JP2005151132A - Key delivery system and encrypting apparatus in encryption communication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encrypting apparatus where a cause of the occurrence of a communication fault is easily discovered in encryption communication. <P>SOLUTION: The encrypting apparatus 3 comprises a terminal interface part 31, a encrypting/decrypting part 32, a line interface part 34, a key generation part 35, a test data analyzing part 36, a data transmission and reception part 37, and a switching switch 33. When delivering an encryption key, the apparatus generates a public key by encryption communication using a master key set in advance, exchanges the public key by encryption communication using the master key between an opposing encrypting apparatus, generates a session key using the exchanged public key, and exchanges the session key by encryption communication using the master key between the opposing encrypting apparatus to perform a key delivering procedure. When the key delivering procedure is finished normally, test data mounting a communication kind are exchanged by encryption communication using the session key between the opposing encrypting apparatus to detect the normal finish of encryption key exchange and the kind of communication. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a key distribution method in encrypted communication that accommodates a data communication line, encrypts the data flowing in the line, and sends the encrypted data to the partner apparatus. The partner apparatus decrypts the received data and sends it to the line. The present invention relates to an encryption apparatus to which this key distribution method is applied.

  Conventionally, in an encryption device that encrypts and sends data to prevent wiretapping and tampering of data flowing on the line and decrypts the data on the receiving side, a common key cryptosystem that uses the same encryption key at the time of encryption and decryption A public key cryptosystem is known that performs encryption using a public key that has been made public and uses a secret key that is not made public when decrypting.

  In the common key cryptosystem, it is necessary to change the encryption key for each communication or for every fixed period. A key used for communication is called a work key or a session key. When this key is used or changed, it is necessary that devices for encryption simultaneously generate and change the encryption key. The procedure for generating and distributing the work key is called a key distribution procedure.

  As a key distribution procedure, the generation of a shared key by Diffie-Hellmann has been proposed (see Non-Patent Document 1, for example). A protocol called IKE has also been proposed.

In these proposals, a procedure for key distribution is defined, and it is assumed that communication is performed after the key is encrypted.
Information Processing Progressive Business Association Security Center “Encryption Technology Evaluation Report” March 2001, p. 151-153

  In the prior art, a key distribution procedure is activated to distribute an encryption key for encrypting communication. Then, encrypted data communication is performed after the key distribution procedure is completed. That is, normally only encrypted communication is assumed. Therefore, if an error occurs randomly on the line during encrypted communication, an error occurs in the encrypted data, so the decrypted data does not become normal data and a communication error occurs. May cause trouble. Normally, the occurrence of an error on the line is recovered by a retransmission procedure. However, in the encryption device, the key distribution did not end normally, whether the cause of the error was the occurrence of an error on the line or the failure of the encryption / decryption device that encrypts / encodes. In other words, since there are many factors that cause the encryption keys to be inconsistent or the encryption methods themselves are different, it takes time to investigate the cause. Further, in order to investigate whether the cause of failure is encryption or not, it is necessary to remove each encryption device or to set both to non-encrypted encrypted communication, which is troublesome.

  It is an object of the present invention to provide means that can easily determine the cause of a failure when a communication failure occurs in encrypted communication.

  In order to solve the above problem, according to the present invention, in the key distribution procedure, a data check before the start of communication is performed, and a communication method can be specified at this time. This eliminates encryption key mismatches and differences in encryption methods, and allows the communication type to be specified in the data check procedure. For example, if non-encrypted communication settings are made on one side, the other side also becomes non-encrypted. So that it becomes a communication.

  In order to solve the above-described problem, the present invention provides a method in which a specified test data is first transferred from an encryption device to a counter-side encryption device when key distribution is normally completed when a key distribution procedure for distributing a session key is started. To the other side, decryption is performed by the opposite side encryption device, and the contents are confirmed. Thereafter, the same operation is performed in the reverse direction from the opposite encryption device to the encryption device to confirm that the test data can be correctly encrypted and decrypted. This makes it possible to check whether the session key is normal or whether there is a difference in the encryption procedure.

  In addition, the contents of the test data can be selected according to the subsequent communication type. As a result, the requested communication type is communicated to the other party so that the communication type with the other party can be adjusted, encrypted communication performed by encrypting communication after the key distribution is completed, bypass communication in which user data is passed as it is, or It is possible to specify whether to perform loop test communication for looping back data or remote setting for copying various communication conditions on the local side.

  By implementing the present invention, by transmitting and receiving test data after key distribution, it becomes possible to determine key distribution failure and encryption / decryption failure before entering communication. Therefore, it becomes possible to construct a communication system that makes it easy to investigate the cause of failure.

  In addition, since it becomes possible to set the communication type according to the content of the test data after key distribution, the setting on the opposite side becomes unnecessary when performing non-encrypted communication or when performing a loop test, thereby improving maintainability. Can do.

  Since the present invention performs communication confirmation even when the encryption key encrypted by key distribution is changed, it is possible to eliminate factors such as encryption key mismatch in elucidating the cause when a communication error occurs. In addition, since the communication type can be specified at the time of test data transmission / reception, maintenance can be improved and convenience can be improved.

  The system configuration of the present invention will be described with reference to FIG. A communication system to which the present invention is applied includes a transmission side encryption device 3C connected to a transmission side data terminal device 1C via a communication line 6C, and a connection side data terminal device 1R connected via a communication line 6R. The incoming side encryption device 3R is configured to be connected to the communication network 5 via the communication line 7C and the communication line 7R, respectively. Data from the sending data terminal device 1C is input to the sending encryption device 3C through the communication line 6C. The originating side encryption device 3C encrypts the data and transmits the encrypted data to the opposite receiving side encryption device 3R through the communication line 7C, the communication network 5, and the communication line 7R. The incoming side encryption device 3R decrypts the received encrypted data and transmits the decrypted data to the incoming side data terminal device 3R through the communication line 6R.

  The data on the communication line 6C and the communication line 6R is unencrypted data, and the data on the communication line 7C, the communication line 7R and the communication network 5 is encrypted data. It cannot be tapped and tampered with.

  The hardware configuration of the encryption device 3 using the present invention will be described with reference to FIG. The encryption device 3 includes a terminal interface unit 31, an encryption / decryption unit 32, a changeover switch 33, a line interface unit 34, a key generation unit 35, a test data analysis unit 36, and a data transmission / reception unit 37. And an idle data transmission unit 38.

  The terminal interface unit 31 has a function of connecting to the data terminal device 1.

  The encryption / encoding device 32 has a function of encrypting the data received from the data terminal device 1 and decrypting the encrypted data received from the opposing encryption device 3 into the original data. The key used for encryption and decryption at this time is a master key (a key set in advance in the transmission side encryption device 3C and the reception side encryption device 3R) Km used only during key distribution and communication. There is a session key Ks that is used for encryption / encoding when performing.

  The change-over switch 33 is a switch for switching whether the connection with the encryption / decryption unit 32 is the terminal interface unit 31 or the data transmission / reception unit 37. When the key distribution procedure is activated, the selector switch 33 is switched to the data transmission / reception unit 37 side, and during communication, the switch 33 is switched to the terminal interface unit 31 side. Furthermore, the changeover switch 33 is a switch that selects whether or not the idle data transmission unit 38 is connected to the terminal interface unit 31. The idle data transmission unit 38 is connected to the terminal interface unit 31 when the key distribution procedure is activated, and the idle data transmission unit 38 is disconnected from the terminal interface unit 31 during communication.

  The line interface unit 34 has a function of connecting the communication network 5 and the encryption device 3.

  The key generation unit 35 has a function of storing the master key Km and generating and storing the next session key Ks in the key distribution procedure, and the master key Km and the generated session key Ks according to the state. To the encryption / decryption device 32.

  The test data analysis unit 36 has a function of generating test data, analyzing received data, and determining a communication type after key distribution in transmission / reception of test data after key distribution.

  The data transmitter / receiver 37 is a driver that transmits and receives test data.

  The idle data transmission unit 38 has a function of generating and transmitting idle data.

  With reference to FIG. 3, an operation sequence when the present invention is implemented using the encryption apparatus will be described. This encryption apparatus uses the Diffie-Hellmann method, which is an encryption key sharing method based on common key generation, as a key distribution procedure.

  Before the start of communication, the transmitting side encryption device 3C sends idle data which is meaningless data to the data terminal device 1C connected by connecting the idle data transmission unit 38 to the terminal interface 31 (S1). . When the Diffie-Hellmann key distribution procedure is activated as the key distribution procedure, the transmitting-side encryption device 3C switches the changeover switch 33 from the terminal interface unit 31 to the data transmission / reception unit 37, and the key generation unit 35 generates a random number Xa. Primitive root Ga = 2 and prime number Gqa are selected (S2). The transmitting side encryption device 3C transmits an in-band header of hardware detection data, which is a signal for starting a key distribution procedure, to the receiving side encryption device 3R (S3).

  The incoming side encryption device 3R that has received the in-band header from the outgoing side encryption device 3C connects the idle data transmission unit 38 to the terminal interface 31, and transmits idle data to the incoming side terminal device 1R (S4). The key generation unit 35 generates a random number Xb, and selects a primitive root Gb = 2 and a prime number Gqb (S5).

  The transmitting side encryption device 3C generates a start request, which is software detection data, by the test data analysis unit 36 and sends it through the data transmission / reception unit 37 (S6).

  Upon receiving the start request, the called encryption device 3R sets the encryption key used in the encryption / decryption unit 32 in the encryption device to the master key Km used for key distribution (S7), and sets the in-band header. In addition to returning (S8), a start request indicating the start of the key distribution procedure is returned to the transmitting side encryption apparatus 3C (S9).

  Upon receiving the in-band header and the start request from the receiving-side encryption device 3R, the transmitting-side encryption device 3C sets the encryption key used in the encryption / decryption unit 32 as the master key Km (S10). Then, the transmitting side encryption device 3C encrypts the start response indicating that the key distribution procedure has started and the selected prime number Gqa with the master key Km, and transmits the encrypted response to the receiving side encryption device 3R (S11).

  The incoming side encryption device 3R that has set the encryption key to the master key Km in step S7 transmits the prime Gqb selected in step S5 encrypted with the master key Km to the transmission side encryption device 3C together with the confirmation response (S12). .

  The encryption devices that have received the start response and the prime number from the encryption device on the other side decrypt the data by the encryption / decryption unit 32 and then deliver the data to the test data analysis unit 36 via the data transmission / reception unit 37.

  Upon receiving the response and the prime number Gqa, the receiving side encryption device 3R compares the prime number Gqa and the prime number Gqb, generates the public key Yb using the larger Gq (S13), and uses the public key Yb as the master key Km. It encrypts and transmits to the transmission side encryption apparatus 3C (S14).

  Upon receiving the response and the prime number Gqb, the transmitting side encryption device 3C compares the prime number Gqa with the prime number Gqb, generates the public key Ya using the larger Gq (S15), and uses the public key Ya as the master key Km. It encrypts and transmits to the receiving side encryption apparatus 3R (S16).

  Receiving side encryption device 3R that received public key Ya generates common key (session key) Ks using random number Xb and prime number Gq (S17).

  Upon receiving the public key Yb, the transmitting side encryption device 3C generates a common key (session key) Ks using the random number Xa and the prime number Gq (S18).

  As described above, the session key ks at the start of communication can be generated in common by encrypted communication using the master key Km. However, when communication is performed in this state, it cannot be determined whether communication encrypted with the session key Km is possible.

  Therefore, in the present invention, after the session key Km is set, the normality of the communication is confirmed between the transmission side encryption device 3C and the reception side encryption device 3R using the session key Km. A test data transmission / reception procedure is executed. That is, the transmitting side encryption device 3C transmits the confirmation request encrypted using the session key ks and the operation content after the procedure, that is, the state instruction a for designating the communication type, to the receiving side encryption device 3R (S19). . Similarly, the receiving side encryption device 3R transmits a confirmation request encrypted using the session key ks and a state instruction b for designating a communication type so as not to operate after the procedure is completed, to the transmission side encryption device 3C ( S20).

  The status indication includes encrypted communication that is normal operation by encryption, bypass communication that performs communication without encrypting data after the procedure is completed, a remote loop that requests that the other party create a loop and return the data, There is a remote setting to copy the operating conditions to the other party.

  The receiving side encryption device 3R that has received the confirmation request and the state instruction a from the transmission side encryption device 3C is the test data analysis unit 36, and the state instruction b sent by itself and the state instruction received from the transmission side encryption device 3C. a is compared, and any state instruction is selected (S21). Similarly, the originating side encryption device 3C that has received the confirmation request and the state instruction b from the receiving side encryption device 3R receives the state instruction a and its own transmission from the receiving side encryption device 3R by the test data analysis unit 36. The state instructions b are compared, and one of the state instructions is selected (S22).

  The content of comparing any state instruction in steps S21 and S22 will be described with reference to Table 1. That is, as a general rule, the priority of status indication (communication type) is given the highest priority in the remote setting, and then the priority decreases in the order of remote loop, bypass communication, and encrypted communication.

  That is, when the status instruction of the other party is encrypted communication, encrypted communication is selected only when the other party's status instruction is encrypted communication, and when the other party's status instruction is remote setting or remote loop or bypass communication The other party's status indication is selected. When the own status indication is bypass communication, bypass communication is selected when the other party's status indication is bypass communication or encrypted communication, and when the other party's status indication is remote setting or remote loop, the other party's status An instruction is selected. When the status instruction of the other party is a remote loop, the remote loop is selected when the other party's status instruction is a remote loop, bypass communication or encrypted communication, and when the other party's status instruction is a remote setting, it cannot be accepted. Is done. When the status indication of the other party is remote setting, the remote setting is selected when the other party's status indication is bypass communication or encrypted communication, and when the other party's status indication is remote setting or remote loop, it cannot be accepted. Is done. Here, “unacceptable” means that the status instruction is not accepted, so that the key distribution fails and the process is terminated.

  The transmitting side encryption apparatus 3C transmits a confirmation response and the selected state instruction to the receiving side encryption apparatus 3R to indicate that the confirmation request is normal and that the selected state instruction is accepted (S23). Similarly, the receiving side encryption device 3R transmits a confirmation response and the selected state instruction to the transmission side encryption device 3C to indicate that the confirmation request is normal and that the selected state instruction is accepted ( S24). For example, when the state instruction a of the calling side encryption device 3C is bypass communication and the state instruction b of the reception side encryption device 3R is encrypted communication, the selected state instruction is bypass communication. The transmitting side encryption device transmits its own state instruction a, and the receiving side encryption device 3R changes its state to bypass communication and transmits the other party's state instruction a.

  The receiving side encryption device 3R monitors whether the confirmation response transmission from itself and the confirmation response reception from the other party are established (S25), and when established, stops sending idle data to the receiving side data terminal device 1R (S25). ), The changeover switch 33 is switched from the data transmitting / receiving unit 37 to the terminal interface unit 31 side, and the state shifts to the bypass communication state. Similarly, 3 C of transmission side encryption apparatuses monitor whether the confirmation response transmission from self and the reception of the confirmation response from the other party are established (S27), and when established, transmission of idle data to the transmission side data terminal apparatus 1C is stopped. (S28), the selector switch 33 is switched from the data transmitting / receiving unit 37 to the terminal interface unit 31 side, and the state shifts to the bypass communication state.

  When the state instruction transmitted in step S23 and step S25 is encrypted communication, encrypted communication of user data using the session key Ks is performed between the transmission side encryption device 3C and the reception side encryption device 3R. It is executed (S29).

  In step S21 and step S22 in the above processing, when the result of verification of the state instruction indicates that the reception is impossible, the state instruction sent by itself is sent again together with the response confirmation. However, it is possible to confirm that the state instructions do not match and recognize that the key distribution has not failed.

  Thus, according to the present invention, when the encryption device performs key distribution prior to encrypted communication, it is possible to confirm that encrypted communication after key distribution is normal by transmitting and receiving test data. In addition, the communication type can be designated when test data is transmitted and received.

The figure explaining the structure of the communication system to which the key distribution system in the encryption communication concerning this invention is applied. The figure explaining the structure of the encryption apparatus which performs the key distribution system in the encryption communication concerning this invention Flowchart for explaining a key distribution method according to the present invention

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Data terminal device 3 Encryption apparatus 5 Communication network 6 Communication line 7 Communication line 31 Terminal interface part 32 Encryption / decomposition part 33 Changeover switch 34 Line interface part 35 Key generation part 36 Test data analysis part 37 Data transmission / reception part 38 Idle Data transmitter

Claims (3)

In a key distribution method in encrypted communication in which data flowing through a line is encrypted between data communication lines such as a basic interface, a primary group interface, and a LAN, and decrypted by an opposite device,
During key distribution work to change the encryption key used for data encryption / decryption between opposing encryption devices,
Send and receive test data to confirm that encryption / decryption can be performed normally after the key distribution process,
According to the content of the test data, it is characterized by setting the communication type such as whether to perform normal encrypted communication or non-encrypted communication without encryption, or to perform a loop test that loops back received data Key distribution method for encrypted communication. A terminal interface unit to which a data terminal device is connected, an encryption / decryption unit for encrypting communication data from the terminal interface and decrypting encrypted data from the line interface unit, and a line interface unit connected to the communication network Select a key generation unit that generates an encryption key, a test data analysis unit that analyzes test data, a data transmission / reception unit, a terminal interface unit, and a data transmission / reception unit, and connect to the encryption / decryption unit In an encryption device having a changeover switch to
At the time of encryption key distribution, a public key is generated using a preset master key, and the public key is exchanged by encryption communication using the master key with the opposite encryption device, and the exchanged public key is used. Generate a session key, exchange the session key by encrypted communication using the master key with the opposite encryption device, perform the key distribution procedure,
When test data is exchanged by encrypted communication using a session key with the opposite encryption device when the key distribution procedure is normally completed, and it is detected that the encryption key exchange is normally completed Encryption device to do. The encryption device according to claim 2, wherein
An encryption apparatus, wherein a type of communication to be performed thereafter is mounted on test data and a communication type is set with an opposing encryption apparatus.

Images