Patent Grant
9264404
The present disclosure relates generally to communication systems and more particularly to encrypting data using time stamps.
The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent the work is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
The Institute of Electrical and Electronics Engineers (IEEE) has developed several 802.1X specifications that define security protocols to be followed by communication devices. Communication devices can exchange data securely when the security protocols are used to authenticate communications between the devices. The communication devices may be wired or wireless.
A system comprises a time stamp module, an encryption module, and a packet generator module. The time stamp module is configured to generate a time stamp for a packet. The encryption module is configured to encrypt data using the time stamp and a security key. The packet generator module is configured to generate the packet. The packet includes (i) the time stamp in a header portion of the packet, and (ii) the encrypted data in a payload portion of the packet.
In another feature, the encryption module is configured to encrypt the data using the time stamp instead of using a nonce, a packet number, or an initialization vector.
In another feature, the packet generator is configured to generate the packet without including an initialization vector field in the header portion of the packet.
In another feature, the time stamp module is configured to not repeat the time stamp for encrypting data in a subsequent packet.
In another feature, the time stamp module is configured to generate the time stamp based on a clock. The clock is synchronized with clocks of other devices in the system.
In another feature, the encryption module is configured to encrypt the data in accordance with (i) Counter mode with Cipher-block chaining Message authentication code Protocol (CCMP) or (ii) Galois/Counter Mode Protocol (GCMP) by using the time stamp instead of using a nonce, a packet number, an initialization vector.
In another feature, the time stamp module is configured to generate the time stamp in accordance with IEEE P1722 specification.
In another feature, the system further comprises a security module configured to generate the security key based on a predetermined key. The predetermined key is pre-negotiated with a receiver configured to receive the packet.
In other features, the encryption module is configured to generate a checksum based on at least one of unencrypted and encrypted portions of the packet, and the packet generator is configured to include the checksum in the packet.
In another feature, a transmitter comprises the system and a transmit module configured to transmit the packet.
In other features, a network comprises the transmitter and a receiver. The receiver includes a receive module, a security module, and a decryption module. The receive module is configured to (i) receive the packet transmitted by the transmitter, (ii) retrieve the time stamp included in the packet, and (iii) check integrity of the time stamp and authenticate the at least one of the encrypted and unencrypted portions in the packet based on the checksum. The security module is configured to generate the security key used to encrypt the data in the packet. The decryption module is configured to decrypt the data in the packet using the time stamp and the security key.
In still other features, a method comprises generating a time stamp for a packet, encrypting data using the time stamp and a security key, generating the packet, and transmitting the packet. The packet includes (i) the time stamp in a header portion of the packet, and (ii) the encrypted data in a payload portion of the packet.
In another feature, the encrypting of the data does not include using a nonce, a packet number, or an initialization vector.
In another feature, the packet does not include an initialization vector field in the header portion of the packet.
In another feature, the method further comprises not repeating the time stamp for encrypting data in a subsequent packet.
In another feature, the method further comprises generating the time stamp based on a clock synchronized with clocks of other devices configured to receive the packet.
In another feature, the method further comprises encrypting the data in accordance with (i) Counter mode with Cipher-block chaining Message authentication code Protocol (CCMP) or (ii) Galois/Counter Mode Protocol (GCMP) by using the time stamp instead of using a nonce, a packet number, or an initialization vector.
In another feature, the method further comprises generating the time stamp in accordance with IEEE P1722 specification.
In another feature, the method further comprises generating the security key based on a predetermined key. The predetermined key is pre-negotiated with a receiver configured to receive the packet.
In other features, the method further comprises generating a checksum based on at least one of unencrypted and encrypted portions of the packet, including the checksum in the transmitted packet, receiving the packet at a receiver, retrieving the time stamp included in the packet, checking integrity of the time stamp and authenticating the at least one of the encrypted and unencrypted portions in the packet based on the checksum, generating the security key used to encrypt the data in the packet, and decrypting the data in the packet using the time stamp and the security key.
Further areas of applicability of the present disclosure will become apparent from the detailed description, the claims and the drawings. The detailed description and specific examples are intended for purposes of illustration only and are not intended to limit the scope of the disclosure.
In the drawings, reference numbers may be reused to identify similar and/or identical elements.
Security protocols used to encrypt and authenticate data include Counter mode with Cipher-block chaining Message authentication code Protocol (CCMP) and Galois/Counter Mode Protocol (GCMP). Some cryptographic algorithms used in protocols such as CCMP and GCMP require a unique nonce or an initialization vector (IV) for every security key used to encrypt and authenticate data. A pair of nonce and security key is typically used to encrypt and authenticate data. Typically, every pairwise communication requires a unique initialization vector (e.g., a unique packet number or PN) or a nonce. Including a nonce or an initialization vector (IV) in a packet, however, requires providing an extra field in the packet (e.g., up to six octets). Additionally, ensuring that each nonce or initialization vector (IV) per security key is unique can be difficult.
Some protocols such as IEEE P1722, which is a layer 2 transport protocol for time-sensitive applications in bridged local area networks, provide a universally coordinated time stamp. The time stamp can be used as an initialization vector or a nonce for algorithms such as CCMP or GCMP. Attributes of coordinated time used in the time stamp provided by protocols such as IEEE P1722 ensure that any device will never send the same time stamp twice for the same security key (not counting retransmission of the same packet). For example, the time stamp may include time and date and may therefore never repeat.
Using the time stamp instead of an additional field dedicated for a nonce or an initialization vector (IV) can save many bytes of space in packet formats. Additionally, using the time stamp instead of a nonce or an initialization vector (IV) with a security key to encrypt and authenticate data can simplify the process of association between two devices by not requiring coordination of initialization vector (IV) starting points (e.g., packet number or PN starting points) between the devices. In some implementations, instead of or in addition to the time stamp, a sequence number may be used with a security key to encrypt and authenticate data.
The approach of using time stamp can be applied to both symmetric and asymmetric algorithms. Coordinated time stamps can also be used for public key exchanges such as Diffie-Hellman exchanges that require unique inputs per session. Arbitrary device-selected time stamps may also be used if the devices can ensure that the time stamps never repeat. Coordinated time stamps are preferable where the devices have already ensured that their clocks are synchronized to some degree and that successive time stamps are always different.
Throughout the present disclosure, a packet format including a packet number is used for illustrative purposes only. The teachings of the present disclosure can be extended to other protocols that use any type of serialization or sequencing (e.g., an initialization vector or IV) to transmit data securely.
The encryption module 204 encrypts the plain text using the nonce and the security key and generates encrypted data, which is also called cipher text. The encryption module 204 may also generate a message integrity check (MIC). The packet generator module 206 generates a packet including the nonce, the encrypted data, and the MIC as shown in
The key generator module 512 generates a security key for encrypting the plain text. For example, the security key may include a pairwise temporal key generated based on a pairwise master key pre-negotiated between the transmitter 500 and a receiver. The time stamp is unique for every temporal key used to encrypt data. That is, for a given temporal key, the time stamp used to encrypt one packet is not reused to encrypt another packet. In other words, for a given temporal key, the time stamp used to encrypt one packet is different than the time stamp used to encrypt another packet.
The encryption module 504 encrypts the plain text using the time stamp and the security key and generates encrypted data, which is also called cipher text. The encryption module 504 may also generate a message integrity check (MIC). The packet generator module 506 generates a packet including the time stamp, the encrypted data, and the MIC as shown in
In some implementations, the encryption module 504 may also generate a checksum or equivalent data for at least one of an unencrypted portion (e.g., the header portion) and the encrypted portions of the packet being transmitted. The checksum or the equivalent data can be included in the transmitted packet and can be used during an integrity check performed at the receiver to authenticate at least one of the unencrypted and encrypted portions of the packet being transmitted. The integrity check implicitly checks the integrity of the time stamp, thus providing a secure time stamp. Specifically, the checksum or the equivalent data includes the time stamp used to generate the transmitted packet. Accordingly, if the time stamp is tampered or breached during transmission, the integrity check of the checksum or the equivalent data fails at the receiver, and the received packet can be discarded as malicious.
Using the time stamp (and/or the sequence number) instead of an additional field dedicated for a nonce or an initialization vector (IV) frees up space in the packet. The freed up space can be utilized to pack additional data or other fields/features in the packet. Additionally, using the time stamp (and/or the sequence number) instead of a nonce or an initialization vector (IV) to encrypt data simplifies the process of association between the transmitter 500 and the receiver 600 by not requiring coordination of sequence number starting points between the transmitter 500 and the receiver 600.
The communications described in the present disclosure can be conducted in full or partial compliance with IEEE standard 802.11-2012, IEEE standard 802.16-2009, IEEE standard 802.20-2008, IEEE standard P1722, and/or Bluetooth Core Specification v4.0. In various implementations, Bluetooth Core Specification v4.0 may be modified by one or more of Bluetooth Core Specification Addendums 2, 3, or 4. In various implementations, IEEE 802.11-2012 may be supplemented by draft IEEE standard 802.11ac, draft IEEE standard 802.11ad, and/or draft IEEE standard 802.11ah.
The foregoing description is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. The broad teachings of the disclosure can be implemented in a variety of forms. Therefore, while this disclosure includes particular examples, the true scope of the disclosure should not be so limited since other modifications will become apparent upon a study of the drawings, the specification, and the following claims. As used herein, the phrase at least one of A, B, and C should be construed to mean a logical (A or B or C), using a non-exclusive logical OR. It should be understood that one or more steps within a method may be executed in different order (or concurrently) without altering the principles of the present disclosure.
In this application, including the definitions below, the term module may be replaced with the term circuit. The term module may refer to, be part of, or include an Application Specific Integrated Circuit (ASIC); a digital, analog, or mixed analog/digital discrete circuit; a digital, analog, or mixed analog/digital integrated circuit; a combinational logic circuit; a field programmable gate array (FPGA); a processor (shared, dedicated, or group) that executes code; memory (shared, dedicated, or group) that stores code executed by a processor; other suitable hardware components that provide the described functionality; or a combination of some or all of the above, such as in a system-on-chip.
The term code, as used above, may include software, firmware, and/or microcode, and may refer to programs, routines, functions, classes, and/or objects. The term shared processor encompasses a single processor that executes some or all code from multiple modules. The term group processor encompasses a processor that, in combination with additional processors, executes some or all code from one or more modules. The term shared memory encompasses a single memory that stores some or all code from multiple modules. The term group memory encompasses a memory that, in combination with additional memories, stores some or all code from one or more modules. The term memory may be a subset of the term computer-readable medium. The term computer-readable medium does not encompass transitory electrical and electromagnetic signals propagating through a medium, and may therefore be considered tangible and non-transitory. Non-limiting examples of a non-transitory tangible computer readable medium include nonvolatile memory, volatile memory, magnetic storage, and optical storage.
The apparatuses and methods described in this application may be partially or fully implemented by one or more computer programs executed by one or more processors. The computer programs include processor-executable instructions that are stored on at least one non-transitory tangible computer readable medium. The computer programs may also include and/or rely on stored data.
This claims the benefit of U.S. Provisional Application No. 61/683,448, filed on Aug. 15, 2012. The entire disclosure of the application referenced above is incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 7203962 | Moran | Apr 2007 | B1 |
| 7904725 | Pavlicic | Mar 2011 | B2 |
| 20030204734 | Wheeler | Oct 2003 | A1 |
| 20040131014 | Thompson, III | Jul 2004 | A1 |
| 20050058289 | Depta | Mar 2005 | A1 |
| 20050081039 | Lee | Apr 2005 | A1 |
| 20050187966 | Iino | Aug 2005 | A1 |
| 20060077908 | Park | Apr 2006 | A1 |
| 20060136715 | Han | Jun 2006 | A1 |
| 20060153375 | Yi | Jul 2006 | A1 |
| 20060184797 | Weis | Aug 2006 | A1 |
| 20060190723 | Benson | Aug 2006 | A1 |
| 20060239218 | Weis | Oct 2006 | A1 |
| 20070189528 | Ueda | Aug 2007 | A1 |
| 20080232595 | Pietrowicz | Sep 2008 | A1 |
| 20090204811 | Fries | Aug 2009 | A1 |
| 20090214028 | Schneider | Aug 2009 | A1 |
| 20090235349 | Lai | Sep 2009 | A1 |
| 20100023759 | Langer | Jan 2010 | A1 |
| 20100049969 | Shon | Feb 2010 | A1 |
| 20100111308 | Forsberg | May 2010 | A1 |
| 20100169645 | McGrew | Jul 2010 | A1 |
| 20100303229 | Unruh | Dec 2010 | A1 |
| 20100306527 | Huin | Dec 2010 | A1 |
| 20110138173 | Okuda | Jun 2011 | A1 |
| 20110149998 | Thompson | Jun 2011 | A1 |
| 20120008768 | Mundra | Jan 2012 | A1 |
| 20120166800 | Massicot | Jun 2012 | A1 |
| 20130007471 | Grab | Jan 2013 | A1 |
| 20130042112 | Spector | Feb 2013 | A1 |
| 20130170471 | Nix | Jul 2013 | A1 |
| 20140056307 | Hutchison | Feb 2014 | A1 |
| 20140075189 | Abraham | Mar 2014 | A1 |
| 20140173705 | Manning | Jun 2014 | A1 |
| 20140226820 | Chopra | Aug 2014 | A1 |
| 20140298035 | Tredoux | Oct 2014 | A1 |
| 20140331062 | Tewari | Nov 2014 | A1 |
| Entry |
|---|
| Whiting et al., Counter with CBC-MAC (CCM), Sep. 2003, Network Working Group, RFC: 3610. |
| Viega et al., The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP), Jun. 2005, Network Working Group, RFC: 4106. |
| McGrew et al., Use of Galios Message Authentication Code (GMAC) in IPsec ESP and AH, May 2006, Network Working Group, RFC: 4543. |
| Salowey et al., AES Galois Counter Mode (GCM) Cipher Suites for TLS, Aug. 2008, Network Working Group, RFC: 5288. |
| Morris Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, National Institute of Standards Technology, Special Publication 800-38D. |
| D. McGrew, Internet Draft, AES-GCM and AES-CCM Authenticated Encryption in Secure RPT (SRPT), Jan. 26, 2011, Network Working Group, Internet Draft. |
| David McGrew, et al., “The Galois/Counter Mode of Operation (GCM)”, May 31, 2005, NIST Modes of Operation process, p. 1-43. |
| “Specification of the Bluetooth System” Master Table of Contents & Compliance Requirements—Covered Core Package version: 4.0; Jun. 30, 2010; 2302 Pages. |
| IEEE 802.11ah; IEEE 802.11-11/0035r0; Heejung Yu, Il-gy Lee, Minho Cheng, Hun Sik Kang, Sok-kuy Lee; Dated Jan. 12, 2011; 10 Pages. |
| IEEE 802.16; IEEE Standard for Local and Metropolitan Area Networks; Part 16: Air Interface for Broadband Wireless Access Systems: IEEE Computer Society and the IEEE Microwave Theory and Techniques Society; 2009; 2082 Pages. |
| IEEE 802.20; IEEE Standard for Local and Metropolitan Area Networks; Part 20: Air Interface for Mobile Broadband Wireless Access Systems Supporting Vehicular Mobility—Physical and Media Access Control Layer Specification: IEEE Computer Society; Aug. 29, 2008; 1053 Pages. |
| IEEE P802.11, Wireless LANs, Mar. 2012, 2793 pages. |
| IEEE P802.11acTM/D2.0; Draft Standard for Information Technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements; Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications; Amendment 4: Enhancements for Very High Throughput for Operations in Bands below 6 GHz; Jan. 2012; 359 Pages. |
| IEEE P802.11ah / D1.0 (Amendment to IEEE Std 802.11REVmc / D1.1, IEEE Std 802.11ac / D5.0 and IEEE Std 802.11af / D3.0) Draft Standard for Information technology—Telecommunications and information exchange between systems Local and metropolitan area networks—Specific requirements; Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications; Amendment 6: Sub 1 GHz License Exempt Operation; Prepared by the 802.11 Working Group of the LAN/MAN Standards Committee of the IEEE Computer Society; Oct. 2013; 394 pages. |
| IEEE Std. P802.11ad/D5.0 “Draft Standard for Information Technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Amendment 3: Enhancements for Very High Throughput in the 60 GHz Band,” The Institute of Electrical and Electronics Engineers, Inc., Sep. 2011. |
| IEEE Std 1722IM-2011—IEEE Standard for Layer 2 Transport Protocol for Time-Sensitive Applications in Bridge Local Area Networks; IEEE Computer Society; May 6, 2011. |
| Number | Date | Country | |
|---|---|---|---|
| 61683448 | Aug 2012 | US |
