The invention relates generally to wireless telephone cryptography. More particularly, the invention relates to an improved security self-inverting cryptosystem for rapid and secure encryption in a wireless telephone system.
Wireless telephony uses messaging for several purposes including, for example, conveying status information, reconfiguring operating modes, handling call termination, and conveying system and user data such as a subscriber""s electronic serial number and telephone number, as well as conversations and other data transmitted by the user. Unlike ordinary wire telephony, in which a central serving station is connected to each subscriber by wire, thus ensuring a fair degree of protection from eavesdropping and tampering by an unauthorized party (attacker), wireless telephone serving stations (i.e., base stations) must transmit and receive messages via signals over the air, regardless of the physical location of the subscribers.
Because the base station must be able to send and receive messages to and from a subscriber anywhere, the messaging process is wholly dependent on signals received from and sent to the subscriber equipment. Because the signals are transmitted over the air, they can be intercepted by an eavesdropper or interloper with the right equipment.
If a signal is transmitted by a wireless telephone in plaintext, a danger exists that an eavesdropper will intercept the signal and use it to impersonate a subscriber, or to intercept private data transmitted by the user. Such private data may include the content of conversations. Private data may also include non-voice data transmitted by the user such as, for example, computer data transmitted over a modem connected to the wireless telephone, and may also include bank account or other private user information transmitted typically by means of keypresses. An eavesdropper listening to a conversation or intercepting non-voice data may obtain private information from the user. The message content of an unencrypted telephone signal (i.e., plaintext signal) is relatively easily intercepted by a suitably adapted receiver.
Alternatively, an interloper can interject himself into an established connection by using a greater transmitting power, sending signals to the base station, and impersonating a party to the conversation.
In the absence of applying cryptography to messages being transmitted by wireless signals, unauthorized use of telephone resources, eavesdropping of messages, and impersonation of called or calling parties during a conversation are possible. Such unauthorized interloping and/or eavesdropping has in fact proven to be a grave problem and is highly undesirable.
One cryptographic system for wireless telephony is disclosed in Reeds U.S. Pat. No. 5,159,634 (xe2x80x9cReedsxe2x80x9d), incorporated herein by reference. Reeds describes a cryptographic process known as the CMEA (xe2x80x9cCellular Message Encryption Algorithmxe2x80x9d) process. Central to the operation of the CMEA is the tbox function, which is a one to one mapping of one octet to another, using a known table and a secret key. Beginning with an initial index, key material is combined with table material and the octet to be mapped in multiple iterations to generate the mapping. The tbox function can be implemented either as a function call or as a static memory-resident table. The table""s purpose, when implemented as in the latter case, is to allow significant speed-up of encryption for a given security level.
A modification exists which adds security to the CMEA encryption system; this system is disclosed in our patent application Ser. No. 09/059,107, entitled xe2x80x9cMethods and Apparatus for Multiple-Iteration CMEA Encryption and Decryption for Improved Security for Cellular Telephone Messagesxe2x80x9d filed on Apr. 13, 1998, and incorporated herein by reference. However, the encryption system of the aforementioned application is not self-inverting. It is therefore necessary to determine whether a message needs to be encrypted or decrypted. This requirement adds additional complexity to the system.
There exists, therefore, a need in the art for a secure encryption process which can be implemented to operate quickly and efficiently on a small computer such as is commonly used in a mobile wireless transceiver, and which is self-inverting, able to encrypt plaintext or decrypt ciphertext by applying the same steps in the same order.
According to an aspect of the present invention, an unprocessed text message is introduced. The unprocessed text message is subjected to a first input/output transformation to produce a first transformed message. The first transformed message is subjected to a first iteration of the CMEA process, using a first CMEA key, to produce a first intermediate message, a first intermediate processed text message, a first intermediate ciphertext message or the like. The first intermediate processed text message is subjected to a second input/output transformation to produce a second transformed message. The second transformed message is subjected to a second iteration of the CMEA process, using a second CMEA key, to produce a second intermediate processed text message. The second intermediate processed text message is subjected to a third input/output transformation to produce a third transformed message. The third transformed message is subjected to a third iteration of the CMEA process, using the first CMEA key, to produce a third intermediate processed text message. The third intermediate processed text message is then subjected to a fourth input/output transformation to produce a fourth transformed message, which is the final processed text. According to another aspect of the present invention, the multiple iterations of the CMEA process are performed with keying described as above, but without the input/output transformations preceding and following iterations of the CMEA process.
An apparatus according to the present invention generates text and supplies it to an input/output (I/O) interface which supplies the text to an encryption/decryption processor, which in turn encrypts the text and supplies it to a transceiver for transmission. When the apparatus receives a transmission via the transceiver, the text is supplied to the encryption/decryption processor which decrypts; the text and supplies it to the I/O processor for routing to its destination.
A more complete understanding of the present invention, as well as further features and advantages of the invention, will be apparent from the following Detailed Description and the accompanying drawings.