APPARATUS. SYSTEM AND METHOD FOR VALIDATING INTEGRITY" OF TRANSMITTED DATA
BACKGROUND OF THE INVENTION
The invention relates in general to communication systems and more specifically to methods and systems for validating the integrity of transmitted data.
Conventional cora-nui-ication systems utilize encryption or encϊpheπnent techniques for several purposes including authentication, key distribution, secure data transmissions and non-repudiation. Data is often encrypted using a key, transmitted through a communication channel, and decrypted (deciphered) at a receiver using another key. Encryption provides security by using an encryption code to mask the data contained in a transmission. A decryption code is used at the receiving end to decode or decrypt the transmitted message to obtain the original data. The decryption code used at the receiving end, however, must be applied to the incoming transmitted data stream in an appropriate timing and order. If the decryption code is n t synchronized to the encryption code, the data cannot be decrypted properly. In order to maintain accurate reception of data, techniques are used to detect an out-of-synchronization situation where the system determines that the decryption code is not properly being applied to the incoming data. Although encryption methods may provide for secrecy for the transmitted data by requiring a key to decode the message,, encryption does not necessarily prevent tampering of the data by third parties. Further, encryption does not always provide an indication that the data
has not been received as transmitted. For many encryption schemes, the integrity of the transmitted data must be validated using an additional mechanism or process.
Message digests are used to secure the integrity of data but do not typically provide secrecy- Message digest methods allow a communication system to determine whether a data in a transmitted message has been manipulated or corrupted, either intentionally by an unscrupulous party or due to system errors. In one such message digest method, a hash function is applied to a bit string allowing a message digest, also known as checksum, to be calculated based on the bit string. A checksum or message digest is data used for error checking. The checksum is calculated by the sending computer based on an algorithm that counts bits going out in a packet. The check digit is attached as a tail to the packet. As the packet is received, the receiving computer applies the same algorithm and if the calculated check digit is the same as the one received, the transmission is determined to be successful. In addition to corruption and tampering, a mismatch may indicate that the message digest has been applied incorrectly. For example, a mismatch will occur if the encryption codes are not synchronized.
Conventional systems do not utilize transmission bandwidth efficiently to provide out-of-synchronization and data integrity detection. In many communication systems, transmission bandwidth is inefficiently used by transmitting synchronization information through the communication channel. In these systems, the level of integrity of the data increases with the use of bandwidth. In other words, larger or
longer message digests result in more robust systems at the cost of valuable bandwidth.
SUMMARY OF THE INVENTION
What is needed in the art is a system and method of mimmizing the use of bandwidth to provide data integrity validation. The present invention provides a system an method of using a minimal amount of bandwidth in data integrity validatton.
In an exemplary embodiment of the invention, the integrity of transmitted data is validated using a truncated message digest value included in selected data packets. A message digest value is calculated for a selected set of data and truncated to form a truncated message digest value. The truncated message digest value is appended to an encrypted form of the selected data set to form an encrypted data packet. Accordingly, only some of the encrypted data packets include a truncated message digest value corresponding to the data payload within the data packet. In the exemplary embodiment, however, a message digest value is calculated for every data packet although only selected packets include the truncated message digest value.
The encrypted data packets are received at the receiver where the truncated message digest values are extracted from the selected data packets to separate the encrypted data from the received truncated message digest values. The encrypted data is decrypted to produce raw data that is used to calculate a local message digest value. The calculated local message digest value is truncated and compared to the received truncated message digest value. If the values are not equal, an error is detected and the system is reset. Losses in synchronization of
the stream cipher and cryptographical attacks are detected by observing the periodically transmitted cryptographic message digest values. BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a block diagram of a communication system in accordance with an exemplary embodiment of the invention.
Fig.2 is a block diagram of a transmitter in accordance with the exemplary embodiment of the invention.
Fig. 3 is a block diagram of a receiver in accordance with the exemplary embodiment of the invention. Fig.4 is a flow chart f a method of transmitting a signal in accordance with the exemplary embodiment of the invention.
Fig.5 is a flow chart of a method of receiving a signal in accordance with the exemplary embodiment of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
As discussed above, conventional communication systems employ inefficient encryption schemes that waste bandwidth to validate the integrity of the received data. The validation is important to detect tampering, loss of cryptographic synchronization and other transmission errors. Throughout this disclosure, the terms "'checksum" and "message digest" are used interchangeably. In the exemplary embodiment of the present invention, a truncated checksum called a "message digest value" is periodically transmitted with only selected data packets, minimizing the bandwidth utilized for synchronization and validation. Bandwidth efficiencies are gained by sending a smaller truncated version of a larger message digest while data integrity is maintained by using the complete message digest string for
calculations. By transmitting a value (such as a truncated message digest value) representing the message digest less frequently than the rate of packet transmission, bandwidth use is further reduced.
Fig. 1 is a block diagram of communication system 100 suitable for implementing the exemplary embodiment of the invention. The communication system 100 is a fixed wireless system providing communication services to subscriber premises through a communication channel 102. A base Station 104 includes a transmitter 106 and a receiver 108 in addition to other circuitry, hardware and software (not shown) required to perform the functions described herein. A remote unit 110 located at the subscriber premises includes a receiver 112 for receiving signals transmitted from the transmitter 106 in the base station 104 and a transmitter 114 for transmittmg signals to the receiver 108 at the base station 104- The communication system 100 may include several remote units 110 and may have any one of a variety of configurations. As discussed below in further detail, data to be received by the remote unit 110 is encrypted in the base station 104 and transmitted through a wireless communication channel 102. Although the communication system 100 is a fixed wireless system in the exemplary embodiment, those skilled in the art will recognize that the teachings herein can be applied to Other types of communication systems and the present invention is not limited to wireless systems or wireless communication channels.
In addition to analog circuitry 116 such as antennas, amplifiers, mixers, control circuits and other components, the transmitter 106 within the base station 104 includes a controller 118 such as a processor, microprocessor or any other processor arrangement.
Software code running on the controller 1 IS facilitates the overall functionality of the transmitter 106 in addition to the encryption and transmission functions described herein. As is known, circuitry within the transmitter 106 may be implemented as part of the receiver 108, The controller 118, for example, may facilitate the operation of the receiver 108 in the base station 104. In the exemplary embodiment, data is transmitted from the base station 104 to the remote units 110 on the forward communication channel and from the remote units 110 to the base station 104 on the reverse communication channel. Based on the discussion in regard to the transmission of data from the base station 104 to the remote unit 110, those skilled in the art will readily apply the teachings herein to the communication link from the remote unit 110 to the base station 104. Accordingly, in the interest of brevity, the discussion below j$ limited to the forward communication link from the base station 104 to the remote unit 110.
The receiver 112 in the remote unit 110 includes a controller 120 in addition to analog circuitry 122 such as antennas, amplifiers, mixers, control circuits and other components. The controller 120 may be a processor, microprocessor or any other processor arrangement or combination suitable for running software code that facilitates the overall functionality of the remote unit 110 in addition to the decryption and receiver functions described herein. The controller 120, for example, may facilitate the operation of the transmitter 114 in addition to other tasks in the remote unit 110. FIG. 2 is a pictorial representation of a data flow of the data integrity validation process performed in the transmitter 106. In the exemplary embodiment, a similar procedure is performed at the remote
unit 110 for data 202 that is transmitted from the remote unit 110 to the base station 104. As discussed above, the encryption and data integrity validation techniques can be applied to a variety of communication and data systems. The data validation process utilizes a message digest generator 204 and an encryption engine 206. Although in the exemplary embodiment the encryption and validation functions are performed using software code running on the controller, the various functional blocks described below may be implemented either solely in or in any combination of hardware, software, or firmware. As described below in further detail, data 202 to be transmitted from the transmitter 106 to the receiver 112 is received by an encryption engine 206 and a message digest generator 204. The encryption engine 206 encrypts the data 202 using a forward cipher key 208 to produce an encrypted payload portion 210 of an encrypted data packet 212. The message digest generator 204 creates a current message digest value 214 using the data 202, a previous message digest value 216 calculated for a previous set of data 202 and a message digest key 218. The current message digest value 214 is truncated to produce a truncated message digest value 220 that is appended to the encrypted payload 210 of selected encr ted data packets 212. A high level of data integrity is maintained since the current 214 and previous message digest values 216 are maintained as sufficiently long hash values while the bandwidth used for data integrity validation is minimized by sending only a portion of the current message digest value 214 for each packet. Bandwidth use is further reduced by sending the truncated message digest value 220 periodically with only selected packets.
The data 202 to be transmitted from the base station 104 to the remote unit 110 may include a variety of information or control messages and is received by the encryption process as a continuous bit stream in the exemplary embodiment. The data 202, however, may be received in a variety of formats. For example, the raw data 202 may be arranged into packets or may include some level of error correction. The same data is forwarded to the encryption engine 206 and the message digest generator 204.
In the exemplary embodiment, the encryption engine 206 uses RC4 cipher stream encryption techniques to apply a forward cipher key 208 to incoming data 202 to produce the encrypted payload 210 for an encrypted data packet 212. The encryption engine 206, however, may use any other suitable stream cipher or block cipher encryption technique. Examples of other cipher stream techniques include exclusϊve-or or modular addition with the output of a linear feedback shift register and block ciphers used in an output feedback mode or counter mode. Although many block cipher techniques may have some level of data integrity validation inherit to the block cipher encryption scheme, the present invention may be utilized with block ciphers that may or may not have additional or inherent data validation mechanisms. Examples of suitable block ciphers include DES, 3DES, IDEA, Skipjack, FEAL, and AES.
The message digest generator 204 performs a hash function in accordance with MD5 techniques using the data 202, a previous message digest value 216 and a message digest key 218. As is known, the MD5 message digest technique provides a one-way hash function using an algorithm. A current message digest value 214 is produced by
manipulating the incoming data 202 to form a fixed string of digits defining a message digest 214. The message digest 214 is used as a checksum to validate data 202. Other types of hash functions may be used to provide a hash value representing the data 202. Examples of other suitable hash functions include SHA-1, MD4, and RIPEM . Due to increasing speeds of computers and the efforts of unscrupulous individuals, many current security techniques may not provide the same level of security in the future- Accordingly, new message digest techniques are continually being developed to maintain a desired level of security. Those skilled in the art will recognize that the message digest generator 204 and the encryption engine 206 may utilize algorithms and techniques not yet developed in other embodiments of the invention. In the exemplary embodiment, the message digest generator 204 performs the appropriate calculations using the complete bit strings representing the current message digest value 14 and the previous message digest value 216 although a truncated version 220 is used in the encrypted data packet 212.
In the exemplary embodiment, a message digest key 218 is used at the transmitter 114 and the receiver 108 to generate the current message digest 214. The message digest key 218 may be generated and communicated to the receiver 108 using any one of several known techniques. For example, the message digest key 218 may be chosen at the beginning of the communication session, as part of a session establishment procedure. Also, the message digest key 218 may be established and implemented within the various devices of the system 100 at the time of manufacturing, installation or service initialization. If a message digest key is chosen at the transmitter, the message digest
key 218 is sent to the receiver 108 using a secure channel. For example, a series of message digest keys 218 may be locally stored at the base station 104 and remote unit 110 at the time of installation of the system. Further, the message digest key 218 may be transmitted to the receiver 108 through a secure wireless communication channel 102 using encryption and other forms of security techniques.
The current message digest 214 is calculated using a previous digest message value 216 calculated for a previous set of data 202. In the exemplary embodiment, the previous message digest 216 used for calculating the current message digest 1 is the message digest 214 immediately preceding the current message digest 214. The previous message digest 216, however, may be a predetermined number of values preceding the current value and may be a dynamically varying number of values preceding the current value. Since the system continually calculates current message digests 214 based on the previous message digest 216, each message digest may be inherently based on any number of previous message digests 216. For example, if the communication system 100 is operating for a relatively long time without an error, the current message digest 214 will be based on a large number of previous message digests 216, If, on the other hand, the system is reset, the current value will not be based on any previous message digests 216. As the system continues to transmit additional packets without disruptions (resetting), the current message digest 214 in use is inherently based on an mcreasing number of previous message digests 216.
Other data may be used to calculate the message digest 14, in addition to the parameters discussed above. Additional suitable
parameters and data include unique packet numbers identifying each packet and channel identifier tokens identifying packets as belonging to a session. Those skilled in the art will recognize other parameters that may be used for calculating the message digests and the modifications and combinations to the data to provide the desired message digest calculation scheme,
A message digest table 224 includes at least the previous message digest 16 and may store any number of previous message digests 216. As new current message digests 214 are calculated, the message digests ( 14, 16) are stacked within the message digest table 224 in accordance with known techniques-
The current message digest 214 produced by the message digest generator 204 is truncated by the truncator 222. In the exemplary embodiment, the truncator 222 forms a truncated message digest value 220 by extracting the first four bytes of the current message digest 214. Those skilled in the art will recognize that other techniques may be used to form a truncated version 220 of the current message digest 214. A compression scheme, for example, may be used to form a shorter version of the current message digest 214. For example, a cyclic redundancy checksum (CRC) can be used to form the truncated message digest value 220.
The truncated message digest value 220 is appended to a selected payload to form an encrypted data packet 212. The truncated message digest value 220 is illustrated using dashed lines to illustrate that the truncated message digest value 220 is not incorporated in every encrypted data packet 212. In other words, some of the encrypted data packets 212 do not include the truncated message digest value 220 and
comprise only the encrypted payload 210 and possibly message information or control data 202, The truncated message digest values 220, therefore, ate included periodically with the selected packets. In the exemplary embodiment, the truncated message digest value 220 is 5 included every 10 data packets. The truncated message digest value 220, however, may be included at different frequencies or patterns dependent on the particular communication system 100. The frequency at which the truncated message digest value 220 is included in the encrypted data packets 212 is dependent on the amount of bandwidth
I o available for data integrity vaUdation and the maximum delay allowed for determining that the integrity of the data 202 has been compromised. Further, the number of selected packets 212 that include the truncated message digest value 220 may be determined dynamically, allowing for an increased number of packets 212 to
15 include the truncated message digest value 220 at times of increased validation and less at other times.
Although in the exemplary embodiment the current message digest 214 is truncated, the current message digest 214 may be periodically transmitted with selected packets without truncation. Such 0 an embodiment allows limited reduction in bandwidth.
The encrypted data packets 212 are transmitted by the transmitter 106 through the communication channels 102 using the appropriate circuitry within the transmitter 106 in accordance with known techniques. 5 FIG. 3 is pictorial representation of a data flow of the data validation and decryption processes performed in the receiver 112. As discussed above, the decryption and data integrity validation techniques
can be applied to a variety of communication and data systems. The data integrity validation process utilizes a message digest generator 304 and a decryption engine 306. Although in the exemplary embodiment the receiver data 302 validation functions are performed using software code running on the controller 120 within the receiver 112, the various functional blocks described below may be implemented either solely in or in any combination of hardware, software, or firmware-
The encrypted data packet 212 is received through the communication channel 102 using the appropriate circuitry 120, 122 in the receiver 112 and in accordance with known techniques. A message digest extractor 30S extracts the truncated message digest value 220 from the selected received data packet 212 that includes the truncated message digest value 220. As explained above, in the exemplary embodiment, only selected data packets 212 include the truncated message digest value 220. The message digest extractor 308 removes the first four bytes of the encrypted data packet 212 to separate the received truncated message digest value 220 from the encrypted payload 210.
The encrypted data payload 210 is decrypted in the decryption engine 306 using the forward cipher key 208 in accordance with known techniques. In the exemplary embodiment, the decryption engine 306 is a RC4 process compatible with the encryption engine 206 in the transmitter 106.
The message digest generator 304 calculates a current local message digest 314 based on the decrypted data 302, the message digest key 218 and a previous local message digest 316. The message igest generator 304 operates as described above in reference to the
message digest generator 204 in the transmitter 106 and produces identical message digests 314 as the message digest generator 206 in the transmitter 106 for the same input values.
The local message digests 314, 316 are maintained in a message digest table 312 that includes at least a complete string representation of the previous local message digest 316 and a complete string representation of the current local message digest 314. A truncator 322 similar to the truncator 222 discussed above, truncates the current local message digest 314 to form a truncated local message digest 320. The truncated local message digest value 320 is compared to the received truncated message digest value 220 in the message digest ©valuator 310, If the two values are identical, no adjustment is made and the system is allowed to continue to operate. If, however, the message digest evaluator 310 determines that the local truncated message digest value 320 does not match the received truncated message digest value 220, an alert is produced by the message digest evaluator 310 indicating tihat the integrity of the data 302 has been compromised. In response to the alert, the data 304 is discarded and the system 100 is reset by instructing the transmitter 106 to begin the encryption processes at a predetermined location within the crypto code stream. A mismatch between the message digest values 220, 20 may result from a loss of synchronization of the crypto streams used at the transmitter 106 and receiver 112, an intentional manipulation by a third party, or transmission errors due to events at the transmitter 106, receiver 212 or within the communication channel 102. By identifying a mismatch, therefore, the system 100 corrects for any of the above
disturbances in the communication link between the transmitter 106 and the receiver 112 by resetting the crypto code stream.
FIG.4 is a flowchart of the method for validating the integrity of transmitted data 202 performed in the transmitter 106. In the exemplary embodiment of the invention, the encryption and validation functions performed at the sending end of the communication system 100 are implemented using software code running on a processor within the transmitter 106. Other techniques, however, may be used to perform the methods described in FIG.4 and the systems of FIGS. 2 and 3. The functions, for example, may be implemented using hardware, software, firmware or other combinations of s riilar techniques. At step 402, the message digest generator 204 retrieves the previous message digest 216 calculated for the last payload 210 of data 202 within the previously transmitted data packet 212. The message digests 214, 216 are maintained within the message digest table 224 as described above and are easily accessible by the process performing the message digest generation. If the data validation system has been reset, no previous value will be retrieved. A default previous value can be used for the previous value when the system is reset At step 404, the message digest generator 204 calculates a current message digest 214 based on data 202 to be transmitted, a message digest key 218, and the previous message digest 216, The data 202 includes a fixed number of bits for transmitting within an encrypted data packet 212. The message digest algorithm processes and manipulates the data 202 using the previous message digest 216 and the message digest key 218 in accordance with known techniques. As described above, the message digest generator 204 utilizes the MD5
technique for producing the current message digest 214 in the exemplary embodiment.
At step 406, the current message digest 214 is truncated to form a truncated message digest value 220. In the exemplary embodiment, tliis first of the four bits of the bit stream are retained as the truncated message digest value 220. Other methods, however, for truncating the current message digest 214 to a shortened form may be used. Other bits in the bit stream may be retained as the truncated message digest value 220. For example, rather than the first four bits, the four bits at the end of the bit stream may be retained as the truncated message digest value 220.
At step 408, the data is encrypted to produce an encrypted payload 210, A forward cipher key 208 is used to encrypt the same raw data 202 used to generate the current message digest 214 at step 404. Although in the exemplary embodiment RC4 techniques are used to encrypt the data 202, other techniques may be implemented to perform the encryption process as described above.
At step 410, an encrypted data packet 212 is formed by appending the truncated message digest value 220 to the encrypted payload 210. In the exemplary embodiment, the truncated message digest 220 is attached to the encrypted payload as a prefix. Other methods, however, may be used to combine the two values. For example, the truncated message digest value 220 may be added as a suffix, or within a predetermined location within the encrypted data string of the encrypted payload 210. Further, in other embodiments the trancated message digest value 220 may be distributed at multiple locations within the encrypted data packet 212. In the exemplary
embodiment, only selected packets are used to form encrypted data packets 212 that include a current message digest 214. For example, every tenth data packet includes the current message digest 214. At step 412, the encrypted data packet 212 is transmitted
5 through the communication system 100 to the remote unit. The encrypted data packet 212 is modulated, amplified and transmitted through the communication channel 102 in accordance with known techniques and components,
FIG. 5 is a flow chart of a method performed at the receiver 112 o of validating received data 302 transmitted through the communication channel 102.
At step 502, an encrypted data packet 212 is received at the receiver 112. The encrypted data packet 212 is transmitted from the transmitter 106 in the base station 104 through the coj-omunicalion 5 channel 102 and includes at least an encrypted payload 21 . If the encrypted data packet 212 is one of the selected data packets, the encrypted data packet 212 also includes a truncated message digest value 320.
At step 504, the truncated message digest value 320 is extracted 0 rom the encrypted data packet 212 to separate the truncated message digest value 320 from the encrypted payload 10. In the exemplary embodiment, the truncated message digest value 320 is extracted by removing the first four bytes from the data string representing the encrypted data packet 212. 5 At step 506, the encrypted payload 210 is decrypted to produce the received data 302. If the received data 302 is received without error, the received data 302 will be identical to the data 202 that was
transmitted by the t-ransmitter 106 as discussed above. Otherwise, the received data 302 will be different from the data 202. In the exemplary embodiment, a forward cipher key 208 is used to decrypt the data in accordance with known techniques. As discussed above, a decryption engine 306 complementing the encryption engine 206 decrypts the encrypted payload 210 to produce the data 302.
At step 508, the message digest generator 304 retrieves the previous local message digest 316 calculated at the receiver 112 for the previous encrypted data packet 212. The message digest table 312 maintains a record of the previously calculated message digests 216 in accordance with known techniques and allows access to the message digest generator process.
At step 510, a current local message digest 314 is calculated using the message digest key 218, the data 302 and the previous local igest 316. The message digest algorithm processes and manipulates the data 302 using the previous local message digest 316 and the message digest key 21S in accordance with known techniques. As described above, the message digest generator utilizes the MD5 technique for producing the local message digest 314 in the exemplary embodiment.
At step 512, the local message digest 314 is truncated to form a truncated local message digest value 320. The truncator performs the same process as the truncator in the transmitter to form a smaller representation of the local message digest value 320. In the exemplary embodiment, the first four bits of the local message digest 314 are retained as the truncated local message digest value 320. As discussed above, other methods for reducing the size of the current message
digest 314 may be used, including the last four bits of the message digest 314.
At step 514, the truncated local message digest value 320 is compared to the truncated message digest value 220 received in the encrypted data packet 2Ϊ2. The message digest evaluator 310 utilises known techniques to compare the two strings representing the truncated message digest values.
At step 516, it is determined whether the message digest values match. If the values match, the system continues operating without interruption and returns to step 502 where another encrypted data packet 212 is received. If however, the truncated locally calculated message digest value 320 does not match the truncated message digest value 220 received within the encrypted data packet 212, the process continues at step 518. At step 518, the process generates an alert message notifying the system 100 that the data 302 received is not valid. The crypto system may be reset using any one of various techniques. One example includes directing the lower layer to hang up from the crypto layer and informing the upper layer that the commumcation link has been compromised. Those skilled in the art will recognize the variations and modifications to this example and form other techniques for resetting the system. For example, the single step of directing the lower layer to end the call can be used. After step 518, the process returns to step 502 to receive another encrypted data packet 212- Therefore, in the exemplary embodiment, the transmitter 106 calculates message digest 214 for an encrypted payload 210 of selected encrypted data packets 212 using a previous message digest 216. The
message digest 214 is truncated and appended to the encrypted payload
210 to form the encrypted data packet 212.
At the receiver, the encrypted data packet 12 is received and separated into the encrypted payload 10 and the received truncated message digest value 220. The encrypted payload 210 is decrypted to produce the received data 302. The same message digest generator algorithm as used in the transmitter is applied to the received data 302 using the previous local message digest 316 and the message digest key 18. The resulting local message digest 314 is truncated and compared to the received truncated message digest 220. If the values do not match, the data is considered to be corrupted and is discarded. The system 100 is reset and the next encrypted data packet 212 is received. The bandwidth used for data integrity validation is significantly reduced by transmitting a truncated message digest value rather than a fidl-length string of the message digest The use of bandwidth is further πi-jiimized by transmitting the truncated message digest value with only a limited number of encrypted data packets 212.
Clearly, other embodiments and modifications of this invention will occur readily to those of ordinary skill in the art in view of these teachings. Therefore, this invention is to be limited only by following claims, which include all such embodiments and modifications when viewed in conjunction with the above specification and accompanying drawings.