Method for ensuring security and privacy in a wireless cognitive network
First Claim
1. A method for ensuring security and privacy of communications over a wireless network of cognitive radios (“
- CRN”
), the CRN including a managing base station in communication with at least one candidate node, the method comprising;
the managing base station receiving from the candidate node a request to join the CRN;
the managing base station transmitting to the candidate node a temporary node identifier;
the managing base station establishing encrypted communication with the candidate node using the temporary node identifier;
the managing base station authorizing the candidate node to join the CRN;
the managing base station conveying to the candidate node by encrypted transmission a permanent node identifier in replacement of the temporary node identifier; and
the candidate node joining the CRN using the permanent node identifier,wherein establishing encrypted communication and authorizing the candidate node to join the CRN includes;
receiving a registration request from the candidate node, the registration request including a subscriber digital certificate and a subscriber public key;
determining an authenticity of the subscriber digital certificate;
if the subscriber digital certificate is authentic, applying authorization criteria to the candidate node;
if the authorization criteria are met, authorizing participation of the candidate node in the CRN;
using the subscriber public key, encrypting an authorization key and transmitting the encrypted authorization key to the candidate node, the candidate node being able to derive therefrom a key-encryption-key (“
KEK”
), and a “
management-message-protection-key (“
MMP”
), an MMP expiration criterion being associated with the MMP so as to cause the MMP to expire when the MMP expiration criterion is met;
generating a transmission-encryption-key (“
TEK”
), encrypting the TEK using the KEK, and transmitting the encrypted TEK to the candidate node, a TEK expiration criterion being associated with the TEK so as to cause the TEK to expire when the TEK expiration criterion is met;
using the TEK, encrypting all data communication with the candidate node over the CRN;
using the MMP, encrypting all management and control communication with the candidate node over the CRN;
using the KEK, encrypting a replacement TEK and transmitting the encrypted replacement TEK to the candidate node before the TEK expiration criterion is met;
using the KEK, encrypting a replacement MMP and transmitting the encrypted replacement MMP to the candidate node before the MMP expiration criterion is met; and
so long as the candidate node continues to participate in the CRN, repeating the encrypting of a replacement TEK and of a replacement MMP, and the transmitting the encrypted replacement TEK and the encrypted replacement MMP to the candidate node before the TEK and MMP expiration criteria are met.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, authentication, confidentiality, and privacy are enhanced for a wireless network of cognitive radios by encryption of network management and control messages as well as data traffic, thereby protecting information pertaining to node identification, node location, node-sensed incumbent transmissions, CRN frequency channel selections, and such like. During initial network registration, a temporary ID can be issued to a node, and then replaced once encrypted communication has been established. This prevents association of initial, clear-text messages with later encrypted transmissions. Elliptic curve cryptography can be used for mutual authentication between subscribers and the base station. ECC-based implicit digital certificates can be embedded in co-existence beacons used by CRN nodes to coordinate use of frequency channels, thereby preventing denial of service attacks due to transmitting of falsified beacons. Similar certificates can be embedded within identity beacons used to protect certain incumbents from interference by the CRN.
-
Citations
13 Claims
-
1. A method for ensuring security and privacy of communications over a wireless network of cognitive radios (“
- CRN”
), the CRN including a managing base station in communication with at least one candidate node, the method comprising;the managing base station receiving from the candidate node a request to join the CRN; the managing base station transmitting to the candidate node a temporary node identifier; the managing base station establishing encrypted communication with the candidate node using the temporary node identifier; the managing base station authorizing the candidate node to join the CRN; the managing base station conveying to the candidate node by encrypted transmission a permanent node identifier in replacement of the temporary node identifier; and the candidate node joining the CRN using the permanent node identifier, wherein establishing encrypted communication and authorizing the candidate node to join the CRN includes; receiving a registration request from the candidate node, the registration request including a subscriber digital certificate and a subscriber public key; determining an authenticity of the subscriber digital certificate; if the subscriber digital certificate is authentic, applying authorization criteria to the candidate node; if the authorization criteria are met, authorizing participation of the candidate node in the CRN; using the subscriber public key, encrypting an authorization key and transmitting the encrypted authorization key to the candidate node, the candidate node being able to derive therefrom a key-encryption-key (“
KEK”
), and a “
management-message-protection-key (“
MMP”
), an MMP expiration criterion being associated with the MMP so as to cause the MMP to expire when the MMP expiration criterion is met;generating a transmission-encryption-key (“
TEK”
), encrypting the TEK using the KEK, and transmitting the encrypted TEK to the candidate node, a TEK expiration criterion being associated with the TEK so as to cause the TEK to expire when the TEK expiration criterion is met;using the TEK, encrypting all data communication with the candidate node over the CRN; using the MMP, encrypting all management and control communication with the candidate node over the CRN; using the KEK, encrypting a replacement TEK and transmitting the encrypted replacement TEK to the candidate node before the TEK expiration criterion is met; using the KEK, encrypting a replacement MMP and transmitting the encrypted replacement MMP to the candidate node before the MMP expiration criterion is met; and so long as the candidate node continues to participate in the CRN, repeating the encrypting of a replacement TEK and of a replacement MMP, and the transmitting the encrypted replacement TEK and the encrypted replacement MMP to the candidate node before the TEK and MMP expiration criteria are met. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- CRN”
Specification