As wireless mobile communication becomes an important access technology both for telephony and data communications, security and privacy of these communications become fundamental to the continued success of a heterogeneous global network. The proposed research addresses authentication and key management protocols, with respect to computational and power efficiency, for secure data communications over wireless networks. There are three main components to this research:
While much work on data security has been done in the wire-line network, wireless network presents new and different constraints that are not as critical in the wire-line environments. These include:
A simple migration of current technologies developed for wire-line network security to wireless environment will not be adequate; on the other hand, network users will expect similar quality of service. This research consists of three major tasks.
The first task for ensuring data security in a wireless environment is to provide fast encryption devices that use low computational and battery power. All current encryption algorithms adopted by mobile terminals are based on stream cipher generators as built-in hardware. These generators make use of linear feedback shift registers, which are known to be vulnerable. When an algorithm is found to be vulnerable, it is extremely expensive to recall all terminals to have the generators replaced. A new software based stream cipher using linear feedback shift registers with nonlinear feed forward function is proposed here. The design should be easy to implement in 8-bit processors. The design principle behind the proposed generator is to ensure fast speed with minimal computational resources, while achieving strong pseudo random properties.
Due to the mobility of a wireless terminal, the network does not have any information about the identity of the terminal until a connection is made. When a connection is initiated, the identity of the terminal has to be authenticated by the base stations for billing purposes in a commercial network. In DoD networks, mobile units have to be authenticated by base-stations to ensure the legitimacy of the transmitted data. At the same time, base-stations have to be authenticated by mobile units to ensure the trust-worthiness of the receivers. Symmetric key authentication protocols almost always require a trusted Authentication Center, which is often the source of vulnerability. It is proposed here that public key cryptography will be adopted for authentication purpose since the data required for authentication is small compared to the actual transmitted data. To further speed up the process, an asymmetric authentication protocol is proposed in which most of the computations are carried out at the base stations since base stations usually have higher computing power than that of mobile units. On the other hand, authentication of mobile units will continue to rely on symmetric key schemes.
As both encryption and authentication depend on symmetric key cryptography, the problem of key management becomes an important issue. Furthermore, as the Internet becomes the medium for conducting business among commercial and government organizations, the need for conference keys to carry out secure group discussions and/or operations becomes increasingly important. However, the reliance of distribution of group and individual keys on a Trusted Authority should be minimized. It is proposed that new key distribution protocols should be designed and studied where initial conference keys are distributed through a secure channel, possibly by a Trusted Authority, with subsequent keys being updated periodically and frequently through broadcast channels.
Beside the study of updating keys using broadcast channels, it is proposed that the protocol should include mechanisms in revoking keys that have been compromised. An algorithm for updating keys needs to include computations that rely on information from the unit identity, original group keys and new data through the broadcast channel. Using techniques developed in secret sharing schemes, a new key distribution protocol will be designed and implemented, where the number of initial keys needed and the size of the broadcast messages will be minimized.