GB2576845A - Encryption and link bringup for low power devices - Google Patents

Encryption and link bringup for low power devices Download PDF

Info

Publication number
GB2576845A
GB2576845A GB1916942.4A GB201916942A GB2576845A GB 2576845 A GB2576845 A GB 2576845A GB 201916942 A GB201916942 A GB 201916942A GB 2576845 A GB2576845 A GB 2576845A
Authority
GB
United Kingdom
Prior art keywords
node
key
cloud
public
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1916942.4A
Other versions
GB2576845B (en
GB201916942D0 (en
Inventor
Tjora Sigve
Tegdan Jorgen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Disruptive Technologies Research AS
Original Assignee
Disruptive Technologies Research AS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Disruptive Technologies Research AS filed Critical Disruptive Technologies Research AS
Publication of GB201916942D0 publication Critical patent/GB201916942D0/en
Publication of GB2576845A publication Critical patent/GB2576845A/en
Application granted granted Critical
Publication of GB2576845B publication Critical patent/GB2576845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Systems and methods for link bring-up between a node and the cloud entail the This disclosure provides a new method for securing mutual authenticity and at the same time establishing encryption keys, i.e. establishing a trusted link. The benefit of the new method is that it only uses established encryption algorithms (i.e. AES) and no special software for certification. The advantage of this is that encryption algorithms are already present in the code since they will be used for encryption and that many embedded microcontrollers have support for this in hardware.

Claims (1)

1. A method for link bring -up between a node and the cloud comprising: node generates a new link bring-up key pair, sKnBx - pKnBx; a secret part of this key (sKnBx) is combined with the common public key from the cloud for link bring-up (pKcBm) to form a shared key, Kl; the same shared key (Kl) is generated in the cloud using the public part of the node session key (pKnBx) and the secret part of the link bring-up key (sKcBm); the node sends its node ID and the link version number to use for the bring up to the cloud, encrypted with AES using shared key Kl; the node generates a new session key pair sKnSx - pKnSx and sends the public part (pKnSx) to the cloud using Kl for encryption; the cloud uses the node ID to find the node specific initial key pairs, where the cloud has pKnOx and sKcOx. The cloud combines the received public session key, pKnSx, with its own private initial key, sKcOx to form a new shared key K2; the cloud generates a new session key pair, pKcSx and sKcSx; the public part, pKcSx, is sent to the node using K2 for encryption; the node combines its secret session key, sKnSx with the cloud's initial public key, pKcOx using ECDH for form the new shared key K2; the node decrypts the message received and verifies the MIC; node proves its authenticity by showing that it has the node specific initial secret key, sKnOx; cloud combines the node's public initial key (pKnOx) with the cloud's secret session key (sKcSx) to form K3; same secret key (K3) formed by node by combining public session key from the cloud (pKcSx) with the secret initial key (sKnOx); and cloud determines node is authentic when it receives a message with correct MIC using K3, as this is based on the node having access to sKnOx.
GB1916942.4A 2017-04-25 2018-04-25 Encryption and link bringup for low power devices Active GB2576845B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762489630P 2017-04-25 2017-04-25
PCT/EP2018/060646 WO2018197590A1 (en) 2017-04-25 2018-04-25 Encryption and link bringup for low power devices

Publications (3)

Publication Number Publication Date
GB201916942D0 GB201916942D0 (en) 2020-01-08
GB2576845A true GB2576845A (en) 2020-03-04
GB2576845B GB2576845B (en) 2021-11-03

Family

ID=62904402

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1916942.4A Active GB2576845B (en) 2017-04-25 2018-04-25 Encryption and link bringup for low power devices

Country Status (3)

Country Link
DE (1) DE112018002161T5 (en)
GB (1) GB2576845B (en)
WO (1) WO2018197590A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005081492A1 (en) * 2004-02-20 2005-09-01 Matsushita Electric Industrial Co., Ltd. Method and system for proxy-based secure end-to-end tcp/ip communications
US20160149908A1 (en) * 2014-02-18 2016-05-26 Panasonic Intellectual Property Corporation Of America Authentication method and authentication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005081492A1 (en) * 2004-02-20 2005-09-01 Matsushita Electric Industrial Co., Ltd. Method and system for proxy-based secure end-to-end tcp/ip communications
US20160149908A1 (en) * 2014-02-18 2016-05-26 Panasonic Intellectual Property Corporation Of America Authentication method and authentication system

Also Published As

Publication number Publication date
GB2576845B (en) 2021-11-03
DE112018002161T5 (en) 2020-01-16
WO2018197590A1 (en) 2018-11-01
GB201916942D0 (en) 2020-01-08
WO2018197590A9 (en) 2019-03-14

Similar Documents

Publication Publication Date Title
WO2019204670A3 (en) Decentralized protocol for maintaining cryptographically proven multi-step referral networks
JP6221014B1 (en) Secure shared key sharing system and method
EP4254248A3 (en) Cryptographic methods and systems for managing digital certificates
WO2019137564A3 (en) Securely executing smart contract operations in a trusted execution environment
SG10201901366WA (en) Key exchange through partially trusted third party
RU2014126582A (en) SIMPLIFIED MANAGEMENT OF GROUP SECRET KEYS
WO2017109584A3 (en) Computer-implemented cryptographic method for improving a computer network, and terminal, system and computer-readable medium for the same
WO2015157693A3 (en) System and method for an efficient authentication and key exchange protocol
PH12019550119A1 (en) Addressing a trusted execution environment using signing key
EP2544425A3 (en) Secure dissemination of events in a publish/subscribe network
WO2016057086A3 (en) Common modulus rsa key pairs for signature generation and encryption/decryption
Cheikhrouhou et al. A lightweight user authentication scheme for wireless sensor networks
SA114350627B1 (en) Key agreement protocol
WO2011017099A3 (en) Secure communication using asymmetric cryptography and light-weight certificates
WO2011130554A3 (en) Power savings through cooperative operation of multiradio devices
JP2017050849A5 (en)
ur Rahman et al. A lightweight multi-message and multi-receiver heterogeneous hybrid signcryption scheme based on hyper elliptic curve
GB2512249A (en) Secure peer discovery and authentication using a shared secret
IN2014DN03111A (en)
CN105306492A (en) Asynchronous key negotiation method and device aiming at secure instant messaging
US10699031B2 (en) Secure transactions in a memory fabric
EP4274157A3 (en) Communicating securely with devices in a distributed control system
WO2016044856A3 (en) Nado cryptography with key generators
JP2015500585A5 (en)
GB2503618A (en) Single-round password-based key exchange protocols