WO2017064010A1 - Procédé pour générer un secret dans un réseau - Google Patents

Procédé pour générer un secret dans un réseau Download PDF

Info

Publication number
WO2017064010A1
WO2017064010A1 PCT/EP2016/074225 EP2016074225W WO2017064010A1 WO 2017064010 A1 WO2017064010 A1 WO 2017064010A1 EP 2016074225 W EP2016074225 W EP 2016074225W WO 2017064010 A1 WO2017064010 A1 WO 2017064010A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscriber
secret
value sequence
transmission
value
Prior art date
Application number
PCT/EP2016/074225
Other languages
German (de)
English (en)
Inventor
Florian Hartwich
Timo Lothspeich
Franz Bailer
Christian Horst
Arthur Mutter
Andreas Mueller
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2017064010A1 publication Critical patent/WO2017064010A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the present invention relates to a method for generating a secret in a network with at least two subscribers, as well as a network, a computing unit and a computer program for its implementation.
  • the Applicant has proposed a method for generating a secret or key in a network, which uses a superimposition of signals of two subscribers on a common transmission medium.
  • the network has at least a first and a second subscriber and a transmission channel between at least the first and the second subscriber.
  • the first and second subscribers may each provide at least a first value and a second value to the transmission channel.
  • the first subscriber and the second subscriber initiate a first subscriber value sequence or a second subscriber value sequence for transmission to the transmission channel which is largely synchronous with one another.
  • the first subscriber or the second subscriber On the basis of information about the first subscriber value sequence or the second subscriber value sequence and on the basis of an overlay value sequence resulting from a superposition of the first subscriber value sequence with the second subscriber value sequence on the transmission channel, the first subscriber or the second subscriber generate a shared secret or a common key.
  • connections standing administrator eg higher-level control device o. ⁇ .
  • a common secret between the two participants of a network with a common transmission channel between at least the two participants is established.
  • the administrator does not necessarily have to be different from the participants. Rather, some or all administration steps can also be performed by one of the participants.
  • the invention allows a defined sequence of secret generation even in real environments with numerous participants with possibly different hierarchy levels.
  • a shared secret between two different subscribers of a network, which can be used in particular for generating a symmetric cryptographic key.
  • a shared secret can in principle also be used for purposes other than cryptographic keys in the strict sense, e.g. as a one-time pad.
  • a method for generating a secret based on a superimposition of dominant and recessive signals for example, according to DE 10 2015 207 220 A1 is used, wherein the network at least a first and a second subscriber and a transmission channel between at least the first and the second subscriber having.
  • the first and second subscribers may each provide at least a first value and a second value to the transmission channel.
  • the first subscriber or the second subscriber initiate a first subscriber value sequence or a second subscriber value sequence for transmission to the transmission channel which is largely synchronous with one another.
  • the first subscriber or the second subscriber On the basis of information about the first subscriber value sequence or the second subscriber value sequence and on the basis of an overlay value sequence resulting from a superposition of the first subscriber value sequence with the second subscriber value sequence on the transmission channel, the first subscriber or the second subscriber generate a shared secret.
  • the method can be used in a network in which there is a dominant value (physically: a dominant signal), which prevails when only one subscriber applies it to the transmission medium, and a recessive value (physically: a recessive signal ), which only results on the transmission medium if both or all participants transmit a recessive value.
  • a dominant value physically: a dominant signal
  • a recessive value physically: a recessive signal
  • the transmission of a recessive value of at least one of the subscribers can also be replaced by the fact that at this point the value sequence or, as one of the at least two possible values, nothing is transmitted.
  • the invention provides an approach for generating symmetric, cryptographic keys between two nodes by exploiting properties of the physical layer.
  • the approach is particularly suitable for wireline and optical communication systems, provided that these 'on-off-keying' or a bitwise bus Support arbitration (eg CAN, TTCAN, CAN-FD, LIN, l 2 C).
  • CAN CAN, TTCAN, CAN-FD, LIN, l 2 C.
  • wireless, (radio based) communication systems preferably with a very short distance between transmitter and receiver and a possible direct line of sight
  • all communication systems that enable a distinction between dominant and recessive signals are suitable for use.
  • the methods described herein can be used in a variety of wireless, wired and optical communication systems.
  • the approach described here for the machine-to-machine communication that is for the transmission of data between different sensors, actuators, etc., which generally have only very limited resources and may not be manageable with reasonable effort manually Field can be configured.
  • An inventive participant e.g. a control device, a sensor or an actuator, in particular a motor vehicle, an industrial plant, a home automation network, etc., is, in particular programmatically, configured to perform a method according to the invention.
  • Suitable data carriers for providing the computer program are in particular magnetic, optical and electrical memories, such as e.g. Hard drives, flash memory, EEPROMs, DVDs, etc. It is also possible to download a program via computer networks (Internet, intranet, etc.).
  • Figure 1 shows schematically the structure of an exemplary, underlying communication system.
  • Figure 2 shows schematically a linear bus as an example of an underlying communication system.
  • FIG. 3 schematically shows the sequence of a first preferred method for secret generation between two subscribers of a network.
  • FIG. 4 schematically shows the sequence of a second preferred method for secret generation between two subscribers of a network.
  • FIG. 5 schematically shows the sequence of a third preferred method for secret generation between two subscribers of a network.
  • FIG. 6 schematically shows the sequence of a fourth preferred method for secret generation between two subscribers of a network.
  • FIG. 7 schematically shows the sequence of an exemplary method for encrypted communication between two subscribers of a network.
  • Figure 8 shows a preferred embodiment of a circuit arrangement which can be advantageously used for the invention.
  • this shared transmission medium corresponds to a linear bus (wired or optical) 30, as illustrated by way of example in FIG.
  • a network 20 in FIG. 2 consists of precisely this linear bus 30 as a shared transmission medium (for example as a wired transmission channel), subscribers or nodes 21, 22 and 23 as well as (optional) bus terminations 31 and 32.
  • communication between the various nodes 21, 22 and 23 is assumed to be characterized by the distinction between dominant and recessive values.
  • the possible values are bits '0' and '1'.
  • a dominant bit for example, the logical bit ⁇ '
  • may quasi supersede a simultaneously transmitted recessive bit e.g., the logical bit ⁇ ).
  • the transmission of values of different subscribers must have overlapping periods (ie be largely synchronous within the meaning of this application), so that a superposition of the individual signals of a signal sequence on the transmission medium takes place, in particular so that the signal corresponding to the n-th logical value or bit of the first subscriber with the signal corresponding to the n-th logical value or bit of the second subscriber at least partially superimposed.
  • This overlay should be sufficiently long for the participants to be able to record the overlay or determine the corresponding overlay value.
  • the superimposition value can be determined by arbitration mechanisms or by physical signal superposition. By arbitration mechanism is meant, for example, the case that a subscriber has applied a recessive level, but detects a dominant level on the bus and thus omits the further transmission.
  • the subscribers can then generate a key that is secret to an outside attacker.
  • the outside attacker who can, for example, listen to the effective overall signals present on the shared transmission medium, only sees the superimposition of the value sequences, but does not have the information about the individual value sequences of the participants. Thus, the participants have more information that they can use against the attacker to generate a secret key.
  • FIGS. 3 to 6 An exemplary, particularly preferred realization is explained below with reference to FIGS. 3 to 6, in which different preferred variants of a method according to the invention for generating a secret between the two subscribers 21 and 22 ("Alice” and “Bob") in the network 20 under administration or administration of the acting as an administrator participant 23 (“Carol”) are shown.
  • One or both subscribers 21 and 23 may, for carrying out the invention, have in particular a circuit arrangement 100 connected to a network or communication system embodied here as CAN bus 1, as shown in FIG.
  • the illustrated CAN bus is a two-wire bus with two CAN-H (high) and CAN-L (low) lines.
  • the circuit arrangement 100 is physically connected to the CAN bus 1 via a bus driver module or a transceiver module 90.
  • the circuit arrangement 100 furthermore has a central processing unit embodied as a microprocessor 10, a network interface module designed here as a CAN controller 20, a security module 30, a transmitting and receiving module 40, a multiplexer or distributor module 50, a communication system ( Host IF (interface)) 60 and a security communication system (Secure IF) 70, for example in the form of an on-chip bus system or a crossbar.
  • the components 10 - 50 and communication systems 60 and 70 may also be part of a microcontroller 90, which is indicated in FIG. 1 by a dashed line.
  • the transceiver module 40 is configured to generate CAN frames for the purpose of secret network communication, to generate a shared secret between a subscriber including the circuitry 100 and another subscriber based on a random string representing the transmission Receiving and receiving module 40, in particular bitwise, receives from the security module 30.
  • the transmitting and receiving module 40 is configured here to transfer the CAN frames via connections Tx to the multiplexer module 50, which is connected to the bus driver module 90.
  • the CAN controller 20 is configured to generate CAN frames or messages for the purpose of non-secret-generating network communication and to transfer them to the multiplexer block 50 via connections Tx.
  • the transmitting and receiving module 40 is expediently configured to optionally cancel a transmission. omission if a bit other than CAN is read back from the CAN bus 1, as the transmitting and receiving module 40 has sent.
  • the multiplexer module 50 By appropriate (fixed or switchable) configuration of the multiplexer module 50, an optional connection of the CAN controller 20 and / or the transmitting and receiving module 40 to the bus driver module 90 can be made.
  • it may be a link in which the CAN controller 20 and the transmitting and receiving module 40 receive simultaneously, the receiving direction is thus linked in parallel, and can also send both, the transmission direction is therefore also linked in parallel.
  • a signal flow control can be provided which prevents simultaneous transmission.
  • the CAN controller 20 runs an optional trigger line to the transmitting and receiving module 40. This is used so that the CAN controller 20 can output a corresponding trigger signal to the transmitting and receiving module 40 when he requesting a secret generation message on the CAN bus 1 detects.
  • the transmitting and receiving module is set up to listen to the normal communication on the CAN bus 1 and interpret the messages themselves suitable. Thus, upon detection of a message requesting a secret generation, the send and receive module 40 may itself start the secret generation.
  • the trigger line can be omitted in this embodiment.
  • the trigger signal is output from the central processing unit or the security module via its own trigger line or preferably via the communication system (host IF or secure IF).
  • the central processing unit 10 writes the payload (in particular the identifier, the determination whether this frame is a data or remote transmission request frame, the specification of how many data bytes are to be sent and the data bytes to be sent) in the Transmit data buffer of the CAN controller 20, which then prepares for transmission on the bus 1 and transmits the entire frame to the transceiver block 90, which is responsible for the direct bus connection. That is, the CAN controller 20 relieves the central processing unit 10 of all data transfer work, since it independently takes over the compilation of the message, the calculation of the CRC sum, the access to the bus (the bus arbitration), the transmission of the frame and the error check.
  • the payload in particular the identifier, the determination whether this frame is a data or remote transmission request frame, the specification of how many data bytes are to be sent and the data bytes to be sent
  • Secret generation can now be e.g. be triggered by receiving a message requesting a secret generation.
  • the security module 30 is configured to generate a random bit sequence as a character string by means of a preferably non-deterministic random number generator and to transmit it bit by bit to the transmitting and receiving module 40.
  • the transmitting and receiving module 40 accepts the individual bit values of the bit sequence as the first sub-value sequence and inverts it to generate a second sub-value sequence. Subsequently, a subscriber value sequence for the transmission to the CAN bus 1 is generated from the first partial value sequence and the second partial value sequence in accordance with a design specification. According to a particularly preferred design rule, one bit each of the first partial value sequence and the associated inverted bit of the second partial value sequence are combined into bit pairs and transmitted immediately one after the other.
  • the resulting overlay bit pair consisting of two dominant bits ('00' in CAN) if the bits of the two users are different and the overlay bit pair is identical to the bit pair, if the bits of the respective first partial value sequence of the two subscribers are identical.
  • the overlay bit pairs are read back in the embodiment shown by the transmitting and receiving module 40. Alternatively, reading back via the CAN controller 20 is also possible.
  • the overlay bit pairs can be transmitted to the security module 30 (eg, by the send and receive module 40 or the CAN controller 20) and evaluated there.
  • the transmitting and receiving module 40 be set up for evaluation.
  • the evaluation includes checking the number of recessive bits in each overlay bit pair (and, in the case of the transmit and receive module 40, returning it to the security module 30).
  • the number can be 0 or 1, in the variant described here 0 means that the bit of the other user differs from the bit of the bit sequence just transmitted, and 1 means that the bit of the other user is identical to the one just transmitted Bit of the bit string is.
  • the security module 30 can determine the subscriber value sequence of the second subscriber and then, in particular according to the initially referenced DE 10 2015 207 220 A1, generate a shared secret with the second subscriber.
  • FIGS. 3 to 6 the administration steps of the subscriber 23 are respectively shown in the left-hand column of the figure and the steps executed by the two subscribers 21, 22 are shown in the right-hand column of the FIGURE. Participants 21 and 22 execute their respective identically named steps simultaneously or substantially simultaneously (possibly with a slight jitter). Information exchanged between the administrator on the one hand and the two participants on the other hand is also shown between the columns.
  • a first administration step C1.1 subscriber 23 sends to subscriber 21 and subscriber 22 a request that they should establish a shared secret:
  • This step can be realized, for example, via a request message that is sent via the shared communication medium.
  • the request message can be generated in a sequence control (for example within a microprocessor or within an optionally present security module and sent to a component for transmission.
  • This component can be, for example, a conventional network interface module (eg CAN controller) or a transceiver module that is specific to the secret generation. These It is expedient for components to communicate with a bus driver module which handles the physical communication.
  • a conventional network interface module eg CAN controller
  • a transceiver module that is specific to the secret generation.
  • the component for transmission can also have a computing unit and be designed or set up to generate the prompt message itself.
  • subscriber 23 receives a feedback from both subscriber 21 and subscriber 22 that they are ready to establish the shared secret:
  • This step may, for example, be realized via a return message received via the shared communication medium.
  • the feedback message can be received via the component for transmission and (if necessary) via a suitable subscriber-internal interface to a computing unit (eg microprocessor or security module).
  • a computing unit eg microprocessor or security module.
  • the component for transmission can also have a computing unit.
  • an abort criterion is implemented in order to abort the process, for example if the return message is too long ("timeout") or if an abort message is received instead of the return message (C1.5).
  • an administration step C1 .3 the procedure for generating the key is initiated in the two subscribers. This can be realized via an initiation message. With regard to the transmission of this initiation message, that already applies to the request message and the confirmation message.
  • subscriber 23 receives a completion message which indicates the successful completion of the secret generation by subscriber 21 and subscriber 22. Then the process ends.
  • subscriber 23 receives no message ("timeout") or an abort message from subscriber 21 and / or subscriber 22 that the establishment of the shared secret has been aborted (i.e., unsuccessful). Then the process ends. In addition, subscribers 21 and 22 can be informed of the cancellation.
  • participant 21 and participants 22 of participant 23 receive the request that they should establish a shared secret.
  • This step can - as explained, be realized via the request message.
  • the request message can be received via the component for transmission and (if necessary) via a suitable subscriber-internal interface to a computing unit (eg microprocessor or security module).
  • a computing unit eg microprocessor or security module
  • the component for transmission could also have a computing unit.
  • participants 21 and participants 22 first check whether they themselves are affected by the request. If they are not affected, the process ends.
  • a suitable interpretation of the request from step A & B1.1 can take place in a computing unit.
  • This can be implemented in the microprocessor, in the security module or in the component for transmission.
  • the message may need to be forwarded by the component for transmission to the arithmetic unit via a corresponding subscriber-internal interface (for example Host IF or Secure IF).
  • step A & B 1.3 preparatory tasks are performed by participant 21 and participant 22.
  • additional configurations / settings for example for the component for transmission
  • additional information for example random bit string
  • the random bit string is generated by the security module and made available for transmission via a suitable interface (eg secure IF) of the component.
  • the random bit string is generated by the microprocessor or the component for transmission itself.
  • a step A & B1.4 it is confirmed to subscriber 23 that subscriber 21 and subscriber 22 are ready to generate the shared secret.
  • the feedback message may be generated in a sequencer (eg within a microprocessor or within an optionally existing security module and sent to a component for transmission.) These components expediently communicate with a bus driver module that handles the physical communication. Alternatively, the component for transmission can also have a computing unit and be designed or set up to generate the feedback message itself.
  • a sequencer eg within a microprocessor or within an optionally existing security module and sent to a component for transmission.
  • These components expediently communicate with a bus driver module that handles the physical communication.
  • the component for transmission can also have a computing unit and be designed or set up to generate the feedback message itself.
  • a step A & B1.5 the method for generating the key in subscriber 21 and subscriber 22 is initiated. This can be done - as explained - by the kick-off message from participant 23. For the receipt of the kick-off message that already applies to the request message and feedback message applies. If the initiation message is received by a network interface module as a component for transmission, the network interface module can forward a subscriber-initiated initiation message ("trigger signal") to a transmitting and receiving module.
  • trigger signal subscriber-initiated initiation message
  • the initiation message can be forwarded to a suitable arithmetic unit (for example microprocessor or security module) which interprets the initiation message and then, in turn, transmits the information about the abutment to the send and receive module via a suitable subscriber-internal interface (host IF or secure IF).
  • a suitable arithmetic unit for example microprocessor or security module
  • host IF or secure IF a suitable subscriber-internal interface
  • an abort criterion is implemented in this step in order, for example, to abort the process if the abortion is too long ("timeout") after the request (A & B1.6).
  • step A & B1.6 subscriber 21 and subscriber 22 receive no message ("timeout") or subscriber 21 and / or subscriber 22 inform subscriber 23 that the establishment of the shared secret has been aborted (for any reason) instead of the initiate message (ie was not successful). Then the process ends.
  • step A & B1.7 it is possible to wait for the expiration of a (possibly previously configured) waiting time before proceeding to step A & B1.8.
  • the waiting process can be implemented in particular in the transmitting and receiving module.
  • the waiting time may be, for example, in the form of a time unit (relative: "wait for x seconds" - or absolutely: “wait until y: z o'clock") or, for example, be given in the form of a number of received messages.
  • the waiting period may be subscriber 21 and subscriber 22 be different. The waiting time can be used to ensure that the two messages are started at exactly the same time.
  • step A & B1.8 the network communication between subscriber 21 and subscriber required for generating a shared secret based on a method for generating a secret based on a superposition of dominant and recessive signals, preferably according to already referenced DE 10 2015 207 220 A1, becomes necessary 22 settled.
  • These include, among other things, the transmission of subscriber value sequences packaged in one or more messages as a secret-relevant portion of the data used to generate the secret and the reading back of an overlay value sequence.
  • a refinement of the method for secret generation between the users based on a superimposition of dominant and recessive signals provides that the first subscriber value sequence and the second subscriber value sequence each have a first partial value sequence and a second partial value sequence, the second partial value sequence being derived from the first partial value sequence by inverting ie exchanging first values for second values and exchanging second values for first values.
  • the first partial value sequence and the second partial value sequence can be transmitted one after the other.
  • a preferred method is proposed, in which the values of the first and the second partial value sequences are sorted into a subscriber value sequence, whereby at least one value of the second partial value sequence has already been transmitted before all values of the first partial value sequence have been transmitted.
  • the transmission of the message is carried out by the component for transmission and is preferably such that, despite a (at least partial) superposition, nevertheless a message corresponding to the communication protocol used during the normal communication results without error on the channel.
  • a message corresponding to the communication protocol used during the normal communication results without error on the channel.
  • sub-step A & B1.8.1 a check is made as to whether the arbitration phase is lost and the transmission must be stopped.
  • the CAN bus 1 in addition to the participants 21, 22 and 23 may be connected to other participants who want to perform a communication.
  • arbitration i. Access negotiation
  • the CAN's own methods are expediently used, wherein an access request of the participants 21 and 22 may also be less prioritized than an access request of another participant and is therefore unsuccessful. If the transmission has to be stopped, you can try again to list the step group A & B1.8 (then possibly with or without step A & B1 .7) or (for example after a predetermined number of unsuccessful attempts) to abort the process in step A & B1 .6 become.
  • protocol-compliant network messages are generated and transmitted in steps A & B1 .8.2, A & B1 .8.3 and A & B1 .8.4.
  • step A & B1.8.2 necessary stuffing or stuffing bits are inserted into the payload data to be transmitted. For example, in a CAN transmission after five equal bits, an inverse bit is inserted as a stuffing bit to interrupt a monotone sequence. This is to prevent the transmission between transmitter and receiver from drifting apart (eg due to slightly different clock signals of the involved ICs or communication participants).
  • step A & B1 .8.3 a checksum for the CAN message is calculated.
  • the checksum is preferably calculated on the basis of the overlay bits, so that uninvolved subscribers do not detect a faulty transmission.
  • step A & B1.8.4 a check for possible errors (for example, a CRC error) can take place.
  • the secret relevant portion of the secret generation data is optionally configured in advance (or generated internally in the transmitting and receiving module for transmission) or during transmission by a control unit (eg microprocessor, security module or within the transmitting and receiving module) (generated and ).
  • a control unit eg microprocessor, security module or within the transmitting and receiving module
  • the signal generated on the shared communication channel is read back from the component for transmission.
  • This information is needed to calculate the shared secret.
  • the message read back (or at least the part relevant to the calculation of the shared secret) must, if appropriate, be forwarded via a suitable interface (for example Host IF or Secure IF) to a module which is designed to calculate the shared secret.
  • the module must be aware of the random bit string used for sending.
  • the shared secret is calculated by a security module.
  • the microprocessor or the transmitting and receiving module can be designed to calculate the shared secret.
  • the shared secret is calculated based on the respective subscriber value success and the overlay value sequence.
  • the shared secret is calculated by the security module in the subscriber.
  • the microprocessor or the transmitting and receiving module can also be designed and set up to calculate the shared secret.
  • subscribers 21 and subscribers 22 indicate by sending a completion message that the secret generation has been successfully completed.
  • the completion message may contain a value indicating the length of the (already) established shared secret.
  • the length of the (already) established common secret can be determined beforehand in step A & B1 .9.
  • step A & B1.9 there is information about the length of the already established shared secret and can thus be determined independently by user 21 and user 22. If the already established common secret does not correspond to the intended / desired length, it is possible, by repeating corresponding steps, to create common secrets of any length. Possible alternatives are shown in FIGS. 4 to 7.
  • FIG. 4 shows that step A & B 1.10 is modified such that the completion message contains the value that provides information about the length of the (already) established shared secret, without simultaneously reporting the successful completion of the secret generation. Subsequently, the method is continued after step A & B1 .2.
  • Step C1 .4 is modified to indicate, based on the value contained in the completion message, which provides information about the length of the (already) established shared secret, whether the procedure is terminated (with a sufficiently long secret) or with the step C1.2 is continued (if the secret is insufficient).
  • FIG. 5 shows a modification of FIG. 4, wherein the feedback in step A & B1.4 is skipped, since the involved parties are already known about the impact at this time.
  • Step C1 .4 is modified such that, if the secret is not sufficiently long, step C1.2 is continued. Since a feedback according to step A & B1 .4 does not occur here, step C1.2 is modified so that it does not wait for the response. In order nevertheless to obtain a termination criterion, step C1.2 is preferably modified to check how many times this step has already been run through and to compare the number with an abort threshold, at the time of which it branches to the abort step C1 .5.
  • FIG. 6 shows a modification of FIG. 4, with both the feedback in step A & B1 .4 and the triggering message and its handling being skipped in steps A & B1 .5, A & B1.6, since the affected parties at this point in time are affected the kick-off are already known.
  • step C1 .4 is modified to wait for a successful completion message. Under the condition that a burst-like behavior (ie a stringing together of messages) is used to establish arbitrarily long shared secrets, there is a further optimized sequence in which the participant 21 and participant 22 only have to perform selected steps and no administrative tasks (for example, performed by participants 23).
  • the burst-like behavior can be constructed in such a way that no participant other than subscriber 21 and subscriber 22 can secure access to the channel (for example by falling below a possible inter-frame gap to be observed in the protocol specification). In this case, the repetition of the arbitration step A & B1 .8.1 omitted. If the bursty behavior can be interrupted, the arbitration step A & B1 .8.1 must be carried out in accordance with the recovery of the bus access.
  • subscribers 21 and subscribers 22 can derive therefrom a symmetric cryptographic key, which it may then have to be validated by the communication partners.
  • the cryptographic key Once the cryptographic key is established, it can be used to execute cryptographic primitives (for example, to maintain confidentiality, verify authenticity, or ensure data integrity).
  • the raw data to be encrypted is generated by one of the participating subscribers. It may be, for example, sensor data or command data.
  • the raw data is generated at the application level (eg, typically within the microprocessor or possibly in the security module or other entity).
  • B1 .2 if the module that generated the raw data is not in possession of the symmetric key, the raw data is passed to a component in possession of the symmetric key.
  • the module in possession of the symmetric key is the security module.
  • instructions may be passed that identify which cryptographic primitive (s) should be applied to the raw data
  • B1 .3 the cryptographic primitives are calculated or cryptographic information (for example encrypted raw data or a message authentication code) is generated.
  • the raw data and / or the cryptographic information for transmission via the shared communication medium are forwarded to the component for transmission (preferably the CAN controller or alternatively the transmitting and receiving module).
  • the forwarding may, under certain circumstances, take place directly from the security module or from the security module via the microprocessor location.
  • step A B1 .5
  • the raw data and / or the cryptographic information is sent via the shared medium.
  • the procedure To receive a message with cryptographic information, the procedure must be used in reverse order to decrypt and / or verify correctness.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé pour générer un secret dans un réseau (20), le réseau (20) comprenant au moins un premier et un deuxième abonné (21, 22), un canal de transmission commun (30) étant placé entre au moins le premier et le deuxième abonné (21, 22), et un administrateur (23), un secret entre le premier et le deuxième abonné (21, 22) étant obtenu selon un procédé de génération d'un secret sur la base d'une superposition de signaux dominants et récessifs lorsque la génération d'un secret est déclenchée par l'administrateur (23) (C1.3).
PCT/EP2016/074225 2015-10-15 2016-10-10 Procédé pour générer un secret dans un réseau WO2017064010A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102015220014.0 2015-10-15
DE102015220014.0A DE102015220014A1 (de) 2015-10-15 2015-10-15 Verfahren zur Generierung eines Geheimnisses in einem Netzwerk

Publications (1)

Publication Number Publication Date
WO2017064010A1 true WO2017064010A1 (fr) 2017-04-20

Family

ID=57121271

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/074225 WO2017064010A1 (fr) 2015-10-15 2016-10-10 Procédé pour générer un secret dans un réseau

Country Status (2)

Country Link
DE (1) DE102015220014A1 (fr)
WO (1) WO2017064010A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008000561A1 (de) * 2008-03-07 2009-09-10 Robert Bosch Gmbh Kommunikationssystem mit einem CAN-Bus und Verfahren zum Betreiben eines solchen Kommunikationssystems
US20120290753A1 (en) * 2011-05-09 2012-11-15 Denso Corporation Connection method for bus controllers and communication system
DE102012215326A1 (de) * 2012-08-29 2014-03-06 Robert Bosch Gmbh Verfahren und Vorrichtung zur Ermittlung eines kryptografischen Schlüssels in einem Netzwerk
DE102015207220A1 (de) 2014-04-28 2015-10-29 Robert Bosch Gmbh Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008000561A1 (de) * 2008-03-07 2009-09-10 Robert Bosch Gmbh Kommunikationssystem mit einem CAN-Bus und Verfahren zum Betreiben eines solchen Kommunikationssystems
US20120290753A1 (en) * 2011-05-09 2012-11-15 Denso Corporation Connection method for bus controllers and communication system
DE102012215326A1 (de) * 2012-08-29 2014-03-06 Robert Bosch Gmbh Verfahren und Vorrichtung zur Ermittlung eines kryptografischen Schlüssels in einem Netzwerk
DE102015207220A1 (de) 2014-04-28 2015-10-29 Robert Bosch Gmbh Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk

Also Published As

Publication number Publication date
DE102015220014A1 (de) 2017-04-20

Similar Documents

Publication Publication Date Title
EP3138258B1 (fr) Procédé de génération d'un secret ou d'une clé dans un réseau
DE102015220038A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder Schlüssels in einem Netzwerk
DE102016208451A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
EP3363145B1 (fr) Procédé et dispositif permettant de générer un secret partagé
WO2017064010A1 (fr) Procédé pour générer un secret dans un réseau
EP3298721A1 (fr) Procédé pour générer un élément secret ou une clé dans un réseau
EP3363146B1 (fr) Procédé de génération d'une clé dans un agencement de circuits
WO2017064124A1 (fr) Agencement de circuits de génération d'un secret ou d'une clé dans un réseau
DE102016208453A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064027A1 (fr) Procédé de génération d'un élément secret ou d'une clé dans un réseau
WO2017063999A1 (fr) Ensemble circuit destiné à générer un secret dans un réseau
WO2017064067A1 (fr) Procédé pour générer une clé dans un réseau et pour activer une sécurisation d'une communication dans le réseau sur la base de la clé
WO2017063995A1 (fr) Procédé de génération d'un secret ou d'une clé dans un réseau
WO2017064005A1 (fr) Module d'émission s'utilisant dans le cadre de la génération d'un secret sur la base de signaux dominants et récessifs
DE102015219997B4 (de) Verfahren und Vorrichtung zur Erzeugung eines gemeinsamen Geheimnisses
WO2017064025A1 (fr) Procédé de génération d'un élément secret ou d'une clé dans un réseau
WO2017064131A1 (fr) Procédé permettant de générer un élément secret ou une clé dans un réseau
WO2017064125A1 (fr) Procédé permettant de générer un élément secret ou une clé dans un réseau
DE102016208448A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064129A1 (fr) Procédé permettant de générer un élément secret pour un chiffrement à usage unique dans un réseau
DE102016208444A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
DE102016208445A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
DE102016208452A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064008A1 (fr) Procédé pour générer un secret dans un réseau comprenant au moins deux abonnés connectés à un moyen de transmission
DE102016208442A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16778838

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16778838

Country of ref document: EP

Kind code of ref document: A1