Field of the Invention
The present invention relates to security parameters in a communication system, and more particularly, to verifying the authenticity of at least one security parameter exchanged between communicating parties.
Description of Related Art
A user may communicate with other parties by means of an appropriate communication device. The communication may be provided either via a communication system comprising at least one network or directly between communication devices of the parties. A user may be provided with numerous services via his/hers communication device. Non-limiting examples of these services include two-way or multi-way calls, data communication or multimedia services and access to a data communications network system, such as the Internet. A user may also be provided broadcast or multicast content.
A communication system is a facility which enables communication between two or more parties such as communication devices, network entities such as servers and other nodes. A communication system is typically adapted to operate in accordance with at least one communication protocol. Examples of communication systems include fixed line communication systems, such as a public switched telephone network (PSTN), local area networks (LAN) and wireless communication systems, such as a public land mobile network (PLMN), satellite based systems and wireless local area networks (WLAN). A simple communication system can be understood to be provided by two or more devices that can communicate directly with each other.
In communication systems a problem relates to ensuring that the different parties in the communication can trust that the communication devices involved in the communications are indeed authorized to participate in the communications. This can be important especially in applications where confidential information is transferred between different communication devices.
An approach to increase security is based on exchange of particular security parameters between the communicating parties. A number of different mechanisms have been proposed for the exchange of security parameters between communicating parties. The proposals for the exchange mechanism include, for example, security key exchange mechanisms that are based on a shared secret such as a password. These techniques include, for example, a key pair including of a public key and a private key. In such an arrangement, a user has a public key that the user can send unencrypted to a counter party. Unlike in Public Key Infrastructure (PKI) based systems, where the authenticity of the public keys is verified based on certificates, in these arrangements the verification of the authenticity of the public keys is based on shared secrets. The user can also have a private key that does not have to be transferred to the communication system at any stage, but is instead maintained in secrecy. By means of these it is possible to transmit encrypted information to a party by encrypting the information with the public key. The party can then decrypt the information with his/her private key.
An example of such key exchange mechanism is discussed by V. Boyko, P. Mackenzie and S. Patel in an article ‘Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman’, Eurocrypt 2000, July 2000. This proposal uses the so-called Diffie-Hellman technique, a public key based algorithm employing an exponentiation modulo of a large prime number. In accordance with the Diffie-Hellman technique, a first party determines a first key number on the basis of a first secret number and the first key number is transmitted to a second party. Correspondingly, the second party determines a second key number on the basis of a second secret number and the second key number is transmitted to the first party. Thereafter the first party generates a third key number on the basis of the first secret number and the second key number it has received, and the second party generates a fourth key number on the basis of the second secret number and the first key number it has received. The third and the fourth key numbers are identical, and are not transmitted between the parties involved. The third and the fourth key number can be used for encryption and decryption of information to be transmitted between the parties, or to derive cryptographic keys for use by other secure mechanisms.
However, it is possible for a third party to become able to change the first key number or the second key number in a mechanism that is based on the Diffie-Hellman technique or in any other technique where asymmetric exchange of public keys takes place without external means, such as a certificate, for authenticating the public keys. This can take place, for example, such that the third party places itself between the first party and the second party, where after the first party may mistake the third party for the second party, and, in a corresponding manner, the second party may mistake the third party for the first party. This is known as the Man in the Middle (MITM) attack. Thus it is possible for data to be transmitted between the first and the second party via the third party, meaning that the third party can detect and intercept messages transmitted by the first party and the messages transmitted by the second party. This leaves the messages vulnerable for example for third party modifications.
The above mechanism for exchanging authenticated keys also rely on pre-existing information such as shared secret and public-private key pairs at the communicating parties. Such pre-existing information, however, may not always be available when parties wish to communicate.
Certain proposals for overcoming this use a security protocol between the parties that results in a short checksum. Each user then speaks out and send the recording of the checksum. One of the users may then verify that the checksum is the same as that displayed on his device and that the voice speaking the checksum does indeed belong to the correct peer. This approach is not without weaknesses either. Firstly, fresh Diffie-Hellman public/private key pairs need to be generated for each session. This may not be computationally feasible for all devices. Each byte of the checksum may need to be mapped to a dictionary of 256 words or the checksum may need to be encoded in a base such as 32 or 256. Thus what the user sees/verifies is only string of alphanumeric characters. If an attacker manages to get hold of the recordings of a user speaking out all 256 words or each alphanumeric character, he might be able to mount a successful attack.
Another security mechanism is based on a question-answer model. An example of such is discussed by Yongdong Wu, Feng Bao and Robert H. Deng in a conference paper ‘Secure Human Communications Based On Biometrics Signals’, 20th IFIP International Information Security Conference (SEC 2005), pp. 205-221, Chiba, Japan, May 30-Jun. 1, 2005. This proposal combines a question answer mechanism with the Diffie-Hellman type key exchange such that secure communications can be established without relying on either shared secrets or a Public Key Infrastructure (PKI). In this mechanism, the parties exchange voice samples of a specific challenge/response in the forms of conversational questions/answers such that the challenge is formed by a voice clip of a party asking a question and the response is a voice clip of the responder answering the question.
The security of this scheme depends on the response being generated within a certain timeout, and also that the response containing some fresh information that precludes the use of playing back a pre-recorded response. The paper recommends that the question and response should include the time of day and some topical information like “how was your exam today?” A drawback of this scheme is that it relies on the users to select questions such that the answers contain timely information.