Cryptography – Particular algorithmic function encoding
Reexamination Certificate
1998-04-13
2001-05-15
Hayes, Gail (Department: 2131)
Cryptography
Particular algorithmic function encoding
C380S270000, C380S247000, C455S410000
Reexamination Certificate
active
06233337
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to wireless telephone cryptography. More particularly, the invention relates to an improved security cryptosystem for rapid and secure encryption in a wireless telephone system without requiring large amounts of additional system resources.
BACKGROUND OF THE INVENTION
Wireless telephony uses messaging for several purposes including, for example, conveying status information, reconfiguring operating modes, handling call termination, and conveying system and user data such as a subscriber's electronic serial number and telephone number, as well as conversations and other data transmitted by the user. Unlike ordinary wire telephony, in which a central serving station is connected to each subscriber by wire, thus ensuring a fair degree of protection from eavesdropping and tampering by an unauthorized party (attacker), wireless telephone serving stations (i.e., base stations) must transmit and receive messages via signals over the air, regardless of the physical location of the subscribers.
Because the base station must be able to send and receive messages to and from a subscriber anywhere, the messaging process is wholly dependent on signals received from and sent to the subscriber equipment. Because the signals are transmitted over the air, they can be intercepted by an eavesdropper or interloper with the right equipment.
If a signal is transmitted by a wireless telephone in plaintext, a danger exists that an eavesdropper will intercept the signal and use it to impersonate a subscriber, or to intercept private data transmitted by the user. Such private data may include the content of conversations. Private data may also include non-voice data transmitted by the user such as, for example, computer data transmitted over a modem connected to the wireless telephone, and may also include bank account or other private user information transmitted typically by means of keypresses. An eavesdropper listening to a conversation or intercepting non-voice data may obtain private information from the user. The message content of an unencrypted telephone signal (i.e., plaintext signal) is relatively easily intercepted by a suitably adapted receiver.
Alternatively, an interloper can interject himself into an established connection by using a greater transmitting power, sending signals to the base station, and impersonating a party to the conversation.
In the absence of applying cryptography to messages being transmitted by wireless signals, unauthorized use of telephone resources, eavesdropping of messages, and impersonation of called or calling parties during a conversation are possible. Such unauthorized interloping and/or eavesdropping has in fact proven to be a grave problem and is highly undesirable.
The application of cryptography to wireless telephone applications offers a solution to the security problems discussed above, but the application of standard cryptography methods to wireless telephony has encountered significant difficulties due to the computationally-intensive nature of these methods. Specifically, these methods are subject to the constraints imposed by the desire to furnish a small wireless handset and the constraints on processing power imposed by the small size of the handset. The processing power present in typical wireless handsets is insufficient to handle the processing requirements of commonly known cryptographic algorithms such as DES (Data Encryption Standard). Implementing such a commonly known cryptographic algorithm in a typical wireless telephone system would potentially increase the time needed to process signals (i.e., encrypt and decrypt), thereby causing unacceptable delays for subscribers.
One cryptographic system for wireless telephony is disclosed in Reeds U.S. Pat. No. 5,159,634 (“Reeds”), incorporated herein by reference. Reeds describes a cryptographic process known as the CMEA (“Cellular Message Encryption Algorithm”) process. Central to the operation of the CMEA is the tbox function, which expands a secret key into a secret lookup table. Beginning with an initial index, key material is combined with table material in multiple iterations to generate a secret lookup table. Once the table is generated, octets of the key are applied to octets of a message according to an algorithm described below, and the resulting value is used as an index to the lookup table. The tbox function can be implemented either as a function call or as a static memory-resident table. The table's purpose, when implemented as in the latter case, is to allow significant speed-up of encryption for a given security level.
The CMEA algorithm of the prior art may be significantly improved as described in greater detail below. These improvements provide an additional degree of security which is highly advantageous.
SUMMARY OF THE INVENTION
The present invention provides an additional degree of security to cryptographic algorithms such as CMEA through modified use of the tbox function. The improved use of the tbox function improves CMEA, and can be implemented to operate quickly and efficiently in a small computer such as is commonly used in a mobile wireless transceiver.
An improved use of the tbox function according to the present invention may suitably employ offsets to permute inputs to the tbox function. Each offset is created using two secret values and an external cryptosync value. The secret values may be generated by any of a number of techniques commonly known in the art. In some applications, the external cryptosync value used to encrypt a first message of a call is an initialization vector. For subsequent messages, the external cryptosync value is the first two octets of ciphertext from a previously encrypted message.
Improved use of tbox function according to the present invention is preferably achieved with an enhanced CMEA process employing at least two CMEA iterations. In the case of an enhanced CMEA process, first through fourth offsets are created. Each offset preferably uses a 15-bit secret value, a 16-bit secret value, and an external cryptosync value. Each offset uses a different pair of secret values. The secret values may be generated by any of a number of techniques commonly known in the art. The first and second offsets are applied to the inputs to the tbox function during a first iteration of the CMEA process, and the third and fourth offsets are applied to the inputs to the tbox function during a second iteration of the CMEA process.
Encrypted text is decrypted according to the teachings of the present invention by introducing ciphertext and reversing and inverting the steps applied to encrypt plaintext.
In another aspect of the present invention, an apparatus according to the present invention generates text and supplies it to an I/O interface which identifies it as generated text and supplies the text and the identification to an encryption/decryption processor, which in turn encrypts the text and supplies it to a transceiver for transmission. When the apparatus receives a transmission via the transceiver, the transmission is identified as incoming ciphertext, and the ciphertext and the identification are supplied to the encryption/decryption processor which decrypts the ciphertext and supplies it as text to the I/O processor for routing to its destination.
A more complete understanding of the present invention, as well as further features and advantages of the invention, will be apparent from the following Detailed Description and the accompanying drawings.
REFERENCES:
patent: 4157454 (1979-06-01), Becker
patent: 5159634 (1992-10-01), Reeds, III
patent: 5204902 (1993-04-01), Reeds, III
patent: 5438622 (1995-08-01), Normile et al.
patent: 5724428 (1998-03-01), Rivest
patent: 5727064 (1998-03-01), Reeds, III
patent: 5835600 (1998-11-01), Rivest
Schneier, Bruce, Applied Cryptography: Protocals, Algorithmsm and Source Code in C. Oct. 1995. p. 357.*
Wagner et al., “Cryptanalysis of the Cellular Message Encryption Algorithm”, Mar. 20, 1997.*
TR 45.3, Appendix A to IS-54, Rev. B, “Dual-Mod
Etzel Mark H.
Frank Robert John
Heer Daniel Nelson
McNelis Robert Joseph
Mizikovsky Semyon B.
Hayes Gail
Lucent Technologies - Inc.
Song Ho S.
LandOfFree
Methods and apparatus for enhanced security expansion of a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for enhanced security expansion of a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for enhanced security expansion of a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2481768