Wireless networking is a widely implemented and rapidly growing segment of the modern networking infrastructure. It allows for mobile devices to connect to a network without regard for wiring and other client side infrastructure. Wireless networking can be used in corporate, campus, urban, and rural settings. However, the lack of wiring carries the inherent risk that third parties can monitor the wireless signals and eavesdrop on communications. For both privacy and security reasons, secure wireless communications is a requirement for any feasible wireless communications system. In order to implement secure wireless communications, typically both authentication and encryption is used. Devices wishing to join a wireless network must register to gain access to the network. Presently there is a significant communication overhead that leads to an extended registration time in order to implement secure communications in wireless networks.
Existing security mechanism require a handshaking algorithm between an eNodeB or a controller (SC), and user equipment (UE) or a subscriber station (SS) in order to exchange properly signed certificates and to establish traditional public private key pairs in order to setup AES (Advanced Encryption Standard) symmetrical keys required for secure communications. These handshaking algorithms require a number of steps and due to the size of traditional certificates that have to be exchanged over the wireless network, in many cases this would require multiple wireless packets to be sent. This leads to significant overhead that greatly affects the time required for the initial network attachment process. This issue is most serious in situations when a massive registration event is ongoing where a large number of SS units are coming to the coverage area of the eNodeB or SC and have to perform initial network attachment.
Most public key certificates used today conform to the ITU-T (ITU Telecommunication Standardization Sector) X.509 standard certificates and are based on RSA cryptography. According to FIPS (Federal Information Processing Standards) guidelines, in order to implement a sufficient level of protection when an AES 128 bit key is used for data plane communication, the minimum size of RSA key required to sign certificates must be 1024 bytes. For a 256 bit AES the size of the RSA key must be at least 15 kb. Certificates also contain some additional information about the issuer, expiration date, etc. which further increase increase the certificate size.
In a typical implementation of a security handshaking algorithm, both sides have to exchange security certificates in order to initiate a link. In a 1+N point-to-multipoint networking this effectively leads to a scenario where this process must be repeated N times. For every UE or SS unit that performs an initial network attachment process, the eNodeB or SC has to send its own certificate to the UE or SS and the UE or SS unit has to send its certificate back to the eNodeB or SC.
Certificates generated and used by a eNoveB and SS are usually of the same size. In scenario with one eNodeB and 80 SS using 256 bit AES, 15 Kbyte certificates would be transmitted over the wireless network 160 times.
Certificates are usually exchanged using control channels that are not allocated a large amount of bandwidth capacity since they are normally used for short messages used for wireless links management. The use of control channels for the amount of data required to exchange large certificates over a wireless network results in significant packet fragmentation and a need to send large numbers of wireless packets over the air in order to fully exchange certificates.
Elliptic curve cryptography is another approach to public key cryptography that is based on finding the algebraic structure of elliptic curves over finite fields.