[go: up one dir, main page]

WO1993009627A1 - Appareil et procede cryptographiques pour reseau de transmission de donnees - Google Patents

Appareil et procede cryptographiques pour reseau de transmission de donnees Download PDF

Info

Publication number
WO1993009627A1
WO1993009627A1 PCT/CA1992/000486 CA9200486W WO9309627A1 WO 1993009627 A1 WO1993009627 A1 WO 1993009627A1 CA 9200486 W CA9200486 W CA 9200486W WO 9309627 A1 WO9309627 A1 WO 9309627A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
packet
bit
encryption
Prior art date
Application number
PCT/CA1992/000486
Other languages
English (en)
Inventor
Ernest Stewart Lee
Philip Martin Thompson
Original Assignee
Ernest Stewart Lee
Philip Martin Thompson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ernest Stewart Lee, Philip Martin Thompson filed Critical Ernest Stewart Lee
Publication of WO1993009627A1 publication Critical patent/WO1993009627A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the present invention relates to a method and apparatus for encrypting and transmitting data.
  • An alternative technique is to generate a key from a central unit and transmit it over the network. This, however, requires the transmission to be secure and requires the central unit to be operational at all times. A failure of the central unit disables the generation of new keys and may render the domain vulnerable.
  • the present invention provides a security device at each host in a security domain which uses a key in combination with a specific mathematical function to provide an encrypting bit stream as data is received.
  • the bit stream is then used in an encrypting function to encrypt and decrypt data as it is received.
  • the key is modified by the mathematical function to generate the encrypting bit stream.
  • the mathematical function includes a register containing a secure, secret bit sequence.
  • the key is used to generate an address for the register and extract the contents of the register for use in the mathematical function.
  • each device may generate a data packet that is used in part as the key and in part as the data in an encryption process.
  • the resulting encrypted data is then used as a new key. Because the new key has been generated using a "secret" peculiar to the security domain, the key will also be peculiar to that domain. In this way, keys may be transmitted without encryption but still provide distinct unpredictable keys in a particular domain.
  • Figure 1 is a schematic representation of a network having a plurality of security domains
  • Figure 2 is a representation of a security device used in the network of Figure 1;
  • Figure 3 is a schematic representation of the operation of the device shown in Figure 2 to encrypt data
  • Figure 4 is a schematic representation of the format of a packet distributed on the network of Figure
  • FIG. 5 is a schematic representation of the operation of the device shown in Figure 2 using the packet of Figure 4;
  • Figure 6 is a schematic representation, similar to Figure 3, of an alternative embodiment.
  • Figure 7 is a representation of the operation of the embodiment of Figure 6 similar to Figure 5.
  • a local area network 10 in Figure 1 comprises a data channel 12 to permit the transfer of packets of data between a plurality of host computers 14, such as a computer or computer terminal.
  • host computers 14 such as a computer or computer terminal.
  • Individual hosts will be identified with alphabetic suffixes, i.e 14a, 14b, etc.
  • Each of the hosts 14 requiring a cryptographic facility is connected to the data channel 12 through a security device 16 which is operable to encrypt data transmitted by a host 14 or decrypt data received by the host 14.
  • Those hosts not requiring encryption, such as, for example, 14g are connected directly to the channel 12.
  • Data is transmitted in the channel in frames consisting of a preamble of a particular sequence of bits followed by a data packet.
  • the packet consists of destination address (typically 48 bits) , a source address, the packet length and the information to be transmitted. The information will be followed by a cyclic redundancy check (CRC) of the data transmitted on the channel 12.
  • CRC cyclic redundancy check
  • the first bit of the destination address will indicate whether the packet is to be broadcast on the network or is to be locally directed to a particular host.
  • the exchange of data between the host 14 and the security device 16 and between the device 16 and the channel 12 is regulated by a conventional communications interface 15 operating on an established protocol as is well known in the art and will not be described further.
  • Each of the devices 16 performs a similar cryptographic operation on the data. However, to divide the network 10 into a plurality of distinct security domains 18a,18b, indicated by chain dot lines, the encryption keys used in the devices 16 of each domain 18 are different. Thus, encrypted data may be sent between hosts 14 of the same domain and will be received by hosts of different domains. However, these other hosts will not decrypt the data correctly.
  • Each of the devices 16 operates in a similar manner and therefore its operation in encrypting and decrypting data will be described in detail first. Thereafter, the interaction of the devices within the network will be described.
  • each of the devices 16 includes an encryption module 20 having a key register 22 which stores a 128 bit encryption key.
  • the key is identical in each operable device 16 in the same security domain 18.
  • the key will be changed periodically within the domain and will also change as the encryption proceeds.
  • a 32 bit key sequence number is associated with each key and stored in a register 25.
  • the encryption module 20 operates under the control of the interfaces 15 to intercept data flowing between the host 14 and data channel 12 to perform an encryption process so as to encrypt and decrypt the data as it passes through the device 16.
  • the device 16 also includes a key generator module 33 that is used to change periodically the key in the register 22 in a manner to be described below.
  • the key stored in register 22 is used by each of a pair of parallel processing paths in each device 16 indicated as "B" and "L". However, only one path will be described in detail, as the processing is identical in both.
  • the bits of register 22 are initially transferred into an active register 23 where they are subdivided into discrete groups to provide 16 8-bit addresses, A 0 to A 15 .
  • Each address A contains an 8-bit word formed from 8 successive bits of the key in register 22.
  • a 1 x 256 bit register 24 is associated with each of the addresses A which together provide a primary memory 25.
  • Each register 24 uses a respective one of the 8-bit words from the active register 23 as its read address.
  • the 256 bit sequence in each register 24 in the primary memory 25 is maintained secret prior to and after installation.
  • the sequence in a register 24 is different to any other bit sequence in the other registers 24 of the same primary memory 25.
  • _ the bit sequence in the register 24 in path B associated with address A n will, in general, be different to the corresponding register 24 in path L.
  • the bit sequence in corresponding registers 24 in different devices 16 in the same domain 18 will be the same.
  • the bit sequence in register 24 in path B associated with address A 0 in device 16a will be identical to the bit sequence in register 24 in path B associated with address A Q in devices 16c,16d.
  • Each register 24 outputs a single bit contained at the address corresponding to the bit sequence in the associated address A so that a total of 16 bits are outputted by registers 24 of primary memory 25.
  • the 16 bits are grouped into two 8-bit words and each is used as the address for a respective 1 x 256 bit register 26 which together form a secondary memory 29.
  • the bit sequence in each of the registers 26 in the same device is in general different and secret. However, it is identical to the corresponding register 26 in the secondary memory 29 in all other devices 16 of the same domain 18.
  • Each of the registers 26 outputs a single bit indicated as P,Q corresponding to the address designated by the 8-bit word.
  • a pair of PQ bits is similarly generated from the parallel processing path L and each pair of bits is applied to a switch 27 which selects one of the pair of P,Q bits. If the destination address indicates that the packet is to be broadcast, the output of path B is selected, and conversely a local destination address ensures that path L is selected.
  • the bits selected by switch 27 are applied to an exclusive OR function 28 which generates a single output bit identified as FEK and used to encrypt incoming data.
  • the FEK bit is applied as one input to an exclusive OR (XOR) function 30.
  • a bit of the data stream received at the device 16 from associated host 14 to be encrypted is applied to the other input of XOR function 30 so that the output is encrypted data that is the product of the exclusive OR function of the FEK bit and the data.
  • the encrypted bit is then transmitted from the device 16 to the channel 12.
  • the selected P and Q bits are also applied to a 2 x 4 truth table 32.
  • Table 32 produces a different 4- bit output for each combination of P and Q. Thus, if P and Q are both 0, the 4-bit output may be 1010, whereas if P is 1 and Q is 0, the output may be 0110. It is preferred that output combinations having two l's and two 0*s are used.
  • the output of table 32 is replicated 4 times and distributed through a 128-bit sequence that is stored in an adder 34.
  • Adder 34 is used to increment the active register 23 so that each 8-bit cell of the register 23 will be incremented by one bit of the output of table 32.
  • the bits in address A 03478 15 will not be changed but the bits in address A 125691013 u will be incremented by 1.
  • an address A that has all l's is incremented, its value will reset to all O's with no overflow.
  • the encrypted packet has appended to it a CRC field so that the encrypted packet will seem normal to any computers, such as 14g of Figure l, that does not connect to the network 12 through a security device 16.
  • This extra CRC has no other purpose. It is ignored by the security devices 16 that receive the frame containing the packet.
  • the encrypted frame is composed of a preamble followed by the encrypted packet and the appended CRC. This encrypted frame is transmitted on the channel 12 in the normal way that unencrypted frames are transmitted.
  • the same process is used to decrypt the data as it is received by a security device 16 in the same domain on the channel 12. If a meaningful decryption can be made, the key in register 22 will correspond to the key first used to encrypt a bit of the packet. The FEK bit initially generated by the key will therefore correspond to the FEK bit initially used to encrypt the data.
  • the original data is obtained. Since the XOR function is reversible by a second encryption with the same key, the original bit stream results after the decryption provided the contents of the secret registers 24,26 are the same in the decrypting device as they were in the encrypting device.
  • packets may be encrypted from the same initial key with the key changing bit by bit within a packet and also changing on a packet-to-packet basis.
  • the destination address of a data packet will indicate whether the data is to be broadcast to each host 14 within a domain or to a specific host, i.e. local transfer, within the domain.
  • each host 14 within the domain will receive the data decrypted by its associated device 16 and, upon completion of the packet, will update the key in register 22.
  • Devices 16 associated with hosts outside the domain will also receive the data packet but an attempt to decrypt the data will result in an incorrect CRC because the secret in their broadcast path B is different.
  • the decrypted destination address that is generated bit-by-bit is compared bitwise with the network address of the associated computer 14 to which the frame containing the decrypted packet is being sent. As this bitwise comparison is taking place, the first 47 bits of the destination address of the associated computer replace the actual destination bits of the packet and are forwarded to the computer in their place.
  • the result of the bitwise comparison shows that the decrypted destination address is exactly that of the associated computer 14, the 48th and last bit of its own destination address is sent to the computer, and the decrypted packet is sent bit-by-bit to the computer up to but not including the CRC that was added during encryption. If the result of the bitwise comparison shows that any bit of the decrypted destination address in the incoming packet differed from the corresponding bit in the network address of the computer, the 48th and last bit of the destination address that is sent to the computer is the complement of the 48th bit of the last bit of its network address, and a standard pattern of bits, one pattern bit for each incoming packet bit, is forwarded to the computer 14 instead of the decrypted packet.
  • the standard pattern is followed by an appropriate and correct CRC at the point where the CRC appears in the packet before ' encryption.
  • the standard pattern is preferably chosen to make this CRC easier to compute.
  • each encrypted packet includes a CRC of the data as transmitted. This permits hosts without a device 16, such as host 14g, to process the packet through its interface and also permits the distribution of unencrypted packets throughout the network as may be desirable but only among those computers not attached to the network through a security device 16.
  • the key generation module 33 in each device 16 is used to generate periodically a key distribution packet that is transmitted over the data channel 12 and processed by the devices 16 in the same domain to generate a new key in a manner to be described below assuming that one of the devices 16 has control of the channel 12 in a collision-free manner.
  • the key distribution packet must be compatible with normal data packets and therefore has a similar format. However, indicators within the packet are used to identify it to other devices 16 as a key distribution packet and ensure that it is processed by the module 33 to generate the new key.
  • Each packet has a minimum bit length (in this example, 512 bits) and is arranged in notional blocks of bits. The packet will of course be preceded by a preamble as is usual.
  • the first two blocks of the packet are each 48 bits and are respectively the destination address block 35 and the source address block 36. When normal data is to be transmitted, each address block 35,36 will be a 48 bit code indicative of the destination and source computer respectively.
  • the first bit of destination address block 35 indicates whether or not the packet is to be processed by the broadcast path B, indicated with a "1", or by the local path L, indicated with a "0".
  • the second bit of the addresses 35,36 is used to indicate whether or not the frame identification is under local control (1) or is a worldwide unique code (0) .
  • worldwide unique codes will be indicated and followed by a 46-bit host computer address.
  • the destination address block 35 would commence with 00 or 01 and is followed by a 46 bit address for the recipient host computer 14.
  • the destination address block 35 would be constituted by a 1 followed by 47 bits, typically all "l's".
  • a source address block 36 follows the destination address block 35 and is used to indicate the origin of the data packet.
  • the source address will always begin with an "00" or "01” and will be followed by a 46 bit identifier code uniquely identifying the source computer.
  • KDP key distribution packet
  • Module 33 has special address contents for both destination address and source address stored in an address register 51 in the module 33 and is recognized as a key distribution packet by these contents.
  • the destination address of a KDP could be 48 "1" bits, indicating a broadcast packet but it is preferred to use a special destination address peculiar to a KDP.
  • the source address 36 of a KDP is a specific bit pattern, beginning with "00 u and followed by a 46-bit identifier code reserved for this purpose.
  • the 48 bits of the destination address and 46 bits for the source address can be chosen during device manufacture. They will, however, be worldwide unique to a particular network; that is, all the devices 16 attached to the network and intended to change their keys synchronously will be identified with the same code. Typically, this will be limited to single domain. The worldwide uniqueness of the identifier codes is assured because these bit combinations are regulated by an international organization such as the IEEE.
  • the identifier code used as the destination and source address will be indicative of a message originating at a security device 16 and therefore is a prime indication that the packet is a key distribution packet. Therefore, by using the 48-bit destination and source addresses, it is possible to distinguish a key distribution packet from a normal data packet.
  • the packet length is indicated by a 16-bit packet length block 37 which, with normal data packets, precedes the information to be transmitted.
  • the packet length block 37 is followed by a 32-bit key sequence number block 38 derived from the key sequence register 25 in encryption module 20 of the device 16 generating the KDP.
  • the data in key sequence number register 25 is incremented by 1 for insertion in block 38 so that as the keys are updated in a domain 18, the key sequence number used in that domain changes in a controlled manner.
  • Each host computer in the same domain should be operating with the same key sequence number.
  • the key sequence number block 38 is followed by a 96 bit data block 40 and a 128-bit data block 42 separated by a fixed length padding block 45.
  • the data in blocks 40,42,45 is generated pseudo-randomly by a random number generator 53 in the key generator module 33 in the security device 16 that originated the KDP.
  • the next data block 43 is 128 bits long, also obtained from the random number generator 53 in the security device 16 that originated the KDP. It is followed by a fixed length padding block 45 and a data field called the CRC frame integrity block 44 derived by the transmitting security device 16 during transmission of the KDP.
  • the CRC frame integrity block 44 has to be generated and this is done by utilizing the encryption module 20 in the generating security device.
  • the key sequence number 38 and the data block 40, totalling 128 bits are loaded into the key register 23.
  • the normal FEK encryption mechanism 20 is used, with the B path selected by switch 27, to encrypt the incoming 128 bit data block 42 and to place the 128 bit result into a holding register 50 in module 33.
  • the contents of register 50 are then transferred to register 23, and this new key is used to encrypt data block 43.
  • a cyclic redundancy check (CRC) of these encrypted bits is performed as the encryption proceeds and is used as the transmitted frame integrity block 44.
  • CRC cyclic redundancy check
  • Data blocks 40, 42, 43 and 44 are separated by the fixed length fields 45 to allow time for processing in the originating and receiving security devices 16.
  • the packet is completed by a padding block 46 to satisfy the minimum length requirements of the protocol and a 32 bit CRC block 48 that is generated from the bits of the packet as transmitted to check for error- free transmission.
  • the key generator module 33 is activated to transmit a key distribution packet under the control of a timer 62 and attempts to gain access to the line 12. Assuming that access is obtained, the key distribution packet is generated and transmitted over link 12 to be received at other security devices 16 on the channel 12. It is identified by each of the security devices 16 as a KDP because of the bit combination of the broadcast destination address 35 and the source address block 36.
  • the key sequence number in block 38 is compared with that in register 25 in the receiving security device 16 and if the new key sequence number is greater than the existing one, the production of a new key proceeds. If the key sequence number is not greater than the existing one, the KDP will be ignored.
  • the device 16 will maintain a data stream to the associated host 14 to prevent generation of new packets from the computer interfering with the key generation.
  • a similar process is followed to that used to generate the CRC frame integrity block 44 to generate a new key.
  • the new key sequence number block 38 and data block 40 are loaded into the register 23 and used as the active key to encrypt the data block 42.
  • the resulting encrypted data is stored in the register 50 as the potential new key which should correspond with the contents of the register 50 in the generating device 16.
  • the contents of register 50 are transferred to the active register 23 and used as the key to encrypt the data block 43.
  • a CRC is performed on the 128 bits of the block 43 and the result compared with the frame integrity block 44. If these are identical, the transmitting and receiving security devices must have the same B path memories 24,26 contents, and assuming physical security is adequate, the receiving device 16 is in the same domain as the generating device 16 and the contents of register 50 are transferred to the register 22.
  • the key sequence number in register 25 is also replaced by the new key sequence number and each device in the same domain is operating with a new but identical key. Thereafter, normal data may be transferred within the domain.
  • a secure key is generated in each security domain by virtue of the unique secure bit sequences used to generate the FEK bit. If a packet appears to be a KDP but its key sequence number is not greater than the sequence number of the key it is using, or if a packet appears to be a KDP but the integrity block 44 does not satisfy the comparison described, or if the packet appears to be a KDP but the overall packet CRC does not work out as it should, then some flaw has been detected in the packet. In all cases, invalid key sequence number, invalid integrity block 44, or invalid packet CRC, the packet is ignored and no change is made to the key register 22 or key sequence number 25.
  • each of the security devices 16 has the capability of generating a key distribution packet. It is, however, possible to provide a central control to generate such packets if preferred. Because each of the devices 16 has the capability of generating a new key, the timer 62 in key generation module has a variable countdown period to ensure that one device 16 does not monopolize generation of the key distribution packets. After a particular device has gained access to the channel 12 and transmitted a new key, timer 62 of that device 16 is reset to an initial period (60-j ⁇ 5) seconds where ⁇ is an arbitrary time, e.g. 100 ⁇ s, and j is an integer that initially is zero.
  • a signal is also applied to the timer 62 to increase the value of j by 1, i.e. decrease the interval set by the timer 62.
  • the interval set by timer 62 will progressively decrease and ensure that eventually its associated device 16 will gain access.
  • a reset signal resets timer 62 to the initial maximum countdown period. If a collision is detected during transmission of the key generation packet, the timer 62 is reset to its previous value. This preserves the status of the device 16 in the key generation process and also avoids progressively decreasing intervals between unsuccessful attempts. This would tend to cram a network being utilized near its maximum capacity.
  • timer 62 is conditioned to calculate an increasing time-out interval.
  • timer 62 sets the timeout counter at (60+jC) seconds where ⁇ is a function of the serial number of the unit 16 in which the module 33 is located. This will always be greater than the interval set by the counter 62 of a previously connected host 14 and therefore a new key will be received before the timer of the new device counts down.
  • the discrepancy between key serial numbers is ignored and, provided the CRC frame integrity blocks 44 are the same, indicating a common domain, the transmitted key serial number is adopted and entered in the register 25.
  • GENERAL OPERATION In operation, therefore, a host 14 that wishes to transmit data over the channel 12 will monitor network usage through the interfaces 15. According to its normal protocol, it will choose a time to transmit the frame containing the packet so as to minimize interference with other such frames. As the frame is received in the security device 16, it is encrypted by the encryption unit 20 and transmitted on the network 12.
  • the first bit of the destination address is not encrypted so that when it is received, it can be identified as a broadcast packet, encrypted through the B path of the unit 20 or a local packet, encrypted through the L path of the FEK unit.
  • the received data is decrypted by the decryption unit 20 and its destination address 35 examined to determine if it is intended for the associated host 14. If it is, the decrypted data passes through the communications interface 15 to the host 14. If the destination address indicates that the message is not intended for the associated host 14, the packet is ignored but the interface unit 15 maintains a data stream to the host to prevent the host requesting access to the link 12 and initiating a collision.
  • Data received by devices 16 or unprotected hosts 14 outside the security domain of the originating host 14 will not be able to decrypt the data as the keys and the contents of registers 24,26 will differ.
  • a signal requesting access to the channel 12 is sent to the interface 15. If the data channel 12 is busy, the access is refused and the timer is reset to its previous value. If the data channel 12 is available, the generation of a key generation packet is initiated and transmitted over the channel 12. Devices 16 in the same domain will recognize it as a key generation packet and proceed to generate a new key as detailed above.
  • the timer 62 is reset to the maximum period and the timers 62 in each of the other devices are rest to a reduced interval.
  • the network 10 is self-sustaining in that new keys may be periodically generated by any of the security devices 16.
  • the generation of different keys in each security domain enables a key generator packet to be broadcast throughout the network from any of the devices without compromising the security.
  • the integrity of the domain is maintained by ensuring that the devices 16 are tamperproof and do not require modification of the hosts 14 or data channel 12.
  • the encryption algorithm ensures progressively varying encryption keys that are periodically changed and therefore, in practical terms, entirely secure.
  • the secrets in registers 24 and 26 in broadcast path and local path of domain are different to those of other domains.
  • the keys are generated on a domain-by-domain basis.
  • the present arrangement has the flexibility to accomodate this by providing common registers in the broadcast path of all domains but retaining differences between domains in the local path.
  • the key distribution packet will then be recognized and processable by all devices 16 in the network to generate a common key provided its CRC block 44 is derived from an encryption in the B path. Even though a common key is used, secure transmission can still occur within the domain by using the local path.
  • FIG. 6 A further embodiment of the security device 16 is shown in Figures 6 and 7, with Figure 6 schematically illustrating its operation during encryption and decryption, and Figure 7 illustrating the generation of and distribution of new keys.
  • Components having a similar function to those described in the embodiments of Figures 1 through 5 will be identified with like reference numerals with a suffix "a" added for clarity.
  • an active register 23a is formed from three linear recurring sequence registers (LRS) each of which contains a portion of the key.
  • the LRS register is a commercially available register having the facility for internal feedback connections between cells of the register and may be arranged to ensure that no repetition of the sequence within the register occurs within 2 32 bits. Such registers are readily available.
  • a first register 70 is identified as the key distribution frame (KDF) register and contains the key distribution frame sequence number that is transmitted with a key distribution frame as will be described in further detail below.
  • the second register 72 is identified as a successful frame count register (SFC) and its contents are initially derived from the transmission of a key distribution frame. The contents of the SFC register 72 are incremented after a frame has been transmitted and for the purposes of the protocol, it is assumed that the transmission of 512 bits indicates that a frame has been transmitted successfully. The count in the SFT register 72 is incremented after each frame.
  • the third register 74 is identified as the FEK bit count register (FBC) and its contents are also generated during distribution of a key distribution frame.
  • the contents of the FBC register 74 are incremented by 1 after each generation of a FEK bit so that during transmission of a frame, the contents of the FBC register 74 are continuously changing.
  • a backup register 76 stores the initial value of the FBC register 74 and reloads it after the transmission of each frame. This is necessary as the contents of the FBC register will be incremented even if the transmission of the frame is terminated due to a collision with another frame and so the contents of the register 74 in one security device would differ from that in other security devices in the same domain. Accordingly, by reloading the initial value of the FBC register at the start of each frame, all devices in the domain will have the same contents for the active register 23.
  • the contents of the active register 23 are used to derive an address for each of the columns in a primary memory 25a.
  • Each column 24a of memory 25a corresponds to a register 24 shown in Figure 3 and provides a single bit output for each address.
  • the address for each column 24a is derived from a 96 bit address register 78 which receives the bits of each of the registers 70,72,74.
  • the bits of the registers 70 through 74 are interleaved in the primary memory address 78 such that two bits from the register 70 are followed by two bits from the register 72 which in turn is followed by two bits from the register 74. Six such bits are then grouped to provide a six-bit address for a respective register 24a.
  • Each of the columns 24a has a distribution of l's and O's which is approximately equal and each of the columns 24a has a combination that is secret and preferably different from any other column in the primary memory 25a. As before, however, each of the columns 24a in one of the devices 16 will have a corresponding register 24a in another of the devices 16 in the same domain and sharing the same secret.
  • the output from the primary memory 25a is a 16-bit address which is used to address a 1 x 2 16 secondary memory 29a.
  • the contents of the secondary memory 29a are also secret but identical with other devices in the same domain and have a substantially equal distribution of l's and O's within the memory.
  • the output from the secondary memory 29a is a single FEK bit which is exclusive OR'D at the XOR function 30a with incoming data. Encrypted data is then transmitted as the outgoing bit stream.
  • a frame detector 80 Upon successful transmission of 512 bits, a frame detector 80 assumes that a successful frame transmission has occurred and, upon detection of the start of the next frame, will increment the contents of the SFC register 72 by 1. The detection of a start frame delimiting pattern in the preamble of a frame will also reload the contents of the FBC register 74 so that the initial address in the primary memory address 78 will differ from frame to frame. The contents of the KDF sequence number register 70 remain constant until such time as a new key is distributed over the network. It will be seen, however, that the FEK bit is generated from a dynamic key to generate the addresses for two memories, the contents of which are secret. KEY GENERATION The generation of the key is again accomplished by any of the security devices 16 as will be described with reference to Figure 7.
  • the format of the frame distribution packet is generally similar to that shown in Figure 4 and includes a preamble followed by a start frame delimiter sequence followed by a destination address 35a.
  • the destination address 35a indicates that the frame is to be broadcast within the domain and is followed by a source address 36a.
  • the source address 36a is derived from a register equivalent to the address register 51 in Figure 2 and identifies to the recipients of the frame that the frame is a key distribution packet.
  • the recognition of the source address 36a causes the contents of the registers 70,72,74 to be temporarily stored in parallel registers 70a,72a,74a so that if the frame is not correctly received, the previous contents of the active register 23a can be restored.
  • the recognition of the source address 36a also initializes the LRS 70,72,74 so that they contain a full count of l's.
  • a pad 37a is provided between the source address and the KDF sequence number 38a to allow for the initialization of the registers.
  • the KDF sequence number is the contents of the KDF register 70 incremented by 1 and is initially compared with the existing contents of the register 70 to ensure that it is a valid key sequence number. Assuming that it is, the new key distribution sequence number 38a is loaded into the KDF register 70.
  • the KDF sequence number 38a is a 64-bit sequence which is loaded into the register to initialize a new sequence of bits in the register. This sequence will be identical for each device 16 in the same domain.
  • the contents of the registers 72 and 74 are still all l's.
  • a pad is provided after the KDF and is then followed by a data field 40a.
  • the data field 40a is a random sequence of 64 bits generated by the random number generator 53 in Figure 2. This sequence of bits is fed through the XOR 30a and encrypted by a sequence of FEK bits produced using the contents of the registers 70,72,74 to generate the addresses for memories 25a and 29a.
  • the first 32 bits of encrypted data are fed into the SFC register 72 to generate a new SFC.
  • the generation of a FEK bit from the secondary memory 82 also increments the FBC register 74 so that its contents are changing as the first 32 bits are fed through the XOR gate 30a.
  • the next 32 bits are also encrypted and are exclusive OR'D with the FEK bit count to increment the FBC register 74.
  • the frame distribution packet After the random data 40a has been processed, the frame distribution packet includes a pad 45a followed by a data field 42a made up of 512 bits generated by the random number generator 53.
  • the purpose of the second data field 42a is to check the integrity of the frame distribution packet by means of the integrity CRC 44a appended to the packet. This check is done, and indeed the ICRC 44a is generated using an ICRC generator 84 which is a 32-bit LRS register similar to that used for the registers 70,72,74.
  • Each of the bits of the random field 42a is encrypted with the FEK bit by the XOR gate 30a and fed to the ICRC generator 84.
  • This is initially set at a full count - that is, all l's - and is incremented by the value of the encrypted bit.
  • the contents of the ICRC generator 84 should match those of the ICRC field 44a. The contents are compared, and if the patterns are identical, it is assumed that the frame distribution packet has been transmitted satisfactorily.
  • the value of the FBC register 74 is then stored in the FBC register 76 and the contents of the registers 70,72,74 operate as the new key.
  • the primary memory and secondary memory 25a,29a will have different secrets and therefore will not generate a new key in which the ICRCs are matched. This is because the ICRC is generated using the encryption keys that are peculiar to a particular domain.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention se rapporte à un réseau de transmission de données (12) possédant plusieurs ordinateurs (14) reliés entre eux par un canal de transmission (12). Chaque ordinateur communique avec le canal par l'intermédiaire d'un dispositif de sécurité (16) qui chiffre et déchiffre les données. Ce dispositif utilise un paquet de clés réparties sur tout le réseau, paquet d'où une nouvelle clé est dérivée grâce à l'utilisation du processus de chiffrement dans le dispositif. Le processus de chiffrement fait appel à une séquence de données ou 'phrase secrète' particulière à chaque domaine, pour que la clé produite dans ce domaine soit également particulière à ce domaine. La clé est modifiée au fur et à mesure que le chiffrement avance et jusqu'à l'achèvement de la transmission des données. Chaque dispositif produit périodiquement une nouvelle clé pour qu'elle soit distribuée dans le réseau.
PCT/CA1992/000486 1991-11-08 1992-11-09 Appareil et procede cryptographiques pour reseau de transmission de donnees WO1993009627A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US78927591A 1991-11-08 1991-11-08
US07/789,275 1991-11-08

Publications (1)

Publication Number Publication Date
WO1993009627A1 true WO1993009627A1 (fr) 1993-05-13

Family

ID=25147142

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1992/000486 WO1993009627A1 (fr) 1991-11-08 1992-11-09 Appareil et procede cryptographiques pour reseau de transmission de donnees

Country Status (3)

Country Link
AU (1) AU2912692A (fr)
CA (1) CA2123199A1 (fr)
WO (1) WO1993009627A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995012264A1 (fr) * 1993-10-25 1995-05-04 Koninklijke Ptt Nederland N.V. Dispositif de traitement de paquets de donnees
FR2717021A1 (fr) * 1994-03-04 1995-09-08 Sagem Procédé de sécurisation de la transmission de données numériques entre abonnés d'un réseau de transmission par paquets.
FR2717972A1 (fr) * 1994-03-28 1995-09-29 Sagem Procédé de transmission de données numériques entre abonnés d'un réseau de transmission par paquets.
EP0642246A3 (fr) * 1993-09-08 1995-12-13 Hitachi Ltd Méthode de communication de réseau et système de réseau.
WO1999033224A1 (fr) * 1997-12-19 1999-07-01 British Telecommunications Public Limited Company Communications de donnees
EP1382056A4 (fr) * 2001-04-07 2007-06-20 Telehublink Corp Procedes et systemes permettant de proteger les informations transmises entre des dispositifs de communication
WO2007096014A3 (fr) * 2006-02-21 2007-10-11 Siemens Ag Procédé pour sécuriser de manière cryptographique une liaison entre deux partenaires de communication

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835492A (en) * 1993-09-08 1998-11-10 Hitachi, Ltd. Network for mutually connecting computers and communicating method using such network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
IEEE COMMUNICATIONS MAGAZINE. vol. 23, no. 9, September 1985, US pages 41 - 46 D.M.BALENSON 'AUTOMATED DISTRIBUTION OF CRYPTOGRAPHIC KEYS USING THE FINANCIAL INSTITUTION KEY MANAGEMENT STANDARD' *
SHAIN M.: "SECURITY IN ELECTRONIC FUNDS TRANSFER: ÖMESSAGE INTEGRITY IN MONEY TRANSFER AND BOND SETTLEMENTS THROUGH GE INFORMATION SERVICES' GLOBAL NETWORK.", COMPUTERS & SECURITY., ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM., NL, vol. 08., no. 03., 1 May 1989 (1989-05-01), NL, pages 209 - 221., XP000071441, ISSN: 0167-4048, DOI: 10.1016/0167-4048(89)90104-1 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100326864B1 (ko) * 1993-09-08 2002-06-22 가나이 쓰도무 네트워크통신방법및네트워크시스템
EP0642246A3 (fr) * 1993-09-08 1995-12-13 Hitachi Ltd Méthode de communication de réseau et système de réseau.
NL9301841A (nl) * 1993-10-25 1995-05-16 Nederland Ptt Inrichting voor het bewerken van datapakketten.
WO1995012264A1 (fr) * 1993-10-25 1995-05-04 Koninklijke Ptt Nederland N.V. Dispositif de traitement de paquets de donnees
AU679798B2 (en) * 1993-10-25 1997-07-10 Koninklijke Kpn N.V. Device for processing data packets
US5870479A (en) * 1993-10-25 1999-02-09 Koninklijke Ptt Nederland N.V. Device for processing data packets
FR2717021A1 (fr) * 1994-03-04 1995-09-08 Sagem Procédé de sécurisation de la transmission de données numériques entre abonnés d'un réseau de transmission par paquets.
FR2717972A1 (fr) * 1994-03-28 1995-09-29 Sagem Procédé de transmission de données numériques entre abonnés d'un réseau de transmission par paquets.
WO1999033224A1 (fr) * 1997-12-19 1999-07-01 British Telecommunications Public Limited Company Communications de donnees
US6996722B1 (en) 1997-12-19 2006-02-07 British Telecommunications Public Limited Company Data communications
US7209560B1 (en) 1997-12-19 2007-04-24 British Telecommunications Public Limited Company Data communications
EP1382056A4 (fr) * 2001-04-07 2007-06-20 Telehublink Corp Procedes et systemes permettant de proteger les informations transmises entre des dispositifs de communication
US7430292B2 (en) 2001-04-07 2008-09-30 Telenublink Corporation Methods and systems for securing information communicated between communication devices
WO2007096014A3 (fr) * 2006-02-21 2007-10-11 Siemens Ag Procédé pour sécuriser de manière cryptographique une liaison entre deux partenaires de communication

Also Published As

Publication number Publication date
AU2912692A (en) 1993-06-07
CA2123199A1 (fr) 1993-05-13

Similar Documents

Publication Publication Date Title
US5081678A (en) Method for utilizing an encrypted key as a key identifier in a data packet in a computer network
US4322576A (en) Message format for secure communication over data links
US5297208A (en) Secure file transfer system and method
US4172213A (en) Byte stream selective encryption/decryption device
AU629641B2 (en) Teleconferencing method for a secure key management system
US5301247A (en) Method for ensuring secure communications
US4160120A (en) Link encryption device
US4159468A (en) Communications line authentication device
US4888801A (en) Hierarchical key management system
EP1188270B1 (fr) Synchronisation des codes des sessions
US5751812A (en) Re-initialization of an iterated hash function secure password system over an insecure network connection
US4924513A (en) Apparatus and method for secure transmission of data over an unsecure transmission channel
US4206315A (en) Digital signature system and apparatus
US5199072A (en) Method and apparatus for restricting access within a wireless local area network
EP1619843A1 (fr) Système sécurisé de courrier électronique
JPH05227152A (ja) 機密通信リンクを確立する方法および装置
WO2000049764A1 (fr) Systeme d'authentification de donnees a blocs d'integrite cryptes
AU2423601A (en) Methods and apparatus for selective encryption and decryption of point to multi-point messages
HK1007261B (en) Teleconferencing method for a secure key management system
US5442702A (en) Method and apparatus for privacy of traffic behavior on a shared medium network
US4811394A (en) Variable starting state scrambling circuit
US5737422A (en) Distributed data processing network
WO1993009627A1 (fr) Appareil et procede cryptographiques pour reseau de transmission de donnees
JPH0637750A (ja) 情報転送方式
EP0360478B1 (fr) Architecture de commutation par paquets réalisant le chiffrage des paquets

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA JP KR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)

Free format text: KR

WWE Wipo information: entry into national phase

Ref document number: 2123199

Country of ref document: CA

122 Ep: pct application non-entry in european phase