1. Field of the Invention
The present invention relates to a communication technology, and it particularly relates to a base station apparatus for transmitting or receiving a signal containing predetermined information.
2. Description of the Related Art
A drive assist system has been under investigation. This drive assist system provides road information gained through a road-to-vehicle communication in an effort to prevent collision accidents of vehicles on a sudden encounter at an intersection and relieve the traffic jam or provides intersection information. Also, the drive assist system mutually provides driving information on vehicles through an inter-vehicle communication. In the road-to-vehicle communication, information on conditions at an intersection is communicated between a roadside unit and an in-vehicle unit. Such a road-to-vehicle communication requires installation of roadside units in an intersection or roadside, which means a great cost of time and money. In contrast to this, the inter-vehicular communication, in which information is communicated between in-vehicle units, has no need for installation of roadside units. In that case, current position information is detected in real time by GPS (Global Positioning System) or the like and the positional information is exchanged between the in-vehicle units. Thus it is determined on which of the roads leading to the intersection the driver's vehicle and the other vehicles are located.
The wireless communications are more susceptible to the interception of communications than the wired communications and therefore the wireless communications have difficulty in ensuring the secrecy of communication contents. Also, when equipment is to be controlled remotely via a network, an unauthorized action may possibly be taken by a fake third party. In order to secure the secrecy of communication contents in the wireless communications, it is required that the communication data be encrypted and the keys used for encryption be updated on a regular basis. When an encryption key is to be updated, network apparatuses are each, for example, in an initial state where only data encrypted with an old encryption key prior to the updating can be transmitted and received.
Then, each apparatus transmits from this initial state to a state where data encrypted with both the old encryption key and a newly updated encryption key can be transmitted and where the operation thereof is unknown as to the transmission and the receiving of data encrypted with the new encryption key. Further, each apparatus transits to a state where the data encrypted with both the old encryption key and the new encryption can be transmitted and received and where the operation concerning the transmission and the receiving of the data encrypted with the new encryption key has been determined. Finally, each apparatus transmits in sequence to a state where only data encrypted with the new encryption key after the completion of the updating of the key can be transmitted and received.
When a wireless LAN is applied to the inter-vehicular communication, a need arises to transmit information to a large indefinite number of terminal apparatuses, and therefore it is desirable that signals be sent by broadcast. Yet, at an intersection or like places, an increase in the number of vehicles, that is, the number of terminal apparatuses, is considered to cause an increase in the collisions of the packets therefrom. In consequence, data contained in the packets may not be transmitted to the other terminal apparatuses. If such a condition occurs in the inter-vehicular communication, then the objective of preventing collision accidents of vehicles on a sudden encounter at an intersection will not be attained. Further, when the road-to-vehicle communication is performed in addition to the inter-vehicular communication, the mode of communication becomes diversified. In such a case, it is required that the mutual effect between the road-to-vehicle communication and the inter-vehicular communication be reduced.
When the key for encryption is to be updated, the transition of a plurality of states used to be easy because the unicast communication was premised. When the broadcast communication is to be used, it is difficult to use a common encryption key if there are terminal apparatuses of different states. Although the traffic increases for the purpose of distributing a new encryption key, it is desired that the deterioration of frequency usage efficiency be suppressed. While there are terminal apparatuses that can use the new encryption key, there are those which cannot use the new encryption key. As a result, it is difficult to have a new encryption key used by and applicable to all of the terminal apparatuses. At the same time, a new encryption key is desirable for the improvement of the security of the communication system.
The present invention has been made in view of the foregoing circumstances, and a purpose thereof is to provide a technology of using an encryption key suited to the broadcast communications.
A base station apparatus according to one embodiment of the present invention is a base station apparatus for controlling communications between terminal apparatuses each of which is to broadcast a packet to which a digital signature generated by a symmetric key in a symmetric key cryptosystem is appended, and the base station apparatus includes: a storage unit configured to store a symmetric key table that indicates a plurality of kinds of symmetric keys usable for the communications between the terminal apparatuses; a receiver configured to receive the packet from a terminal apparatus; a verification unit configured to verify a version of the symmetric key table containing a symmetric key by which to generate the digital signature appended to the packet received by said receiver; a detector configured to perform detection processing of detecting that the version of the symmetric key table verified by said verification unit is older than the version of the symmetric key table stored in the storage unit; generator configured to generate a packet that stores the symmetric key table stored in the storage unit, when the number of detections by said detector is a predetermined number or above in a unit time; and a broadcasting unit configured to broadcast the packet generated by said generator.
Optional combinations of the aforementioned constituting elements, and implementations of the invention in the form of methods, apparatuses, systems, recording media, computer programs and so forth may also be practiced as additional modes of the present invention.
Embodiments will now be described, by way of example only, with reference to the accompanying drawings which are meant to be exemplary, not limiting, and wherein like elements are numbered alike in several Figures, in which:
The invention will now be described by reference to the preferred embodiments. This does not intend to limit the scope of the present invention, but to exemplify the invention.
The present invention will be outlined before it is explained in detail. Exemplary embodiments of the present invention relate to a communication system that carries out not only an inter-vehicular communication between terminal apparatuses mounted on vehicles but also a road-to-vehicle communication from a base station apparatus installed in an intersection and the like to the terminal apparatuses. As the inter-vehicular communication, a terminal apparatus transmits, by broadcast, a packet in which the information such as the traveling speed and position of the vehicle is stored (note that the transmission of packet(s) by broadcast is hereinafter called “broadcasting”, “being broadcast” or “by broadcast” also). And the other terminal apparatuses receive the packets and recognize the approach or the like of the vehicle based on the data. As the road-to-vehicle communication, a base station apparatus transmits, by broadcast, a packet in which the intersection information, the traffic jam information, the security information, and the like are stored. For simpler explanation, the information contained in the packet used for the inter-vehicular communication and the road-to-vehicle communication will be hereinafter generically referred to as “data”.
The intersection information includes information on conditions at an intersection such as the position of the intersection, images captured of the intersection, where the base station apparatus is installed, and positional information on vehicles at or near the intersection. A terminal apparatus displays the intersection information on a monitor, recognizes the conditions of vehicles at or near the intersection based on the intersection information, and conveys to a user the presence of other vehicles and pedestrians for the purpose of preventing collision due to a right turn or a left turn at a sudden encounter at the intersection and the like so as to prevent the accidents. The traffic jam information includes information concerning the congestion situation near the intersection, where the base station apparatus is installed, and the information concerning road repairing and accidents that have happened. Based on such information, how much the road ahead may be congested is conveyed to the user or any possible detour is presented thereto. The security information includes information concerning the protection of data such as provision of a symmetric key table. Its detail will be discussed later.
To prevent the spoofing, use of a false identity and the like in such communications, digital signatures (digital signatures) are used. An encryption key is used to generate a digital signature. In the communication system according to the present embodiment, a symmetric key is used as an encryption key in consideration of the processing load. Also, a plurality of symmetric keys are used for the purpose of reducing the leakage risk of symmetric key. Each symmetric key is managed through each key ID. A plurality of symmetric keys are put altogether in a symmetric key table, and the version of the symmetric key table is managed through their table IDs. Further, each symmetric key in the key table is managed through the symmetric key ID. Accordingly, each key ID contains a table ID and a symmetric key ID. The encryption having defined in this manner, the spoofing can be prevented and the increase in the processing amount and the degradation in frequency usage efficiency are suppressed.
As shown in
A packet to which a digital signature generated with a symmetric key in a symmetric key cryptosystem is attached broadcasts in this communication system 100. The digital signature is a digital signature that is to be attached to an electromagnetic record such as data contained in the packet. This corresponds to a seal or signature in a paper document and is mainly used to authenticate a person's identity and to prevent the forgery and falsification. More specifically, when there is a person recorded in a document as a preparer of the document, whether the document is surely prepared by the person recorded in the document or not is certified, in the case of paper documents, by the signature or seal of the preparer. Since, however, the seal cannot be directly pressed against the electronic document or the signature cannot be written in the document, the digital signature serves its purpose of certifying this. To produce such digital signature, encryption is used.
A digital signature complying with a public key encryption scheme is effective as the digital signature. More specifically, RSA, DSA, ECDSA and the like are used as methods based on the public key encryption scheme. The digital signature scheme (digital signature scheme) is comprised of key generation algorithm, a signing algorithm, and a signature verifying algorithm. The key generation algorithm corresponds to an advance preparation of a digital signature. The key generation algorithm outputs a public key and a secret key (private key) of the user. A different random number is selected every time the key generation algorithm is executed and therefore a pair of a public key and a secret key is assigned to each user. Each user keeps the secret key, whereas the public key is open to the public. The public key is open to the public in the form of a public key certificate to which a digital signal is attached, wherein the public key certificate is certified by a certification authority (not shown), which is a third-party institution.
A user who has signed the signature is called an authorized signatory of a signed document. When a signatory is to prepare a signed document using a signing algorithm, the signatory enters its secret key (private key) together with messages. Since the secret key of the signatory is only known to the signatory himself/herself, the secret key serves itself as a means for identifying the preparer of the message to which the digital signature has been attached. A user, namely a verifier, who has received the message to which the public key certificate and the digital signature have been attached, verifies whether this signature is valid or not, by the use of the signature verifying algorithm. In so doing, the verifier enters the information of the received public key certificate and the public key issued by the certificate authority into the signature verifying algorithm so as to verify the public key of the signatory. The signature verifying algorithm determines whether the public key of the signatory is valid or not. As the validity has been determined, the verifier enters the message, to which the received signature has been attached, and the public key of the signatory into the signature verifying algorithm. The signature algorithm determines if the message has been surely prepared by the user and then outputs its result. Such the above-described arrangement for making the key public is called PKI (Public Key Infrastructure).
The processing load of such a public key encryption scheme is large in general. Near an intersection, for example, the packets sent from 500 terminal apparatuses 14 may have to be processed during 100 msec period, for example. Also, about 100 bytes of data are stored in the packets broadcast from the terminal apparatus mounted on the vehicle 12. In contrast to this, about 200 bytes are required for the public key certificate and the digital signature, so that the transmitting efficiency may be significantly reduced. Also, the amount of computation for the verification of a digital signature in the public key scheme is large. Accordingly, if the packets sent from 500 terminal apparatuses 14 are to be processed during 100 msec period, a sophisticated encryption computing apparatus or controller will be required, thereby increasing the cost of the terminal apparatuses. In order to cope with this problem, the digital signature with the symmetric key cryptosystem comes into service. In the symmetric key cryptosystem, the same key used for the encryption is used as a decryption key. Sharing a key in advance between a receiving side and a transmitting side is required in the symmetric key scheme. Thus, a decryption key is known to a receiving-side terminal apparatus and therefore the certificate of the key is no longer required. As a result, the degradation of transmission efficiency is suppressed as compared with when the public key encryption scheme is used. Also, the processing amount for the symmetric key cryptosystem is smaller than that for the public key encryption scheme. A typical method used for the symmetric key cryptosystem is DES and AES (Advanced Encryption standard). In the communication system 100, the symmetric key cryptosystem is used as the encryption scheme on account of the transmission load and the processing load. While the digital signature here is called the “digital signature with the public encryption scheme”, the symmetric key cryptosystem is called “message authentication”. In such a case, a message authentication code (MAC) is attached to the message instead of the signature. A typical method used for MAC is CBC-MAC (Cipher Block Chaining MAC).
As mentioned earlier, a plurality of symmetric keys are used for the purpose of reducing the leakage risk of symmetric key. In the communication system 100, the symmetric keys are adapted to the version upgrade of the symmetric keys managed through the table IDs. The symmetric keys are upgraded in a manner such that the base station apparatus 10 stores a new symmetric key table in the packets and then broadcasts the packets in which the new symmetric key table has been stored. Since an effective date/time and a period of validity are specified in the symmetric key table, the symmetric key table is broadcast before this new date/time goes into effect.
The RF unit 22 performs a frequency conversion on the baseband packet inputted from the modem unit 24 and thereby generates a radiofrequency packet as a transmission processing. Further, the RF unit 22 transmits, through the antenna 20, the radiofrequency packet in a road-to-vehicle transmission period. The RF unit 22 also includes a PA (Power Amplifier), a mixer, and a D-A converter.
The modem unit 24 demodulates the radiofrequency packet fed from the RF unit 22, as a receiving processing. Further, the modem unit 24 outputs a MAC frame obtained from the demodulation result, to the MAC frame processing unit 26. Also, the modem unit 24 modulates the data fed from the MAC frame processing unit 26, as a transmission processing. Also, the modem unit 24 modulates the MAC frame fed from the MAC frame processing unit 26, as a transmission processing. Further, the modem unit 24 outputs the modulation result to the RF unit 22 as a baseband packet. It is to be noted here that the communication system 100 is compatible with the OFDM (Orthogonal Frequency Division Multiplexing) modulation scheme and therefore the modem unit 24 performs FFT (Fast Fourier Transform) as a receiving processing and performs IFFT (Inverse Fast Fourier Transform) as a transmission processing also.
As a receiving processing, the MAC frame processing unit 26 retrieves the secure frame from the MAC frame fed from the modem unit 24 and outputs the secure frame to the verification unit 40. As a transmission processing, the MAC frame processing unit 26 adds the MAC header, the LLC header and the information header to the secure frame fed from the verification unit 40, generates a MAC frame, and outputs the MAC frame to the modem unit 24. Also, the timing control is performed so that the packets sent from the other base station apparatuses and terminal apparatuses do not collide with each other.
The verification unit 40 reads (interprets) the secure frame fed from the MAC frame processing unit 26 and outputs the data to the processing unit 28 as a receiving processing. Also, the verification unit 40 receives the data from the processing unit 28 and generates a secure frame and then outputs the secure frame to the MAC frame processing unit 26 as a transmission processing. Since the symmetric key cryptosystem is used in the communication system 100, the encryption unit 42 creates and verifies a digital signature and encrypts and decrypts the data with the symmetric key scheme. More specifically, when the message data type is data with signature, the digital signature is created at the time when the secure frame is created whereas the digital signature is verified at the time when the secure frame is read. Also, when the message data type is encrypted data, the encryption is done at the time when the secure frame is created whereas the data is decrypted at the time when the secure frame is read.
The storage unit 44 stores a symmetric key table holding a plurality of symmetric keys usable by the communication system 100. A plurality of different versions may be available for the symmetric key table. In such a case, they are managed through the table IDs. In
When generating the secure frame, the verification unit 40 extracts a symmetric key by referencing the storage unit 44. For example, the effective date/time is defined in each symmetric key table as “NotBefore”, and the MAC frame processing unit 26 selects a symmetric key table based on the present time. The verification unit 40 selects, from among the symmetric key tables in use, a most current symmetric key table whose effective date/time indicated in “NotBefore” is the latest. Further, the verification unit 40 selects a symmetric key in the selected symmetric key table. This selection may be made at random or according to the identification number assigned to the base station apparatus 10. If the data format of the message type is data with signature, the encryption unit 42 of the verification unit 40 will compute a digital signature for the payload header and the payload by the use of the selected symmetric key. If the data format of the message type is encrypted data, the payload and the signature will be encrypted by the encryption unit 42. If the data format of the message type is plaintext data, the verification unit 40 will output the generated secure frame to the MAC frame processing unit 26 as it is. If the secure frame is to be generated by the use of the data received from the MAC frame processing unit 26, the data type of the message type will be set to the application data (=0).
When reading the secure frame, the verification unit 40 references the key ID of the secure frame received from the MAC frame processing unit 26 and obtains a table ID and a symmetric key ID of a symmetric key to be used. Then, the verification unit 40 references the storage unit 44 and extracts a symmetric key identified by the table ID and the symmetric key ID. Further, if the data format of the message type of the secure frame received from the MAC frame processing unit 26 is data with signature, the verification unit 40 will use the extracted symmetric key and verify the validity of the signature. More precisely, the digital signature for the payload header and the payload is computed at the encryption unit 42, and the computed value is compared against the value of the digital signature stored in the signature of the secure frame received from the MAC frame processing unit 26. If the two values of the signatures agree with each other, it will be determined that the electronic signal is valid and that the information contained in the secure frame is information sent from a proper base station apparatus 10 or terminal apparatus 14, and the information will be outputted to the MAC frame processing unit 26. If the two values of the signatures do not agree with each other, it will be determined that the digital signature is not valid, and therefore the data will be discarded. Also, if the data format of the message type is encrypted data, the payload and the signature will be decrypted at the encryption unit 42. Then, if the signature has a predetermined value, it will be determined that the data extracted from the secure frame has been normally decrypted, and the data extracted from the secure frame will be outputted to the MAC frame processing unit 26. If, however, the signature does not have the predetermined value, the data will be discarded. The reason why an object to be encrypted is signature is as follows. It is because, as described earlier, a predetermined value is stored in the signature and is to be encrypted and therefore the signature has a function in which whether the decryption has been performed normally at decryption or not is checked. If such a check function as this is not to be implemented, there is no need to encrypt the signature. If the data format of the message type is plaintext data, the data extracted will be outputted to the MAC frame processing unit 26 without any preconditions. Although, in this exemplary embodiment, two digital signatures, which are the digital signature stored in the signature of the secure frame and the computed digital signature for the payload header and the payload, are compared with each other, this should not be considered as limiting. The digital signatures are verified according to the signature verifying algorithm of the digital signature scheme employed.
Further, the verification unit 40 generates a secure frame containing the symmetric key table stored in the storage unit 44. At this time, the data type of the message type is set to the maintenance data (=1). The symmetric key table stored in the storage unit 44 is to be broadcast before the effective date/time and will be broadcast after the effective date/time. The verification unit 40 selects a symmetric key table to which a table ID, indicating that said table is to be broadcast, is attached, and generates a secure frame in which the selected symmetric key table is stored. In this case, the data format of the message type is set to the encryption data. The thus generated secure frame is outputted to the MAC frame processing unit 26 as it is.
The detector 46 receives the digital signature, which has been determined to be valid at the verification unit 40, or the table ID of the symmetric key table used for the encryption. This corresponds to verifying the version information of the symmetric key table contained in the symmetric key used in the received packet. Also, the detector 46 may acquire the identification number of a terminal apparatus that has transmitted said packet.
The detector 46 compares the thus received table ID with the table ID of the most current symmetric key table stored in the storage unit 44. If the detector 46 detects that the table ID of the former does not agree with the table ID of the latter, the detector 46 will count the number of detections for each table ID. If any of the number of detections detected thereby is a predetermined number of times or above in a unit time, the detector 46 will determine the broadcasting of the latest symmetric key table. Here, the number of identification numbers for a terminal apparatus may also be counted. This is because the number of detections in the unit time is to be corrected in consideration of the case where a plurality of packets are received from the same terminal apparatus. Also, the determination may be made in consideration of a detection rate in a predetermined length of time.
As the broadcasting thereof is determined, the verification unit 40 generates a secure frame in which the symmetric key table to be broadcast, namely the latest symmetric key table in use, is encrypted with the symmetric key of the symmetric key table identified by the table ID for which the broadcasting has been determined after the counting, and then broadcasts the thus generated secure frame as a packet.
Although a symmetric key of the symmetric key table in use recorded in the storage unit 44 is used when the symmetric key table is broadcast, another symmetric key prepared for the broadcasting of the symmetric key table or the symmetric key table itself may be used instead. This corresponds to using a table master key. Also, the encryption may be performed with a symmetric key or public key sent from the terminal apparatus 14. In this case, the terminal apparatus 14 that can receive the symmetric key table is restricted to the terminal apparatus 14 that has transmitted the key used for the encryption. Further, the terminal apparatuses that are to transmit the symmetric key table may be restricted to a pre-selected one. For example, the symmetric key table is encrypted with the terminal ID with which to identify the terminal apparatus, in addition to a key of the symmetric key table used by the terminal apparatus or the table master key. As another example, not only a transmission key is encrypted with the terminal ID with which to identify the terminal apparatus but also the symmetric key table is encrypted with the transmission key, in addition to a key of the symmetric key table used by the terminal apparatus or the table master key. As a result, the transmission key and the symmetric key table encrypted with the transmission key are broadcast. Thereby, the communication cost and the processing load can be reduced even when the symmetric key table is transmitted individually.
The sensor communication unit 34 is connected to a not-shown internal network. Connected to the internal network are devices, for gathering the information on the intersections, such as a camera and a laser sensor (not shown) installed in each intersection. The devices, for gathering the information on the intersection, connected to the sensor communication unit 34 are generically referred to as “sensor” or “sensors”. The sensor communication unit 34 collects information obtained from the sensors installed in each intersection, via the network. The network communication unit 32 is connected to the not-shown network.
The processing unit 28 processes the data received from the verification unit 40. The processing result may be directly outputted to the network via the network communication unit 32 or may be accumulated internally and then outputted to the not-shown network at regular intervals. Also, the processing unit 28 generates data to be sent to the terminal apparatus 14, based on the road information (e.g., road repairing, congestion situation) received from the not-shown network via the network communication unit 32 and the information on the intersections gained from the not-shown sensors via the sensor communication unit 34. Also, upon receipt of a new symmetric key table via the network communication unit 32, the processing unit 28 writes the new symmetric key to the storage unit 44 of the verification unit 40 and conveys the period of time of the broadcasting to the verification unit 40. The control unit 30 controls the entire processing of the base station apparatus 10.
These structural components may be implemented hardwarewise by elements such as a CPU, memory and other LSIs of an arbitrary computer, and softwarewise by memory-loaded programs or the like. Depicted herein are functional blocks implemented by cooperation of hardware and software. Therefore, it will be obvious to those skilled in the art that the functional blocks may be implemented by a variety of manners including hardware only or a combination of both.
Similar to the verification unit 40, the verification unit 62 generates and reads (interprets) a secure frame. If the payload of the received secure frame is security information, namely if it contains a symmetric key table, and if the symmetric key table is not yet recorded in the storage unit 66, the verification unit 62 will have the storage unit 66 store the received symmetric key table therein. If there is free space in the storage unit 66, the received symmetric key table will be additionally recorded directly in the storage unit 66. If the storage unit 66 is full, a table whose effective date/time is the oldest in the symmetric key tables stored in the storage unit 66 will be rewritten by the received symmetric key table. Note that the verification unit 62 does not transmit the symmetric key table stored in the storage unit 66.
The receiving processing unit 58 estimates a crash risk, an approach of an emergency vehicle, such as a fire-extinguishing vehicle and an ambulance vehicle, a congestion situation in a road ahead and intersections, and the like, based on the data received from the verification unit 62 and the information on its vehicle received from the data generator 60. If the data is image information, the data will be processed so that it can be displayed by the notification unit 70.
The notification unit 70 includes notifying means such as a monitor, a lamp, and a speaker (not shown). The approach of other vehicles 12 (not shown) and the like are conveyed to a driver, via the monitor, the lamp and the speaker, according to instructions from the receiving processing unit 58. Also, the congestion information, the image information on the intersections and the like, and other information are displayed on the monitor.
The data generator 60 includes a GPS receiver, a gyroscope, a vehicle speed sensor, and so forth all of which are not shown in
An operation regarding the transmitting/receiving of packets in the communication system 100 configured as above is now described.
If, on the other hand, a symmetric key table is to be transmitted (Y of S10), the verification unit 40 will read the symmetric key table to be transmitted, from the storage unit 44 and generate a secure frame in which the read-out symmetric key table is stored in the payload (S28). Then, a symmetric key is randomly selected from a symmetric key table corresponding to the symmetric key table that is to be transmitted. As the symmetric key is selected, the table ID of the applicable symmetric key table and the selected symmetric key ID are stored in the key ID of the secure frame. Thereafter, the secure frame containing the encrypted symmetric key table is broadcast as a packet by way of Step S24 and Step S26 (S22).
If the data format is not data with signature (N of S102), namely if the data format is encrypted data, the verification unit 62 will decrypt the data with the acquired encryption key (S106). If the data is valid (Y of S108) and if the data type is maintenance data (Y of S110) and if there is no key table (N of S112), the verification unit 62 will store the data in the storage unit 66 (S118). If the data is not valid (N of S104) or if the data is not valid (N of S108) or if there is a key table (Y of S112), the verification unit 62 will discard the data (S116). If the data type is not maintenance data (N of S110), the verification unit 62 will extract the data (S114).
By employing the exemplary embodiments of the present invention, if it is detected that a symmetric key table used in a terminal apparatus is an old version and if the number of detections is a predetermined number of times or above, a new symmetric key table will be transmitted and therefore the number of transmissions can be restricted. Also, since the number of transmissions is restricted, an increase in traffic can be suppressed. Also, since the traffic increase is suppressed, the symmetric key can be efficiently distributed in the broadcast communications. Also, if the number of terminal apparatuses that use the symmetric key of old version increases, a symmetric key table of the latest version will be broadcast and therefore the symmetric key table can be updated. Also, since the symmetric key of the latest version is used, the security can be improved.
Also, since a symmetric key is used to generate a digital signature, the processing amount can be reduced as compared with the case where a public key is used. Also, since the processing amount is reduced, the number of processable packets can be increased. Also, since a symmetric key is used to generate a digital signature, the transmission efficiency can be improved as compared with the case where a public key is used. Also, data such as positional information is not encrypted and therefore the processing amount can be reduced. On the other hand, the symmetric key table is encrypted, so that the security can be improved.
Modifications of the exemplary embodiments relate to a communication system that carries out not only an inter-vehicular communication between terminal apparatuses mounted on vehicles but also a road-to-vehicle communication from a base station apparatus installed in an intersection and the like to the terminal apparatuses. As the inter-vehicular communication, a terminal apparatus transmits, by broadcast, a packet in which the information such as the traveling speed and position of its vehicle is stored (note that the transmission of packet(s) by broadcast is hereinafter called “broadcasting”, “being broadcast” or “by broadcast” also). And the other terminal apparatuses receive the packets and recognize the approach or the like of the vehicle based on the data. As the road-to-vehicle communication, a base station apparatus broadcasts a packet in which the intersection information, the traffic jam information, the security information, and the like are stored. For simpler explanation, the information contained in the packet used for the inter-vehicular communication and the road-to-vehicle communication will be hereinafter generically referred to as “data”.
The intersection information includes information on conditions at an intersection such as the position of the intersection, images captured of the intersection, where the base station apparatus is installed, and positional information on vehicles at or near the intersection. A terminal apparatus displays the intersection information on a monitor, recognizes the conditions of vehicles at or near the intersection based on the intersection information, and conveys to a user the presence of other vehicles and pedestrians for the purpose of preventing collision due to a right turn or a left turn at a sudden encounter at the intersection and the like so as to prevent the accidents. The traffic jam information includes information concerning the congestion situation near the intersection, where the base station apparatus is installed, and the information concerning road repairing and accidents that have happened. Based on such information, how much the road ahead may be congested is conveyed to the user or any possible detour is presented thereto. The security information includes information concerning the protection of data such as provision of a symmetric key table. Its detail will be discussed later. Its detail will be discussed later.
If only a single type of symmetric key is used in the communication system 1100, a malicious user may easily obtain the symmetric key. In order to cope with this, namely in order to reduce the risk of leakage of such a key, a plurality of symmetric keys are used. Thus, in the communication system 1100, a predetermined number of symmetric keys are gathered together into a single symmetric key table. Also, a plurality of symmetric key tables are also prepared, so that they are switched thereamong as necessary. A symmetric key is identified by a table ID by which to identify a symmetric key table and a symmetric key ID by which to identify the symmetric key in the identified table. An effective date/time (“NotBefore”) is defined in the symmetric key table. Thus, a symmetric key table, which is about to newly go into effect”, may be broadcast from the base station apparatus 1010 in the road-to-vehicle communication before the effective date/time. Or this symmetric key table may be recorded beforehand in a terminal apparatus, so that the symmetric key table can be shared between terminal apparatuses or between the base station apparatus 1010 and the terminal apparatus. Note that the symmetric key table is contained in the security information.
In the communication system 1100, the data whose validity is required, namely the data such as information on its vehicle in the inter-vehicle communication, intersection information and the traffic jam information in the road-to-vehicle communication, does not undergo encryption of data itself. Instead, an electronic signal is generated with a symmetric key, and a packet in which the digital signature has been appended to the data is broadcast. The packet contains a table ID and a symmetric key ID used for the generation of the digital signature. As defined as above, the spoofing or use of a false identity is prevented. Also, for the data for which the secrecy of information is required, namely the data such as security information in the road-to-vehicle communication, a packet in which the data itself has been encrypted is broadcast. The packet contains a table ID and a symmetric key ID used for the encryption. In this manner, the authenticity and security of data are ensured and, at the same time, an increase in the processing amount and degradation in transmission load are suppressed.
The storage unit 1046 further records the table ID of a symmetric key table which has been used in the received packet. The table IDs recorded are used to identify a table ID which is used most frequency in the packet received for each unit time. Thus, the arrangement may be such that some or all of those table IDs recorded are automatically discarded according to time lapse or the limitation set regarding the number of key tables storable in the storage unit 1046.
When the secure frame is to be generated, the verification unit 1042 extracts a symmetric key by referencing the storage unit 1046. “NotBefore” is defined in each symmetric key table, and the verification unit 1042 selects one of symmetric key tables, which are already effective, based on the present date and time. Where a plurality of symmetric key tables are already effective, the verification unit 1042 selects a symmetric key table whose “NotBefore” value is the maximum, namely whose effective date/time is the most recent. If the table ID of a symmetric key table corresponds to a symmetric key table whose effective date/time is old, a predetermined number of times in a predetermined period of time, the verification unit 1042 will use, for the purpose of generating a digital signature, the symmetric key table whose effective date/time is old, instead of the symmetric key table whose effective date/time is the most recent. If there is no “NotBefore” defined, a symmetric key table which is stored most recently will preferably be used.
Further, the verification unit 1042 generates a secure frame containing the symmetric key table stored in the storage unit 1046. The symmetric key table stored in the storage unit 1046 is to be broadcast before the effective date/time and will be broadcast after the effective date/time. Thereafter, this symmetric key table will be removed from a list of what is to be broadcast (a broadcasting list), when a symmetric key table whose effective date/time is set to a future (newer) date/time. The verification unit 1042 manages the respective symmetric key tables stored in the storage unit 1046 as to whether they are to be broadcast or not (whether they are in the broadcasting list or not). The verification unit 1042 selects a symmetric key table to which a table ID, indicating that said table is to be broadcast, is attached, and generates a secure frame in which the selected symmetric key table is stored. In this case, the message type is set to the encryption data. It is assumed herein that the symmetric key table used for encryption is a symmetric key table selected from among the symmetric key tables, stored in the storage unit 1046, whose effective date/time are earlier than the effective date/time of keys of the symmetric key table which is to be broadcast. The timing of the broadcasting may be arbitrary. However, the broadcasting timing after the effective date/time may be such that the broadcast is done while said symmetric key table is not being used after the packets from the surrounding terminal apparatuses 1014 have been received.
Note that another different symmetric key may be defined for use in broadcasting the symmetric key table. Also, encryption may be performed with a symmetric key sent from a terminal apparatus 1014 or a public key. In this case, the terminal apparatus 1014 capable of receiving the symmetric key table is limited to the terminal apparatus 1014 that has sent the key used for encryption.
When it is detected by the verification unit 1062 that a symmetric key, through which a digital signature attached to the received packet is generated, is contained in a symmetric key table unrecorded in the storage unit 1066, the notification unit 1070 conveys the detection result to the driver accordingly.
An operation regarding the transmitting/receiving of packets in the communication system 1100 configured as above is now described.
Now, refer back to
If, on the other hand, the message type is encrypted data (N of S1112), the verification unit 1062 will decrypt the data with the acquired encryption key (S1116). If the data is valid (Y of S1118) and if there is no symmetric key table (N of S1120), the verification unit 1062 will extract the data (S1122). If the message type is plain text (Y of S1102), the verification unit 1062 will retrieve the data (S1122). If the storage unit 1066 does not have any key table (N of S1106) or if the signature data is not valid (N of S1114) or if the data is not valid (N of S1118), the verification unit 1062 will discard the data (S1124). If there is a symmetric key table (Y of S1120), the verification unit 1062 will store it in the storage unit 1066.
By employing this modification, a symmetric key table whose effective date/time is more recent is preferentially used, so that the security can be ensured. Also, where used are many symmetric key tables whose effective dates/times are old, a symmetric key table whose effective date/time is older is used. Thus, a symmetric key which is shared among many terminal apparatuses can be used. Also, symmetric key tables whose effective dates/times are different from each other are used. Thus, where the broadcasting communication is in use, a shared symmetric key can be used while the security is ensured.
If the message type is encrypted data (“encryption” of S1204), a symmetric key will be selected (S1210). The verification unit 1042 encrypts the payload header and the signature by the use of the selected symmetric key (S1212). Then, the encrypted secure frame is broadcast as a packet via the MAC frame processing unit 1026, the modem unit 1024, the RF unit 1022, and the antenna 1020 (S1218). If, on the other hand, a symmetric key table is to be transmitted (Y of S1200), the verification unit 1042 will read the symmetric key table to be transmitted, from the storage unit 1046 and encrypt the read-out symmetric key table with a dedicated key (S1206). The verification unit 1042 generates a secure frame containing the encrypted symmetric key table (S1208). Thereafter, similarly to the case where the message type is encrypted data, the secure frame is broadcasted as a packet by way of Step S1214 and Step S1216 (S1218).
By employing this modification, a symmetric key is used to compute the value of a digital signature, so that the processing amount can be reduced as compared with the case where a public key is used. Also, since the processing amount is reduced, the number of processable packets can be increased. Also, since a symmetric key is used to compute the value of a digital signature, the transmission efficiency can be improved as compared with the case where a public key is used. Also, data such as positional information is not encrypted and therefore the processing amount can be reduced. On the other hand, the symmetric key table is encrypted, so that the security can be improved. Also, where the broadcasting communication is in use, a common encrypted key can be used while the security is ensured.
The present invention has been described based on the exemplary embodiments. The exemplary embodiments are intended to be illustrative only, and it is understood by those skilled in the art that various modifications to constituting elements and processes as well as arbitrary combinations thereof could be further developed and that such modifications and combinations are also within the scope of the present invention.
In the exemplary embodiment of the present invention, when the detector 46 performs the detection processing for each table of the symmetric key tables and when the number of detections becomes a predetermined number or a predetermined rate or above, the latest symmetric key table in use that is effective is broadcast as a packet. However, this should not be considered as limiting and, for example, another symmetric key table that is next-newer than the symmetric key table to be detected, may be broadcast as the packet.
In the exemplary embodiments of the present invention, the communication system 100 sets the effective dates/times and the periods of validity in the symmetric key tables. However, this should not be considered as limiting and, for example, no effective date/time and period of validity may be set. In such a case, the base station apparatus 10 and the terminal apparatuses 14 always use the latest symmetric key table. By employing this modification, the size of common tables can be reduced.
Also, the terminal apparatus 14 may decrypt and verify the data with all of the symmetric key tables stored, when the packet is received. The terminal apparatus 14 conveys the result to an application. For example, the results conveyed to the application may include the fact that the verification has been successful, the fact that verification has been successful with an old symmetric key table, the fact that the verification has failed, and so forth.
In the exemplary embodiments of the present invention, the base station apparatus 10 transmits the symmetric key table. However, this should not be considered as limiting and, for example, the base station apparatus 10 may not transmit the symmetric key table at all. In such a case, a base station apparatus for use in transmitting the symmetric key tables may be provided separately from said base station apparatus 10.
In the exemplary embodiment of the present invention, when the table ID received from the verification unit 40 is older than the table ID of the latest symmetric key table stored in the storage unit 44, the detector 46 counts the number of detections. However, this should not be considered as limiting and, for example, the detector 46 may further perform the detection processing for each version of the symmetric key tables. In such a case, even if the version of the symmetric key table, whose number of detections is a predetermined number or above, is older than the version of the symmetric key table stored in the storage unit 44 by two or more generations, the MAC frame processing unit 26 may generate a packet in which the latest version of symmetric key table is stored. By employing this modification, only the latest version of symmetric key table is transmitted, so that the traffic amount can be reduced.
The features and characteristics of the present invention described in the exemplary embodiments may be defined by the following Item 1 and Item 2:
A communication apparatus including:
a storage unit configured to store a first symmetric key table and a second symmetric key table, wherein the first symmetric key table lists a plurality of symmetric keys usable in communication, and the second symmetric key table has a newer effective date/time than the effective date/time of the first symmetric key table;
a processing unit configured to produce a digital signature by use of a symmetric key included in the second symmetric key table stored in the storage unit and to generate a packet to which the digital signature is attached; and
a communication unit configured to broadcast the packet generated by the processing unit,
wherein the communication unit receives packets broadcasted from the other communication apparatuses, and
wherein the processing unit examines whether the symmetric key through which the digital signature attached to the packet received by the communication unit is generated is contained in the first symmetric key table or not, and
when the symmetric key contained in the first symmetric key table is detected a predetermined number of times or more in a predetermined period of time, the first symmetric key table instead of the second symmetric key table is used to produce the digital signature.
A communication apparatus according to Item 1, further including a notification unit configured to convey to a user to the effect that the symmetric key through which the digital signature attached to the packet received by the communication unit is generated is contained in a symmetric key table unrecorded in the storage unit, when it is detected by the processing unit that said symmetric key is contained in the symmetric key table unrecorded in the storage unit.
Number | Date | Country | Kind |
---|---|---|---|
2010-115839 | May 2010 | JP | national |
2010-124968 | May 2010 | JP | national |
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP2011/002806 | May 2011 | US |
Child | 13680918 | US |