1. Technical Field
The present invention relates to a method and a device for allowing the verification of the integrity and the authentication of the origin of a radiocommunication signal.
It pertains to the field of radiocommunications, and more particularly to professional mobile radiocommunication systems or PMR systems.
2. Related Art
It finds applications in radio frequency transmitters incorporated into the base stations and also into the mobile terminals of such a system.
Within the context of PMR systems, the verification of the integrity and the authentication of the origin of a signal consist in verifying that the signal has not been intentionally corrupted by a malicious third party. The aim is, for each mobile terminal, to verify that the radio signal received originates from a base station of the system, and not from a pirate base station, and, vice versa, for each base station to verify that a radio signal received originates from a mobile terminal of the system, and not from a pirate mobile terminal. Stated otherwise, this check makes it possible to detect attacks against the system which consist in sending a message having the characteristics (synchronization, protocol format, coding, etc) of a radio message of the system, but while nevertheless being a false message or a message falsified by an adversary who has intercepted an authentic message.
A false message and a falsified message may be looked upon as messages containing intentional errors introduced by a malicious third party during transmission, as opposed to unintentional errors due to poor conditions of radio transmission.
The detection of unintentional errors during radio transmissions is made possible through the use of a cyclic redundancy code or CRC code, which is formed by transmission error verification bits transmitted in each radio frame while being associated with a useful information message.
The CRC technique is widely used in radiocommunication systems for the transmission of voice or data. CRCs are well known linear functions, some of which are standardized. Thus, to transmit a message M, the code CRC(M) is calculated, then the information M+CRC(M) is coded (channel coding) and transmitted in a frame. On receipt, the information M′+(CRC(M)′ received in a frame is decoded (channel decoding), and must satisfy the additional condition CRC(M′)=(CRC(M))′ in order for it to be possible to consider that M′=M. It will be noted that the technique makes it possible to detect unintentional errors but not to correct them: a corrupted message is simply ignored.
This technique has been adopted without modification by numerous PMR systems (for example TETRAPOL, TETRA, etc) to protect the transmission of radio frames against unintentional errors due to poor radio conditions.
This technique does not however allow the receiver to detect the intentional errors introduced by a malicious third party. Specifically, a characteristic of the CRC is that it is known, so that an adversary can replace/modify the message M with/into a message N, then calculate the code CRC(N) with the perfectly well known CRC, and finally code and transmit the information N+CRC(N) in a frame without the receiver or receivers detecting the least anomaly.
The CRC technique is supplemented in systems like GSM (“Global System for Mobiles”) or systems according to the IEEE 802.11 standard, by applying linear encryption (CL) to the information M+CRC(M) to obtain an information item of the same size Z=CL((M+CRC(M))), which is actually coded and transmitted in the frame. This supplement seems to afford a partial response to the integrity requirement since, the frame being encrypted, a malicious third party does not know the message M and cannot substitute a falsified message therefor.
However, in fact, it is still possible to transmit a false message since the encryption and CRC are both linear. Thus, considering a given information word D, the information Z+CL(D+CRC(D)) is in reality equal to the information CL(((M+D)+CRC(M+D))), and constitutes a false message that an attacker knows how to construct and which remains valid as regards the receivers.
The CRC technique supplemented with linear encryption therefore still exhibits the major drawback that the receiver cannot detect intentional errors introduced by a malicious third party.
In fact, the detection of intentional errors would be made possible with the introduction of an additional sealing mechanism, which would however exhibit the drawback of reducing the useful bandwidth.
Specifically, a sealing function produces a seal denoted S(M) in what follows, on a determined number of bits, which ought then to be coded and transmitted in the frame in association with the original message M and the code CRC(M).