GB2576845A - Encryption and link bringup for low power devices - Google Patents
Encryption and link bringup for low power devices Download PDFInfo
- Publication number
- GB2576845A GB2576845A GB1916942.4A GB201916942A GB2576845A GB 2576845 A GB2576845 A GB 2576845A GB 201916942 A GB201916942 A GB 201916942A GB 2576845 A GB2576845 A GB 2576845A
- Authority
- GB
- United Kingdom
- Prior art keywords
- node
- key
- cloud
- public
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Systems and methods for link bring-up between a node and the cloud entail the This disclosure provides a new method for securing mutual authenticity and at the same time establishing encryption keys, i.e. establishing a trusted link. The benefit of the new method is that it only uses established encryption algorithms (i.e. AES) and no special software for certification. The advantage of this is that encryption algorithms are already present in the code since they will be used for encryption and that many embedded microcontrollers have support for this in hardware.
Claims (1)
1. A method for link bring -up between a node and the cloud comprising: node generates a new link bring-up key pair, sKnBx - pKnBx; a secret part of this key (sKnBx) is combined with the common public key from the cloud for link bring-up (pKcBm) to form a shared key, Kl; the same shared key (Kl) is generated in the cloud using the public part of the node session key (pKnBx) and the secret part of the link bring-up key (sKcBm); the node sends its node ID and the link version number to use for the bring up to the cloud, encrypted with AES using shared key Kl; the node generates a new session key pair sKnSx - pKnSx and sends the public part (pKnSx) to the cloud using Kl for encryption; the cloud uses the node ID to find the node specific initial key pairs, where the cloud has pKnOx and sKcOx. The cloud combines the received public session key, pKnSx, with its own private initial key, sKcOx to form a new shared key K2; the cloud generates a new session key pair, pKcSx and sKcSx; the public part, pKcSx, is sent to the node using K2 for encryption; the node combines its secret session key, sKnSx with the cloud's initial public key, pKcOx using ECDH for form the new shared key K2; the node decrypts the message received and verifies the MIC; node proves its authenticity by showing that it has the node specific initial secret key, sKnOx; cloud combines the node's public initial key (pKnOx) with the cloud's secret session key (sKcSx) to form K3; same secret key (K3) formed by node by combining public session key from the cloud (pKcSx) with the secret initial key (sKnOx); and cloud determines node is authentic when it receives a message with correct MIC using K3, as this is based on the node having access to sKnOx.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762489630P | 2017-04-25 | 2017-04-25 | |
PCT/EP2018/060646 WO2018197590A1 (en) | 2017-04-25 | 2018-04-25 | Encryption and link bringup for low power devices |
Publications (3)
Publication Number | Publication Date |
---|---|
GB201916942D0 GB201916942D0 (en) | 2020-01-08 |
GB2576845A true GB2576845A (en) | 2020-03-04 |
GB2576845B GB2576845B (en) | 2021-11-03 |
Family
ID=62904402
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1916942.4A Active GB2576845B (en) | 2017-04-25 | 2018-04-25 | Encryption and link bringup for low power devices |
Country Status (3)
Country | Link |
---|---|
DE (1) | DE112018002161T5 (en) |
GB (1) | GB2576845B (en) |
WO (1) | WO2018197590A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005081492A1 (en) * | 2004-02-20 | 2005-09-01 | Matsushita Electric Industrial Co., Ltd. | Method and system for proxy-based secure end-to-end tcp/ip communications |
US20160149908A1 (en) * | 2014-02-18 | 2016-05-26 | Panasonic Intellectual Property Corporation Of America | Authentication method and authentication system |
-
2018
- 2018-04-25 GB GB1916942.4A patent/GB2576845B/en active Active
- 2018-04-25 WO PCT/EP2018/060646 patent/WO2018197590A1/en active Application Filing
- 2018-04-25 DE DE112018002161.0T patent/DE112018002161T5/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005081492A1 (en) * | 2004-02-20 | 2005-09-01 | Matsushita Electric Industrial Co., Ltd. | Method and system for proxy-based secure end-to-end tcp/ip communications |
US20160149908A1 (en) * | 2014-02-18 | 2016-05-26 | Panasonic Intellectual Property Corporation Of America | Authentication method and authentication system |
Also Published As
Publication number | Publication date |
---|---|
GB2576845B (en) | 2021-11-03 |
DE112018002161T5 (en) | 2020-01-16 |
WO2018197590A1 (en) | 2018-11-01 |
GB201916942D0 (en) | 2020-01-08 |
WO2018197590A9 (en) | 2019-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019204670A3 (en) | Decentralized protocol for maintaining cryptographically proven multi-step referral networks | |
JP6221014B1 (en) | Secure shared key sharing system and method | |
EP4254248A3 (en) | Cryptographic methods and systems for managing digital certificates | |
WO2019137564A3 (en) | Securely executing smart contract operations in a trusted execution environment | |
SG10201901366WA (en) | Key exchange through partially trusted third party | |
RU2014126582A (en) | SIMPLIFIED MANAGEMENT OF GROUP SECRET KEYS | |
WO2017109584A3 (en) | Computer-implemented cryptographic method for improving a computer network, and terminal, system and computer-readable medium for the same | |
WO2015157693A3 (en) | System and method for an efficient authentication and key exchange protocol | |
PH12019550119A1 (en) | Addressing a trusted execution environment using signing key | |
EP2544425A3 (en) | Secure dissemination of events in a publish/subscribe network | |
WO2016057086A3 (en) | Common modulus rsa key pairs for signature generation and encryption/decryption | |
Cheikhrouhou et al. | A lightweight user authentication scheme for wireless sensor networks | |
SA114350627B1 (en) | Key agreement protocol | |
WO2011017099A3 (en) | Secure communication using asymmetric cryptography and light-weight certificates | |
WO2011130554A3 (en) | Power savings through cooperative operation of multiradio devices | |
JP2017050849A5 (en) | ||
ur Rahman et al. | A lightweight multi-message and multi-receiver heterogeneous hybrid signcryption scheme based on hyper elliptic curve | |
GB2512249A (en) | Secure peer discovery and authentication using a shared secret | |
IN2014DN03111A (en) | ||
CN105306492A (en) | Asynchronous key negotiation method and device aiming at secure instant messaging | |
US10699031B2 (en) | Secure transactions in a memory fabric | |
EP4274157A3 (en) | Communicating securely with devices in a distributed control system | |
WO2016044856A3 (en) | Nado cryptography with key generators | |
JP2015500585A5 (en) | ||
GB2503618A (en) | Single-round password-based key exchange protocols |