EP2829011A1 - Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie - Google Patents

Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie

Info

Publication number
EP2829011A1
EP2829011A1 EP13718541.9A EP13718541A EP2829011A1 EP 2829011 A1 EP2829011 A1 EP 2829011A1 EP 13718541 A EP13718541 A EP 13718541A EP 2829011 A1 EP2829011 A1 EP 2829011A1
Authority
EP
European Patent Office
Prior art keywords
data packets
redundant data
cryptographically protected
identification
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13718541.9A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Steffen Fries
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of EP2829011A1 publication Critical patent/EP2829011A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Definitions

  • the present invention relates to a method and a device for generating cryptographically protected redundant data packets.
  • the device is for example a communication node or a network node in one
  • the invention relates to an arrangement for a communication network having a plurality of such communication nodes.
  • the transmission of data packets between communication or network nodes may be cryptographically protected to protect them from tampering or eavesdropping.
  • a cryptographic key is used for this purpose.
  • a fresh initialization vector or nonce For each data packet or data frame, a fresh initialization vector or nonce must be determined in many conventional methods, so that the encryption can not be broken. In highly available or safety-critical systems, redundant arithmetic architectures and / or redundant data transmissions are frequently used. Here, there is a need to prevent multiple use of such an initialization vector or nonce value even in such highly available or safety-critical systems.
  • the protected data transmission described above is used, for example, by sensor nodes for transmitting sensor or measurement data.
  • 1 shows a block diagram of an example of a conventional sensor node 1.
  • the sensor node 1 of FIG. 1 has a control device 2, for example a CPU, a flash memory 3, a RAM memory 4, a radio module 5 for data transmission, a current - Supply 6 for power supply and two connected
  • a sensor node 1 can be used as a network node in an arrangement for generating and Transmission of cryptographically protected redundant data packets are used.
  • FIG. 2 shows a block diagram of an example of such a conventional arrangement for generating and transmitting cryptographically protected redundant data packets.
  • the arrangement of Fig. 2 has two network nodes 10, 20, which are of identical construction. For the sake of clarity, only the network node 10 will be discussed below for these reasons.
  • the network node 10 has a control device, for example a CPU 15, which has two generation units 13, 14 for generating redundant data packets.
  • the respective generating unit 13, 14 is coupled to a communication interface 11, 12.
  • the communication interface 11, 12 generates cryptographically protected redundant data packets, which in turn are transmitted redundantly via two communication links 31, 32 to the second network nodes 20.
  • FIG. 3 is a block diagram of a second example of a conventional arrangement for generating and transmitting cryptographically protected redundant data packets.
  • the example of FIG. 3 differs from the example of FIG. 2 in that the network node 10 of FIG. 3 has two control devices 15, 16 with a respective generating unit 13, 14 and has only one communication interface 11 connected to the single key K encrypted.
  • the data packets to be sent from the network node 10 to the network node 20 are encrypted by the first communication interface 11 by means of the key K and those by the second communication interface 12 by means of the key K.
  • Such a data packet transmitted via the communication links 31, 32 generally has a header, data (payload) and a checksum.
  • the header usually contains example, an identification (ID) of the transmitting node, eg a MAC address, an identification (ID) of the receiver node, eg a MAC address, a counter value, a type of frame, eg data frame, control command (Acknowledge), a Field for indexing the data field and other flags, eg version, Security Enabled Acknowledge.
  • ID identification
  • Such a data frame can, for example, be protected cryptographically using the CCM (see, for example, IEEE 802.15.4-2006). This procedure makes it possible to protect confidentiality, integrity or both.
  • redundant Ethernet protocols especially in the Parallel Redundancy Protocol, it is known to encode a Lane ID as a parameter in the header field (see
  • CCM Counter Mode
  • GCM Galois Counter Mode
  • the nonce can also be called the initialization vector.
  • the nonce is a value that is different for each data packet protected by the same cryptographic key. If such a nonce value is used multiple times, attacks against data frame encryption are enabled. If e.g. In the WEP encryption of 802.11 WLAN, the same nonce value is used more than once, so an attacker can obtain from the intercepted data frames the XOR of two plain text messages.
  • the sending node constructs a nonce and uses it together with a key to cryptographically protect a data packet.
  • the receiver constructs the same nonce based on information contained in the data packet in plain text and possibly also on stored state information. The timeliness of a nonce can be guaranteed by the sender in different ways and checked by the receiver in different ways.
  • a counter value is entered into the nonce construction for this purpose.
  • the receiver stores information about the last received counter value and then accepts only nonces that have a counter value that is greater than the one stored
  • Counter value is. It is further known that in a data packet, the counter value does not have to be completely transmitted (e.g., 32 bits), but only a part, e.g. the least significant 8 bits.
  • N redundant data packets are generated by means of N different generation units.
  • the respective generating unit is assigned a unique identification.
  • N cryptographically protected redundant data packets are generated from the N generated redundant data packets by means of a single cryptographic function, the cryptographic function being used for generating the respective cryptographically protected data packets.
  • data packet is parameterized with a cryptographic key and the identification associated with the corresponding generation unit.
  • the respective identification uniquely identifies a generating channel having the respective generating unit. For example, for simple redundant generation of cryptographically protected data packets, there are two separate generation channels with a respective generating unit and a respective identification.
  • the cryptographic function is parameterized not only with the cryptographic key but also with the respective identification, the cryptographic key can be used for a plurality of generation channels or channels.
  • reuse of the same initialization vector or nonce value with the same cryptographic key is thereby prevented. This also avoids so-called replay attacks.
  • the receiver when checking the cryptographically protected redundant data packets in the event of a repeated error on a channel, the receiver can report a potential threat to this channel via a management interface.
  • a management interface be used as additional information for an intrusion detection system. That is, it can be distinguished in the present case, whether it is a planned redundant transmission of a data packet or a re-playing of a data packet eavesdropped.
  • the identification may, for example, be referred to as generation channel identification, channel identification, lane identification or as redundancy channel identification information.
  • This identification may include, for example, the logical computer ID in a multi-channel computer (eg 0 and 1 in a two-channel computer, or 00, 01, 10 in a three-channel computer).
  • the identification may comprise an interface identification or a transmission direction in the case of a ring topology or redundant data transmissions.
  • the N cryptographically protected redundant data packets are generated from the N generated redundant data packets using the single cryptographic function and a single initialization vector, the cryptographic function for generating the respective cryptographically protected data packet with the cryptographic key and one from the initialization vector using the the corresponding generating unit associated identification associated with the initialization vector is parameterized.
  • the initialization vector is derived by means of the respective identification for the respective generation channel.
  • the use of derived initialization vectors to parameterize the cryptographic function easily allows a single cryptographic key to be used for a plurality of generation channels or channels.
  • the respective derived initialization vector is derived from the initialization vector by means of a first derivation function parameterized with the associated identification.
  • the first derivative function may also be referred to as the initialization vector derivative function.
  • An initialization vector derivation function can be implemented with little effort and thus provides a simple and inexpensive way of providing derived initialization vectors.
  • the respective value of the derived initialization vector is derived from a concatenation vector. tion of an address of a transmitter of the cryptographically protected redundant data packets, the identification unit associated with the corresponding generation unit and a current counter value.
  • the identification may be a lane ID.
  • the lane ID can be used as a parameter in a nonce construction.
  • An example of the formation of the nonce is therefore:
  • N denotes the nonce and is determined by a concatenation, that is, the respective bit sequences, the address of the transmitting node (TA, the transmitter address), the lane ID and the counter CTR.
  • the N cryptographically protected redundant data packets are generated from the N generated redundant data packets by the single cryptographic function and a single initialization vector, the cryptographic function for generating the respective cryptographically protected data packet with one of the cryptographic key using the corresponding one Creation unit associated identification decrypted cryptographic key and the initialization vector is parameterized.
  • the respective derived cryptographic key is encrypted by means of a ordered identification parameterized second derivative function derived from the cryptographic key.
  • the second derivation function can also be referred to as key derivation or key derivation function.
  • Suitable key derivation functions are e.g. HMAC-SHA1, AES-CCM and KDF1.
  • a key derivation function can be implemented with little effort and thus provides a simple and inexpensive way to provide derived keys.
  • Lane-ID is the identifier of the channel being used (Lane)
  • KDF is the key derivation
  • LK is the derived key
  • LK: KDF (K, lane ID).
  • the derived key LK is used to protect the data packets or data frames.
  • the parameter of the lane ID encodes an information as to which lane or which channel it is. This may be, for example, a bit (0 or 1), a number (eg 0000, 1111) or a character string (eg "Lane-0" or "Lane-1", “Lane-Left", “Lane-1”). Right ") act.
  • N cryptographically protected redundant data packets are generated by means of the single cryptographic function and a single initialization vector from the N generated redundant data packets, wherein the cryptographic function for generating the respective cryptographically protected data packet with one of the cryptographic key by means of the corresponding generating unit associated identification derived cryptographic key and a is parameterized by the initialization vector by means of the initialization vector derived from the identification associated with the corresponding generation unit.
  • the identification is advantageously used twice, namely both for the derivation of the initialization vector and for the key derivation.
  • the respective derived initialization vector is derived from the initialization vector by means of a first derivation function parameterized with the associated identification
  • the respective derived cryptographic key is derived from the cryptographic key by means of a second derivation function parameterized with the associated identification.
  • the generated cryptographic data packets comprise encrypted data.
  • the generated cryptographic data packets include digital signatures.
  • digital signatures can be used to authenticate a sender of an electronic message.
  • the generated cryptographic data packets include digital certificates. These digital certificates each include a public key and a digital signature. Digital certificates make it possible to ensure that the public key of, for example, a sender of an electronic message actually belongs to the specified sender of the message.
  • a computer program product which causes the program on a program-controlled device of the method explained above.
  • a computer program product such as a computer program means can be provided or supplied, for example, as a storage medium, such as a memory card, USB stick, CD-ROM, DVD or in the form of a downloadable file from a server in a network. This can be done, for example, in a wireless communication network by transmitting a corresponding file with the computer program product or the computer program means.
  • a device for generating cryptographically protected redundant data packets has a number N of generating units for generating N redundant data packets, wherein the respective generating unit is assigned a unique identification. Furthermore, the device has a number N of generation units for generating N cryptographically protected redundant data packets by means of a single cryptographic function from the N generated redundant data packets. In this case, the respective generation unit is set up to parametrize the cryptographic function for the generation of the respective cryptographically protected data packet with a cryptographic key and the identification assigned to the corresponding generation unit.
  • the respective unit, generating unit and generating unit can be implemented in hardware and / or software technology.
  • the respective unit may be embodied as a device or as part of a device, for example as a computer or as a microprocessor.
  • the respective unit may be used as a computer program product, as a function, as a routine, as Part of a program code or be designed as an executable object.
  • the device is designed as a communication node in a communication network.
  • the communication node has at least one control device, for example a CPU (Central Processing Unit), and at least one communication interface coupled to the communication network, for example a NIC (Network Interface Controller).
  • a control device for example a CPU (Central Processing Unit)
  • NIC Network Interface Controller
  • control device integrates the N generation units and the communication interface the N generation units.
  • control device integrates the N generation units and the N generation units.
  • a communication network which has a plurality of communication nodes.
  • the communication nodes are coupled via the communication network.
  • the respective communication node has a device as described above for generating cryptographically protected redundant data packets.
  • the communication node can also be referred to as a network node.
  • the communication node can also be designed as a sensor node.
  • FIG. 1 is a block diagram of an example of a conventional sensor node
  • FIG. 2 shows a block diagram of a first example of a conventional arrangement for generating and transmitting cryptographically protected redundant data packets
  • Fig. 3 is a block diagram of a second example of a conventional arrangement for generating and transmitting cryptographically protected redundant data packets
  • FIG. 4 is a flowchart of a first embodiment of a method for generating cryptographically protected redundant data packets
  • Fig. 5 is a block diagram of a cryptographic function for generating cryptographically protected redundant data packets of Fig. 4; 6 is a flow chart of a second embodiment of a method for generating cryptographically protected redundant data packets;
  • Fig. 7 is a block diagram of a cryptographic function for generating cryptographically protected redundant
  • FIG. 8 shows a block diagram of a first exemplary embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets
  • FIG. 9 is a flowchart of a third embodiment of a method for generating cryptographically protected redundant data packets
  • Fig. 10 is a block diagram of a cryptographic function for generating cryptographically protected redundant data packets of Fig. 9;
  • Fig. 11 is a block diagram of a second embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets;
  • Fig. 12 is a block diagram of a third embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets.
  • FIG. 13 shows a block diagram of a fourth exemplary embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets.
  • FIG. 4 shows a flow chart of a first exemplary embodiment of a method for generating cryptographically protected redundant data packets DP " .
  • N redundant data packets DP are generated by means of N different generation units 13, 14.
  • the respective generating unit 13, 14 is associated with a unique identification 13, 14 (see, for example, FIG. 8).
  • step 402 N cryptographically protected redundant data packets DP "are encrypted by means of a single cryptographic
  • Function F generated from the N generated redundant data packets DP the cryptographic function F for the generation of the respective cryptographically protected data packet DP "is parameterized with a cryptographic key K and the corresponding generating unit 13, 14 associated identification LI, L2.
  • 5 shows a block diagram of a cryptographic function F for generating the cryptographically protected redundant data packets DP 'according to FIG. 4.
  • the cryptographic function F receives the N redundant data packets DP.
  • the cryptographic function F for generating the respective cryptographically protected data packet DP is connected to a cryptographic key K and the identification L associated with the corresponding generation unit 13, 14; LI, L2 parameterized.
  • the cryptographic function F can also be parameterized with an initialization vector IV.
  • FIG. 6 shows a flow chart of a second exemplary embodiment of a method for generating cryptographically protected redundant data packets DP '.
  • step 601 a number N of redundant data packets DP are provided by means of N different generation units 13, 14.
  • the respective generating unit 13, 14 is a unique identification L; LI, L2 assigned.
  • the N cryptographically protected redundant data packets DP ' are generated by means of the single cryptographic function F and a single initialization vector IV from the N redundant data packets DP generated.
  • the cryptographic function F is for the generation of the respective cryptographically protected data packet DP 'with the cryptographic key K and one of the initialization vector IV by means of the corresponding generation unit 13, 14 associated identification L; LI, L2 derived initialization vector IV parameterized. Ie, with- of the respective unique identification L; LI, L2 the initialization vector IV is parameterized accordingly, whereby the cryptographic function F is parameterized accordingly.
  • FIG. 7 shows a block diagram of a cryptographic function F for generating cryptographically protected redundant data packets DP 'according to FIG. 6.
  • FIG. 7 shows a first derivative function AFI.
  • the first derivation function AFI forwards the initialization vector IV by means of the identification L assigned to the corresponding generation unit 13, 14; LI, L2 to provide the derived initialization vector IV.
  • the respective value of the derived initialization vector IV can also be obtained from a concatenation of an address of a transmitter of the cryptographically protected redundant data packets DP ', the identification L associated with the corresponding generation unit 13, 14. LI, L2 and a current counter value or counter value.
  • FIG. 8 shows a block diagram of a first exemplary embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets DPI ', DP2'.
  • the arrangement of FIG. 8 has a first network node 10 and a second network node 20.
  • the two network nodes 10 and 20 are coupled together by a communication network which is formed by a first communication connection 31 and a second communication connection 32.
  • the two network nodes 10, 20 have the same structure, so that in particular the first network node 10 will be discussed below.
  • the control device 15 is, for example, as a microcontroller of the network node 10 trained.
  • the control device 15 integrates the two generation units 13, 14.
  • the first generation unit 13 provides a first data packet DPI.
  • the second generation unit 14 provides a redundant second data packet DP2.
  • the respective generating unit 13, 14 is assigned a unique identification LI, L2.
  • the respective generating unit 13, 14 is coupled to a respective communication interface 11, 12.
  • the first communication interface 11 is coupled to the first communication connection 31 and the second communication interface 12 is coupled to the second communication connection 32.
  • the respective communication interface 11, 12 has a respective generation unit 16, 17.
  • the first generation unit 16 of the first communication interface 11 generates a cryptographically protected data packet DPI 'by means of a cryptographic function F from the first generated data packet DPI.
  • the second generation unit 17 generates a cryptographically protected data packet DP2 'by means of the cryptographic function F from the generated data packet DP2.
  • the first and second cryptographically protected data packets DPI 'and DP2' are redundant to one another.
  • the two generation units 16, 17 are set up to parameterize the only cryptographic function F for the generation of the cryptographically protected data packets DPI ', DP2' with the cryptographic key K and the identification LI, L2 assigned to the corresponding generation unit 13, 14.
  • the first generation unit 16 uses the identification LI assigned to the first generation unit 13.
  • the second generation unit 17 uses the identification L2, which is assigned to the second generation unit 14.
  • the cryptographically protected redundant data packets DPI 'and DP2' are transmitted redundantly, in other words via the two communication links 31, 32, to the network node 20.
  • 9 illustrates a flow chart of a third embodiment of a method for generating cryptographically protected redundant data packets DP '.
  • step 901 a number N of redundant data packets DP are provided by means of N different generation units 13, 14.
  • the respective generating unit 13, 14 is a unique identification L; LI, L2 assigned.
  • step 902 the N cryptographically protected redundant data packets DP 'are generated by means of the single cryptographic function F and a single initialization vector IV from the N generated redundant data packets DP, wherein the cryptographic function F for generating the respective cryptographically protected data packet DP' with one of the cryptographic key K by means of the identification L associated with the corresponding generating unit 13, 14; LI, L2 derived cryptographic key K 'and the initialization vector IV is parameterized.
  • FIG. 10 shows a block diagram of the cryptographic function F for generating the cryptographically protected redundant data packets DP 'according to FIG. 9.
  • a second derivation function AF2 forwards cryptographic keys K' from the single cryptographic key K by means of the respective identification L from.
  • FIGS. 7 and 10 can be combined to use both the first derivative function AFI for deriving the initialization vector IV and the second derivative function AF2 for deriving the cryptographic key K.
  • FIG. 11 An example of the key derivation in an arrangement for generating and transmitting cryptographically protected redundant data packets DPI ', DP2' is shown in FIG. 11.
  • the embodiment of FIG. 11 differs from the embodiment of FIG. 8 in that in FIG. 11 the initialization vector is not used for parameterizing the cryptographic function, but instead keys K 1 and K 2 derived from the cryptographic key K are used for parameterization and thus Differentiation of the cryptographic function F used.
  • the generation unit 16 of FIG. 11 is adapted to parameterize the cryptographic function F for the generation of the cryptographically protected data packet DPI "with a cryptographic key K1 derived from the cryptographic key K by means of the identification LI and the single initialization vector IV
  • the second generation unit 17 is configured to parameterize the single cryptographic function F for the generation of the second cryptographically protected data packet DP2 'with a cryptographic key K2 derived from the cryptographic key K by means of the identification L2 and the initialization vector IV ,
  • FIG. 12 shows a block diagram of a third exemplary embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets DPI ', DP2'.
  • FIG. 12 differs from the embodiment of FIG. 11 in that the respective network nodes 10, 20 do not have two communication interfaces 11, 12; 21, 22, but only a single communication interface 11, 21 has.
  • the respective communication interface for example the communication interface 11 of the network node 10, then integrates the two generation units 16, 17.
  • the two cryptographically protected redundant data packets DPI ', DP2' are transmitted via the single communication connection 31 between the two network nodes 10, 20 transmitted.
  • FIG. 13 shows a block diagram of a fourth exemplary embodiment of an arrangement for generating and transmitting cryptographically protected redundant data packets DPI ', DP2'.
  • FIG. 13 differs from the embodiment of FIG. 12 in that the respective generation unit 16, 17 is not integrated in the communication interface 11 but in the control device 15, 16, in which also the corresponding generation unit 13, 14 is integrated.
  • both the generation unit 13, 14 and the generation unit 16, 17 are assigned to the respective identification LI, L2.
  • the identification LI is assigned to both the first generation unit 13 and the first generation unit 16.
  • the identification L2 is assigned the second generation unit 14 and the second generation unit 17.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de génération de paquets de données protégés par cryptographie. Dans une première étape, N paquets de données redondants sont générés par l'intermédiaire de N différentes unités de génération L'unité de génération respective se voit attribuer une identification univoque. Dans une deuxième étape, N paquets de données redondants protégés par cryptographie sont générés à partir de N paquets de données redondants à l'aide d'une seule fonction cryptographique, la fonction cryptographique étant paramétrée pour la génération du paquet de données respectivement protégé par cryptographie par une clé cryptographique et par l'identification affectée correspondante de l'unité de génération. Pour la génération du paquet de données respectif protégé par cryptographie, la fonction cryptographique n'étant pas seulement cryptée par la clé cryptographique mais aussi par l'identification respective, la clé cryptographique est utilisée pour une pluralité de canaux. L'invention concerne également un produit programme d'ordinateur et un dispositif de génération de paquets de données redondants protégés par cryptographie. En outre, l'invention concerne un noeud de communication pour la génération et le transfert de paquets de données redondants protégés par cryptographie et un dispositif pour un réseau de communication doté d'une pluralité de tels noeuds de communication.
EP13718541.9A 2012-05-25 2013-04-16 Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie Withdrawn EP2829011A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102012208836A DE102012208836A1 (de) 2012-05-25 2012-05-25 Verfahren und Vorrichtung zur Erzeugung kryptographisch geschützter redundanter Datenpakete
PCT/EP2013/057908 WO2013174578A1 (fr) 2012-05-25 2013-04-16 Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie

Publications (1)

Publication Number Publication Date
EP2829011A1 true EP2829011A1 (fr) 2015-01-28

Family

ID=48184166

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13718541.9A Withdrawn EP2829011A1 (fr) 2012-05-25 2013-04-16 Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie

Country Status (5)

Country Link
US (1) US20150086015A1 (fr)
EP (1) EP2829011A1 (fr)
CN (1) CN104303452A (fr)
DE (1) DE102012208836A1 (fr)
WO (1) WO2013174578A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9800401B2 (en) * 2014-04-23 2017-10-24 International Business Machines Corporation Initialization vectors generation from encryption/decryption
EP3557471B1 (fr) * 2018-04-20 2022-08-03 ARM Limited Surveillance du bruit du rail de l'alimentation pour détecter les tentatives d'attaque de sécurité ou les attaques de canal latéral
CN110176988B (zh) * 2019-04-25 2022-04-08 中国人民解放军战略支援部队信息工程大学 保证冗余执行体加密行为一致的装置及方法
US11695541B2 (en) 2020-12-07 2023-07-04 International Business Machines Corporation Implementing resilient deterministic encryption
US12277097B2 (en) 2023-07-20 2025-04-15 International Business Machines Corporation Using ciphertext to deduplicate data using wide-block encryption

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040131014A1 (en) * 2003-01-03 2004-07-08 Microsoft Corporation Frame protocol and scheduling system
US20070223533A1 (en) * 2004-11-16 2007-09-27 Abb Research Ltd Reception of redundant and non-redundant frames
EP1855447A1 (fr) * 2006-05-08 2007-11-14 AudioCodes Ltd. Commutation entre des dispositifs de média sécurisés
DE102008046563A1 (de) * 2008-09-10 2010-03-11 Siemens Aktiengesellschaft Verfahren zur Datenübertragung zwischen Netzwerkknoten

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030063750A1 (en) * 2001-09-26 2003-04-03 Alexander Medvinsky Unique on-line provisioning of user terminals allowing user authentication
US20100077230A1 (en) * 2006-12-15 2010-03-25 Michael Chambers Protecting a programmable memory against unauthorized modification
WO2010026637A1 (fr) * 2008-09-04 2010-03-11 富士通株式会社 Dispositif d'émission, dispositif de réception, procédé d'émission et procédé de réception

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040131014A1 (en) * 2003-01-03 2004-07-08 Microsoft Corporation Frame protocol and scheduling system
US20070223533A1 (en) * 2004-11-16 2007-09-27 Abb Research Ltd Reception of redundant and non-redundant frames
EP1855447A1 (fr) * 2006-05-08 2007-11-14 AudioCodes Ltd. Commutation entre des dispositifs de média sécurisés
DE102008046563A1 (de) * 2008-09-10 2010-03-11 Siemens Aktiengesellschaft Verfahren zur Datenübertragung zwischen Netzwerkknoten

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2013174578A1 *

Also Published As

Publication number Publication date
CN104303452A (zh) 2015-01-21
WO2013174578A1 (fr) 2013-11-28
US20150086015A1 (en) 2015-03-26
DE102012208836A1 (de) 2013-11-28

Similar Documents

Publication Publication Date Title
EP3501154B1 (fr) Établissement d'une communication sécurisée à l'intérieur d'un réseau de communication en temps réel
DE102014224694B4 (de) Netzwerkgerät und Netzwerksystem
DE102016103498A1 (de) Ein Verfahren zum Übermitteln von Daten von einem Sensorbauelement an eine elektronische Steuereinheit, ein Sensorbauelement und eine elektronische Steuereinheit
EP2829011A1 (fr) Procédé et dispositif de génération de paquets de données redondants protégés par cryptographie
DE102019005608A1 (de) Transportschichtauthentizität und Sicherheit für Automobilkommunikation
DE69734621T2 (de) Virtuelles Authentifizierungsnetzwerk für gesicherte Prozessoren
DE102015200279A1 (de) Einwegübertragungseinrichtung, Vorrichtung undVerfahren zum rückwirkungsfreien Erfassen von Daten
DE102015220038A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder Schlüssels in einem Netzwerk
EP3363146B1 (fr) Procédé de génération d'une clé dans un agencement de circuits
DE102011081036A1 (de) Verfahren zum Aussenden von Nachrichten mit Integritätsschutz
EP3520351B1 (fr) Dispositif et procédé de transmission de manière continue et de transmission multimédias de protocoles de communication sans conversion de protocole
DE102016222599A1 (de) Verfahren zur Absicherung der Datenübertragung in einem Datenbus
DE102024109761A1 (de) Geschützte und sichere Kommunikation
EP3603012A1 (fr) Procédé et dispositif de protection d'une communication entre au moins un premier dispositif de communication et au moins un deuxième dispositif de communication, en particulier dans un réseau de communication d'une production et/ou automatisation industrielle
WO2014206451A1 (fr) Procédé et dispositif permettant la transmission sécurisée de données de signaux dans une installation
EP3298721A1 (fr) Procédé pour générer un élément secret ou une clé dans un réseau
EP4115310B1 (fr) Procédé et dispositif de détection de services malveillants dans un réseau
DE102022213581A1 (de) Verfahren zum überwachen einer kommunikationsverbindung zweier direkt miteinander verbundener netzwerkknoten
DE102015219997B4 (de) Verfahren und Vorrichtung zur Erzeugung eines gemeinsamen Geheimnisses
DE102022209780A1 (de) Sichere ethernet-basierte kommunikation zwischen zwei controller area networks (can)
WO2017064009A1 (fr) Procédé et dispositif pour rafraîchir un secret commun, notamment une clé cryptographique symétrique, entre un premier noeud et un deuxième noeud d'un système de communication
EP2830277A1 (fr) Procédé et système de transmission inviolable de paquets de données
DE102015220055A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder Schlüssels in einem Netzwerk
WO2017064122A1 (fr) Procédé permettant de générer un élément secret dans un réseau comprenant au moins deux abonnés séparés par un central téléphonique
DE102019125693A1 (de) Verfahren zum Betreiben eines Kommunikationsnetzwerks, Kommunikationsnetzwerk und Teilnehmer für ein Kommunikationsnetzwerk

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20141023

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

17Q First examination report despatched

Effective date: 20180417

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/08 20060101ALI20191204BHEP

Ipc: H04L 9/08 20060101AFI20191204BHEP

Ipc: H04L 29/06 20060101ALI20191204BHEP

Ipc: H04L 9/32 20060101ALI20191204BHEP

INTG Intention to grant announced

Effective date: 20200108

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20200630