WO2015133951A1 - Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication - Google Patents

Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication Download PDF

Info

Publication number
WO2015133951A1
WO2015133951A1 PCT/SE2014/050276 SE2014050276W WO2015133951A1 WO 2015133951 A1 WO2015133951 A1 WO 2015133951A1 SE 2014050276 W SE2014050276 W SE 2014050276W WO 2015133951 A1 WO2015133951 A1 WO 2015133951A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
user
pin value
pin
version
Prior art date
Application number
PCT/SE2014/050276
Other languages
English (en)
Inventor
Mats NÄSLUND
Makan Pourzandi
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to PCT/SE2014/050276 priority Critical patent/WO2015133951A1/fr
Publication of WO2015133951A1 publication Critical patent/WO2015133951A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • This disclosure relates to methods, devices, computer programs, and computer programs products, for improving communication privacy.
  • This disclosure addresses this issue by making it more costly for an interloper to utilize an MITM attack. More specifically, this disclosure defines a mechanism that makes MITM attacks costly for whoever attempts it, in particular if the interloper attempts it at large scale.
  • the mechanism does not require secure/trusted network servers, but relies on a test (e.g., obscured information) that enables a first human user to determine whether the first user is communicating with a machine or a human. This implies that a potential interloper cannot use a machine (e.g., computer) to perform MITM attacks, implying difficulty to automate eavesdropping at large scale and making it costly, even at moderate scale.
  • the method includes the first CD using at least a first pin value and a first security parameter (Al) to generate a first authentication value (AVI).
  • the first CD initiates a communication session with a second CD. Initiating the communication session comprises the first CD transmitting first information to the second CD.
  • the first information includes: i) a first obscured version of the first pin value, ii) the first security parameter (Al), and iii) the first authentication value (AVI).
  • the first CD receives responsive information from the second CD.
  • the responsive information includes: i) an obscured version of a second pin value, ii) a second security parameter (A2), and iii) a second authentication value (AV2).
  • the first CD provides to a first user of the first CD the obscured version of the second pin value.
  • the first CD receives input from the first user after receiving the responsive information.
  • the first CD determines, based at least in part on the input, whether to continue with the communication session.
  • transmitting to the second CD the first obscured version of the first pin value serves as a challenge data
  • the receiving of the second authentication value (AV2) serves as a verification data, said challenge data together with said verification data being usable to determine whether the second CD is being used by a human.
  • transmitting to the second CD the first obscured version of the first pin value serves as a challenge data
  • the receiving of the obscured version of the third pin value serves as a verification data
  • said challenge data together with said verification data being usable to determine whether the second CD is being used by a human.
  • transmitting the first obscured version of the first pin value to the second CD comprises transmitting to the second CD a first image file containing a first distorted version of the first pin value or transmitting a reference to a storage of the first image file.
  • receiving the responsive information comprises a) receiving a second image file containing a distorted version of the second pin value or b) receiving a reference to a storage of the second image file.
  • the responsive information further comprises a distorted version of a third pin value (e.g., a distorted version of a pin value input by the second user), and receiving the responsive information comprises a) receiving a second image file containing i) the distorted version of the third pin value and ii) a distorted version of the second pin value or b) receiving a reference to a storage of the second image file.
  • the method may further comprise: the first CD prompting the user to input a response after providing to the first user the distorted version of the third pin value; the first CD receiving second user input in response to the prompting; and the first CD determining, based on the second user input, whether the third pin value is equal to the first pin value.
  • the first CD in response to determining that the third pin value is not equal to the first pin value, i) terminates the communication session, ii) retransmits to the second CD at least the first obscured version of the first pin value, iii) transmits to the second CD at least a new obscured version of the first pin value, iv) transmits to the second CD at least an obscured version of a new pin value and a new authentication value, or v) transmits to the second CD at least an error message.
  • receiving the first user input comprises receiving from the first user a pin value entered by the first user after the first CD provided to the first user the obscured version of the second pin value.
  • the method may further include: the first CD using at least the pin value input by the user, the first pin value, and A2 to generate an authentication value. The first CD determines whether the generated authentication value is in agreement with AV2.
  • the first CD in response to determining that the generated authentication value is not in agreement with AV2, i) terminates the communication session, ii) retransmits to the second CD at least the first obscured version of the first pin value, iii) transmits to the second CD at least a new obscured version of the first pin value, iv) transmits to the second CD at least an obscured version of a new pin value and a new authentication value, or v) transmits to the second CD at least an error message.
  • the method further includes the first CD generating a key using at least a value used to calculate the first security parameter (Al) and the second security parameter (A2).
  • the first CD uses the key to encrypt data, thereby generating encrypted data.
  • the first CD transmits the encrypted data to the second CD.
  • the second CD is configured to provide to a second user of the second CD the first obscured version of the first pin value; receive a value input by the second user in response to the second CD providing the first obscured version of the first pin value to the second user; use Al and the value input by the second user to generate an authentication value; and determine whether the generated authentication value is in agreement with the first authentication value (AVI) (e.g., identical to AVI).
  • AVI first authentication value
  • a method, in a system comprising a first CD and a second CD, for improving communication privacy comprises the second CD receiving a first security parameter (Al), a first obscured version of a first pin value (OV1), and a first authentication value (AVI).
  • the second CD provides to a user of the second CD the first obscured version of a first pin value (OV1).
  • the second CD receives a user input from the user of the second CD in response to the second CD providing the first obscured version of a first pin value (OV1) to the user.
  • the second CD using at least the user input and the first security parameter (Al) to generate an authentication value.
  • the second CD determining that the generated authentication value is in agreement with the first authentication value (AVI).
  • the second CD generating: i) a second security parameter (A2), ii) a second authentication value (AV2), and iii) an obscured version of a second pin value (OV3).
  • the second CD transmitting to the first CD i) the second security parameter (A2), ii) the second authentication value (AV2), and iii) the obscured version of the second pin value (OV3).
  • a communication device is disclosed. The
  • a computer program includes instructions for carrying out any of the methods described above.
  • FIG. 1 illustrates a communication system according to some embodiments.
  • Fig. 2 illustrates an exemplary sequence diagram according to some embodiments.
  • FIGs. 3(a) and 3(b) illustrate exemplary obscured diagrams according to some embodiments.
  • Figs. 4-7 illustrate exemplary flow charts according to some embodiments.
  • Fig. 8 illustrates an exemplary non-wireless communication device according to some embodiments.
  • Fig. 9 illustrates an exemplary wireless device according to some embodiments.
  • Embodiments are directed to methods, communication devices, computer and programs for improving communication privacy in a communication session between end users. As discussed above, a communication session between end user are vulnerable to MITM attacks. Such attacks may be automated by a computer with the potential of affecting a large number of communications sessions. Embodiments described herein utilize a Turing test to make it costly for an interloper to use an automated computer to perform a MITM attack.
  • Such Turning tests (such as CAPCTHA: Completely Automated Public Turing test to tell Computers and Humans Apart) are known in the art but only to verify the presence of a human by a server. This is not sufficient for establishing a secure communication channel as it provides no binding between the solution to the CAPTCHA and a secured channel between the parties.
  • all prior art CAPTCHAs are "onesided": while only a human can solve the CAPTCHA, a machine (server) is still able to verify the solution. Again, this is not sufficient as secure communication requires mutual authentication.
  • end users may send obscured versions of information to each other, where this information is used by the end users to authenticate any received data, such as data used for establishing a shared key.
  • the obscured version of the information may be a distorted image or distorted audio.
  • FIG. 1 illustrates a communication system 100 according to some embodiments.
  • Communication system 100 includes communication devices, such as wireless devices 104A, 104B and land-line devices 106A, 106B, that may communicate with each other over network 110 (e.g., the Internet).
  • the communication devices 104A and 106A may be used by a first user 102A, and the communication devices 104B and 106B may be used by a second user 102B. Users 102A and 102B can use the
  • communication devices illustrated in Fig. 1 may use communication device 104A or 106A to initiate a communication session with either communication device 104B or 106B using well known access protocols, e.g. WCDMA, LTE or WLAN , and well-known Internet protocols, such as, for example, TCP/IP and the Session Initiation Protocol (SIP).
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • WLAN Wireless Local Area Network
  • users 102A and 102B may use any desired key exchange protocol such as a Diffie- Hellman key exchange protocol.
  • key exchange protocols are public key based and pre-shared key based protocols, e.g. as supported by MIKEY, TLS, PSK- TLS, IKE, .. etc. It will be apparent to one of skill in the art how to adapt the invention to such protocols by adding information elements encoding obscured information to the key exchange signaling, and, using at least the (unobscured) information as basis for cryptographic keys to authenticate the key exchange signaling.
  • Fig. 2 illustrates an embodiment for establishing a communication session between first and second users and creating a shared key, e.g. for encryption purposes, between the first and second users.
  • the first and second users illustrated in Fig. 2 may correspond to user 102A and user 102B.
  • the first user's communication device illustrated in Fig. 2 may correspond to communication device 104A or 106A.
  • the second user's communication device illustrated in Fig. 2 may correspond to communication device 104B or 106B.
  • a pin value is a set of displayable objects, including numerical digits, letters, punctuation marks, or other objects.
  • the pin value may be "6ne3".
  • a length of four characters merely serves as an example.
  • the first user may select "6ne3" from a predetermined set of pin values displayed on the first user's communication device or manually enter this pin value via a touchscreen or keypad on device 104A or a keyboard on device 106B.
  • the selected pin value is provided to the first user's communication device
  • Steps la and lb are optional steps as the pin value may be selected for the user by the user's communication device.
  • the first user's CD may select a pin value (e.g., the first user's CD may randomly select a pin value using, for example, a pseudo-random string generator) and then may display the selected pin value to the first user.
  • an obscured version (OV1) of the pin value is generated.
  • the obscured version of the pin value may be generated using a program on the first user's communication device.
  • the obscured version may be a distorted image of the pin value or an obscured audio file that includes the pin value.
  • An example of a distorted image is a Completely Automated Public Turing test to tell Computer and Humans Apart (CAPTCHA) diagram.
  • Fig. 3(a) illustrates an example of a distorted image of the pin value "6ne3".
  • An example of an obscured audio file is an audio file that includes the pin value with background noise such that the pin value is detectable by a human ear, but the background noise, and/or speech variations (e.g. in pitch), makes it difficult for a computer device to determine the pin value via speech recognition.
  • a security parameter (Al) is generated.
  • Al may be used for the purpose of exchanging keys between the first and second users.
  • Al may be the Diffie-Hellman value (g mod p), where a, g, and p are integers (p being a prime number), the values of p and g are predetermined by the first and second users (or their devices), and the value a is a secret integer known only to the first user or the first user's device.
  • an elliptic curve group may be used to define Al .
  • an authentication value (AVI) is generated. This authentication value may be generated using at least Al and the pin value "6ne3".
  • Al and pin value may be input into an authentication algorithm to generate the authentication value AVI .
  • the pin value would thus serve as key for this authentication algorithm while Al would serve as the data being authenticated.
  • Other information may also be input to authentication algorithm, e.g. identifiers of the users, session, time stamps, replay protection information, etc., which will then also be possible to authenticate.
  • step 2 Al, AVI, and an obscured version of the pin value (OV1) is transmitted to the second user's communication device.
  • the first user may initiate a communication session with the second user by sending to the second user's communication device an invitation message (e.g., a Session Initiation Protocol (SIP) Invite Message) for the purposes of inviting the second user to create a Session Initiation Protocol (SIP) Invite Message) for the purposes of inviting the second user to create a
  • SIP Session Initiation Protocol
  • the message includes Al, AVI and an explicit (binary or BASE64) encoding of OV1 or a reference (e.g., URL) to an image file that contains OV1.
  • step 3a the second user' s communication device provides the obscured version of the pin value (OV1) to the second user.
  • the CAPTCHA image of the pin value "6ne3" as illustrated in Fig. 3a is displayed on a screen of the second user's communication device.
  • step 3b the second user obtains the pin value.
  • the second user upon viewing the CAPTCHA image illustrated in Fig. 3(a), the second user sees the pin value "6ne3".
  • step 3c the second user submits the pin "6ne3" to the second user's communication device (e.g., the second user uses a touch screen interface or keyboard of the second user's communication device to enter the pin value into the device).
  • step 3d the second user's communication device authenticates Al using at least AVI and the pin value that the second user submitted in step 3c. For example, the second user's communication device enters the pin "6ne3" and Al into an
  • This authentication algorithm to generate an authentication value.
  • This authentication algorithm is the same authentication algorithm as the authentication algorithm used by the first user when the AVI was generated. If this newly generated authentication value matches the authentication value AVI, then Al is authenticated.
  • step 3e if the newly generated authentication value does not match AVI, then the communication session may be terminated.
  • the second user' s communication device may display a failure warning indicating the lack of authentication. In this situation, the second user's communication device may terminate the communication session automatically, or the second user may terminate the communication session manually. Alternatively, the second user can be given a another chance to input a new pin value (i.e., repeat step 3c).
  • step 4a the second user selects a new pin value (e.g., "jw62k").
  • step 4b the second user submits the new pin value to the second user's communication device.
  • steps 4a and 4b are optional because, in some
  • the second user' s communication device may generate or otherwise select the new pin value.
  • step 4c the second user' s communication device generates an obscured version of the new pin value (OV3). Also, the second user's communication device may generate a new obscured version of the pin value (OV2) submitted in step 3c, but this is optional in some embodiments. In embodiments in which the second user's
  • OV2 it is preferably that OV2 is different than OV1.
  • OV3 may be obscured in the same manners as the OV1, i.e. it may be an image or audio CAPTCHA.
  • the method for generating OV3 may be different or the same as the method of generating OV1 and/or OV2, e.g, one may be audio and the other(s) an image.
  • OV2 and OV3 may be combined in the same CAPTCHA (e.g. in the same image as illustrated in Fig. 3(b) or in the same audio clip). In such case, generation OV2 (i.e. step 3e) takes place as part of this step by integrating it with the generation of OV3.
  • obscured versions OV2 and OV3 may be separate CAPTCHA images/audio clips.
  • a second security parameter (A2) is generated.
  • A2 may be g b mod p, where "g" and "p" are the same integers used by the first user, and "b" is a secret integer known only to the second user or the second user' s device.
  • an elliptic curve group may be used to define A2.
  • step 4e an authentication value (AV2) is generated.
  • AV2 authentication value
  • AV2 is generated using at least A2, the new pin value "jw62k", and the first pin value "6ne3".
  • A2 and one or more of pin values "jw62k” and “6ne3" may be entered into the authentication algorithm to generate AV2.
  • AV2 is generated using at least A2 and the new pin value "jw62k.”
  • other information may also be input to authentication algorithm, e.g.
  • step 5a the second user' s communication device transmits to the first user's communication device A2, AV2, and OV3.
  • OV2 may be transmitted along with A2, AV2, and OV3.
  • the second user's communication device transmits to the first user's
  • a response message (e.g., a SIP response message), wherein the message includes A2, AV2, and a reference to an image file that contains OV2 and OV3 or an explicit (binary or BASE64) encoding of the image file(s).
  • step 5b OV3 (and possibly OV2) is provided to the first user.
  • the user may be provided with the CAPTCHA image illustrated in Fig. 3(b), which includes distorted versions of the pin values "6ne3" and "jw62k.”
  • step 6 the first user extracts the pin value included in OV3 (and also OV2 if its present) and submits the pin value included in OV3 to the first user's communication device (assuming, if OV2 is present, that the pin value in OV2 matches the pin selected by the first user (e.g., "6ne3")). If OV2 is present, however, and the pin value in OV2 does not match the pin selected by the first user, then the first user may either terminate the communication session as this is an indication of a possible MITM attack, or start the process again with a new pin value.
  • the first user's communication device authenticates A2 using at least the input pin value (e.g., "jw62k") and possibly also the first pin value.
  • the value "jw62k” i.e., the second pin value
  • the value "6ne3" i.e., the first pin value
  • the value A2 are all entered into the authentication algorithm to generate a new authentication value. If this new authentication value is in agreement with (e.g., matches) authentication value (AV2), then A2 is authenticated. If A2 is not authenticated, the communication session may be terminated in a similar fashion as described above in step 3e, or the process may be restarted from the beginning.
  • first and second user devices derive a shared key that can be assumed to be known only to first and second users.
  • the first user may derive a shared key using at least the second security parameter received from the second user's communication device, and the second user may derive the same shared key using at least the first security parameter received from the first user's communication device.
  • si is equal to s2.
  • the first and second users may start exchanging data, e.g.
  • this key may be included in the derivation of shared keys for the current communication session. This provides so called key-continuity and has the advantage that even if a man-in-the-middle by some means manage to obtain the shared key sl/s2, this is still of no use to decrypt the current communication session unless the man-in-the-middle also managed to obtain the prior shared key sO.
  • such a prior shared key sO may be included in the generation authentication values (AVI and/or AV2). That is, besides using at least the first and/or second pin as a key input to the authentication algorithm, such a key sO may be also used as key input by combining (e.g. hashing or concatenating) it with the pin(s),
  • both the first and second pin values e.g. both "jw62k” and “6ne3"
  • AV2 authentication value
  • both the first and second pin values e.g. both "jw62k” and "6ne3”
  • OV2 obscured version
  • OV3 obscured version
  • the second user did not manage to correctly "solve” the obscured version (OV1) then an incorrect value (a value different from "6ne3”) will be input to the authentication algorithm when generating the authentication value (AV2) and thus authentication will fail at the first user's device in step 6c.
  • si will be different from s2.
  • si will be shared between the first user and the MITM and s2 will be shared between the second user and the MITM.
  • this can be detected by configuring the first and second device to display some fingerprint of sl/s2 which enables the first and second user to compare the displayed values, e.g. using verbal communication over the established connection. Users may opt to terminate communication if si and s2 are found to not match.
  • Fig. 4 illustrates an embodiment of a process 400 performed by a first communication device (e.g., 104A, 106A).
  • the process may generally start at step 402 where the first communication device uses a first pin value (e.g., a pin value selected by the first user of the first communication device or by the communication device itself) and a first security parameter (Al) to generate a first authentication value (AVI).
  • a first pin value e.g., a pin value selected by the first user of the first communication device or by the communication device itself
  • a first security parameter (Al) to generate a first authentication value (AVI).
  • the first pin value may be "6ne3”
  • the first security parameter (Al) may be g mod p, where the first pin value and the first security parameter (Al) are entered into an authentication algorithm to generate the first authentication value (AVI).
  • step 404 the first communication device initiates a communication session with a second communication device (e.g., transmit an invite message
  • the first communication device may initiate the communication session by transmitting first information to the second communication device, with the first information comprising: i) a first obscured version of the first pin value (OVl), wherein OVl is such that it is more difficult for a machine to determine the first pin value than it is for a human to determine the first pin value, ii) the first security parameter (Al), and iii) the first authentication value (AVI).
  • transmitting OVl to the second communication device comprises transmitting to the second communication device a first image file containing a first distorted version of the first pin value.
  • transmitting OVl to the second communication device comprises transmitting to the second communication device a reference to a first image file containing a first distorted version of the first pin value.
  • the first communication device receives from the second communication device responsive information, the responsive information comprising: i) an obscured version of a second pin value (OV3), ii) a second security parameter (A2), and iii) a second authentication value (AV2).
  • the responsive information further includes a second obscured version of the first pin value (OV2), where OV2 is different than OVl .
  • AV2, OV2, and OV3 may be generated by the second communication device as described above with respect to Fig. 2.
  • receiving the responsive information comprises receiving a second image file containing a distorted version of the second pin value.
  • the second image file may further include a second distorted version of the first pin value.
  • receiving the responsive information comprises receiving i) a second image file containing a second distorted version of the first pin value and ii) a third image file containing a distorted version of the second pin value.
  • the first communication device provides to the first user of the first communication device OV3.
  • the first communication device may prompt the first user to input the pin value the user obtains from OV3. In some embodiments this occurs only if the first user also sees the first pin value on the display. In such embodiments, if the user does not see the first pin value on the display the first user may activate a "cancel" button.
  • the first communication device receives a value input by the first user.
  • the first communication device determines, based at least in part on the received value input by the first user, whether to continue with the
  • the value input by the user, the first pin value, and the value A2 may all be entered into an authentication algorithm to generate a new authentication value. If this new authentication value is in agreement with (e.g., matches) AV2, then A2 is authenticated and the communication may continue.
  • the first communication device may determine to terminate the communication session in response to determining that the new authentication value is not in agreement with AV2. In some embodiments, the first communication may automatically restart the process in response to determining that the new authentication value is not in agreement with AV2 (i.e., the process 400 may go back to step 402).
  • the responsive information transmitted to the first communication device further includes OV2.
  • OV2 may be displayed to the first user.
  • the first user himself can determine whether the pin value encoded in OV2 is in agreement with the first pin value (on the other hand the first user could simply enter the pin value the user perceives in OV2 so that the first communication device can determine whether the perceived pin value is in agreement with the first pin value). If they are not in agreement, then this indicates a possible MITM attach and the first user may activate a "cancel session" button (i.e., input a "negative” response) to terminate the communication session or the first communication device may automatically terminate the communication session.
  • a "cancel session” button i.e., input a "negative” response
  • FIG. 5 illustrates a process 500, according to some embodiments, that is performed by the first communication device to perform step 412.
  • Process 500 may begin in step 502, where the first communication device receives a pin value entered by the first user in response to the first communication device outputting OV3 to the first user. [0060] In step 504, the first communication device uses the pin value input by the user, the first pin value, and A2 to generate an authentication value.
  • step 506 the first communication device determines whether the generated authentication value is in agreement with AV2. For example, in step 506 the communication device may determine whether the generated authentication value is identical to AV2.
  • step 508 in response to determining that the generated authentication value is not in agreement with AV2, the first communication device i) terminates the communication session, ii) retransmits to the second CD at least the first obscured version of the first pin value, iii) transmits to the second CD at least a new obscured version of the first pin value, iv) transmits to the second CD at least an obscured version of a new pin value and a new authentication value, or v) transmits to the second CD at least an error message.
  • Fig. 6 illustrates another process performed by the first communication device.
  • the process may generally start at step 602, where the first communication device generates a key using at least a value used to calculate the first security parameter (Al) and the second security parameter (A2). This same key may be generated by the second user of the second communication device.
  • the first communication device uses the key (e.g., other key(s) derived from the key) to encrypt data, thereby generating the encrypted data.
  • the first communication device can use the key to encrypt data by inputting the data and the key into an encryption process that encrypts the data using the input key.
  • the first communication device can use the key to encrypt data by inputting the data and another key derived from the key into the encryption process. Ensuring that the first and second communication device use the same security configuration (e.g. the same encryption algorithm and key derivation functions, etc) is outside the scope of the invention but may be provided by means of pre-configuration or signaling.
  • the first communication device transmits the encrypted data to the second communication device. Since the first and second users have the same key (i.e., shared secret key), the second communication device can decrypt the encrypted data received from the first communication device using at least the same key (or further derived key(s)) used to encrypt the data.
  • Fig. 7 is a flow chart illustrating a process performed by the second communication device (CD).
  • the process may generally start at step 702, where the second CD receives a first security parameter (Al), a first authentication value (AVI), and an obscured version of a first pin value (OV1).
  • Al a first security parameter
  • AVI a first authentication value
  • OV1 an obscured version of a first pin value
  • step 704 the second CD provides to a user of the second CD OV1.
  • step 706 the second CD receives a user input from the user in response to the second CD providing OV1 to the user.
  • step 708 the second CD uses at least the user input and Al to generate an authentication value.
  • step 710 the second CD determines whether the generated
  • the authentication value is in agreement with AVI (e.g., identical to AVI, which will occur when Al was not modified during transmission, the user input and first pin are equal, and the second CD uses the same authentication algorithm that the first CD used in generating AVI). If the generated authentication value is not in agreement with AVI, the communication session may be terminated by the second communication device transmitting to the first communication device session termination message.
  • the process can go back to step 704 to give the user another chance to input another user input.
  • the second CD generates: i) a second security parameter (A2), ii) a second authentication value (AV2), and iv) an obscured version of a second pin value (OV3).
  • A2 a second security parameter
  • AV2 a second authentication value
  • OV3 an obscured version of a second pin value
  • the second CD generates AV2 using at least A2, the second pin value, and the user input received in step 706. Additionally, in some embodiments, the second CD generates an obscured version of the user input received in step 706.
  • the second CD transmits to the first CD: A2, AV2, and OV3.
  • the second CD further transmits an obscured version of the user input received in step 706 (i.e., OV2).
  • the second CD transmits OV2 and OV3 by transmitting a message containing a reference (e.g., URL) for an image file containing a distorted version of the user input received in step 706 and a distorted version of the second pin value.
  • the processes illustrated in Figs. 2-7 may be implemented purely in software, such as an internet application ("app"), that is downloaded by anyone of the communication devices illustrated in Fig. 1.
  • This app may include predetermined pin values that are selectable by users or an algorithm for generating such pin values, the algorithms for generating obscured versions of the pin value, and the algorithms for authenticating data.
  • Fig. 8 is a block diagram of an embodiment of communication device 106A and 106B. Fig. 8 is described with respect to communication device 106A.
  • the communication device 106 A may include or consist of: a computer system (CS) 802, which may include one or more processors 855 (e.g., a general purpose microprocessor) and/or one or more circuits, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), a logic circuit, and the like; a network interface 803 for use in connecting the communication device 106A to a network 110; and a data storage system 806, which may include one or more non- volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)).
  • CS computer system
  • processors 855 e.g., a general purpose microprocessor
  • ASIC application specific integrated circuit
  • FPGAs field-programmable gate arrays
  • a logic circuit e.g., a logic circuit, and the like
  • a network interface 803 for use in connecting the communication device 106A to a network 110
  • a data storage system 806 which may include one or more non-
  • CPP 833 includes or is a computer readable medium (CRM) 882 storing a computer program (CP) 883 comprising computer readable instructions (CRI) 888.
  • CRM 882 is a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media (e.g., a DVD), solid state devices (e.g., random access memory (RAM), flash memory), and the like.
  • the CRI 888 of computer program 883 is configured such that when executed by computer system 802, the CRI causes the communication device 106A to perform steps described above (e.g., steps described above with reference to the flow charts and message flows shown in the drawings).
  • communication device 106A may be configured to perform steps described herein without the need for a computer program. That is, for example, computer system 802 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
  • Fig. 9 is a block diagram of an embodiment of communication devices 104A and 104B. Fig. 9 is described with respect to communication device 104A.
  • the communication device 104 A may include or consist of: a computer system (CS) 902, which may include one or more processors 955 (e.g., a general purpose microprocessor) and/or one or more circuits, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), a logic circuit, and the like; a transceiver 903 connected to an antenna 922 for use in communicating with a base station (e.g., Wi-Fi router or other base station); and a data storage system 906, which may include one or more no n- volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)).
  • CS computer system
  • processors 955 e.g., a general purpose microprocessor
  • ASIC application specific integrated circuit
  • FPGAs field-programmable gate arrays
  • a logic circuit e.g., a logic circuit, and the like
  • transceiver 903 connected to an antenna 922 for use in communicating with a base
  • CPP computer program product
  • CPP 933 includes or is a computer readable medium (CRM) 992 storing a computer program (CP) 993 comprising computer readable instructions (CRI)
  • CRM 992 is a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media (e.g., a DVD), solid state devices (e.g., random access memory (RAM), flash memory), and the like.
  • the CRI 999 of computer program 993 is configured such that when executed by computer system 902, the CRI causes the communication device 104A to perform steps described above (e.g., steps described above with reference to the flow charts and message flows shown in the drawings).
  • communication device 104A may be configured to perform steps described herein without the need for a computer program. That is, for example, computer system 902 may consist merely of one or more ASICs.
  • the features of the embodiments described herein may be implemented in hardware and/or software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de communication permettant de compliquer la réussite d'une attaque informatique par intrusion (MITM). Le procédé ne nécessite avantageusement aucun serveur de réseau sécurisé/de confiance. Le procédé utilise un test (par exemple une valeur PIN masquée) conçu pour permettre à un premier utilisateur humain d'un dispositif de communication d'obtenir un niveau de confiance garantissant que le premier utilisateur communique directement avec un second utilisateur humain, et non avec une machine se faisant passer pour le second utilisateur.
PCT/SE2014/050276 2014-03-06 2014-03-06 Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication WO2015133951A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2014/050276 WO2015133951A1 (fr) 2014-03-06 2014-03-06 Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2014/050276 WO2015133951A1 (fr) 2014-03-06 2014-03-06 Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication

Publications (1)

Publication Number Publication Date
WO2015133951A1 true WO2015133951A1 (fr) 2015-09-11

Family

ID=54055632

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2014/050276 WO2015133951A1 (fr) 2014-03-06 2014-03-06 Procédé, dispositif de communication et programme informatique permettant d'accroître la confidentialité d'une communication

Country Status (1)

Country Link
WO (1) WO2015133951A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060031338A1 (en) * 2004-08-09 2006-02-09 Microsoft Corporation Challenge response systems
US20060218636A1 (en) * 2005-03-24 2006-09-28 David Chaum Distributed communication security systems
US20070255959A1 (en) * 2006-04-27 2007-11-01 Samsung Electronics Co. Ltd. Communication apparatus and communication method thereof
WO2009020986A2 (fr) * 2007-08-07 2009-02-12 Microsoft Corporation Réduction du spam dans des communications en temps réel par une preuve d'interaction humaine
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20130276125A1 (en) * 2008-04-01 2013-10-17 Leap Marketing Technologies Inc. Systems and methods for assessing security risk

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060031338A1 (en) * 2004-08-09 2006-02-09 Microsoft Corporation Challenge response systems
US20060218636A1 (en) * 2005-03-24 2006-09-28 David Chaum Distributed communication security systems
US20070255959A1 (en) * 2006-04-27 2007-11-01 Samsung Electronics Co. Ltd. Communication apparatus and communication method thereof
WO2009020986A2 (fr) * 2007-08-07 2009-02-12 Microsoft Corporation Réduction du spam dans des communications en temps réel par une preuve d'interaction humaine
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20130276125A1 (en) * 2008-04-01 2013-10-17 Leap Marketing Technologies Inc. Systems and methods for assessing security risk

Similar Documents

Publication Publication Date Title
JP4663011B2 (ja) 通信コネクションを保護するために少なくとも1つの第1の通信加入者と少なくとも1つの第2の通信加入者との間で秘密鍵を一致させるための方法
EP2950506B1 (fr) Procede permettant d'etablir un canal de communication securise
US9693226B2 (en) Method and apparatus for securing a connection in a communications network
EP2039199B1 (fr) Système de références d'équipement utilisateur
CN107040513B (zh) 一种可信访问认证处理方法、用户终端和服务端
CN105828332B (zh) 一种无线局域网认证机制的改进方法
JP2017535998A5 (fr)
CN103763356A (zh) 一种安全套接层连接的建立方法、装置及***
CN107612889B (zh) 防止用户信息泄露的方法
KR20180095873A (ko) 무선 네트워크 접속 방법 및 장치, 및 저장 매체
WO2010012203A1 (fr) Procédé d'authentification, procédé de recertification et dispositif de communication
JP2012019511A (ja) 無線通信機器とサーバとの間でのデータの安全なトランザクションのためのシステムおよび方法
CN110087240B (zh) 基于wpa2-psk模式的无线网络安全数据传输方法及***
JP2012235214A (ja) 暗号通信装置および暗号通信システム
CN112312393A (zh) 5g应用接入认证方法及5g应用接入认证网络架构
CN109075973A (zh) 一种使用基于id的密码术进行网络和服务统一认证的方法
CN110635901A (zh) 用于物联网设备的本地蓝牙动态认证方法和***
US20070263577A1 (en) Method for Enrolling a User Terminal in a Wireless Local Area Network
CN105577365A (zh) 一种用户接入wlan的密钥协商方法及装置
CN105141629A (zh) 一种基于WPA/WPA2 PSK多密码提升公用Wi-Fi网络安全性的方法
CN104243452A (zh) 一种云计算访问控制方法及***
US9356931B2 (en) Methods and apparatuses for secure end to end communication
WO2015180399A1 (fr) Procédé, dispositif et système d'authentification
JP2009303188A (ja) 管理装置、登録通信端末、非登録通信端末、ネットワークシステム、管理方法、通信方法、及びコンピュータプログラム。
CN106992866A (zh) 一种基于nfc无证书认证的无线网络接入方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14884417

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14884417

Country of ref document: EP

Kind code of ref document: A1