RU2591181C1 - Method of authenticating transmitted command words - Google Patents

Abstract

FIELD: computer engineering.

SUBSTANCE: invention relates to computer engineering and can be used for authorised transmission of data between control software and computer hardware. Method comprises transmitting command words combined into pools, transmitted in limited time intervals. Each pool is analysed, and in case of detecting command words issued by foreign sources, a request for repeated transmission of entire pool is generated. This, on one hand, improves reliability of communication between source and receiver, and on other hand increases probability of so called denial of service attacks. To prevent such attacks, present method allows separation from plurality of command words received by receiver of command from those which are issued by a legal source to reduce probability of request for repeat transmission of pools of command words.

EFFECT: ensuring authenticity of transmission of command words from legal source to a device while ensuring protection from interception and substitution of transmitted command words.

1 cl, 5 dwg

Description

The invention relates to computer technology and can be used for authenticated data transfer between the control program and the hardware of an electronic computer (computer).

When working on a user's computer, it is necessary that the hardware component receives data only from the corresponding software. Otherwise, the data received from extraneous programs (it does not matter if this is an accidental event or the action of any destructive programs) can be received and processed by the device, which can lead to errors in the device’s operation or even complete loss of its functionality. The invention allows for authenticated data transfer between the control program and the hardware under conditions when some restrictions are imposed on the communication channel due to the fact that the word length transmitted to the hardware is usually limited by the bit depth of the controller ports and the interface standard.

A known method of transmitting and receiving messages with ensuring authenticity (patent No. 2027311, IPC 6 H04K 1/00, published on January 20, 1995). To ensure authenticity, it provides before sending a message over a communication channel, dividing the message into several blocks of a certain length, receiving a test sequence by encrypting and converting the message in accordance with the secret key and the conversion function, sending a message and a test sequence to the addressee on the communication channel, receiving the message by the addressee and test sequence, the formation on the destination side of the test sequence by converting tions of the received message in accordance with a secret key and a function for converting, in case of coincidence of the generated test sequence with the verification sequence received message is accepted as authentic.

The disadvantage of this method is the need to use the DES encryption algorithm in the process of generating a verification sequence, which entails a large time cost for encryption / decryption operations. Another disadvantage is the need for additional information redundancy in the transmission of the control sequence.

As a prototype, a method of transmission and reception with the authenticity of the message without encryption has been selected (patent No. 2027310, IPC 6 H04K 1/00, published January 20, 1995). To ensure authenticity, it provides before sending a message over a communication channel the message is divided into several blocks of a certain length, the formation of two pseudorandom sequences (PSP) with their division into blocks of the same length as the length of the message blocks, the formation of the authenticator by irreversibly converting the result of bitwise addition message blocks, blocks of the first PSP and second PSP, sending a message and an authenticator to the addressee, receiving the message and authenticator by the addressee, forms the authentication side of the authenticator from the received message and, if the generated authenticator matches the received authenticator, the message is accepted as reliable.

The disadvantage of this method is the need for the formation of additional memory bandwidth, which do not carry any "useful information". Another disadvantage is the need for additional information redundancy, commensurate with the length of one block when transmitting the authenticator.

The aim of the invention is to ensure the authenticity of the transfer of command words (CS) from a legal source to the device while providing protection against interception and "substitution" of transmitted CS. The present method consists in transmitting CSs combined in pools transmitted at limited time intervals. Each pool is analyzed, and if it was found KS issued by extraneous sources, then a request for retransmission of the entire pool. This, on the one hand, increases the reliability of information exchange between a source and a receiver, and on the other hand, increases the likelihood of so-called denial of service attacks. To prevent the possibility of such attacks, the present method provides for the possibility of separating from the set of received by the receiver CS those that are issued by a legal source to reduce the likelihood of a request for retransmission of pools of CS.

- данных, непосредственно обрабатываемых приемником, и небольшой по объему имитоприставки

, сформированной из всех переданных ранее информационных частей КС,

:At the stage of transmitting the CS from the source to the receiver, a pool of command words is formed, which we denote as S _i . Each CS of a legal source S _i consists of an information part

- data directly processed by the receiver, and a small volume of imitation prefix

formed from all previously transmitted information parts of the COP,

:

where F _hash is a function of cryptographic hashing of several words and generating from an arbitrary amount of data a given prefix size. The format of the CS perceived by the receiver is as shown in FIG. 1. For each CS, its serial number i in the CS pool is calculated. Each SC before being sent to the receiver must be converted in accordance with the secret word S ^sec to exclude the possibility of intercepting S _i and i in the clear. Before sending the CS to the receiver, the source performs the following sequence of actions:

1) forms the word i ′ = F _A (S ^sec , i);

;2) forms a word

;

;3) forms a word

;

4) sends the word to the receiver

The receiver, in turn, performs the following operations:

;1) determines the number

;

;2) defines the word

;

;3) determines the content of the resulting COP

;

where: F _A (B, A) is an irreversible transformation; F _B (A, B) and F _C (B, A) - reversible conversions of the word A in accordance with the key B, as a result of which the length of the resulting word is equal to the length of the word A.

и

- преобразования, обратные F_B (А, В) и F_C (В, А) соответственно.

and

- conversions inverse to F _B (A, B) and F _C (B, A), respectively.

All words received by the receiver are buffered until the receiver receives a stop word, the receipt of which means that the entire pool of the COP has been transferred. We will call the number i _pr , allocated by the receiver from the incoming CS, the tier of the control word. If the obtained COP is issued by a legal source, then i _pr = i. At the same time, several words with the same tier can be simultaneously present in the buffer of command words. The reason for this may be sending the CS to the receiver by an extraneous source. For each word entering the buffer, its sequence number j from the beginning of the current pool is remembered. In the case when there are no extraneous sources of command words, the equality j = i _pr = m is fulfilled, where m is the maximum tier of words written in the buffer. In the general case (when there are extraneous CSs in the buffer) j ≥ i _pr , j ≥ m, m ≥ i _pr . The condition for writing the newly received SC to the buffer on the tier i _{pr is} as follows:

Otherwise, the word is ignored. The described situation is presented in FIG. 2.

After distributing all the received CSs into tiers from each of the tiers, the receiver selects one word and composes from it a pool of CSs issued by a legal source.

- его информационная часть,

- его имитоприставка. Тогда необходимо построить цепочку из М слов

при одновременном соблюдении условий:Let S _{j, r} be the word received at the jth receiver from the beginning of the current pool and defined on the rth tier,

- its informational part,

- his imitation prefix. Then you need to build a chain of M words

subject to the following conditions:

;

;

, где r = 2…М.

where r = 2 ... M.

From these conditions, an algorithm is derived for selecting a legal source from the words buffer, which reduces to alternately selecting words from the tiers of the buffer and checking their numbers and prefixes.

- КС легального источника, j(1)-j(M) - номера, под которыми 1-e … М - e КС легального источника были записаны в буфер, e - номер яруса, на котором возникла коллизия,

- слово постороннего источника, p - номер, под которым постороннее слово поступило в буфер.All M words issued by a legal source in the current pool, provided that there are no failures in the interface lines, always form a chain that satisfies the above condition. In the absence of collisions, all CS of a legal source will be identified and processed, that is, it is impossible to lose individual words of the chain and replace them with words of extraneous sources. A collision when choosing a CS is a situation in which, in addition to a chain of legal CSs, an alternative chain will be formed in which CS issued by an extraneous source can be mistaken for CS issued by a legal source. The simplest collision, when 2 chains are formed during the execution of the algorithm for selecting the CS from the buffer, is shown in FIG. 3 where

- CS of the legal source, j (1) -j (M) - numbers under which 1-e ... M - e CS of the legal source were written to the buffer, e - number of the tier at which the collision occurred,

is the word of the extraneous source, p is the number under which the extraneous word entered the buffer.

Such a collision may occur if the following conditions are true:

;

;

where k = (e + 1) ... M;

j (e-1) <p <j (e + 1).

In this case, the result of the operation of the algorithm for choosing the KS from the buffer will be two chains of KS:

;- first (correct) -

;

.- second (false) -

.

It should be noted that the words received by the receiver are not considered separately, but only as an integral part of the chain of M words. Therefore, both chains have every reason to be identified as issued by a legal source. Therefore, if the algorithm has identified two or more competing message chains, the source must retransmit the entire pool of CSs. In the event that only one chain of CSs is identified, these messages will be accepted as messages issued by a legal source.

In FIG. 4 presents one of the possible options for a functional diagram of a device that implements the proposed method. Dashed lines indicate information signals, and solid lines indicate data signals. The device contains blocks 1 for setting initial parameters, block 2 for checking incoming CSs for given parameters, block 3 for combining CSs in a pool, block 4 for calculating an imitation console CS, block 5 for performing conversions over CSs, block 6 for sending converted CSs to a receiver, block 7 for analyzing received CSs, a control unit 8 for recording the CS in the buffer, a block 9 for storing the received CS, a block 10 for analyzing additional parameters of the CS, a block 11 for calculating and comparing simulators of the CS, a control unit 12, a block 13 for storing a chain of legal CSs, and a transmission unit 14 for legal CSs.

The device operates as follows.

In preparation for the transfer of the pool of control words, it is necessary to perform a series of transformations on each control word. To perform these transformations, the following parameters are set in blocks 1 for setting the initial parameters:

- the pool size of the COP;

- the number of bits of an imitation set-top box;

- the number of bits of the informative part;

- a secret word known to both the source and the receiver.

In block 2 of checking incoming CS for the given parameters, the length of each incoming CS is checked for compliance with the size of the informative part, which is set in the previous block 1 for setting the initial parameters. If the length of the incoming CS is greater than the established size of the informative part, an information signal is generated about the inadmissibility of the transmission of such a control word. If the length of the incoming command word is less than the size of the informative part, such quantity 0 is added to such a command word on the left that it is necessary for the length of the incoming CS to become equal to the established size of the informative part. In block 3, combining CSs into a pool, incoming CSs are buffered and combined into a pool to be able to calculate an imitation prefix of a control word, which depends on the informative parts of the CS preceding this word in the pool. In block 4, the calculation of the prefix of the KS for each KS is computed imitoner in accordance with a pre-selected function F _hash . The obtained imitation prefix of each CS, firstly, is appended to the corresponding CS, and secondly, it is written to the memory of block 4 for calculating the imitation STB of the CS for calculating with its help the imbalance of the next CS so that the imitation of each command word depends on the contents of the previous ones in the pool command words as described above. After each KS is appended with the corresponding prefix, the specified KS is sent back to block 3 of the KS association in the pool. After the process of forming all the CS imitation prefixes and obtaining the last KS pool pool from the KS imitation prefix calculation unit 4, the unit of combining the KS in the pool to each KS adds a sequence of bits, which is the serial number of the KS in the KS pool.

In the block 5 for performing transformations over the CS, each CS arriving at this block is subjected to the above transformations F _A (B, A), F _B (A, B) and F _C (B, A) in order to exclude the transmission of the CS in the clear. Block 6 sending the converted CS to the receiver after receiving the pool, the CS sends the first CS to the receiver, after which it goes into standby mode for a request from the receiver to send the next CS. At the end of the transfer of the last CS from the pool, this block generates a stop word, the dimension of which is equal to the dimension of a simple CS, and consisting of 0, the receipt of which will inform the receiver that all the CSs have been transmitted.

и

с целью получения исходного КС, после чего блок 7 анализа принятых КС переходит в режим ожидания запроса следующего принятого КС от блока 8 управления записью КС в буфер. Полученное КС отправляется в блок 8 управления записью КС в буфер, который вычисляет порядковый номер КС j с начала текущего пула. Данный процесс происходит путем увеличения счетчика на единицу после поступления каждого последующего КС. Указанный номер записывается в конец КС с целью его последующего анализа при построении цепочки КС, выданных легальным источником. После выполнения указанных действий блок 8 управления записью КС в буфер определяет, подходит ли данное КС под условие записи КС в блок 9 хранения принятых КС и, если подходит, то на какой ярус необходимо поместить данное КС. Под условием записи КС в буфер понимается следующее условие, которое уже было описано выше:Block 7 analysis of the received KS after receiving each KS from block 6 sending the converted KS to the receiver stores the received KS in the internal storage device (RAM), and then sends a request to block 6 sending the converted KS to the receiver to transmit the next KS from the pool of KS. This process continues until the analysis unit 7 of the received CS receives a stop word. After the end of the process of receiving and transmitting the entire pool of CSs and storing the received CSs in the internal RAM, the analysis unit 7 of the received CSs from the internal RAM selects the first received CS, on which it performs the conversions F _A (B, A),

and

in order to obtain the original CS, after which the received CS analysis unit 7 switches to the standby mode of the request for the next received CS from the CS recording control unit 8 to the buffer. The resulting CS is sent to the CS recording control unit 8 in the buffer, which calculates the serial number of the CS j from the beginning of the current pool. This process occurs by increasing the counter by one after the receipt of each subsequent COP. The indicated number is written to the end of the CS for the purpose of its subsequent analysis when constructing the chain of CS issued by a legal source. After performing these steps, the control unit 8 for recording the CS in the buffer determines whether the CS is suitable for recording the CS in the storage block 9 for the received CSs and, if appropriate, on which tier it is necessary to place this CS. Under the condition of writing the COP to the buffer is understood the following condition, which has already been described above:

If the CS serial number is less than or equal to the maximum tier of the received CS storage unit plus one, this CS is written to the buffer. Otherwise, the failed CA will be ignored. After writing to the block 9 for storing the received KS or ignoring the KS, the control unit 8 for recording the KS in the buffer sends to the block 7 for analysis of the received KS a signal of readiness to process the next KS.

Block 7 analysis of the received KS and block 8 control write KS in the buffer work according to the above algorithm until all the KS recorded in the internal RAM are processed. In this case, the received CS analysis unit 7 sends a signal to the control unit 12 that all the CSs have been received, and the received CS storage unit 9 contains all the received CSs that satisfy the condition of writing command words to the buffer.

The control unit 12, after receiving a signal from the received CS analysis unit 7, selects a pair of command words from the received CS storage unit 9 and sends them for verification to the additional CS parameters analysis unit 10, remembering the numbers of the CS tiers from the pair and their serial numbers on the tier. The general algorithm for selecting a pair of checked KS by the control unit 12 is shown in FIG. 5. The result of the implementation of this algorithm will be a complete enumeration of all the SCs located in block 9 of the storage of the received SCs. Block 10 analysis of additional parameters of the CS, having received a pair of CS, compares their serial numbers j relative to the beginning of the pool, which were calculated in block 8 of the control write the CS in the buffer. This check is performed in order to prevent unnecessary calculations of imitation prefixes and the appearance of chains that can be accepted by the receiver as legal, but contain deliberately false CSs. A legal CS located on the i-th tier cannot have a sequence number relative to the beginning of the pool j more than a legal word located on the tier (i + 1). Otherwise, one of the COP is not legal. If the compared serial numbers do not pass the verification, the block 10 of the additional parameters analysis of the CS sends a signal to the control unit 12 that it is ready to receive a new pair of CS, which is selected according to the above algorithm. If the CS serial numbers satisfy the verification conditions, this pair of CSs is sent to the block 11 for calculating and comparing the simulators of the CS. Block 11 of the calculation and comparison of the imitations of the KS, receiving a pair of KS, calculates their imitations of the prefix according to the inverse algorithm in block 4 of the calculation of the imitations of the KS for each KS, and compares their dependencies from one to the other. In the event that the set-top boxes do not satisfy the verification conditions, the CS calculation and comparison unit 11 sends a signal to the control unit 12 to transmit the next pair of CS. If, however, the prefixes met the verification conditions, a signal is sent to the control unit 12 that the checked КС can be considered legal. It is worth noting that if during testing on a single tier there are at least two CSs that the CS calculates and compares and compares comparison unit 11 is considered legal, a signal about collision detection will be sent to control unit 12, which in turn will signal that the pool must be retransmitted The cop. Upon receipt of a signal that the words being checked can be considered legal, block 12 writes to the internal coordinates the “coordinates” of command words, that is, the tier of the CS and its serial number on the tier for further construction of the chain of legal words.

After the above algorithm has been completed and the last pair of SCs has passed through the block 11 for calculating and comparing simulated STBs in the control unit 12, the “coordinates” of all legal SCs will be contained in the memory. The control unit 12, in accordance with these “coordinates”, selects legal KS from the storage unit 9 of the received KS and sends them to the storage unit 13 of the chain of legal KS. After successfully filling in the block 13 for storing the chain of legal SCs, the control unit 12 sends a signal to the block 14 for transmitting legal SCs that the chain has been successfully built. Upon receipt of such a signal, the legal KS transmission unit 14 accesses the legal KS chain storage unit 13 and reads one KS from it. Block 14 transfer legal KS after receiving the KS extracts from it the informative part, that is, the command itself, and sends it to the destination device. This algorithm is repeated until all CSs from block 13 of the chain of legal CSs have been read and sent.

Claims (1)

A method for determining the authenticity of transmitted command words, which consists in transmitting command words, consisting of the informative part and the generated prefix, in a protected form, converted in accordance with the secret word known to both the sender and the recipient, in order to prevent unauthorized access to transmitted command words and reception of command words by hardware of computer technology and unambiguous determination by checking Among the total number of received command words of those command words that are issued by a legal source, the symbols of the generated prefixes, characterized in that the transmitted command words are grouped into a pool on the sender’s side, and the imprint prefix of each command word, depending on the content of the informative parts, is calculated in accordance with a predetermined hash function of all command words in the pool preceding the command word for which an imitation prefix is formed, each command word is assigned an ordinal n omer in the pool, by performing an irreversible conversion on the sequence number of the control word in the pool in accordance with the secret word known to both the sender and the recipient, an intermediate sequence is obtained whose length is equal to the length of the sequence number by performing a reversible conversion on the control word in accordance with the received intermediate sequence receive the converted control word, by performing a reversible conversion on the sequence number of the control word in the pool in accordance Together with the converted command word, the converted command word number in the pool is received, after which each received converted command word is supplemented with the converted serial number corresponding to the given command word, sequentially, starting from the first command word in the pool, one message is received resulting from concatenation the converted command word and its converted serial number in the pool, in the receiver, in the receiver, in turn, are stored in the internal opera In an active memory device, all received messages, starting from the first and ending with the last message in the pool, and after the receiver allocates from each received message, firstly, the sequence number of the control word in the pool by performing the conversion, the inverse of the last conversion performed on the sender side, over the received converted command word in accordance with the received converted serial number of the command word in the pool, and secondly, the informative part of the command word and imitoprist Avki by first performing an irreversible conversion that fully corresponds to the irreversible conversion performed on the sender’s side over the command word in the pool just allocated by the receiver in accordance with the secret word known to both the sender and the receiver, receiving an intermediate sequence whose length is equal to the length of the ordinal the number of the control word in the pool, then the conversion, the inverse of the second completed conversion on the sender side, over the received conversion with this command word in accordance with the received intermediate sequence, assign each received command word its serial number upon receipt, after which of all the command words received by the receiver based on a comparison of the values of imitation prefixes, the value of the serial number of the command word in the pool of command words and the value of the serial number upon receipt choose an ordered set of command words equal in power to the number of command words in the pool, for each of which check and the condition for the match of the command prefix and the command prefix formed from the previous command words of the set, and an increase in the number of the command word in the pool of command words by each subsequent command word of the set, and if after checking that all the above conditions are met, only one is a set, then it is it is recognized by the receiver as a pool of command words transmitted by the sender, otherwise, if you receive a number of these sets that is different from one, we fix error data and send a request for retransmission of the entire pool of command words.

Images