Authentication scheme for ad hoc and sensor wireless networks

US 7,096,359 B2
Filed: 03/01/2001
Issued: 08/22/2006
Est. Priority Date: 03/01/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a packet comprising header and packet data in an ad hoc network between a sending node of a first cluster having a first cluster head and a receiving node of a second cluster having a second cluster head, the method comprising:

establishing a session encryption key using said first and second cluster heads;

communicating said session encryption key to the sending and receiving nodes;

encrypting the packet with said session encryption key;

digitally signing an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number;

encrypting the digitally signed authentication tag with the session encryption key;

appending the encrypted and digitally signed authentication tag to the encrypted packet; and

determining a check result using the appended authentication tag for use in authenticating the packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Strong authentication of packets sent between nodes of different clusters in a two-tier ad hoc network is provided by the cluster heads. Each cluster head authenticates nodes that enter the cluster. Thereafter, when a sending node requests a session from its cluster head with a receiving node in another cluster, the cluster head negotiates a session secret key (SSK) with the corresponding cluster head of the receiving node. Further, the cluster head provides authentication tags for the sending node to use with each packet. Each authentication tag is time-stamped, digitally signed by the cluster head, encrypted with the SSK, and includes indicators of message integrity, including a sequence number and TCP header field of checksum. The sending node further calculates a check result from a number of the authentication tags, encrypted with the SSK, so that the receiving node can authenticate the number of packets.

42 Citations

View as Search Results

21 Claims

1. A method for authenticating a packet comprising header and packet data in an ad hoc network between a sending node of a first cluster having a first cluster head and a receiving node of a second cluster having a second cluster head, the method comprising:
- establishing a session encryption key using said first and second cluster heads;
  
  communicating said session encryption key to the sending and receiving nodes;
  
  encrypting the packet with said session encryption key;
  
  digitally signing an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number;
  
  encrypting the digitally signed authentication tag with the session encryption key;
  
  appending the encrypted and digitally signed authentication tag to the encrypted packet; and
  
  determining a check result using the appended authentication tag for use in authenticating the packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein appending the encrypted and digitally signed authentication tag further comprises:
    - generating a table of the plurality of authentication tags for monitoring use of the plurality of authentication tags.
  - 3. The method of claim 1, further comprising:
    - encrypting a tag sequence number; and
      
      appending the encrypted tag sequence number to a plurality of packet communications.
  - 4. The method of claim 1, further comprising:
    - in response to a request for the authentication tag by the sending node to the cluster head of the first cluster, generating the authentication tag;
      
      associating a time stamp with the authentication tag;
      
      encrypting the authentication tag with the associated time stamp; and
      
      sending the encrypted authentication tag to the sending unit.
  - 5. The method of claim 4, wherein generating the authentication tag further comprises generating at least the prime number.
  - 6. The method of claim 1, further comprising:
    - encrypting the check result with the session encryption key; and
      
      appending the encrypted check result to the authentication tagged packet.
  - 7. The method of claim 6, wherein appending the encrypted check result further compnses encrypting a checksum field with the session encryption key.
  - 8. The method of claim 6, further comprising:
    - in response to receiving the authentication tagged packet, decrypting the authentication tag and appended check result with the session encryption key; and
      
      determining a valid authentication by comparing the calculated check result with the appended check result.
  - 9. The method of claim 1, wherein determining the check result comprises performing an arithmetic operation on the authentication tag.
  - 10. The method of claim 9, wherein the authentication tag is generated, and wherein generating the authentication tag further comprises generating at least the prime number, and wherein performing the arithmetic operation comprises multiplying the authentication tag.
  - 11. The method of claim 1, further comprising:
    - in response to a message from the sending node to the cluster head of the first cluster, determining whether the sending node is a trusted node of the ad hoc network by challenging the sending node to respond with a system private encryption key.

12. An apparatus, comprising:
- a memory; and
  
  a program, resident in the memory, the program configured to receive a session encryption key established by a first cluster having a first cluster head and a second cluster having a second cluster head, and to encrypt a packet for communication to a receiving node of the second cluster using the session encryption key, wherein the program is further configured to digitally sign an authentication tag of a plurality of authentication tags, wherein the authentication tag comprises a prime number, and to encrypt the digitally signed authentication tag with the session encryption key;
  
  wherein the program is further configured to append the encrypted and digitally signed authentication tag to the encrypted packet, and to determine a check result using the appended authentication tag for using in authenticating the packet.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The apparatus of claim 12, wherein the program generates a table of the plurality of authentication tags for monitoring use of the plurality of authentication tags.
  - 14. The apparatus of claim 12, wherein the program is further configured to perform as the first cluster head of the first cluster, and in response to a request for the authentication tag by another sending node of the first cluster, to generate the authentication tag, and to associate a time stamp with the authentication tag, to encrypt each authentication tag with the associated time stamp, and to send the encrypted authentication tag to the sending node.
  - 15. The apparatus of claim 14, wherein the program is configured to generate the authentication tag by generating at least the prime number.
  - 16. The apparatus of claim 12, wherein the program is further configured when acting as the sending node to encrypt the check result with the session encryption key, and to append the encrypted check result to the authentication tagged packet.
  - 17. The apparatus of claim 16, wherein the program is further configured when acting as the receiving node, in response to receiving the authentication tagged packet, to decrypt the authentication tag and the appended check result with the session encryption key, and to calculate a new check result from the authentication tag, and to determine a valid authentication by comparing the calculated check result with the appended check result.
  - 18. The apparatus of claim 12, wherein the program is configured when acting as the sending node to calculate the check result by performing an arithmetic operation on the plurality of authentication tags.
  - 19. The apparatus of claim 18, wherein the program is configured to perform the arithmetic operation by multiplying the authentication tag.
  - 20. The apparatus of claim 12, wherein the program is further configured to encrypt a checksum field with the session encryption key.
  - 21. The apparatus of claim 12, wherein the program is further configured when acting as the first cluster head, in response to a message from the sending node, to determine whether the sending node is a trusted node of an ad hoc system by challenging the sending node to respond with a system public encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Cincinnati
Original Assignee
University of Cincinnati
Inventors
Venkataraman, Lakshmi, Agrawal, Dharma P.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Williams, Jr., Jeffery

Application Number

US09/797,263
Publication Number

US 20020124169A1
Time in Patent Office

2,000 Days
Field of Search

713/153, 713/155, 713/160, 713/161, 713/168, 713/169, 713/170, 713/173, 713/178, 713/179, 713/180, 380/278, 380/270, 380/247
US Class Current

713/168
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

Authentication scheme for ad hoc and sensor wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication scheme for ad hoc and sensor wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links