WO2008105836A2 - Group-wise secret key generation - Google Patents

Group-wise secret key generation Download PDF

Info

Publication number
WO2008105836A2
WO2008105836A2 PCT/US2007/020465 US2007020465W WO2008105836A2 WO 2008105836 A2 WO2008105836 A2 WO 2008105836A2 US 2007020465 W US2007020465 W US 2007020465W WO 2008105836 A2 WO2008105836 A2 WO 2008105836A2
Authority
WO
WIPO (PCT)
Prior art keywords
wise
secret key
pair
spanning tree
wtru
Prior art date
Application number
PCT/US2007/020465
Other languages
French (fr)
Other versions
WO2008105836A3 (en
Inventor
Chunxuan Ye
Alexander Reznik
Original Assignee
Interdigital Technology Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Interdigital Technology Corporation filed Critical Interdigital Technology Corporation
Priority to JP2009529250A priority Critical patent/JP2010504695A/en
Priority to EP07873834A priority patent/EP2070252A2/en
Publication of WO2008105836A2 publication Critical patent/WO2008105836A2/en
Publication of WO2008105836A3 publication Critical patent/WO2008105836A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention generally relates to encryption of communications. More particularly a group- wise secret key generation algorithm method and mechanism is disclosed.
  • the second method involves the use of wireless channels in conjunction with joint-randomness-not-shared-by-others (JRNSO) techniques, where each node shares a unique channel impulse response.
  • JRNSO joint-randomness-not-shared-by-others
  • a secret key rate H(K)Zn is defined by the entropy rate of the secret key K.
  • the largest secret key rate is called the secret key capacity, denoted by C s .
  • the notion of secret key capacity C 5 indicates the length of the largest secret key that can be generated by these m nodes.
  • Figure 1 shows a network of three nodes 101, 102 and 103, in
  • Equation (1) For the case of two nodes ( m - 2 ), Equation (1) reduces to:
  • Equation (3) The translation of Equation (3) to the group-wise secret key problem described above is that the group-wise secret key cannot be longer than:
  • a method and mechanism is disclosed for constructing a perfectly secret key within a group of nodes.
  • pair-wise secret keys are assigned. Based on the pair-wise secret keys, these m nodes generate a group-wise perfectly secret key.
  • Figure 1 is an illustration of an exemplary communication network with three nodes and three pair- wise keys
  • Figure 2 is a method flow chart depicting the generation of a group- wise perfectly secret key
  • Figure 3 is an illustration of a weighted graph of a three node communication network
  • Figure 4 is an illustration of a weighted graph of the network of
  • Figure 2 after a first iteration of the group-wise secret key generation;
  • Figure 5 is an illustration of a weighted graph of the network of
  • Figure 2 after a second iteration of the group-wise secret key generation;
  • Figure 6 is an illustration of a weighted graph of the network of
  • Figure 2 after a third iteration of the group-wise secret key generation;
  • Figures 7 and 8 are method flow charts for implementing a group- wise secret key generation;
  • Figure 9 is a block diagram showing three wireless transmit/receive units sharing a group-wise secret key
  • Figure 10 is a block diagram showing three nodes sharing a group- wise secret key over a fiber optic network;
  • Figure 11 shows a network consisting of eight nodes;
  • Figure 12 shows a spanning tree for the network of Figure 11 used to generate a group-wise secret key.
  • wireless transmit/receive unit includes, but is not limited to, a user equipment (UE), a network node, a mobile station, a fixed or mobile subscriber unit, a pager, a cellular telephone, a personal digital assistant (PDA), a computer, or any other type of user device capable of operating in a wireless environment.
  • base station includes, but is not limited to, a Node-B, a site controller, an access point (AP), or any other type of interfacing device capable of operating in a wireless environment.
  • an algorithm and mechanism for constructing a perfectly secret key within a group of nodes is disclosed.
  • a network of m nodes it is assumed that every pair of WTRUs has already generated a perfectly secret key.
  • An exemplary method for generating a perfectly secret key according to joint-randomness-not-shared-by-others is disclosed in commonly assigned U.S. Patent Application No. 11/339,958 filed on January 26, 2006, which is incorporated herein by reference.
  • a secret key shared by a pair of WTRUs is statistically independent of all other WTRU's knowledge. Based on pair-wise perfectly secret keys, these m WTRUs wish to generate a group-wise perfectly secret key.
  • each WTRU can communicate with every other WTRU through public broadcasts.
  • FEC Forward Error Correction
  • An eavesdropper without any information on the pair-wise secret keys, is able to observe the public transmissions among the m WTRUs.
  • the method using either quantum cryptography or the wireless channel-based key generation, may be mathematically expressed as follows.
  • m nodes where each pair of nodes share a perfectly secret key K t J (or equivalently ⁇ , ), withl ⁇ . ⁇ y ⁇ m .
  • the mutual key I is represented as follows, l(K hJ ; ⁇ ,. ⁇ r : (VJ') ⁇ (/,./) ⁇ ) « 0 . Equation (5)
  • Equation (8) denotes that the group-wise secret key is nearly statistically independent of eavesdropper's information, the information V on the public channel, and Equation (8) denotes that the group- wise secret key is a full entropy bit string.
  • the condition implies that the group-wise secret key K is a perfectly secret key. A method and mechanism to maximize the length of the resulting group-wise secret key is therefore desired. The following describes a graphical representation of such a network to facilitate a first embodiment.
  • a connected graph with nodes 101, 102, and 103 is shown, with each pair of nodes sharing a pair-wise secret k.eyK l 2 ,K i :i , K 2 i .
  • a weighted graph associates a numerical weight with every edge in the graph. Referring back to Figure 1, the weight of the edge is represented by their respective pair-wise secret keys, K x 2 ,
  • the weight of a tree in a weighted graph is the sum of the weights of the selected edges.
  • Any edge (i,j) e E with i e N 1 and j e N 2 is said to be a cut edge.
  • the size of a cut is defined to be the sum of the weights of its edges. A cut is minimal if the size of the cut is not larger than the size of any other cut.
  • T be a single node in G
  • a flow chart showing an example of how to solve the problem of generating a group-wise secret key.
  • a statistically random source is required for creating a pair-wise secret key.
  • the source is derived through physical measurement, which can be accomplished by either channel measurement or quantum measurement.
  • the source measurements are then used to generate a pair-wise perfectly secret key in step 220.
  • the pair-wise perfectly secret keys are used to generate a group-wise secret key for a system with more than 2 nodes.
  • the group-wise secret key generation problem can be modeled by a weighted undirected graph.
  • Figure 3 shows a weighted graph for a three node network, having nodes 301, 302 and 303.
  • Each node on the graph represents a network node or WTRU, and each pair-wise secret key is considered as an edge connecting the corresponding nodes.
  • the weight of an edge is equal to the length of the corresponding pair-wise secret key, which is always a nonnegative integer. For example, referring to Figure 3, suppose nodes 301, 302 and 303 share pair- wise secret keys/. " , 2 , K 1 3 and K 11 with lengths 5, 4 and 3, respectively.
  • the following lemma discusses the generation of a single secret bit among m nodes, based on a single bit from ⁇ n-1 pair-wise secret keys whose corresponding edges constitute a spanning tree.
  • a single secret bit can be generated among all m nodes.
  • the following method presents a way of generating a secret bit among all m nodes.
  • Step 1 Select an edge (/, , i 2 ) from the spanning tree. Nodes /, and i 2 share a secret bit K 1 , .
  • Step 2 If a node,/ knows secret bit K 1 , from either node ii, or node i ⁇ , sharing the key, but its neighbor node k does not know secret bit K h h , then node./ sends K ] k ® K 1 ⁇ , to node k, where K J k is the secret bit shared by nodes,/ and k. Upon receiving this message, node k is able to decode secret bit /- " (
  • K is the secret bit shared by all m nodes.
  • a method 700 which implements the above described method of sharing the secret bit.
  • a WTRU selects an edge from the spanning tree. This selection of an edge can be a random selection or by selecting the maximum or minimum edge weight.
  • the WTRU determines whether or not the secret key bit K 1 h is known by a neighboring WTRU. If K h h is not known, then the WTRU sends K j k ⁇ K 1 ⁇ (i.e. the XOR combination of the secret bit K h and the pair wise key K ] k ) to the neighboring WTRU in step 730.
  • the neighboring WTRU is now able to decode secret bit K 1 , in step 740.
  • the next edge is selected (745), and the process is continued until the secret bit is shared by each of the WTRUs in succession.
  • more than one secret bit can be selected and shared with each transmission using the XOR combination with pair-wise secret keys.
  • a unique pair-wise secret key bit must be XOR combined with it.
  • the following method steps are used for constructing an optimized group-wise secret key of multiple bits. Note that the problems of determining maximum and minimum spanning trees are equivalent. A maximum spanning tree can be determined by negating edge weights and solving the minimum spanning tree problem on the resulting graphs.
  • Step 3 Determine a maximum spanning tree from a given connected weighted graph, using a greedy algorithm (e.g. Kruskal's or Prim's).
  • Step 4 Generate a single secret bit among all nodes by applying the method 700 as described above. Note that the used bits in pair-wise secret keys, which have been revealed to the eavesdropper, will be of no use in the remaining group-wise secret key generation process.
  • Step 5 Update the graph by reducing the edge weight by 1 for the edges on the determined spanning tree. Remove an edge when its weight becomes zero.
  • Step 6 If the remaining graph is un-connected, then stop.
  • the overall secret key length is equal to the number of iterations that can be run until the graph becomes unconnected.
  • the purpose of searching a maximum spanning tree is to maximize the number of iterations in the algorithm, by means of "balancing" edge weights in the weight reduction procedure.
  • the first step 810 involves a lead WTRU determining a maximum spanning tree from the given weighted graph. Once the maximum spanning tree is determined, the WTRU uses the method 700 to generate a single common secret bit, described by steps 820-840. After an iteration, the graph must be updated by reducing the weight by 1 for the edges involved (step 850). Repeat the process until the graph is unconnected (step 860).
  • the resulting group-wise secret key has a maximum possible length which will be shared by all of the WTRUs.
  • the group- wise shared key allows the WTRUs to publicly broadcast messages which only the WTRUs within the network can decode. While the embodiment depicted by Figure 8 shows the transmission of one secret bit during an iteration, multiple secret bits may be transmitted during an iteration as long as an equivalent number of pair-wise secret bits are XOR combined with the multiple secret bits.
  • FIG. 9 shows block diagram of three WTRUs 910, 920, and 930, forming a network over a wireless connection.
  • a WTRU 910 acts as a lead node and initiates the procedures described above and determines the network topology.
  • the lead node seeks to create a secret key with as many bits as possible.
  • WTRU 910 comprises a processor 915 configured to implement methods 700 and 800 in order to generate a group-wise shared key. WTRU 910 then sends out messages informing the other WTRUs 920 and 930 regarding the selection of the key.
  • the WTRUs 920 and 930 include processors 925 and 935 respectively, to process the key. It should be noted that while the depiction of this embodiment shows only three WTRUs, the process is applicable to an arbitrary number of WTRUs or nodes. Further, while Figure 9 depicts a specific node acting as lead node, any node can make the decision. In another embodiment, the lead node makes the decision and transmits this decision along with the operations that each node should take, allowing the node to reduce the number of transmissions.
  • a wireless local area network hotspot or a base station can initiate the procedures described above.
  • Each node generates a pair-wise secret key using quantum cryptography.
  • the nodes are connected via a fiber-optic network 1040.
  • a node 1010 acts as a lead node and initiates the procedures described above and determines the network topology.
  • the lead node seeks to create a secret key with as many bits as possible.
  • the processor 1015 of the lead node is configured to implement methods 700 and 800 in order to generate a group-wise shared key.
  • the lead node then sends out messages over the fiber optic network, informing the other nodes 1020 and 1030 regarding the selection of the key.
  • the nodes 1020 and 1030 include processors 1025 and 1035 respectively, to process the key. It should be noted that while the depiction of this embodiment shows only three nodes, the process is applicable to an arbitrary number of nodes connected over a fiber optic network.
  • a spanning tree composed of edges ((1,2), (1,3)) is selected in Step 1, because the sum of weights of this spanning tree is 9, which is larger than those of other spanning trees.
  • node 301 sends K ⁇ 2 ⁇ AT 1 3 .
  • nodes 302 and 303 can decode AT 1 1 ., and , respectively.
  • the bit AT 1 1 2 (or AT 1 1 J , but not both) is then set as the secret bit, as it is independent of AT 1 1 2 ⁇ AT 1 1 3 .
  • a spanning tree composed of edges ((1,2), (1,3)) is determined in
  • Step 1 Node 1 sends AT 1 ⁇ 2 ⁇ AT 1 ⁇ 3 , and the bit AT 1 ⁇ 2 is set as the secret bit. By the end of this iteration, the weighted graph is adjusted, as shown in Figure 5. [0061] Third iteration:
  • a spanning tree composed of edges ((1, 2), (2, 3)) is determined in
  • Step 1 Node 2 sends AT 1 ⁇ 2 ⁇ AT 2 1 3 , and the bit AT 1 ⁇ 2 is then set as the secret bit. By the end of this iteration, the weighted graph is adjusted, as shown in Figure 6. [0063] The iterations continue until the graph becomes un-connected. A total of six iterations are executed to un-connect the graph. The final three iterations are not depicted in the figures, however, the spanning trees and public transmissions in the last three iterations are
  • the secret key K is set as As mentioned above, the largest achievable secret key in this example does not exceed 6 bits. Method 700 achieves this upper bound.
  • each node is represented by a terminal.
  • the terminals have acquired pair-wise perfectly secret keys.
  • Each pair-wise perfectly secret key is statistically independent.
  • a spanning tree 1200 is selected from the network shown in Figure 11.
  • Each edge of the spanning tree represents a one bit pair- wise secret key (Ka, b, K a ,c, Kb,d, Kb, e , K c , f ).
  • Node a will select from key Ka, b or key K a , c which will be chosen as the group-wise secret key.
  • K ffi K either aJ> " c (which will equal 1) or transmit nothing. This will identify to
  • Node b and Node c then transmit key K a ,b to Node d, e, and f by convolving key K a ,b with the pair-wise secret key bits (Kb.a.Kb.e, K c , f respectively) of each node.
  • the process is continued until key Ka, b is known by the entire spanning tree, and a group-wise secret key K a , b, will be known by all of the nodes. While the embodiment depicted in Figure 11 shows only 8 nodes, the process is applicable for any number of nodes. Further, the embodiment in Figure 12 depicts a secret key of only 1 bit, but a secret bit of any length may be used.
  • the nodes may transmit more than one secret bit to a neighboring node. Alternatively, the spanning tree is reselected after each iteration. [0066] EMBODIMENTS
  • a method for generating a group-wise perfectly secret key in a wireless communication system having a plurality of wireless transmit/receive units (WTRU) utilizing symmetric key encryption comprising: a) generating a pair-wise perfectly secret key between at least two WTRUs; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
  • WTRU wireless transmit/receive units
  • determining a maximum spanning tree includes selecting a WTRU such that the sum of all edges connecting to this WTRU is maximum.
  • a wireless transmit/receive unit capable of generating a group-wise perfectly secret key in a wireless communication system having a plurality of WTRUs utilizing symmetric key encryption, the WTRU comprising: a processor configured to generate a pair-wise perfectly secret key with a connected WTRU; a receiver for receiving a secret key on a public broadcast channel; and a processor for determining a group-wise perfectly secret key K based on the pair-wise secret keys.
  • the WTRU as in any of embodiments 12-13, wherein the processor is configured to select a secret bit from an edge, further comprising a transmitter configured to transmit a selected edge's secret bit to a neighboring WTRU combined with the pair-wise secret key shared by the WTRU and the neighboring WTRU.
  • a method for generating a group-wise perfectly secret key in a fiber optic communication network having a plurality of nodes utilizing symmetric key encryption comprising: a) generating a pair-wise perfectly secret key between at least two nodes using quantum cryptography; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
  • determining a maximum spanning tree includes selecting a node such that the sum of all edges connecting to this node is maximum.
  • Examples of computer-readable storage mediums include a read only memory (ROM), a random access memory (RAM), a register, cache memory, semiconductor memory devices, magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • ROM read only memory
  • RAM random access memory
  • register cache memory
  • semiconductor memory devices magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • Suitable processors include, by way of example, a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) circuits, any other type of integrated circuit (IC), and/or a state machine.
  • a processor in association with software may be used to implement a radio frequency transceiver for use in a wireless transmit receive unit (WTRU), user equipment (UE), terminal, base station, radio network controller (RNC), or any host computer.
  • WTRU wireless transmit receive unit
  • UE user equipment
  • RNC radio network controller
  • the WTRU may be used in conjunction with modules, implemented in hardware and/or software, such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard, a Bluetooth® module, a frequency modulated (FM) radio unit, a liquid crystal display (LCD) display unit, an organic light-emitting diode (OLED) display unit, a digital music player, a media player, a video game player module, an Internet browser, and/or any wireless local area network (WLAN) module.
  • modules implemented in hardware and/or software, such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard, a Bluetooth® module, a frequency modulated (FM) radio unit, a liquid crystal display (LCD) display unit, an organic light-emit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method for constructing a perfectly secret key within a group of nodes. In a group of m nodes, pair-wise secret keys are assigned. Based on pair-wise secret keys, these m nodes generate a group- wise perfectly secret key. In a preferred embodiment, each node communicates with every other node through public noiseless broadcasts.

Description

[0001] GROUP-WISE SECRET KEY GENERATION
[0002] FIELD OF INVENTION
[0003] The present invention generally relates to encryption of communications. More particularly a group- wise secret key generation algorithm method and mechanism is disclosed.
[0004] BACKGROUND
[0005] In a symmetric encryption system, two nodes need to share a common secret key for secure communication between them. In most existing symmetric encryption systems, the secret key shared by the two nodes is computationally secure. Algorithms of generating a computationally secret key include Diffie'-Hellman key exchange and public key-based (i.e., encrypting a secret key with the recipient's public key before its distribution). [0006] The security of a computationally secret key relies on the difficulty in solving a computational problem, e.g., factoring large integers or computing discrete logarithms in certain groups. In other words, the security depends on the assumption that an eavesdropper's computational power is restricted. However, with advances in fast computing, this assumption may not hold. Therefore, a new method and approach, which is not susceptible to the weaknesses of computational cryptography, is needed.
[0007] On the other hand, if the security of a secret key can be rigorously established without any assumption of limits on an eavesdropper's computational power, then this secret key is called a perfectly secret key. A security system based on a secret key would not be subject to the weaknesses of non-secret key systems. The problem of generating a perfectly secret key has been investigated by several authors. To generate a perfectly secret key, access to a natural source of statistical randomness is needed. Currently, there are two preferred natural sources of statistical randomness. The first is quantum cryptography, which uses quantum mechanics to guarantee secure communication. Using quantum states such as quantum entanglement, a communication system can be designed and implemented which detects the amount of eavesdropping, and after correcting for this allows provably secure communication. The second method involves the use of wireless channels in conjunction with joint-randomness-not-shared-by-others (JRNSO) techniques, where each node shares a unique channel impulse response. It should be mentioned that these earlier works study the generation of a secret key between two nodes. In a communication system with more than two nodes, all the nodes or a subset of more than two nodes are required to share a common secret key for the secure group communication. While previous work has demonstrated in theory how to establish an optimum secret key with more then two nodes, it has not been successful in demonstrating practical algorithms for establishing an optimum secret key in communication systems with more than two nodes that perform optimally or close to optimally. Additionally, prior work in this field calls for a group key generation algorithm that works directly with the plurality of the underlying random sources. However, such an approach is complex and an approach which generates group keys based on the pre-generated pair-wise keys is desired (i.e., only the pair-wise key generation problem uses information about random sources). Such a layering would facilitate usage in existing layered communication systems. Therefore a practical implementation of an optimized method for generating a group-wise secret key in such systems is needed. Furthermore, it is desired that such an implementation have a layered structure.
[0008] Secret Key Capacity
[0009] The notion of secret key capacity is defined as follows. Suppose m > 2 network nodes respectively observe m independent and identically distributed repetitions, over n time intervals, of the random variables ^,, X2,...,XJ , denoted by (*<">, *<">,...,*<,">) withZ,(n) = (*, „...,*,„) .
These m nodes wish to generate a common (i.e., group-wise) secret key K. To do so, they can communicate with each other through an error-free public broadcast channel. A secret key rate H(K)Zn is defined by the entropy rate of the secret key K. The largest secret key rate is called the secret key capacity, denoted by Cs . The notion of secret key capacity C5 indicates the length of the largest secret key that can be generated by these m nodes.
[0010] Figure 1 shows a network of three nodes 101, 102 and 103, in
which Key K.1,2 exists between nodes 101 and 102, Key K.1,3 exists between
nodes 101 and 103, and Key K∑,3 exists between nodes 102 and 103.
[0011] It is known in the art that the secret key capacity C8 can be calculated by the following equation:
CS = H(X,,...,XJ - min ∑R, , Equation (1)
ΛJeπ' where
π = ∑R, ≥ H{Xf \
Figure imgf000004_0001
Figure imgf000004_0002
with X9 = {XJ e β} and βc = {l,...,m} \ β.
[0012] For the case of two nodes ( m - 2 ), Equation (1) reduces to:
C5 = I(X, ; X2 ) Equation (2) where / represents the mutual information.
For the case of three nodes( m = 3 ), Equation (1) reduces to:
I{X{,X2,X3), 1(X2 -JX^X3),
Ce = min I (X -^; Xx, X1), Equation (3)
AH(*0 + H(*2)+H(*3)-H(x,,*2,*3)]
The translation of Equation (3) to the group-wise secret key problem described above is that the group-wise secret key cannot be longer than:
Equation (4)
Figure imgf000004_0003
[0013] SUMMARY
[0014] A method and mechanism is disclosed for constructing a perfectly secret key within a group of nodes. In a group of m nodes, pair-wise secret keys are assigned. Based on the pair-wise secret keys, these m nodes generate a group-wise perfectly secret key.
[0015] BRIEF DESCRIPTION OF THE DRAWINGS
[0016] A more detailed understanding of the invention may be had from the following description of a preferred embodiment, given by way of example and to be understood in conjunction with the accompanying drawings wherein: [0017] Figure 1 is an illustration of an exemplary communication network with three nodes and three pair- wise keys;
[0018] Figure 2 is a method flow chart depicting the generation of a group- wise perfectly secret key;
[0019] Figure 3 is an illustration of a weighted graph of a three node communication network;
[0020] Figure 4 is an illustration of a weighted graph of the network of
Figure 2 after a first iteration of the group-wise secret key generation; [0021] Figure 5 is an illustration of a weighted graph of the network of
Figure 2 after a second iteration of the group-wise secret key generation; [0022] Figure 6 is an illustration of a weighted graph of the network of
Figure 2 after a third iteration of the group-wise secret key generation; [0023] Figures 7 and 8 are method flow charts for implementing a group- wise secret key generation;
[0024] Figure 9 is a block diagram showing three wireless transmit/receive units sharing a group-wise secret key;
[0025] Figure 10 is a block diagram showing three nodes sharing a group- wise secret key over a fiber optic network; [0026] Figure 11 shows a network consisting of eight nodes; [0027] Figure 12 shows a spanning tree for the network of Figure 11 used to generate a group-wise secret key.
[0028] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0029] When referred to hereafter, the terminology "wireless transmit/receive unit (WTRU)" includes, but is not limited to, a user equipment (UE), a network node, a mobile station, a fixed or mobile subscriber unit, a pager, a cellular telephone, a personal digital assistant (PDA), a computer, or any other type of user device capable of operating in a wireless environment. When referred to hereafter, the terminology "base station" includes, but is not limited to, a Node-B, a site controller, an access point (AP), or any other type of interfacing device capable of operating in a wireless environment. [0030] In a first embodiment, an algorithm and mechanism for constructing a perfectly secret key within a group of nodes is disclosed. In a network of m nodes, it is assumed that every pair of WTRUs has already generated a perfectly secret key. An exemplary method for generating a perfectly secret key according to joint-randomness-not-shared-by-others is disclosed in commonly assigned U.S. Patent Application No. 11/339,958 filed on January 26, 2006, which is incorporated herein by reference. A secret key shared by a pair of WTRUs is statistically independent of all other WTRU's knowledge. Based on pair-wise perfectly secret keys, these m WTRUs wish to generate a group-wise perfectly secret key. To do so, each WTRU can communicate with every other WTRU through public broadcasts. To avert miscommunication due to errors in the shared key, it is assumed that through appropriate channel protection codes can be applied such that the public broadcast would be received error-free. One such technique for error-free communication would include the use of Forward Error Correction (FEC). An eavesdropper, without any information on the pair-wise secret keys, is able to observe the public transmissions among the m WTRUs. [0031] In an alternative embodiment, an algorithm and mechanism for constructing a perfectly secret key within a group of nodes connected by fiber optic links (FTRUs) is disclosed. In a network of m nodes, it is assumed that every pair of FTRUs has already generated a perfectly secret key using well- known quantum-cryptographic methods. A secret key shared by a pair of FTRUs is statistically independent of all other FTRU's knowledge. Based on pair-wise perfectly secret keys, these m FTRUs wish to generate a group-wise perfectly secret key. The nature in which they do so is identical to the nature in which WTRUs generate their group- wise shared keys.
[0032] The method, using either quantum cryptography or the wireless channel-based key generation, may be mathematically expressed as follows. Consider m nodes, where each pair of nodes share a perfectly secret key Kt J (or equivalentlyλ^ , ), withl ≤ . ≠ y ≤ m . Then the mutual key I is represented as follows, l(KhJ ; {κ,.<r : (VJ') ≠ (/,./)})« 0 . Equation (5)
[0033] Without loss of generality, it is assumed that every pair-wise secret key KhJ is a full entropy bit string, i.e.,
H(K1 J ) H K1 J I , Equation (6) where | . | denotes the length of a bit string and H denotes entropy. Any well known high performance algorithm can be used to ensure the string is a full entropy bit string. Commonly implemented algorithms for full entropy include a Burrows-Wheeler Transform which is used in BZIP. Let V denote all the information contained in the public broadcast channel transmissions among the m WTRUs. After the transmissions, WTRU i calculates the group-wise secret key K according to the following constraints. The group-wise key is based on the WTRU's pair-wise secret keys [K1 ; j ≠ i) and information V, such that:
I(K; V) « 0, Equation (7) and
H(K) *\ K \ , Equation (8) where Equation (7) denotes that the group-wise secret key is nearly statistically independent of eavesdropper's information, the information V on the public channel, and Equation (8) denotes that the group- wise secret key is a full entropy bit string. The condition implies that the group-wise secret key K is a perfectly secret key. A method and mechanism to maximize the length of the resulting group-wise secret key is therefore desired. The following describes a graphical representation of such a network to facilitate a first embodiment. [0034] An undirected graph G=(N, E) with N nodes and E edges is said to be connected if, for every two distinct nodes i, j e N , there exists a path from node i to node j. Otherwise, the graph is said to be un-connected. Referring to Figure 1, a connected graph with nodes 101, 102, and 103 is shown, with each pair of nodes sharing a pair-wise secret k.eyKl 2,Ki :i , K2 i . A weighted graph associates a numerical weight with every edge in the graph. Referring back to Figure 1, the weight of the edge is represented by their respective pair-wise secret keys, Kx 2 ,
Kx j K2 i . Because the keys depicted are of only one bit, the respective edges all have a weight of one. The weight of a tree in a weighted graph is the sum of the weights of the selected edges.
[0035] A cut on a graph G=(Ν,E) is a partition of the nodes N into two sets
Ni, N2. Any edge (i,j) e E with i e N1 and j e N2 is said to be a cut edge. In weighted graphs, the size of a cut is defined to be the sum of the weights of its edges. A cut is minimal if the size of the cut is not larger than the size of any other cut.
[0036] Given a connected undirected graph G=(Ν,E), let E1 be a subset of E such that a spanning tree is defined by T=(N,Ei). A minimum spanning tree from a weighted graph is defined such that the sum of the weights of its edges is as small as possible. The problem of finding a minimum spanning tree can be solved by an optimization algorithm, such as a greedy algorithm. In such a technique, a complex optimization problem is solved in an iterative manner by solving a simple local optimization problem at each step (i.e., by being greedy). In doing so, these algorithms typically deliver low computational complexity, while resulting in provably optimal or near optimal solution for many optimization problems. Two examples of greedy algorithms that can solve the minimum spanning tree problem are Kruskal's algorithm and Prim's algorithm. [0037] Kruskal's algorithm is outlined by the following steps:
1. Sort the edges of G in increasing order by weight;
2. keep a subgraph T of G, initially empty ;
3. for each edge e in sorted order, if the endpoints of e are disconnected in T, add e to T;
4. return T.
[0038] Prim's algorithm is outlined by the following steps:
1. Let T be a single node in G;
2. while (T has fewer nodes than G);
3. find the smallest weight edge connecting T to G-T;
4. add it to T;
5. return T.
[0039] The respective running times of the Kruskal algorithm and the Prim algorithm are represented by O(r + mlogm) andθ(w2) , where m and r are the number of nodes and edges in G, respectively.
[0040] Referring to Figure 2, a flow chart showing an example of how to solve the problem of generating a group-wise secret key. In the first step 230, a statistically random source is required for creating a pair-wise secret key. In Figure 2, the source is derived through physical measurement, which can be accomplished by either channel measurement or quantum measurement. The source measurements are then used to generate a pair-wise perfectly secret key in step 220. Finally, in step 210 the pair-wise perfectly secret keys are used to generate a group-wise secret key for a system with more than 2 nodes. [0041] The group-wise secret key generation problem can be modeled by a weighted undirected graph. Figure 3 shows a weighted graph for a three node network, having nodes 301, 302 and 303. Each node on the graph represents a network node or WTRU, and each pair-wise secret key is considered as an edge connecting the corresponding nodes. The weight of an edge is equal to the length of the corresponding pair-wise secret key, which is always a nonnegative integer. For example, referring to Figure 3, suppose nodes 301, 302 and 303 share pair- wise secret keys/.", 2 , K1 3 and K11 with lengths 5, 4 and 3, respectively. [0042] The following lemma discusses the generation of a single secret bit among m nodes, based on a single bit from τn-1 pair-wise secret keys whose corresponding edges constitute a spanning tree. Consider an arbitrary tree connecting m nodes. If every pair of neighbor nodes on the tree shares a single pair-wise secret bit, then a single secret bit can be generated among all m nodes. The following method presents a way of generating a secret bit among all m nodes.
[0043] Step 1: Select an edge (/, , i2 ) from the spanning tree. Nodes /, and i2 share a secret bit K1 , .
[0044] Step 2: If a node,/ knows secret bit K1 , from either node ii, or node i∑, sharing the key, but its neighbor node k does not know secret bit Kh h , then node./ sends K] k ® K1^ , to node k, where KJ kis the secret bit shared by nodes,/ and k. Upon receiving this message, node k is able to decode secret bit /-" (| i2 .
Repeat this step until the above condition does not hold.
[0045] The iteration is completed when all nodes are able to decode AT11 ln . In other words, the secret bit K1 ^ is securely transmitted along the spanning tree. Since the pair-wise secret keys satisfy Equations (5) and (6), secret bit AT11 >(j is independent of all the transmissions, i.e.,
/(JC11111 ^1112 ® KjJt : (./,*) ≠ (i,,«2)})= 0. Equation (9)
Hence, K is the secret bit shared by all m nodes.
[0046] Referring to Figure 7, a method 700 is shown which implements the above described method of sharing the secret bit. In step 710 a WTRU selects an edge from the spanning tree. This selection of an edge can be a random selection or by selecting the maximum or minimum edge weight. In the next step 720 the WTRU determines whether or not the secret key bit K1 h is known by a neighboring WTRU. If Kh h is not known, then the WTRU sends Kj k Φ K1^ (i.e. the XOR combination of the secret bit Kh and the pair wise key K] k ) to the neighboring WTRU in step 730. The neighboring WTRU is now able to decode secret bit K1 , in step 740. The next edge is selected (745), and the process is continued until the secret bit is shared by each of the WTRUs in succession. Alternatively, more than one secret bit can be selected and shared with each transmission using the XOR combination with pair-wise secret keys. For each secret key bit, a unique pair-wise secret key bit must be XOR combined with it. [0047] For a case where a secret bit is shared using method 700, the following method steps are used for constructing an optimized group-wise secret key of multiple bits. Note that the problems of determining maximum and minimum spanning trees are equivalent. A maximum spanning tree can be determined by negating edge weights and solving the minimum spanning tree problem on the resulting graphs.
[0048] Step 3: Determine a maximum spanning tree from a given connected weighted graph, using a greedy algorithm (e.g. Kruskal's or Prim's). [0049] Step 4: Generate a single secret bit among all nodes by applying the method 700 as described above. Note that the used bits in pair-wise secret keys, which have been revealed to the eavesdropper, will be of no use in the remaining group-wise secret key generation process.
[0050] Step 5: Update the graph by reducing the edge weight by 1 for the edges on the determined spanning tree. Remove an edge when its weight becomes zero.
[0051] Step 6: If the remaining graph is un-connected, then stop.
Otherwise, return to Step 3.
[0052] Each iteration of steps 3-6 generates a single common secret bit.
Thus, the overall secret key length is equal to the number of iterations that can be run until the graph becomes unconnected. The purpose of searching a maximum spanning tree (rather than picking up an arbitrary spanning tree) is to maximize the number of iterations in the algorithm, by means of "balancing" edge weights in the weight reduction procedure.
[0053] Referring to Figure 8, a method 800 incorporating steps 3-6 above is shown. The first step 810 involves a lead WTRU determining a maximum spanning tree from the given weighted graph. Once the maximum spanning tree is determined, the WTRU uses the method 700 to generate a single common secret bit, described by steps 820-840. After an iteration, the graph must be updated by reducing the weight by 1 for the edges involved (step 850). Repeat the process until the graph is unconnected (step 860). The resulting group-wise secret key has a maximum possible length which will be shared by all of the WTRUs. The group- wise shared key allows the WTRUs to publicly broadcast messages which only the WTRUs within the network can decode. While the embodiment depicted by Figure 8 shows the transmission of one secret bit during an iteration, multiple secret bits may be transmitted during an iteration as long as an equivalent number of pair-wise secret bits are XOR combined with the multiple secret bits.
[0054] Figure 9 shows block diagram of three WTRUs 910, 920, and 930, forming a network over a wireless connection. A WTRU 910 acts as a lead node and initiates the procedures described above and determines the network topology. The lead node seeks to create a secret key with as many bits as possible.
WTRU 910 comprises a processor 915 configured to implement methods 700 and 800 in order to generate a group-wise shared key. WTRU 910 then sends out messages informing the other WTRUs 920 and 930 regarding the selection of the key. The WTRUs 920 and 930 include processors 925 and 935 respectively, to process the key. It should be noted that while the depiction of this embodiment shows only three WTRUs, the process is applicable to an arbitrary number of WTRUs or nodes. Further, while Figure 9 depicts a specific node acting as lead node, any node can make the decision. In another embodiment, the lead node makes the decision and transmits this decision along with the operations that each node should take, allowing the node to reduce the number of transmissions.
In yet another embodiment, a wireless local area network hotspot or a base station can initiate the procedures described above.
[0055] Referring to Figure 10, an apparatus and network of another embodiment is shown. Each node generates a pair-wise secret key using quantum cryptography. The nodes are connected via a fiber-optic network 1040. A node 1010 acts as a lead node and initiates the procedures described above and determines the network topology. The lead node seeks to create a secret key with as many bits as possible. The processor 1015 of the lead node is configured to implement methods 700 and 800 in order to generate a group-wise shared key. The lead node then sends out messages over the fiber optic network, informing the other nodes 1020 and 1030 regarding the selection of the key. The nodes 1020 and 1030 include processors 1025 and 1035 respectively, to process the key. It should be noted that while the depiction of this embodiment shows only three nodes, the process is applicable to an arbitrary number of nodes connected over a fiber optic network.
[0056] Returning to Figure 3, the process of generating a group-wise secret key using method 800 is now described. LetAT1 2 = (AT1 2,...,Kl2) , AT1 3 = (AT1 3,...,AT< 3) , and AT2 3 - (AT2 3,...,AT2 3) , where AT*y. denotes the k'h bit of the secret key shared by nodes i andj.
[0057] First iteration:
[0058] A spanning tree composed of edges ((1,2), (1,3)) is selected in Step 1, because the sum of weights of this spanning tree is 9, which is larger than those of other spanning trees. Then node 301 sends K\2 Θ AT1 3. Upon receiving the message, nodes 302 and 303 can decode AT1 1.,
Figure imgf000013_0001
and , respectively. The bit AT1 1 2 (or AT1 1 J , but not both) is then set as the secret bit, as it is independent of AT1 1 2 Φ AT1 1 3.
By the end of this iteration, the weighted graph is adjusted, as shown in Figure 4. [0059] Second iteration:
[0060] A spanning tree composed of edges ((1,2), (1,3)) is determined in
Step 1. Node 1 sends AT1^2 Θ AT1^3 , and the bit AT1^2 is set as the secret bit. By the end of this iteration, the weighted graph is adjusted, as shown in Figure 5. [0061] Third iteration:
[0062] A spanning tree composed of edges ((1, 2), (2, 3)) is determined in
Step 1. Node 2 sends AT1^2 Θ AT2 1 3 , and the bit AT1^2 is then set as the secret bit. By the end of this iteration, the weighted graph is adjusted, as shown in Figure 6. [0063] The iterations continue until the graph becomes un-connected. A total of six iterations are executed to un-connect the graph. The final three iterations are not depicted in the figures, however, the spanning trees and public transmissions in the last three iterations are
((1,2), (1,3)), ((1,2), (2,3)), ((1,3), (2,3)), and
Λl,2 ty Λ i,3 > Λl,2 <:y Λ2,3 > Λ1,3 W Λ"2,3 » respectively. The secret key K is set as
Figure imgf000014_0001
As mentioned above, the largest achievable secret key in this example does not exceed 6 bits. Method 700 achieves this upper bound.
[0064] Referring to Figure 11, consider a network with eight nodes, each node is represented by a terminal. Within the network, the terminals have acquired pair-wise perfectly secret keys. Each pair-wise perfectly secret key is statistically independent.
[0065] In Figure 12, a spanning tree 1200 is selected from the network shown in Figure 11. Each edge of the spanning tree represents a one bit pair- wise secret key (Ka, b, Ka,c, Kb,d, Kb,e, Kc,f...). In order to create a group-wise perfectly secret key, Node a will select from key Ka, b or key Ka, c which will be chosen as the group-wise secret key. For purposes of this example, it is assumed that Node α has selected key Ka, b, however, in practice either bit could be selected randomly or through an algorithm. Node a will then transmit to Node b
K ffi K either aJ> "c (which will equal 1) or transmit nothing. This will identify to
Node 6 that Ka, b was chosen as the secret bit. Additionally Node a will transmit
K (D v aj, c,c t0 Node c, which Node C can decode using its pair-wise secret key Ka, c.
Similarly, Node b and Node c then transmit key Ka,b to Node d, e, and f by convolving key Ka,b with the pair-wise secret key bits (Kb.a.Kb.e, Kc,f respectively) of each node. The process is continued until key Ka, b is known by the entire spanning tree, and a group-wise secret key Ka, b, will be known by all of the nodes. While the embodiment depicted in Figure 11 shows only 8 nodes, the process is applicable for any number of nodes. Further, the embodiment in Figure 12 depicts a secret key of only 1 bit, but a secret bit of any length may be used. In a variation to the embodiment, the nodes may transmit more than one secret bit to a neighboring node. Alternatively, the spanning tree is reselected after each iteration. [0066] EMBODIMENTS
1. A method for generating a group-wise perfectly secret key in a wireless communication system having a plurality of wireless transmit/receive units (WTRU) utilizing symmetric key encryption, the method comprising: a) generating a pair-wise perfectly secret key between at least two WTRUs; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
2. The method as in embodiment 1, further comprising: c) transmitting the group-wise perfectly secret key on a public broadcast channel to another WTRU using an XOR combination with a pair-wise perfectly secret key.
3. The method as in any of embodiments 1-2, further comprising: c) determining a spanning tree from the plurality of WTRUs, the spanning tree having an edge weight between each WTRU pair equal to a length of a pair-wise perfectly secret key; d) generating a group-wise perfectly secret key among m WTRUs according to a key from m-1 pair-wise secret keys; and e) reducing an edge weight by a key length on the spanning tree.
4. The method as in any of embodiments 1-3, wherein the spanning tree is a maximum spanning tree.
5. The method as in any of embodiments 1-4, further comprising: c) selecting an edge for a spanning tree having a corresponding pair-wise secret bit that is to be the group-wise perfectly secret key; d) determining at a first WTRU that a neighboring WTRU lacks knowledge of the selected edge's secret bit; e) transmitting the selected edge's secret bit from the first WTRU to a neighboring WTRU with the pair-wise secret key shared by the first WTRU and the neighboring WTRU using an XOR combination; f) decoding the selected edge's secret key bit at the neighboring WTRU; and g) repeating steps c) through f) until all WTRUs share the secret bit.
6. The method as in any of embodiments 1-5, further comprising: h) determining a maximum spanning tree from the plurality of WTRUs, the maximum spanning tree having edge weights between each WTRU equal to the length of a pair-wise secret key; i) reducing an edge weight by one bit on the maximum spanning tree following step e); and j) removing an edge from the spanning tree when its edge weight becomes zero.
7. The method as in any of embodiments 1-6, wherein determining the maximum spanning tree is accomplished using a greedy algorithm.
8. The method as in any of embodiments 1-7, wherein the greedy algorithm is selected from the group consisting of a Kruskal algorithm and a Prim algorithm.
9. The method as in any of embodiments 1-3, wherein determining a maximum spanning tree includes selecting a WTRU such that the sum of all edges connecting to this WTRU is maximum.
10. The method as in any of embodiments 1-9, wherein the pair-wise perfectly secret key is generated based on joint randomness of the pair-wise channel.
11. The method as in any of embodiments 1-9, wherein the pair-wise perfectly secret key is generated based on a quantum entanglement.
12. A wireless transmit/receive unit (WTRU) capable of generating a group-wise perfectly secret key in a wireless communication system having a plurality of WTRUs utilizing symmetric key encryption, the WTRU comprising: a processor configured to generate a pair-wise perfectly secret key with a connected WTRU; a receiver for receiving a secret key on a public broadcast channel; and a processor for determining a group-wise perfectly secret key K based on the pair-wise secret keys.
13. The WTRU as in embodiment 12, further comprising a transmitter for transmitting on a public broadcast the group-wise perfectly secret key channel that is XOR combined with the pair-wise perfectly secret key.
14. The WTRU as in any of embodiments 12-13, wherein the processor is configured to select a secret bit from an edge, further comprising a transmitter configured to transmit a selected edge's secret bit to a neighboring WTRU combined with the pair-wise secret key shared by the WTRU and the neighboring WTRU.
15. A method for generating a group-wise perfectly secret key in a fiber optic communication network having a plurality of nodes utilizing symmetric key encryption, the method comprising: a) generating a pair-wise perfectly secret key between at least two nodes using quantum cryptography; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
16. The method as in embodiment 15, further comprising: c) transmitting the group-wise perfectly secret key on a public broadcast channel to another node using an XOR combination with a pair-wise perfectly secret key.
17. The method as in any of embodiments 15-16, further comprising: c) determining a spanning tree from the plurality of nodes, the spanning tree having an edge weight between each node pair equal to a length of a pair-wise perfectly secret key; d) generating a group-wise perfectly secret key among m nodes according to a key from m-1 pair-wise secret keys; and e) reducing an edge weight by a key length on the spanning tree.
18. The method as in any of embodiments 15-17, wherein the spanning tree is a maximum spanning tree.
19. The method as in any of embodiments 15-18, further comprising: c) selecting an edge for a spanning tree having a corresponding pair-wise secret bit that is to be the group-wise perfectly secret key; d) determining at a first node that a neighboring node lacks knowledge of the selected edge's secret bit; e) transmitting the selected edge's secret bit from the first node to a neighboring node with the pair-wise secret key shared by the first node and the neighboring node using an XOR combination; f) decoding the selected edge's secret key bit at the neighboring node; and g) repeating steps c) through f) until all nodes share the secret bit.
20. The method as in any of embodiments 15, further comprising: h) determining a maximum spanning tree from the plurality of node, the maximum spanning tree having edge weights between each node equal to the length of a pair-wise secret key; i) reducing an edge weight by one bit on the maximum spanning tree following step e); and j) removing an edge from the spanning tree when its edge weight becomes zero.
21. The method as in any of embodiments 15-20, wherein determining the maximum spanning tree is accomplished using a greedy algorithm.
22. The method as in any of embodiments 15-21, wherein the greedy algorithm is selected from the group consisting of a Kruskal algorithm and a Prim algorithm.
23. The method as in any of embodiments 15-17, wherein determining a maximum spanning tree includes selecting a node such that the sum of all edges connecting to this node is maximum. [0067] Although the features and elements are described in the preferred embodiments in particular combinations, each feature or element can be used alone without the other features and elements of the preferred embodiments or in various combinations with or without other features and elements. The methods or flow charts provided herein may be implemented in a computer program, software, or firmware tangibly embodied in a computer-readable storage medium for execution by a general purpose computer or a processor. Examples of computer-readable storage mediums include a read only memory (ROM), a random access memory (RAM), a register, cache memory, semiconductor memory devices, magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
[0068] Suitable processors include, by way of example, a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) circuits, any other type of integrated circuit (IC), and/or a state machine. [0069] A processor in association with software may be used to implement a radio frequency transceiver for use in a wireless transmit receive unit (WTRU), user equipment (UE), terminal, base station, radio network controller (RNC), or any host computer. The WTRU may be used in conjunction with modules, implemented in hardware and/or software, such as a camera, a video camera module, a videophone, a speakerphone, a vibration device, a speaker, a microphone, a television transceiver, a hands free headset, a keyboard, a Bluetooth® module, a frequency modulated (FM) radio unit, a liquid crystal display (LCD) display unit, an organic light-emitting diode (OLED) display unit, a digital music player, a media player, a video game player module, an Internet browser, and/or any wireless local area network (WLAN) module.

Claims

CLAIMS What is claimed is:
1. A method for generating a group- wise perfectly secret key in a wireless communication system having a plurality of wireless transmit/receive units (WTRU) utilizing symmetric key encryption, the method comprising: a) generating a pair-wise perfectly secret key between at least two WTRUs; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
2. The method as in claim 1, further comprising: c) transmitting the group-wise perfectly secret key on a public broadcast channel to another WTRU using an XOR combination with a pair-wise perfectly secret key.
3. The method as in claim 1, further comprising: c) determining a spanning tree from the plurality of WTRUs, the spanning tree having an edge weight between each WTRU pair equal to a length of a pair-wise perfectly secret key; d) generating a group-wise perfectly secret key among m WTRUs according to a key from m-1 pair-wise secret keys; and e) reducing an edge weight by a key length on the spanning tree.
4. The method as in claim 3, wherein the spanning tree is a maximum spanning tree.
5. The method as in claim 1, further comprising: c) selecting an edge for a spanning tree having a corresponding pair-wise secret bit that is to be the group-wise perfectly secret key; d) determining at a first WTRU that a neighboring WTRU lacks knowledge of the selected edge's secret bit; e) transmitting the selected edge's secret bit from the first WTRU to a neighboring WTRU with the pair-wise secret key shared by the first WTRU and the neighboring WTRU using an XOR combination; f) decoding the selected edge's secret key bit at the neighboring WTRU; and g) repeating steps c) through f) until all WTRUs share the secret bit.
6. The method as in claim 5, further comprising: h) determining a maximum spanning tree from the plurality of WTRUs, the maximum spanning tree having edge weights between each WTRU equal to the length of a pair-wise secret key; i) reducing an edge weight by one bit on the maximum spanning tree following step e); and j) removing an edge from the spanning tree when its edge weight becomes zero.
7. The method as in claim 6, wherein determining the maximum spanning tree is accomplished using a greedy algorithm.
8. The method as in claim 7, wherein the greedy algorithm is selected from the group consisting of a Kruskal algorithm and a Prim algorithm.
9. The method as in claim 3, wherein determining a maximum spanning tree includes selecting a WTRU such that the sum of all edges connecting to this WTRU is maximum.
10. The method as in claim 1, wherein the pair-wise perfectly secret key is generated based on joint randomness of the pair-wise channel.
11. The method as in claim 1, wherein the pair- wise perfectly secret key is generated based on a quantum entanglement.
12. A wireless transmit/receive unit (WTRU) capable of generating a group-wise perfectly secret key in a wireless communication system having a plurality of WTRUs utilizing symmetric key encryption, the WTRU comprising: a processor configured to generate a pair-wise perfectly secret key with a connected WTRU; a receiver for receiving a secret key on a public broadcast channel; and a processor for determining a group-wise perfectly secret key K based on the pair- wise secret keys.
13. The WTRU as in claim 12, further comprising a transmitter for transmitting on a public broadcast the group-wise perfectly secret key channel that is XOR combined with the pair-wise perfectly secret key.
14. The WTRU as in claim 12, wherein the processor is configured to select a secret bit from an edge, further comprising a transmitter configured to transmit a selected edge's secret bit to a neighboring WTRU combined with the pair-wise secret key shared by the WTRU and the neighboring WTRU.
15. A method for generating a group-wise perfectly secret key in a fiber optic communication network having a plurality of nodes utilizing symmetric key encryption, the method comprising: a) generating a pair-wise perfectly secret key between at least two nodes using quantum cryptography; and b) selecting a group-wise perfectly secret key K using the pair- wise secret keys.
16. The method as in claim 15, further comprising: c) transmitting the group-wise perfectly secret key on a public broadcast channel to another node using an XOR combination with a pair-wise perfectly secret key.
17. The method as in claim 15, further comprising: c) determining a spanning tree from the plurality of nodes, the spanning tree having an edge weight between each node pair equal to a length of a pair-wise perfectly secret key; d) generating a group-wise perfectly secret key among m nodes according to a key from m-1 pair-wise secret keys; and e) reducing an edge weight by a key length on the spanning tree.
18. The method as in claim 17, wherein the spanning tree is a maximum spanning tree.
19. The method as in claim 15, further comprising: c) selecting an edge for a spanning tree having a corresponding pair-wise secret bit that is to be the group-wise perfectly secret key; d) determining at a first node that a neighboring node lacks knowledge of the selected edge's secret bit; e) transmitting the selected edge's secret bit from the first node to a neighboring node with the pair-wise secret key shared by the first node and the neighboring node using an XOR combination; f) decoding the selected edge's secret key bit at the neighboring node; and g) repeating steps c) through f) until all nodes share the secret bit.
20. The method as in claim 15, further comprising: h) determining a maximum spanning tree from the plurality of node, the maximum spanning tree having edge weights between each node equal to the length of a pair-wise secret key; i) reducing an edge weight by one bit on the maximum spanning tree following step e); and j) removing an edge from the spanning tree when its edge weight becomes zero.
21. The method as in claim 20, wherein determining the maximum spanning tree is accomplished using a greedy algorithm.
22. The method as in claim 21, wherein the greedy algorithm is selected from the group consisting of a Kruskal algorithm and a Prim algorithm.
23. The method as in claim 17, wherein determining a maximum spanning tree includes selecting a node such that the sum of all edges connecting to this node is maximum.
PCT/US2007/020465 2006-09-21 2007-09-21 Group-wise secret key generation WO2008105836A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2009529250A JP2010504695A (en) 2006-09-21 2007-09-21 Generation of private key for group
EP07873834A EP2070252A2 (en) 2006-09-21 2007-09-21 Group-wise secret key generation

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US82648406P 2006-09-21 2006-09-21
US60/826,484 2006-09-21

Publications (2)

Publication Number Publication Date
WO2008105836A2 true WO2008105836A2 (en) 2008-09-04
WO2008105836A3 WO2008105836A3 (en) 2009-03-26

Family

ID=39721724

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/020465 WO2008105836A2 (en) 2006-09-21 2007-09-21 Group-wise secret key generation

Country Status (7)

Country Link
US (1) US20080075280A1 (en)
EP (1) EP2070252A2 (en)
JP (1) JP2010504695A (en)
KR (2) KR20090067178A (en)
CN (1) CN101554011A (en)
TW (1) TW200816768A (en)
WO (1) WO2008105836A2 (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7292198B2 (en) 2004-08-18 2007-11-06 Ruckus Wireless, Inc. System and method for an omnidirectional planar antenna apparatus with selectable elements
US7193562B2 (en) 2004-11-22 2007-03-20 Ruckus Wireless, Inc. Circuit board having a peripheral antenna apparatus with selectable antenna elements
US7358912B1 (en) 2005-06-24 2008-04-15 Ruckus Wireless, Inc. Coverage antenna apparatus with selectable horizontal and vertical polarization elements
US7893882B2 (en) 2007-01-08 2011-02-22 Ruckus Wireless, Inc. Pattern shaping of RF emission patterns
US8009644B2 (en) 2005-12-01 2011-08-30 Ruckus Wireless, Inc. On-demand services by wireless base station virtualization
US9769655B2 (en) 2006-04-24 2017-09-19 Ruckus Wireless, Inc. Sharing security keys with headless devices
US9071583B2 (en) 2006-04-24 2015-06-30 Ruckus Wireless, Inc. Provisioned configuration for automatic wireless connection
EP2013758B1 (en) 2006-04-24 2016-08-03 Ruckus Wireless, Inc. Dynamic authentication in secured wireless networks
US8217843B2 (en) 2009-03-13 2012-07-10 Ruckus Wireless, Inc. Adjustment of radiation patterns utilizing a position sensor
US8483392B2 (en) * 2009-09-25 2013-07-09 Apple Inc. Methods and apparatus for compensation for corrupted user identification data in wireless networks
TWI397300B (en) * 2009-09-25 2013-05-21 Univ Shu Te Digital information encryption method
US8553586B2 (en) * 2009-10-16 2013-10-08 Ciena Corporation Systems and methods for automatically building and repairing a spanning tree flooding backbone in link state routed networks
US9146765B2 (en) 2011-03-11 2015-09-29 Microsoft Technology Licensing, Llc Virtual disk storage techniques
US20120272051A1 (en) * 2011-04-22 2012-10-25 International Business Machines Corporation Security key distribution in a cluster
US9792188B2 (en) 2011-05-01 2017-10-17 Ruckus Wireless, Inc. Remote cable access point reset
US9817582B2 (en) 2012-01-09 2017-11-14 Microsoft Technology Licensing, Llc Offload read and write offload provider
US8756668B2 (en) * 2012-02-09 2014-06-17 Ruckus Wireless, Inc. Dynamic PSK for hotspots
US9634403B2 (en) 2012-02-14 2017-04-25 Ruckus Wireless, Inc. Radio frequency emission pattern shaping
US10186750B2 (en) 2012-02-14 2019-01-22 Arris Enterprises Llc Radio frequency antenna array with spacing element
US9092610B2 (en) 2012-04-04 2015-07-28 Ruckus Wireless, Inc. Key assignment for a brand
KR101403095B1 (en) * 2013-04-01 2014-06-11 한국과학기술원 Distributed coordination method and system of task-oriented services using graph coloring algorithm
US10255358B2 (en) * 2014-12-30 2019-04-09 Facebook, Inc. Systems and methods for clustering items associated with interactions
FR3040115B1 (en) * 2015-08-13 2017-08-11 Commissariat Energie Atomique METHOD FOR GENERATING A SECRET GROUP KEY BASED ON RADIO PHYSICAL LAYER AND ASSOCIATED WIRELESS TERMINAL
WO2017086747A1 (en) 2015-11-20 2017-05-26 한국전자통신연구원 Method and device for encoding/decoding image using geometrically modified picture
US10567362B2 (en) * 2016-06-17 2020-02-18 Rubicon Labs, Inc. Method and system for an efficient shared-derived secret provisioning mechanism
US11128452B2 (en) * 2017-03-25 2021-09-21 AVAST Software s.r.o. Encrypted data sharing with a hierarchical key structure
JP6834771B2 (en) * 2017-05-19 2021-02-24 富士通株式会社 Communication device and communication method
KR101987411B1 (en) * 2017-06-26 2019-06-11 중앙대학교 산학협력단 Method and apparatus for sharing secret key
CN108880799B (en) * 2018-06-28 2021-02-02 如般量子科技有限公司 Multi-time identity authentication system and method based on group key pool
CN109274492B (en) * 2018-09-30 2020-08-25 中国科学技术大学 Self-secure tightly coupled secret sharing method
US11316667B1 (en) * 2019-06-25 2022-04-26 Juniper Networks, Inc. Key exchange using pre-generated key pairs
US11652616B2 (en) * 2020-02-26 2023-05-16 International Business Machines Corporation Initializing a local key manager for providing secure data transfer in a computing environment
US11184160B2 (en) 2020-02-26 2021-11-23 International Business Machines Corporation Channel key loading in a computing environment
DE102022127318A1 (en) 2022-10-18 2024-04-18 Constructor University Bremen Ggmbh Method for physical key generation for multiple users in radio transmission

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19938198A1 (en) * 1999-08-12 2001-03-01 Deutsche Telekom Ag Procedure for establishing a common key for a group of at least three participants
WO2006081306A2 (en) * 2005-01-27 2006-08-03 Interdigital Technology Corporation Generation of perfectly secret keys in wireless communication networks

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001086855A2 (en) * 2000-04-28 2001-11-15 The Regents Of The University Of California Apparatus for free-space quantum key distribution in daylight
US7634230B2 (en) * 2002-11-25 2009-12-15 Fujitsu Limited Methods and apparatus for secure, portable, wireless and multi-hop data networking
US7350077B2 (en) * 2002-11-26 2008-03-25 Cisco Technology, Inc. 802.11 using a compressed reassociation exchange to facilitate fast handoff
CA2561796C (en) * 2004-04-02 2012-04-17 Research In Motion Limited Key agreement and re-keying over a bidirectional communication path
MX2007009063A (en) * 2005-01-27 2007-10-02 Interdigital Tech Corp Method and system for deriving an encryption key using joint randomness not shared by others.

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19938198A1 (en) * 1999-08-12 2001-03-01 Deutsche Telekom Ag Procedure for establishing a common key for a group of at least three participants
WO2006081306A2 (en) * 2005-01-27 2006-08-03 Interdigital Technology Corporation Generation of perfectly secret keys in wireless communication networks

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CHUNXUAN YE ET AL: "Group Secret Key Generation Algorithms" INFORMATION THEORY, 2007. ISIT 2007. IEEE INTERNATIONAL SYMPOSIUM ON, IEEE, PISCATAWAY, NJ, USA, 24 June 2007 (2007-06-24), pages 2596-2600, XP031282467 ISBN: 978-1-4244-1397-3 *
SIGURD ET AL.: "CONSTRUCTION OF MINIMUM-WEIGHT SPANNERS" ALGORITHMS-ESA 2004 12TH ANNUAL SYMPOSIUM, 14 July 2004 (2004-07-14), - 17 July 2004 (2004-07-17) pages 797-808, XP002512235 *
YE ET AL.: "Extracting secrecy from jointly Gaussian random variables" IEEE INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY, 9 July 2006 (2006-07-09), - 14 July 2006 (2006-07-14) pages 2593-2597, XP002512234 PISCATAWAY (US) *

Also Published As

Publication number Publication date
KR20090067178A (en) 2009-06-24
EP2070252A2 (en) 2009-06-17
KR20090067221A (en) 2009-06-24
WO2008105836A3 (en) 2009-03-26
CN101554011A (en) 2009-10-07
TW200816768A (en) 2008-04-01
US20080075280A1 (en) 2008-03-27
JP2010504695A (en) 2010-02-12

Similar Documents

Publication Publication Date Title
WO2008105836A2 (en) Group-wise secret key generation
RU2534944C2 (en) Method for secure communication in network, communication device, network and computer programme therefor
Manglayev et al. NOMA with imperfect SIC implementation
EP1542390A1 (en) Quantum key distribution method and communication device
Chiang et al. Group keys and the multicast security in ad hoc networks
Ozgul et al. An algorithm for cooperative data exchange with cost criterion
JP2013514681A (en) Method and system for establishing a secure connection between user terminals
CN110365474B (en) Key agreement method and communication equipment
CN107666491B (en) Data transmission method of air-ground integrated network based on symmetric encryption
JP2010166564A (en) Device and method for reducing overhead in wireless network
CN105407483A (en) Method for safe aggregation model communication based on public-state key in wireless sensor network
Anton et al. Group key establishment in wireless ad hoc networks
Wu et al. A generic secure transmission scheme based on random linear network coding
Wang et al. Optimal design of linear network coding for information theoretically secure unicast
CN104885493A (en) Implicit rekeying mechanism
Athulya et al. Security in mobile ad-hoc networks
Paul et al. Channel hopping using ${p} $-ary m-sequence for rendezvous in cognitive radio networks
Lampiris et al. Coded caching under asynchronous demands
Abraham et al. An efficient protocol for authentication and initial shared key establishment in clustered wireless sensor networks
Singh et al. DNA based cryptography: An approach to secure mobile networks
WO2023003847A9 (en) System and method for quantum-secure microgrids
Kim et al. Design of certification authority using secret redistribution and multicast routing in wireless mesh networks
Guan et al. A secret key establishment protocol for wireless networks using noisy channels
JP2004179889A (en) Quantum key delivery method and communication device
Zhu et al. Auxiliary graph based QKD key provisioning for end-to-end security service in optical networks

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780035272.3

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07873834

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 2009529250

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1020097007749

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2007873834

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020097010420

Country of ref document: KR