1. Field
The invention relates generally to the field of telecommunications, and more particularly to mechanisms for securing data transmission in a wireless network with a cryptosync.
2. Background
Wireless communication systems are widely deployed to provide various types of communication content such as voice, data, and so on. These systems may be multiple-access systems capable of supporting communication with multiple users by sharing the available system resources (e.g., bandwidth and transmit power). Examples of such multiple-access systems include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, 3GPP Long Term Evolution (LTE) systems, Ultra Mobile Broadband (UMB) systems, and orthogonal frequency division multiple access (OFDMA) systems.
Generally, a wireless multiple-access communication system can simultaneously support communication for multiple wireless terminals. Each terminal communicates with one or more base stations via transmissions on the forward and reverse links. The forward link (or downlink) refers to the communication link from the base stations to the terminals, and the reverse link (or uplink) refers to the communication link from the terminals to the base stations. This communication link may be established via a single-in-single-out, multiple-in-signal-out or a multiple-in-multiple-out (MIMO) system.
A MIMO system employs multiple (NT) transmit antennas and multiple (NR) receive antennas for data transmission. A MIMO channel formed by the NT transmit and NR receive antennas may be decomposed into NS independent channels, which are also referred to as spatial channels, where NS≦min{NT, NR}. Each of the NS independent channels corresponds to a dimension. The MIMO system can provide improved performance (e.g., higher throughput and/or greater reliability) if the additional dimensionalities created by the multiple transmit and receive antennas are utilized.
A MIMO system supports a time division duplex (TDD) and frequency division duplex (FDD) systems. In a TDD system, the forward and reverse link transmissions are on the same frequency region so that the reciprocity principle allows the estimation of the forward link channel from the reverse link channel. This enables the access point to extract transmit beamforming gain on the forward link when multiple antennas are available at the access point.
For some wireless applications, security is not necessary and data may be transmitted without encryption between an access terminal and an access network. However, for certain other applications, it may be necessary for “sensitive” data to be transmitted over the air. Examples of such sensitive data may include personal information, credit card information, account information, and so on. For sensitive data, encryption may be used to provide security for the over-the-air transmission.
Many encryption algorithms are available to encrypt data. For many of these encryption algorithms, a security key is used in conjunction with a “cryptosync” to generate a mask that is then used to encrypt the data. The security key is an important aspect of the encryption process, and various techniques have been devised to exchange and maintain the key in secrecy. However, the security key is typically a static value, and the cryptosync is necessary to modify the security key so that a combined mask of the security key and the cryptosync has a different value each time the key is used. For example, if encryption is to be performed on each packet of data, then the cryptosync may be used to generate a new mask for each data packet based on the same security key. The use of a cryptosync may thwart “replay” attacks or “man-in-the-middle” attacks which attempt to trick the receiver into unauthorized operations such as false identification or authentication based on duplicate transactions.
An important property of the cryptosync is its variability (per encryption attempt), which is characterized by a new cryptosync value being provided each time the security key is used. One technique for generating cryptosync is with a timer that keeps track of time based on some absolute time reference. For this technique, the cryptosync may be set equal to the current time, as provided by the timer, when the cryptosync is needed. To ensure proper generation of the cryptosync, however, the timer needs to have the required resolution, which is determined by the rate at which the security key is used (e.g., the rate of the data packet), so that duplicate time values are not used for the cryptosync. The design of various entities (e.g., the base station controller, the mobile terminal) in the communication system may be impacted by the need to maintain a fine time resolution for the packets.
Another technique for generating cryptosync is with a counter that is incremented each time the security key is used (e.g., for each packet to be encrypted). To ensure that the same cryptosync values are used at both the sender and receiver for a given packet, the counters at these two entities need to be synchronized. Moreover, certain restrictions may be imposed on when the counters may be reset to ensure that duplicate counter values are not used. These requirements may complicate the generation of cryptosync based solely on a counter.
There is therefore a need in the art for a cryptosync design that is variable but avoids the overhead in complexity and size described for prior art cryptosync designs.