KR100713370B1 - Security Method of Unmanned Security System Using Wireless Sensor Network - Google Patents

Abstract

The present invention relates to a security method of an unmanned security system using a wireless sensor network, and has a single key to execute the block cipher, and can safely handle the message without being limited to the message length, and the efficiency of the CBC MAC The purpose of the present invention is to provide a security method of an unmanned security system using a wireless sensor network to implement the same performance in terms of security.

The present invention provides a sensor node which is a wireless sensor for generating various intrusion signals; Unmanned security using a wireless sensor network consisting of a base station, which is a user terminal for wireless communication with the sensor node, and a remote control room that receives an intrusion signal using wired remote communication from the base station and generates an outgoing signal for security personnel. A system comprising: a key setting step of generating a single encryption key for encryption, a kit value for generating a MAC value, and a random kit value based on a master key previously divided with the sensor node and the base station; Performing encryption and decryption by repeatedly performing an encryption routine using 'E (En_Key, Counter) P} = C in a counter mode in a single encryption key generated in the key setting step; Generating the original key-message authentication code (OMAC) for the encrypted message using a single message authentication code (MAC) generated key generated in the encryption / decryption step, a single block regardless of the length of the message The block cipher can be executed by using an encryption key.

According to the present invention, the use of only one block cipher key is efficient and is not limited by the length of the message, so it is very secure and provides data confidentiality, data authentication between two ends, integrity and freshness of data. have.

Description

Security method of unmanned security system using wireless sensor network {ENCRYPTION METHOD OF A MANLESS SECURE SYSTEM OVER WIRELESS SENSOR NETWORK}

1 is a schematic diagram schematically showing an unmanned security system using a wireless sensor network according to a conventional embodiment,

2 is a diagram illustrating a key generation mechanism in an unmanned security system using a wireless sensor network according to a conventional embodiment;

3 is a diagram illustrating a MAC generation mechanism of SNEP in an unmanned security system using a wireless sensor network according to a conventional embodiment;

4 is a view illustrating a mechanism of an XCBC in an unmanned security system using a wireless sensor network according to another embodiment of the prior art;

5 is a diagram illustrating a mechanism of OMAC1 in an unmanned security system using a wireless sensor network according to an embodiment of the present invention.

The present invention relates to a security method of an unmanned security system using a wireless sensor network, more specifically, having a single key in order to execute the block cipher, it is possible to safely handle the message without being limited to the message length, CBC The present invention relates to a security method of an unmanned security system using a wireless sensor network that enables the same performance in terms of efficiency and security of MAC.

As is well known, due to the recent development of information and communication technology, the development of information providing technology that provides real-time information to various subscribers through at least one host server through a remote data communication network is actively underway.

Based on this, in recent years, information selection technology and compression technology are being developed to more easily access peripheral technologies such as cache memory expansion technology to provide accurate information to subscribers more quickly and subscribers' tastes and preferences. It is also accelerating the development of various contents and its solutions.

Ubiquitous Computing is a new concept IT paradigm, proposed by Mark Weiser of the Xerox Palo Alto Institute in 1988. The Ubiquitous Sensor Network (USN), one of these ubiquitous computing technologies, said, "Any tags are attached to all necessary objects and the surrounding environment information (temperature, humidity, pressure, pollution) is based on the recognition information of the objects. And cracks) to connect to the network in real time so that the relevant information can be managed from a remote server.

The sensor network is expected to be used in various fields such as telematics, home network, emergency response, medical, and inventory management. Such a sensor network can be applied and used in a security system. When the sensor network is combined with a security system, an unmanned security can be performed more smoothly, thereby establishing an economical and efficient security system.

However, in order to build a security system using such an unmanned sensor, the security of data must be high, and thus, there is a need to build a more secure wireless sensor network using the SNEP (Secure Network Encryption Protocol).

However, there is a problem that the CBC MAC used for the Secure Network Encryption Protocol (SNEP) is not secure unless the length of the message is fixed.

In more detail, when describing the unmanned security system using the wireless sensor, such an unmanned security system installs a plurality of sensors in a security-vulnerable area, collects the alarm information collected from the sensors in a single user terminal, The system converts the electric signal and transmits it to the remote control room server so that the guard can order the dispatch.

The unmanned security system using such a wireless sensor is not connected to the plurality of sensors and the user terminal by the cable laying method, so there is no problem of impairing the aesthetics when laying the cable, and economical.

Such a network is a kind of distributed sensor network, which is composed of a base station with a strong computing power and a plurality of low capacity nodes called sensors. In addition, these multiple nodes provide authentication, integrity to verify that messages sent from nodes to a base station in a battlefield or anti-terrorism environment and various worst-case environments have been received from legitimate senders, or that the messages have not been altered in transit. And the ability to provide security services such as confidentiality.

In addition, the radio wave identification is further exposed to the following threats.

1) Stolen or lost sensor node.

2) Exposing communication information between nodes: Communication messages are in plain text, forgery of messages is possible, and ID and location information of nodes are exposed.

3) Forgery information transmission by sensor node: If the illegal sensor node sends information to the base station by forging the information, the control room may be sent through fake information or it may be recognized as a safe message and not sent. Techniques for authenticating and detecting forged information sent by the NSC should be devised.

In addition, the system was exposed to various attacks such as illegal node installation, denial of service (DoS), battery exhaustion, IP spoofing, Trojan horse, and worm virus.

Therefore, in order to solve this problem, when providing a security protocol in a limited environment by using a secure network encryption protocol (SNEP) using a symmetric encryption method, it minimizes the overhead of resources.

In unicast communication, such as communication from a sensor node to a base station, since the sender and receiver are relatively clear, a secret is shared between two communicating parties, and a message authentication code (MAC) calculated by a shared key is added to each packet. Sufficient security was possible.

The SNEP (Secure Network Encryption Protocol) is classified into a key setting step, an encryption step, and a MAC generation step. First, the key setting step generally uses a RC5 symmetric key encryption algorithm to derive kit values for various purposes. The master key is previously divided between the base station and the sensor node, and generates an encryption key for performing encryption based on the master key, a kit value for generating a MAC value, a random key value, and the like.

The encryption step is a structure in which the encryption key generated in the previous step is encrypted in a counter mode and connected in a chain. Encrypt and decrypt by repeating the encryption routine using E (En_Key, Counter) P} = C.

The MAC generation step generates a message authentication code for the message encrypted in the CBC mode as shown in Figure 3 using the message authentication code (MAC) generation key.

The Secure Network Encryption Protocol (SNEP) can guarantee the following data authentication and confidentiality.

First, when only data authentication is guaranteed, data A and a message authentication code MAC (K _MAC , C | D) are transmitted from the node A to the base station B.

A ?? B: (D), MAC (K _MAC , C | D)

(However, D is data, C is counter, and K _MAC key is extracted from master key.)

2) When data authentication and confidentiality are guaranteed, node A transmits encrypted data E = {D} (K _encr , c) from base station B to the base station B and a message authentication code thereof with MAC (K _MAC , C | E). To provide data authentication and confidentiality.

(However, D is data, K _encr is encryption key, Counter C is initial vector value, K _encr key and K _MAC key are extracted from master secret key K.)

Thus, the complete message sent by Node A to Base Station B is as follows.

A ?? B: {D}, (K _encr ), MAC (K _MAC , C | {D} (K _encr , c))

3) In order to provide strong freshness using Monce, the entire protocol of SNEP that Node B responds to and provides strong freshness to Node A questions with random numbers is as follows.

A ?? B: N _a , R _a

B ?? A: {R _b } (K _encr , c), MAC (K _MAC , N _b | C | {R _b } (K _encr , c))

(N _a is randomly generated with A's random number, R _a is A's question, R _b is B's response.) If the MAC is correctly verified, after node A sends its own question, Node B acknowledges that it has produced a response and strong freshness is guaranteed.

Therefore, the Secure Network Encryption Protocol (SNEP) implemented in this way provides data confidentiality through encryption during data exchange, and extracts plaintext from encrypted messages even if an attacker knows a pair of plaintext-passwords encrypted with the same key. Can't. In addition, the message authentication code (MAC) can be used to provide data authentication and integrity between the two ends.

In addition, the Secure Network Encryption Protocol (SNEP) includes counter values in the MAC to prevent replay attacks by attackers. In addition, after each block, the count is incremented by one, so that the count can be transmitted without including the message, thereby providing low communication load and confidentiality.

The generation algorithm of the CBC-MAC is described below. CBC-MAC is the best known and simplest algorithm for generating MAC using block cipher E.

Message authentication is one of the most important and widely used cryptographic tools, because it allows a communicating party with a secret key to verify that a received message was sent from the other party claiming to have sent the message. This is often accomplished using a MAC (message authentication code).

The calculation of the message x to be authenticated with the private key a is abbreviated MAC _a (x).

The sender sends (x, MAC _a (x)), and if the receiver receiving (x ', ??') proves that ?? '= MAC _a (x'), authentication is complete. The most commonly used MAC uses "Cipher Block Chaining" as the basis of block ciphers.

However, since the CBC MAC is not secure unless the length of the message is fixed, various techniques have been required in which the CBC MAC is slightly modified to be used when the message length is changed. Such techniques include EMAC, XCBC and TMAC.

First, EMAC (encrypted MAC) is proposed, which is obtained by encrypting the CBC MAC (CBC _k (M)) once again with E with a new key K ₂ . That is, EMAC _{k1, k2} (M) = E k ₂ (CBC _k1 (M)). (Where M is the message, K1 is the key of the CBC MAC, and CBC _k1 (M) is the CBC MAC value).

Petrant and Rackoff proved that EMAC is safe if the length of the message is n multiples. However, n is the block length of the block code E. However, EMAC has a problem that the block cipher E requires two keys and is inefficient.

For messages of arbitrary length, a minimum of 10 ^I must be added to message M in order for the length of the message to be a multiple of n. However, in this method, if the message size is a multiple of n, it is inefficient because one additional block 10 ^n-1 of the rule must be added, which wastes one block cryptographic execution.

Next, Black and Rogaway proposed a method called XCBC to solve the above problem, which XCBC has three keys. That is, it has one block cipher key K ₁ and two bit keys k ₂ and k ₃ .

XCBC does not add 10 ^n-1 if the message size is a multiple of n, but at least 10 ^I must be added if it is not a multiple of n. To distinguish between them, we perform XOR with k ₂ and k ₃ before encrypting the last block. A diagram illustrating this XCBC is shown in FIG. 4.

1) If m> 0, if | M | = mn, the XCBC computes the same as the CBC MAC, except that it XORs with a key k ₂ , one n bits before encrypting the last block.

2) If | M | = mn, add 10 ^I padding (i = n-1- | M | mod n), and XCBC does not want to XOR with another n bits, key k ₃ , before encrypting the last block. Except for counting padded messages as CBC MAC. However, the disadvantage of this XCBC is that it requires three keys that are a total of (k + 2n) bits.

Kurosawa and Iwata proposed two-key k1 and two-key CBC MAC (TMAC) requiring k2. TMAC has two keys totaling (k + n) bits. That is, it has a block cipher key k ₁ and one n-bit key k ₂ , but TMAC is obtained from XCBC by replacing (k ₂ , k ₃ ) with (k _{2 * u} , k ₂ ). (Where u is some non-zero constant and "*" represents multiplication on GF (2 ⁿ ))

However, this method of Two-Key CBC MAC (TMAC) also has a problem of being inefficient because two keys are required to execute the block cipher.

The present invention has been made in view of the above-described circumstances of the prior art, and has a single key to execute a block cipher, and can safely handle the message without being limited to the message length, and the efficiency and security aspects of the CBC MAC. The purpose of the present invention is to provide a security method of an unmanned security system using a wireless sensor network to implement the same performance.

In order to achieve the above object, in accordance with a preferred embodiment of the present invention a sensor node which is a wireless sensor for generating various intrusion signals; Unmanned security using a wireless sensor network consisting of a base station, which is a user terminal for wireless communication with the sensor node, and a remote control room that receives an intrusion signal using wired remote communication from the base station and generates an outgoing signal for security personnel. A system comprising: a key setting step of generating a single encryption key for encryption, a kit value for generating a MAC value, and a random kit value based on a master key previously divided with the sensor node and the base station; Performing encryption and decryption by repeatedly performing an encryption routine using 'E (En_Key, Counter) P} = C in a counter mode in a single encryption key generated in the key setting step; Generating the original key-message authentication code (OMAC) for the encrypted message using a single message authentication code (MAC) generated key generated in the encryption / decryption step, a single block regardless of the length of the message Provided is a security method for an unmanned security system using a wireless sensor network, characterized in that block encryption can be executed using an encryption key.

Preferably, the generating of the one-key authentication code (OMAC) comprises: a first step of dividing an input message into blocks of an initial size of a block cipher; A second step of concatenating a first key (K ₁ ) and a second key (K ₂ ), which are the same block encryption keys, respectively, before and after the divided message block; And extracting a sequence of keys equal to the block size by using the first block as an initial value of the stream cipher from the contiguous blocks, and then XORing the result with the second block and using the initial value of the block cipher again to obtain the same size as the block cipher. There is provided a security method of an unmanned security system using a wireless sensor network, which comprises a third step of extracting a key body of water, and proceeding this process for all blocks to set the key sequence for the final block to an OMAC value.

Preferably, if only authentication of the data is to be guaranteed, from node A to base station B, the data D and the message authentication code MAC _OMAC (K _OMAC , C | D), where D is data and C is a counter, _{The OMAC} key is extracted from the master key.) Is provided a security method of an unmanned security system using a wireless sensor network.

Preferably, if data authentication and confidentiality are to be ensured, the data E = {D} (K _encr , c) encrypted from Node A to Base Station B and the message authentication code for it are MAC _OMAC (K _OMAC , C | E). (Where D is data, K _encr is encryption key, counter C is initial vector value, K _encr key and K _OMAC key are extracted from master secret key K). A security method for an unmanned security system using a sensor network is provided.

Preferably, when a strong freshness of Nonce is required, the entire protocol of SNEP, where Node B responds to provide a strong freshness to node A's question with random numbers,

A ?? B: N _a , R _a

B ?? A: {R _b } (K _encr , c), MAC _OMAC (K _OMAC , N _b | C | {R _b } (K _encr , c))

(However, N _a is randomly generated with a random number of A, R _a is a question of A, R _b is a response of B.) A security method for an unmanned security system using a wireless sensor network is provided. .

EMBODIMENT OF THE INVENTION Hereinafter, this invention is demonstrated in detail with reference to drawings.

The security method of the unmanned security system using the wireless sensor network according to an embodiment of the present invention can safely handle the message without being limited to the message length of the message using a single key, and the same in terms of efficiency and security of the CBC MAC. One way to achieve this is to name it OMAC-SNEP (One-key CBC MAC for Secure Network Encryption Protocol).

In the security method of the unmanned security system using the wireless sensor network according to an embodiment of the present invention OMAC has a single key, which is the key K of the block cipher E.

That is, since OMAC in the security method of the unmanned security system using the wireless sensor network according to the embodiment of the present invention is also based on the block cipher, the block cipher must use a key K of k bits, The length of the key, which is k bits, is the smallest number of bits. The number of bits of this OMAC and a comparison table between XCBC and TMAC are shown in Table 1.

TABLE 1

XCBC TMAC OMAC Key length (k + 2n) bits (k + n) bits k bits

OMAC collectively refers to OMAC1 and OMAC2, and OMAC1 is obtained from XCBC by replacing (k ₂ , k ₃ ) with (L * u, L * u ² ). (Where u is some non-zero constant in GF (2 ⁿ ) and L is L = E _k (0 ⁿ ).

OMAC2 is similarly obtained using (L * u, L * u ^-1 ), and L * u and L * u ^-1 and L * u ² = (L * u) * u can be easily calculated. In other words, L can be shifted once and L * u can be made by conditional XOR, and L and L * u can be displaced once and L * u ^-1 and L * through conditional XOR. We can easily calculate u ² = (L * u) * u.

That is, in the first step, the message to generate the MAC is divided by the size of the initial size of the stream cipher. At this time, the rest of the last block is padded according to a predetermined rule. The method of padding does not affect the safety of the present invention and is therefore appropriate for the environment of the system. If the number of generated message blocks is k, then each message block is M ₁ , M ₂ ,... Let's say M _k .

The second step is to concatenate the keys k ₁ and k ₂ back and forth to the message block. The size of the key used at this time is a factor that determines the safety of the present invention. Therefore, unless it is a special case, each should be 80 bits or more. Also, the keys k ₁ and k ₂ used at this time use the same original key. The block thus created is now k ₁ , M ₁ , M ₂ ,. Let's say M _k , k ₂ .

The third step is obtained by using (L * u, L * u ^-1 ), the output of using stream M as the initial value of L * u and L * u ^-1 and L * u ² = ( L * u) * u can be easily calculated. In other words, L can be shifted once and L * u can be made by conditional XOR, and L and L * u can be displaced once and L * u ^-1 and L * through conditional XOR. It is easy to calculate u ² = (L * u) * u.

This displacement process and the calculation process is shown in FIG.

5 is a diagram of OMAC1. (However, L = Ek (0 ⁿ ), and OMAC is obtained by replacing L * u ² with L * u ^-1 .)

If m> 0, then | M | = mn, OMAC calculates the same as CBC MAC except that XOR L * u before encrypting the last block.

If | M | = mn is not, 10i padding (i = n-1 | M | mod n) is appended to M. OMAC computes the padded message the same as CBC MAC except for XORing L * u ² (or L * u- ¹ in the case of OMAC2) before encrypting the last block.

In TMAC, K ₂ is part of the key, while in OMAC, L is not part of the key and is produced from K. Nevertheless, OMAC is as secure as XCBC. In addition, OMAC has all the features of XCBC or TMAC. That is, the area of OMAC is {0.1}, and OMAC executes only one key and a maximum of {1, ???? M | / n ????} block ciphers for block ciphers.

OMAC-SNEP, which is an execution protocol of a security method of an unmanned security system using a wireless sensor network according to an embodiment of the present invention, is similar to SNEP, but since a CBC-MAC is completely different from OMAC, a single block encryption key is used. Data can be authenticated and confidentiality maintained.

The OMAC-SNEP, which is an execution protocol of the security method of the unmanned security system using the wireless sensor network according to the embodiment of the present invention, is as follows.

1) If only data authentication is guaranteed, node A transmits data D and a message authentication code, MAC _OMAC (K _OMAC , C | D), to base station B.

A ?? B: (D), MAC _OMAC (K _OMAC , C | D)

(However, D is data, C is counter, and K _OMAC key is extracted from master key.)

2) When data authentication and confidentiality are guaranteed, MAC _OMAC (K _OMAC , C | E) is used as the encrypted data E = {D} (K _encr , c) from node A to base station B and the message authentication code thereof. Transmit and provide data authentication and confidentiality.

(However, D is data, K _encr is encryption key, counter C is initial vector, K _encr key and K _OMAC key are extracted from master secret key K.)

Thus, the complete message sent by Node A to Base Station B is as follows.

A ?? B: {D}, (K _encr ), MAC _OMAC (K _OMAC , C | {D} (K _encr , c))

3) In order to provide strong freshness using Monce, the entire protocol of SNEP that Node B responds to and provides strong freshness to Node A questions with random numbers is as follows.

A ?? B: N _a , R _a

B ?? A: {R _b } (K _encr , c), MAC _OMAC (K _OMAC , N _b | C | {R _b } (K _encr , c))

(N _a is randomly generated with A's random number, R _a is A's question, R _b is B's response.) If the MAC is correctly verified, after node A sends its own question, Node B acknowledges that it has produced a response and strong freshness is guaranteed.

The performance of OMAC-SNEP, which is an execution protocol of the security method of the unmanned security system using the wireless sensor network according to the embodiment of the present invention, is analyzed in terms of security and efficiency.

For security, a table comparing XCBC and OMAC for TMAC is shown in Table 2. Here, Adv _F ^mnc (t, q, nm) is the maximum forgery probability, and Adv _E ^prp (t ', q', nm ') is the maximum discrimination probability that distinguishes between block cipher E and sporadic selected permutations. Where F is XCBC, TMAC, and OMAC, prp is a permutation, E is a block cipher, and a maximum (mac) is all enemies that run for t 'hours and ask only q' questions, and M is a tag. Indicates the length.

[표 2] 보안성 비교표

[Table 2] Security Comparison Table

Looking at the table, since OMAC, TMAC, and XCBC prove that they are as secure as EMAC, OMAC, TMAC, XCBC, and EMAC are virtually insignificant in terms of security.

Hereinafter, OMAC-SNEP, which is an execution protocol of a security method of an unmanned security system using a wireless sensor network according to an embodiment of the present invention, will be prepared in terms of efficiency with other methods.

The comparison of the efficiency is shown in Table 3.

[Table 3] Efficiency Comparison Table

Here, "Domain" represents the input area, "K len" represents the key length, "#K sche" represents the number of block cipher key scheduling, and "#M" represents the number of messages that the sender has macMAC. "#E invo" indicates the number of block cipher invocations for producing the tag of the message M (where | M |> O).

"#E pre." Represents the number of block cipher executions performed during the preprocessing time. "+ Kst" means that key separation technology is used, but OMAC does not require key separation technology. For these key lengths fit into their own form.

As a result of comparing them using Table 3, RMAC, EMAC, XCBC, TMAC, OMAC, etc. are not all perfect in terms of efficiency. However, you should choose your own skills to get the results that are right for you.

However, according to Table 3, OMAC shows the best performance in key length, key scheduling count, and block cipher execution count. At this time, only OMAC executes only one block cipher in the preprocessing process, and the block cipher is executed at non-periodically, so it is executed aperiodically compared to MAC production.

In addition, the OMAC completely eliminates the use of the key separation technology, thereby fundamentally blocking errors that may occur in the key separation technology, thereby having a high economical aspect according to the key setting cost.

On the other hand, the security method of the unmanned security system using a wireless sensor network according to an embodiment of the present invention is not limited to the above embodiments, but various modifications can be made without departing from the technical gist of the invention.

As described above, the security method of the unmanned security system using the wireless sensor network according to the present invention is efficient using only one block encryption key and is not limited by the length of the message, so it is very secure and the data confidentiality, data between both ends. It has the advantage of providing authentication, integrity and freshness of data.

Claims (5)

A sensor node which is a wireless sensor for generating various intrusion signals; Unmanned security using a wireless sensor network consisting of a base station, which is a user terminal for wireless communication with the sensor node, and a remote control room that receives an intrusion signal using wired remote communication from the base station and generates an outgoing signal for security personnel. A method of configuring a MAC for data integrity in a system, A key setting step of generating a single encryption key for encryption, a kit value for generating a MAC value, and a random kit value based on a master key previously divided with the sensor node and the base station; Performing encryption and decryption by repeatedly performing an encryption routine using 'E (En_Key, Counter) P} = C in a counter mode in a single encryption key generated in the key setting step; Generating the original key-message authentication code (OMAC) for the encrypted message using a single message authentication code (MAC) generated key generated in the encryption / decryption step, a single block regardless of the length of the message A security method for an unmanned security system using a wireless sensor network, characterized in that to enable the block cipher using the encryption key. The method of claim 1, wherein generating the one-key authentication message (OMAC) comprises: a first step of dividing an input message into blocks of an initial size of a block cipher; A second step of concatenating a first key (K ₁ ) and a second key (K ₂ ), which are the same block encryption keys, respectively, before and after the divided message block; And extracting a sequence of keys equal to the block size by using the first block as an initial value of the stream cipher from the contiguous blocks, and then XORing the result with the second block and using the initial value of the block cipher again to obtain the same size as the block cipher. Extracting a key body of water, and proceeding this process for all blocks, the third step of the key sequence for the final block to the OMAC value security method of the unmanned security system using a wireless sensor network, characterized in that. The method according to claim 1, wherein if only authentication of data is to be guaranteed, MAC _OMAC (K _OMAC , C | D), which is data D and a message authentication code from node A to base station B, where D is data and C is a counter. And, K _OMAC key is extracted from the master key.) Security method of an unmanned security system using a wireless sensor network, characterized in that the transmission. 2. The method of claim 1, wherein if data authentication and confidentiality are to be ensured, the data E = {D} (K _encr , c) encrypted from node A to base station B and a message authentication code for the MAC _OMAC (K _OMAC , C | E) (where D is data, K _encr is encryption key, counter C is initial vector value, K _encr key and K _OMAC key are extracted from master secret key K). Security method of unmanned security system using wireless sensor network. The overall protocol of SNEP according to claim 1, wherein node B responds with strong randomness when node A asks a question with a random number when strong freshness is required. A ?? B: N _a , R _a B ?? A: {R _b } (K _encr , c), MAC _OMAC (K _OMAC , N _b | C | {R _b } (K _encr , c)) (However, N _a is randomly generated with a random number of A, R _a is a question of A, R _b is a response of B.) The security method of the unmanned security system using a wireless sensor network, characterized in that.

Images