1. Field of the Invention
The present invention relates generally to short range communication, and more particularly, to a method and an apparatus for forming a security channel during a short range communication.
2. Description of the Related Art
In general, short range communication has been implemented in diverse terminals, such as a mobile communication terminal, a notebook computer, a PDA (Personal Digital Assistant), a portable DMB (Digital Multimedia Broadcasting) terminal, an MP3 (MPEG layer 3) player, a PMP (Portable Multimedia Player), and a PSP (PlayStation Portable).
In addition, short range communication modules are mounted on home appliances including a television receiver, a DVD (Digital Video Disk) player, a CD (Compact Disk) player, an air conditioner, and the like, and wireless connection between devices has generally been performed easily and simply. Accordingly, attempts and users' demands for providing diverse complex services through the configuration of a home network using wireless connection have increased, and diverse short range communication systems have been developed.
As one of such short range wireless communication systems, ZigBee RF4CE (Remote Control Standard for Consumer Electronics) has been designed to be applied to not only home entertainment appliances, such as an HD (High Definition) television receiver, home theater equipment, a set top box, and other audio equipment, but also diverse products, such as illumination controls, security monitoring, and keyless entry systems, based on IEEE (Institute of Electrical and Electronics Engineers) 802.15.4 PHY/MAC (PHYsical/Media Access Control) wireless technology using a frequency of 2.4 GHz.
In particular, an RF (Radio Frequency) remote controller implemented according to the ZigBee RF4CE standard has been developed to replace the existing IR (Infrared Ray) remote controller. The RF remote controller, in comparison to the IR remote controller, can freely operate appliances at a long distance regardless of the existence/nonexistence of obstacles, and provide a long battery life. Also, the RF remote controller enables bi-directional communication, and thus it is expected that the RF remote controller is suitable for a data broadcasting service.
A process of connecting a channel between two devices, i.e. device A and device B, through ZigBee short range communication is illustrated in FIG. 1, which illustrates a general channel connection process. Device A 10 is a device which requests a channel connection and includes an application layer 11 and a network layer 12. Device B 20 is a device which responds to the channel connection, and includes an application layer 22 and a network layer 21.
According to a user's request or if necessary, the application layer 11 transfers a pair request to the network layer 12 in step 101. In the pair request, device A requests to pair up with device B. The pair request is generated according to user input or when a device performing the ZigBee short range communication exists. In step 103, the network layer 21 sets a response waiting time, and transmits the pair request to the device B 20.
The network layer 21 of the device B 20 transfers the received pair request in step 105 to the application layer 22, and the application layer 22 transfers the pair response to the network layer 21 in step 107.
The network layer 21 of the device B 20 transfers the pair response to the device A 10 in step 109. When the pair response is received, the network layer 12 of the device A 10 sets a reception waiting time of a network key seed. The network key seed is used for both devices 10 and 20 to generate a link key that is the same secret key.
On the other hand, the network layer 21 of the device B 20 generates (n+1)-numbered network key seeds in step 111, and transmits the network key seeds to the device A 10 one by one.
If all the network key seeds are received, the device A 10 generates a link key, and transmits a ping request for connecting a channel to the device B 20 in step 113. The device B 20 transmits a ping response to the device A 10 in step 115, and transfers the current state by sending a communication status (COMM-STATUS) indicator to the application layer 22 in step 117. The network layer 12 of the device A 10, if the ping response is received, transfers a pair confirm to the application layer 11 in step 119.
However, in the above-described channel connection process, the network key seed that is used to generate the same secret key between the two devices is transmitted in the form of plaintext. Accordingly, the network key seed is vulnerable to an attack of a Man-in-the-Middle. That is, there is a possibility that a third party, which is not the device 10 or 20, acquires the key seed and generates a secret key. Also, in order to generate a secret key, it is required to successively combine 255 key seeds at a maximum, and thus the third party may obstruct secret key generation by forging the sequence of a key seed frame or the seed value itself.
A method for solving this problem may be a method of protecting a key seed through encryption using a master key. However, it is not easy to safely distribute the master key, and this method is vulnerable to a node capture. Also, there may be a delay due to an encryption operation, and power consumption is increased. Also, this method has the drawback that it is still vulnerable to the attack that forges the sequence of the key seed frame or the seed value itself.