WO2014154482A1 - Procede et dispositif d'etablissement de cles de session - Google Patents
Procede et dispositif d'etablissement de cles de session Download PDFInfo
- Publication number
- WO2014154482A1 WO2014154482A1 PCT/EP2014/054791 EP2014054791W WO2014154482A1 WO 2014154482 A1 WO2014154482 A1 WO 2014154482A1 EP 2014054791 W EP2014054791 W EP 2014054791W WO 2014154482 A1 WO2014154482 A1 WO 2014154482A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- entity
- key
- target
- source
- message
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000004891 communication Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 5
- 239000003999 initiator Substances 0.000 description 68
- 238000013459 approach Methods 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 6
- 230000032258 transport Effects 0.000 description 6
- 101000578928 Homo sapiens Macrophage immunometabolism regulator Proteins 0.000 description 3
- 102100028329 Macrophage immunometabolism regulator Human genes 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000000779 depleting effect Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to the field of network communications and in particular that of encrypted communications between the entities of a network. State of the art
- the establishment of a session key between two entities of a communication network is a fundamental prerequisite for the implementation of the vast majority of cryptographic services intended to secure the exchanges between these entities.
- the protection of data exchanged against attacks intended to modify them or simply to read them is generally based on symmetric cryptographic primitives, in which the entities communicating with each other use the same key when sending (encryption, integrity protection) and receiving (decryption, integrity checking) of a message.
- a session key is a procedure intended to intervene many times in the lifetime of a communicating entity.
- a new symmetric key must be used for any secure exchange with any new correspondent.
- These correspondents are all the more numerous as the entity participates in a scenario favoring interactions between members, for example of the type of sensor network (Wireless Sensor Network, WSN), Machine to Machine (M2M) or Internet of Things (loT ).
- WSN Wireless Sensor Network
- M2M Machine to Machine
- LoT Internet of Things
- a session key is characterized by a limited life, and should be regularly refreshed. Thus, the procedure implemented to establish a session key is particularly important, and requires a neat design.
- the security of the protocol must be guaranteed. Thus, the confidentiality of the established key and the mutual authentication of the two correspondents must be ensured. Added to this are other security settings, such as Denial of Service (DDoS) protection that protects entities involved in protocol execution from attacks aimed at depleting their energy resources and / or system resources.
- DDoS Denial of Service
- the session key setup protocol must be efficient in terms of bandwidth requirements and power consumption, and in particular from the point of view of the cryptographic computations implemented. This second criterion is particularly important when the session key establishment protocol must be implemented by entities having only low energy resources, such as a battery, or a low computing capacity and / or memory .
- the protocol can offer additional functionalities, such as the interoperability of the authentication mechanisms between two nodes implementing it or the possibility of a centralized control over the exchange of keys and / or the possibility of a definition. centralized security policies accompanying established keys.
- Three main approaches have been developed to establish session keys between two nodes.
- the first family is the key transport, known as Anglicism
- key transport which consists in securely transporting by encryption one or more secret values from one of the two participants from one session to the other.
- These secret value transports can be made in one direction only and this mode is known by the Anglicism "one-pass key transport protocol” is to be made in both directions, and this mode is known then under the anglicism "two-pass key transport protocol”.
- the session key is then derived from these secret values.
- the second family of session keying solutions is the key agreement, known as the "key agreement”.
- This approach consists of an exchange of public values between the two nodes from which a common session key is recovered by the two entities participating in the exchange without the public values exchanged having to be decrypted.
- the main known protocol of "key agreement” is the Diffie-Hellman protocol. In terms of resources consumed, mainly at the level of energy consumed in cryptographic operations, the "key agreement" is a costly approach.
- a third family of session keying solutions is key distribution, known as key distribution.
- key distribution In this approach, a third entity often called “trusted third party” intervenes to provide the other two participants a secret value that allows them to calculate the session key or the session key itself.
- key distribution also involves direct exchanges between the two participants. Indeed, they must prove their involvement in the protocol, establish the freshness of the messages they send and prove their knowledge of the established secret.
- Key distribution although a simple solution to implement, light in terms of cryptographic operations required and energy consumed, has disadvantages not yet solved by existing solutions.
- Needham and Schroeder key transport protocol presented in the document "Using encryption for authentication in large networks of computers," Communication of the ACM, Volume 21, Number 12, 1978, contains five message exchanges between two entities, one initiator (I) and an answering machine (R) that each share an encryption key with a trusted third party (TC). The exchange of the five messages is shown in FIG.
- One of the major issues in the Needham and Schroeder protocol is an impersonation attack by an attacker posing as the initiator and replaying the third message (Message3) between the initiator and the responder.
- the attacker who can know the key generated by the trusted third party, can then decipher the fourth message and impersonate the session by sending the last message.
- a disadvantage of the Kerberos protocol is that it is not symmetrical with respect to the initiator and the receiver.
- the trusted third party has no assurance that the receiver has been contacted or has agreed to participate in the secure transaction.
- the Kerberos protocol is limited in its applications and rather intended to allow access from a client initiator to a resource supposed not to be subject to malicious behavior, such as a printer or a file server.
- WO 2009/070075 A1 to Blom et al. Entitled “Key management for secure communication” presents a method for establishing session keys for secure communications between two entities.
- the method relies on the MIKEY-Ticket key distribution protocol specified in RFC 6043 of Mattsson and Tian, "MIKET-Ticket: Ticket-based modes of key distribution in Multimedia Internet KEYing (MIKEY)".
- MIKEY Multimedia Internet KEYing
- this protocol can be the target of denial of service attacks.
- the skilled person knows the different forms of denial of service attacks.
- An attacker can create a denial of service by exploiting implementation errors in communication protocols, for example, if the protocol used is implemented to block nodes when they receive unknown data. An attacker can then make a denial of service attack by sending messages containing erroneous fields to the responder, his target.
- Another way to perform a denial of service is to initiate a communication with the target and then stop sending messages to block the target in an acknowledgment state and saturate its receiving stack.
- denial of service can be distributed by using several attackers at the same time to saturate the target as quickly as possible and to make it more difficult for the attacker to trace.
- An object of the present invention is to provide a method for setting session keys that is secure and protected against denial of service attacks.
- the invention offers both an initiating node and an answering node protection against denial of service attacks.
- Another object of the present invention is to provide an efficient session key setting method in terms of consumed resources.
- the method of the invention allows the establishment of a session in four or five message exchanges and relies on the use of symmetric cryptographic primitives.
- the present invention will be implemented in the fields of machine-to-machine (M2M) communications security, or in the context of networks of nodes constrained in resources such as sensors and / or actuators, which are among the nodes most resource-intensive and may need to dynamically set session keys.
- M2M machine-to-machine
- a for the authentication code are derived from an initial key obtained after a step of authenticating the target entity with the third-party trusted entity.
- the message received from the source entity further comprises a source nonce (Ni) to prove the freshness of the message of the source entity.
- Ra for the source entity includes the steps of concatenating the key K
- the message sent to the target entity further comprises the nonce (Ni) and the authentication code based on the second target key K Ra is calculated on the nonce.
- the message received from the target entity further comprises the source nonce (Ni) and a target nonce (N R ) to prove the freshness of the target message.
- the message sent to the source entity further comprises the source and target nonces (Ni, N R ).
- the identifiers of the source and target entities are either IPv6 addresses, MAC addresses or URLs.
- the nuncio is either a timestamp information, a random number or a counter.
- the message sent by the third-party trusted entity to the target entity also contains a key encrypted by the keys K
- the method further comprises a step of sending a message from the source entity to the target entity that contains the identifiers of the source entity and the target entity, the source and target nonces (Ni , N R ) and an authentication code calculated with the key K
- the invention further relates to a system for establishing a session key between a source entity and a target entity, the source entity sharing with a third-party trusted entity a first source key K
- the invention may operate in the form of a computer program product that includes code instructions for performing the claimed process steps when the program is run on a computer.
- Figure 1 illustrates the message exchanges according to the method of Needham and Schroeder
- Figure 2 illustrates the message exchanges according to the method of
- FIG. 3 illustrates the message exchanges according to the method of Otway and Rees
- Figure 4 is a topological representation of a network infrastructure in which to advantageously implement the invention.
- FIG. 5 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 4 according to the MIKEY-Ticket method
- Figure 6 shows the procedures performed between initiator, responder and trusted third party entities of the network of Figure 4 in an advantageous implementation of the invention
- FIG. 7 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 1 in an implementation variant of the invention.
- FIG. 4 illustrates an example of an infrastructure of communication 100 in which advantageously implement the invention.
- the example of FIG. 4 only shows a finite number of entities (or nodes) and connections, but the person skilled in the art will extend the principles described to a plurality and a variety of entities and types of connections (wireless, mobile, very high speed).
- the communication network (1 00) comprises fixed or mobile entities that can form an object network (102). Entities can be heavily resource constrained (102-1, 102-n) or resource constrained (1 12-1, 112-m).
- the entities with strong resource constraints may be wireless sensors or actuators, having limited computing and / or storage capacities. They can also be active tags. However, an entity that is not intrinsically resource-limited may be temporarily so long as it uses a large portion of its CPU resources for another task, or its battery level reaches a critical threshold value. And this entity can be brought to implement less energy-efficient protocols such as that of the invention.
- Entities with lesser resource constraints may be mobile phones equipped with an internet connection and a camera. It can also be interconnection gateways between a network of constrained entities and the Internet. These entities offer more computing power and storage capacity, can have a higher energy reserve (battery, mains power supply) and can communicate over a network, either directly to an internet network (104) such as illustrated or through gateways and intermediate servers (not shown).
- an internet network (104) such as illustrated or through gateways and intermediate servers (not shown).
- the node network (102) may be based on level 2 (e.g., 802.1 5.4 or 802.11) and / or level 3 (e.g., IP) communications between the entities of which it is composed. Following the protocols on which it relies, multicast or broadcast communication schemes can be used.
- level 2 e.g., 802.1 5.4 or 802.11
- level 3 e.g., IP
- the present invention may be advantageously applied in the environment of FIG. 4 between two nodes of the network, a source entity that is called an 'initiator' and a target entity that is called a 'responder'. Both entities need to establish a security association with each other.
- a central key distribution server (106) that is known as a trusted third party is responsible for authenticating the nodes. It may be remote and accessible via a third party communications network (104) which may be a cellular network or the Internet.
- the trusted third party stores cryptographic data necessary for the authentication of each of the nodes.
- each initiator and responder node authenticates to the central server using its own credentials, identity templates, and independent authentication methods most in accordance with each their own specificities and constraints.
- two nodes can for example establish a session key and associate with their respective identities while the latter are respectively validated by means of a smart card for one and a biometric authentication for the other.
- the trusted server distributes the same two-node session key that wants to establish a security association between them, allowing decorrelated authentications for each node, as well as centralized control over the key establishment and / or the policies that accompany it. these last.
- FIG. 5 shows the procedures performed according to the known Mikey-Ticket protocol between an initiator node (I), a responder node (R) and a trusted third party (TC) of the network of FIG. 4.
- E ⁇ K, (Datai, Data 2 , ...) ⁇ designates the encryption of the concatenated data (Datai, Data 2 , 7) with an encryption algorithm using a key K.
- MAC ⁇ K, (Datai, Data 2 , ...) ⁇ designates the Message Authentication Code (MAC) on the concatenated data (Datai, Data 2 , ...) using a K key
- MIKEY-Ticket protocol has been defined to extend the MIKEY protocol by the use of a trusted third party and is based on the exchange of six messages between the three initiator entities (I), responder (R) and trusted third party (TC).
- An initiating node sends the trusted third party a first message in the form of an initialization request "Request_init”.
- the request contains a MAC authentication code which is calculated with its key "Kia”.
- TC checks the validity of the MAC and the authenticity of the data (Datai) sent by the initiator.
- This data mainly contains an identifier of the answering node with which the initiator node wants to establish a session, a nonce and information on the MAC encryption and computation algorithms supported by the initiator.
- the trusted third party generates a "KIR” key and transmits it to the initiator in a "Request_resp” response message.
- R is encrypted by the encryption key "Ki e " of the initiator.
- the second message also contains a ticket "Ticketi” for the initiator and a MAC calculated with the key K ! a .
- the initiator verifies the validity of the MAC and retrieves his key K ! R which will allow him to derive with the answering machine two keys "KiRa" and "K
- Ra will be used to calculate MACs while the KiRe key will encrypt data.
- the initiator then sends the responder a message "Transfert_init” which contains its ticket “Ticketi”.
- This third message contains a MAC calculated with the key K
- the answering node (R) has not yet received the key K
- the answering machine On receipt of the fifth message, the answering machine checks the MAC calculated by the trusted third party and retrieves the key K
- the answering node only checks the MAC sent by the initiator in the third message, after having exchanged the fourth and fifth messages with the trusted third party, it can then be the target of denial of service attack.
- An attacking node may bombard the answering node with an unlimited number of "Transfe nit” messages (third message) to force him to compute a large number of messages “Resolve_init” (fourth message) and thus exhaust all energy and computing resources of the answering node.
- Figure 6 shows the procedures performed between entities
- An important advantage of the invention lies in the energy efficiency of the method implemented which is obtained by means of a reduced number of exchanged messages.
- the proposed method makes it possible to establish secure communication between an initiating node and an answering node in five message exchanges in the implementation of FIG. 6, or in four message exchanges according to the implementation of FIG. note that the last message described for both examples is exchanged between the initiator and the responder and corresponds to a confirmation of key by the initiator which can be implicit.
- the secure exchange of data between the initiator and the responder can begin respectively after the fourth and the third message of Figures 6 and 7.
- the message exchanges give roles equivalent to the initiating node (I) and the receiving node (R) with respect to the trusted third party (TC). Indeed, the interactions are of type (l) e (TC), (TC) el (l), (R) tt (TC) and (TC) al (R) and thus offer the trusted third party a better control of session key establishment.
- the implementation illustrated in FIG. 6 can advantageously be applied when establishing a secure communication between two nodes that do not share any secret directly, but which each share one or more secrets with a trusted third party (TC) .
- the trusted third party and the initiator initially share two keys (K
- K ! E and K ! A can be derived from a master key following authentication of the initiator with the trusted third party.
- the answering machine (R) also shares a key pair (K Re , K Ra ) with the trusted third party.
- the initiator and the responder each designate a simple entity, but that in a more general case, it may be a group of initiating nodes and / or a group of answering nodes using individual keys and / or group keys.
- the initiator (I) contacts the trusted third party (TC) to create one or more keys for them.
- the trusted third generates a single key KIR for both nodes (I) and (R). Then, the trusted third party sends the encrypted key KIR with the key K
- the integrity of the messages exchanged is ensured by the addition of MACs, respectively calculated using the keys Kia and K RA .
- the initiator starts the process by sending a first "Messagel" message to the trusted third party.
- This message contains the identifiers of the initiator (IDi), the trusted third party (ID T c) and the responder (ID R ). It also contains a nuncio (Ni) that serves to prove the freshness of the session and to avoid replay attacks.
- the initiator adds to the messagel a MAC (MACn) calculated on (ID ,, ID T c, ID R and N,) with the key K ! A.
- MACn MAC
- the identifiers may depend on the technology used and the type of network deployed. These identifiers may be, for example, IPv6 addresses, MAC addresses or URLs. In the particular case of IP networks, the identifiers ID
- the nonce can be a timestamp information, a random number, or a counter (sequence number). It must be a variable and unique information in time that distinguishes the different executions of the known protocol of Menezes, Van Oorschot and Vanstone, described in the document "Handbook of Applied Cryptography", Chapter 10.
- the Nuncio can also be formed by the combination of the techniques mentioned above. For example, a nonce can be formed by timestamp information and a random number.
- the trusted third party On receipt of the first message, the trusted third party checks the freshness of the Nuncio Ni and uses the key K ! A to calculate the MAC (MAC T ci) on (ID
- MACTC2 MAC
- the trusted third concatenates the key K
- This second message also contains the identifiers (IDi, I DTC, I DR), the nonce N, and the MAC (MACTC 2 ).
- the MAC (MACTC 2 ) is calculated with the key K Ra on the following fields: ID T c, I DR, I DI, NI, and E ⁇ K Re , (K
- the answering machine On receipt of the second message, the answering machine checks the equality between the received MAC T c2 and its own MAC value (MAC R2 ) which it calculates using the key K RA . If the value of MAC T C2 is good, the answering machine decrypts the content of E ⁇ K Re , (K
- the answering machine generates a nonce (N R ) and calculates a MAC (MAC R
- the MAC (MACRI) will be transmitted by the trusted third party to the initiator to enable him to verify that the answering machine has received the
- the responder uses the nonces (Ni, N R ) and the key K ! R as inputs to a pseudo-random function to generate two keys "K
- Ra is used for calculating the MACs
- the KiR e key is used to encrypt data between the initiator and the responder.
- the trusted third party In a second variant, the trusted third party generates two keys, "K
- R is subsequently used to designate both the key used to calculate the MACs and for the encryption, independently of the methods which made it possible to generate the keys K
- the responder generates a third message "Message3" for the trusted third party.
- the message contains the identifiers (ID R ) and (ID T c), the nuncios (N R ) and (N,), the MAC R
- the trusted third party checks the freshness of the nonce N R and calculates the MAC T c3 using the key K Ra and the identifier data (ID R , ID T c), of nonces (N R , Ni) and MAC (MACRI).
- the trusted third party then verifies that the computed MAC T c3 is equal to the MAC R3 received from the receiver. If the value of the MAC T c3 received is valid, the trusted third party generates a message "Message4" to the initiator.
- the fourth message contains the nonces N R and N
- the key KIR is concatenated with the identifiers of the responder ID R and the trusted third party ID T c, and the nonces Ni and N R before being encrypted with the key K
- the message sent by the trusted third party to the initiator also contains a MAC (MAC T c 4 ) calculated with the key K ! A which allows the initiator to check the integrity of the data received.
- the initiator Upon receipt of the fourth message, the initiator calculates its MAC (MAC
- the initiator uses the key K
- the initiator locally calculates a MAC (MACIR) on the same fields as those used by the receiver when calculating the (MACRI), namely the identifiers (ID R , ID T c, ID
- the initiator compares if there is a tie between his MACIR and the MAC TM. If both MACs are equal, it means that the answering machine has received the key K
- the initiator sends directly to the responder the fifth message 5 which contains the respective identifiers of the initiator and the responder (I Di and ID R ), their nuncios (N
- FIG. 7 shows the procedures executed between the initiator, responder and trusted third party entities of the network of FIG. 4 in an implementation variant of the invention consisting of four exchanged messages.
- the initiator starts the process by sending a first message "Messagel" to the trusted third party.
- the content of the first message is identical to that described with reference to FIG.
- the trusted third party TC After receiving the Messagel, the trusted third party TC generates a nonce (N T c), as well as the key K
- the nonce N T c is an optional parameter that allows to add freshness to the second message in the case where the responder combines the freshness of the message to the receipt of a new nuncio of the initiator but also the trusted third party.
- N T c The addition of the Nunc (N T c) can be decided during the establishment of the security policy by the network administrator.
- the trusted third digit with the key K RE , the nuncio, the key KIR, and this same key K
- the cipher is sent in a second message "Message2bis" to the answering machine.
- the message further contains a MAC calculated with the key K Ra , to allow the responder to verify the integrity of the data received.
- the responder After receiving the second message, the responder verifies the integrity and authenticity of the received message using its key K Ra . If the result of the check is positive, the answering machine decrypts the message to retrieve the shared key K
- the answering machine generates a nunc (N R ) then sends in a third message "Message3bis", the data received from the third party.
- N R the number of bits
- the answering machine also sends a calculated MAC with this key KIR.
- the initiator Upon receipt of the third message, the initiator verifies the integrity of the first part of the message generated by the trusted third party by using the key K
- the initiator then sends directly to the responder a fourth message which contains the identifiers of the initiator and the responder (ID
- the answering machine checks the value of the MAC
- the present invention can be implemented from hardware and / or software elements. It may be available as a computer program product on a computer readable medium.
- the support can be electronic, magnetic, optical, electromagnetic or be an infrared type of diffusion medium.
- Such media are, for example, Random Access Memory RAMs (ROMs), magnetic or optical tapes, floppies or disks (Compact Disk - Read Only Memory (CD-ROM)). ROM), Compact Disk - Read / Write (CD-R / W) and DVD).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP14709651.5A EP2979390A1 (fr) | 2013-03-28 | 2014-03-12 | Procede et dispositif d'etablissement de cles de session |
US14/779,487 US9787651B2 (en) | 2013-03-28 | 2014-03-12 | Method and device for establishing session keys |
CN201480018723.2A CN105075175A (zh) | 2013-03-28 | 2014-03-12 | 用于建立会话密钥的方法和设备 |
JP2016504550A JP2016514913A (ja) | 2013-03-28 | 2014-03-12 | セッション鍵を確立する方法および装置 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1352812 | 2013-03-28 | ||
FR1352812A FR3004041B1 (fr) | 2013-03-28 | 2013-03-28 | Procede et dispositif d'etablissement de cles de session |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014154482A1 true WO2014154482A1 (fr) | 2014-10-02 |
Family
ID=49231587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2014/054791 WO2014154482A1 (fr) | 2013-03-28 | 2014-03-12 | Procede et dispositif d'etablissement de cles de session |
Country Status (6)
Country | Link |
---|---|
US (1) | US9787651B2 (fr) |
EP (1) | EP2979390A1 (fr) |
JP (1) | JP2016514913A (fr) |
CN (1) | CN105075175A (fr) |
FR (1) | FR3004041B1 (fr) |
WO (1) | WO2014154482A1 (fr) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3213488A1 (fr) * | 2014-10-31 | 2017-09-06 | Convida Wireless, LLC | Authentification de couche de service de bout en bout |
EP3248325A1 (fr) * | 2015-01-22 | 2017-11-29 | Entit Software LLC | Répertoire de clés de session |
KR102001753B1 (ko) | 2015-03-16 | 2019-10-01 | 콘비다 와이어리스, 엘엘씨 | 공개 키잉 메커니즘들을 사용한 서비스 계층에서의 종단간 인증 |
CN106452770B (zh) * | 2015-08-12 | 2020-10-13 | 深圳市腾讯计算机系统有限公司 | 一种数据加密方法、解密方法、装置和系统 |
ES2901207T3 (es) * | 2017-03-02 | 2022-03-21 | Actility | Interfaz de comunicación para una red de área extensa de baja potencia, dispositivo inalámbrico y servidor que usan tal interfaz de comunicación |
WO2020000428A1 (fr) * | 2018-06-29 | 2020-01-02 | Nokia Shanghai Bell Co., Ltd. | Procédés, dispositifs et support lisible par ordinateur de gestion de clés |
WO2020093212A1 (fr) * | 2018-11-05 | 2020-05-14 | 华北电力大学扬中智能电气研究中心 | Système et procédé de transmission de données vidéo et dispositif associé |
CN110086627B (zh) * | 2019-04-22 | 2023-08-04 | 如般量子科技有限公司 | 基于非对称密钥池对和时间戳的量子通信服务站密钥协商方法和系统 |
CN114553412B (zh) * | 2022-02-28 | 2024-02-23 | 百果园技术(新加坡)有限公司 | 一种数据传输方法、装置、设备及存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060053289A1 (en) * | 2004-09-09 | 2006-03-09 | International Business Machines Corporation | Peer-to-peer communications |
US20120191971A1 (en) * | 2009-09-30 | 2012-07-26 | France Telecom | Method and devices for secure communications in a telecommunications network |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7864731B2 (en) * | 2006-01-04 | 2011-01-04 | Nokia Corporation | Secure distributed handover signaling |
US9178696B2 (en) | 2007-11-30 | 2015-11-03 | Telefonaktiebolaget L M Ericsson (Publ) | Key management for secure communication |
-
2013
- 2013-03-28 FR FR1352812A patent/FR3004041B1/fr not_active Expired - Fee Related
-
2014
- 2014-03-12 WO PCT/EP2014/054791 patent/WO2014154482A1/fr active Application Filing
- 2014-03-12 CN CN201480018723.2A patent/CN105075175A/zh active Pending
- 2014-03-12 JP JP2016504550A patent/JP2016514913A/ja not_active Withdrawn
- 2014-03-12 EP EP14709651.5A patent/EP2979390A1/fr not_active Withdrawn
- 2014-03-12 US US14/779,487 patent/US9787651B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060053289A1 (en) * | 2004-09-09 | 2006-03-09 | International Business Machines Corporation | Peer-to-peer communications |
US20120191971A1 (en) * | 2009-09-30 | 2012-07-26 | France Telecom | Method and devices for secure communications in a telecommunications network |
Non-Patent Citations (3)
Title |
---|
COLIN BOYD: "A Class of Flexible and Efficient Key Management Protocols", 10 June 1996 (1996-06-10) - 12 June 1996 (1996-06-12), Brisbane, Australia, pages 2 - 8, XP002719218, ISSN: 1063-6900, ISBN: 0-8186-7522-5, Retrieved from the Internet <URL:http://dx.doi.org/10.1109/CSFW.1996.503685> [retrieved on 20140123], DOI: 10.1109/CSFW.1996.503685 * |
KALVINDER SINGH ET AL: "A Minimal Protocol for Authenticated Key Distribution in Wireless Sensor Networks", INTELLIGENT SENSING AND INFORMATION PROCESSING, 2006. ICISIP 2006. FOU RTH INTERNATIONAL CONFERENCE ON, IEEE, PI, 1 December 2006 (2006-12-01), pages 78 - 83, XP031124309, ISBN: 978-1-4244-0611-1 * |
See also references of EP2979390A1 * |
Also Published As
Publication number | Publication date |
---|---|
CN105075175A (zh) | 2015-11-18 |
US20160044007A1 (en) | 2016-02-11 |
US9787651B2 (en) | 2017-10-10 |
FR3004041B1 (fr) | 2015-04-17 |
FR3004041A1 (fr) | 2014-10-03 |
EP2979390A1 (fr) | 2016-02-03 |
JP2016514913A (ja) | 2016-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014154482A1 (fr) | Procede et dispositif d'etablissement de cles de session | |
FR2988942A1 (fr) | Methode et systeme d'etablissement d'une cle de session | |
Kalra et al. | Secure authentication scheme for IoT and cloud servers | |
EP3506556B1 (fr) | Méthode d'échange de clés authentifié par chaine de blocs | |
Mahalle et al. | Identity establishment and capability based access control (iecac) scheme for internet of things | |
WO2013160140A1 (fr) | Methode et systeme d' authentification des noeuds d'un reseau | |
EP3174241B1 (fr) | Méthode d'établissement d'une communication sécurisée de bout en bout entre le terminal d'un utilisateur et un objet connecté | |
EP2484084B1 (fr) | Procédé et dispositifs de communications securisées contre les attaques par innondation et denis de service (dos) dans un réseau de télécommunications | |
US20100306542A1 (en) | Password-authenticated asymmetric key exchange | |
Saied et al. | A distributed approach for secure M2M communications | |
US20220029969A1 (en) | Method and Apparatus for Effecting a Data-Based Activity | |
EP2865128A1 (fr) | Dispositif et procede pour generer une cle de session entre des entites a faibles ressources | |
Kumar et al. | A lightweight signcryption method for perception layer in Internet-of-Things | |
CN113014379B (zh) | 支持跨云域数据分享的三方认证和密钥协商方法、系统和计算机存储介质 | |
EP2186252B1 (fr) | Procede de distribution de cles cryptographiques dans un reseau de communication | |
EP2294850A1 (fr) | Procede pour securiser des echanges entre un noeud demandeur et un noeud destinataire | |
Chandrakar et al. | Blockchain based security protocol for device to device secure communication in internet of things networks | |
Chung et al. | DiscoverFriends: Secure social network communication in mobile ad hoc networks | |
Schliep et al. | Consistent synchronous group off-the-record messaging with sym-gotr | |
Lin et al. | Blockchain-Based Lightweight Certificateless Authenticated Key Agreement Protocol for V2V Communications in IoV | |
Babu et al. | Trust-based permissioned blockchain network for identification and authentication of internet of smart devices: An e-commerce prospective | |
Durgam et al. | Dynamic time assisted authentication protocol (DTAAP) for client-server in WSN-IoT environment | |
Kumar et al. | LiSP: A lightweight signcryption using PHOTON hash for Internet-of-Things infrastructure | |
KR101190134B1 (ko) | 인증을 위한 동적 그룹키 생성 방법 | |
Karthik et al. | Energy-Efficient Elliptic Curve Cryptography-Based DTLS Key Establishment Protocol for IoT Communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201480018723.2 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14709651 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014709651 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2016504550 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14779487 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |