Embodiments of the invention relate to security in electronic systems. More particularly, embodiments of the invention relate to techniques for shared key encryption for use with two or more electronic systems.
Many techniques currently exist to exchange information between electronic devices in a secure manner. One common technique is the use of public/private key pairs. A public key infrastructure (PKI) allows users of electronic systems to securely exchange information using an unsecured network such as, for example, the Internet. A PKI operates using a private and public key pair that is exchanged using a trusted authority.
One disadvantage to the current PKI techniques is that one or more third-party authorities (e.g., certificate authority, registration authority) as well as public directories are required. Maintenance of this infrastructure can be complex. Further, implementation of PKI protocols on an endpoint with limited resources may be impractical.
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.
In the following description, numerous specific details are set forth. However, embodiments of the invention may be practiced without these specific details. In other instances, well-known circuits, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
Described herein are techniques and architectures that allow two electronic devices to derive a shared keystream from a shared secret. In one embodiment, each of the electronic devices generates a random number and transmits the random number to the other electronic device. Each electronic device may generate value by performing a hash on the shared secret and the two random numbers. The hash value may be used to generate a shared keystream.
The example of
The description herein refers to two random numbers. In one embodiment, the two random numbers are generated by known random number generators and are not necessarily random in the pure mathematical sense. However, the numbers are sufficiently random to provide security using the techniques described herein.
First electronic device 200 and second electronic device 250 may be separate execution environments, for example, two mobile computer systems or different execution environments in a single electronic device. In one embodiment, the two execution environments use a common block cipher encryption algorithm, for example, AES and use a common cryptographic hash algorithm, for example, SHA-1.
AES is the Advanced Encryption Standard, which is an encryption technique that is described in greater detail in Federal Information Processing Standard 197, approved on Dec. 6, 2001 and available from the United States Commerce Department. SHA-1 is a secure hash function that produces a hash that is 160 bits long and in commonly used in the art. Subsequent hash functions, for example, SHA-2 may also be used. While specific algorithms (AES and SHA-1) are cited here, other comparable algorithms may be used so long as both first electronic device 200 and second electronic device 250 use the same algorithms.
In order to engage in secure communications, first electronic device 200 and second electronic device 250 share a secret, labeled SS in
In response to receiving the random numbers each of first electronic device 200 and second electronic device 250 have SS, RA and RB. Each device may perform a hash operation on SS, RA and RB. The hash may be performed, for example, using SHA-1, SHA-2 or another hash algorithm. The result of the operation, Z, may be used to generate the shared keystream.
In one embodiment, in order to generate the keystream, the block cipher (e.g., AES) may be used in counter mode, which turns a block cipher into a stream cipher. The details of counter mode are known in the art and may require a key with an initialization vector. In one embodiment, Z may be split into two components that are used for the key and the initialization vector. In this way, through use of the counter mode, a shared keystream of arbitrary size may be generated between first electronic system 200 and second electronic system 250.
For example, using 128-bit AES, SHA-1 and AES counter mode:
Z=SHA-1(SS, RA, RB)
where Z is a 160-bit result. The first 128 bits from Z may be used as the shared key, K, and the last 32 bits of Z may be used as the most significant bits of the initialization vector IVEC. These numbers are used to seed the AES counter mode that may be used to generate a keystream of arbitrary length.
Thus, the technique described with respect to
Electronic system 300 includes bus 305 or other communication device to communicate information, and processor 310 coupled to bus 305 that may process information. While electronic system 300 is illustrated with a single processor, electronic system 300 may include multiple processors and/or co-processors. Electronic system 300 further may include random access memory (RAM) or other dynamic storage device 320 (referred to as main memory), coupled to bus 305 and may store information and instructions that may be executed by processor 310. Main memory 320 may also be used to store temporary variables or other intermediate information during execution of instructions by processor 310.
Electronic system 300 may also include read only memory (ROM) and/or other static storage device 330 coupled to bus 305 that may store static information and instructions for processor 310. Data storage device 340 may be coupled to bus 305 to store information and instructions. Data storage device 340 such as a magnetic disk or optical disc and corresponding drive may be coupled to electronic system 300.
Electronic system 300 may also be coupled via bus 305 to display device 350, such as a cathode ray tube (CRT) or liquid crystal display (LCD), to display information to a user. Alphanumeric input device 360, including alphanumeric and other keys, may be coupled to bus 305 to communicate information and command selections to processor 310. Another type of user input device is cursor control 370, such as a mouse, a trackball, or cursor direction keys to communicate direction information and command selections to processor 310 and to control cursor movement on display 350.
Electronic system 300 further may include network interface(s) 380 to provide access to a network, such as a local area network. Network interface(s) 380 may include, for example, a wireless network interface having antenna 385, which may represent one or more antenna(e). Network interface(s) 380 may also include, for example, a wired network interface to communicate with remote devices via network cable 387, which may be, for example, an Ethernet cable, a coaxial cable, a fiber optic cable, a serial cable, or a parallel cable.
In one embodiment, network interface(s) 380 may provide access to a local area network, for example, by conforming to IEEE 802.11b and/or IEEE 802.11g standards, and/or the wireless network interface may provide access to a personal area network, for example, by conforming to Bluetooth standards. Other wireless network interfaces and/or protocols can also be supported.
IEEE 802.11b corresponds to IEEE Std. 802.11b-1999 entitled “Local and Metropolitan Area Networks, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Higher-Speed Physical Layer Extension in the 2.4 GHz Band,” approved Sep. 16, 1999 as well as related documents. IEEE 802.11g corresponds to IEEE Std. 802.11g-2003 entitled “Local and Metropolitan Area Networks, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 4: Further Higher Rate Extension in the 2.4 GHz Band,” approved Jun. 27, 2003 as well as related documents. Bluetooth protocols are described in “Specification of the Bluetooth System: Core, Version 1.1,” published Feb. 22, 2001 by the Bluetooth Special Interest Group, Inc. Associated as well as previous or subsequent versions of the Bluetooth standard may also be supported.
In addition to, or instead of, communication via wireless LAN standards, network interface(s) 380 may provide wireless communications using, for example, Time Division, Multiple Access (TDMA) protocols, Global System for Mobile Communications (GSM) protocols, Code Division, Multiple Access (CDMA) protocols, and/or any other type of wireless communications protocol.
Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
While the invention has been described in terms of several embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described, but can be practiced with modification and alteration within the spirit and scope of the appended claims. The description is thus to be regarded as illustrative instead of limiting.