JP2008259148A - High-strength cipher communication system which minimizes load of repeater - Google Patents

High-strength cipher communication system which minimizes load of repeater Download PDF

Info

Publication number
JP2008259148A
JP2008259148A JP2007117705A JP2007117705A JP2008259148A JP 2008259148 A JP2008259148 A JP 2008259148A JP 2007117705 A JP2007117705 A JP 2007117705A JP 2007117705 A JP2007117705 A JP 2007117705A JP 2008259148 A JP2008259148 A JP 2008259148A
Authority
JP
Japan
Prior art keywords
encryption
key
data
repeater
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2007117705A
Other languages
Japanese (ja)
Inventor
Akio Yamamoto
明生 山本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHIMOUSA SYSTEMS KK
Original Assignee
SHIMOUSA SYSTEMS KK
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHIMOUSA SYSTEMS KK filed Critical SHIMOUSA SYSTEMS KK
Priority to JP2007117705A priority Critical patent/JP2008259148A/en
Publication of JP2008259148A publication Critical patent/JP2008259148A/en
Pending legal-status Critical Current

Links

Images

Abstract

<P>PROBLEM TO BE SOLVED: To solve an issue of load for a repeater when unique encryption key is used to each channel and an issue of vulnerability when a common encryption key is used to all channels in encryption communication network to which many nodes are connected. <P>SOLUTION: Two kinds of encryption keys, a data key for data encryption and a session key for data key encryption, are used so that cipher communication with sufficient strength is realized while minimizing the load of a repeater. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

本発明は暗号通信の中継方式に関するものである。本件に関連して紹介する技術のの中には暗号通信機能以外にも認証機能も兼ね備えているものがあるが、本件では暗号化機能についてのみ注目する。The present invention relates to a relay system for cryptographic communication. Some of the technologies introduced in connection with this case also have an authentication function in addition to the encryption communication function, but in this case, we focus only on the encryption function.

近年のインターネット通信では、社内の重要情報の伝達や個人情報を取扱うため、暗号化通信の重要性が増してきた。そんな中、米ネットスケープコミュニケーションズ社が策定したSSL(Secure Socket Layer)や、これを基にIETFにより標準化されたTLS(Transport Layer Security)という暗号化の規格が生まれ、ウェブブラウジングやメールの送受信の際の暗号化方式として広く採用されている。
RFC2246 In recent Internet communications, the importance of encrypted communications has increased because of the transmission of important company information and personal information. Meanwhile, an encryption standard called SSL (Secure Socket Layer) formulated by Netscape Communications, Inc., and TLS (Transport Layer Security) standardized by IETF based on this, was born. Widely adopted as an encryption method.
RFC2246

一方、無線LANの通信方式としては、WEP(Wired Equivalent Privacy)やWPA(Wi−Fi Protected Access)と言った暗号化方式が広く採用されている。なお無線LANでは多くの場合中継機能を担うアクセスポイントを比較的低性能なハードウェアとして製造するため、通信に使う暗号化キーは全てのノードで共通とし、中継する際にそのまま転送するしくみとなっている。このため、使用している暗号化キーが漏洩してしまうと、当該無線LANに参加している全てのノードの通信が盗聴されてしまうという脆弱性が存在する。このため、WPAのサブセットであるTKIP(Temporal Key Integrity Protocol)の様に暗号化キーを一定時間ごとに更新する方式も存在する。
IEEE802.11b IEEE802.11i On the other hand, encryption methods such as WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) are widely used as wireless LAN communication methods. In many cases, in wireless LANs, the access point responsible for the relay function is manufactured as relatively low-performance hardware, so the encryption key used for communication is the same for all nodes and is transferred as it is when relaying. ing. For this reason, if the encryption key used is leaked, there is a vulnerability that the communication of all nodes participating in the wireless LAN is eavesdropped. For this reason, there is a method of updating the encryption key at regular intervals, such as TKIP (Temporal Key Integrity Protocol) which is a subset of WPA.
IEEE 802.11b IEEE802.11i

図1の様に、1台ないし数台の中継器が多数のノードの暗号通信を中継する際に、SSLやTLSの様な通信路固有の暗号化キーを用いる方式を採用した場合、中継器は全てのデータを復号化、再暗号化し中継しなければならないため非常に大きな負荷となる。As shown in FIG. 1, when one or several repeaters relay encrypted communication of a large number of nodes, when a method using an encryption key unique to a communication path such as SSL or TLS is adopted, the repeater Is a very heavy load because all data must be decrypted, re-encrypted and relayed.

図2の様に、上記の方式の場合、もう1つの手段としては、ノードと中継器の間で暗号化キーを共有するのではなく、データ送信元ノードとデータ送信先ノードのペア毎に固有の暗号化キーを持つという方法も考えられる。この場合には中継器では復号化、再暗号化をしなくても良いので負荷が小さい。しかし、接続ノード数をNとした場合にNの2乗―N個のキーが必要となるため接続ノード数が数千など多数になった場合に現実的に採り得る手段ではない。As shown in FIG. 2, in the case of the above method, as another means, the encryption key is not shared between the node and the repeater, but unique to each pair of the data transmission source node and the data transmission destination node. It is also conceivable to have an encryption key. In this case, the repeater does not have to perform decryption and re-encryption, so the load is small. However, when the number of connection nodes is N, N square-N keys are required, so this is not a practical measure when the number of connection nodes becomes as large as several thousand.

一方、図3の様に全てのノードが同じ暗号化キーを用いて通信を行うケースでは中継器はユーザデータを参照するために復号化と再暗号化を行っても良いし、何もせずにそのまま中継してもよいため、中継器に掛かる処理負荷は少ない。ただしこの方式ではどこかで暗号化キーが漏洩すると全ての通信が傍受可能となるため、暗号化キーの更新が必須となる。On the other hand, in the case where all nodes communicate using the same encryption key as shown in FIG. 3, the repeater may perform decryption and re-encryption in order to refer to the user data. Since it may be relayed as it is, the processing load on the repeater is small. However, in this method, if the encryption key leaks somewhere, all communications can be intercepted, so the encryption key must be updated.

上記暗号化キーの具体的な危機の1つとして挙げられるのは、ノード上でのクラッシュダンプの取得である。これは悪意のあるユーザが暗号通信網に接続しているノードを故意にソフトウェア的にクラッシュさせ、その際のメモリダンプを取得し、通信に使われている暗号化キーを見つけ出すという方法である。この危機に対応する方法としては、暗号化キーを参加ノードの減少時に更新するという方法である。クラッシュダンプを取得するという事はノードがクラッシュする事なので再起動しクラッシュダンプファイルが生成されるまでは数十秒から数分掛かる。この際に当該ノードが接続していた暗号通信網は切断を検知できる事からこの時暗号化キーを更新すれば、漏洩した暗号化キーは取得時点で使われなくなる。ただしこの方法においても接続ノード数が数千など多数になると、暗号化キーの一斉交換に掛かる負荷や時間が現実的ではなくなるという弱点がある。One specific crisis of the encryption key is to obtain a crash dump on the node. This is a method in which a malicious user intentionally crashes a node connected to an encryption communication network, acquires a memory dump at that time, and finds an encryption key used for communication. As a method for dealing with this crisis, the encryption key is updated when the number of participating nodes is reduced. Acquiring a crash dump is a node crash, so it takes tens of seconds to several minutes to restart and generate a crash dump file. At this time, since the encryption communication network to which the node is connected can detect disconnection, if the encryption key is updated at this time, the leaked encryption key is not used at the time of acquisition. However, this method also has a weak point that when the number of connected nodes becomes large, such as several thousand, the load and time required for simultaneous exchange of encryption keys become unrealistic.

複数のノードにて共有されている暗号化キーを更新する際に全ノードが更新するまで通信が止まらないようにするために新旧2世代の暗号化キーをノードが保持し、更新処理の進行中に並行してしまうデータ送受信処理の際どちらの暗号化キーで暗号化されたデータでも取り扱える様にする技術も存在する。しかしこの場合にも前項の多数ノード時の課題を解決できない。
特許公開2004−186814 When updating an encryption key shared by multiple nodes, the node holds the old and new 2nd generation encryption keys so that communication does not stop until all nodes are updated, and the update process is in progress In addition, there is a technique for handling data encrypted with either encryption key in data transmission / reception processing that is in parallel with each other. However, even in this case, the problem of the large number of nodes in the previous section cannot be solved.
Patent Publication 2004-186814

本発明では、ユーザデータの暗号化に用いる暗号化キー(以下、データキー)と通信路毎に固有の暗号化キー(以下、セッションキー)という2種類の暗号化キーを併用する事により、すべての課題を解決する。なお、本件発明では上記2種類の暗号化キーのうち、セッションキーの配布方法については具体的に定義せず、Diffie Hellman方式や公開鍵暗号方式などにより安全に配布されている事を前提とする。
PKCS#3 RFC2313 In the present invention, an encryption key (hereinafter referred to as a data key) used for encrypting user data and an encryption key (hereinafter referred to as a session key) unique to each communication path are used in combination, Solve the problem. In the present invention, among the above two types of encryption keys, the session key distribution method is not specifically defined, and it is assumed that the session key is securely distributed by the Diffie Hellman method, the public key encryption method, or the like. .
PKCS # 3 RFC2313

まず、通信路を確立する段階で当該通信路固有のセッションキーをノードと中継器にて共有する。First, at the stage of establishing a communication path, a session key unique to the communication path is shared between the node and the repeater.

ノードでは、自分がデータを送信する際に使用するデータキーを他者が予測不能な方法を用いて生成する。The node generates a data key used when transmitting data by using a method that cannot be predicted by others.

この時点で通信網上では図6の様に各ノードはセッションキー1個とデータキー1個を保持し、中継器では通信路数分のセッションキーを保持している。At this point, each node holds one session key and one data key on the communication network as shown in FIG. 6, and the repeater holds as many session keys as the number of communication paths.

通信路上にパケットを送信する際には図4のデータ形式を用いる。まずデータの先頭には当該パケットの長さなどの情報を格納したヘッダ部を設ける。その次にセッションキーで暗号化されたデータキー、最後にユーザデータと改竄チェックのためのダイジェストを添付する。When transmitting a packet on the communication path, the data format shown in FIG. 4 is used. First, a header portion storing information such as the length of the packet is provided at the head of the data. Next, the data key encrypted with the session key, and finally the user data and digest for tampering are attached.

図6にてノードAが上記パケットを送信後、中継器がこれを受信すると、図5の様な処理が行われる。まず第1段階ではセッションキーAで暗号化されたデータキーAを復号化する。そして転送先であるノードBが復号化できる様にデータキーAをセッションキーBにて暗号化しパケットを転送する。ノードBではセッションキーBにてデータキーAを復号化する事により、ユーザデータ部を正しく復号化する事ができる。When the node A transmits the packet in FIG. 6 and the repeater receives the packet, the process shown in FIG. 5 is performed. First, in the first stage, the data key A encrypted with the session key A is decrypted. Then, the data key A is encrypted with the session key B so that the transfer destination node B can decrypt it, and the packet is transferred. The node B can correctly decrypt the user data portion by decrypting the data key A using the session key B.

以上の様に、ユーザデータ全体を復号化、暗号化する中継方法に比べて、データキー部分のみを復号化、暗号化する中継方式の場合、例えばユーザデータ部が1600オクテット、データキーが16オクテットというデータの中継処理量を比較すると、後者は前者に比べておよそ100分の1の処理量で済む。しかしセッションキーを任意に作成し、総当り的にデータキーを割出す様な攻撃を試みようとしても、データキーが正しく抽出できたかどうかを検証するためには、ユーザデータ部を復号してみなければならないので、総当り攻撃に必要な処理量は逆に多くなる。As described above, compared to the relay method in which the entire user data is decrypted and encrypted, in the relay method in which only the data key portion is decrypted and encrypted, for example, the user data portion is 1600 octets and the data key is 16 octets. If the data relay processing amount is compared, the latter processing amount is about 1 / 100th that of the former. However, even if an attempt is made to create an arbitrary session key and attempt to determine the data key brute force, in order to verify whether the data key was correctly extracted, try decrypting the user data part. On the contrary, the processing amount required for the brute force attack increases.

さらにセッションキーとデータキーそれぞれを一定期間毎に更新する事で、総当りチェックによるキー取得に対しても堅牢性を保持できる。Furthermore, by updating the session key and data key at regular intervals, it is possible to maintain robustness against key acquisition by brute force check.

また、前述したクラッシュダンプ採取による攻撃は、当該セッションキーが他のセッションでは使用されていないという性質により無効となる。Further, the attack by collecting the crash dump described above becomes invalid due to the property that the session key is not used in other sessions.

本発明により暗号化の強度を下げる事なく、より低負荷な処理で暗号通信の中継処理が行えるため、中継器のコスト削減、省電力化が実現できる。According to the present invention, since it is possible to perform encryption communication relay processing with lower load processing without lowering encryption strength, it is possible to realize cost reduction and power saving of the repeater.

さらに、中継器同士を接続する事により、大規模な暗号通信網を構築する際にも図7にて図示している様に、中継器の間の通信路用に新たなセッションキーを用意するだけで、本件のしくみを展開していく事が可能である。Furthermore, by connecting the repeaters, a new session key is prepared for the communication path between the repeaters as shown in FIG. 7 when constructing a large-scale cryptographic communication network. It is possible to develop the mechanism of this case.

本件発明の具体的な実装においては、まずセッションキー配布の際に安全な認証方式を用いる事が重要である。例えば既存の技術ではPKI(公開鍵暗号基盤)にて定義されている電子証明書を用いる方式や4Way Handshake方式等が候補となる。
RFC2459 In a specific implementation of the present invention, it is important to first use a secure authentication method when distributing session keys. For example, in the existing technology, a method using an electronic certificate defined by PKI (Public Key Cryptographic Infrastructure), a 4-way handshake method, and the like are candidates.
RFC 2459

また、暗号対象となるユーザデータの冗長による平文データと暗号化データのサンプル抽出という危険性を排除するため、実際のデータブロックの暗号化の際にはAES−CBCモードやAES−CTRモードを用いる事が重要である。
RFC3602 RFC3686 In addition, in order to eliminate the risk of extracting plaintext data and encrypted data samples due to redundancy of user data to be encrypted, AES-CBC mode or AES-CTR mode is used when encrypting actual data blocks. Things are important.
RFC3602 RFC3686

本発明により、無線LANのアクセスポイントではグレードを保ちながら省電力化を実現する事が可能となる。または同等の能力のアクセスポイントにてより多数のノードを接続する事が可能となる。According to the present invention, it is possible to realize power saving while maintaining a grade in a wireless LAN access point. Alternatively, it becomes possible to connect a larger number of nodes with an access point having the same capability.

また、VPN(Virtual Private Network)システムにおいても多数のノードが接続する中継器を汎用的なコンピュータ部品を用いる事で安価に提供できる。In addition, in a VPN (Virtual Private Network) system, a repeater to which a large number of nodes are connected can be provided at low cost by using general-purpose computer components.

通信路毎に固有の暗号化キーを用いた暗号通信網の構成Cryptographic communication network configuration using a unique encryption key for each channel 送信先ノード毎に固有の暗号化キーを用いた暗号通信網の構成Cryptographic communication network configuration using a unique encryption key for each destination node 全ノード共有の暗号化キーを用いた暗号通信網の構成Configuration of cryptographic communication network using encryption key shared by all nodes 送信パケット形式Transmission packet format パケット中継の際の処理の流れFlow of processing during packet relay 1台の中継器が中継する暗号通信網の構成Configuration of cryptographic communication network relayed by one repeater 2台の中継器が中継する暗号通信網の構成Configuration of cryptographic communication network relayed by two repeaters

Claims (1)

1台ないし数台の中継器が多数の端末間の通信を中継するという形の暗号通信において、通信路ごとに異なる暗号化キーを用いる事により暗号化強度を保ちつつ、一方でユーザデータの全体を暗号化するのではなく、ユーザデータの暗号化に用いるキーと、これを再度暗号化するためのキーを分けることにより、中継の際の復号化、暗号化の負荷を最小限に抑える点。In encryption communication in which one or several repeaters relay communication between multiple terminals, while maintaining encryption strength by using different encryption keys for each communication path, the entire user data The key used for encrypting user data and the key for re-encrypting this key are not separated, and the load of decryption and encryption during relay is minimized.
JP2007117705A 2007-03-30 2007-03-30 High-strength cipher communication system which minimizes load of repeater Pending JP2008259148A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2007117705A JP2008259148A (en) 2007-03-30 2007-03-30 High-strength cipher communication system which minimizes load of repeater

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2007117705A JP2008259148A (en) 2007-03-30 2007-03-30 High-strength cipher communication system which minimizes load of repeater

Publications (1)

Publication Number Publication Date
JP2008259148A true JP2008259148A (en) 2008-10-23

Family

ID=39982242

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2007117705A Pending JP2008259148A (en) 2007-03-30 2007-03-30 High-strength cipher communication system which minimizes load of repeater

Country Status (1)

Country Link
JP (1) JP2008259148A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013514681A (en) * 2009-12-21 2013-04-25 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method and system for establishing a secure connection between user terminals
JP2013514682A (en) * 2009-12-18 2013-04-25 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 Inter-node secret communication method and system
JP2013530642A (en) * 2010-06-07 2013-07-25 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method for building secure architecture, secret communication method and system
JP2016072827A (en) * 2014-09-30 2016-05-09 学校法人東京電機大学 Data transfer system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013514682A (en) * 2009-12-18 2013-04-25 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 Inter-node secret communication method and system
KR101485231B1 (en) * 2009-12-18 2015-01-28 차이나 아이더블유엔콤 씨오., 엘티디 Method and system for secret communication between nodes
US8966257B2 (en) 2009-12-18 2015-02-24 China Iwncomm Co., Ltd. Method and system for secret communication between nodes
JP2013514681A (en) * 2009-12-21 2013-04-25 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method and system for establishing a secure connection between user terminals
US8831227B2 (en) 2009-12-21 2014-09-09 China Iwncomm Co., Ltd. Method and system for establishing secure connection between stations
JP2013530642A (en) * 2010-06-07 2013-07-25 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method for building secure architecture, secret communication method and system
US8843748B2 (en) 2010-06-07 2014-09-23 China Iwncomm Co., Ltd. Method for establishing secure network architecture, method and system for secure communication
KR101518438B1 (en) 2010-06-07 2015-05-11 차이나 아이더블유엔콤 씨오., 엘티디 Method for establishing secure network architecture, method and system for secure communication
JP2016072827A (en) * 2014-09-30 2016-05-09 学校法人東京電機大学 Data transfer system

Similar Documents

Publication Publication Date Title
CN107104977B (en) Block chain data secure transmission method based on SCTP
KR101421399B1 (en) Terminal apparatus having link layer encryption and decryption capabilities and method for processing data thereof
JP4081724B1 (en) Client terminal, relay server, communication system, and communication method
Sahraoui et al. Efficient HIP-based approach to ensure lightweight end-to-end security in the internet of things
US9769653B1 (en) Efficient key establishment for wireless networks
JP5785346B1 (en) Switching facility and data processing method supporting link layer security transmission
US20060233376A1 (en) Exchange of key material
CA2650050A1 (en) Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices
KR20120105507A (en) Method and system for establishing secure connection between user terminals
EP2515468B1 (en) Method and system for establishing security connection between switch equipments
WO2014090130A1 (en) Method, device and system for message processing
JP2012010254A (en) Communication device, communication method and communication system
Malgaonkar et al. Research on Wi-Fi Security Protocols
US20100131762A1 (en) Secured communication method for wireless mesh network
JP2008259148A (en) High-strength cipher communication system which minimizes load of repeater
JP2006197065A (en) Terminal device and authentication device
Suleymanov et al. Securing coap with dtls and oscore
JP2005244379A (en) Vpn system, vpn apparatus, and encryption key distribution method used for them
JP2007043566A (en) Encryption control device and encryption system of wireless lan
KR20050060636A (en) System and method for generating encryption key of wireless device in wireless local area network secure system
Abdelmoneem et al. Mobility-enabled authentication scheme for IoT architecture
JP2005223838A (en) Communications system and relay device
Kumar et al. A Secure Three-Way Handshake Authentication Process in IEEE 802.11 i
WO2011134292A1 (en) Establishment method, system and device for communication keys among nodes
Badra et al. Flexible and fast security solution for wireless LAN