Methods and protocols for intrusion-tolerant management of collaborative network groups
First Claim
1. A secure method of transmitting a message between a sender node and a recipient node within a network collaboration group, the sender and the recipient sharing a secret encryption key and an expected nonce value comprising:
- generating a new nonce value known to the sender;
encrypting the message including the expected nonce value and the new nonce value, using the encryption key;
transmitting the encrypted message from the sender to the recipient; and
verifying, by the recipient, that the encrypted message includes the expected nonce value.
3 Assignments
0 Petitions
Accused Products
Abstract
The inventive subject matter provides reliable methods and apparatus for secure communication within a network collaboration group including a VPN. Distribution of critical group data to member nodes (such as encryption keys for communication with other member nodes) is preferably handled by master nodes in a manner relatively resistant to misbehavior by current, past, or other nodes, and to outsider attacks such as replay attacks. A particular embodiment enables distribution of critical group data by master nodes to member nodes in a manner that offers confidentiality (the critical data cannot be read by eavesdropper), integrity (the receiving member node has evidence that the critical data has not been tampered with in transit), authenticity (the receiving member node has evidence that the critical data was sent by a master node), and freshness (the critical data is not a replay of a previous message). In an embodiment, communication of critical data between the master node and the member node may be encrypted with a session key. Preferably, in each round of communication between master and member, the transmitting node generates a new nonce value and embeds it in the encrypted communication, for use by the recipient in the next communication. This nonce value typically becomes the expected nonce, for purposes of the next communication. If the next communication does not contain the expected nonce value, then the communication may be readily identified and rejected by the recipient as a replay attack or otherwise illicit communication.
-
Citations
18 Claims
-
1. A secure method of transmitting a message between a sender node and a recipient node within a network collaboration group, the sender and the recipient sharing a secret encryption key and an expected nonce value comprising:
-
generating a new nonce value known to the sender;
encrypting the message including the expected nonce value and the new nonce value, using the encryption key;
transmitting the encrypted message from the sender to the recipient; and
verifying, by the recipient, that the encrypted message includes the expected nonce value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing communications within a network collaboration group, comprising:
-
means for generating a new nonce value;
means for incorporating an expected nonce value and the new nonce value in a message to be transmitted;
means for encrypting the message;
means for transmitting the encrypted message from a sender node of the group to a recipient node of the group; and
means for verifying, by the recipient node, that the encrypted message includes the expected nonce value. - View Dependent Claims (14, 15)
-
-
16. A data-carrying signal for transmitting information securely between a master node and a member node of a network collaboration group, the signal being encrypted using an encryption key shared by the master and the member, the signal comprising:
-
the information to be transmitted;
an expected nonce value known to the master and the member; and
a new nonce value, different than the expected nonce, provided by a sender of the signal. - View Dependent Claims (17)
-
-
18. A method for transmitting secure messages between a master node and a member node of a network collaboration group comprising:
-
encrypting-messages using a key shared by the master and the member, so as to protect confidentiality of the message; and
embedding a plurality of updated nonce values within said encrypted messages so as to provide verifiable integrity, authenticity, and freshness for each of said messages.
-
Specification