Patent Application
20090239500
The described embodiments relate generally to data communications. More particularly, the described embodiments relate to a method and apparatus for maintaining secure communication of a network device.
Wireless networking connects one or more wireless devices to other computer devices without a direct electrical connection, such as a copper wire or optical cable. Wireless devices communicate data, typically in the form of packets, across a wireless or partially wireless computer network and open a “data” or “communication” channel on the network such that the device can send and receive data packets.
Data being transmitted between wireless devices and remote servers often includes sensitive material and may be subject to malicious attack. For example, a home network can distribute copyright protected information, such as, video and music. A rogue interceptor may be able to receive the protected information and either display, listen or reproduce the protected information.
Furthermore, within the wireless device itself, unauthorized client applications downloaded to the device may maliciously or unintentionally access an application programming interface (“API”) with handset firmware, with the potential for causing damage to the handset and to the network.
It is desirable to have methods of securing data being communicated with a network.
An embodiment includes a method of a network device maintaining secure communication. The method includes the device obtaining identification numbers of all other devices the device is communicating with. The device computes a hash function, wherein inputs to the hash function include the identification numbers of the other devices and a secure hardware-stored identification number of the device. The device calculates a session key based on a master key, a random number and the computed hash function. The session key is used for encrypting and decrypting data.
Another embodiment includes a method of securing a wireless network of wireless devices. The method includes each wireless device obtaining identification numbers of all other wireless devices the wireless device is communicating with. Each wireless device computes a hash function, wherein inputs to the hash function include the identification numbers of the other devices and a secure hardware-stored identification number of the device. Each wireless device calculates a session key based on a master key, a random number and the computed hash function.
Another embodiment includes a wireless device. The wireless device includes means for the device obtaining identification numbers of all other devices the device is communicating with, a means for the device computing a hash function, wherein inputs to the hash function comprises the identification numbers of the other devices and a secure hardware-stored identification number of the device. The wireless device further includes, means for the device calculating a session key, wherein calculating the session key comprises a master key, a random number and the computed hash function.
Other aspects and advantages of the described embodiments will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the described embodiments.
The embodiments described include methods and apparatuses for maintaining secure communications between network devices. The methods and apparatuses include a network device computing a session key that is used for encrypting and decrypting transmission data. The session key is computed by each network device in a way that makes it virtually impossible for a rogue device to compute the session key. That is, the network devices are tamper-proof.
Each network device 110, 120, 122 must be able to properly compute a session key in order to be able to encrypt and decrypt the information (communication data) that is transmitted between the devices 110, 120, 122 of the wireless network. The session key, however, must be computed in a way that makes it nearly impossible for the rogue device to be able to either properly receive or properly communicate with the devices 110, 120, 122 of the wireless network.
As shown, each of the network devices can include device identification (A_id, B_id, C_id) along with information communicated to the other network devices. Each network device can use the device identification of other devices that the network device has authenticated, along with its own identification (such as, A_id) to generate the session key.
The master key is pre-shared secret that is known by each of the network devices. The random number is a random, arbitrary number that is generated for security purposes and is used one time only. The random number increases the difficulty of breaking security of the network.
As shown, this embodiment includes the hash function 220 receiving identification numbers of all other devices that the network device authenticated. For example, the transceiver 220 provides device identification B_id and the transceiver 222 provides device identification C_id. These device identifications, along with the identification of the device itself, A_id, are input to the hash function 220. Generally, a hash function provides a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital “fingerprint” of the data. The hash function “chops and mixes” (for example, substitutes or transposes) the data to create such fingerprints.
Hash functions are designed to be fast and to yield few hash collisions in expected input domains. A hash function must be deterministic, that is, if two hashes generated by the same hash function are different, then the two inputs were different in some way. Hash functions are usually not injective, that is, the computed hash value may be the same for different input values. This is because it is usually a requirement that the hash value can be stored in fewer bits than the data being hashed. It is a generally a design goal of hash functions to minimize the likelihood of hash collisions occurring.
It should be observed that the order of the inputs to the hash function influences that output of the hash function. Therefore, an embodiment includes different network devices maintaining consistent ordering of the operands (devices id(s)) input to the hash function of each of the devices. That is, for example, the ordering of the inputs A_id, B_id, C_id, is consistent amongst the hash functions of the device A 110, device B 120, and device C 122, ensuring that the session keys of the devices are consistently computed. This ordering is negotiated by the devices in a pre-determined manner such as an ascending or decending order of the ID's used for the ordering. That is, for example, each network device could use the order A_id, B_id, C_id, or, C_id, B_id, A_id.
For the embodiment of
An embodiment provides another safeguard against attack. More specifically, the number of authenticated devices is controlled by a number N. The number N can be embedded in hardware, such as, shown in
The hardware-stored self-identification of each network device cannot be modified by the devices itself, or by other devices. Various types of hardware implementations can be used for storing the self-identifications of each network device.
One embodiment includes the self-identification of a network device being stored in a field programmable logic array (FPGA) located with the device. One specific embodiment includes the serial number within the FPGA being used as the secure self-identification of the network device that includes the FPGA. Therefore, it is nearly impossible to modify, or externally determine the self-identification of the network devices. An alternate embodiment includes embedding the secure self-identification into configuration information of the FPGA. Another embodiment includes embedding the secure self-identification into hardware logic in which the logic is optimized for obfuscating the self-identification as part of a bit stream of the FPGA.
Another embodiment includes the secure self-identification being burned into a write once-only, read-only EFuse (single time programming) circuit before the device is shipped. Another embodiment includes storing the secure self-identification in an embedded flash circuit with a single time programming EFuse-disabling re-programming, or including a feedback bit to disable reprogramming.
The network device includes a modulation/demodulation block 320 that aids receiving and transmitting information to other network device through, for example, a link 350. Embodiments of the link 350 include both wired and wireless links. As shown, the device can receive the device identifications from other network devices that have been authenticated by the network device over the link 350.
Generally, authentication of another network device by the network device includes an exchange of the hardware ID's of the device and a hash function computed with the master key. The hardware ID's of associated devices are stored, for example, on an “Embedded smart card” device 230 along with the number N corresponding to the maximum number of authenticated devices. During the authentication stage, the input ID's received over the link are checked against a list of associated device ID's stored on the smart card 230 before a hash is computed.
Communication signals received from the other authenticated network devices are demodulated (by the modulator/demodulator 320), decrypted (by the encrypt/decrypt block 330) and the device identifications (for example, B_id, C_id) are determined by a network device controller 340. The controller 340 can provide the device identifications of the other network devices to the session key computation block 310. As previously described, the other network device identifications (B_id, C_id) along with the device identification (A_id) are input to a hash function within the session key computation 310.
As described, clearly the session key is re-computed as the other network devices that are connected and authenticated changes. That is, all other network devices authenticated by a network device are input to the session key calculations. Therefore, as the authenticated devices change, the session key is recalculated. Other factors can be used to trigger recalculation of the session key as well. For example, duration of time or transmission data of the network device can also be used to trigger recalculation of the session key.
As previously described, events that can cause re-calculation of a session key include a change is network connection topology (change of authenticated devices). That is, the session key is re-calculated if the authentication group changes.
An embodiment includes the session key being recalculated upon triggering of certain events. Triggers can include duration of time, or the network device having communicated a predetermined amount of information with other network devices.
When the other network devices have been authenticated, the network device computes a new session key.
As described, the device obtains identification numbers of all other devices the device is in communication with every time at least one of all the other devices changes. If the network devices are commonly operated, each can include their own identification being maintained in hardware, and therefore, tamper-proof.
As described, the other network devices are re-authenticated with the addition of a new network device, or the removal (subtraction) of a previously authenticated network device.
As described, changes in the list of authenticated devices triggers re-calculating the session key because the computed hash function changes.
As described, the device encrypts and decrypts transmission data with the session key, thereby maintaining the secure communications.
As described, the network devices re-calculated the session key when the list of authenticated devices changes. Other embodiments include re-calculating the session key periodically dependent on time, or intermittently dependent on amount of data communicated by the network device.
An embodiment includes the secure hardware-stored identification number of the device being stored as a field programmable gate array serial number. Another embodiment includes embedding the secure self-identification into configuration information of the FPGA. Another embodiment includes embedding the secure self-identification into hardware logic in which the logic is optimized for obfuscating the self-identification as part of a bit stream of the FPGA;
Another embodiment includes the secure self-identification being burned into a write once-only, read-only EFuse (single time programming) circuit before the device is shipped. Another embodiment includes storing the secure self-identification in an embedded flash circuit with a single time programming EFuse.
Another embodiment further includes the device calculating multiple session keys, wherein each session key corresponding with a different sub-group of the all the other devices. The hash functions corresponding with each sub-group includes inputs of identification numbers of the device and the other devices that are included within each sub-group. For example, the device (for example, device 110 of
Although specific embodiments have been described and illustrated, the embodiments are not to be limited to the specific forms or arrangements of parts so described and illustrated.
