Method for synchronizing receiver initialization vector with sender initialization vector

Abstract

The invention relates to a method of synchronizing a receiver initialization vector with a sender initialization vector when successively transmitting encrypted data packets from a sender to a receiver, wherein a key and an initialization vector are generated. The sender forms a sender sub-counter from the lowest M bits of a counter of the sender initialization vector, encrypts a message according to an encryption method, generates a data packet from the encrypted message and the sender sub-counter and transmits it, and increments the counter of the sender initialization vector. The receiver receives the data packet, extracts the sender sub-counter therefrom, forms a receiver sub-counter from the lowest M bits of a counter of the receiver initialization vector, replaces the lowest M bits of the counter of the receiver initialization vector by the sender sub-counter if the comparison results in the sender sub-counter being higher than the receiver sub-counter, and repeats the replacement and the incrementing of the counter value of the receiver initialization vector by 2 if the comparison results in the opposite, decrypts the message, and then increments the counter of the receiver initialization vector. M , decrypts the message, and then increments the counter of the receiver initialization vector.

Description

Technical Field

[0001] The present invention relates to a method for synchronizing the receiver initialization vector of the receiver with the sender initialization vector of the sender during continuous transmission of encrypted data packets from sender to receiver. Background Technology

[0002] To this end, a key is generated first, and an initialization vector with an N-bit counter is generated secondly. Therefore, the initialization vector has an N-bit counter. Here, N is an integer greater than zero.

[0003] The key is pre-given to both the sender and receiver, and the sender initialization vector and receiver initialization vector are initialized using the initialization vector. This specifically means that the sender initialization vector has a sender counter based on a counter of the initialization vector, and the receiver initialization vector has a receiver counter based on a counter of the initialization vector. Initially, both the sender and receiver initialization vectors have the value of the initialization vector.

[0004] In the prior art, the sender performs the following steps each time a data packet is transmitted:

[0005] - The message is encrypted using the key and the sender initialization vector according to the encryption method to ensure confidentiality.

[0006] - Generate data packets using encrypted messages and the sender's counter, and send the data packets.

[0007] Then, increment the sender counter of the sender initialization vector.

[0008] In the prior art, the receiver performs the following steps each time a data packet is transmitted:

[0009] - Receive data packets with message and sender counter.

[0010] - Extract the sender counter from the data packets.

[0011] - Update the receiver counter with the sender counter.

[0012] - Using the key and the receiver initialization vector, the message is decrypted according to the encryption method.

[0013] Continuous transmission is accomplished by the sender and receiver continuously performing the above steps. Transmission includes sending and receiving.

[0014] Since the sender and receiver use the same key, the encryption method is a symmetric encryption method. The key must be confidential to ensure confidentiality, while the counter can be known. Therefore, the unencrypted transmission of the counter means that the confidentiality of messages encrypted using the counter will not be compromised.

[0015] To ensure confidentiality, the message should be encrypted using a unique combination consisting of the key and the sender initialization vector. This uniqueness is guaranteed by incrementing the sender counter in the sender initialization vector as described above after each message encryption.

[0016] Successful message decryption requires the receiver initialization vector to be equal to the sender initialization vector. In the current case, this is the case when the receiver counter is the same as the sender counter used to encrypt the message, because the other necessary components of both the receiver and sender initialization vectors are constant. The identicalness of the sender and receiver counters is ensured by sending the sender counter along with the encrypted message in a data packet and updating the receiver counter with the sender counter. In this way, the receiver initialization vector is synchronized with the sender initialization vector in the prior art.

[0017] However, the methods known in the prior art have drawbacks. Transmitting a sender counter for each data packet increases both the size of the data packets and the energy required to transmit them. Summary of the Invention

[0018] Therefore, the objective of this invention is to describe a method for continuously synchronizing the receiver initialization vector with the sender initialization vector, wherein at least the disadvantages shown above are mitigated.

[0019] This task is accomplished by the method according to claim 1 of the patent. The method described below modifies methods known in the prior art.

[0020] Each time a data packet is transmitted, the sender performs the following steps:

[0021] - A sender sub-counter is formed using the least M bits (less than N bits) of the sender initialization vector's counter (i.e., the sender counter). Therefore, the sender sub-counter is an M-bit counter. Here, M is an integer greater than zero and less than N.

[0022] - The message is encrypted using the key and the sender initialization vector according to the encryption method to ensure confidentiality.

[0023] - Generate data packets using encrypted messages and the sender counter, and send the data packets.

[0024] Then, increment the counter of the sender initialization vector.

[0025] Each time a data packet is transmitted, the receiver performs the following steps:

[0026] - Receive data packets with encrypted messages and sender counters.

[0027] - Extract the sender counter from the data packets.

[0028] A receiver sub-counter with a minimum of M bits less than N bits is formed from the counter of the receiver initialization vector (i.e., the receiver counter).

[0029] A comparison is made between the receiver counter and the transmitter counter. Therefore, during this comparison, the values ​​from the receiver counter and the transmitter counter are compared.

[0030] If the comparison shows that the sender's sub-counter is higher than the receiver's sub-counter, then the lowest M bits of the receiver's initialization vector counter are replaced with the sender's counter. This comparison result will also be referred to as comparison result A.

[0031] If the comparison shows that the sender's sub-counter is lower than the receiver's sub-counter, then the least M bits of the receiver's initialization vector counter are replaced with the sender's sub-counter, and then the value of the receiver's initialization vector counter is increased by 2. M This comparison result will also be referred to as comparison result B below.

[0032] Then, the message is decrypted using the key and the receiver initialization vector according to the encryption method, and then the counter of the receiver initialization vector is incremented.

[0033] Besides the higher (Comparison Result A) and lower (Comparison Result B) sender counters being used as receiver counters, a third possible result of the comparison is that the sender counter and receiver counter are the same. This comparison result is also referred to below as Comparison Result C, and no further steps are required compared to Comparison Result A and B because the receiver counter already has the correct value.

[0034] The following diagram illustrates an example of continuously transmitting data packets from sender to receiver using an N=16-bit counter. Therefore, both the sender's and receiver's counters are 16-bit counters, and M=8 bits, resulting in 8-bit sub-counters for both sender and receiver. Numbers ending with "b" are binary numbers, and numbers ending with "d" are decimal numbers. In this example, each data packet received by the receiver has been successfully decrypted. Transmission of a data packet is successful if it is both sent and received.

[0035]

[0036] In line 1, the transmission of the data packet from the sender to the receiver is successful, so the comparison between the receiver sub-counter and the sender sub-counter provides a comparison result A. Finally, the sender counter is incremented on the sender side. Finally, the receiver counter is incremented on the receiver side because a data packet has been received. If no data packet has been received, the receiver counter does not increment. The incremented counters are displayed on the next line (here, line 2).

[0037] The transmission in line 2 also succeeded, so perform the same operation as in line 1.

[0038] In line 3, the transmission failed because although the data packet was sent by the sender, it was not received by the receiver. Therefore, no comparison was made, and although the sender's counter did not increment, the receiver's counter did.

[0039] The transmission in line 4 also failed, so the same operation as in line 3 is performed.

[0040] The transmission was successful in line 5. The sender's counter value is 513. d The value of the sender's counter is 1. d Because the first two transmissions failed, the receiver's counter only has a value of 511. d The receiver counter has a value of 255. d Therefore, this comparison provides comparison result B. Here, by using the lowest 8 bits of the receiver counter (1111, 1111)... b Replace ) with the sender counter (0000,0001) b Then increment the receiver counter by 2. 8 d =256 d This synchronizes the receiver's counter with the sender's counter. After synchronization, the data packet is successfully decrypted. Finally, the sender's counter is incremented on the sender's side. The receiver's counter is incremented on the receiver's side because a data packet has been received.

[0041] The transmission was successful in line 6, so perform the same operation as in lines 1 and 2.

[0042] The transfer failed in line 7, so the same operation as in lines 3 and 4 is performed.

[0043] The transmission was successful in line 8. The sender's counter value is 516. d The value of the sender's counter is 4. d Because the previous transmission failed, the receiver counter only has a value of 515. d The receiver counter has a value of 3. d Therefore, this comparison provides comparison result A. Here, by using the lowest 8 bits of the receiver counter (0000, 0011...) b Replace ) with the sender counter (0000, 0100) b This synchronizes the receiver's counter with the sender's counter. Finally, the sender's counter is incremented on the sender's side. Finally, the receiver's counter is incremented on the receiver's side because a data packet has been received.

[0044] Compared to methods known in the prior art, the method according to the present invention has the following advantages: to synchronize the receiver initialization vector and the sender initialization vector, it is no longer necessary to transmit the sender counter in the data packet; a smaller sender sub-counter is sufficient. This reduces the size of the data packet and lowers the energy required to transmit the data packet. This is particularly applicable to other methods operating at the application layer in the prior art. The method also guarantees synchronization after a failed transmission.

[0045] More than 2 M The transmission of a data packet may fail. In this case, decryption will initially fail. Therefore, in one design of this method, the receiver first checks whether the decryption was successful. If the decryption fails, the receiver increments the value of the counter in the receiver initialization vector by 2. M Then, the message is decrypted again using the key and the receiver initialization vector according to the encryption method.

[0046] The key and the initialization vector must be pre-given to both the sender and the receiver. In one design, the key and the initialization vector are generated by an initializer and pre-given to both the sender and the receiver. The initializer is, for example, another device besides the sender and the receiver. Alternatively, the initializer may be implemented in either the sender or the receiver, and the key and / or the initialization vector may be exchanged between the sender and the receiver using a public-key method.

[0047] In one design of this method, the encryption method implements the Advanced Encryption Standard (AES).

[0048] In one design of this method, the sender generates a message authentication code (MAC) to guarantee the authenticity and / or integrity of the message, and also generates a data packet containing the MAC. Correspondingly, the receiver checks the authenticity and / or integrity of the message by evaluating the MAC. Therefore, according to this design, the data packet contains the MAC in addition to the message and the sender's sub-counter. The MAC is also called a Message Authentication Code and is abbreviated as MAC.

[0049] In an alternative design to the above, the sender generates a message authentication code for the message and the sender sub-counter to ensure the authenticity and / or integrity of the message and the sender sub-counter, and also generates a data packet with the message authentication code. Correspondingly, the receiver checks the authenticity and / or integrity of the message and the sender sub-counter by evaluating the message authentication code. In contrast to the above design, this design generates a message authentication code not only for the message but also for both the message and the sender sub-counter. This ensures that manipulation of the message is detected, as well as manipulation of the sender sub-counter.

[0050] In the extensions of the two alternative designs described above, the sender and receiver implement CCM or GCM mode, preferably with AES, to generate and check the message authentication code.

[0051] CCM mode is an operating mode of the Blockchiffre encoder that uses an authentication encryption method derived from the Blockchiffre to ensure message confidentiality and integrity. CCM mode combines a counter mode for encryption with a CBC-MAC mode for integrity assurance. The counter mode is an operating mode of the Blockchiffre that generates a stream encoder. The CBC-MAC mode specifies that the Cryptographic Blockchain Mode (abbreviated as CBC mode) is used to ensure message integrity by setting the initialization vector of the Cryptographic Blockchain Mode to zero and adding the last encrypted block or portion of a block in the CBC mode as the MAC to the data packet.

[0052] GCM mode is a runtime mode in which a block encoder can be run to perform symmetric encryption on messages. This mode provides a certified encryption method for messages that guarantees both authenticity and confidentiality. GCM mode stands for Galois Counter Mode.

[0053] In one design of this method, the initialization vector is generated with random numbers to improve guarantees of confidentiality or authenticity and integrity. The random numbers are combinations of characters that are as random as possible. Therefore, in this design, the initialization vector has random numbers in addition to the counter. The random numbers in the initialization vector make pre-computation attacks more difficult. After the sender's initialization vector and the receiver's initialization vector are initialized using the initialization vector, both initialization vectors also have random numbers.

[0054] In one design of this method, radio technology, preferably Bluetooth Low Energy (BLE), is used to transmit data packets from the sender to the receiver. Bluetooth Low Energy is described in Bluetooth specifications, such as the Bluetooth 5 specification. BLE is abbreviated as Bluetooth Low Energy. This design is particularly advantageous because BLE aims to transmit data packets using as little energy as possible, and this method reduces the required energy compared to existing technologies. Attached Figure Description

[0055] Specifically, many possibilities for designing and extending the method are presented. For this purpose, reference is made both to the patent claims dependent on claim 1 and to the following description of preferred embodiments in conjunction with the accompanying drawings.

[0056] Figure 1 A schematic diagram of a method for synchronizing the receiver's initialization vector with the sender's initialization vector is shown. Detailed Implementation

[0057] The attached diagram illustrates sender 1 and receiver 2. Only sender 1 and receiver 2 are devices; that is, they have a physical design. The remaining components do not have a physical design. Therefore, the remaining components are virtual. The representation of these virtual components is only for illustrating the method described below, which is used to synchronize receiver initialization vector 3 of receiver 2 with sender initialization vector 4 of sender 1 when encrypted data packets are continuously transmitted from sender 1 to receiver 2.

[0058] First, a key 5 and an initialization vector are generated. The initialization vector has a 64-bit random number 6 and a counter with N=16 bits. Then, key 5 is pre-assigned to both sender 1 and receiver 2, such that the key is used by both sender 1 and receiver 2. Furthermore, receiver initialization vector 3 and sender initialization vector 4 are initialized using the initialization vector. After this initialization, receiver initialization vector 3 has a random number 6 and a receiver counter 7, while sender initialization vector 4 has a random number 6 and a sender counter 8. Receiver counter 7 and sender counter 8 are both 16-bit counters, and they have the same value after the initialization.

[0059] Sender 1 performs the following steps:

[0060] - The lowest M=8 bits less than N=16 bits in the transmitter counter 8 are used to form the transmitter sub-counter 9. The transmitter counter 9 is therefore an 8-bit counter.

[0061] - Using key 5 and sender initialization vector 4, message 10 is encrypted according to the encryption method to ensure confidentiality. For this purpose, message 10, key 5, and sender initialization vector 4 are read in. The encryption method implements AES.

[0062] - Generate a message authentication code 12 for message 10 to ensure the authenticity and integrity of message 10. A CCM mode is implemented for this generation.

[0063] - Generate a data packet 11 using the encrypted message 10, the sender counter 9, and the message authentication code 12, and send the data packet.

[0064] Then increment the sender counter by 8.

[0065] Receiver 2 performs the following steps:

[0066] - Receive data packets 11 containing encrypted messages 10, sender counters 9 and message authentication codes 12.

[0067] - Extract sender counter 9 from data packet 11.

[0068] - Receiver sub-counter 13 is formed using the lowest M=8 bits of receiver counter 7 that are less than N=16 bits. Receiver sub-counter 13 is therefore an 8-bit counter.

[0069] - Compare between the receiver counter 13 and the transmitter counter 9.

[0070] If the comparison shows that the sender counter 9 is higher than the receiver counter 13, then the lowest M=8 bits of the receiver counter 7 are replaced with the sender counter 9.

[0071] If the comparison shows that the sender's counter 9 is lower than the receiver's counter 13, then the lowest M=8 bits of the receiver's counter 7 are replaced with the sender's counter 9, and the value of the receiver's counter 7 is incremented by 2. M =2 8 .

[0072] - Verify the authenticity and integrity of message 10 by evaluating message authentication code 12.

[0073] - Using key 5 and receiver initialization vector 3, decrypt message 10 according to the encryption method. For this, read key 5. Output the decrypted message 10. Then increment receiver counter 7.

[0074] The last two steps are performed after ensuring that the receiver's initialization vector and the sender's initialization vector are consistent. Here, the transmission of data packet 11 from sender 1 to receiver 2, i.e., sending and receiving, is performed using Bluetooth Low Energy.

[0075] Figure Labels

[0076] 1. Sender

[0077] 2. Recipient

[0078] 3. Receiver Initialization Vector

[0079] 4. Sender Initialization Vector

[0080] 5 keys

[0081] 6. Random Numbers

[0082] 7. Receiver Counter

[0083] 8. Sender Counter

[0084] 9. Sending counter

[0085] 10 News

[0086] 11 Data Grouping

[0087] 12 Message Authentication Code

[0088] 13 Receiver Counter

Claims

1. A method for synchronizing the receiver initialization vector (3) of the receiver (2) with the sender initialization vector (4) of the sender (1) during continuous transmission of encrypted data packets (11) from sender (1) to receiver (2), in, On the one hand, a key (5) is generated, and on the other hand, an initialization vector with an N-bit counter is generated. The key (5) is pre-given to the sender (1) and the receiver (2), and the initialization vector is used to initialize the sender initialization vector (4) and the receiver initialization vector (3). Among them, the sender (1) - The least M bits less than N bits in the counter (8) of the sender initialization vector (4) are used to form the sender sub-counter (9). - The message (10) is encrypted using the key (5) and the sender initialization vector (4) according to the encryption method to ensure confidentiality. - Generate data packets (11) using the encrypted message (10) and the sender counter (9), and send the data packets (11). -Then increment the counter (8) of the sender initialization vector (4), Among them, the receiver (2) - Receive data packets (11) with encrypted messages (10) and sender counters (9). - Extract the sender sub-counter (9) from the data packet (11). - The receiver sub-counter (13) is formed by using the least M bits of the counter (7) of the receiver initialization vector (3) that are less than N bits. - A comparison is made between the receiver counter (13) and the transmitter counter (9). If the comparison shows that the sender sub-counter (9) is higher than the receiver sub-counter (13), then the lowest M bit of the counter (7) of the receiver initialization vector (3) is replaced with the sender counter (9). If the comparison shows that the sender sub-counter (9) is lower than the receiver sub-counter (13), then the lowest M bit of the counter (7) of the receiver initialization vector (3) is replaced with the sender sub-counter (9), and then the value of the counter (7) of the receiver initialization vector (3) is increased by 2. M , Then, the message (10) is decrypted using the key (5) and the receiver initialization vector (3) according to the encryption method, and the counter (7) of the receiver initialization vector (3) is incremented.

2. The method according to claim 1, wherein, The receiver (2) checks whether the decryption was successful, and if the decryption was unsuccessful, it further increments the value of the counter (7) of the receiver's initialization vector (3) by 2. M Then, the message (10) is decrypted again using the key (5) and the receiver initialization vector (3) according to the encryption method.

3. The method according to claim 1 or 2, wherein, The initializer generates the key (5) and the initialization vector and pre-given them to the sender (1) and the receiver (2).

4. The method according to claim 1 or 2, wherein, The encryption method implements the Advanced Encryption Standard (AES).

5. The method according to claim 1 or 2, wherein, The sender (1) generates a message authentication code (12) for the message (10) to ensure the authenticity and / or integrity of the message (10), and generates a data packet (11) with the message authentication code (12). The receiver (2) checks the authenticity and / or integrity of the message (10) by evaluating the message authentication code (12).

6. The method according to claim 1 or 2, wherein, The sender (1) generates a message authentication code (12) for the message (10) and the sender sub-counter (9) to ensure the authenticity and / or integrity of the message (10) and the sender sub-counter (9), and generates a data packet (11) with the message authentication code (12). The receiver (2) checks the authenticity and / or integrity of the message (10) and the sender sub-counter (9) by evaluating the message authentication code (12).

7. The method according to claim 5, wherein, The sender (1) and the receiver (2) implement CCM or GCM mode to generate and check the message authentication code (12).

8. The method according to claim 7, wherein, The sender (1) and the receiver (2) implement CCM or GCM mode with AES.

9. The method according to claim 1 or 2, wherein, Generate the initialization vector with random numbers (6) to improve the guarantee of confidentiality or the guarantee of authenticity and integrity.

10. The method according to claim 1 or 2, wherein, Radio technology is used to transmit data packets (11) from the sender (1) to the receiver (2).

11. The method according to claim 10, wherein, The radio technology in question is Bluetooth Low Energy.

Images