Home network market is getting larger and larger. Many wireless, powerline, coax cable network products are available in the market. One issue is encryption for content protection and security. For example, a powerline network is shared with neighbors. If a communication is not encrypted, the neighbor can see it. Encryption is indispensable for secure network communication.
For encryption, a new client device must be registered to the server. In a common case, a client has a unique ID and the user enters the ID number to the server when he/she begins to use the client device. The unique ID is, for example, a 10-digit value. It is not user-friendly to have the user enter a long number. With a wrong number, the server cannot communicate with the client at all. Also, it takes huge amount of time to register many client devices.
To resolve this problem, several methods have been devised. One of the simplest solutions is a push button approach as described in U.S. Publication number 2004/0054897 to Dawson et al. In this technique, the user simultaneously or sequentially pushes the button on the server and the one on the client. Then, the server and the client exchange necessary information. Entry of a number is not required. This is user-friendly, and provides a good measure of security. However, further security is even more desirable in certain circumstances.
One of the famous attacks is called Man-In-The-Middle (MITM) attack as described, for example in Cryptography Decrypted by H. X. Mel and Doris Baker, Addison-Wesley, ISBN: 0201616475. The client sends the server its own public key to receive secret information. The server encrypts the secret information with the client public key and sends it back to the client. The client decrypts the encrypted data with its own private key. No other guy can decrypt the encrypted data only with the client public key. This seems safe, but is vulnerable to MITM. The adversary is in the middle of the server and the client and gets the request from the client. The adversary replaces the client public key with his own public key and sends it to the server. The server encrypts the secret information with the adversary public key and sends back to the adversary. The adversary successfully decrypts the secret data with his own private key. Also, the adversary re-encrypts the secret data with the client public key and sends to the client. The client decrypts the secret data without knowing the data has been stolen. The public/private key encryption is rigid and hard to break. However, public key must be carefully delivered. The simple push button approach may be ineffective in certain embodiments against MITM and similar attacks.