WO2018197590A1 - Encryption and link bringup for low power devices - Google Patents

Encryption and link bringup for low power devices Download PDF

Info

Publication number
WO2018197590A1
WO2018197590A1 PCT/EP2018/060646 EP2018060646W WO2018197590A1 WO 2018197590 A1 WO2018197590 A1 WO 2018197590A1 EP 2018060646 W EP2018060646 W EP 2018060646W WO 2018197590 A1 WO2018197590 A1 WO 2018197590A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
node
cloud
public
secret
Prior art date
Application number
PCT/EP2018/060646
Other languages
French (fr)
Other versions
WO2018197590A9 (en
Inventor
Sigve TJORA
Jorgen TEGDAN
Original Assignee
Disruptive Technologies Research As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Disruptive Technologies Research As filed Critical Disruptive Technologies Research As
Priority to GB1916942.4A priority Critical patent/GB2576845B/en
Priority to DE112018002161.0T priority patent/DE112018002161T5/en
Publication of WO2018197590A1 publication Critical patent/WO2018197590A1/en
Publication of WO2018197590A9 publication Critical patent/WO2018197590A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Definitions

  • the present disclosure is related generally to low power electronic devices and, more particularly, to power efficiency in limited power devices.
  • Embedded and battery operated devices such as mobile devices often have limited resources in terms of energy and memory for storing program code and data.
  • many network activities currently require a relatively large amount of electrical power to execute.
  • Figure 1 is a flowchart showing a method of link bring-up in accordance with an embodiment of the described principles.
  • Figure 2 is a table summary of the link bring-up sequence in accordance with an embodiment of the described principles.
  • the communication protocol SDS (SecureDataShot) uses a number of keys for certifying the authenticity of the other party, for establishing secure channels, encrypting messages and verifying the integrity of each message. This section lists the keys that are in use. "node” and “cloud” are the two parties communicating.
  • pKcOx is the cloud's public initial key for node x.
  • a "K” without a "p” or “s” prefix indicates a shared key for symmetric encryption using AES.
  • the public and private key pairs use 256 bit keys, while the AES keys are 128 bits.
  • the node generates its own keys and transmits the public parts to the cloud during production.
  • the cloud generates its keys and programs the public parts into the node during production.
  • Node and cloud has 3 pairs of public-private keys each. Pair 0 is used for regular link bring-up
  • Pair 1 keys backup for pair 0 Keys: sKnlx - pKnlx sKclx - pKclx
  • Pair P is used for programming new firmware to the node. Keys: sKnPx - pKnPx sKcPx - pKcPx
  • FIG. 1 is a flowchart showing a method of link bring-up in accordance with an embodiment of the described principles.
  • the node At stage 101 of the process 100, the node generates a new link bring-up key pair, sKnBx - pKnBx. These should be random and unpredictable.
  • the public part of this (pKnBx) is sent to the cloud. This is encrypted and signed with a MIC using a common AES key K0 for all nodes and used for this purpose only. This does not provide security, but it allows the same functions for sending and receiving messages to be used. Included in the message is also the version number for the link bring up scheme and the key ID for the common link bring-up key used by this node.
  • the secret part of this key (sKnBx) is combined with the common public key from the cloud for link bring-up (pKcBm) to form a shared key using Curve25519 Elliptic curve Diffie-Hellman (ECDH) key agreement scheme.
  • This key is called Kl .
  • the same shared key (Kl) is generated in the cloud using the public part of the node session key (pKnBx) and the secret part of the link bring-up key (sKcBm).
  • the node sends its node ID and the link version number to use for the bring up to the cloud. This is encrypted with AES using this shared key Kl .
  • the node generates a new session key pair sKnSx - pKnSx and sends the public part (pKnSx) to the cloud using Kl for encryption.
  • the cloud uses the node ID to find the node specific initial key pairs, where the cloud has pKnOx and sKcOx.
  • the cloud combines the received public session key, pKnSx, with its own private initial key, sKcOx to form a new shared key K2.
  • the cloud generates a new session key pair, pKcSx and sKcSx.
  • the public part, pKcSx is sent to the node using K2 for encryption.
  • the node combines its secret session key, sKnSx with the cloud's initial public key, pKcOx using ECDH for form the new shared key K2.
  • the node decrypts the message received and verifies the MIC. Since K2 is dependent on the cloud's initial secret key, a correct MIC verifies for the node that the cloud is authentic because it has access to sKcOx. If we believe that the cloud having the secret part of the common bring-up key sKcBm is sufficient proof of authenticity of the cloud, this step can be skipped.
  • the node then needs to prove its authenticity at stage 111 by showing that it has the node specific initial secret key, sKnOx.
  • the cloud the combine the node's public initial key (pKnOx) with the cloud's secret session key (sKcSx) at stage 1 13 to form K3.
  • the same secret key (K3) can be formed by the node by combining the public session key from the cloud (pKcSx) with the secret initial key (sKnOx).
  • the cloud will know the node is authentic when it receives a message with correct MIC using K3, since this is based on the node having access to sKnOx.
  • FIG. 1 is a table summary of the link bring-up sequence in accordance with an embodiment of the described principles.

Abstract

Systems and methods for link bring-up between a node and the cloud entail the This disclosure provides a new method for securing mutual authenticity and at the same time establishing encryption keys, i.e. establishing a trusted link. The benefit of the new method is that it only uses established encryption algorithms (i.e. AES) and no special software for certification. The advantage of this is that encryption algorithms are already present in the code since they will be used for encryption and that many embedded microcontrollers have support for this in hardware.

Description

ENCRYPTION AND LINK BRINGUP FOR LOW POWER DEVICES
TECHNICAL FIELD
[0001] The present disclosure is related generally to low power electronic devices and, more particularly, to power efficiency in limited power devices.
BACKGROUND
[0002] Embedded and battery operated devices such as mobile devices often have limited resources in terms of energy and memory for storing program code and data. However, many network activities currently require a relatively large amount of electrical power to execute.
[0003] Before proceeding to the remainder of this disclosure, it should be appreciated that the disclosure may address some of the shortcomings listed or implicit in this Background section. However, any such benefit is not a limitation on the scope of the disclosed principles, or of the attached claims, except to the extent expressly noted in the claims.
[0004] Additionally, the discussion of technology in this Background section is reflective of the inventors' own observations, considerations, and thoughts, and is in no way intended to be, to accurately catalog, or to comprehensively summarize any prior art reference or practice. As such, the inventors expressly disclaim this section as admitted or assumed prior art. Moreover, the identification or implication herein of one or more desirable courses of action reflects the inventors' own observations and ideas, and should not be assumed to indicate an art-recognized desirability. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
[0005] While the appended claims set forth the features of the present techniques with particularity, these techniques, together with their objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawing:
[0006] Figure 1 is a flowchart showing a method of link bring-up in accordance with an embodiment of the described principles; and
[0007] Figure 2 is a table summary of the link bring-up sequence in accordance with an embodiment of the described principles.
DETAILED DESCRIPTION
[0008] Before presenting a detailed recitation of embodiments of the disclosed principles in claim form, an overview of embodiments is given to aid the reader in understanding the later discussion. As noted above, Embedded and battery operated devices such as mobile devices often have limited resources in terms of energy and memory for storing program code and data. However, many network activities currently require a relatively large amount of electrical power to execute. This can have a negative impact on device battery life and device operation.
[0009] Using them for certification requires very little additional memory compared to other algorithms needed to verify a typical digital certificate. Combining a series of specific encryption steps using specific encryption keys for each step allows us to build a complete link bring -up sequence using only these low-cost and efficient calculations.
[0010] To explain the method, we first need to explain the encryption keys that are in use. The communication protocol SDS (SecureDataShot) uses a number of keys for certifying the authenticity of the other party, for establishing secure channels, encrypting messages and verifying the integrity of each message. This section lists the keys that are in use. "node" and "cloud" are the two parties communicating.
Legend : p - public s - secret
K - Key n - node c - cloud x - node specific m - for multiple nodes.
0 - initial key for key establishment
1 - backup key for key establishment
P - key for programming new firmware B - key for link bring-up S - session key
[0011] Thus, for example, pKcOx is the cloud's public initial key for node x. A "K" without a "p" or "s" prefix indicates a shared key for symmetric encryption using AES. The public and private key pairs use 256 bit keys, while the AES keys are 128 bits.
[0012] Key pairs generated and programmed in production [0013] The node generates its own keys and transmits the public parts to the cloud during production. Similarly, the cloud generates its keys and programs the public parts into the node during production.
[0014] Node and cloud has 3 pairs of public-private keys each. Pair 0 is used for regular link bring-up
Keys: sKnOx - pKnOx sKcOx - pKcOx [0015] Pair 1 keys: backup for pair 0 Keys: sKnlx - pKnlx sKclx - pKclx
[0016] Pair P is used for programming new firmware to the node. Keys: sKnPx - pKnPx sKcPx - pKcPx
[0017] A large number of nodes share the same key pair for exchanging node ID during link bring-up. For this there is only one pair where the cloud holds the private part and multiple nodes sharing the same key pair hold the public part. Keys: sKcBm - pKcBm
[0018] Key pairs generated during link bring -up: Both cloud and node generate new keys for each link bring up. These are called session keys and bring up keys.
Keys: sKnSx - pKnSx sKcSx - pKcSx sKnBx - pKnBx
[0019] Figure 1 is a flowchart showing a method of link bring-up in accordance with an embodiment of the described principles. At stage 101 of the process 100, the node generates a new link bring-up key pair, sKnBx - pKnBx. These should be random and unpredictable. The public part of this (pKnBx) is sent to the cloud. This is encrypted and signed with a MIC using a common AES key K0 for all nodes and used for this purpose only. This does not provide security, but it allows the same functions for sending and receiving messages to be used. Included in the message is also the version number for the link bring up scheme and the key ID for the common link bring-up key used by this node.
[0020] At stage 103, the secret part of this key (sKnBx) is combined with the common public key from the cloud for link bring-up (pKcBm) to form a shared key using Curve25519 Elliptic curve Diffie-Hellman (ECDH) key agreement scheme. This key is called Kl . The same shared key (Kl) is generated in the cloud using the public part of the node session key (pKnBx) and the secret part of the link bring-up key (sKcBm). [0021] At stage 105, the node sends its node ID and the link version number to use for the bring up to the cloud. This is encrypted with AES using this shared key Kl . The node generates a new session key pair sKnSx - pKnSx and sends the public part (pKnSx) to the cloud using Kl for encryption.
[0022] At stage 107, the cloud uses the node ID to find the node specific initial key pairs, where the cloud has pKnOx and sKcOx. The cloud combines the received public session key, pKnSx, with its own private initial key, sKcOx to form a new shared key K2. The cloud generates a new session key pair, pKcSx and sKcSx. The public part, pKcSx, is sent to the node using K2 for encryption.
[0023] At stage 109 the node combines its secret session key, sKnSx with the cloud's initial public key, pKcOx using ECDH for form the new shared key K2. The node decrypts the message received and verifies the MIC. Since K2 is dependent on the cloud's initial secret key, a correct MIC verifies for the node that the cloud is authentic because it has access to sKcOx. If we believe that the cloud having the secret part of the common bring-up key sKcBm is sufficient proof of authenticity of the cloud, this step can be skipped.
[0024] The node then needs to prove its authenticity at stage 111 by showing that it has the node specific initial secret key, sKnOx. The cloud the combine the node's public initial key (pKnOx) with the cloud's secret session key (sKcSx) at stage 1 13 to form K3. The same secret key (K3) can be formed by the node by combining the public session key from the cloud (pKcSx) with the secret initial key (sKnOx). The The cloud will know the node is authentic when it receives a message with correct MIC using K3, since this is based on the node having access to sKnOx.
[0025] From this point the node and cloud can communicate securely using the session key. After a given time (or given number of transmissions), the session key K4 will be replaced. The same procedure is used for establishing a new session key. [0026] Figure 2 is a table summary of the link bring-up sequence in accordance with an embodiment of the described principles.
[0027] It will be appreciated that the process steps executed herein may be executed via the computerized execution of computer-readable instructions from a non-transitory memory. It will also be appreciated that various systems and processes have been disclosed herein. However, in view of the many possible embodiments to which the principles of the present disclosure may be applied, it should be recognized that the embodiments described herein with respect to the drawing figures are meant to be illustrative only and should not be taken as limiting the scope of the claims. Therefore, the techniques as described herein contemplate all such embodiments as may come within the scope of the following claims and equivalents thereof.

Claims

CLAIMS We claim:
1. A method for link bring -up between a node and the cloud comprising:
node generates a new link bring-up key pair, sKnBx - pKnBx;
a secret part of this key (sKnBx) is combined with the common public key from the cloud for link bring-up (pKcBm) to form a shared key, Kl;
the same shared key (Kl) is generated in the cloud using the public part of the node session key (pKnBx) and the secret part of the link bring-up key (sKcBm);
the node sends its node ID and the link version number to use for the bring up to the cloud, encrypted with AES using shared key Kl;
the node generates a new session key pair sKnSx - pKnSx and sends the public part (pKnSx) to the cloud using Kl for encryption;
the cloud uses the node ID to find the node specific initial key pairs, where the cloud has pKnOx and sKcOx. The cloud combines the received public session key, pKnSx, with its own private initial key, sKcOx to form a new shared key K2;
the cloud generates a new session key pair, pKcSx and sKcSx;
the public part, pKcSx, is sent to the node using K2 for encryption;
the node combines its secret session key, sKnSx with the cloud's initial public key, pKcOx using ECDH for form the new shared key K2;
the node decrypts the message received and verifies the MIC;
node proves its authenticity by showing that it has the node specific initial secret key, sKnOx;
cloud combines the node's public initial key (pKnOx) with the cloud's secret session key (sKcSx) to form K3;
same secret key (K3) formed by node by combining public session key from the cloud (pKcSx) with the secret initial key (sKnOx); and
cloud determines node is authentic when it receives a message with correct MIC using K3, as this is based on the node having access to sKnOx.
PCT/EP2018/060646 2017-04-25 2018-04-25 Encryption and link bringup for low power devices WO2018197590A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1916942.4A GB2576845B (en) 2017-04-25 2018-04-25 Encryption and link bringup for low power devices
DE112018002161.0T DE112018002161T5 (en) 2017-04-25 2018-04-25 Encryption and connection establishment for low-performance devices

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762489630P 2017-04-25 2017-04-25
US62/489,630 2017-04-25

Publications (2)

Publication Number Publication Date
WO2018197590A1 true WO2018197590A1 (en) 2018-11-01
WO2018197590A9 WO2018197590A9 (en) 2019-03-14

Family

ID=62904402

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/060646 WO2018197590A1 (en) 2017-04-25 2018-04-25 Encryption and link bringup for low power devices

Country Status (3)

Country Link
DE (1) DE112018002161T5 (en)
GB (1) GB2576845B (en)
WO (1) WO2018197590A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005081492A1 (en) * 2004-02-20 2005-09-01 Matsushita Electric Industrial Co., Ltd. Method and system for proxy-based secure end-to-end tcp/ip communications
US20160149908A1 (en) * 2014-02-18 2016-05-26 Panasonic Intellectual Property Corporation Of America Authentication method and authentication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005081492A1 (en) * 2004-02-20 2005-09-01 Matsushita Electric Industrial Co., Ltd. Method and system for proxy-based secure end-to-end tcp/ip communications
US20160149908A1 (en) * 2014-02-18 2016-05-26 Panasonic Intellectual Property Corporation Of America Authentication method and authentication system

Also Published As

Publication number Publication date
WO2018197590A9 (en) 2019-03-14
GB201916942D0 (en) 2020-01-08
GB2576845B (en) 2021-11-03
DE112018002161T5 (en) 2020-01-16
GB2576845A (en) 2020-03-04

Similar Documents

Publication Publication Date Title
Wang et al. Privacy-preserving authentication and key agreement protocols for D2D group communications
US8983066B2 (en) Private pairwise key management for groups
US8953791B2 (en) Key derivative function for network communications
JP5367168B2 (en) Integration method of sensor network authentication and key management mechanism
EP2272271B1 (en) Method and system for mutual authentication of nodes in a wireless communication network
US9722787B2 (en) Key sharing device and system for configuration thereof
CN107769914B (en) Method and network device for protecting data transmission security
US20170111357A1 (en) Authentication method and authentication system
JP2016537888A (en) System and method for updating encryption keys across a network
US8800010B2 (en) Distributed group temporal key (GTK) state management
CN108882238B (en) Lightweight round robin CA authentication method based on consensus algorithm for mobile ad hoc network
CN104145465A (en) Group based bootstrapping in machine type communication
US20120237033A1 (en) Node, a root node, and a computer readable medium
US11558361B2 (en) Communication method between mesh network and cloud server, mesh network system and node device thereof
CN113545115B (en) Communication method and device
EP2375627A1 (en) Three-way handshake protocol method
CN104955040B (en) Network authentication method and equipment
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
US20170359178A1 (en) Network communication method having function of recovering terminal session
US20220407845A1 (en) System and Method for Performing Secure Key Exchange
JP5835162B2 (en) Cryptographic communication system and cryptographic communication method
WO2018197590A1 (en) Encryption and link bringup for low power devices
Han et al. Sensor authentication in dynamic wireless sensor network environments
Fulare et al. Secure authentication technique in wireless integrated sensor network: Virtual certificate authority
Dao et al. Prefetched asymmetric authentication for infrastructureless D2D communications: feasibility study and analysis

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18740102

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 201916942

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20180425

122 Ep: pct application non-entry in european phase

Ref document number: 18740102

Country of ref document: EP

Kind code of ref document: A1