WO2009082356A1 - Procédé et système pour sécuriser des systèmes et des dispositifs sans fil - Google Patents

Procédé et système pour sécuriser des systèmes et des dispositifs sans fil Download PDF

Info

Publication number
WO2009082356A1
WO2009082356A1 PCT/SG2007/000438 SG2007000438W WO2009082356A1 WO 2009082356 A1 WO2009082356 A1 WO 2009082356A1 SG 2007000438 W SG2007000438 W SG 2007000438W WO 2009082356 A1 WO2009082356 A1 WO 2009082356A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
parameters
network
security
wireless devices
Prior art date
Application number
PCT/SG2007/000438
Other languages
English (en)
Inventor
Siew Leong Kan
Khoon Wee Ang
Original Assignee
Nanyang Polytechnic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanyang Polytechnic filed Critical Nanyang Polytechnic
Priority to PCT/SG2007/000438 priority Critical patent/WO2009082356A1/fr
Publication of WO2009082356A1 publication Critical patent/WO2009082356A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to network and systems security.
  • the invention relates to a system and method for wireless network security.
  • Wired Equivalency Privacy is an encryption standard that was used for wireless security. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty for crackers. However, as flaws were quickly discovered and exploited, it was shown that several open source utilities such as aircrack-ng, weplab, WEPCrack or airsnort can be used to break in the WEP protected network by examining packets and looking for patterns in the encryption. The major problem in WEP is that if packets on a network can be acquired, it is only a matter of time to crack the WEP encryption.
  • WEP is a shared key system, where the access point uses the same key as all clients devices and the clients devices also share the same key with each other. A hacker needs to only compromise the shared key from a single user, and the WEP protected network can be intruded. Further, the key for WEP protected network have to be either manually given to the end users for inputing to the connecting devices, or it has to be distributed to the connecting devices via other authentication method, which is cumbersome in most cases.
  • a network security system comprises a key management system for generating keys for authentication, wherein the key comprises security parameters and supplementary parameters, wherein the supplementary parameters include a length of the key, a number of time that the security parameters are repeated within the length, and dummy characters.
  • the security parameters may include any parameters in application, network and system level.
  • the parameters in application level may include a login ID, a password and encryption/license keys.
  • the parameters in network and system level may include a WEP/WPA/WPA2 key, an encryption key, a service set identifier (SSID), a channel number, a frequency and a MAC address.
  • SSID service set identifier
  • parameters of the security parameters may be arranged in a pre-defined sequence.
  • the network security system may further comprise a communication module for broadcasting the key to wireless devices.
  • the broadcasted key is synchronized between the wireless devices.
  • the supplementary parameters may include a timestamp that define an expiry time for the key.
  • the key management system may regenerate the keys for broadcasting to the wireless devices and synchronization between the wireless devices. It is possible that the key is regenerated on or before expiry of the key or when intruder is detected.
  • a method of securing a network comprises setting security parameters; setting supplementary parameters; and generating a key comprises the security parameters and supplementary parameters; wherein the supplementary parameters include a length of the key, a number of time that the security parameters are repeated within the length, and dummy characters.
  • the security parameters may include any parameters in application, network and system level.
  • the parameters in application level may include a login ID, a password and encryption/license keys.
  • the parameters in network and system level may include a WEP/WPA/WPA2 key, an encryption key, a service set identifier (SSID), a channel number, a frequency and a MAC address.
  • the security parameters may be arranged in a pre-defined sequence.
  • the method may further comprise broadcasting the key to wireless devices.
  • the method may further comprise synchronizing the key between the wireless devices.
  • the supplementary parameters may include a timestamp that define an expiry time for the key.
  • the method may further comprise regenerating the key for broadcasting to the wireless devices and synchronization between the wireless devices. It is possible that the key is re-generated on or before expiry of the key or when intruder is detected.
  • FIG. 1 illustrates a diagram showing a wireless security system in accordance with an embodiment of the present invention.
  • FIG. 2 exemplifies a key structure of a key in accordance with another embodiment of the present invention. Detailed Description
  • FIG. 1 is a flow diagram illustrating a wireless security system 100 of a network in accordance with one embodiment of the present invention.
  • the flow diagram shows a first wireless device 110 is communicating with a second device 120 wirelessly via a peer-to-peer connection.
  • the connection is protected with the wireless security system 100 comprises a key management system 101 for managing encrypted keys for communication.
  • the key management system 101 can be a standalone device or resided any wireless devices within the network.
  • the wireless devices include access point, base stations, laptop computers, personal computers, PDAs, and other mobile wireless communication devices.
  • the key management system 101 defines and distributes the encrypted keys to the wireless devices to protect the network communications.
  • the key management system 101 is adapted to support multiple wireless networks such as WLAN, WPAN, WMAN and etc.
  • the key management system 101 comprises a selection and sequencing module 102, a random/user-defined entity generator 103, a scheduling mechanism 104, a database 105 and a communication module 106.
  • the key management system 101 executes the selection and sequencing module 102 to set the security key parameters from the applications, network and system levels.
  • the random/user-defined entity generator 103 allows the sequencing of the security key parameters be done by a random or user- defined process, or combinations of both.
  • the random/user-defined entity generator 104 further acquires supplementary parameters for generating the key.
  • the supplementary parameters can also be user-defined or randomly generated.
  • the scheduling mechanism 104 defined a key based on selected parameters and sequences.
  • the key is stored in the database 105 and is broadcasted to wireless devices (including the first wireless device 110 and the second wireless device 120) of the network.
  • the selection and sequencing module 102 allows user to define the security parameters for the key.
  • the security parameters are defined in applications, network and system levels.
  • the application level's security parameters include a login
  • the network and system levels' security parameters include a WEP/WPA/WPA2 key, an encryption key, a service set identifier (SSID), a channel number, a frequency, a MAC address, and etc. These security parameters can be selected based on the user-defined or random choice. The selected security parameters are sent to the entity generator 103.
  • the entity generator 103 generates a set of entities that includes the security parameters and the supplementary parameters.
  • sequences of the security parameters are defined to arrange the security parameters.
  • the supplementary parameters include a count number, a length, dummy characters and a timestamp.
  • the sequences of the security parameters and the supplementary parameters can be selected automatically in random or manually by user-defined manner or a combination of both.
  • the supplementary parameters, together with the selected sequence of security parameters, are fed to the scheduling mechanism 104.
  • the security parameters in application level are denoted as Al, A2, ..., An, where Al is an application security parameter 1;
  • the security parameters in network level are denoted as Nl, N2, ..., Nn, where Nl is a network security parameter 1;
  • the security parameters of system level as Sl, S2, ..., Sn, where Sl is a system security parameter 1 ;
  • the selected sequence of security parameters is denoted as Seq;
  • the count number is denoted as C;
  • the length is denoted as I;
  • the dummy characters are denoted as D; and the time stamp is denoted as T. Therefore, the key can be represented as equation (2),
  • the Seq includes any of the An, Nn, Sn and any of the combinations in any sequence defined by the user or randomly. Accordingly, the scheduling mechanism 104 generates the key that consists the Seq that is repeated for C number of time for as long as it is within the limit L. L must be large enough to cover at least one cycle of Seq repeating C time. The remaining within L, if any, is filled up with randomly generated dummy characters, D. These dummy characters serve as noisy characters for deceiving intruders. The dummy characters can be in any length, depending on L. It is possible that L can be set sufficiently long to cater the dummy characters that occupy the majority of L to increase the challenge for hacking. The T is added to define an expiry time for all wireless systems and devices to get a new Key.
  • the Key is generated, it is stored in the database 105 and it is updated just before or on expiry of T.
  • the communication module 106 authenticates and sets-up communication links with a normal communication channel establishment. Once the connection is established, the generated Key is sent to all authorized wireless devices which include the first wireless device 110 and the second wireless device 120. To maintain a secured transmission, the Key is re-generated and broadcasted to the authorized devices. When the new Key is generated and received by the devices, the devices re-configured themselves with this security parameters in the new Key, and upon which, the communication link is disconnected and re-connected again. That ensures a "private key" is used among the network without being hacked. A new key is generated when the T is expired, or when intrusion is detected. Once the reconfiguration and re-connection are completed, the data transferring is resumed.
  • FIG. 2 exemplifies a customized key structure of a key 200 generated by the key management system 101.
  • the key 200 is valid for 5 minutes an will be renewed thereafter for further communication between the wireless devices.
  • the function 201 of the key 200 is repeated.
  • the function 201 has a length of 10 seconds.
  • step 112 the communications module 106 establishes a wireless connection between the first wireless device 110 and the second wireless device 120 and initializes authentication. Once authenticated, the generated key is also downloaded to both wireless devices 110 and 120. The Key is stored until a new Key is received. The wireless devices 110 and 120 re-configure themselves based on the relevant security parameters information in the Key. Once the re-configuration is completed, the wireless devices 110 and 120 synchronizes with the key management system 101 through exchanging of handshaking signals before the communication link being set up again. Data transfer is taking place at the first instance.
  • the key is used for authentication until the T, if any, expires.
  • synchronization of new keys will be taking place among the key management system 101 and the wireless devices at the background.
  • the wireless devices detect if there is any intruder in step 114. If intruder is detected, the wireless devices inform the key management system 101 to re-generate a new Key in step 115.
  • the devices are re-configured and reconnected again with the new Key.
  • the intruder's packets and activities are recorded and in step 117, important files or documents are deleted if require.
  • the present invention can be implemented on communication networks with different communication channels/protocols.
  • the key management system 101 is also applicable on a Peer to peer communications between different wireless devices.
  • the wireless devices can also make use of the Key generated by the key management system 101 to authenticate connections with other wireless devices.
  • the present invention provides a system and method of wireless security that supports multiple wireless networks.
  • the common security parameters required by the respective wireless network and applications are grouped together and re-sequence through a key management scheme.
  • the present invention allows user to choose or define the combinations of the security parameters in applications, network, and systems level and sequences of the parameters.
  • An automated configuration system that includes an auto- reconfiguration of the settings of one or all combination of either user selected or system defined security related parameters obtained from applications, network and systems levels so frequent that the intruder/hacker will not be able to use/hack into the system anymore within a reasonable amount of time.
  • the present invention provides a system and method integrating the security requirement/parameters based on application, network and system level that support multiple network protocols and systems. It is understood that the present invention is suitable not only for wireless network, but also wired network.
  • the present invention is suitable to be implemented on a device supporting multiple network connection. It is especially useful for such device operating in ad-hoc networking or ad-hoc communication.
  • a device A can have a secured key for a Wi-Fi connection with a device B, while at the same time, have another secured key for a 3.5G communication with device C, for which, data communication between devices B and C can be achieved through device A.
  • device A can have a secured key for a Wi-Fi connection with a device B, while at the same time, have another secured key for a 3.5G communication with device C, for which, data communication between devices B and C can be achieved through device A.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un système et un procédé pour sécuriser un réseau. Le système comprend un système de gestion de clés pour générer des clés destinées à l'authentification, la clé comprenant des paramètres de sécurité et des paramètres supplémentaires, les paramètres supplémentaires comprenant une longueur de la clé, un nombre de fois où les paramètres de sécurité sont répétés sur la longueur et des caractères factices.
PCT/SG2007/000438 2007-12-24 2007-12-24 Procédé et système pour sécuriser des systèmes et des dispositifs sans fil WO2009082356A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2007/000438 WO2009082356A1 (fr) 2007-12-24 2007-12-24 Procédé et système pour sécuriser des systèmes et des dispositifs sans fil

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2007/000438 WO2009082356A1 (fr) 2007-12-24 2007-12-24 Procédé et système pour sécuriser des systèmes et des dispositifs sans fil

Publications (1)

Publication Number Publication Date
WO2009082356A1 true WO2009082356A1 (fr) 2009-07-02

Family

ID=40801466

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2007/000438 WO2009082356A1 (fr) 2007-12-24 2007-12-24 Procédé et système pour sécuriser des systèmes et des dispositifs sans fil

Country Status (1)

Country Link
WO (1) WO2009082356A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9491196B2 (en) 2014-09-16 2016-11-08 Gainspan Corporation Security for group addressed data packets in wireless networks

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020101996A1 (en) * 1999-10-20 2002-08-01 Fujitsu Limited Variable-length key cryptosystem
US20040068653A1 (en) * 2002-10-08 2004-04-08 Fascenda Anthony C. Shared network access using different access keys
WO2006096017A1 (fr) * 2005-03-09 2006-09-14 Electronics And Telecommunications Research Institute Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil
US20060204005A1 (en) * 2005-03-14 2006-09-14 Microsoft Corporation Method and system for enhancing cryptography-based security
US20060294575A1 (en) * 2003-09-11 2006-12-28 Rogers Paul J Method and apparatus for use in security
WO2007066959A1 (fr) * 2005-12-07 2007-06-14 Electronics And Telecommunications Research Institute Procede de gestion de cle de securite et dispositif de controle d'un canal de securite dans un epon

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020101996A1 (en) * 1999-10-20 2002-08-01 Fujitsu Limited Variable-length key cryptosystem
US20040068653A1 (en) * 2002-10-08 2004-04-08 Fascenda Anthony C. Shared network access using different access keys
US20060294575A1 (en) * 2003-09-11 2006-12-28 Rogers Paul J Method and apparatus for use in security
WO2006096017A1 (fr) * 2005-03-09 2006-09-14 Electronics And Telecommunications Research Institute Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil
US20060204005A1 (en) * 2005-03-14 2006-09-14 Microsoft Corporation Method and system for enhancing cryptography-based security
WO2007066959A1 (fr) * 2005-12-07 2007-06-14 Electronics And Telecommunications Research Institute Procede de gestion de cle de securite et dispositif de controle d'un canal de securite dans un epon

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9491196B2 (en) 2014-09-16 2016-11-08 Gainspan Corporation Security for group addressed data packets in wireless networks

Similar Documents

Publication Publication Date Title
US8594109B2 (en) Wireless extender secure discovery and provisioning
US9113330B2 (en) Wireless authentication using beacon messages
US8126145B1 (en) Enhanced association for access points
US8429404B2 (en) Method and system for secure communications on a managed network
KR101554396B1 (ko) 통신 시스템들에서 가입자 인증과 디바이스 인증을 바인딩하는 방법 및 장치
US9735957B2 (en) Group key management and authentication schemes for mesh networks
US8150372B2 (en) Method and system for distributing data within a group of mobile units
US9215075B1 (en) System and method for secure relayed communications from an implantable medical device
AU2007242991B2 (en) Method and system for providing cellular assisted secure communications of a plurality of AD HOC devices
CA2602581C (fr) Systeme de commutation sure pour reseaux et procede associe
CN101164315A (zh) 利用通信网络中无线通信协议的***和方法
WO2007111710A2 (fr) Procédé et appareil élaborant un code de sûreté de communications
KR20050072789A (ko) 무선 근거리 통신망으로 이동 단자의 보안 접근 방법 및무선 링크를 통한 보안 데이터 통신 방법
CN112640385B (zh) 用于在si***中使用的非si设备和si设备以及相应的方法
CN112640387B (zh) 用于无线连接的非si设备、si设备、方法和计算机可读介质和/或微处理器可执行介质
Lamers et al. Securing home Wi-Fi with WPA3 personal
Hall Detection of rogue devices in wireless networks
ES2625133T3 (es) Un método y aparato para manejar claves utilizadas para cifrado e integridad
WO2022155145A1 (fr) Confinement de multidiffusion dans un réseau local sans fil (wlan) à clé pré-partagée (psk) multiple
JP5721183B2 (ja) 無線lan通信システム、無線lan親機、通信接続確立方法、及びプログラム
Saedy et al. Ad Hoc M2M Communications and security based on 4G cellular system
WO2009082356A1 (fr) Procédé et système pour sécuriser des systèmes et des dispositifs sans fil
US9246679B2 (en) Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks
KR20070040042A (ko) 무선랜 자동 설정 방법
Haataja Security in Bluetooth, WLAN and IrDA: a comparison

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07852304

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07852304

Country of ref document: EP

Kind code of ref document: A1