Secure mobile ad hoc network
First Claim
Patent Images
1. A method comprising:
- from a first node in a mobile ad hoc network comprising a first plurality of nodes, providing a first message comprising an encrypted shared key to each node of a second plurality of nodes, wherein;
the second plurality of nodes is selected from the first plurality of nodes;
each node of the second plurality of nodes has associated therewith a respective key encryption key (KEK); and
each KEK is known only to the first node and a node to which the KEK is associated; and
the encrypted shared key is encrypted with a KEK associated with a respective node of the second plurality of nodes to generate a respective plurality of encrypted shared keys;
to each node of the second plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received shared key for communications within the mobile ad hoc network, wherein decryption of a message using a previous shared key is allowed; and
to each node of the second plurality of nodes from which acknowledgment of receipt of a respective second message is received, providing a third message comprising an indication to not use a respective previous shared key for communications within the mobile ad hoc network.
1 Assignment
0 Petitions
Accused Products
Abstract
Security in a mobile ad hoc network is maintained by using various forms of encryption, various encryption schemes, and various multi-phase keying techniques. In one configuration, an over the air, three-phase, re-keying technique is utilized to ensure that no authorized nodes are lost during re-keying and that nodes that are intended to be excluded from re-keying are excluded. In another configuration, an over the air, two-phase keying technique, is utilized to maintain backwards secrecy.
-
Citations
19 Claims
-
1. A method comprising:
-
from a first node in a mobile ad hoc network comprising a first plurality of nodes, providing a first message comprising an encrypted shared key to each node of a second plurality of nodes, wherein; the second plurality of nodes is selected from the first plurality of nodes; each node of the second plurality of nodes has associated therewith a respective key encryption key (KEK); and each KEK is known only to the first node and a node to which the KEK is associated; and the encrypted shared key is encrypted with a KEK associated with a respective node of the second plurality of nodes to generate a respective plurality of encrypted shared keys; to each node of the second plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received shared key for communications within the mobile ad hoc network, wherein decryption of a message using a previous shared key is allowed; and to each node of the second plurality of nodes from which acknowledgment of receipt of a respective second message is received, providing a third message comprising an indication to not use a respective previous shared key for communications within the mobile ad hoc network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device comprising:
-
a processor; and memory coupled to the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising; generating a different key encryption key (KEK) for each of a plurality of nodes in a mobile ad hoc network, wherein each node of the plurality of nodes has associated therewith a current node-specific KEK; encrypting each generated KEK, using a different current node-specific KEK; providing a respective first message to each node of the plurality of nodes, wherein a respective first message comprises an encrypted KEK associated with a node to which a respective first message is being provided; and to each node of the plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received KEK for communications within the mobile ad hoc network and to stop using a respective current node-specific KEK for communications within the mobile ad hoc network, wherein upon acknowledging receipt of a respective second message, a respective current node-specific KEK is deleted and replaced with the received KEK. - View Dependent Claims (11, 12, 13)
-
-
14. A communications device comprising:
-
a processor; and memory coupled to the processor, the memory comprising executable instructions that when executed by the processor effectuate operations comprising; providing a first message comprising an encrypted shared key to each node of a plurality of nodes in a mobile ad hoc network, wherein; each node of the plurality of nodes has associated therewith a respective key encryption key (KEK); and each KEK is known only to the communications device and a node to which the KEK is associated; and each encrypted shared key is encrypted with a KEK associated with a respective node; receiving acknowledgment of receipt of a respective first message from a node of the plurality of nodes; to each node of the plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received shared key for communications within the mobile ad hoc network, wherein decryption of a message using a previous shared key is allowed; and to each node of the plurality of nodes from which acknowledgment of receipt of a respective second message is received, providing a third message comprising an indication to not use a respective previous shared key for communications within the mobile ad hoc network. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification