KR101992325B1 - Session key establishment method based on elliptic curve cryptography using trusted execution environment - Google Patents

Abstract

The present invention relates to a method for establishing an encryption session between a first device and a second device of an infotainment system including a trusted execution environment, comprising: an encryption parameter registration procedure in which a trust anchor generates an encryption parameter used for an elliptic curve cryptography method and passes the encryption parameter to the first device and the second device; and a procedure for maintaining device anonymity and mutual authentication using encryption parameters received without help of the trust anchor, and establishing an encryption session by the first and second devices generating the same session key without exchanging session keys.

Description

[0001] SESSION KEY ESTABLISHMENT METHOD BASED ON ELLIPTIC CURVE CRYPTOGRAPHY USING TRUSTED EXECUTION ENVIRONMENT [0002]

The present invention relates to a method for establishing a session key for encrypted communication, and more particularly, to a method for establishing an encryption session key based on an elliptic curve cipher between an infotainment apparatus including a trusted execution environment.

Recently, as the convergence between vehicle and IT technology accelerates, technologies related to smart cars are developing. Infotainment technologies, one of the smart car technologies, are actively being studied, and the number of vehicles equipped with infotainment systems is gradually increasing.

Infotainment is a compound of information and entertainment. It is a system that can enjoy the information of the car (eg tire pressure, engine temperature) and entertainment (eg movie, music) in the vehicle at once. Vehicle infotainment technology was standardized by GENIVI.

The main elements of the infotainment system are Human Machine Interface (HMI) and Telematics Control Unit (TCU). TCU is a device that mediates communication between the inside and the outside of a vehicle, and HMI is a device that allows users to utilize vehicle infotainment. In order to connect a new device to the infotainment system, it is possible to connect via TCU. The connected devices will only be able to use the services assigned by the infotainment system. If a device uses a service other than the service to which the device is assigned, the information of the vehicle can be used to cause an accident of the vehicle.

These infotainment technologies can be extended by connecting additional devices to the vehicle. A plurality of devices connected to the system are provided with services assigned to each device. However, the vulnerabilities of the infotainment system continue to be known, and in recent years, the attacker has taken control of the infotainment system and demonstrated the ability to manipulate the handle. This demonstration showed that it is possible to manipulate the vehicle handles through an unsafe session during the vehicle's internal communication process. The infotainment system is becoming more and more important in the vehicle, and security has to be increased accordingly.

It is an object of the present invention to provide a method for securely communicating through an encrypted communication session between devices including a trusted execution environment of an infotainment system installed in a vehicle.

A method for establishing a cryptographic session between a first device and a second device of an infotainment system including a trusted execution environment in accordance with one aspect for solving the task, comprises a procedure for registering the cryptographic parameters, a procedure for distributing the cryptographic session key .

The procedure for registering encryption parameters is a method for registering an encryption parameter for generating a session key between a first device including a trusted execution environment and a second device, the method comprising the steps of: selecting a master key or the like by a trust anchor; The method comprising: generating a public key of an anchor; transmitting a system parameter by a trust anchor; transmitting a first device ID by a first device; transmitting a second device ID by a second device; The anchor transmitting the private key of the first device, and the trust anchor transmitting the private key of the second device.

The step of the trust anchor selecting the master key or the like is a step of selecting a master key and a generation point on an elliptic curve defined by a trust anchor, a first prime number, a second prime number, a finite element, and the trust anchor is a public trust anchor The step of generating the key is a step in which the trust anchor generates the public key of the trust anchor using the master key and the generation point, and the step of transmitting the system parameter by the trust anchor is a step in which the trust anchor transmits the first prime number, Generating a system parameter including an elliptic curve equation defining the elliptic curve, a generation point, and a public key of a trust anchor, and transmitting the system parameter to a secure area of the first device and the second device, The step of transmitting the device ID is a step in which the first device transmits a first device ID to the trust anchor for identifying the device, Wherein the step of transmitting the second device ID is a step in which the second device transmits a second device ID to the trust anchor which is capable of identifying the device and the step of transmitting the private key of the first device by the trust anchor Generating a first random number and generating a private key of the first device using an elliptic curve equation and a cryptographic hash function defining the elliptic curve based on a first device ID, a generating point, and a first random number, Wherein the step of transmitting the private key of the second device by the trust anchor generates the second random number and the step of transmitting the second device ID, the generating point, and the second random number on the basis of the second random number Generating a private key of the second device using the elliptic curve equation and the cryptographic hash function defining the elliptic curve, and transmitting the private key to the secure area of the second device.

The procedure for distributing a cryptographic session key is a method for distributing a session key for establishing a session key between a first device comprising a trusted execution environment and a second device, the method comprising the steps of: a first device transmitting a first message; 2 device generates a fourth temporary key, the second device generates a first common key and a second common key, the second device transmits a second message, 1 common key and a second common key; generating a session key by the first device; and generating the session key by the second device.

The first device transmitting the first message may include a first message including a third temporary key generated by the first device using a third random number and a generation point on an elliptic curve defined by a third random number and a finite field, To the secure area of the second device, the second device generating the fourth temporary key is a step of the second device generating the fourth random number and using the fourth random number and the fourth temporary key Wherein generating a first common key and a second common key comprises generating a first common key using a fourth random number and a third temporary key by a second device, Wherein the step of generating the second common key using the private key and the third temporary key and the step of transmitting the second message by the second device includes the step of transmitting the second message by using the second temporary key and the second temporary key, Sending a message to the secure area of the first device, wherein the first device is transmitting the first common key and the second Generating a public key comprises: generating a first common key using a third random number and a fourth temporary key by a first device, generating a public key of the second temporary key, a second device ID, a trust anchor, Wherein the step of generating the session key by the first device uses the third temporary key, the fourth temporary key, the first common key and the third cryptographic hash function Wherein the step of generating the session key by the second device includes the step of generating the session key by the second device using the third temporary key, the fourth temporary key, the first common key and the third cryptographic hash function .

According to the present invention, a device of an infotainment system installed in a vehicle manages firmware by utilizing Secure Storage, RoT, Secure Boot, etc. based on a trusted execution environment, generates a session key based on an elliptic curve password, It is possible to achieve an effect of securely communicating between the devices.

1 shows a basic structure of a trusted execution environment included in an apparatus using the session key establishment method of the present invention.
2 illustrates an encryption parameter registration procedure for generating a session key according to an exemplary embodiment of the present invention.
3 illustrates a procedure for registering an encryption parameter for generating a session key between a telematics control unit and a device according to another embodiment.
4 illustrates a session key distribution procedure for establishing an encryption session according to an embodiment.
5 illustrates a session key distribution procedure for establishing an encrypted session for generating a session key between a device and a telematics control unit according to another embodiment.

The foregoing and further aspects are embodied through the embodiments described with reference to the accompanying drawings. It is to be understood that the components of each embodiment are capable of various combinations within an embodiment as long as no other mention or mutual contradiction exists. Each block of the block diagram may in some instances represent a physical part, but in other cases it may be a part of the function of one physical part or a logical representation of the function across a plurality of physical parts. Sometimes the entity of a block or part thereof may be a set of program instructions. These blocks may be implemented in whole or in part by hardware, software, or a combination thereof.

The encryption parameter registration method for generating a session key between the first device 100 and the second device 200 including the trusted execution environment according to an embodiment includes a step of the trust anchor 300 selecting a master key or the like A step in which the trust anchor 300 generates a public key of the trust anchor, a step in which the trust anchor 300 transmits the system parameters, the step in which the first device 100 transmits the first device ID, 2 device 200 transmits a second device ID, the trust anchor 300 transmits the private key of the first device, and the trust anchor 300 transmits the private key of the second device .

According to one embodiment, the first device 100 and the second device 200 are devices of an infotainment system of a vehicle. The first device 100 may be a device installed in a vehicle, such as an A / V device, a DMB device for entertainment, a camera or the like for information, and the second device 200 may be a telematics control unit (TCU) .

The trusted execution environment included in the first device 100 and the second device 200 is a technique for separating the execution environment to protect sensitive data. In this case, a normal region in which a general application is executed and a trusted application And a security area (Secure World) to be executed.

1 shows a basic structure of a trusted execution environment included in an apparatus using the session key establishment method of the present invention. In the structure shown in FIG. 1, sensitive data may be stored in a secure area, and applications executed in a normal area may use sensitive data only through a monitor mode. Typical implementations of this trusted execution environment are TrustZone by ARM and SGX by Intel. TrustZone from ARM and SGX from Intel may be used in the implementation of the trusted execution environment included in the first device 100 and the second device 200, but are not limited thereto. When TrustZone of the ARM company is used as an implementation of the trust execution environment included in the first device 100 and the second device 200, the communication between the normal domain and the secure domain (Secure World) bit (NSC). The Trusted Execution Environment has a structure that can operate securely by completely separating the Normal World and the Secure World. An application running in the security domain can communicate with the external Internet through a network interface existing in the general domain. Security issues that may arise here are protected by Transport Layer Security (TLS).

In the encryption parameter registration method for session key generation between the first device 100 and the second device 200, the step of the trust anchor 300 selecting the master key or the like is such that the trust anchor 300 selects the first prime A second prime number, a generation point on an elliptic curve defined by a finite field, and a master key.

A Trust Anchor (TA) is a trusted third party in encrypted communications and generates master keys and system parameters used in elliptic curve cryptography. And generates the private key of the first device and the second device based on the device IDs of the first device 100 and the second device 200. [ The trust anchor 300, the first device 100, the trust anchor 300, and the second device 200 all communicate over a predetermined secure channel.

Trust anchor 300 selects a first prime number p that is a large prime number to generate the master key and system parameters. Also, the trust anchor 300 selects an elliptic curve E (F _p ) defined by a finite element F _p determined by a prime number and a generation point P on an elliptic curve. The generation point P is selected as a point on the elliptic curve in which the second prime number q satisfying q · P = 0 (infinite origin) is a large prime number. The second prime (q) elliptic curve equation is shown in Equation 1 below.

)로 선택한다.The trust anchor 300 generates a random number to generate a master key (

).

A method for registering an encryption parameter for session key generation between a first device (100) and a second device (200), the step of the trust anchor (300) generating a public key of a trust anchor And generating the public key of the trust anchor using the key and the generation point. The equation for calculating the public key of the trust anchor is shown in Equation 2 below.

P _pub is the public key of the trust anchor, s is the master key, and P is the generation point.

In the encryption parameter registration method for session key generation between the first device 100 and the second device 200, the step of transmitting the system parameter by the trust anchor 300 may be such that the trust anchor 300 transmits the first prime number The system parameters including the second prime number, the elliptic curve equation defining the elliptic curve, the generation point, and the public key of the trust anchor are generated and transmitted to the security areas of the first device 100 and the second device 200 . The first device 100 and the second device 200 may store the received system parameters and use it for session key generation, mutual authentication, etc., which will be described later.

In the encryption parameter registration method for generating a session key between the first device 100 and the second device 200, the step of the first device 100 transmitting the first device ID is performed by the first device 100 And transmitting the first device ID to the trust anchor 300 capable of identifying the device. At this time, the first device ID is transmitted from the secure area (Secure World) of the trust execution environment included in the first device 100 to the trust anchor 300 via the normal area (Normal World). The first device 100 and the trust anchor 300 communicate through a predetermined secure channel.

In the encryption parameter registration method for generating a session key between the first device 100 and the second device 200, the step of the second device 200 transmitting the second device ID is performed by the second device 200 And transmitting the second device ID to the trust anchor 300 capable of identifying the device. At this time, the second device ID is transmitted from the secure area (Secure World) of the trust execution environment included in the second device 200 to the trust anchor 300 via the normal area (Normal World). The second device 200 communicates with the trust anchor 300 through a predetermined secure channel.

)를 생성하고, 제1 장치 아이디와, 생성점과, 제1 난수를 기초로 상기 타원 곡선을 정의하는 타원 곡선 방정식 및 암호화 해시 함수를 이용하여 제1 장치의 개인키를 생성하여 제1 장치(100)의 보안 영역으로 전송하는 단계이다. 트러스트 앵커(300)는 아래의 수학식3으로 제1 장치의 개인키를 생성한다.In the encryption parameter registration method for generating a session key between the first device 100 and the second device 200, the trust anchor 300 transmits the private key of the first device 200, The first random number (

) And generates a private key of the first device by using an elliptic curve equation and a cryptographic hash function that defines the elliptic curve based on the first device ID, the generation point, and the first random number, 100 to the secure area. The trust anchor 300 generates the private key of the first device by Equation (3) below.

R _Dev1 is a first temporary key, r _Dev1 is a first random number, s _Dev1 is a private key of the first device, and h ₁ is a cryptographic hash function.

The trust anchor 300 transmits the generated private key to the first device 100. At this time, the private key of the first device is transmitted to the security area of the first device 100 including the trusted execution environment, and the private key of the first device is transmitted to the general area of the first device 100 Lt; / RTI >

In the encryption parameter registration method for generating a session key between the first device 100 and the second device 200, the trust anchor 300 transmits the private key of the second device, the second random number (r _Dev2 ∈ Z _q ^*) generated, and the second device ID and, on the basis of the generated points, and a second random number by using the elliptic curve equation and a cryptographic hash function that defines the elliptic curve second device And transmits the generated private key to the secure area of the second device 200. [ The trust anchor 300 generates the private key of the second device by Equation (4) below.

R _Dev2 is a second temporary key, r _Dev2 is a second random number, s _Dev2 is a private key of the second device, and h ₁ is a cryptographic hash function.

The trust anchor 300 transmits the generated private key to the second device 200. At this time, the private key of the second device is transmitted to the security area of the second device 200 including the trusted execution environment, and the private key of the second device is transmitted to the general area of the second device 200 through the pre- Lt; / RTI >

를 만족하는 암호화 해시 함수인 제1 암호화 해시 함수와, 제2 암호화 해시 함수와, 제3 암호화 해시 함수와, 제4 암호화 해시 함수를 선택하고 이를 시스템 파라미터를 통해 제1 장치(100) 및 제2 장치(200)에 알려줄 수 있다. 제1 암호화 해시 함수와, 제2 암호화 해시 함수와, 제3 암호화 해시 함수와, 제4 암호화 해시 함수는 입력 파라미터를 달리 하는 일방향의 암호화 해시 함수이며, 발명의 양상에 따라서는 동일한 해시 알고리즘을 사용하는 함수일 수 있다. 이에 한정되는 것은 아니며 각 암호화 해시 함수가 다른 해시 알고리즘을 사용할 수도 있다.The system parameter transmitted by the trust anchor 300 in the encryption parameter registration method for session key generation between the first device 100 and the second device 200 including the trusted execution environment according to another embodiment is the first A second cryptographic hash function, a third cryptographic hash function, and a fourth cryptographic hash function. Trust anchor (300)

The second cryptographic hash function, the third cryptographic hash function, and the fourth cryptographic hash function, which are the cryptographic hash functions satisfying the first and second cryptographic hash functions, To the device 200. The first cryptographic hash function, the second cryptographic hash function, the third cryptographic hash function, and the fourth cryptographic hash function are unidirectional cryptographic hash functions having different input parameters. According to aspects of the invention, the same hash algorithm is used . But the present invention is not limited thereto, and each encryption hash function may use another hash algorithm.

The cryptographic hash function used by the trust anchor 300 in generating the private key of the first device 100 and the second device 200 is the first cryptographic hash function.

In the encryption parameter registration method for generating a session key between the first device 100 and the second device 200 including the trust execution environment according to another embodiment, the trust anchor 300 may use the private key of the first device And may further include a first temporary key calculated using the first random number and the generation point in transmission to the secure area of the first device 100. [ The trust anchor 300 generates the first temporary key using Equation (3) or Equation (4).

2 illustrates an encryption parameter registration procedure for generating a session key according to an exemplary embodiment of the present invention. Referring to FIG. 2, a method of registering an encryption parameter for generating a session key between the first device 100 and the second device 200 will be described. The trust anchor 300 includes a first prime number and a second prime number The trust anchor 300 generates a public key of the trust anchor through Equation (2) (S1020), and the trust anchor 300 generates the public key of the trust anchor And the fourth anchor cryptographic hash function. The trust anchor 300 selects a first cryptographic hash function, a first prime number and a second prime number used in the elliptic curve cryptosystem, an elliptic curve equation, a generation point and a public key of the trust anchor, The system parameter including the hash function is generated and transmitted to the secure areas of the first device 100 and the second device 200 in step S1040. The first device 100 receiving the system parameters receives the first device ID To the trust anchor 300 (S1060) The second device 200 receiving the system parameter transmits the second device ID to the trust anchor 300 (S1080), and the trust anchor 300 generates the private key of the first device through Equation (3) The first ancipher key generated together with the private key of the first device is transmitted to the secure area of the first device 100 (S1100), and the trust anchor 300 transmits the private key of the second device And transmits the generated second temporary key together with the private key of the second device to the secure area of the second device 200 (S1120).

3 illustrates a procedure for registering an encryption parameter for generating a session key between a telematics control unit and a device according to another embodiment. In the embodiment shown in FIG. 3, the first device 100 is represented as a device as one of the telematics devices, and the second device 200 is represented as a telematics control unit (TCU). The communication between the trust anchor 300 and the Device is performed through a predetermined secure channel, and also between the trust anchor 300 and the TCU through a predetermined secure channel. Referring to FIG. 3, a procedure for registering an encryption parameter for generating a session key between a device and a TCU will be described. The trust anchor 300 includes an elliptic curve E (F _p ) defined by a large prime number p and a finite element F _p , The generation point P on the elliptic curve E (F _p ) is selected (S2000) by ordering large prime numbers q and q satisfying P (generation point) = O (infinite origin). Also selects the trust anchor 300 is master key the random number s (s ∈ Z _q ^*) (S2020). Also, the trust anchor 300 generates a public key P _pub (P _pub = s P) of the trust anchor based on the master key s and the generation point (S 2040). In addition, the trust anchor 300 is a cryptographic hash to be used for session establishment between the Device and the TCU functions _{h 1, h 2, h 3} , h 4 (h 1, h 2, h 3, h 4: 0, 1 * → Z q ^* ) (S2060). The trust anchor 300 also generates system parameters including p, E (F _p ), P, q, P _pub , h ₁ , h ₂ , h ₃ and h ₄ (S2080) To the security area of the TCU (S2100, S2105, S2110, S2115).

The Device receiving the system parameter transmits the ID _Dev , which is the device identifier, to the trust anchor 300 (S2120, S2125), and the TCU also transmits the ID _TCU , which is the device identifier, to the trust anchor 300 (S2130, S2135).

Trust anchor 300, a random number r _Dev and r _TCU (r _Dev, r _TCU ∈ Z _q ^*) to create and (S2140), the R _Dev (R _Dev = r _Dev · P) and R _TCU (R _Dev = r _Dev · by calculating P) and (S2160, S2180), encrypts the ID _Dev and R _Dev by h ₁ function hash to generate the α _Dev encrypts (S2200) ID _TCU and R _TCU as h ₁ function hash generates α _TCU (S2220). In addition, the trust anchor 300 is to generate s _Dev (s _Dev = r _Dev · α _Dev · s mod q), the private key of the Device on the basis of the r _Dev and α _Dev and s and q (S2240) together with R _Dev sent to the Device and (S2280, S2320, S2325), r TCU and α _TCU and s and the private key of the TCU based on a q s _TCU (s _TCU = r _TCU · α _TCU · s mod q) the generated (S2260 ) R _TCU to the TCU (S2300, S2330, S2335).

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 including a trusted execution environment according to an embodiment includes the steps of a first device 100 transmitting a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, Message; the first device 100 generates a first common key and a second common key; the first device 100 generates a session key; Includes generating a session key.

The first device 100 and the second device 200 perform encryption related operations such as random number generation, hash function, encryption and decryption in a trusted execution environment.

In the session key distribution method for establishing an encryption session between a first device (100) and a second device (200), the step of the first device (100) (A ∈ Z _q ^* ) and generates a first message including a third random number and a third temporary key generated using an elliptic curve generation point P defined by the finite field, to the second device 200, To the secure area of the network. The equation for calculating the third temporary key is shown in Equation (5) below.

A is the third temporary key, a is the third random number, and P is the generation point.

In the session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the second device (200) generating a fourth temporary key comprises: Generates a fourth random number b ∈ Z _q ^* , and generates a fourth temporary key using the fourth random number and the generation point. The equation for calculating the fourth temporary key is shown in Equation (6) below.

B is the fourth temporary key, b is the fourth random number, and P is the generation point.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the second device (200) generating a first common key and a second common key comprises: The apparatus 200 generates the first common key using the fourth random number and the third temporary key, and generates the second common key using the second device private key and the third temporary key. The second device 200 generates a first common key and a second common key using Equation (7) below.

는 제1 공통키이고,

는 제2 공통키이고, A는 제3 임시키이고, b는 제4 난수이고, s_Dev2는 제2 장치의 개인키이다.

Is a first common key,

Is a second common key, A is a third temporary key, b is a fourth random number, and s _Dev2 is the private key of the second device.

In the session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the second device (200) And transmitting the second message including the fourth temporary key and the second temporary key to the secure area of the first device 100. [

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) generating a first common key and a second common key comprises: The device 100 generates a first common key using the third random number and the fourth temporary key and uses the second temporary key, the second device ID, the public key of the trust anchor and the first cryptographic hash function to generate the second And generating a common key. The first device 100 generates a first common key and a second common key using the following Equation (8). In this case, the ID of the second device is a device that the first device 100 always connects to, and the first device 100 stores the ID of the second device in advance.

는 제1 공통키이고,

는 제2 공통키이고, B는 제4 임시키이고, a는 제3 난수이고, ID_Dev2는 제2 장치의 아이디이고, P_pub는 트러스트 앵커의 공개키이고, R_Dev2는 제2 임시키이고, h₁은 제1 암호화 해시 함수이다.

Is a first common key,

Is a second public key, B is a fourth temporary key, a is a third random number, ID _Dev2 is the ID of the second device, P _pub is the public key of the trust anchor, R _Dev2 is the second temporary key , h ₁ is the first cryptographic hash function.

과 수학식8의

는 동일한 제1 공통키이나, 계산 방법이 다르다. 하지만 수학식9와 같이 동일한 값으로 계산된다.Equation (7)

And Equation (8)

Have the same first common key or calculation method. However, it is calculated as the same value as in Equation (9).

와 수학식8의

는 동일한 제2 공통키이나, 계산 방법이 다르다. 하지만 수학식10와 같이 동일한 값으로 계산된다.Equation (7)

And Equation 8

Have the same second common key or calculation method. However, it is calculated as the same value as in Equation (10).

The first device 100 and the second device 200 generate the same first common key even if they do not know the random numbers a and b generated by each other. Also, the first device 100 may be configured such that the second common key generated by the second device 200 using the private key of the second device 200 is the same as the second device 200, Can be generated.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) generating a session key comprising: The session key is generated using the temporary key, the fourth temporary key, the first common key, and the third encrypted hash function. The first device 100 generates a session key using Equation (11).

은 제1 공통키이고, h₃은 제3 암호화 해시 함수이다.SK _{Dev1 - Dev2} is the session key, A is the third temporary key, B is the fourth temporary key,

It is a first common key, h ₃ is a third cryptographic hash function.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), wherein the step of generating a session key by a second device (200) The session key is generated using the temporary key, the fourth temporary key, the first common key, and the third encrypted hash function. The first device 100 generates a session key using Equation (11).

은 제1 공통키이고, h₃은 제3 암호화 해시 함수이다.SK _{Dev1 - Dev2} is the session key, A is the third temporary key, B is the fourth temporary key,

It is a first common key, h ₃ is a third cryptographic hash function.

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 that includes a trusted execution environment according to another embodiment is similar to the first embodiment in that the first device 100 transmits a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, 2 message; the first device 100 generates a first common key and a second common key; the first device 100 generates a session key; and the second device 200 ) May generate the session key, and the second device 200 may generate the first authentication statement.

In a session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of generating a first authentication statement by a second device (200) (200) hashes a second device ID, a second temporary key, a third temporary key, a fourth temporary key, a first common key and a second common key into a second cryptographic hash function to generate a first authentication statement to be. The second device 200 generates the first authentication statement using the following equation (13).

은 제1 공통키이고,

는 제2 공통키이고, h₂은 제2 암호화 해시 함수이다.beta _Dev2 is a first authentication statement, ID _Dev2 is a second device ID, R _Dev2 is a second temporary key, A is a third temporary key, B is a fourth temporary key,

Is a first common key,

Is the second common key, and h ₂ is the second cryptographic hash function.

The generated first authentication statement is transmitted in addition to the second message transmitted by the second device 200 to the secure area of the first device 100. [

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 that includes a trusted execution environment according to another embodiment is similar to the first embodiment in that the first device 100 transmits a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, Generating a first common key and a second common key; generating a first public key and a second common key by the first device (100) Wherein the first device (100) generates a session key and the second device (200) generates a session key, the first device (100) generating a first authentication statement and the first device And comparing the generated first authentication statement with the generated first authentication statement.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) (100) hashes a second device ID, a second temporary key, a third temporary key, a fourth temporary key, a first common key and a second common key into a second cryptographic hash function to generate a first authentication statement to be. The first device 100 generates the first authentication statement using the following equation (14).

은 제1 공통키이고,

는 제2 공통키이고, h₂은 제2 암호화 해시 함수이다.beta _Dev2 is a first authentication statement, ID _Dev2 is a second device ID, R _Dev2 is a second temporary key, A is a third temporary key, B is a fourth temporary key,

Is a first common key,

Is the second common key, and h ₂ is the second cryptographic hash function.

The first authentication statement generated by the second device 200 and the first authentication statement generated by the second device 200 must be the same because the parameters input to the second encryption hash are the same.

A session key distribution method for establishing an encryption session between a first device (100) and a second device (200), the method comprising the steps of: Is a step for the first device 100 to compare the first authentication statement received from the second device 200 with the generated first authentication statement to authenticate the second device 200. [ The second device 200 generates the first common key and the second common key that are the same as the first device 100 so that the first device 100 can authenticate the second device 200. If the comparison result does not match, the session establishment procedure is stopped.

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 that includes a trusted execution environment according to another embodiment is similar to the first embodiment in that the first device 100 transmits a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, Generating a first common key and a second common key; generating a first public key and a second common key by the first device (100) (100) generates a first authentication statement; comparing the first authentication statement received by the first device (100) with the first authentication statement generated; and generating a session key by the first device , And the second device (200) generating a session key, wherein the first device (100) generates a second authentication statement and the first device (100) generates a first signature Step The first device 100 may generate a first cipher text and the first device 100 may transmit the third message.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) (100) hashes a first device ID, a first temporary key, a third temporary key, a fourth temporary key, a first common key and a second common key into a second cryptographic hash function to generate a second authentication statement to be. The first device 100 generates the first authentication statement using the following equation (15).

은 제1 공통키이고,

는 제2 공통키이고, h₂은 제2 암호화 해시 함수이다.? _Dev1 is a second authentication statement, ID _Dev1 is a first device ID, R _Dev1 is a first temporary key, A is a third temporary key, B is a fourth temporary key,

Is a first common key,

Is the second common key, and h ₂ is the second cryptographic hash function.

In a session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) 100) encrypts the second authentication statement with the first device private key to generate the first signature. The first device 100 generates a first signature using the following Equation (16).

은 제1 서명이고, s_Dev1는 제1 장치의 개인키이고, β_Dev1은 제2 인증문이고, a는 제3 난수이고, q는 제2 소수이다.

Is a first signature, s _Dev1 is a private key of the first device, beta _Dev1 is a second authentication statement, a is a third random number, and q is a second prime number.

In a session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of the first device (100) 100 generates a first cipher text by encrypting the first device ID, the first temporary key, and the first signature using the temporary key generated by hashing the first common key and the second common key as the fourth cryptographic hash function . The first device 100 generates the first cipher text using the following Equation (17).

는 임시키이고, K_Dev1 ¹은 제1 공개키이고,

은 제2 공개키이고, ID_Dev1은 제1 장치의 아이디이고, R_Dev1은 제1 임시키이고,

은 제1 서명이다.[Delta] _Dev1 is a first cipher text,

Is a temporary key, K _Dev1 ¹ is a first public key,

ID _Dev1 is the ID of the first device, R _Dev1 is the first temporary key,

Is a first signature.

The first cipher text is used to encrypt and convey the identity of the first device for the anonymity of the first device 100. It is also used to encrypt and transmit the first temporary key and the first signature so that the second device 200 can verify the first signature of the first device 100. [ That is, the first signature of the first device can be confirmed by decrypting the corresponding cipher text using the common key generated by only the device that received the first cipher text in the same manner as the first device 100.

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 that includes a trusted execution environment according to another embodiment is similar to the first embodiment in that the first device 100 transmits a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, Generating a first common key and a second common key; generating a first public key and a second common key by the first device (100) (100) generates a first authentication statement; comparing the first authentication statement received by the first device (100) with the first authentication statement generated; and generating a session key by the first device , The first device 100 generates a second authentication statement, the first device 100 generates a first signature, the first device 100 generates a first ciphertext, And a first device 100 includes sending a third message and the second device 200 generating a session key, the second device 200 obtaining a first signature and the second device 200 sending a second signature, Generating a second authentication statement, and the second device 200 verifying the first signature.

In a session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of obtaining a first signature by a second device (200) 200 decrypts the first cipher text using the temporary key generated by hashing the first common key and the second common key as the fourth cryptographic hash function to obtain the first device ID, the first temporary key, and the first signature . The second device 200 obtains the first signature using the following equation (18).

는 임시키이고,

은 제1 공개키이고,

은 제2 공개키이고, ID_Dev1은 제1 장치의 아이디이고, R_Dev1은 제1 임시키이고,

은 제1 서명이다.[Delta] _Dev1 is a first cipher text,

Is a temporary key,

Is a first public key,

ID _Dev1 is the ID of the first device, R _Dev1 is the first temporary key,

Is a first signature.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of generating a second authentication statement by a second device (200) (200) hashes the first device ID, the first temporary key, the third temporary key, the fourth temporary key, the first common key and the second common key into a second cryptographic hash function to generate a second authentication statement to be. The second device 200 acquires the second authentication statement using the following equation (19).

은 제1 공통키이고,

는 제2 공통키이고, h₂은 제2 암호화 해시 함수이다.? _Dev1 is a second authentication statement, ID _Dev1 is a first device ID, R _Dev1 is a first temporary key, A is a third temporary key, B is a fourth temporary key,

Is a first common key,

Is the second common key, and h ₂ is the second cryptographic hash function.

In a session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the step of verifying the first signature by the second device (200) 200 confirms the first signature using the first device ID, the first temporary key, the generation point, the public key of the trust anchor, the third temporary key, and the first cryptographic hash function. And the first ID received by the second device 200 is transmitted from the first device 100. [ The second device 200 confirms the first signature using the following equation (20).

은 제1 서명이다.beta _Dev1 is the second authentication statement, ID _Dev1 is the first device ID, R _Dev1 is the first temporary key, A is the third temporary key, P is the generation point, P _pub is the public key of the trust anchor, h ₁ is a first cryptographic hash function,

Is a first signature.

The first signature verification in Equation (20) can be confirmed through Equation (21).

4 illustrates a session key distribution procedure for establishing an encryption session according to an embodiment. A session key distribution method for establishing a session between the first device 100 and the second device 200 will be described with reference to FIG. 4. The first device 100 generates a third random number, generates a third random number, Point to generate a third temporary key. The first device 100 transmits the first message including the generated third temporary key to the secure area of the second device 200 (S3000). The second device 200 generates a fourth random number and generates a fourth temporary key using the fourth random number and the generation point (S3020). The second device 200 generates the first common key using the fourth random number and the third temporary key, and generates the second common key using the private key of the second device and the third temporary key (S3040) . The second device 200 generates a first authentication statement in which the first device 100 can authenticate the second device 200 (S3060), and the fourth temporary key, the second temporary key, And transmits a second message including an authentication statement to the secure area of the first device 100 (S3080). The first device 100 generates a first common key identical to the first common key generated by the second device 200 using the third random number and the fourth temporary key, And generates a second common key, which is the same as the second common key generated by the second device 200, using the public key of the trust anchor and the first cryptographic hash function (S3100). The first device 100 generates and compares a first authentication statement to be compared with the first authentication statement received from the second device 200 (S3120). The first device 100 generates a session key using the third temporary key, the fourth temporary key, the first common key, and the third encrypted hash function (S3160). The first device 100 generates a second authentication message and encrypts the second authentication message with the private key of the first device to generate a first signature (S3180). The first device 100 generates a temporary key using the first common key and the second common key, encrypts the first device ID, the first temporary key, and the first signature using the generated temporary key to generate a first cipher text (S3200), and transmits a third message including the first ciphertext to the secure area of the second device 200 (S3220). The second device 200 generates a temporary key with the first common key and the second common key and decrypts the first cipher text using the generated temporary key to obtain the first device ID and the first temporary key and the first signature (S3240). The second device 200 generates a second authentication statement to be used for the first signature authentication (S3260), and generates a second authentication key to be used for the first signature authentication, a second authentication key, a first temporary key, a generation point, a public key of the trust anchor, The first signature is confirmed using the hash function (S3280). The second device 200 generates a session key using the third temporary key, the fourth temporary key, the first common key, and the third encrypted hash function (S3300).

A session key distribution method for establishing an encryption session between a first device 100 and a second device 200 that includes a trusted execution environment according to another embodiment is similar to the first embodiment in that the first device 100 transmits a first message , The second device 200 generating a fourth temporary key, the second device 200 generating a first common key and a second common key, and the second device 200 generating a second common key, Generating a first common key and a second common key; generating a first public key and a second common key by the first device (100) (100) generates a first authentication statement; comparing the first authentication statement received by the first device (100) with the first authentication statement generated; and generating a session key by the first device , The first device 100 generates a second authentication statement, the first device 100 generates a first signature, the first device 100 generates a first ciphertext, And a first device 100) transmits a third message; the second device 200 obtains the first signature and the second device 200 generates a second authentication statement; And the second device 200 generates a session key, the first device 100 and the second device 200 verifying the random number contained in the message, As shown in FIG.

The first device 100 and the second device 200 transmit a random number generated in order to prevent a meson attack, and increase the random number when a message is transmitted.

The first message transmitted by the first device 100 to the secure area of the second device 200 further comprises a fifth random number generated by the first device 100 and the second device 200 comprises the second random number generated by the first device 100. [ The third message transmitted from the first device 100 to the secure area of the second device 200 includes a value obtained by adding a value of the fifth random number plus 1, 5 Includes a value that is the sum of two random numbers.

A session key distribution method for establishing a cryptographic session between a first device (100) and a second device (200), the method comprising: a first device (100) and a second device (200) Includes checking that the first device 100 adds 1 to the fifth random number included in the message upon receiving the second message, and checking whether the second device 200 is included in the message upon receiving the third message And a value obtained by adding 2 to the fifth random number.

와

를 생성한다(S4120, S4140). 또한 TCU는 β_TCU(

)를 생성하고(S4160), B와 R_TCU, β_TCU와 r+1을 포함하는 메시지 M₄를 생성하여(S4180) 일반 영역을 거쳐 Device의 신뢰 실행 환경의 보안 영역으로 전송한다(S4200, S4210, S4215).5 illustrates a session key distribution procedure for establishing an encrypted session for generating a session key between a device and a telematics control unit according to another embodiment. In the embodiment shown in FIG. 5, the first device 100 is represented as a device as one of the telematics devices, and the second device 200 is represented as a telematics control unit (TCU). Referring to FIG. 5, a session key distribution procedure for establishing a cryptographic session between a device and a TCU will be described. The device generates a random number a (a ∈ Z _q ^* ) in a secure area of a trusted execution environment (S4000) = a · P) (S4020). In addition, a random number r to be used for preventing the meson attack is generated (S4000). Device sends the secure area of the TCU trusted execution environment to generate a message containing the A and M ₃ r through (S4040) the general region (S4060, S4070, S4075). The TCU generates a random number b (b? Z _q ^* ) in the security area of the trust execution environment (S4080) and generates B (B = b? P) (S4100). The TCU

Wow

(S4120, S4140). In addition, the TCU β _TCU (

) To create and (S4160), B and R _TCU, β _TCU and r + and 1 to generate a message M _4, including through (S4180) normal zone transfer, the secure area of the Device of the trusted execution environment (S4200, S4210 , S4215).

과 α_TCU(α_TCU = h₁(ID_TCU, R_TCU)를 생성하고(S4240, 4260), α_TCU를 이용하여

를 생성한다(S4280).The device checks r + 1, and if the value is not valid, ends the procedure (S4220). Device

And α _TCU (α _TCU = h ₁ (ID _TCU , R _TCU ) are generated (S 4240, 4260), and α _TCU is used

(S4280).

와 일치하는지 비교한다(S4300). 비교 결과 일치하지 않으면 Device는 절차를 종료한다.Device receives β _TCU received from _TCU

(S4300). If the comparison result does not match, the device terminates the procedure.

)와,

를 계산하고(S4320, S4340), 세션키인 SK_Dev-TCU(

)를 생성한다(S4360). 또한 Device는 Ψ_Dev (

)를 생성한다(S4380). Device는 Ψ_Dev와 r + 2를 포함하는 메시지 M₅를 생성하여(S4400) 일반 영역을 거쳐 TCU의 신뢰 실행 환경의 보안 영역으로 전송한다(S4420, S4430, S4435).Device is β _Dev (

)Wow,

(S4320, S4340), and the session key SK _Dev-TCU (

(S4360). Device also has Ψ _Dev (

(S4380). The Device generates a message M ₅ including Ψ _Dev and r + 2 (S 4400), and transmits the message M ₅ to the security area of the trusted execution environment of the TCU (S 4420, S 4430, S 4435).

The TCU checks r + 2 and terminates the procedure if the value is not valid (S4440).

로 생성한 임시키와 Ψ_Dev로부터 ID_Dev와, R_Dev와,

를 획득(

)하고(S4460), α_Dev(α_Dev = h₁(ID_Dev, R_Dev))와 β_Dev(

)를 구한다(S4480, S4500). 또한 TCU는

와 R_Dev + α_{Dev ·}P_pub + β_{Dev ·}A의 계산 값이 동일한지 확인하여 동일하지 않으면 절차를 종료한다(S4520).The TCU

And _Dev ID from the temporary key generated in the Ψ _Dev, R and _Dev,

(

) And _{(S4460), α Dev (α} Dev = h 1 (ID Dev, R Dev)) and β _Dev (

(S4480, S4500). Also,

And R _{Dev Dev} + α _· β + and P _{pub Dev ·} Check the calculated value of A is equal to the end unless the same procedure (S4520).

)를 생성하여 세션을 수립한다(S4540).The TCU uses the session key SK _Dev-TCU (

) To establish a session (S4540).

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities that may occur to those skilled in the art. The claims are intended to cover such modifications.

Claims (9)

A session key distribution method for establishing a cryptographic session between a first device and a second device including a trusted execution environment,
Receiving, from the trust anchor, an elliptic curve equation defining an elliptic curve for each security area by the first device and the second device, and a system parameter including a generation point;
The trust anchor uses the private key of the first device generated using the elliptic curve equation and the cryptographic hash function based on the first device ID and the generation point and the first temporary key calculated using the first random number and the generation point 1 < / RTI > device to its security zone;
The trust anchor uses the private key of the second device generated using the elliptic curve equation and the cryptographic hash function based on the second device ID and the generation point and the second temporary key calculated using the second random number and the generation point 2 < / RTI > device to its security zone;
Transmitting a first message to the secure area of the second device, the first message including a third temporary key generated by the first device using the third random number and the generating point, and generating a third random number;
The second device generating a fourth random number and generating a fourth temporary key using a fourth random number and a generation point;
The second device generating the first common key using the fourth random number and the third temporary key, generating the second common key using the second device private key and the third temporary key,
The second device sending a second message including a fourth temporary key and a second temporary key to the secure area of the first device;
The first device generates the first common key using the third random number and the fourth temporary key, and the second common key is generated using the second temporary key, the second device ID, the public key of the trust anchor and the first cryptographic hash function, Generating a key;
The first device generating a session key using a third temporary key, a fourth temporary key, a first common key and a third cryptographic hash function;
The second device generating a session key using a third temporary key, a fourth temporary key, a first common key and a third cryptographic hash function;
A session key distribution method for establishing an encryption session based on an elliptic curve cryptosystem.
The method according to claim 1,
The system parameters transmitted by the trust anchor further include a first cryptographic hash function, a second cryptographic hash function, a third cryptographic hash function, and a fourth cryptographic hash function,
Wherein the cryptographic hash function used by the trust anchor in generating the private key of the first device and the second device is a first cryptographic hash function.
delete delete The method of claim 1,
The second device hashes the second device ID, the second temporary key, the third temporary key, the fourth temporary key, the first common key and the second common key into a second cryptographic hash function to generate a first authentication statement ;
Further comprising:
Wherein the second message transmitted by the second device to the secure area of the first device further comprises a first authentication statement.
6. The method of claim 5,
The first device hashes the second device ID, the second temporary key, the third temporary key, the fourth temporary key, the first common key and the second common key into a second cryptographic hash function to generate a first authentication statement ;
Authenticating the second device by comparing the first authentication statement received by the first device with the generated first authentication statement;
Wherein the session key distribution method further comprises:
7. The method of claim 6,
The first device hashes the first device ID, the first temporary key, the third temporary key, the fourth temporary key, the first common key and the second common key into a second cryptographic hash function to generate a second authentication statement ;
The first device encrypting the second authentication statement with the first device private key to generate a first signature;
The first device encrypts the first device ID, the first temporary key, and the first signature using the temporary key generated by hashing the first common key and the second common key as a fourth encrypted hash function to generate a first cipher text ;
The first device sending a third message including a first ciphertext to the secure area of the second device;
Wherein the session key distribution method further comprises:
8. The method of claim 7,
The second device decrypts the first cipher text using the temporary key generated by hashing the first common key and the second common key as the fourth cryptographic hash function to acquire the first device ID, the first temporary key, and the first signature ;
The second device hashes the first device ID, the first temporary key, the third temporary key, the fourth temporary key, the first common key and the second common key into a second cryptographic hash function to generate a second authentication statement ;
The second device verifying the first signature using the first device identity, the first temporary key, the generating point, the public key of the trust anchor, the third temporary key, and the first cryptographic hash function;
Wherein the session key distribution method further comprises:
9. The method of claim 8,
The first message transmitted by the first device to the secure area of the second device further comprises a fifth random number generated by the first device,
The second message transmitted by the second device to the secure area of the first device further comprises a value obtained by adding 1 to the fifth random number,
The third message transmitted by the first device to the secure area of the second device further comprises a value obtained by adding 2 to the fifth random number,
The method
Confirming a value obtained by adding 1 to the fifth random number included in the message when the first device receives the second message;
Confirming a value obtained by adding 2 to the fifth random number included in the message when the second device receives the third message;
Wherein the session key distribution method further comprises:

Images