1. Field of the Invention (Technical Field)
The present invention relates to the field of wireless communication network security, more particularly to a dynamic authentication method and system for providing secure authentication amongst wireless communication network nodes.
2. Background Art
The fundamental objective of cryptography is to enable users to communicate securely via an insecure shared data communication channel or system environment, maintaining data integrity, privacy, and user authentication. Over the past century, various cryptography systems have been developed which require a great deal of time to break even with large computational power. However, if an intruder obtains the encryption key, the encryption mechanism, and probably the entire system security, is compromised and a new key is required.
In order to make an encryption system nearly impenetrable to an intruder, two strategies are commonly used: 1) a long encryption key, and/or 2) a complex encryption function. A key of length n bits has a 2n search space. Therefore, for large values of n an intruder needs to spend more than a lifetime to break the cipher. Also, simpler encryption functions provide a less secure encryption system. For instance, an encryption code that applies the logic XOR function is easy to decipher no matter how long the key length is. This is because the XOR operation is performed on one bit of data and its corresponding bit from the encryption key, one bit at a time. The deciphering approach of such simple encryption functions by an intruder is based on the divide-and-conquer mechanism. The intruder first deciphers individual key fragments, which is relatively uncomplicated to accomplish due to the simple linearity of the XOR function, then reconstructs the entire key once all of the individual fragments are obtained. It is more difficult to apply such a divide-and-conquer approach to break the key of a nonlinear exponential encryption function, such as used in the Rivest-Shamir-Adelman (RSA) system.
At present, there are two major cryptography system philosophies: 1) symmetric systems (static or semi-dynamic key), and 2) public key systems (static key). In symmetric systems, e.g., DES, AES, etc., a key is exchanged between the users, the sender and receiver, and is used to encrypt and decrypt the data. There are three major problems with symmetric systems. First, exchanging the key between users introduces a security loophole. In order to alleviate such a problem, the exchanged key is encrypted via a secure public key cryptography system. Second, the use of only one static encryption key makes it easier for an intruder to have an ample amount of time to break the key. This issue is addressed by the use of multiple session keys that are exchanged periodically. Third, and more importantly is the susceptibility to an “insider” attack on the key. This is referred to as the “super user” spying on the “setting duck” static key inside the system, where the time window between exchanging keys might be long enough for a super user, who has a super user privilege, to break in and steal the key.
In the RSA public key cryptography system, a user (U) generates two related keys, one is revealed to the public, deemed the “public” key, to be used to encrypt any data to be sent to U. The second key is private to U, called the “private” key, and is used to decrypt any data received at U, which was encrypted with the corresponding public key. The RSA cryptography system generates large random primes and multiplies them to get the public key. It also uses a complex encryption function such as mod and exponential operations. As a result, this technique is unbreakable in the lifetime of a human being for large keys, e.g., higher than 256 bits, and also eliminates the problem of the insecure exchange of symmetric keys, as in a DES system. However, the huge computational time required by RSA encryption and decryption, in addition to the time required to generate the keys, is not appealing to the Internet user community. Thus, RSA cryptography is mainly used as “one shot” solid protection of the symmetric cryptography key exchange.
In the RSA public key system, if a first user (UA) requests a secure communication with a second user (UB), the latter will generate a pair of encryption keys: public EB and private DB. An internal super user spy (S), with a helper (H) intruding on the communication line externally, can easily generate its own pair of keys, a public ES and private DS, and pass DS and EB to H. Then S can replace the public key EB with its own public key ES. Thus, all data moving from UA to UB will be encrypted using ES instead of EB. Now H can decrypt the cipher text moving between UA and UB using the private key DS, store it, and re-encrypt it using the original EB, in order for UB to receive and decrypt it without any knowledge of the break that occurred in the middle. Such an attack is typically called the “super-user-in-the-middle” attack.
Even though they are secure against outsider attack, both the symmetric and public key cryptography systems are still vulnerable to insider attacks. By obtaining the key at any time of a secure session, an intruder can decipher the entire exchanged data set, past and future. Further, a super user can easily steal a static symmetric key and send it to an outside intruder to sniff and decrypt the cipher text, particularly in the DES and AES systems.
A common way to protect a static encryption key is to save it under a file with restricted access. This restriction is not enough, however, to prevent a person with super-user privilege from accessing the static key in the host file. Even when keys are changed for each communication session, for example in the Diffie-Hufman system, there is a time window enough for the super-user to obtain the semi-static key. In most crypto systems, once the key is found the previous and future communicated data are no longer secure.
Various other attempts have been made to circumvent intrusion by outside users through encryption of communicated data. Examples of such methods include that described in U.S. Pat. No. 6,105,133 to Fielder, et al., entitled, “Bilateral Authentication and Encryption System;” U.S. Pat. No. 6,049,612 also to Fielder, et al., entitled, “File Encryption Method and System;” and U.S. Pat. No. 6,070,198 to Krause, et al., entitled, “Encryption with a Streams-Based Protocol Stack.” While the techniques described in these patents may be useful in preventing unwanted intrusion by outsiders, they are still prone to attack by the super-user-in-the-middle.
Wireless communication networks are also prone to security breaches. The ability to provide mobile communications and broadband media services are two major requirements of modern telecommunication networks. The requirement to allow mobile communication devices, or “supplicants”, to move between access points (APs), or base stations, while maintaining full, mutually-secure authentication makes mobility management one of the critical aspects of wireless communication. The rapid progress in wireless communication systems, personal communication systems, and “smartcard” technologies has brought new opportunities and challenges to be met by engineers and researchers working on the security issues related to new communication technologies.
Public-key cryptography offers robust solutions to many of the existing security problems in communication systems, however, excessive computational demands caused by on-line memory, code size, speed, etc. have made the use of public key cryptography limited, particularly on wireless communication systems. The implementation of public-key cryptography on server and client main platforms rarely causes problems due to the availability of high-speed processors and extensive memory space. However, in restricted hardware environments with limited computational power and small memory, such as in smartcards and mobile telephones, maintaining a secure environment is more challenging. Thus, the integration of public-key cryptographic techniques is often delayed or completely ruled out due to the difficulty of obtaining efficient, reliable solutions.
An industry standard describes the communication that occurs in wireless local area networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. WEP relies on a secret encryption key that is shared between a supplicant such as a laptop personal computer with a wireless card, and an AP. The secret key is used to encrypt data packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points.
WEP uses the RC4 stream cipher encryption algorithm. A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. The sender XORs the key stream with the plaintext to produce ciphertext. The receiver has a copy of the same key, and uses it to generate an identical key stream. By XORing the key stream with the ciphertext, the receiver yields the original plaintext. To ensure that a data packet has not been modified in transit, an Integrity Check (IC) field is included in the packet. To avoid encrypting two ciphertexts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet. The IV is also included in the packet. However, both of these measures are implemented incorrectly, resulting in poor security.
Ineffective WEP security leads to different types of intrusion, or attacks, by outsiders. For example, a passive eavesdropper can intercept all wireless traffic, until an IV collision occurs. By XORing two packets that use the same IV, the attacker obtains the XOR of the two plaintext messages. The resulting XOR can be used to make inferences regarding the contents of the two messages. The Internet Protocol traffic is often very predictable and includes a great deal of redundancy. This redundancy can be used to eliminate many possibilities for the contents of messages. Further educated guesses about the contents of one or both of the messages can be used to statistically narrow the field of possible messages, and in some cases it is possible to determine the exact contents of the message.
Another type of attack is also possible when using the WEP algorithm to secure communications. If an attacker knows the exact plaintext for one encrypted message, the attacker can use this knowledge to construct correct encrypted packets. The procedure involves constructing a new message, calculating the Cyclic Redundancy Check (CRC-32), and performing bit flips on the original encrypted message to change the plaintext to the new message. The basic property is: RC4(X) XOR X XOR Y=RC4(Y). This packet can then be sent to the access point or supplicant where it will be accepted as a valid packet.
Even though the WEP algorithm is part of the standard that describes communication in wireless LANs, the WEP algorithm has failed to protect wireless communication from eavesdropping and unauthorized access to wireless networks. This is primarily due to the fact that it relies on a static secret key shared between a supplicant and the wireless network.
In a first embodiment, the present invention alleviates the problems encountered in prior art communication network security, providing continuous encryption key modification, one key for each data record. New keys are generated from the previous key and data record, and are used to encrypt the subsequent data record. The key lifetime is equal to the time span of record encryption, which is too small for an intruder to break and a super-user to copy. The present invention also reduces computational overhead by breaking the complexity of the encryption function and shifting it over the dynamics of data exchange. Speed is also improved through the use of a simple XOR logic encryption function. A shuffling mechanism based on a dynamic permutation table, which is generated from the current session key, is coupled with the XOR logic operation, to strengthen the encryption function. The present invention also alleviates the “super-user-in-the-middle” attack. An intruder must obtain an entire set of keys, at the right moment, without being noticed, in order to decrypt the entire ciphered message. Encryption is fully automated and all parties, the source user, destination user, and central authority, are clock-free synchronized, and securely authenticated, at all times. The dynamic key encryption system of the present invention is deployable at any level of a system, as there is complete synchronization between parties.
In a second embodiment, the present invention utilizes the continuous authentication mechanism of the first embodiment to implement secure and dynamic authentication between wireless communication network nodes.