Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-07-31
2002-04-16
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S247000, C380S249000
Reexamination Certificate
active
06374355
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for securing over-the-air communication in a wireless system.
2. Description of Related Art
In a wireless communication system, the handsets, often called mobiles, purchased by mobile users are typically taken to a network service provider, and long keys and parameters are entered into the handset to activate service. The network of the service provider also maintains and associates with the mobile, a copy of the long keys and parameters for the mobile. As is well-known, based on these long keys and parameters, information can be securely transferred between the network and the mobile over the air.
Alternatively, the user receives long keys from the service provider over a secure communication channel, like a telephone/land line, and must manually enter these codes into the mobile.
Because the transfer of the long keys and parameters is performed via a telephone/land line or at the network service provider as opposed to over the air, the transfer is secure against over the air attacks. However, this method of securely transferring information places certain burdens and restrictions on the mobile user. Preferably, the mobile user should be able to buy their handsets and then get service from any service provider without physically taking the handsets to the provider's location or having to manually, and error free, enter long keys into the mobile. The capability to activate and provision the mobile remotely is part of the North American wireless standards, and is referred to as “over the air service provisioning” (OTASP).
Currently, the North American Cellular standard IS41-C specifies an OTASP protocol using the well-known Diffe-Hellman (DH) key agreement for establishing a secret key between two parties.
FIG. 1
illustrates the application of the DH key agreement to establishing a secret key between a mobile
20
and a network
10
used in IS41-C. Namely,
FIG. 1
shows, in a simplified form for clarity, the communication between a network
10
and a mobile
20
according to the DH key agreement. As used herein, the term network refers to the authentication centers, home location registers, visiting location registers, mobile switching centers, and base stations operated by a network service provider.
The network
10
generates a random number R
N
, and calculates (g{circumflex over ( )}R
N
mod p). As shown in
FIG. 1
, the network
10
sends a
512
-bit prime number p, a generator g of the group generated by the prime number p, and (g{circumflex over ( )}R
N
mod p) to the mobile
20
. Next, the mobile
20
generates a random number R
M
, calculates (g{circumflex over ( )}R
M
mod p), and sends (g{circumflex over ( )}R
M
mod p) to the network
10
.
The mobile
20
raises the received (g{circumflex over ( )}R
N
mod p) from the network
10
to the power R
M
to obtain (g{circumflex over ( )}R
M
R
N
mod p). The network
10
raises the received (g{circumflex over ( )}R
M
mod p) from the mobile
20
to the power R
N
to also obtain (g{circumflex over ( )}R
M
R
N
mod p). Both the mobile
20
and the network
10
obtain the same result, and establish the
64
least significant bits as the long-lived or root key called the A-key. The A-key serves as a root key for deriving other keys used in securing the communication between the mobile
20
and the network
10
.
One of the problems with the DH key exchange is that it is unauthenticated and susceptible to a man-in-the-middle attack. For instance, in the above mobile-network two party example, an attacker can impersonate the network
10
and then in turn impersonate the mobile
20
to the network
10
. This way the attacker can select and know the A-key as it relays messages between the mobile
20
and the network
10
to satisfy the authorization requirements. The DH key exchange is also susceptible to off-line dictionary attacks.
SUMMARY OF THE INVENTION
The method for securing over-the-air communication in wireless system according to the present invention disguises an OTASP call as a normal system access to defeat attacks. According to the present invention, a mobile sends a system access request and dummy data associated with the system access request to a network. The network sends a first data stream including a first data portion to the mobile in response to the system access request and the dummy data. The mobile extracts the first data portion from the first bit stream, and sends a second bit stream, which includes a second data portion, to the network. The network extracts the second data portion from the second data stream.
Both the mobile and the network generate a key based on the first data portion and the second data portion, and establish a first encrypted and authenticated communication channel using the key. The mobile then transfers authorizing information to the network over the first encrypted and authenticated communication channel. If accepted, a second encrypted and authenticated communication channel is established. Over the second encrypted and authenticated communication channel, the network then sends sensitive information such as the root or A-key to the mobile.
An attacker monitoring the communication between the mobile and network according to the present invention would recognize the communication as a normal system access, and presumably fail to mount an attack. However, if an attack is mounted, an attacker must block a significant number of system accesses to find a disguised OTASP call. This denial of service to mobile users makes locating and stopping an attacker fairly easy.
REFERENCES:
patent: 5799084 (1998-08-01), Gallagher et al.
patent: 5839071 (1998-11-01), Johnson
patent: 6061791 (2000-05-01), Moreau
patent: 6072875 (2000-06-01), Tsudik
Menezes et al, Handbook of Applied Cryptography, Oct. 17, 1996, pp. 397-398, section 10.3.1.*
M. Bellare and P. Rogaway, Entity authentication and key distribution,Advances in Cryptology—Crypto, 1993.
S. Bellovin and M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks, IEEE computer society symposium on research in security and privacy, 72-84 May 1992.
R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, Systematic design of two-party authentication protocols,Advances in Cryptololgy—Crypto, 1991.
M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo random bits,SIAM J. Computing, 13 No. 4:850-864, 1984.
R. B. Boppana and R. Hirschfeld, Pseudorrandom generators and complexity classes,Advances in Computing Research, 5 (S. Micali, Ed.), JAI Press, CT.
U.S. Department of Commerce/N.I.S.T.,Digital Signature Standard, FIPS 186, May 1994.
O. Goldreich and L. A. Levin, A hard-core predicate for all one way functions, Proceedings of the 21stSTOC, 25-32, 1989.
S. Goldwasser and A. Micali, Probabilistic encryption,Journal of Computer and Systems Science, 28: 270-299, 1984.
L. Gong, T. Lomas, R. Needham and J. Saltzer, Protecting poorly chosen secrets from guessing attacks,IEEE Journal on Selected Areas in Communications11(5): 648-656, Jun. 1993.
EIA/TIA, Cellular Radio Telecommunications Intersystem Operations IS-41 Rev. D, 1997.
T. Lomas, L. Gong, J. Saltzer and R. Needham, Reducing Risks from Poorly Chosen Keys, Proceedings of the 12thACM Symposium on Operating System Principles, ACM Operating Systems Review,23(5): 14-18 Dec. 1989.
S. Patel, Information Leakage in Encrypted Key Exchange, Proceedings of DIMACS workshop on Network Threats, 38: 33-40, Dec. 1996.
S. Patel, Number theoretic attacks on secure passord schemes, IEEE symposium on security and privacy, 236-247, May 1997.
S. Patel, Weaknesses of the north american wireless authentication protocol,IEEE Personal Communications, 40-44, Jun. 1997.
A. C. Yao, Theory and application of trapdoor functions, Proceedings of 23rdFOCS, 80-91, 1982.
M. Beller, L. Chang and Y. Yacobi, Privacy and authentication on a portable communication system,IEEE J. Selected Areas in Communications, 11(6): 821-829, 1993.
C. Carroll, Y
Birch Stewart Kolasch & Birch
Lucent Technologies - Inc.
Peeso Thomas R.
LandOfFree
Method for securing over-the-air communication in a wireless... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for securing over-the-air communication in a wireless..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for securing over-the-air communication in a wireless... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2900062