Conventionally, in many radio communication systems, when transmission/reception of important data is performed between radio communication apparatuses (hereinafter referred to as “data communication”), authentication is performed to check whether a communicating party is an authentic communicating party.
Authentication between radio communication apparatuses is based on a procedure comprising two steps: authentication communication and authentication processing. Authentication communication is communication in which authentication information including radio communication apparatus identification information such as an apparatus ID (identifier) or password is transmitted and received in order to perform authentication of a communicating party. Authentication processing is processing that confirms the validity of a communicating party (whether or not that communicating party is an authentic communicating party) by verifying authentication information received from that communicating party by means of authentication communication.
A radio communication apparatus starts data communication with a communicating party only if that communicating party has been able to be confirmed to be authentic. By this means, data communication with a non-authentic communicating party can be prevented, and leakage of information to a third party can be prevented.
Two points need to be confirmed in order to confirm the validity of a communicating party.
The first point is whether or not the contents of received authentication information were created by an authentic radio communication apparatus. Generally, electronic signature or electronic authentication technology is widely used in confirmation of this point.
The second point is whether or not received authentication information was created by the communicating party currently performing authentication communication—that is to say, whether or not received authentication information is a result of execution of illegal interception by a third party of authentication information transmitted by an authentic radio communication apparatus, and retransmission of that authentication information by that third party. Such an act of impersonation by retransmitting illegally intercepted authentication information is generally referred to as a “replay attack.”
Generally, challenge/response authentication is widely used in confirmation of the second point. Challenge/response authentication is a technology whereby information sent by means of a replay attack is rejected by using a random value whose value differs on a time-by-time basis.
In this technology, first, one radio communication apparatus selects a value randomly, for example, and transmits the selected value to a radio communication apparatus that is an authentic communication destination. The radio communication apparatus that receives the random value adds a signature to the received random value using confidential information shared in advance, and returns this included in authentication information.
The radio communication apparatus that receives authentication information confirms the validity of the signature, and also confirms whether or not the random value included in the authentication information and the transmitted random value match. The radio communication apparatus then determines that the transmitter of the received authentication information is an authentic communicating party only if these values match. By this means, a radio communication apparatus can reject a replay attack.
Challenge/response authentication requires transmission time in order to transmit a random value. On the other hand, when, for example, an unspecified multitude of radio communication apparatuses that pass through a radio communication area of a certain radio base station each perform authentication on a radio communication apparatus, it is desirable for the authentication processing of each to be performed in as short a time as possible.
Thus, a technology that shortens the authentication processing of each radio communication apparatus in a time division multiple access system (hereinafter referred to as “TDMA system”) radio communication system is described in Patent Literature 1, for example. Below, for convenience of explanation, a radio communication apparatus that performs authentication is referred to as a “radio terminal apparatus,” and a radio communication apparatus that is authenticated is referred to as a “radio base station apparatus.” Also, authentication used by a communication terminal apparatus to verify that a communicating party is an authentic radio base station apparatus is referred to as “base station authentication.”
FIG. 1 is a schematic diagram for explaining a TDMA system.
As shown in FIG. 1, in a TDMA system, channels on radio waves of the same frequency undergo time division according to a concept referred to as a fixed-length frame, and each frame is further divided according to a concept referred to as a fixed-length time slot.
Time slots are randomly allocated to plurality of radio terminal apparatuses 304 through 30-3 each time authentication communication is started. Each radio terminal apparatus 30 performs communication with radio base station apparatus 20 using an allocated time slot. By this means, a TDMA system prevents the occurrence of radio wave interference among plurality of radio terminal apparatuses 30-1 through 30-3, and makes one-to-many individual communication possible.
Each frame and each time slot is identified by a number assigned to each. A frame number and time slot number change with time. A value combining a frame number and time slot number is a value that differs on a time-by-time basis. Time slot number selection is performed randomly. Therefore, a value combining a frame number and time slot number has randomness.
Thus, the technology described in Patent Literature 1 uses this combined value as a random value in challenge/response authentication.
FIG. 2 is a sequence diagram showing the overall operation of a radio communication system that uses a time slot number as a random value.
As shown in FIG. 2, first, for example, first radio terminal apparatus 30-1 transmits an authentication request to radio base station apparatus 20, using a time slot with time slot number N of a frame with frame number M (S41). Then radio base station apparatus 20 generates authentication data from values M and N, using a shared function shared by first radio terminal apparatus 30-1 in advance (S42), and transmits the generated authentication data to first radio terminal apparatus 30-1 (S43). In a similar way, first radio terminal apparatus 30-1 generates authentication data from values M and N, using a shared function shared by first radio terminal apparatus 30-1 in advance, and confirms whether or not the generated authentication data and authentication data received from the radio base station apparatus match (S44). If the two data match, first radio terminal apparatus 30-1 starts data communication with radio base station apparatus 20 (S45). Then, for example, second radio terminal apparatus 30-2 transmits an authentication request in a similar way in a time slot with the next time slot number, N+1.
Thus, the technology described in Patent Literature 1 does not require separate transmission of a random value, and enables base station authentication to be performed in a shorter time.