The present invention relates to a method for generating a secret such as a secret cryptographic key in a network, in particular, for generating a shared secret key in two members of the network. Point-to-point connections are also usually considered networks and are treated as such here. The two members communicate via a jointly used transmission medium. Logical bit sequences (or in more general terms: value sequences) are physically transmitted by appropriate transmission methods as signals or signal sequences. The underlying communication system may be a CAN bus, for example, which provides for a transmission of dominant and recessive bits or corresponding dominant and recessive signals, a dominant signal or bit of a member of the network prevailing against recessive signals or bits. A state corresponding to the recessive signal is established in a transmission medium only if all participating members provide a recessive signal for transmission or when all simultaneously transmitting members transmit a recessive signal level.
In an increasingly networked world, secure communication between different devices is becoming increasingly important and in many areas of application represents an important precondition for acceptance and thus also for the economic success of the corresponding applications. Depending on the application, this includes different protection objectives such as, for example, the observance of confidentiality of the data to be transmitted, the mutual authentication of the participating nodes, or the safeguarding of data integrity.
To achieve these protection objectives, suitable cryptographic methods are normally used; these may be generally divided into two categories: on the one hand, symmetric methods, in which sender and receiver have the same cryptographic key; on the other hand, asymmetric methods, in which the sender encrypts the data to be transmitted using a public key of the receiver (i.e., one that is also possibly known to a potential attacker), but decoding may take place only by using the respective private key, which, ideally, is known only to the receiver.
Asymmetric methods have, among others, the disadvantage that they generally feature a very high computing complexity. Therefore, they are only suitable for resource-limited nodes such as, for example, sensors, actuators, and the like, which have a relatively low computing power and a small memory, only under certain conditions, and must operate energy-efficiently, for example, due to battery operation or the use of energy harvesting. In addition, often only a limited bandwidth is available for data transmission, which makes the exchange of asymmetric keys having a length of 2048 bits or more even more unattractive.
In contrast, in symmetric methods it must be ensured that both sender and receiver have the same key. The corresponding key management represents generally a highly challenging task. In the area of wireless communication, keys are introduced into a cell phone with the aid of SIM cards, and the corresponding network may then assign the unique ID of a SIM card to the corresponding key. In the case of wireless LANs, in contrast, the key to be used is input manually (generally by entering a password) when the network is set up. Such a key management, however, quickly becomes complex and impractical in the case of a very high number of nodes, for example, in a sensor network or in other machine-to-machine communication systems, for example, also in CAN-based vehicle networks. In addition, a modification of the keys to be used is often possible only with extreme complexity or not at all.
Methods for protecting sensor data against manipulation and ensuring transaction authentication, for example, in a motor vehicle network, with the help of common encryption methods are described, for example, in German Patent Application Nos. DE 102009002396 A1 and DE 102009045133 A1.
In addition, for some time now other approaches, referred to as “Physical Layer Security,” have been researched and developed, with the help of which keys for symmetric methods may be generated automatically on the basis of physical properties of the transmission channels between the nodes involved. In this case, the reciprocity and the inherent randomness of these transmission channels are made use of. However, in particular, in wire-bound or optical systems, this approach is often applicable only conditionally, since the corresponding channels usually have a very limited time variability, and an attacker may make a relatively good guess about the channel parameters between sender and receiver, for example, by building a model.