JP6179815B2 - ENCRYPTED DATA COMMUNICATION DEVICE, ENCRYPTED DATA COMMUNICATION METHOD, PROGRAM, AND RECORDING MEDIUM - Google Patents

Description

  The present invention relates to an encrypted data communication device, an encrypted data communication method, a program, and a recording medium that communicate encrypted data.

  Conventionally, the following Non-Patent Documents 1 and 2 are known as techniques for exchanging group keys for multicast communication.

  In this key exchange technique, first, a key encryption key is shared between a control device and a communication device using a unique key of the communication device. Thereafter, the control device updates the group key using multicast communication. At this time, the control device encrypts the group key using the key encryption key.

  This group key is managed by a key identifier called an EPOCH value included in the nonce space in the encrypted message. The group key is updated when a predetermined condition (number of times of encrypted communication, time) is reached.

Multicast Extensions to the Security Architecture for the Internet Protocol (RFC5374) The Multicast Group Security Architecture (RFC3740)

  However, even if a communication message is multicast from the control device to a plurality of communication devices, the communication message may not be transmitted to all the communication devices.

  For example, when the communication device is a wireless device, the wireless communication state deteriorates due to noise, and the communication message is not transmitted. Further, when any one of the plurality of communication devices is in the sleep state, the communication message is lost on the communication path. In this case, there is a possibility that the communication message cannot be transmitted to other communication devices.

  Therefore, the present invention has been proposed in view of the above-described circumstances. An object of the present invention is to provide an encrypted data communication device, an encrypted data communication method, a program, and a recording medium that can perform communication even when updating of a group key fails.

  An encrypted data communication device according to a first aspect of the present invention is an encrypted data communication device that communicates encrypted data using a group key used in a network including a key information control device and a plurality of communication devices. Communication means for transmitting / receiving encrypted data encrypted with the group key, key management means for updating and storing the group key of the communication device with the group key transmitted from the key information control device, Function key generation means for generating a function key using the initial key of the group key stored by the key management means and the key identifier received together with the encrypted data received by the communication means, and stored by the key management means Identifier comparing means for comparing the key identifier corresponding to the latest group key that has been received and the key identifier received together with the encrypted data received by the communication means; When both identifiers compared by the identifier comparison means are the same, the encrypted data received by the communication means is decrypted by the group key stored by the key management means, and both of the identifiers compared by the identifier comparison means are compared. Decryption means for decrypting encrypted data received by the communication means with a function key generated by the function key generation means when the identifiers are different.

  The encrypted data communication apparatus according to the second aspect of the present invention is the encrypted data communication apparatus according to the first aspect, wherein the key identifier corresponding to the latest group key stored by the key management means, Threshold determination means for determining whether or not the difference between the encrypted data received by the communication means and the key identifier received exceeds a predetermined threshold.

  An encrypted data communication apparatus according to a third aspect of the present invention is the encrypted data communication apparatus according to the second aspect, wherein the key management means selects one of the stored group keys. A key selection unit, wherein the key selection unit selects a group key stored by the key management unit when the threshold determination unit determines that the difference does not exceed a predetermined threshold; The function key generated by the function key generation unit is selected when the threshold determination unit determines that the difference exceeds a predetermined threshold value.

  An encrypted data communication apparatus according to a fourth aspect of the present invention is the encrypted data communication apparatus according to the third aspect, comprising timer means, wherein the key selecting means counts a predetermined time by the timer means. In this case, the function key is switched to the group key stored by the key management means.

  An encrypted data communication apparatus according to a fifth aspect of the present invention is the encrypted data communication apparatus according to the second aspect, wherein the threshold determination means determines that the difference exceeds a predetermined threshold And a key exchange distribution unit for distributing the function key generated by the function key generation unit to the communication device.

  An encrypted data communication apparatus according to a sixth aspect of the present invention is the encrypted data communication apparatus according to the fifth aspect, comprising timer means, wherein the key exchange distribution means sets a predetermined time by the timer means. When counted, the function key is switched to a group key as a random number key and distributed to the communication device.

  An encrypted data communication device according to a seventh aspect of the present invention is the encrypted data communication device according to any one of the first to sixth aspects, wherein when the group key is set in the communication device, the communication device The initial key of the group key is transmitted by unicast communication.

  An encrypted data communication apparatus according to an eighth aspect of the present invention is the encrypted data communication apparatus according to any one of the first to seventh aspects, wherein the communication means transmits a message including the received key identifier. The encrypted data encrypted with the function key generated by the function key generating means is transmitted.

  An encrypted data communication method according to a ninth aspect of the present invention is an encrypted data communication method for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices. And receiving the encrypted data encrypted by the group key, and comparing the key identifier corresponding to the latest group key stored in advance with the key identifier received together with the received encrypted data. If the compared identifiers are the same, the step of decrypting the received encrypted data with the latest group key stored in advance and the compared identifiers stored in advance are stored in advance. A function key is generated using the initial key of the group key and the key identifier received together with the received encrypted data, and the generated function key Characterized by a step of decoding the serial received encrypted data.

  An encrypted data communication program according to a tenth aspect of the present invention is an encrypted data communication program for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices. And receiving the encrypted data encrypted by the group key in the computer, a key identifier corresponding to the latest group key stored in advance, and the key identifier received together with the received encrypted data; And when the compared identifiers are the same, the step of decrypting the received encrypted data with the latest group key stored in advance and the compared identifiers differ in advance. A function key is generated using the initial key of the stored group key and the key identifier received together with the received encrypted data. And, by the generated function keys and a step of decrypting the encrypted data to the received.

  A computer-readable recording medium on which an encrypted data communication program according to an eleventh aspect of the present invention is recorded is encrypted data using a group key used in a network including a key information control device and a plurality of communication devices. A computer-readable recording medium having an encrypted data communication program recorded therein, the step of receiving the encrypted data encrypted by the group key in the computer, and the latest group key stored in advance The step of comparing the corresponding key identifier with the received key identifier together with the received encrypted data, and when the compared identifiers are the same, the received encrypted data with the latest group key stored in advance Is stored in advance when the compared identifiers are different from each other. And initial key loop key, to generate the function key using a key identifier received with the encrypted data to the received by the generated function keys and a step of decrypting the encrypted data to the received.

  An encrypted data communication method according to a twelfth aspect of the present invention is an encrypted data communication method for communicating encrypted data using a group key used in a network including a plurality of communication devices, the data transmitting side A step of transmitting encrypted data obtained by encrypting a message with a function key generated using an initial key of a group key stored in advance and a latest key identifier stored by the communication device; A step in which the communication device receives the encrypted data, a key identifier corresponding to the latest group key stored in advance by the communication device on the data receiving side, and a key identifier received together with the received encrypted data. When both the compared identifiers and the compared identifiers are the same, the received encrypted data is decrypted with the latest group key stored in advance. And the generated identifier is used to generate a function key using the initial key of the group key stored in advance and the key identifier received together with the received encrypted data. And decrypting the received encrypted data with a function key.

  According to the present invention, communication can be performed even when the group key update fails.

It is a block diagram which shows the structure of the encryption data communication system shown as embodiment of this invention. It is a figure which shows the structure of the packet transmitted / received in the encryption data communication system shown as embodiment of this invention. It is a block diagram which shows the internal structure of the communication apparatus in the encryption data communication system shown as embodiment of this invention. It is a block diagram which shows the internal structure of the key information control apparatus in the encryption data communication system shown as embodiment of this invention. It is a sequence diagram which shows a communication procedure when there is no packet loss in the encryption data communication system shown as embodiment of this invention. It is a sequence diagram which shows a communication procedure when packet loss generate | occur | produces in the encryption data communication system shown as embodiment of this invention. FIG. 10 is a sequence diagram showing a communication procedure when packet loss occurs and reception is performed using a function key in the encrypted data communication system shown as the embodiment of the present invention. FIG. 10 is a sequence diagram showing a communication procedure when packet loss occurs and transmission is performed using a function key in the encrypted data communication system shown as the embodiment of the present invention. In the encrypted data communication system shown as an embodiment of the present invention, it is a sequence diagram showing a communication procedure when a communication device performs transmission in a state where a packet loss occurs and a key is not updated. In the encrypted data communication system shown as an embodiment of the present invention, it is a sequence diagram showing a communication procedure when packet loss occurs and transmission / reception is performed using a function key in both the key information control device and the communication device. It is a flowchart which shows operation | movement of the communication apparatus in the encryption data communication system shown as embodiment of this invention. It is a flowchart which shows operation | movement of the key information control apparatus in the encryption data communication system shown as embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  An encrypted data communication system to which the present invention is applied is configured, for example, as shown in FIG.

  The encrypted data communication system includes a plurality of communication devices N1, N2, and N3 (hereinafter simply referred to as communication device N when collectively referred to). Among these communication devices N, the communication device N1 and the communication device N2 can communicate encrypted data with the communication device N3.

  The communication device N is, for example, various devices installed in the home. In the present embodiment, the communication device N1 is a wireless communication device that exchanges wireless signals with other communication devices N and the key information control device M. The communication device N2 is wired to the other communication device N and the key information control device M via a communication line.

  In the present embodiment, the communication device N may perform wired communication or wireless communication. Wireless communication generally has lower communication quality than wired communication. Further, the communication device N may be in a sleep state at an arbitrary timing, and may be activated by a certain period or some external trigger. This sleep state includes a state in which operation is performed with a minimum amount of power and communication cannot be performed. There may be three or more communication devices N.

  In the encrypted data communication system of FIG. 1, it is assumed that the communication path between the communication device N1 and the communication device N3 is in a communication environment where packet loss occurs or the communication device N1 is a sleep device. The communication device N2 and the communication device N3 are in a communication path environment with almost no packet loss.

  The key information control apparatus M communicates with a plurality of communication devices N and controls the plurality of communication devices N. The key information control apparatus M performs encrypted communication with the communication device N. For this purpose, the key information control apparatus M performs an authentication process and a key distribution process with each communication device N. Further, the key information control apparatus M updates a group key used in a network including a plurality of communication devices N. The lifetime of the group key is managed by the EPOCH value in the nonce space of the message, and the group key is updated when an arbitrary condition such as the number of times of encryption communication and the time is satisfied.

In the present embodiment, the key information is distributed from the communication device N3 to the communication devices N1 and N2. In the present embodiment, the communication device N3 is also referred to as a key information control device M. The key information control apparatus M distributes key information at the time of authentication when the communication devices N1 and N2 participate in the network. This key information is a group key K _Gn used in a network including a plurality of communication devices N. This group key K _Gn is encrypted with the key encryption key KEK and distributed as encrypted data E (group key K _Gn ).

  A packet communicated in the encrypted data communication system includes various types of information as shown in FIG.

  The packet header communicated in the encrypted data communication system includes a nonce (NONE) in addition to the IP address and UDP. Encrypted data obtained by encrypting messages generated by the key information control device M and the communication device N is added to the nonce. A MAC for error correction is added to the encrypted data.

  The nonce is used as one of parameters at the time of data encryption, and is added to the header part of the transmission data message. The nonce includes an EPOCH value and a counter value. The nonce may include a node ID.

The EPOCH value is an identifier of the group key _KGn . The EPOCH value is changed by the key information control apparatus M every time the group key _KGn is updated. The key information control apparatus M increments the EPOCH value every time the group key _KGn is updated.

The counter value represents the number of times that encrypted multicast packet communication is performed using the group key _KGn identified by the EPOCH value. This counter value is managed by each of the key information control device M and the communication device N. The counter value is counted up every time the key information control device M and the communication device N transmit data. The group key _KGn is updated by the key information control apparatus M before the counter value reaches the maximum value.

  The communication device N has functional units as shown in FIG. 3, for example. The communication device N is a computer that can read and execute a program. The communication device N functions as each unit as shown in FIG. 3 by executing a program by a computer. This program is an encrypted data communication program 15a that communicates encrypted data using a group key used in a network including the key information control apparatus M and a plurality of communication devices N in this embodiment.

  The communication device N includes a transmission / reception unit 11, an identifier detection unit 12, a key management unit 13, a data encryption processing unit 14, a storage unit 15, and a random number key table 16.

  The transmission / reception unit 11 communicates with the key information control apparatus M. The transmission / reception unit 11 performs reception processing for processing the IP header and UDP header included in the received packet. The transmission / reception unit 11 adds a nonce value, a UDP header, and an IP header to the encrypted data to be transmitted. This transmission / reception unit 11 can communicate with the key information control apparatus M by selecting either the multicast communication method or the unicast communication method.

The identifier detection unit 12 detects an identifier from the packet received by the transmission / reception unit 11. Identifier detection unit 12, the nonce value, detects a key identifier that identifies a group key _{K Gn} (EPOCH value). The identifier detection unit 12 includes an identifier comparison unit 12a and a threshold determination unit 12b.

The identifier comparison unit 12a compares the EPOCH value corresponding to the latest group key _KGn stored by the key management unit 13 with the EPOCH value received together with the encrypted data received by the transmission / reception unit 11 (identifier comparison unit). . The comparison result by the identifier comparison unit 12a is referred to by the key management unit 13.

The threshold determination unit 12b determines that the difference between the EPOCH value corresponding to the latest group key _KGn stored by the key management unit 13 and the EPOCH value received together with the encrypted data received by the transmission / reception unit 11 exceeds a predetermined threshold. It is determined whether or not (threshold determination means). The predetermined threshold value may be set to a value that can be determined that the frequency of packet loss in the network is high as will be described later. The determination result of the threshold determination unit 12b is referred to by the key management unit 13. The determination result of the threshold determination unit 12b is a criterion for determining whether to generate a function key, as will be described later.

The key management unit 13 manages key information. The key management unit 13 stores and updates the group key K _Gn sent a group key K _Gn of the communication device N from the key information control unit M (key managing unit). At this time, the key management unit 13 stores the group key _KGn in the random number key table 16.

The key management unit 13 manages its own public key and secret key, a unique secret key (Kn) for each other communication device N, a key encryption key KEK (Key Encryption Key), and a group key _KGn . Further, the key management unit 13 acquires the EPOCH value corresponding to the group key _KGn and stores it in the random number key table 16. Further, the key management unit 13 stores the function key generated by itself in the random number key table 16.

  The unique secret key (Kn) (node key) for each communication device N is key information for obtaining the key encryption key KEK from the key information control apparatus M. The unique secret key (Kn) is set in advance simultaneously with IDn of the communication device N. With this node key, a key encryption key KEK is acquired by the key exchange delivery unit 13 a and stored in the random number key table 16.

  The key encryption key KEK is a key for key encryption. The key information control apparatus M derives the key encryption key KEK. The key encryption key KEK is shared by all the communication devices N and the key information control device M at the time of authentication with the communication device N and key distribution.

The group key K _Gn is key information for performing encrypted multicast communication between the key information control apparatus M and all the communication devices N. The key information control device M derives the group key K _Gn . The group key _KGn is encrypted with the key encryption key KEK and distributed to all communication devices N by multicast communication. Note that n in the group key K _Gn is a key version. Each time a new key is generated by the key management unit 13 of the key information control apparatus M, n is increased to 1, 2, 3,.

Of the group keys K _Gn , the initial group key K _G1 is stored in the random number key table 16 as the initial group key K _G1 . The group key _{K G1} is used as a seed (Seed) for generating a function key.

The node key Kn, the initial group key K _G1 , the group key K _Gn , and the key encryption key KEK are random numbers generated by a random number generator of the key information control apparatus M. For this random number key, a value obtained by a function func (secret_seed) such as an encryption function or a one-way function that performs bijection is used. Alternatively, a physical random number is used as the random number key. Note that the communication device N does not have a random number generator.

  On the other hand, in the key information control device M and the communication device N, the function key K ′ (g) is generated by calculating the following function func.

Function key K ′ (g) = func (EPOCH value, initial group key K _G1 )
That is, the function key K '(g) is a code string obtained computed by a predetermined function EPOCH value stored in the random number key table 16 and the initial group key K _G1 as a parameter.

The key exchange delivery unit 13a performs key distribution with the key information control apparatus M in the authentication process and key distribution process with the key information control apparatus M. The key exchange delivery unit 13 a obtains a key encryption key (KEK) for storage in the random number key table 16. The key exchange delivery unit 13a decrypts the data EKn (KEK) encrypted with the unique secret key Kn corresponding to the IDn of the device with the unique secret key Kn of the device to obtain a key encryption key KEK. The key exchange / delivery unit 13 a receives the initial group key K _G1 and the key encryption key KEK derived by the key information control apparatus M and stores them in the random number key table 16. Further, the key exchange delivery unit 13 a acquires the updated group key K _Gn and EPOCH values and stores them in the random number key table 16.

The function key generation unit 13b generates a function key K ′ (g) using a predetermined function. Function key generation unit 13b generates the function key K '(g) using the initial group key K _G1 stored by the random number key table 16, and EPOCH value received together with the received encrypted data by the transceiver unit 11 .

The function used by the function key generation unit 13b may be a one-way function or an encryption function that performs bijection or the like. At this time, the function key generation unit 13b inputs the initial group key K _G1 (seed) and the received EPOCH value. Then, the function key generation unit 13b derives the group key K _Gn of the key identifier (EPOCH value) as a function of one-way function or bijective cipher function (DES, AES, etc.). As the one-way function, MD5, SHA-1, SHA2, etc. can be used. Also, DES, AES, etc. can be used as a bijective cryptographic function.

  The function key generation unit 13b fails to decrypt the encrypted data received by the transmission / reception unit 11, and based on the comparison result of the identifier comparison unit 12a or the determination result of the threshold determination unit 12b, the function key K ′ (g) Is generated. The function key generation unit 13b may generate the function key K ′ (g) when both identifiers compared by the identifier comparison unit 12a are different. Alternatively, the function key generation unit 13b may generate the function key K ′ (g) when the difference between the two EPOCH values exceeds a predetermined threshold based on the determination result by the function key generation unit 13b.

The key selection unit 13c selects one of the group key _{K Gn} of the group key _{K Gn} stored in the random number key table 16. The key selection unit 13c refers to the determination result of the threshold determination unit 12b. The key selection unit 13c selects the group key _KGn stored in the random number key table 16 when it is determined that the difference between the EPOCH values determined by the threshold determination unit 12b does not exceed a predetermined threshold. The key selection unit 13c selects the function key K ′ (g) when it is determined that the difference between the EPOCH values determined by the threshold determination unit 12b exceeds a predetermined threshold.

  The data encryption processing unit 14 performs an encryption process using the key information selected by the key selection unit 13 c in the key management unit 13. Further, the data encryption processing unit 14 decrypts the encrypted data received by the transmission / reception unit 11 using any one of the key information stored in the random number key table 16.

In the present embodiment, the encryption process for the group key _KGn may be arbitrary. For example, when the group key K _Gn is encrypted with the key encryption key KEK, an XOR process between the key encryption key KEK and the group key K _Gn may be performed. Also, the encryption process and the decryption process are not limited to the XOR process, and can be encrypted using an encryption function such as AES (Advanced Encryption Standard).

  The key information control apparatus M has functional units as shown in FIG. 4, for example.

The key information control apparatus M includes a random number key generation unit 13e in the key management unit 13 in addition to the communication device N described above. Random number key generation unit 13e, in the authentication processing and the key distribution process with the communications device N, to generate the initial group key K _G1. As a result, the key information control apparatus M generates an initial group key K _G1 to be stored in its own random number key table 16 and the random number key table 16 of the communication device N.

Further, the random key generation unit 13e updates the group key K _Gn every predetermined period. At this time, the random number key generation unit 13e may generate a physical random number from a physical event such as temperature, for example, and a secret value (secret_seed) that is input simply using a function is used as a seed of a random number (Seed). It may be used.

  Note that the key information control apparatus M may generate a key for the function key K ′ (g) in advance. However, if the tamper resistance function is not provided, a malicious user can guess the group key using reverse engineering or the like for a device that is not the key information control device M using the same mechanism as the random key generation unit 13e.

  Therefore, the key information control device M normally does not generate the function key K ′ (g) in advance so that it is difficult for a malicious device to guess the function key K ′ (g), and the value of the key identifier (EPOCH). When there is a difference between a certain threshold value (for example, 10 counts), the function key K ′ (g) may be generated. Further, the key information control apparatus M may prohibit the calculation of the function key K ′ (g) except for a predetermined time.

  Next, the operation of the above-described encrypted data communication system will be described.

  First, an operation when no packet loss occurs between the key information control apparatus M and the communication device N will be described with reference to FIG. In this operation description, the operation between the key information control apparatus M (communication device N3) and the communication device N1 will be described.

  At the start of communication, the communication device N1 stores K1 as a node key in the random number key table 16. The key information control apparatus M stores K1 as a node key of the communication device N1 in the random number key table 16. Further, the key information control apparatus M generates a key encryption key KEK and stores it in the random number key table 16.

  First, in the setup process, the key information control apparatus M generates a packet obtained by encrypting the key encryption key KEK with K1 of the communication device N1, and transmits the packet to the communication device N1 by unicast communication. This packet is received by the communication device N1. The communication device N1 decrypts the packet using K1 as its node key. Thereby, the communication apparatus N1 can receive the key encryption key KEK.

Then the key information control unit M generates an initial group key K _G1. The key information control unit M encrypts the initial group key K _G1 by the key encryption key KEK. The key information control unit M generates a packet including the encrypted initial group key _{K G1} and EPOCH value (1). The key information control apparatus M transmits the generated data packet by multicast communication encrypted with the group keys K _{G1 to} K _Gn .

  When a request is issued from another communication device N within the validity period of the key encryption key KEK, the communication device N1 uses the same key encryption key KEK as the device node key (Kn) in the setup process. You may encrypt and carry out unicast communication.

Communication equipment N1 receives a multicast packet transmitted from the key information control unit M, decodes the initial group key K _G1 using the key encryption key KEK. Furthermore, the EPOCH value (1) can be obtained from the multicast packet.

Then the key information control unit M encrypts the data (1) by the initial group key K _G1. The encrypted data is transmitted by multicast communication together with the EPOCH value (1). The communication device N receives a multicast packet. The communication device N decrypts the encrypted data of the multicast packet with the initial group key K _G1 to obtain data (1).

Similarly, the key information control apparatus M encrypts the data (2) with the initial group key K _G1 and transmits it by multicast communication. Communication device N receives a multicast packet, extracts the group key K _G1 from the random number key table 16 and decrypts the encrypted data to obtain data (2).

When sending data (3) from the communication device N1, communication equipment N1 encrypts the data (3) using the group key _{K G1.} This encrypted data is distributed by multicast communication.

The key information control apparatus M receives the multicast packet transmitted from the communication device N1. The key information control unit M decrypts the encrypted data by using the group key K _G1. Thereby, the key information control apparatus M can obtain the data (3) generated by the communication device N1.

When communication using the initial group key K _G1 is repeated and the number of communication reaches a predetermined upper limit value, the key information control apparatus M generates a new group key K _G2 . At this time, the key information control apparatus M determines, for example, whether the counter value is all 1 bits (for example, 2 ^ 32-1 for 32 bits), and determines whether it is an upper limit value. To do. When the counter value is the upper limit value, a key update (Rekey) process is executed. The key information control device M, encrypts the group key _{K G2} by the key encryption key KEK, transmits the multicast packet containing EPOCH value (2).

When the communication device N1 receives the multicast packet, the communication device N1 decrypts the encrypted data with the key encryption key KEK to obtain the group key _KG2 . Further, the communication device N1 acquires the EPOCH value (2) from the nonce value.

Thus, even if the multicast information including the data (k) encrypted with the group key K _G2 and the EPOCH value (2) is transmitted from the key information control apparatus M, the communication device N1 decrypts it with the group key K _G2. , Data (k) can be received. The communication device N1 is itself encrypted with the generated data (k + 1) group key _{K G2,} it sends a multicast packet including EPOCH value (2). This multicast packet is received by the key information control apparatus M and decrypted by the group key _KG2 . As a result, the key information control apparatus M can acquire the data (k + 1).

In the encrypted data communication system that performs such communication, the multicast packet transmitted from the key information control device M to the communication device N reaches the communication device N1 due to noise or the sleep operation of the communication device N as shown in FIG. There may not be. In the example of FIG. 6, EPOCH value (2), group key _{K G2} encrypted by the key encryption key KEK is to have disappeared before reaching the communication device N1.

Thereafter, as shown in FIG. 6, a multicast packet including data (k) is transmitted from the key information control apparatus M, and the communication device N1 can receive the multicast packet. However, the communication device N1 can not decode the multicast packet using the initial group key K _G1 stored in the random number key table 16.

On the other hand, as shown in FIG. 7, the communication device N1 uses the identifier comparison unit 12a to store the EPOCH value (1) stored in its random key table 16 and the EPOCH value (2) included in the multicast packet. Compare As a result of this comparison, the identifier detection unit 12 determines that both EPOCH values are different. In this case, the communication device N1 generates the function key K ′ (g) by the function key generation unit 13b. In this case, the communication device N1 generates the function key K '(g) by using the EPOCH value included in the received multicast packet as an initial group key K _G1 (2) (here KG2 = K').

  Thereafter, as shown in FIG. 8, the key information control device M generates a function key K ′ (g). The key information control apparatus M encrypts the data (k) with the function key K ′ (g) and transmits a multicast packet including the latest EPOCH value (2).

  When receiving the multicast packet, the communication device N1 decrypts the multicast packet with the function key K ′ (g) generated by itself. At this time, since the multicast packet is encrypted with the function key K ′ (g), the data encryption processor 14 can successfully decrypt the multicast packet.

  As shown in FIG. 8, when the communication device N1 switches to the function key K ′ (g), decrypts the encrypted data, and completes reception of the multicast packet, the communication device N1 converts the data (k + 1) into the function key K ′ (g). Can be sent encrypted.

  When receiving the multicast transmitted from the communication device N1, the key information control apparatus M can decrypt the encrypted data included in the multicast using the function key K ′ (g) generated previously. Thereby, the key information control apparatus M can acquire the data (k + 1) generated by the communication device N1.

On the other hand, the function key K ′ (g) is also recognized by the key information control apparatus M when the communication device N1 transmits data (k) to the key information control apparatus M as shown in FIG. At this time, the key information control apparatus M fails even if it tries to decrypt the encrypted data included in the multicast packet transmitted from the communication device N1 using the group key _KG2 .

In response to this, the key information control apparatus M compares the EPOCH value (2) stored in its own random number key table 16 with the EPOCH value (1) included in the multicast packet by the identifier comparison unit 12a. As a result of this comparison, the identifier detection unit 12 determines that both EPOCH values are different. In this case, the key information control apparatus M generates a function key K ′ (g) by the function key generation unit 13b. In this case, the key information control unit M generates the function key K '(g) by using the EPOCH value included in the received multicast packet as an initial group key K _G1 (1). Thereafter, the key K ′ in FIG. 8 is encrypted with the key encryption key KEK and transmitted. If the communication device N1 receives this, the communication is successful in the process of FIG.

Also, in this encrypted data communication system, as shown in FIG. 10, when the latest group key K _G2 cannot be received by the communication device N1, the communication device N1 uses the old EPOCH value (1) and the initial group key K _G1. Data (k) is transmitted. In this case, the key information control apparatus M detects that the received EPOCH value (1) is different from the latest EPOCH value (2). Then, the key information control apparatus M switches to use the function key K ′ (g) of the function key generation unit 13b. The key information control unit M updates the EPOCH value, to generate a function key K '(g) using the EPOCH value (3) and the initial group key _{K G1.}

  When the generated function key K ′ (g) is used, the key information control device M switches to a new EPOCH value (3), encrypts the function key K ′ (g) with the key encryption key KEK, and multicast packet Send. Even when this multicast packet does not reach the communication device N1, the key information control apparatus M performs the subsequent communication using the function key K ′ (g).

Thereafter, when a multicast packet is transmitted from the key information control apparatus M or another communication device N to the communication device N1 and received by the communication device N1, the communication device N1 has the latest EPOCH (1) of its EPOCH value (1). A difference from the value (3) is detected. Accordingly, the communication device N1 can generate a function key K '(g) by using the latest EPOCH value (3) and the initial group key K _G1.

  Thereafter, when a multicast packet including encrypted data encrypted using the function key K ′ (g) is transmitted from the key information control apparatus M, the communication device N1 uses the random key to change the encryption key to the function key K ′. Decoding is possible by switching to (g).

  Next, internal processing of the communication device N1 in the above-described encrypted data communication system will be described with reference to FIG.

  First, in step S1, the communication device N1 receives a packet obtained by encrypting the key encryption key KEK with its own node key K1 by the transmission / reception unit 11. The communication device N1 extracts and decrypts the node key K1 from the random key table 16 by the data encryption processing unit 14. Thereby, the communication device N1 obtains the key encryption key KEK.

In the next step S2, the communication device N1 is the transceiver unit 11 receives the encrypted initial group key _{K G1} by the key encryption key KEK.

In the next step S3, the communication device N1 performs decryption by the data encryption processing unit 14, and obtains an initial group key _KG1 . Other than the initial operation, the communication device N1 can obtain the latest group key K _Gn . Further, the communication device N1 can obtain the latest EPOCH value transmitted together with the encrypted data. In step S3, when receiving a multicast packet that distributes data (k), the communication device N1 obtains data (k) encrypted with the latest group key K _Gn in addition to the latest EPOCH value. .

Here, if the latest group key K _Gn transmitted from the key information control apparatus M has not been received, the communication device N1 fails even if it is decrypted using the group key K _Gn in step S3.

  In the next step S4, the communication device N1 uses the threshold determination unit 12b to determine that the difference (difference) between the EPOCH value stored in the random number key table 16 and the latest EPOCH value obtained in step S3 is a predetermined threshold VTH. It is determined whether or not it exceeds. If the difference between the two EPOCH values exceeds the predetermined threshold value VTH, the process proceeds to step S5. If the difference between the two EPOCH values does not exceed the predetermined threshold value VTH, the process proceeds to step S7.

In step S7, the communication device N1 selects the group key _KGn as the random number key stored in the random number key table 16 by the key selection unit 13c. As a result, the communication device N1 is set to decrypt the encrypted data included in the subsequently transmitted packet with the group key _KGn .

In step S5, the communication device N1 calculates the function key K ′ (g) by the function key generation unit 13b according to the determination result of the threshold determination unit 12b. At this time, the function key generation unit 13b generates a new function key K '(g) by using the initial group key K _G1 stored in the latest EPOCH value and the random number key table 16 obtained in step S3 .

  In the next step S6, the communication device N1 performs decryption using the function key K ′ (g) generated in step S5, and receives data (k).

In the next step S8, when there is data to be transmitted, the communication device N1 causes the data encryption processing unit 14 to use the latest group key K _Gn received in step S3 or the function key K ′ (g calculated in step S5. ) To encrypt. The communication device N1 generates a packet including the latest EPOCH value in the encrypted data, and transmits the packet by the transmission / reception unit 11.

  Next, internal processing of the key information control apparatus M in the above-described encrypted data communication system will be described with reference to FIG.

  First, in step S11, the key information control apparatus M transmits a packet obtained by encrypting the key encryption key KEK with the node key K1 corresponding to the transmission partner by the transmission / reception unit 11. At this time, the communication device N1 extracts the node key K1 from the random key table 16 and encrypts it by the data encryption processing unit 14.

In the next step S12, the key information control apparatus M determines whether or not the timer value measured by the timer unit 13d is smaller than a predetermined threshold value THibrid_Allow. As this predetermined threshold, a period in which the group key _KGn as a random number key and the function key K ′ (g) are used together as a key used for encryption is set. The period during which the function key K ′ (g) is used is preferably as short as possible from the viewpoint of security. If the timer value is smaller than the predetermined threshold value, the process proceeds to step S13. If not, the process proceeds to step S15.

  In step S13, the key information control apparatus M increments the timer value by the timer unit 13d.

In the next step S14, the key information control apparatus M calculates the function key K ′ (g) by the key selection unit 13c. In this case, the key selecting unit 13c calculates the function key K '(g) by using the latest EPOCH value and the initial group key K _G1.

  In step S15, the key information control apparatus M clears the timer value counted by the timer unit 13d.

In the next step S16, the key information control apparatus M generates a group key _KGn as a new random number key by the random number key generation unit 13e. In this case, the random number key generation unit 13e calculates the seed (Secret_Seed) by a predetermined function Func, generates a group key K _Gn.

In the next step S17, the key information control apparatus M encrypts the group key _KGn generated in step S16 by the data encryption processing unit 14 with the key encryption key KEK under the control of the key exchange delivery unit 13a. And the key information control apparatus M transmits the packet containing encryption data by multicast communication by the transmission / reception part 11. FIG.

In the next step S <b> 18, the key information control apparatus M transmits the data encrypted with the latest EPOCH value and the group key K _Gn by the transmission / reception unit 11. Further, when the key information control apparatus M receives the packet by the transmission / reception unit 11, the key information control apparatus M extracts the EPOCH value and decrypts it with the group key _KGn .

  In the next step S19, the key information control apparatus M uses the threshold determination unit 12b to check whether the difference (difference) between the EPOCH value stored in the random number key table 16 and the latest EPOCH value exceeds a predetermined threshold VTH. Determine whether or not. If the difference between the two EPOCH values exceeds the predetermined threshold value VTH, the process proceeds to step S20. If the difference between the two EPOCH values does not exceed the predetermined threshold value VTH, the process proceeds to step S23.

In step S23, the key information control apparatus M selects the group key _KGn as the random number key stored in the random number key table 16 by the key selection unit 13c. As a result, the key information control apparatus M is set to decrypt the encrypted data included in the subsequently transmitted packet with the group key _KGn .

In step S20, the key information control apparatus M calculates the function key K ′ (g) by the function key generation unit 13b according to the determination result of the threshold determination unit 12b. At this time, the function key generation unit 13 b generates a new function key K ′ (g) using the latest EPOCH value and the initial group key K _G1 stored in the random number key table 16.

  In the next step S21, the key information control apparatus M performs decryption using the function key K ′ (g) generated in step S20, and receives data (k).

In the next step S22, when there is data to be transmitted, the key information control apparatus M causes the data encryption processing unit 14 to use the latest group key K _Gn received in step S3 or the function key K ′ calculated in step S5. Encrypt in (g). The communication device N1 generates a packet including the latest EPOCH value in the encrypted data, and transmits the packet by the transmission / reception unit 11.

  As described above, the key information control device M and the communication device N (encrypted data communication device) use the group key used in the network including the key information control device M and the plurality of communication devices N to encrypt the data. Communicate. The key information control device M and the communication device N have communication means (11) for transmitting / receiving encrypted data encrypted with the group key. The key information control device M and the communication device N have key management means (13, 16) for updating and storing the group key of the communication device N with the group key transmitted from the key information control device M. Further, the key information control device M and the communication device N generate a function key using the initial key of the group key stored by the key management unit and the key identifier received together with the encrypted data received by the communication unit. Key generation means (13b) is included. Further, the key information control device M and the communication device N include an identifier comparison unit that compares the key identifier corresponding to the latest group key stored by the key management unit and the key identifier received together with the encrypted data received by the communication unit. (12a). Further, the key information control device M and the communication device N decrypt the encrypted data received by the communication unit using the group key stored by the key management unit when both identifiers compared by the identifier comparison unit are the same. Means (14). Further, the key information control device M and the communication device N, when both identifiers compared by the identifier comparison unit are different, a decryption unit that decrypts the encrypted data received by the communication unit with the function key generated by the function key generation unit (14)

  According to this encrypted data communication system, when the EPOCH value is different from its own EPOCH value, it is possible to decrypt the encrypted data by calculating the function key K ′ (g). Further, encrypted data obtained by encrypting the subsequent communication with the calculated function key K ′ (g) using the new EPOCH value can be included.

  According to this encrypted data communication system, even in a network configuration (Lossy) with many packet losses and a network configuration with a sleep device, it is possible to continue the encryption data communication by suppressing an increase in the number of key distributions. it can.

  For example, it is assumed that the encrypted data communication system is an energy management device as a plurality of communication devices N and is a system that controls power consumption. There is a problem of securing the same amount of power at the same time, and there is a possibility that a highly urgent energy reduction order will be generated. If a communication trouble such as encryption key mismatch occurs in this emergency, the system will not function.

On the other hand, according to the encrypted data communication system of the present embodiment, it is possible to solve a communication trouble in which the group key _KGn resulting from packet loss is inconsistent. That is, according to the encrypted data communication system, when there is a communication device N in which the group key _KGn is inconsistent, communication can be performed by temporarily switching from the column number key to the function key K ′ (g). Thereby, according to this encrypted data communication system, it is possible to suppress the loss of a highly urgent encrypted message and to ensure the immediacy of the control system.

Further, according to this encrypted data communication system, it is determined whether or not the difference between the EPOCH value corresponding to the latest group key and the EPOCH value received together with the received encrypted data exceeds a predetermined threshold value. Thus, according to this encrypted data communication system, it is possible to determine whether or not to use the function key K ′ (g) according to the degree of difference in EPOCH values. That is, if it is not determined that the packet loss is severe, the key distribution can be performed using the secure random number-based group key K _Gn without using the function key K ′ (g).

Furthermore, according to this encrypted data communication system, the use of the group key _KGn generated by a random number or the like (random number generation using a function that keeps the seed secret or physical random number) increases the difficulty of key estimation. Can do.

Furthermore, according to this encrypted data communication system, the key selection unit 13c selects the group key _KGn when the difference between the EPOCH values does not exceed the predetermined threshold value, and the difference between the EPOCH values reaches the predetermined threshold value. If it exceeds, the function key K ′ (g) can be selected. According to this encrypted data communication system, it is possible to increase the security of the system by distributing a more secure random key and using the group key _KGn as much as possible.

Furthermore, according to this encrypted data communication system, when the key selection unit 13c counts a predetermined time using the function key K ′ (g), the function key K ′ (g) is changed to the group key K _Gn . Can be returned. As a result, the function key K ′ (g) is used when a highly urgent communication is required by setting an allowable time for the function key K ′ (g), and the group key K _Gn is automatically used after a predetermined time. It is possible to return to the above, and it is possible to suppress a decrease in security.

  Further, according to the encrypted data communication system, when the difference in EPOCH values exceeds a predetermined threshold by the key information control apparatus M, the function key K ′ (g) is transmitted by the key exchange delivery unit 13a to the communication device N. Distribute to Thereby, according to this encrypted data communication system, it is possible to determine that the key information control device M itself switches between the random number key and the function key K ′ (g), and it is possible to suppress a decrease in security.

Furthermore, according to this encrypted data communication system, when a predetermined time is counted by the key exchange delivery unit 13a of the key information control apparatus M, the function key K ′ (g) is changed to the group key K _Gn as a random number key. It can be switched and distributed to the communication device N. As a result, according to the key information control apparatus M, it is possible to set a permissible time for highly urgent communication and suppress a decrease in security due to the use of the function key K ′ (g).

Furthermore, according to this encrypted data communication system, when the key information control device M sets the group key K _Gn in the communication device N, the initial group key K _G1 is transmitted to the communication device N by unicast communication. Thereby, even when the packet loss of the encrypted data communication system is severe, the initial group key K _G1 can be reliably transmitted to the communication device N. Therefore, according to this encrypted data communication system, the operation of generating the function key K ′ (g) using the initial group key K _G1 in an emergency can be performed in all the communication devices N.

  Further, according to this encrypted data communication system, a packet including encrypted data encrypted using the function key K ′ (g) after generating the function key K ′ (g) and decrypting the encrypted data Can be sent. Thereby, not only the highly urgent encrypted message can be decrypted by the communication device N on the receiving side, but also the message transmitting side can immediately synchronize and communicate the encrypted message as a highly urgent response. In particular, in the case of bidirectional communication, adjusting the transmission to the latest EPOCH value on the transmission side in order to smoothly process a reply to transmission improves the response performance of the communication.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

M Key information control device N, N1, N2, N3 All communication devices 11 Transmission / reception unit 12 Identifier detection unit 12a Identifier comparison unit 12b Threshold determination unit 13 Key management unit 13a Key exchange delivery unit 13b Function key generation unit 13c Key selection unit 13d Timer Unit 13e random number key generation unit 14 data encryption processing unit 15 storage unit 15a encrypted data communication program 16 random number key table

Claims (12)

An encrypted data communication device for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices,
A communication means for transmitting / receiving encrypted data encrypted by the group key;
Key management means for updating and storing the group key of the communication device with the group key transmitted from the key information control device;
Function key generation means for generating a function key using the initial key of the group key stored by the key management means and the key identifier received together with the encrypted data received by the communication means;
An identifier comparison unit that compares the key identifier corresponding to the latest group key stored by the key management unit and the key identifier received together with the encrypted data received by the communication unit;
When both identifiers compared by the identifier comparison means are the same, the encrypted data received by the communication means is decrypted by the group key stored by the key management means, and both of the identifiers compared by the identifier comparison means are compared. An encrypted data communication device comprising: decrypting means for decrypting encrypted data received by the communication means using a function key generated by the function key generating means when the identifiers are different.   Threshold determination for determining whether or not the difference between the key identifier corresponding to the latest group key stored by the key management means and the key identifier received together with the encrypted data received by the communication means exceeds a predetermined threshold The encrypted data communication apparatus according to claim 1, further comprising: means. The key management means includes key selection means for selecting any one of the stored group keys;
The key selection unit selects a group key stored by the key management unit when the threshold determination unit determines that the difference does not exceed a predetermined threshold, and the threshold determination unit determines the difference. The encrypted data communication apparatus according to claim 2, wherein when it is determined that a predetermined threshold value is exceeded, the function key generated by the function key generation unit is selected. Having timer means,
The encrypted data communication apparatus according to claim 3, wherein the key selection unit switches the function key to a group key stored by the key management unit when the timer unit counts a predetermined time. .   And a key exchange distribution unit that distributes the function key generated by the function key generation unit to the communication device when the threshold determination unit determines that the difference exceeds a predetermined threshold. The encrypted data communication device according to claim 2. Having timer means,
6. The encryption according to claim 5, wherein the key exchange distribution unit switches from the function key to a group key as a random number key and distributes it to the communication device when the timer unit counts a predetermined time. Data communication device.   The encrypted data according to any one of claims 1 to 6, wherein when the group key is set in the communication device, an initial key of the group key is transmitted to the communication device by unicast communication. Communication device.   8. The communication device according to claim 1, wherein the communication unit transmits encrypted data obtained by encrypting a message including the received key identifier with a function key generated by the function key generation unit. The encrypted data communication device according to item. An encrypted data communication method for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices,
Receiving encrypted data encrypted with the group key;
Comparing the key identifier corresponding to the latest group key stored in advance with the key identifier received together with the received encrypted data;
Decrypting the received encrypted data with the latest group key stored in advance if both compared identifiers are the same;
When both the compared identifiers are different, a function key is generated using an initial key of a group key stored in advance and a key identifier received together with the received encrypted data, and the function key is used to generate the function key. And a step of decrypting the received encrypted data. An encrypted data communication program for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices,
On the computer,
Receiving encrypted data encrypted with the group key;
Comparing the key identifier corresponding to the latest group key stored in advance with the key identifier received together with the received encrypted data;
Decrypting the received encrypted data with the latest group key stored in advance if both compared identifiers are the same;
When both the compared identifiers are different, a function key is generated using an initial key of a group key stored in advance and a key identifier received together with the received encrypted data, and the function key is used to generate the function key. An encrypted data communication program for executing the step of decrypting received encrypted data. A computer-readable recording medium recording an encrypted data communication program for communicating encrypted data using a group key used in a network including a key information control device and a plurality of communication devices,
On the computer,
Receiving encrypted data encrypted with the group key;
Comparing the key identifier corresponding to the latest group key stored in advance with the key identifier received together with the received encrypted data;
Decrypting the received encrypted data with the latest group key stored in advance if both compared identifiers are the same;
When both the compared identifiers are different, a function key is generated using an initial key of a group key stored in advance and a key identifier received together with the received encrypted data, and the function key is used to generate the function key. A computer-readable recording medium storing an encrypted data communication program for executing the step of decrypting received encrypted data. An encrypted data communication method for communicating encrypted data using a group key used in a network including a plurality of communication devices,
A step of transmitting encrypted data obtained by encrypting a message with a function key generated by using the initial key of the group key stored in advance and the latest key identifier stored by the communication device on the data transmission side;
A communication device on the data receiving side receiving the encrypted data;
The communication device on the data receiving side compares the key identifier corresponding to the latest group key stored in advance with the key identifier received together with the received encrypted data;
Decrypting the received encrypted data with the latest group key stored in advance if both compared identifiers are the same;
When both the compared identifiers are different, a function key is generated using an initial key of a group key stored in advance and a key identifier received together with the received encrypted data, and the function key is used to generate the function key. And a step of decrypting the received encrypted data.

Images