Authentication scheme for ad hoc and sensor wireless networks
First Claim
1. A method for authenticating a packet comprising header and packet data in an ad hoc network between a sending node of a first cluster having a first cluster head and a receiving node of a second cluster having a second cluster head, the method comprising:
- establishing a session encryption key using said first and second cluster heads;
communicating said session encryption key to the sending and receiving nodes;
encrypting the packet with said session encryption key;
digitally signing an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number;
encrypting the digitally signed authentication tag with the session encryption key;
appending the encrypted and digitally signed authentication tag to the encrypted packet; and
determining a check result using the appended authentication tag for use in authenticating the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Strong authentication of packets sent between nodes of different clusters in a two-tier ad hoc network is provided by the cluster heads. Each cluster head authenticates nodes that enter the cluster. Thereafter, when a sending node requests a session from its cluster head with a receiving node in another cluster, the cluster head negotiates a session secret key (SSK) with the corresponding cluster head of the receiving node. Further, the cluster head provides authentication tags for the sending node to use with each packet. Each authentication tag is time-stamped, digitally signed by the cluster head, encrypted with the SSK, and includes indicators of message integrity, including a sequence number and TCP header field of checksum. The sending node further calculates a check result from a number of the authentication tags, encrypted with the SSK, so that the receiving node can authenticate the number of packets.
42 Citations
21 Claims
-
1. A method for authenticating a packet comprising header and packet data in an ad hoc network between a sending node of a first cluster having a first cluster head and a receiving node of a second cluster having a second cluster head, the method comprising:
-
establishing a session encryption key using said first and second cluster heads; communicating said session encryption key to the sending and receiving nodes; encrypting the packet with said session encryption key; digitally signing an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number; encrypting the digitally signed authentication tag with the session encryption key; appending the encrypted and digitally signed authentication tag to the encrypted packet; and determining a check result using the appended authentication tag for use in authenticating the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
a memory; and a program, resident in the memory, the program configured to receive a session encryption key established by a first cluster having a first cluster head and a second cluster having a second cluster head, and to encrypt a packet for communication to a receiving node of the second cluster using the session encryption key, wherein the program is further configured to digitally sign an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number, and to encrypt the digitally signed authentication tag with the session encryption key;
wherein the program is further configured to append the encrypted and digitally signed authentication tag to the encrypted packet, and to determine a check result using the appended authentication tag for using in authenticating the packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification