WO2006064410A1 - Method and device for securing handover between wwan and wlan - Google Patents

Method and device for securing handover between wwan and wlan Download PDF

Info

Publication number
WO2006064410A1
WO2006064410A1 PCT/IB2005/054091 IB2005054091W WO2006064410A1 WO 2006064410 A1 WO2006064410 A1 WO 2006064410A1 IB 2005054091 W IB2005054091 W IB 2005054091W WO 2006064410 A1 WO2006064410 A1 WO 2006064410A1
Authority
WO
WIPO (PCT)
Prior art keywords
base information
key
information
generating
communication
Prior art date
Application number
PCT/IB2005/054091
Other languages
French (fr)
Inventor
Bo Liu
Xiaoling Shao
Xiaohui Jin
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2006064410A1 publication Critical patent/WO2006064410A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • H04W36/144Reselecting a network or an air interface over a different radio air interface technology
    • H04W36/1446Reselecting a network or an air interface over a different radio air interface technology wherein at least one of the networks is unlicensed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates generally to a communication network technique, and more particularly, to a method and device for securing handover between WWAN and WLAN.
  • Wireless Local Area Network is a flexible data communication system, and generally deployed at so-called hotspots such as airports and hotels, to provide data transmission services. People can use wireless terminals, such as mobile phones or laptops, to access to the network resources in a WLAN in wireless access way, and access the resources on Internet connected to the WLAN.
  • Wireless Wide Area Network is a communication system with broader coverage range, and deployed to provide voice and data services to people.
  • GSM Global System for Mobile Communication
  • GSM General Packet Radio
  • WWAN provides voice service while WLAN provides data service.
  • WLAN provides data service.
  • IP-based VoIP is also becoming a new spotlight in WLAN.
  • Fig. l is a schematic diagram showing the conventional application of WLAN and WWAN, wherein a WWAN service area and a WLAN service area may be overlaid or may not, as shown in Fig.l.
  • a mobile user outside the WLAN service area performs voice communication through the WWAN service
  • the mobile user enters into a WLAN service area due to the change of its location if both communicating users are in the WLAN service area, neither of the communication charges for the two users can be reduced if the WWAN service is still adopted at that time.
  • WLAN service is then switched back to WWAN service, to guarantee the proceeding of the communication.
  • a communication method and device for handover between WWAN and WLAN is disclosed in the patent application filed by KONINKLIJKE PHILIPS ELECTRONICS N. V. on Sept. 19, 2003, Application Serial No. 03124909.4.
  • the method and device not only seamless roaming can be implemented between WWAN and WLAN, but also the communication charges of the users can be reduced effectively and the network resources for WWAN can be saved as well, and incorporated herein as reference.
  • IETF has released security standard IPSec based on the network layer, which has been applied to firewall and VPN products, for example, so as to enhance network security, but it is a primary problem for network safeguards to have to face that how to make two UEs exchange a set of keys, which is used in subsequent communications securely and reliably before traffic data is transferred.
  • An object of the present invention is to provide a method and device for securing handover between WWAN and WLAN, with which two communicating parties exchange a key mutually through a secure channel before communicating via WLAN to guarantee the security of the data transmission in WLAN.
  • a method to be executed by a UE communicating with another communication device via a first communication network comprising the steps of: detecting whether to be able to communicate with the another communication device via a second communication network; if said second communication network is available, negotiating with the another communication device for base information that is used to generate a key via the first communication network; generating the key based on the negotiated base information according to a predetermined encryption algorithm; sending the information encrypted with the key to the another communication device via the second communication network.
  • a method to be executed by a communication device communicating with another UE via a first communication network comprising the steps of: receiving the candidate base information for generating a key from the another UE; negotiating with the another UE for the base information that is used to generate a key according to the candidate base information; generating the key based on the negotiated base information according to a predetermined encryption algorithm; receiving the encrypted information from the another UE via the second communication network; decrypting the encrypted information with the key.
  • an encryption method for use in communication in accordance with the present invention comprising the steps of: negotiating with the other party of the communication for the base information for generating a key via a communication channel; generating the key based on the negotiated base information according to a predetermined encryption algorithm; sending information encrypted with the key to the other party via another communication channel.
  • a decryption method for use in communication comprising the steps of: receiving the candidate base information for generating a key from the other party via a communication channel; negotiating with the other party for the base information that is used to generate the key according to the candidate base information; generating the key based on the negotiated base information according to a predetermined encryption algorithm; receiving the encrypted information transferred via another communication channel from the other party; decrypting the encrypted information with the key.
  • an encryption device for use in communication in accordance with the present invention, comprising: a negotiating unit, for negotiating with the other party of the communication for the base information that is used to generate a key, via a communication channel; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a sending unit, for sending the information encrypted with the key to the other party via another communication channel.
  • a decryption device for use in communication in accordance with the present invention, comprising: a receiving unit, for receiving the candidate base information for generating a key from the other party via a communication channel; a negotiating unit, for negotiating with the other party for the base information that is used to generate the key according to the candidate base information; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a decrypting unit, for decrypting the encrypted information with the key when the receiving unit receives the encrypted information transferred from the other party via another communication channel.
  • Fig.l illustrates a schematic diagram of a conventional integrated application between WWAN and WLAN
  • Fig.2 illustrates a diagram of a UE with both WWAN interface and WLAN interface, according to an embodiment of the present invention
  • Fig.3 illustrates a flowchart of the method for securing handover between WWAN and WLAN, according to an embodiment of the present invention
  • Fig.4 illustrates a flowchart of the method for securing handover between WWAN and WLAN, according to another embodiment of the present invention
  • Fig.5 illustrates a block diagram of the configurations of the encryption device and the decryption device, according to an embodiment of the present invention.
  • the two communicating parties can exchange parts of base information that is used to generate a key in advance with the help of the relatively stable security performance of WWAN before communicating via WLAN, thus only the two communicating parties can generate the key according to the base information exchanged in advance when switching to WLAN, while the third party eavesdropping the communication via WLAN can't generate the key and thus can't pirate the information transferred via WLAN.
  • Fig.2 illustrates a UE with two radio interfaces as WWAN and WLAN. It's assumed that two users Alice and Bob communicate via WWAN such as cellular network by using the UEs respectively as shown in Fig.2. If Alice and Bob enter a same WLAN coverage area during communication, apparently it's more advantageous for Alice and Bob to communicate via WLAN to save communication charges.
  • step SlO Alice communicating via WWAN
  • step SlO Alice negotiates with Bob via WWAN for the base information that is used to generate a key.
  • Alice sends to Bob via WWAN interface a set of candidate base information, each of which includes a pair of prime numbers p and g to be used in executing Diffie-Hellman encryption algorithm (step S20).
  • step S30 After receiving the set of candidate base information from Alice via WWAN interface, if Bob can use at least one pair of prime numbers p and g therein to execute Diffie-Hellman encryption algorithm, Bob will select a pair of suitable prime numbers p and g as a selection message of feedback and send it to Alice via a WWAN interface (step S30).
  • Alice and Bob After determining the value of the pair of prime numbers p and g to be used in executing Diffie-Hellman encryption algorithm through negotiation, Alice and Bob switch from WWAN to WLAN respectively (step SlOO and S200) and carry out an authentication procedure via the WLAN interface.
  • step S500 Alice calculates with the expression (T B ) A mod p, that is (g B mod p) A mod p, to get a shared key g AB mod p (step S500), and sends the shared key to Bob so as to make sure that the message is from the real user Alice rather than an unauthorized third party who gets the information illegally (step S60); and at UE Bob, Bob calculates with the expression (T A ) B mod p, that is (g A mod p) B mod p, to get a shared key g AB mod p (step S600), and sends the shared key to Alice so as to make sure that the message is from the real user Bob rather than an unauthorized third party who gets the information illegally(step S70).
  • WLAN doesn't know the numerical base g used for exponential operation and the divisor p used for modular operation, thus it's possible to avoid the bucket brigade attack in conventional IPSec protocol when Alice and Bob switch to communicate via
  • the two users can use the shared key to encrypt the information transferred in subsequent traffic communication; or any one of the both parties such as Alice can select a session key and use the shared key to encrypt the session key (step S700), and then send the encrypted session key to Bob (step S80) so that the two parties use the session key to encrypted the information to be transferred in subsequent communication (step S90).
  • Alice and Bob exchange the values of the base information g and p used for generating their respective private key T A and T B in WWAN, and then generate the shared key and the session key with Diffie-Hellman encryption algorithm according to the values g and p predetermined in WLAN, to encrypt the traffic data in subsequent communication.
  • the two communicating parties can switch to WLAN after the shared key and the session key are generated in WWAN, and this procedure is shown in Fig. 4.
  • Alice and Bob not only negotiate with each other to determine the values of the base information g and p used for generating their respective private key T A and T B in WWAN, but also perform the above authentication procedure via WWAN to generate the shared key g AB mod p or the session key.
  • Alice and Bob will encrypt the traffic data to be transferred directly with the shared key g AB mod p or the session key that has been generated in WWAN.
  • Alice and Bob exchange parts of the information for generating the private key through the secure channel in WWAN so as to guarantee the communication security in WLAN.
  • it substantially adopts an enhanced IPSec key exchange procedure.
  • the key for IPSec is negotiated via a secure communication channel and then the information encrypted with the key is transferred via another communication channel.
  • the key exchange method proposed in the present invention optimizes and simplifies the IPSec key generation procedure and guarantees the security of data transmission between two communication parties as well, compared with the conventional method for key negotiation and encrypted information transmission adopting the same communication channel and the conventional method for distributing keys to the two communication parties by using key distribution center.
  • Diffie-Hellman algorithm is taken as an example to describe the key exchange procedure through WWAN channel.
  • other algorithms can be used in the key exchange procedure, such as public key algorithm like RSA, to exchange parts of the base information for generating the public key via WWAN channel.
  • the third party can't get the private key for decryption through decrypting the public key, and thus the data transmission security can be guaranteed.
  • the method and device for securing handover between WLAN and WWAN as provided in the present invention can be used for handover between other different communication networks, such as between a wire communication network and a wireless communication network or between two wire communication networks, to guarantee the security of communication data during handover from a communication network to another communication network.
  • FIG.5 illustrates the configurations of the encryption device in Alice and the decryption device in Bob in accordance with an embodiment of the present invention, wherein the components same as those in conventional encryption device and decryption device are not shown.
  • sending unit 30 in encryption device 100 of Alice sends the candidate base information for generating a key to Bob, via a communication channel such as the above WWAN link; and negotiating unit 10 negotiates with the other party (namely, Bob) of the communication for the base information that is used to generate a key via the communication channel (that is WWAN link).
  • Receiving unit 210 in decryption device 200 of Bob receives the candidate base information from Alice via the communication channel; and negotiating unit 220 negotiates with Alice for the base information that is used to generate the key according to the candidate base information.
  • Generating unit 20 in Alice generates the key based on the negotiated base information, according to a predetermined encryption algorithm.
  • the predetermined encryption algorithm can use Diffie-Hellman algorithm or RSA algorithm.
  • the base information at least includes the numerical base for performing exponential operation and the divisor for performing modular operation.
  • the base information at least includes the parameters for generating the public key.
  • generating unit 230 in Bob generates the corresponding decryption key based on the negotiated base information according to the predetermined encryption algorithm.
  • sending unit 30 in Alice sends the information encrypted with the key to Bob via the above WLAN link.
  • Receiving unit 210 in Bob provides the received encrypted information to decrypting unit 240.
  • the decrypting unit 240 decrypts the encrypted information with the decryption key generated by the generating unit 230.

Abstract

The invention proposes a method to be executed by a user equipment UE communicating via a first communication network with another communication device, comprising the steps of : detecting whether to be able to communicate with the another communication device via a second communication network; negotiating with the another communication device via the first communication network for base information for generating a key if the second communication network is available; generating the key based on the negotiated base information according to the predetermined encryption algorithm; sending the information encrypted with the key to the another communication device via the second communication network.

Description

METHOD AND DEVICE FOR SECURING HANDOVER BETWEEN WWAN AND WLAN
FIELD OF THE INVENTION The present invention relates generally to a communication network technique, and more particularly, to a method and device for securing handover between WWAN and WLAN.
BACKGROUND OF THE INVENTION
Wireless Local Area Network (WLAN) is a flexible data communication system, and generally deployed at so-called hotspots such as airports and hotels, to provide data transmission services. People can use wireless terminals, such as mobile phones or laptops, to access to the network resources in a WLAN in wireless access way, and access the resources on Internet connected to the WLAN.
Wireless Wide Area Network (WWAN) is a communication system with broader coverage range, and deployed to provide voice and data services to people. For example, Global System for Mobile Communication (GSM), General Packet Radio
Service (GPRS), Code Division Multiple Access (CDMA) and Third-Generation
Mobile Communication (3G) systems all fall into the category of WWAN.
In general, WWAN provides voice service while WLAN provides data service. But with the development of communication technique, low- speed data transmission emerges in WWAN, and IP-based VoIP is also becoming a new spotlight in WLAN.
Fig. l is a schematic diagram showing the conventional application of WLAN and WWAN, wherein a WWAN service area and a WLAN service area may be overlaid or may not, as shown in Fig.l. In the procedure where a mobile user outside the WLAN service area performs voice communication through the WWAN service, when the mobile user enters into a WLAN service area due to the change of its location, if both communicating users are in the WLAN service area, neither of the communication charges for the two users can be reduced if the WWAN service is still adopted at that time. At the same time, if the adopted WWAN service is switched to WLAN service, not only the radio resource for WWAN can be saved, but also the communication charges for both users can be reduced remarkably, and it becomes possible to provide the users with more services such as video communication and etc. When one of the communicating users with WLAN service leaves the WLAN service area, WLAN service is then switched back to WWAN service, to guarantee the proceeding of the communication.
A communication method and device for handover between WWAN and WLAN is disclosed in the patent application filed by KONINKLIJKE PHILIPS ELECTRONICS N. V. on Sept. 19, 2003, Application Serial No. 03124909.4. With the method and device, not only seamless roaming can be implemented between WWAN and WLAN, but also the communication charges of the users can be reduced effectively and the network resources for WWAN can be saved as well, and incorporated herein as reference.
Whether to be able to communicate in WWAN or enjoy convenient services in WLAN, it's of critical importance for the network operators to guarantee the data transferred via the network from being stolen or modified by an unauthorized users.
The issue of network security has been the focus of IETF for the recent years. IEFT has released security standard IPSec based on the network layer, which has been applied to firewall and VPN products, for example, so as to enhance network security, but it is a primary problem for network safeguards to have to face that how to make two UEs exchange a set of keys, which is used in subsequent communications securely and reliably before traffic data is transferred. Especially in WLAN, since the traffic data transferred via WLAN is more easily stolen by the third parties, therefore, with the above communication switched from WWAN to WLAN, if no appropriate measures are taken to guarantee the two involved parties to get a key for communication securely before communicating via WLAN, the communication data is very likely to lose the desired confidentiality after the communication switches from WWAN to WLAN and thus to bring some losses to the two involved parties to some extent.
OBJECTAND SUMMARY OF THE INVENTION An object of the present invention is to provide a method and device for securing handover between WWAN and WLAN, with which two communicating parties exchange a key mutually through a secure channel before communicating via WLAN to guarantee the security of the data transmission in WLAN.
To achieve the object of the present invention, a method to be executed by a UE communicating with another communication device via a first communication network in accordance with the present invention, comprising the steps of: detecting whether to be able to communicate with the another communication device via a second communication network; if said second communication network is available, negotiating with the another communication device for base information that is used to generate a key via the first communication network; generating the key based on the negotiated base information according to a predetermined encryption algorithm; sending the information encrypted with the key to the another communication device via the second communication network.
To achieve the object of the present invention, a method to be executed by a communication device communicating with another UE via a first communication network in accordance with the present invention, comprising the steps of: receiving the candidate base information for generating a key from the another UE; negotiating with the another UE for the base information that is used to generate a key according to the candidate base information; generating the key based on the negotiated base information according to a predetermined encryption algorithm; receiving the encrypted information from the another UE via the second communication network; decrypting the encrypted information with the key.
To achieve the object of the present invention, an encryption method for use in communication in accordance with the present invention, comprising the steps of: negotiating with the other party of the communication for the base information for generating a key via a communication channel; generating the key based on the negotiated base information according to a predetermined encryption algorithm; sending information encrypted with the key to the other party via another communication channel.
To achieve the object of the present invention, a decryption method for use in communication in accordance with the present invention, comprising the steps of: receiving the candidate base information for generating a key from the other party via a communication channel; negotiating with the other party for the base information that is used to generate the key according to the candidate base information; generating the key based on the negotiated base information according to a predetermined encryption algorithm; receiving the encrypted information transferred via another communication channel from the other party; decrypting the encrypted information with the key. To achieve the object of the present invention, an encryption device for use in communication in accordance with the present invention, comprising: a negotiating unit, for negotiating with the other party of the communication for the base information that is used to generate a key, via a communication channel; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a sending unit, for sending the information encrypted with the key to the other party via another communication channel.
To achieve the object of the present invention, a decryption device for use in communication in accordance with the present invention, comprising: a receiving unit, for receiving the candidate base information for generating a key from the other party via a communication channel; a negotiating unit, for negotiating with the other party for the base information that is used to generate the key according to the candidate base information; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a decrypting unit, for decrypting the encrypted information with the key when the receiving unit receives the encrypted information transferred from the other party via another communication channel.
Other objects and attainments together with a fuller understanding of the invention will become apparent and appreciated by referring to the following description and claims taken in conjunction with the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS
The invention is explained in further detail, and by way of example, with reference to the accompanying drawings wherein:
Fig.l illustrates a schematic diagram of a conventional integrated application between WWAN and WLAN; Fig.2 illustrates a diagram of a UE with both WWAN interface and WLAN interface, according to an embodiment of the present invention; Fig.3 illustrates a flowchart of the method for securing handover between WWAN and WLAN, according to an embodiment of the present invention;
Fig.4 illustrates a flowchart of the method for securing handover between WWAN and WLAN, according to another embodiment of the present invention; Fig.5 illustrates a block diagram of the configurations of the encryption device and the decryption device, according to an embodiment of the present invention.
Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions.
DETAILED DESCRIPTION OF THE INVENTION According to the method for securing handover between WWAN and WLAN as provided in the present invention, the two communicating parties can exchange parts of base information that is used to generate a key in advance with the help of the relatively stable security performance of WWAN before communicating via WLAN, thus only the two communicating parties can generate the key according to the base information exchanged in advance when switching to WLAN, while the third party eavesdropping the communication via WLAN can't generate the key and thus can't pirate the information transferred via WLAN.
Descriptions will be given below to the method for securing handover between WWAN and WLAN in conjunction with accompanying drawings, taking two UEs adopting Diffie-Hellman encryption algorithm as example.
Fig.2 illustrates a UE with two radio interfaces as WWAN and WLAN. It's assumed that two users Alice and Bob communicate via WWAN such as cellular network by using the UEs respectively as shown in Fig.2. If Alice and Bob enter a same WLAN coverage area during communication, apparently it's more advantageous for Alice and Bob to communicate via WLAN to save communication charges.
In the embodiment as shown in Fig.3, it is assumed that Alice is the originator of WLAN call and key exchange. As shown in Fig.3, if Alice communicating via WWAN (step SlO) detects that its WLAN interface is available, Alice negotiates with Bob via WWAN for the base information that is used to generate a key. Specifically, Alice sends to Bob via WWAN interface a set of candidate base information, each of which includes a pair of prime numbers p and g to be used in executing Diffie-Hellman encryption algorithm (step S20). After receiving the set of candidate base information from Alice via WWAN interface, if Bob can use at least one pair of prime numbers p and g therein to execute Diffie-Hellman encryption algorithm, Bob will select a pair of suitable prime numbers p and g as a selection message of feedback and send it to Alice via a WWAN interface (step S30).
After determining the value of the pair of prime numbers p and g to be used in executing Diffie-Hellman encryption algorithm through negotiation, Alice and Bob switch from WWAN to WLAN respectively (step SlOO and S200) and carry out an authentication procedure via the WLAN interface.
First, Alice calculates a private key TA of Alice, TA = gA mod p, by using the prime numbers p and g determined through negotiation, wherein exponent A is selected by Alice randomly (step S300). Afterwards, Alice sends a challenge message to Bob, the challenge message including the private key TA (step S40). Bob performs the operations similar to those of Alice. First, Bob calculates a private key TB of Bob, TB = gB mod p, by using the prime numbers p and g determined through negotiation, wherein exponent B is selected by Bob randomly (step S400), and packs the private key TB into an ACK (acknowledgement) message, and then sends it to Alice (step S50). Then, at UE Alice, Alice calculates with the expression (TB)A mod p, that is (gB mod p)A mod p, to get a shared key gAB mod p (step S500), and sends the shared key to Bob so as to make sure that the message is from the real user Alice rather than an unauthorized third party who gets the information illegally (step S60); and at UE Bob, Bob calculates with the expression (TA)B mod p, that is (gA mod p)B mod p, to get a shared key gAB mod p (step S600), and sends the shared key to Alice so as to make sure that the message is from the real user Bob rather than an unauthorized third party who gets the information illegally(step S70).
During the above authentication procedure, the third party who eavesdropping
WLAN doesn't know the numerical base g used for exponential operation and the divisor p used for modular operation, thus it's possible to avoid the bucket brigade attack in conventional IPSec protocol when Alice and Bob switch to communicate via
WLAN. After Alice and Bob obtains the shared key gAB mod p, the two users can use the shared key to encrypt the information transferred in subsequent traffic communication; or any one of the both parties such as Alice can select a session key and use the shared key to encrypt the session key (step S700), and then send the encrypted session key to Bob (step S80) so that the two parties use the session key to encrypted the information to be transferred in subsequent communication (step S90).
In the embodiment shown in Fig.3, Alice and Bob exchange the values of the base information g and p used for generating their respective private key TA and TB in WWAN, and then generate the shared key and the session key with Diffie-Hellman encryption algorithm according to the values g and p predetermined in WLAN, to encrypt the traffic data in subsequent communication.
In practical applications, alternatively, the two communicating parties can switch to WLAN after the shared key and the session key are generated in WWAN, and this procedure is shown in Fig. 4. As shown in Fig.4, Alice and Bob not only negotiate with each other to determine the values of the base information g and p used for generating their respective private key TA and TB in WWAN, but also perform the above authentication procedure via WWAN to generate the shared key gAB mod p or the session key. Thus, when switching to communicate via the WLAN interface (steps S800 and S900), Alice and Bob will encrypt the traffic data to be transferred directly with the shared key gAB mod p or the session key that has been generated in WWAN.
The above description goes to the procedure for securing handover from WWAN to WLAN as provided in the present invention, in conjunction with Fig.3 and Fig.4. Since WWAN (for example, cellular network) is well known to be reliable in authentication, authorization, accounting and other security-related aspects, only detailed implementation scheme of handover from WWAN to WLAN is described in the embodiment of the present invention. Alternatively, similar processing methods can be used when the communicating parties switch from WLAN to WWAN.
In the above description taken in conjunction with specific embodiment, two UEs
Alice and Bob exchange parts of the information for generating the private key through the secure channel in WWAN so as to guarantee the communication security in WLAN. With the method for securing handover between WLAN and WWAN as described in the embodiment of the present invention, it substantially adopts an enhanced IPSec key exchange procedure. In the enhanced IPSec key exchange procedure, the key for IPSec is negotiated via a secure communication channel and then the information encrypted with the key is transferred via another communication channel. The key exchange method proposed in the present invention optimizes and simplifies the IPSec key generation procedure and guarantees the security of data transmission between two communication parties as well, compared with the conventional method for key negotiation and encrypted information transmission adopting the same communication channel and the conventional method for distributing keys to the two communication parties by using key distribution center.
In the above embodiment of the present invention, Diffie-Hellman algorithm is taken as an example to describe the key exchange procedure through WWAN channel. In practical applications, other algorithms can be used in the key exchange procedure, such as public key algorithm like RSA, to exchange parts of the base information for generating the public key via WWAN channel. Hence, the third party can't get the private key for decryption through decrypting the public key, and thus the data transmission security can be guaranteed. The method and device for securing handover between WLAN and WWAN as provided in the present invention, can be used for handover between other different communication networks, such as between a wire communication network and a wireless communication network or between two wire communication networks, to guarantee the security of communication data during handover from a communication network to another communication network.
With the method for guaranteeing the security of data transmission between two UEs Alice and Bob as provided in the present invention, it is also applied to secure data transmission between a UE and a server (for example, a UE accesses a mail server) or between two servers (for example, data copy between two file servers).
With the method for securing handover between WLAN and WWAN provided in the present invention, it can be implemented in software or hardware, or in combination of both.
When the proposed method for securing handover between WLAN and WWAN is implemented in hardware, Fig.5 illustrates the configurations of the encryption device in Alice and the decryption device in Bob in accordance with an embodiment of the present invention, wherein the components same as those in conventional encryption device and decryption device are not shown.
As shown in Fig.5, first, sending unit 30 in encryption device 100 of Alice sends the candidate base information for generating a key to Bob, via a communication channel such as the above WWAN link; and negotiating unit 10 negotiates with the other party (namely, Bob) of the communication for the base information that is used to generate a key via the communication channel (that is WWAN link).
Receiving unit 210 in decryption device 200 of Bob receives the candidate base information from Alice via the communication channel; and negotiating unit 220 negotiates with Alice for the base information that is used to generate the key according to the candidate base information.
Generating unit 20 in Alice generates the key based on the negotiated base information, according to a predetermined encryption algorithm.
Similar to the above method for securing handover between WLAN and WWAN, the predetermined encryption algorithm can use Diffie-Hellman algorithm or RSA algorithm. When Diffie-Hellman algorithm is adopted, the base information at least includes the numerical base for performing exponential operation and the divisor for performing modular operation. When RSA algorithm is adopted, the base information at least includes the parameters for generating the public key.
Further, generating unit 230 in Bob generates the corresponding decryption key based on the negotiated base information according to the predetermined encryption algorithm.
Then, sending unit 30 in Alice sends the information encrypted with the key to Bob via the above WLAN link. Receiving unit 210 in Bob provides the received encrypted information to decrypting unit 240. The decrypting unit 240 decrypts the encrypted information with the decryption key generated by the generating unit 230.
BENEFICIAL RESULTS OF THE INVENTION As described above, with the method for securing handover between WLAN and WWAN as provided in the present invention, since the known base information (such as prime numbers g and p) for generating the key in conventional IPSec key exchange protocol is changed to be negotiated by the two communicating parties in WWAN, the key to be used in WLAN can avoid being stolen by the third party who eavesdropping
WLAN, thus the security of the communication data can be guaranteed when the two communicating parties handover from WWAN to WLAN.
It is to be understood by those skilled in the art that the proposed method for securing handover between WLAN and WWAN as disclosed in this invention can be made of various modifications without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

CLAIMS:
1. A method to be executed by a UE communicating with another communication device via a first communication network, comprising the steps of:
(a) detecting whether to be able to communicate with the another communication device via a second communication network;
(b) negotiating with the another communication device for base information that is used to generate a key via the first communication network, if the second communication network is available;
(c) generating the key based on the negotiated base information according to a predetermined encryption algorithm;
(d) sending the information encrypted with the key to the another communication device via the second communication network.
2. The method according to claim 1, wherein step (b) comprises: sending candidate base information to the another communication device via the first communication network; receiving selection information from the another communication device; determining the base information according to the selection information.
3. The method according to claim 1 or 2, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes the numerical base for performing exponential operation and the divisor for performing modular operation.
4. The method according to claim 3, wherein step (c) comprises: generating a private key based on the base information according to the predetermined encryption algorithm; sending a challenge message including the private key to the another communication device via any one of the first and second communication networks; receiving an ACK message corresponding to the challenge message from the another communication device, the ACK message including another private key generated by the another communication device based on the base information according to the predetermined encryption algorithm; generating the key based on the another private key according to the predetermined encryption algorithm.
5. The method according to claim 1 or 2, wherein the predetermined algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
6. The method according to claim 1 or 2, wherein the first communication network is WWAN, and the second communication network is WLAN.
7. A method to be executed by a communication device communicating with another UE via a first communication network, comprising the steps of:
(a) receiving candidate base information for generating a key from the another UE; (b) negotiating with the another UE for base information that is used to generate a key according to the candidate base information;
(c) generating the key based on the negotiated base information according to a predetermined encryption algorithm;
(d) receiving the encrypted information from the another UE via a second communication network;
(e) decrypting the encrypted information with the key.
8. The method according to claim 7, wherein step (b) comprises: selecting suitable base information for generating the key from the candidate base information; sending the selected base information to the another UE via the first communication network.
9. The method according to claim 7 or 8, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes a numerical base for performing exponential operation and a divisor for performing modular operation.
10. The method according to claim 9, wherein step (c) comprises: generating a private key based on the negotiated base information according to the predetermined encryption algorithm; receiving a challenge message from the another UE via any one of the first and second communication networks, the challenge message including another private key generated by the another UE based on the negotiated base information according to the predetermined encryption algorithm; sending an ACK message including the private key to the another UE with respect to the challenge message; generating the key based on the another private key according to the predetermined encryption algorithm.
11. The method according to claim 7 or 8, wherein the predetermined encryption algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
12. The method according to claim 7 or 8, wherein the first communication network is WWAN, and the second communication network is WLAN.
13. An encryption method for use in communication, comprising the steps of:
(a) negotiating with the other party of the communication via a communication channel for base information that is used to generate a key;
(b) generating the key based on the negotiated base information according to a predetermined encryption algorithm; (c) sending the information encrypted with the key to the other party via another communication channel.
14. The encryption method according to claim 13, wherein step (a) comprises: sending the candidate base information to the other party via the communication channel; receiving the selection information from the other party; determining the base information according to the selection information.
15. The encryption method according to claim 13 or 14, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes a numerical base for performing exponential operation and a divisor for performing modular operation.
16. The encryption method according to claim 13 or 14, wherein the predetermined encryption algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
17. A decryption method for use in communication, comprising the steps of:
(a) receiving candidate base information for generating a key from the other party via a communication channel;
(b) negotiating with the other party for base information that is used to generate the key according to the candidate base information; (c) generating the key based on the negotiated base information according to a predetermined encryption algorithm;
(d) receiving the encrypted information transferred via another communication channel from the other party;
(e) decrypting the encrypted information with the key.
18. The decryption method according to claim 17, wherein step (a) comprises: selecting suitable base information for generating the key from the candidate base information; sending the selected base information to the other party via the communication channel.
19. The decryption method according to claim 17 or 18, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes a numerical base for performing exponential operation and a divisor for performing modular operation.
20. The decryption method according to claim 17 or 18, wherein the predetermined encryption algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
21. An encryption device for use in communication, comprising: a negotiating unit, for negotiating with the other party of the communication for base information that is used to generate a key via a communication channel; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a sending unit, for sending the information encrypted with the key to the other party via another communication channel.
22. The encryption device according to claim 21, wherein the negotiating unit sends the candidate base information to the other party via the communication channel; the encryption device receives the selection information from the other party and determines the base information according to the selection information.
23. The encryption device according to claim 21 or 22, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes a numerical base for performing exponential operation and a divisor for performing modular operation.
24. The encryption device according to claim 21 or 22, wherein the predetermined encryption algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
25. A decryption device for use in communication, comprising: a receiving unit, for receiving candidate base information for generating a key from the other party via a communication channel; a negotiating unit, for negotiating with the other party for base information that is used to generate the key according to the candidate base information; a generating unit, for generating the key based on the negotiated base information according to a predetermined encryption algorithm; a decrypting unit, for decrypting the encrypted information with the key when the receiving unit receives the encrypted information transferred from the other party via another communication channel.
26. The decryption device according to claim 25, wherein the negotiating unit selects suitable base information for generating the key from the candidate base information and sends the selected base information to the other party via the communication channel.
27. The decryption device according to claim 25 or 26, wherein the predetermined encryption algorithm is Diffie-Hellman algorithm, and the base information at least includes a numerical base for performing exponential operation and a divisor for performing modular operation.
28. The decryption device according to claim 25 or 26, wherein the predetermined encryption algorithm is RSA algorithm, and the base information at least includes parameters for generating the public key.
PCT/IB2005/054091 2004-12-17 2005-12-07 Method and device for securing handover between wwan and wlan WO2006064410A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200410102012 2004-12-17
CN200410102012.1 2004-12-17

Publications (1)

Publication Number Publication Date
WO2006064410A1 true WO2006064410A1 (en) 2006-06-22

Family

ID=35892441

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/054091 WO2006064410A1 (en) 2004-12-17 2005-12-07 Method and device for securing handover between wwan and wlan

Country Status (1)

Country Link
WO (1) WO2006064410A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0535863A2 (en) * 1991-10-02 1993-04-07 AT&T Corp. A cryptographic protocol for secure communications
EP1274194A1 (en) * 2001-07-05 2003-01-08 Kabushiki Kaisha Toshiba Method and apparatus for wireless data communication, using an encryption unit
EP1328086A1 (en) * 2000-10-16 2003-07-16 Link Evolution Co., Ltd. Communication apparatus, communication system and communication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0535863A2 (en) * 1991-10-02 1993-04-07 AT&T Corp. A cryptographic protocol for secure communications
EP1328086A1 (en) * 2000-10-16 2003-07-16 Link Evolution Co., Ltd. Communication apparatus, communication system and communication method
EP1274194A1 (en) * 2001-07-05 2003-01-08 Kabushiki Kaisha Toshiba Method and apparatus for wireless data communication, using an encryption unit

Similar Documents

Publication Publication Date Title
JP5597676B2 (en) Key material exchange
JP4286224B2 (en) Method for secure and confidential communication used in a wireless local area network (WLAN)
CN104661216B (en) The method and WTRU of NAS message are transmitted in WTRU
EP1841260B1 (en) Authentication system comprising a wireless terminal and an authentication device
US9231759B2 (en) Internet key exchange protocol using security associations
US7236477B2 (en) Method for performing authenticated handover in a wireless local area network
JP4688808B2 (en) Enhanced security configuration for encryption in mobile communication systems
TWI343733B (en) Method and apparatus for simultaneous communication utilizing multiple wireless communication systems
EP1374533B1 (en) Facilitating legal interception of ip connections
WO2005027559A1 (en) Fast authentication method and apparatus for inter-domain handover
JP2002232418A (en) System and method for converting key
WO2007136440A2 (en) Apparatus and method for establishing a vpn tunnel between a wireless device and a lan
CN1602611A (en) Lawful interception of end-to-end encrypted data traffic
MX2007012852A (en) Session key management for public wireless lan supporting multiple virtual operators .
JP2003524353A (en) Integrity check in communication systems
WO2008006312A1 (en) A realizing method for push service of gaa and a device
US20050025315A1 (en) Method and apparatus for secure communications among portable communication devices
JP2007538470A (en) Method for managing access to a virtual private network of a portable device without a VPN client
WO2012024905A1 (en) Method, terminal and ggsn for encrypting and decrypting data in mobile communication network
JP2005236490A (en) Mobile communication terminal and network connection apparatus in mobile communication network system, and update method of shared private key, and update program of shared private key
Kim et al. MoTH: mobile terminal handover security protocol for HUB switching based on 5G and beyond (5GB) P2MP backhaul environment
CN112672345A (en) Communication authentication method and related equipment
WO2006102565A2 (en) Optimized derivation of handover keys in mobile ipv6
Lin et al. Authentication in wireless communications
CA3190801A1 (en) Key management method and communication apparatus

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05822948

Country of ref document: EP

Kind code of ref document: A1