KR20200028782A - Method and apparatus for encrypting data based on patterned cipher block for real-time data communication - Google Patents

Abstract

The present invention relates to an encryption method and apparatus using a pattern cipher block mode for real-time data transmission, which enables to provide safety and real-time performance in Internet of things (IoT) devices, unmanned vehicles, and vehicle network environments with resource limits and computational limits.

Description

METHOD AND APPARATUS FOR ENCRYPTING DATA BASED ON PATTERNED CIPHER BLOCK FOR REAL-TIME DATA COMMUNICATION}

The present invention relates to an encryption method and apparatus using a pattern cipher block mode for real-time data transmission.

The encryption technique does not have a meaning in itself, but it is important to prevent the information of the data from being exposed if the messages exchanged in the communication between each other are important data containing personal information. The encryption method includes a symmetric key encryption method and an asymmetric key encryption method. In general, the symmetric key encryption technique is based on structural complexity, and since the key length is shorter than the key length of the asymmetric key encryption technique, it is possible to perform fast encryption / decryption. On the other hand, the asymmetric key encryption technique is based on a mathematical complexity (discrete algebra problem) and is divided into a public key and a private key to perform encryption and decryption separately. In other words, in the case of the symmetric key encryption method, since the encryption and decryption is performed with a single key, there is a problem that the transceiver must safely share the symmetric key in advance. Without the need, the sender has the advantage of decrypting the encrypted text with his private key and checking the message information when the recipient's public key is encrypted and transmitted. The advantages and disadvantages of this non-symmetric key encryption technique are well utilized in the network communication environment.

SSL is an abbreviation of Secure Socket Layer. It is a protocol that operates at the application layer and the TCP / IP layer for secure and encrypted communication between the web server and the web browser. It is made by Netscape and its official standard name is Transport Layer Security (TLS). In TLS, before performing communication, a task is performed to safely share a symmetric key with each other through a handshaking protocol. After sharing necessary information such as an asymmetric key encryption technique and hash type that can be used in the handshaking process, the sender advances to the receiver. With the asymmetric key encryption method defined in, the symmetric key to be used in future communication is encrypted with the public key of the receiver and sent to the receiver. The encrypted text received from the sender is decrypted with its own secret key to securely obtain the symmetric key. As a result, TLS compensates for the disadvantages of the asymmetric encryption method and the symmetric key encryption method, enabling secure communication.

However, the safety of the TLS protocol depends only on the security of the encryption method, and does not complement the security of the asymmetric key encryption method used. In addition, TLS has the disadvantage that it cannot properly adjust the real-time performance and safety according to the network situation.

In today's modern society where safety and real-time performance are important due to the use of IoT and wearable devices, overheads and delays occur when devices are applied with encryption modules such as TLS. That is, if it is possible to provide real-time performance, safety is threatened, whereas when it is possible to provide safety, real-time performance is deteriorated. Therefore, in the present invention, the contents of the encryption method capable of safety and real-time performance are also provided in a device network environment having a computational limit and a resource limit.

Stream encryption, symmetric key encryption, and asymmetric key encryption methods are provided as encryption techniques to provide security for network communication environments. Asymmetric key cryptography basically provides a long key length, so it provides security, but does not provide real-time. On the other hand, since the stream cipher generates a cipher text through a simple XOR operation, it is possible to predict the plain text with a 50% probability, providing real-time performance, but not safety. In the case of the symmetric key encryption method, since the key length is shorter and faster than that of the asymmetric key encryption method, it is generally safer than the other encryption method, and thus, it is generally secured and real-time. ARIA, SEED, AES, etc. are used for this symmetric key encryption method. They have three key lengths, and the longer the key length, the higher the safety, but the delay caused by encryption / decryption occurs, resulting in deterioration in real-time. Moreover, with the advent of quantum computers, existing symmetric key cryptography methods can no longer guarantee the safety of a short key length, but the longest key length can be used, but the security can be guaranteed.

The existing solution to deal with this problem is to use a symmetric key encryption technique with a long key length for safety, and at the same time, to provide real-time performance, a method of dividing a region to which a user applies an encryption technique and an area not to apply. Used. However, the existing method does not provide a basic solution in a network environment that requires not only information but also safety and real-time in the case of an area where the encryption technique is not applied. Today, as IoT, unmanned mobile vehicles, and vehicles are widely used, there is an increasing demand for a technology capable of providing safety and real-time performance in a network environment having specifications such as IoT, unmanned mobile vehicles, and vehicles.

The present invention provides an encryption method and apparatus using a pattern cipher block mode for real-time data transmission, which makes it possible to provide safety and real-time in IoT devices, unmanned mobile vehicles, and vehicle network environments with resource limits and computational limits. It has a purpose.

The present invention will describe an operation mode that is divided into block units required by a symmetric key encryption technique according to a network environment. In general, the message size exchanged in a network environment is variable. Therefore, in order to apply the symmetric key encryption method to the network environment, it must be divided into message units required by the symmetric key encryption method. Dividing the variable message unit into regular message units to help the symmetric key encryption technique be applied is called an operation mode.

The proposed operating mode (Patterned Cipher Block (PCB)) proposed in this content is an independent structure that encrypts symmetric keys of different lengths by randomly ordering them and encrypts them at the same time. It is a technology that enables the receiver to verify the case of replacing or counterfeiting.

In general, the shorter the key length in symmetric key encryption, the higher the real-time performance, but the less secure. On the other hand, the longer the key length, the higher the safety, but less real-time. However, the operating mode technology proposed in this content enables safety and real-time performance by simultaneously using symmetric keys of different lengths and adjusting key ratios of different lengths. It is safer for a user to use keys of different lengths at the same time than for a user to use a single key. That is, it is possible to provide a high level of safety by increasing the number of times an attacker must attempt to attack to decrypt an arbitrary ciphertext as well as the number of keys to be found. It can be represented by a mathematical formula as shown in [Fig. 1] that it is possible to provide higher safety than before.

In this context, the technology proposed together with the operation mode technology is an integrity verification technology, and the structure diagram can be confirmed through [FIG. 2]. The key used for encryption and the previously generated integrity verification value are XORed together. The result of the XOR operation is used as the input value of the key of the cryptographic hash algorithm to obtain the result of the algorithm. By receiving the result value generated as above as the input value of the cryptographic hash algorithm, it is possible to generate the result of integrity verification for the plaintext.

The use of two different cryptographic hash algorithms in this way can prevent collisions of cryptographic hash functions that may occur, as well as make it impossible to forge from an attacker due to the irreversible nature of cryptographic hash.

In addition, since the operation mode technology proposed in this content has an independent structural characteristic, it is possible to provide a counter value as shown in [Fig. 3] for each ciphertext generated through a symmetric key encryption technique. That is, it is possible to obtain correct plaintexts without error diffusion in UDP as well as TCP where packet loss can occur frequently in a network environment, and it is possible to retransmit a lost packet through the Counter value even if packet loss occurs in the middle.

According to the present invention, as well as providing an operation mode capable of encrypting a symmetric key encryption method according to a network environment, it can be referred to as an authenticated operation mode technology by providing integrity verification together.

Additionally, keys of different lengths used for encryption in the symmetric key encryption technique can be generated in the following way. The first method is to generate three types of keys with one PW. That is, it is a method to cut and use the result value that comes out using PW as the input value of the hash function. The reason for using the hash function is that even if an attacker finds one hash result value, the remaining hash result values are not known due to the hash function property, reverse phase resistance. The second method is to cut and use the result values that appear when one PW is input using three different hash functions. The reason for using the three types of hash function is that the hash function basically satisfies the collision resistance property, but is prepared for a collision that may occur. The third method is the safest method as the user randomly generates three different types of keys.

1 is a numerical formula for providing high security when an encryption method and apparatus based on a pattern cipher block mode for real-time data transmission according to an embodiment of the present invention are used.
2 is a schematic structural diagram of an encryption device based on a pattern cipher block mode for real-time data transmission according to an embodiment of the present invention.
3 is a diagram for explaining providing a counter value for each ciphertext generated by an encryption method and apparatus based on a pattern cipher block mode for real-time data transmission according to an embodiment of the present invention.
4 is a ciphertext that performs encryption on the same plaintext as CBC through an encryption method and apparatus based on a pattern cipher block mode for real-time data transmission according to an embodiment of the present invention.
FIG. 5 is a diagram proving that an existing attack is impossible in an independent structure having a pattern format by an encryption method and apparatus based on a pattern encryption block mode for real-time data transmission according to an embodiment of the present invention.
FIG. 6 shows a key of different lengths used in a pattern format as well as providing both safety and real-time performance by an encryption method and apparatus based on a pattern encryption block mode for real-time data transmission according to an embodiment of the present invention. It is a drawing to generate.
7 is an experiment for confirming that the encryption / decryption rate is faster than the fastest ECB among block-level encryptions by an encryption method and apparatus based on a pattern encryption block mode for real-time data transmission according to an embodiment of the present invention. Data.

The present invention can be applied to various changes and can have various embodiments, and specific embodiments will be described in detail with reference to the drawings. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. In describing each drawing, similar reference numerals are used for similar components.

Terms such as first, second, A, and B may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from other components. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component. The term and / or includes a combination of a plurality of related description items or any one of a plurality of related description items.

When a component is said to be "connected" to or "connected" to another component, it should be understood that other components may be directly connected to, or connected to, other components. something to do. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that no other component exists in the middle.

The terms used in this application are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "include" or "have" are intended to indicate the presence of features, numbers, steps, actions, components, parts or combinations thereof described herein, one or more other features. It should be understood that the existence or addition possibilities of fields or numbers, steps, operations, components, parts or combinations thereof are not excluded in advance.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by a person skilled in the art to which the present invention pertains. Terms such as those defined in a commonly used dictionary should be interpreted as having meanings consistent with meanings in the context of related technologies, and should not be interpreted as ideal or excessively formal meanings unless explicitly defined in the present application. Does not.

Throughout the specification and claims, when a part includes a certain component, this means that other components may be further included instead of excluding the other component unless specifically stated to the contrary.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Block-based encryption operation modes include ECB, CBC, and PCBC.

Since ECB performs encryption / decryption in an independent structure, parallel processing is possible, and there is no error diffusion, and encryption stealing techniques can be applied. That is, since it does not require a separate padding operation, it is faster than other operating modes that perform encryption / decryption on a block-by-block basis. However, it is not an authenticated block cipher mode, and since it performs encryption and decryption in an independent structure, it has a fatal disadvantage that an attacker can reuse ciphertext because it is deterministic.

CBC and PCBC basically require IV, and since the previous ciphertext in the chain form has a structure that affects the generation of the next ciphertext, it is difficult to obtain a proper plaintext due to error diffusion when a bit error occurs during transmission. Moreover, since CBC and PCBC require additional padding operations, encryption and decryption is slower than ECB. However, the block pattern is not maintained due to its structure, but parallel processing is impossible when generating ciphertext.

The proposed encryption scheme PCB has the advantage of being suitable for real-time because it is fast because it does not require error diffusion due to independent structure like ECB and does not require additional computation such as padding. Also, since encryption is performed according to keys of different lengths, it has a pattern due to the order of the keys. When encryption is performed on the same plain text as CBC through the structural characteristic [FIG. 4] having a pattern format, different ciphertexts are generated. In addition, it can be called an authenticated operation mode by proposing a technology that enables a receiver to verify integrity to prevent forgery and replacement of ciphertext in a network environment. In addition, unlike the TCP, the proposed PCB can be safely used for both TCP and UDP because there is no error diffusion for packet loss that occurs when using the UDP protocol. Therefore, the proposed encryption technique proves that the existing attack is impossible with an independent structure having a pattern format [Fig. 5], so that it is possible to provide high safety and real time together, and of different lengths used in the pattern format. It is possible to generate a key in the same way as [Fig. 6].

It can be seen through the operation mode PCB proposed in the present invention that the speed of performing encryption and decryption is faster than that of the fastest ECB among block-level encryption. Basically, PCB and ECB have independent structure. However, unlike the ECB, it is possible to provide high safety due to the pattern characteristics caused by using keys of different lengths at the same time. That is, PCB not only provides a high level of safety by compensating for the safety problem of the key length of the existing symmetric key encryption technique, but also provides real-time performance because the speed of performing encryption and decryption is the fastest among block-level encryption. It is possible.

Since the PCB operation mode has an independent structure, there is no need to perform additional operations such as padding, so real-time performance is possible. In addition, the PCB provides a high level of safety because it can compensate for the safety problem with respect to the key length of the existing symmetric key encryption technique through the pattern feature generated by using keys of different lengths at the same time.

 The invention PCB is capable of providing safety and real-time performance to a device network environment such as IoT having resource limitation and computational limitation. In addition, PCBs can be decoded without error diffusion in unmanned mobile and vehicle network environments where packet loss is likely to occur due to mobility. That is, safety and real-time performance are possible by applying the PCB operation mode to fields with these limitations, such as resource limitation, computational limitation, and characteristics that are likely to cause packet loss due to mobility.

References

[1] M. Y. Rhee, Cryptography and secure communications. McGraw-Hill, Inc. 1993.

[2] W. Abdallah, S. kyu Lee, H. Kim, and N. Boudriga, “Adaptive qos and security for video transmission over wireless networks: A cognitivebased approach,” in International Conference on Algorithms and Architectures for Parallel Processing. Springer, 2014, pp. 138-151.

[3] M. Dworkin, “Recommendation for block cipher modes of operation. methods and techniques, ”NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD COMPUTER SECURITY DIV, Tech. Rep., 2001.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and variations without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical spirit of the present invention, but to explain, and the scope of the technical spirit of the present invention is not limited by these embodiments. The scope of protection of the present invention should be interpreted by the claims below, and all technical spirits within the scope equivalent thereto should be interpreted as being included in the scope of the present invention.

Claims (1)

In the pattern encryption block mode for real-time data transmission using the pattern encryption block mode for real-time data transmission, which makes it possible to provide safety and real-time in IoT devices, unmanned vehicles, and vehicle network environments with resource limits and computational limits. Encryption method based.

Images