WO2019125290A1 - Encryption methods and devices - Google Patents

Encryption methods and devices Download PDF

Info

Publication number
WO2019125290A1
WO2019125290A1 PCT/SE2018/051318 SE2018051318W WO2019125290A1 WO 2019125290 A1 WO2019125290 A1 WO 2019125290A1 SE 2018051318 W SE2018051318 W SE 2018051318W WO 2019125290 A1 WO2019125290 A1 WO 2019125290A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
encrypted
header
payload data
authentication tag
Prior art date
Application number
PCT/SE2018/051318
Other languages
French (fr)
Inventor
Christian KLEMETSSON
Original Assignee
DeviceRadio AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DeviceRadio AB filed Critical DeviceRadio AB
Publication of WO2019125290A1 publication Critical patent/WO2019125290A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Definitions

  • the present disclosure relates generally to the field of data communication. More particularly, it relates to encryption of payload data for communication.
  • Secure data communication is often of essence and one means to achieve this is via encryption of payload data for transmission.
  • Numerous encryption techniques and algorithms are available in the art, including block ciphers - e.g. advanced encryption standard (AES) - and stream ciphers.
  • AES advanced encryption standard
  • the main purpose of encryption is typically to make the content unreadable by an unintended receiver.
  • Authentication of payload data is another means to achieve security in data communication.
  • Numerous authentications techniques and algorithms are also available in the art, including message authentications code (MAC) and message integrity check (MIC).
  • MAC message authentications code
  • MIC message integrity check
  • the main purpose of authentication is typically to make verify the origin of a received message. Encryption and authentication may be combined according to some approaches.
  • this is achieved by a method for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
  • the method comprises encrypting a header associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
  • the method also comprises encrypting the payload data by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks, determining an authentication tag for the payload data based on the encrypted header and the encrypted payload data, encrypting the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, and concatenating the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission.
  • a second aspect is a method for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
  • the method comprises encrypting the received header by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
  • the method also comprises determining a control authentication tag for the payload data based on the encrypted header and the received encrypted payload data, encrypting at least a portion of the control authentication tag by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, comparing the received encrypted authentication tag to the encrypted portion of the control authentication tag, and letting further processing of the received packet be based on the comparison.
  • a third aspect is a computer program product comprising a non-transitory computer readable medium, having thereon a computer program comprising program instructions.
  • the computer program is loadable into a data processing unit and configured to cause execution of the method according to any of the first and second aspects when the computer program is run by the data processing unit.
  • a fourth aspect is an arrangement for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
  • the arrangement comprises controlling circuitry configured to cause encryption of a header associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
  • the controlling circuitry is also configured to cause encryption of the payload data by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks, determination of an authentication tag for the payload data based on the encrypted header and the encrypted payload data, encryption of the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, and concatenation of the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission.
  • a fifth aspect is a transmitter node comprising the arrangement of the fourth aspect.
  • a sixth aspect is an arrangement for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
  • the arrangement comprises controlling circuitry configured to cause encryption of the received header by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
  • the controlling circuitry is also configured to cause determination of a control authentication tag for the payload data based on the encrypted header and the received encrypted payload data, encryption of at least a portion of the control authentication tag by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, comparison of the received encrypted authentication tag to the encrypted portion of the control authentication tag, and further processing of the received packet to be based on the comparison.
  • a seventh aspect is a receiver node comprising the arrangement of the sixth aspect.
  • any of the above aspects may additionally have features identical with or corresponding to any of the various features as explained above for any of the other aspects.
  • An advantage of some embodiments is that receiver complexity (e.g. in terms of latency and/or computational complexity) may be decreased compared with other solutions.
  • Figure 1 is a schematic drawing illustrating example transmitter node principles according to some embodiments
  • Figure 2 is a schematic drawing illustrating example receiver node principles according to some embodiments
  • Figure 3 is a flowchart illustrating example method steps for a transmitter node according to some embodiments
  • Figure 4 is a flowchart illustrating example method steps for a receiver node according to some embodiments
  • Figure 5 is a schematic block diagram illustrating an example stream cipher implementation according to some embodiments.
  • Figure 6 is a schematic block diagram illustrating an example arrangement for a transmitter node according to some embodiments.
  • Figure 7 is a schematic block diagram illustrating an example arrangement for a receiver node according to some embodiments.
  • Figure 8 is a schematic drawing illustrating an example computer readable medium according to some embodiments.
  • a stream cipher created from a block cipher is used to provide for an early indication in a receiver node of whether the decryption will be successful or not.
  • the processing of a received packet is based on the indication (e.g. may be adjusted - aborted or re-started with other parameters - or continued).
  • Figure 1 schematically illustrates an example approach for a transmitter node to encrypt payload data (PL) 102 according to some embodiments.
  • the payload data is provided with a header (HEAD) 101 in accordance with any suitable approach.
  • both the header 101 and the payload data 102 are encrypted using a stream cipher (SC) 110a, 110b to provide respective encrypted header (E-HEAD) 111 and encrypted payload data (E-PL) 112.
  • SC stream cipher
  • E-PL encrypted payload data
  • the encrypted header 111 and encrypted payload data 112 are used as input to an authentication algorithm (AA) 120 to provide an authentication tag (AT) 103.
  • the authentication algorithm may be any suitable authentication algorithm, for example, a MAC or a MIC.
  • Other suitable authentication algorithms are HMAC (hash-based MAC), OMAC (one-key MAC), CMAC (cipher-based MAC), Polyl305, SipHash, etc.
  • the authentication tag 103 is also encrypted using the stream cipher (SC) 110c to provide an encrypted authentication tag (E-AT) 113.
  • the (unencrypted) header 101, the encrypted payload data 112 and the encrypted authentications tag 113 are then concatenated to provide a packet 100 for transmission.
  • the stream cipher 110a, 110b, 110c is based on a suitable block cipher, for example AES.
  • suitable block ciphers are Blowfish, Twofish, IDEA (International Data Encryption Algorithm), Camellia, etc.
  • the block cipher is applied to each counter value in a stream of counter values to provide a corresponding stream of encryption blocks, and the stream cipher is created by combining the encrypted counter value with an input stream to be encrypted.
  • the stream of counter values may typically, but not necessarily, comprise consecutive counter values.
  • Principles of an example stream cipher will be further illustrated in connection with Figure 5.
  • one or more encryption blocks may be used depending on the relative sizes of the header and the encryption blocks. Assuming the header is smaller than an encryption block, a single encryption block may be used to encrypt the header and the encryption block 150 used to encrypt the header can be said to comprise a first part 151 used to encrypt the header and a second part 152.
  • a one or more encryption blocks may be used to encrypt the header.
  • the encryption of the header may be arranged such that at least one of the encryption blocks 150 used to encrypt the header can be said to comprise a first part 151 used to encrypt the header and a second part 152.
  • this second part 152 (which may come from one or more of the encryption blocks used to encrypt the header) is later used for encryption of at least a portion of the authentication tag. If the second part 152 is smaller than the authentication tag, other encryption blocks are used in addition in the encryption of the authentication tag. Such other encryption blocks may, for example, be provided by counter values between the counter values used for the encryption of the header and the further counter values used for the encryption of the payload data and/or by counter values succeeding the further counter values used for the encryption of the payload data. In any case, as will be seen in the following, the use of the second part for encryption of at least a portion of the authentication tag enables that an early indication may be acquired in the receiver regarding whether or not the processing of the received packet will be successful.
  • FIG 2 schematically illustrates an example approach for a receiver node of processing a packet 200 (compare with 100 of Figure 1) comprising encrypted payload data (E-PL) 212 according to some embodiments.
  • E-PL encrypted payload data
  • the unencrypted header (HEAD) 201 is encrypted using a stream cipher (SC) 210a to provide an encrypted header (E-HEAD) 211 (compare with 110a and 111 of Figure 1).
  • the encrypted header 211 and the received encrypted payload data 212 are used as input to an authentication algorithm (AA) 220 to provide a control authentication tag (CAT) 203 (compare with 120 and 103 of Figure 1).
  • the control authentication tag 203 is also encrypted using the stream cipher (SC) 210c to provide at least a portion 253 of an encrypted control authentication tag (E-CAT) 214.
  • the encryption of the header and the control authentication tag is arranged in the same manner as in Figure 1, i.e. such that the same at least one of the encryption blocks 250 used to encrypt the header comprises a first part 251 used to encrypt the header and a second part 252 used to encrypt the (portion 253) of the control authentication tag.
  • a comparison (COMP) 230 between the received encrypted authentication tag 213 and the (portion 253 of) the encrypted control authentication tag 214 will provide a match there between.
  • Such a match is an early indication that the processing (authentication and/or decryption) of the received packet may be successful and it may be determined (DET) 240 to continue such processing. If the comparison 230 does not show a match, this may be seen as an early indication that the processing (authentication and/or decryption) of the received packet may not be successful (e.g. due to that the packet is not valid and/or that the counter value used by the receiver node differs from that used by the transmitter node) and it may be determined 240 to adjust such processing (e.g. abort or re-start with other parameters, for example another counter value).
  • the early indication may also relate to whether or not the packet is received intact.
  • the early indication and the use thereof to control the further processing of the received packet decrease computational complexity and/or latency of the receiver node.
  • Some embodiments may be particularly beneficial in situations where the initial counter value used by the transmitter node is not certainly known in the receiver node. For example, if packets arrive at the receiver node in a different order than indicated by their counter values, if some packets are missing at the receiver node, and/or if some packets are received twice. In such scenarios, the receiver node may guess an initial counter value for processing of the received packet and it may be very valuable if there can be an early indication as to whether the guess was correct or not.
  • a portion of one or more of the counter values (typically a portion of the initial counter value) used by the transmitter node for encryption of the packet may be included in the header 101 to make it easier for the receiver node to select a correct initial counter value.
  • the receiver node may extract the counter value portion from the received header 201 and use the extracted portion (e.g. in combination with knowledge regarding a last used counter value and/or a current value of an internally kept counter) to set the initial counter value.
  • Figure 3 illustrates an example method 300 for a transmitter node according to some embodiments.
  • the example method may, for example, relate to the principles described in connection with Figure 1.
  • the method 300 is for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
  • a header associated with the payload data is encrypted by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part (compare with 151 of Figure 1) and a second part (compare with 152 of Figure 1) and wherein only the first part is used by the stream cipher to encrypt the header.
  • step 320 the payload data is encrypted by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks.
  • step 330 an authentication tag is determined for the payload data based on the encrypted header and the encrypted payload data, and in step 340, the authentication tag is encrypted by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block.
  • step 350 the unencrypted header, the encrypted payload data and the encrypted authentication tag are concatenated to provide a packet for transmission, and in optional step 360, the packet is transmitted towards a receiver node.
  • Figure 4 illustrates an example method 400 for a receiver node according to some embodiments. The example method may, for example, relate to the principles described in connection with Figure 2.
  • the method 400 is for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
  • the packet is received, and in step 420, the received header is encrypted by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part (compare with 251 of Figure 2) and a second part (compare with 252 of Figure 2) and wherein only the first part is used by the stream cipher to encrypt the header.
  • a control authentication tag is determined for the payload data based on the encrypted header and the received encrypted payload data, and in step 440, at least a portion of the control authentication tag is encrypted by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block.
  • step 450 the received encrypted authentication tag is compared to the encrypted portion of the control authentication tag, and in step 460, further processing of the received packet is based on the comparison as explained above in connection with Figure 2.
  • FIG. 5 schematically illustrates an example stream cipher (SC) 510 implementation according to some embodiments.
  • the encryption of a stream of plain text content (PT) 502 comprises application of a block cipher (BC, e.g. AES) 520 to each counter value (CTR) 501 in a stream of counter values to provide a corresponding stream of encryption blocks (comprising encrypted counter values, E-CTR) 511.
  • the encryption of the stream of plain text content 502 comprises further comprises application of a stream cipher based on the stream of encrypted counter values 511 to the plain text 502 to provide a stream of encrypted plain text content (E-PT) 512.
  • the application of the stream cipher may be implemented by combining the stream of encrypted counter values 511 and the plain text 502 in a combining circuitry (COMB) 530 (e.g. implementing an exclusive OR - XOR - function).
  • COMP combining circuitry
  • Figure 6 schematically illustrates an example arrangement 610 for a transmitter node according to some embodiments.
  • the example arrangement may, for example be configured to cause execution (e.g. execute) method steps described in connection with Figure 3.
  • the arrangement may be comprised in a transmitter node.
  • the example arrangement 610 is for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
  • the arrangement comprises controlling circuitry (CNTR, e.g. a controller) 600 configured to cause execution of the method steps described in connection with Figure 3.
  • CNTR controlling circuitry
  • controlling circuitry 600 may comprise or be otherwise associated with one or more of stream cipher circuitry (SC) 601, authentication circuitry (All) 602, concatenation circuitry (CONC) 603 and transmitting circuitry (TX, e.g. a transmitter), one or more of which may be comprised in the arrangement 610 according to some embodiments.
  • SC stream cipher circuitry
  • All authentication circuitry
  • CONC concatenation circuitry
  • TX transmitting circuitry
  • the stream cipher circuitry is configured to encrypt the header, the payload data and the authentication tag
  • the authentication circuitry is configured to determine the authentication tag for the payload data based on the encrypted header and the encrypted payload data
  • the concatenation circuitry is configured to concatenate the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission, all as described above in connection with Figures 1 and 3.
  • Figure 7 schematically illustrates an example arrangement 710 for a receiver node according to some embodiments.
  • the example arrangement may, for example be configured to cause execution (e.g. execute) method steps described in connection with Figure 4.
  • the arrangement may be comprised in a receiver node.
  • the example arrangement 710 is for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
  • the arrangement comprises controlling circuitry (CNTR, e.g. a controller) 700 configured to cause execution of the method steps described in connection with Figure 4.
  • CNTR controlling circuitry
  • controlling circuitry 700 may comprise or be otherwise associated with one or more of stream cipher circuitry (SC) 701, authentication circuitry (All) 702, comparison circuitry (COMP) 703, determination circuitry (DET) 704 and receiving circuitry (RX, e.g. a receiver), one or more of which may be comprised in the arrangement 710 according to some embodiments.
  • SC stream cipher circuitry
  • All authentication circuitry
  • COMP comparison circuitry
  • DET determination circuitry
  • RX receiving circuitry
  • the stream cipher circuitry is configured to encrypt the received header and the portion of the control authentication tag
  • the authentication circuitry is configured to determine the control authentication tag for the payload data based on the encrypted header and the received encrypted payload data
  • the comparison circuitry is configured to compare the received encrypted authentication tag to the encrypted portion of the control authentication tag
  • the determination circuitry is configured to let further processing of the received packet be based on the comparison, all as described above in connection with Figures 2 and 4.
  • a communicator device may be a transmitter node and a receiver node, and may hence comprise both of the arrangements of Figures 6 and 7.
  • the transmitter node and/or the receiver node may be a wireless transmitter node and a wireless receiver node according to some embodiments.
  • the transmitter node and/or the receiver node may be a non-wireless transmitter node and a non-wireless receiver node according to some embodiments.
  • wireless communication when wireless communication is referred to herein, such reference should only be interpreted as one illustrative example of scenarios where embodiments may be applicable.
  • Embodiments may be equally applicable in any type of data communication, for example, electrically wired communication or optical communication (e.g. using a light wave conducting medium such as optical fiber).
  • Example services where embodiments may be applicable also include quick response (QR) codes and short message service (SMS).
  • QR quick response
  • SMS short message service
  • the described embodiments and their equivalents may be realized in software or hardware or a combination thereof.
  • the embodiments may be performed by general purpose circuitry. Examples of general purpose circuitry include digital signal processors (DSP), central processing units (CPU), co-processor units, field programmable gate arrays (FPGA) and other programmable hardware.
  • DSP digital signal processors
  • CPU central processing units
  • FPGA field programmable gate arrays
  • the embodiments may be performed by specialized circuitry, such as application specific integrated circuits (ASIC).
  • ASIC application specific integrated circuits
  • the general purpose circuitry and/or the specialized circuitry may, for example, be associated with or comprised in an apparatus such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node.
  • Embodiments may appear within an electronic apparatus (such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node) comprising arrangements, circuitry, and/or logic according to any of the embodiments described herein.
  • an electronic apparatus such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node
  • an electronic apparatus may be configured to perform methods according to any of the embodiments described herein.
  • a computer program product comprises a computer readable medium such as, for example a universal serial bus (USB) memory, a plug-in card, an embedded drive or a read only memory (ROM).
  • Figure 8 illustrates an example computer readable medium in the form of a compact disc (CD) ROM 800.
  • the computer readable medium has stored thereon a computer program comprising program instructions.
  • the computer program is loadable into a data processor (PROC) 820, which may, for example, be comprised in a transmitter and/or receiver node, e.g. a wireless communication device or a network node 810.
  • PROC data processor
  • the computer program may be stored in a memory (MEM) 830 associated with or comprised in the data-processing unit.
  • MEM memory
  • the computer program may, when loaded into and run by the data processing unit, cause execution of method steps according to, for example, any of the methods illustrated in Figures 3-4 or otherwise described herein.
  • all terms used herein are to be interpreted according to their ordinary meaning in the relevant technical field, unless a different meaning is clearly given and/or is implied from the context in which it is used.
  • the method embodiments described herein discloses example methods through steps being performed in a certain order. However, it is recognized that these sequences of events may take place in another order without departing from the scope of the claims. Furthermore, some method steps may be performed in parallel even though they have been described as being performed in sequence. Thus, the steps of any methods disclosed herein do not have to be performed in the exact order disclosed, unless a step is explicitly described as following or preceding another step and/or where it is implicit that a step must follow or precede another step.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method is disclosed for a transmitter node configured to transmit packets (100) of encrypted payload data. The method comprises encrypting a header (101) associated with the payload data by applying a block cipher to a counter value to provide a corresponding encryption block and providing the header as input of a stream cipher based on the encryption block, wherein the encryption block (150) comprises a first part (151) and a second part (152) and wherein only the first part is used by the stream cipher to encrypt the header. The method also comprises encrypting the payload data (102), determining an authentication tag (103) for the payload data based on the encrypted header and the encrypted payload data, encrypting the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part (152) of the particular encryption block, and concatenating the header (101), the encrypted payload data (112) and the encrypted authentication tag (113) to provide a packet for transmission. A method for a receiver node is also disclosed, together with corresponding arrangements, wireless communication nodes and computer program product.

Description

ENCRYPTION METHODS AND DEVICES
TECHNICAL FIELD
The present disclosure relates generally to the field of data communication. More particularly, it relates to encryption of payload data for communication.
BACKGROUND
Secure data communication is often of essence and one means to achieve this is via encryption of payload data for transmission. Numerous encryption techniques and algorithms are available in the art, including block ciphers - e.g. advanced encryption standard (AES) - and stream ciphers. The main purpose of encryption is typically to make the content unreadable by an unintended receiver.
Authentication of payload data is another means to achieve security in data communication. Numerous authentications techniques and algorithms are also available in the art, including message authentications code (MAC) and message integrity check (MIC). The main purpose of authentication is typically to make verify the origin of a received message. Encryption and authentication may be combined according to some approaches.
One problem in the context of encrypted data communication is the complexity of receiver algorithms, in terms of latency and/or computational complexity.
Therefore, there is a need for approaches that enable decreased receiver complexity.
SUMMARY
It should be emphasized that the term "comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps, or components, but does not preclude the presence or addition of one or more other features, integers, steps, components, or groups thereof. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It is an object of some embodiments to solve or mitigate, alleviate, or eliminate at least some of the above or other disadvantages.
According to a first aspect, this is achieved by a method for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
The method comprises encrypting a header associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
The method also comprises encrypting the payload data by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks, determining an authentication tag for the payload data based on the encrypted header and the encrypted payload data, encrypting the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, and concatenating the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission.
A second aspect is a method for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
The method comprises encrypting the received header by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
The method also comprises determining a control authentication tag for the payload data based on the encrypted header and the received encrypted payload data, encrypting at least a portion of the control authentication tag by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, comparing the received encrypted authentication tag to the encrypted portion of the control authentication tag, and letting further processing of the received packet be based on the comparison.
A third aspect is a computer program product comprising a non-transitory computer readable medium, having thereon a computer program comprising program instructions. The computer program is loadable into a data processing unit and configured to cause execution of the method according to any of the first and second aspects when the computer program is run by the data processing unit.
A fourth aspect is an arrangement for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption. The arrangement comprises controlling circuitry configured to cause encryption of a header associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
The controlling circuitry is also configured to cause encryption of the payload data by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks, determination of an authentication tag for the payload data based on the encrypted header and the encrypted payload data, encryption of the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, and concatenation of the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission.
A fifth aspect is a transmitter node comprising the arrangement of the fourth aspect.
A sixth aspect is an arrangement for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
The arrangement comprises controlling circuitry configured to cause encryption of the received header by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header.
The controlling circuitry is also configured to cause determination of a control authentication tag for the payload data based on the encrypted header and the received encrypted payload data, encryption of at least a portion of the control authentication tag by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block, comparison of the received encrypted authentication tag to the encrypted portion of the control authentication tag, and further processing of the received packet to be based on the comparison.
A seventh aspect is a receiver node comprising the arrangement of the sixth aspect.
In some embodiments, any of the above aspects may additionally have features identical with or corresponding to any of the various features as explained above for any of the other aspects. An advantage of some embodiments is that receiver complexity (e.g. in terms of latency and/or computational complexity) may be decreased compared with other solutions.
BRIEF DESCRIPTION OF THE DRAWINGS
Further objects, features and advantages will appear from the following detailed description of embodiments, with reference being made to the accompanying drawings. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the example embodiments.
Figure 1 is a schematic drawing illustrating example transmitter node principles according to some embodiments;
Figure 2 is a schematic drawing illustrating example receiver node principles according to some embodiments;
Figure 3 is a flowchart illustrating example method steps for a transmitter node according to some embodiments;
Figure 4 is a flowchart illustrating example method steps for a receiver node according to some embodiments;
Figure 5 is a schematic block diagram illustrating an example stream cipher implementation according to some embodiments;
Figure 6 is a schematic block diagram illustrating an example arrangement for a transmitter node according to some embodiments;
Figure 7 is a schematic block diagram illustrating an example arrangement for a receiver node according to some embodiments; and
Figure 8 is a schematic drawing illustrating an example computer readable medium according to some embodiments.
DETAILED DESCRIPTION
Embodiments of the present disclosure will be described and exemplified more fully hereinafter with reference to the accompanying drawings. The solutions disclosed herein can, however, be realized in many different forms and should not be construed as being limited to the embodiments set forth herein.
In the following, embodiments will be described where a stream cipher created from a block cipher is used to provide for an early indication in a receiver node of whether the decryption will be successful or not. The processing of a received packet is based on the indication (e.g. may be adjusted - aborted or re-started with other parameters - or continued).
Figure 1 schematically illustrates an example approach for a transmitter node to encrypt payload data (PL) 102 according to some embodiments. The payload data is provided with a header (HEAD) 101 in accordance with any suitable approach. In the approach of Figure 1, both the header 101 and the payload data 102 are encrypted using a stream cipher (SC) 110a, 110b to provide respective encrypted header (E-HEAD) 111 and encrypted payload data (E-PL) 112.
The encrypted header 111 and encrypted payload data 112 are used as input to an authentication algorithm (AA) 120 to provide an authentication tag (AT) 103. The authentication algorithm may be any suitable authentication algorithm, for example, a MAC or a MIC. Other suitable authentication algorithms are HMAC (hash-based MAC), OMAC (one-key MAC), CMAC (cipher-based MAC), Polyl305, SipHash, etc.
The authentication tag 103 is also encrypted using the stream cipher (SC) 110c to provide an encrypted authentication tag (E-AT) 113. The (unencrypted) header 101, the encrypted payload data 112 and the encrypted authentications tag 113 are then concatenated to provide a packet 100 for transmission.
The stream cipher 110a, 110b, 110c is based on a suitable block cipher, for example AES. Other suitable block ciphers are Blowfish, Twofish, IDEA (International Data Encryption Algorithm), Camellia, etc.
The block cipher is applied to each counter value in a stream of counter values to provide a corresponding stream of encryption blocks, and the stream cipher is created by combining the encrypted counter value with an input stream to be encrypted. The stream of counter values may typically, but not necessarily, comprise consecutive counter values. Principles of an example stream cipher will be further illustrated in connection with Figure 5. In the encryption of the header, one or more encryption blocks may be used depending on the relative sizes of the header and the encryption blocks. Assuming the header is smaller than an encryption block, a single encryption block may be used to encrypt the header and the encryption block 150 used to encrypt the header can be said to comprise a first part 151 used to encrypt the header and a second part 152. More generally, assuming the header is has any size in relation to an encryption block, a one or more encryption blocks may be used to encrypt the header. In any case, the encryption of the header may be arranged such that at least one of the encryption blocks 150 used to encrypt the header can be said to comprise a first part 151 used to encrypt the header and a second part 152.
According to embodiments described herein, this second part 152 (which may come from one or more of the encryption blocks used to encrypt the header) is later used for encryption of at least a portion of the authentication tag. If the second part 152 is smaller than the authentication tag, other encryption blocks are used in addition in the encryption of the authentication tag. Such other encryption blocks may, for example, be provided by counter values between the counter values used for the encryption of the header and the further counter values used for the encryption of the payload data and/or by counter values succeeding the further counter values used for the encryption of the payload data. In any case, as will be seen in the following, the use of the second part for encryption of at least a portion of the authentication tag enables that an early indication may be acquired in the receiver regarding whether or not the processing of the received packet will be successful.
Figure 2 schematically illustrates an example approach for a receiver node of processing a packet 200 (compare with 100 of Figure 1) comprising encrypted payload data (E-PL) 212 according to some embodiments.
The unencrypted header (HEAD) 201 is encrypted using a stream cipher (SC) 210a to provide an encrypted header (E-HEAD) 211 (compare with 110a and 111 of Figure 1). The encrypted header 211 and the received encrypted payload data 212 are used as input to an authentication algorithm (AA) 220 to provide a control authentication tag (CAT) 203 (compare with 120 and 103 of Figure 1). The control authentication tag 203 is also encrypted using the stream cipher (SC) 210c to provide at least a portion 253 of an encrypted control authentication tag (E-CAT) 214. The encryption of the header and the control authentication tag is arranged in the same manner as in Figure 1, i.e. such that the same at least one of the encryption blocks 250 used to encrypt the header comprises a first part 251 used to encrypt the header and a second part 252 used to encrypt the (portion 253) of the control authentication tag.
If the packet is a valid packet (e.g. not from a mimic trying to block the receiver node) and if the initial counter value used by the receiver node for the packet corresponds to the initial counter value used by the transmitter node, a comparison (COMP) 230 between the received encrypted authentication tag 213 and the (portion 253 of) the encrypted control authentication tag 214 will provide a match there between.
Such a match is an early indication that the processing (authentication and/or decryption) of the received packet may be successful and it may be determined (DET) 240 to continue such processing. If the comparison 230 does not show a match, this may be seen as an early indication that the processing (authentication and/or decryption) of the received packet may not be successful (e.g. due to that the packet is not valid and/or that the counter value used by the receiver node differs from that used by the transmitter node) and it may be determined 240 to adjust such processing (e.g. abort or re-start with other parameters, for example another counter value). The early indication may also relate to whether or not the packet is received intact.
The early indication and the use thereof to control the further processing of the received packet decrease computational complexity and/or latency of the receiver node.
Some embodiments may be particularly beneficial in situations where the initial counter value used by the transmitter node is not certainly known in the receiver node. For example, if packets arrive at the receiver node in a different order than indicated by their counter values, if some packets are missing at the receiver node, and/or if some packets are received twice. In such scenarios, the receiver node may guess an initial counter value for processing of the received packet and it may be very valuable if there can be an early indication as to whether the guess was correct or not.
In some embodiments, a portion of one or more of the counter values (typically a portion of the initial counter value) used by the transmitter node for encryption of the packet may be included in the header 101 to make it easier for the receiver node to select a correct initial counter value. In such embodiments, the receiver node may extract the counter value portion from the received header 201 and use the extracted portion (e.g. in combination with knowledge regarding a last used counter value and/or a current value of an internally kept counter) to set the initial counter value.
Figure 3 illustrates an example method 300 for a transmitter node according to some embodiments. The example method may, for example, relate to the principles described in connection with Figure 1. Thus, the method 300 is for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
In step 310, a header associated with the payload data is encrypted by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part (compare with 151 of Figure 1) and a second part (compare with 152 of Figure 1) and wherein only the first part is used by the stream cipher to encrypt the header.
In step 320, the payload data is encrypted by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks.
In step 330, an authentication tag is determined for the payload data based on the encrypted header and the encrypted payload data, and in step 340, the authentication tag is encrypted by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block.
In step 350, the unencrypted header, the encrypted payload data and the encrypted authentication tag are concatenated to provide a packet for transmission, and in optional step 360, the packet is transmitted towards a receiver node. Figure 4 illustrates an example method 400 for a receiver node according to some embodiments. The example method may, for example, relate to the principles described in connection with Figure 2. Thus, the method 400 is for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
In optional step 410, the packet is received, and in step 420, the received header is encrypted by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first part (compare with 251 of Figure 2) and a second part (compare with 252 of Figure 2) and wherein only the first part is used by the stream cipher to encrypt the header.
In step 430, a control authentication tag is determined for the payload data based on the encrypted header and the received encrypted payload data, and in step 440, at least a portion of the control authentication tag is encrypted by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block.
In step 450, the received encrypted authentication tag is compared to the encrypted portion of the control authentication tag, and in step 460, further processing of the received packet is based on the comparison as explained above in connection with Figure 2.
Figure 5 schematically illustrates an example stream cipher (SC) 510 implementation according to some embodiments. In this implementation, the encryption of a stream of plain text content (PT) 502 comprises application of a block cipher (BC, e.g. AES) 520 to each counter value (CTR) 501 in a stream of counter values to provide a corresponding stream of encryption blocks (comprising encrypted counter values, E-CTR) 511. The encryption of the stream of plain text content 502 comprises further comprises application of a stream cipher based on the stream of encrypted counter values 511 to the plain text 502 to provide a stream of encrypted plain text content (E-PT) 512. The application of the stream cipher may be implemented by combining the stream of encrypted counter values 511 and the plain text 502 in a combining circuitry (COMB) 530 (e.g. implementing an exclusive OR - XOR - function).
Figure 6 schematically illustrates an example arrangement 610 for a transmitter node according to some embodiments. The example arrangement may, for example be configured to cause execution (e.g. execute) method steps described in connection with Figure 3. Furthermore, the arrangement may be comprised in a transmitter node. Thus, the example arrangement 610 is for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption.
The arrangement comprises controlling circuitry (CNTR, e.g. a controller) 600 configured to cause execution of the method steps described in connection with Figure 3.
To this end the controlling circuitry 600 may comprise or be otherwise associated with one or more of stream cipher circuitry (SC) 601, authentication circuitry (All) 602, concatenation circuitry (CONC) 603 and transmitting circuitry (TX, e.g. a transmitter), one or more of which may be comprised in the arrangement 610 according to some embodiments.
The stream cipher circuitry is configured to encrypt the header, the payload data and the authentication tag, the authentication circuitry is configured to determine the authentication tag for the payload data based on the encrypted header and the encrypted payload data, and the concatenation circuitry is configured to concatenate the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission, all as described above in connection with Figures 1 and 3.
Figure 7 schematically illustrates an example arrangement 710 for a receiver node according to some embodiments. The example arrangement may, for example be configured to cause execution (e.g. execute) method steps described in connection with Figure 4. Furthermore, the arrangement may be comprised in a receiver node. Thus, the example arrangement 710 is for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag.
The arrangement comprises controlling circuitry (CNTR, e.g. a controller) 700 configured to cause execution of the method steps described in connection with Figure 4.
To this end the controlling circuitry 700 may comprise or be otherwise associated with one or more of stream cipher circuitry (SC) 701, authentication circuitry (All) 702, comparison circuitry (COMP) 703, determination circuitry (DET) 704 and receiving circuitry (RX, e.g. a receiver), one or more of which may be comprised in the arrangement 710 according to some embodiments.
The stream cipher circuitry is configured to encrypt the received header and the portion of the control authentication tag, the authentication circuitry is configured to determine the control authentication tag for the payload data based on the encrypted header and the received encrypted payload data, the comparison circuitry is configured to compare the received encrypted authentication tag to the encrypted portion of the control authentication tag, and the determination circuitry is configured to let further processing of the received packet be based on the comparison, all as described above in connection with Figures 2 and 4.
In some embodiments, a communicator device may be a transmitter node and a receiver node, and may hence comprise both of the arrangements of Figures 6 and 7.
Generally, the transmitter node and/or the receiver node may be a wireless transmitter node and a wireless receiver node according to some embodiments. Alternatively or additionally, the transmitter node and/or the receiver node may be a non-wireless transmitter node and a non-wireless receiver node according to some embodiments.
Generally, when wireless communication is referred to herein, such reference should only be interpreted as one illustrative example of scenarios where embodiments may be applicable. Embodiments may be equally applicable in any type of data communication, for example, electrically wired communication or optical communication (e.g. using a light wave conducting medium such as optical fiber). Example services where embodiments may be applicable also include quick response (QR) codes and short message service (SMS).
The described embodiments and their equivalents may be realized in software or hardware or a combination thereof. The embodiments may be performed by general purpose circuitry. Examples of general purpose circuitry include digital signal processors (DSP), central processing units (CPU), co-processor units, field programmable gate arrays (FPGA) and other programmable hardware. Alternatively or additionally, the embodiments may be performed by specialized circuitry, such as application specific integrated circuits (ASIC). The general purpose circuitry and/or the specialized circuitry may, for example, be associated with or comprised in an apparatus such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node.
Embodiments may appear within an electronic apparatus (such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node) comprising arrangements, circuitry, and/or logic according to any of the embodiments described herein. Alternatively or additionally, an electronic apparatus (such as a transmitter and/or receiver node, e.g. a wireless communication device or a network node) may be configured to perform methods according to any of the embodiments described herein.
According to some embodiments, a computer program product comprises a computer readable medium such as, for example a universal serial bus (USB) memory, a plug-in card, an embedded drive or a read only memory (ROM). Figure 8 illustrates an example computer readable medium in the form of a compact disc (CD) ROM 800. The computer readable medium has stored thereon a computer program comprising program instructions. The computer program is loadable into a data processor (PROC) 820, which may, for example, be comprised in a transmitter and/or receiver node, e.g. a wireless communication device or a network node 810. When loaded into the data processing unit, the computer program may be stored in a memory (MEM) 830 associated with or comprised in the data-processing unit. According to some embodiments, the computer program may, when loaded into and run by the data processing unit, cause execution of method steps according to, for example, any of the methods illustrated in Figures 3-4 or otherwise described herein. Generally, all terms used herein are to be interpreted according to their ordinary meaning in the relevant technical field, unless a different meaning is clearly given and/or is implied from the context in which it is used.
Reference has been made herein to various embodiments. However, a person skilled in the art would recognize numerous variations to the described embodiments that would still fall within the scope of the claims.
For example, the method embodiments described herein discloses example methods through steps being performed in a certain order. However, it is recognized that these sequences of events may take place in another order without departing from the scope of the claims. Furthermore, some method steps may be performed in parallel even though they have been described as being performed in sequence. Thus, the steps of any methods disclosed herein do not have to be performed in the exact order disclosed, unless a step is explicitly described as following or preceding another step and/or where it is implicit that a step must follow or precede another step.
In the same manner, it should be noted that in the description of embodiments, the partition of functional blocks into particular units is by no means intended as limiting. Contrarily, these partitions are merely examples. Functional blocks described herein as one unit may be split into two or more units. Furthermore, functional blocks described herein as being implemented as two or more units may be merged into fewer (e.g. a single) unit.
Any feature of any of the embodiments disclosed herein may be applied to any other embodiment, wherever suitable. Likewise, any advantage of any of the embodiments may apply to any other embodiments, and vice versa.
Hence, it should be understood that the details of the described embodiments are merely examples brought forward for illustrative purposes, and that all variations that fall within the scope of the claims are intended to be embraced therein.

Claims

1. A method for a transmitter node configured to transmit packets (100) of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, the method comprising: encrypting (310) a header (101) associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one (150) of the one or more encryption blocks comprises a first part (151) and a second part (152) and wherein only the first part is used by the stream cipher to encrypt the header; encrypting (320) the payload data (102) by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks; determining (330) an authentication tag (103) for the payload data based on the encrypted header and the encrypted payload data; encrypting (340) the authentication tag (103) by providing the authentication tag as the input of the stream cipher based on at least the second part (152) of the particular encryption block; and concatenating (350) the header (101), the encrypted payload data (112) and the encrypted authentication tag (113) to provide a packet for transmission.
2. The method of claim 1 further comprising letting the header comprise a portion of one of the one or more counter values.
3. A method for a receiver node configured to receive, from a transmitter node, packets (200) of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag, the method comprising: encrypting (420) the received header (201) by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one (250) of the one or more encryption blocks comprises a first part (251) and a second part (252) and wherein only the first part is used by the stream cipher to encrypt the header; determining (430) a control authentication tag (203) for the payload data based on the encrypted header (211) and the received encrypted payload data (212); encrypting (440) at least a portion of the control authentication tag (203) by providing the control authentication tag as the input of the stream cipher based on at least the second part (252) of the particular encryption block; comparing (450) the received encrypted authentication tag (213) to the encrypted portion of the control authentication tag (214, 253); and letting (460) further processing of the received packet be based on the comparison.
4. The method of claim 3 further comprising extracting a portion of one of the one or more counter values from the received header.
5. A computer program product comprising a non-transitory computer readable medium
(800), having thereon a computer program comprising program instructions, the computer program being loadable into a data processing unit and configured to cause execution of the method according to any of claims 1 through 4 when the computer program is run by the data processing unit.
6. An arrangement for a transmitter node configured to transmit packets of encrypted payload data towards a receiver node, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, the arrangement comprising controlling circuitry (600) configured to cause: encryption of a header associated with the payload data by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header; encryption of the payload data by applying the block cipher to one or more further counter values to provide corresponding one or more further encryption blocks and providing the payload data as the input of the stream cipher based on the one or more further encryption blocks; determination of an authentication tag for the payload data based on the encrypted header and the encrypted payload data; encryption of the authentication tag by providing the authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block; and concatenation of the header, the encrypted payload data and the encrypted authentication tag to provide a packet for transmission.
7. A transmitter node comprising the arrangement of claim 6.
8. An arrangement for a receiver node configured to receive, from a transmitter node, packets of encrypted payload data, wherein encryption comprises application of a block cipher to a counter value to provide an encryption block and application of a stream cipher based on the encrypted counter value to an input provided for encryption, and wherein a received packet comprises, in concatenation, a header associated with the payload data, the encrypted payload data and an encrypted authentication tag, the arrangement comprising controlling circuitry (700) configured to cause: encryption of the received header by applying the block cipher to one or more counter values to provide corresponding one or more encryption blocks and providing the header as the input of the stream cipher based on the one or more encryption blocks, wherein a particular one of the one or more encryption blocks comprises a first and a second part and wherein only the first part is used by the stream cipher to encrypt the header; determination of a control authentication tag for the payload data based on the encrypted header and the received encrypted payload data; encryption of at least a portion of the control authentication tag by providing the control authentication tag as the input of the stream cipher based on at least the second part of the particular encryption block; comparison of the received encrypted authentication tag to the encrypted portion of the control authentication tag; and further processing of the received packet to be based on the comparison. 9. A receiver node comprising the arrangement of claim 8.
PCT/SE2018/051318 2017-12-18 2018-12-14 Encryption methods and devices WO2019125290A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1751566A SE1751566A1 (en) 2017-12-18 2017-12-18 Encryption methods and devices
SE1751566-9 2017-12-18

Publications (1)

Publication Number Publication Date
WO2019125290A1 true WO2019125290A1 (en) 2019-06-27

Family

ID=66998027

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2018/051318 WO2019125290A1 (en) 2017-12-18 2018-12-14 Encryption methods and devices

Country Status (2)

Country Link
SE (1) SE1751566A1 (en)
WO (1) WO2019125290A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110381067A (en) * 2019-07-24 2019-10-25 北京视界云天科技有限公司 IP packet encryption method, decryption method and its device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044651A1 (en) * 2000-05-16 2002-04-18 Tuvell Walter E. Method and apparatus for improving the security of cryptographic ciphers
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7200227B2 (en) * 2001-07-30 2007-04-03 Phillip Rogaway Method and apparatus for facilitating efficient authenticated encryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044651A1 (en) * 2000-05-16 2002-04-18 Tuvell Walter E. Method and apparatus for improving the security of cryptographic ciphers
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Information technology - Security techniques - Authenticated encryption", INTERNATIONAL STANDARD, ISO/IEC 19772/2009, 15 February 2009 (2009-02-15), pages 1 - 29, XP082001313 *
OSZYWA W. ET AL.: "Combining message encryption and authentication", ANNALES UMCS INFORMATICA, vol. 11, no. 2, 1 January 2011 (2011-01-01) - June 2011 (2011-06-01), pages 6179, XP055619940 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110381067A (en) * 2019-07-24 2019-10-25 北京视界云天科技有限公司 IP packet encryption method, decryption method and its device
CN110381067B (en) * 2019-07-24 2022-02-08 北京视界云天科技有限公司 IP packet encryption method, decryption method and device thereof

Also Published As

Publication number Publication date
SE1751566A1 (en) 2019-06-19

Similar Documents

Publication Publication Date Title
US10623176B2 (en) Authentication encryption method, authentication decryption method, and information-processing device
US9674204B2 (en) Compact and efficient communication security through combining anti-replay with encryption
US9166793B2 (en) Efficient authentication for mobile and pervasive computing
US20130195266A1 (en) Apparatus and Method for Producing a Message Authentication Code
US20180294968A1 (en) Methods and systems for improved authenticated encryption in counter-based cipher systems
CN109981285B (en) Password protection method, password verification method and system
US10412069B2 (en) Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
JP6190404B2 (en) Receiving node, message receiving method and computer program
US10050964B2 (en) Method and system for securing data communicated in a network
JP2012527190A (en) System and method for securely identifying and authenticating a device in a symmetric encryption system
CN104618498A (en) Data resource synchronizing method and server
KR101608815B1 (en) Method and system for providing service encryption in closed type network
CN112910650B (en) Authenticated encryption and decryption method and system
KR101615289B1 (en) Message authentication using a universal hash function computed with carryless multiplication
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
US8793505B2 (en) Encryption processing apparatus
CN112738037B (en) Data encryption communication method
WO2019125290A1 (en) Encryption methods and devices
US10200356B2 (en) Information processing system, information processing apparatus, information processing method, and recording medium
JP2010011122A (en) Encrypted packet processing system
CN113302961B (en) Safety beacon
EP2683112B1 (en) Secure message transmission
Park et al. A study on the processing and reinforcement of message digest through two-dimensional array masking
CN113904789B (en) Encryption method, equipment and storage medium of railway safety communication protocol
Ayane et al. Message Authentication in wireless Networks using HMAC algorithm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18892229

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/09/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18892229

Country of ref document: EP

Kind code of ref document: A1