obtain an intermediate calculated result 3.1 and an intermediate test result 5.1 which are subjected to a first comparison, and a final stage 2.2 which, in this example, is engaged only if the comparison of the intermediate results is positive, and which allows a calculated result 3.2 and a test result 5.2 to be obtained that are subjected to a second comparison. When either of the comparisons gives rise to non-identity, a 6 random result 7 is transmitted. In order to ensure that the apparent processing time, i.e. the time that elapses between a random number 1 being submitted and a response being transmitted, cannot give information concerning the number or the choice of algorithm stages that are subjected to verification, the method also includes a time delay step 9 of duration that can either be calculated so that the total processing time is constant, or else that is determined so that the total time appears to be random.
Naturally, the invention is not limited to the embodiments described and it is possible to provide variants without thereby going beyond the ambit of the invention as defined in the claims.
is In particular, although the second embodiment describes a secret key algorithm that is subdivided into two stages only, it is possible to increase the number of stages and correspondingly increase the number of comparisons between intermediate calculated results and intermediate test results. Implementation of a multistage secret key algorithm can also be performed in the context of the first implementation. Under such circumstances, it is possible either to reinject the intermediate test result into the following stage of the secret key algorithm, or else to start again with a new reference random number and then compare the intermediate test result that is obtained with the corresponding intermediate reference result.
When comparison between the test result and the reference result is negative, it is also possible to permanently disable the secret key algorithm so as to foil any further attack. In order to avoid disabling the secret key algorithm merely as a result of a genuinely accidental disturbance, it is also possible to provide an anomaly counter so as to disable the secret key algorithm only after some determined number of anomalies.
7
Claims (11)
1. A security method for making secure an authentication method that includes the steps of obtaining a calculated result from a random number submitted to a secret key algorithm and further comprising the steps of calculating a test result from a reference random number subjected to the secret key algorithm, of comparing the test result with a reference result, and of ensuring that the calculated result is transmitted only when the text result is identical to the reference result.
2. A security method according to Claim 1, wherein a random result is transmitted when the test result is different from the reference result.
3. A security method according to Claim 1, wherein is the steps of the security method are performed on a random basis.
4. A security method according to Claim 1, wherein the secret key algorithm includes at least one intermediate stage and in that a comparison between an intermediate test result and an intermediate reference result is performed at the end of at least each intermediate stage.
5. A security method according to Claim 4, wherein the number of intermediate stages subjected to steps of the security method is determined in random manner.
6. A security method according to Claim 4, wherein the intermediate stages subjected to the steps of the security method are selected in random manner.
7. A security method according to Claim 5 or Claim 6, further including a time delay step of duration that is determined so that a response is transmitted in a length of time that is not correlated with the stages of the algorithm that are subjected to the security method.
8. A security method according to Claim 1, wherein the reference result is the calculated result.
8
9. A security method according to Claim 1, wherein the reference random number and the reference result are stored prior to implementing the security method.
10. A security method according to Claim 9, wherein the reference random number and the reference result are extracted in random manner from a table comprising a plurality of reference random numbers and of corresponding reference results.
11. A security method substantially as hereinbefore described, with reference to, and as illustrated by, the accompanying drawings.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9613337A FR2755267B1 (en) | 1996-10-31 | 1996-10-31 | METHOD FOR SECURING AN AUTHENTICATION PROCESS USING A SECRET KEY ALGORITHM |
Publications (3)
Publication Number | Publication Date |
---|---|
GB9722907D0 GB9722907D0 (en) | 1998-01-07 |
GB2319150A true GB2319150A (en) | 1998-05-13 |
GB2319150B GB2319150B (en) | 2001-05-23 |
Family
ID=9497241
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9722907A Expired - Fee Related GB2319150B (en) | 1996-10-31 | 1997-10-30 | A security method for making secure an authentication method that uses a secret key algorithm |
Country Status (3)
Country | Link |
---|---|
DE (1) | DE19748265B4 (en) |
FR (1) | FR2755267B1 (en) |
GB (1) | GB2319150B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001030104A1 (en) * | 1999-10-19 | 2001-04-26 | Setec Oy | Authentication of subscriber station |
WO2004084486A1 (en) * | 2003-03-18 | 2004-09-30 | Eta-Max | Method to increase security of secure systems |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101784051B (en) * | 2009-01-21 | 2012-11-21 | 华为技术有限公司 | Method for verifying completeness of platform, network device and network system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4926475A (en) * | 1988-11-30 | 1990-05-15 | Motorola, Inc. | Data encryption key failure monitor |
GB2279540A (en) * | 1993-06-10 | 1995-01-04 | Kokusai Denshin Denwa Co Ltd | Mutual authentication / cipher key delivery system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2666671B1 (en) * | 1990-09-12 | 1994-08-05 | Gemplus Card Int | METHOD FOR MANAGING AN APPLICATION PROGRAM LOADED IN A MICROCIRCUIT MEDIUM. |
FR2704341B1 (en) * | 1993-04-22 | 1995-06-02 | Bull Cp8 | Device for protecting the keys of a smart card. |
FR2705810B1 (en) * | 1993-05-26 | 1995-06-30 | Gemplus Card Int | Chip card chip provided with a means of limiting the number of authentications. |
US5533123A (en) * | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
EP0708413B1 (en) * | 1994-09-30 | 2002-04-10 | Microchip Technology Inc. | Circuit and its method of operation |
-
1996
- 1996-10-31 FR FR9613337A patent/FR2755267B1/en not_active Expired - Fee Related
-
1997
- 1997-10-30 GB GB9722907A patent/GB2319150B/en not_active Expired - Fee Related
- 1997-10-31 DE DE1997148265 patent/DE19748265B4/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4926475A (en) * | 1988-11-30 | 1990-05-15 | Motorola, Inc. | Data encryption key failure monitor |
GB2279540A (en) * | 1993-06-10 | 1995-01-04 | Kokusai Denshin Denwa Co Ltd | Mutual authentication / cipher key delivery system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001030104A1 (en) * | 1999-10-19 | 2001-04-26 | Setec Oy | Authentication of subscriber station |
WO2004084486A1 (en) * | 2003-03-18 | 2004-09-30 | Eta-Max | Method to increase security of secure systems |
Also Published As
Publication number | Publication date |
---|---|
DE19748265A1 (en) | 1998-05-07 |
GB2319150B (en) | 2001-05-23 |
FR2755267A1 (en) | 1998-04-30 |
DE19748265B4 (en) | 2008-01-10 |
GB9722907D0 (en) | 1998-01-07 |
FR2755267B1 (en) | 1998-12-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6101254A (en) | Security method for making secure an authentication method that uses a secret key algorithm | |
US4890323A (en) | Data communication systems and methods | |
US6134661A (en) | Computer network security device and method | |
US10572648B2 (en) | Fraud resistant passcode entry system | |
AU637191B2 (en) | Method and apparatus for verification of passwords | |
US5371796A (en) | Data communication system | |
US5475758A (en) | User authenticating system and method in wide area distributed environment | |
US7073067B2 (en) | Authentication system and method based upon random partial digitized path recognition | |
US6957338B1 (en) | Individual authentication system performing authentication in multiple steps | |
CN1707999B (en) | Distributed management of a certificate revocation list | |
US6442692B1 (en) | Security method and apparatus employing authentication by keystroke dynamics | |
KR100405574B1 (en) | Tamper resistant methods and apparatus | |
US7093291B2 (en) | Method and system for detecting and preventing an intrusion in multiple platform computing environments | |
US5253295A (en) | Process for authentication, by an outside medium, of a portable object connected to that medium via a transmission line and system for carrying out the process | |
US20060101047A1 (en) | Method and system for fortifying software | |
US10395053B2 (en) | Method for inhibiting mass credential theft | |
JP2000132515A (en) | Device and method for judging wrong access | |
KR20060126973A (en) | Secret information processing system and lsi | |
US5894519A (en) | Process for the dissimulaton of a secret code in a data authentication device | |
JPH0934798A (en) | Electronic assembly with integrated circuit device with lockcircuit | |
KR20050053967A (en) | Authorization system and method for utilizing one time password based on time synchronization | |
GB2319150A (en) | A security method for making secure an authentication method that uses a secret key algorithm | |
WO2008031143A1 (en) | Password generator | |
KR101624394B1 (en) | Device for authenticating password and operating method thereof | |
KR100243347B1 (en) | Computer password protection method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20151030 |