U.S. patent application number 14/728281 was filed with the patent office on 2016-01-21 for system for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment.
The applicant listed for this patent is TeleCommunication Systems, Inc.. Invention is credited to Todd Lagimonier, Jim Voris.
Application Number | 20160021063 14/728281 |
Document ID | / |
Family ID | 25463236 |
Filed Date | 2016-01-21 |
United States Patent
Application |
20160021063 |
Kind Code |
A1 |
Lagimonier; Todd ; et
al. |
January 21, 2016 |
System for Efficiently Handling Cryptographic Messages Containing
Nonce Values in a Wireless Connectionless Environment
Abstract
A system for determining the validity of a received
cryptographic message while ensuring for out-of-order messages is
utilized to provide for secure communications among peers in a
network. In particular, a secure communication module may be
configured to accept the cryptographic message in response to a
received nonce value of the received message is greater than the
largest nonce value yet seen, the secure communication module may
be configured to compare the received nonce value with a nonce
value acceptance window. If the received nonce value falls outside
the nonce acceptance window, the secure communication module may be
further configured to reject the received message and assume that a
replay attack has been detected. If the received nonce value fails
within the nonce acceptance window, the secure communication module
may be further configured to determine if the received nonce value
has been seen before by comparing the received nonce value with a
replay window mask. If the received nonce has been seen before, the
secure communication module may be further configured to reject the
received message and assume a replay attack. Otherwise, the secure
communication module may be further configured to accept the
message and add the received nonce value to the replay window
mask.
Inventors: |
Lagimonier; Todd; (Delray
Beach, FL) ; Voris; Jim; (Cockeysville, MD) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
TeleCommunication Systems, Inc. |
Annapolis |
MD |
US |
|
|
Family ID: |
25463236 |
Appl. No.: |
14/728281 |
Filed: |
June 2, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13902074 |
May 24, 2013 |
9071438 |
|
|
14728281 |
|
|
|
|
13447902 |
Apr 16, 2012 |
8453240 |
|
|
13902074 |
|
|
|
|
12926840 |
Dec 13, 2010 |
8161553 |
|
|
13447902 |
|
|
|
|
09932982 |
Aug 21, 2001 |
7856660 |
|
|
12926840 |
|
|
|
|
Current U.S.
Class: |
713/170 |
Current CPC
Class: |
H04L 63/0876 20130101;
H04L 9/321 20130101; H04L 63/1408 20130101; H04L 63/14 20130101;
H04L 63/04 20130101; H04W 12/1201 20190101; H04W 12/02 20130101;
H04W 12/0401 20190101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; H04W 12/04 20060101 H04W012/04; H04W 12/06 20060101
H04W012/06 |
Claims
1-43. (canceled)
44. A method of detecting a replay attack in a secure
communication, comprising: accepting a cryptographic message in
response to a received nonce value of a received message being
greater than a largest nonce value yet seen, and otherwise
comparing said received nonce value with a nonce acceptance window
when said received nonce value is not a largest nonce value yet
seen; determining if said received nonce value has been seen
before, when said received nonce value falls within said nonce
acceptance window, otherwise, when said received nonce value falls
outside said nonce acceptance window, rejecting said received
message and indicating detection of a replay attack; and rejecting
said received message and indicating detection of said replay
attack, when said received nonce has been seen before, otherwise,
when said received nonce has not been seen before, accepting said
received message and adding said received nonce value to a replay
window mask.
45. The method of detecting a replay attack in a secure
communication according to claim 44, wherein said determining if
said received nonce value has been seen before comprises: comparing
said received nonce value with a replay window mask.
46. The method of detecting a replay attack in a secure
communication according to claim 44, further comprising: adjusting
a size of said range of acceptable nonce values within said nonce
acceptance window based on a reset largest nonce value.
47. The method of detecting a replay attack in a secure
communication according to claim 44, wherein: said largest nonce
value is associated with a first session.
48. The method of detecting a replay attack in a secure
communication according to claim 44, wherein: said largest nonce
value is associated with a second session.
49. The method of detecting a replay attack in a secure
communication according to claim 44, further comprising: generating
a new cryptographic key.
50. Apparatus for detecting a replay attack in a secure
communication, comprising: means for accepting a cryptographic
message in response to a received nonce value of a received message
being greater than a largest nonce value yet seen, and otherwise
for comparing said received nonce value with a nonce acceptance
window when said received nonce value is not a largest nonce value
yet seen; means for determining if said received nonce value has
been seen before, when said received nonce value falls within said
nonce acceptance window, otherwise, when said received nonce value
falls outside said nonce acceptance window, for rejecting said
received message and indicating detection of a replay attack; and
means for rejecting said received message and indicating detection
of said replay attack, when said received nonce has been seen
before, otherwise, when said received nonce has not been seen
before, for accepting said received message and adding said
received nonce value to a replay window mask.
51. The apparatus for detecting a replay attack in a secure
communication according to claim 50, wherein said means for
determining if said received nonce value has been seen before
comprises: means for comparing said received nonce value with a
replay window mask.
52. The apparatus for detecting a replay attack in a secure
communication according to claim 50, further comprising: means for
adjusting a size of said range of acceptable nonce values within
said nonce acceptance window based on a reset largest nonce
value.
53. The apparatus for detecting a replay attack in a secure
communication according to claim 50, wherein: said largest nonce
value is associated with a first session.
54. The apparatus for detecting a replay attack in a secure
communication according to claim 50, wherein: said largest nonce
value is associated with a second session.
55. The apparatus for detecting a replay attack in a secure
communication according to claim 50, further comprising: means for
generating a new cryptographic key.
Description
TECHNICAL FIELD
[0001] The invention generally relates to message processing in a
distributed computer network. More particularly, the invention
relates to preventing replay attacks while providing flexibility
for receiving out of order messages.
DESCRIPTION OF THE RELATED ART
[0002] Recently, there has been a rapid proliferation of private
and public data networks. For example, the Internet, as a public
network, has grown to be an international phenomenon. The
popularity of the internet has drawn more users who view it as a
source of information and/or as a marketplace. The typical user may
access the Internet through a network interface card (e.g., a
modem) of a desktop personal computer via a local Internet service
provider.
[0003] As more users rely on the Internet and other private
networks for information exchange and services, the reach of the
data networks for information exchange and services, the reach of
the data networks has extended to wireless domain. Mobile users may
now use Wireless Application Protocol (WAP) enabled telephones,
text pagers, personal digital assistants, laptop computers, and
other similar portable electronic devices to access a similar set
of services as the services provided to the desktop computer.
[0004] Since some of the data networks exchange information over
publicly accessible areas, there is an opportunity for mischief.
Anyone who has access to a computer in a data network can intercept
signals carrying proprietary information traveling along the data
network. In order to transact any type of business over an open
data network, companies or individuals must have an efficient,
reliable and secure manner to conduct private communications
therebetween. Thus, security becomes a primary concern over the
open data networks, e.g., Internet, and there have been many
efforts in progress aimed at protecting proprietary information
traveling over open data networks.
[0005] One way to remedy the security issues of data networks is
the use of cryptographic techniques to secure a private
communication between two parties. The cryptographic techniques
provide a way to transmit information across an untrusted
communication channel without disclosing the contents of the
information to anyone accessing the communication channel.
[0006] One known method of secure communication is a symmetric key
cryptography, which involves the use of a single, share secret key.
Here, a source of information encodes ("encrypts") information and
the recipient of the information decodes ("decrypts") it using the
shared encryption key. An encryption key is a code or number which,
when taken together with an encryption algorithm, defines a unique
transformation used to encrypt or decrypt information.
[0007] Although cryptography may provide secure communication
between users, it may still be vulnerable to other types of
security attacks. In some portions of data networks, users are
prone to a security attack known as a replay attack. The replay
attack involves malicious users intercepting and recording
transactions, i.e., message traffic, between unsuspecting users.
The recorded message traffic is then rebroadcasted, and thus,
disrupts the system by replaying a previous message traffic.
[0008] One technique to rectify this type of security attack is to
use incrementing nonce values. Message traffic between two parties
may contain a nonce value that is always increasing for each
message sent. Accordingly, nonce values are always increasing, and
old messages may be detected because they contain a lower than
expected nonce value. Thus, the old messages may be rejected or be
considered as part of a replay attack.
[0009] The above technique generally suffices in
connection-oriented data networks because the order of the messages
transferred between the source and recipient may be guaranteed.
Many parts of open data networks rely on a connectionless protocol
e.g., Internet Protocol. A source of information may be configured
to send datagrams or (packets/messages) Over a network to the
recipient by utilizing a connectionless protocol. The source is not
concerned with the ordering of messages sent because it is the
responsibility of the recipient to reorder and assemble the
received messages. As such, applying the above-mentioned
cryptographic technique to a connectionless protocol environment, a
recipient may reject valid messages as well as invalid
messages.
[0010] One solution to out-of-order messages in a connectionless
protocol network is the use of a non-repeating, randomly generated
number for each nonce value. Instead of increasing in value for
each message sent, each nonce value is randomly generated using an
algorithm guaranteed to never issue repeating random numbers.
However, there are drawbacks to this solution. In particular, this
solution requires that senders and recipients keep track of each
previously used nonce value in a used nonce list and to check a new
nonce value against the used nonce list. The used nonce list may
grow to be very large, which may run counter to the performance
capabilities of many wireless devices. By way of example, the
computing power of a typical cellular phone is less than one
percent of that of a regular desktop computer, the memory capacity
thereof is generally less than 250 kilobytes. Accordingly, it may
be impractical to store the used nonce list in a wireless device
and checking a received nonce against the used nonce list may be
unacceptable from a performance point of view.
[0011] Another solution for the out-of-order message may be the use
of a timestamp. Senders and receivers synchronize their respective
clocks and use a timestamp for each nonce. Recipients may then
allow messages with timestamps that fall within a small time
window. However, there may be disadvantages with this solution. In
particular, timestamps are difficult to use in a wireless
environment. Time-of-day capabilities of wireless devices are
typically under the control of the wireless device users. In fact,
many wireless devices do not maintain a time-zone concept.
Moreover, the use of timestamps has an inherent security flaw. This
approach allows all messages that fall within a given time window.
Although the time window is generally short, duplicate messages
falling within the given time window will not he detected, and
thus, not prevent a replay attack.
SUMMARY OF THE INVENTION
[0012] In accordance with the principles of the present invention,
a method of processing messages is disclosed. The method includes
comparing a nonce value of a received message with a largest nonce
value yet seen and comparing the nonce value to an acceptance
window in response to the nonce value not exceeding the largest
nonce value yet seen. The method further includes rejecting the
received message in response to the nonce value falling outside the
acceptance window.
[0013] One aspect of the present invention provides for an
apparatus for processing messages. The apparatus includes a
communication interface configured to transmit and receive a
plurality of messages and a controller. The controller is
configured to compare a nonce value of a received message with the
largest nonce value yet seen and the controller is also configured
to compare the nonce value to an acceptance window in response to
the nonce value not exceeding the largest nonce value yet seen. The
controller is further configured to reject the received message in
response to the nonce value falling outside the acceptance
window.
[0014] Another aspect of the present invention provides for a
computer readable storage medium on which is embedded one or more
computer programs. The one or more computer programs implement a
method of processing messages. The method includes comparing a
nonce value of a received message with a largest nonce value yet
seen and comparing the nonce value to an acceptance window in
response to the nonce value not exceeding the largest nonce value
yet seen. The method also includes rejecting the received message
in response to the nonce value falling outside the acceptance
window.
[0015] Yet another aspect of the present invention provides for a
system for processing messages in a peer-to-peer configuration. The
system comprises a first peer configured to provide secure
communication, a second peer configured to provide secure
communication, and a secure communication module, where the secure
communication module is configured to be executed by the first peer
and second peer. The secure communication module is configured to
compare the nonce value to a filter in response to a nonce value of
a received packet not exceeding a largest nonce value yet seen and
the secure communication module is also configured to compare the
nonce value to a replay mask. The secure communication module is
further configured to accept the received packet in response to the
comparison of the nonce value and the replay mask being false.
[0016] Yet another aspect of the present invention provides for an
interceptor device for processing messages. The interceptor device
includes a network interface, an expected sequence register
configured to enumerate an expected sequence number of a message
received from the second network device, a memory configured to
store a replay mask, and a controller. The controller is configured
to compare a sequence number of a received packet via the network
interface to a filter in response to the sequence number not
exceeding a largest sequence number yet seen retrieved from the
expected sequence register and to compare the sequence number to
the replay mask retrieved from the memory. The controller is also
configured to accept the received packet in response to the
comparison of the sequence number and the replay mask being
false.
[0017] Additional advantages and novel features of the invention
will he set forth in part in the description which follows and in
part will become apparent to those skilled in the art upon
examination of the following or may he learned by practice of the
invention.
DESCRIPTION OF DRAWINGS
[0018] Features and advantages of the present invention will become
apparent to those skilled in the art from the following description
with reference to the drawings, in which;
[0019] FIG. 1 illustrates a computer network in which an exemplary
embodiment of a secure communication module may be implemented.
[0020] FIG. 2 illustrates an exemplary block diagram of a client
device shown in FIG. 1 in accordance with the principles of the
present invention;
[0021] FIG. 3 illustrates an exemplary block diagram of a software
architecture in a client device shown in FIGS. 1 and 2;
[0022] FIG. 4 illustrates an exemplary flow diagram of the secure
communication module according to the principles of the present
invention; and
[0023] FIG. 5 illustrates another embodiment of the secure
communication module in accordance with the principles of the
present invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0024] For simplicity and illustrative purposes, the principles of
the present invention are described by referring mainly to an
exemplary embodiment thereof. Although the preferred embodiment of
the invention may be practiced in a peer-to-peer communication
environment one of ordinary skill in the art will readily recognize
that the same principles are equally applicable to, and can be
implemented in, any environment requiring secure communications,
and that any such variation would be within such modifications that
do not depart from the true spirit and scope of the present
invention. Moreover, in the following detailed description,
references are made to the accompanying drawings, which illustrate
specific embodiments in which the present invention may he
practiced. Electrical, mechanical, logical and structural changes
may be made to the embodiments without departing from the spirit
and scope of the present invention. The following detailed
description is, therefore, not to be taken in a limiting sense and
the scope of the present invention is defined by the appended
claims and their equivalents.
[0025] In accordance with the principles of the present invention,
a secure communication module is utilized to provide secure
communication between a sender and a recipient, i.e., between two
peers of a network. The secure communication module, which is
executed by both a sender and a recipient, may be configured to
examine a received cryptographic message (or datagram/packet) with
a nonce value. A nonce value (or sequence number) may be a numeric
value that may be used to detect duplicate cryptographic messages.
The secure communication module may be configured to compare the
received nonce value with a largest nonce value yet seen. The
secure communication module may be further configured to accept the
cryptographic message in response to the received nonce value being
greater than the largest nonce value yet seen. The secure
communication module may be further configured to accept the
cryptographic message in response to the received nonce value being
greater than the largest nonce value yet seen. The secure
communication module may be further configured to track the nonce
values seen by the secure communication module by utilizing a
replay window mask. The secure communication module may be further
configured to replace the largest nonce value yet seen with the
received nonce value and to adjust a nonce acceptance window (or
filter) according to the replaced largest nonce value yet seen. The
nonce acceptance window may be configured to provide a moving range
based on the largest nonce value yet seen for accepting messages
that have arrived out of order. A user and/or network administrator
may statically set the range. Alternatively, the range may be set
dramatically.
[0026] If the received nonce value is not the largest nonce value
yet seen, the secure communication module may be configured to
compare the received nonce value with the nonce acceptance window.
If the received nonce value falls outside the nonce acceptance
window, the secure communication module may be further configured
to reject the received message and assume that a replay attack has
been detected.
[0027] The secure communication module may be further configured to
determine if the received nonce value has been previously received
by comparing the replay window mask to the received nonce value in
response to the received nonce value falling within the nonce
acceptance window. If the comparison is true, i.e., the secure
communication module has seen the message previously, the secure
communication module may be further configured to reject the
received message and assume a replay attack. Otherwise, the secure
communication module may be further configured to accept the
message and mark the communication module, users may be provided
with secure communications in a connectionless protocol network by
preventing replay attacks while providing for out-of-order
communications.
[0028] FIG. 1 illustrates a communication network 100 where an
exemplary embodiment may be practiced in accordance with the
principles of the present invention. In particular, the
communication network 100 includes an application services network
105, one of more protocol gateways which may be wireless-based 110
or wire-based (e.g., an Internet Protocol ("IP") protocol gateway
115), and wireless/wired clients, 120 and 125, respectively.
[0029] The wireless and wired protocol gateways, 110 and 115, may
be configured to interface with the application services network
105 via a network 112. The network 112 may be configured to provide
a communication channel between the application services network
105 and the protocol gateways, 110 and 115. A local area network, a
token ring network, a wide area network, the Internet or some
combination thereof may implement the network 112.
[0030] The wireless protocol gateway 110 may be further configured
to interface with the wireless clients 120 via a wireless network
130. The wireless network 130 may be configured to provide wireless
communication protocol support for the wireless clients 120. The
wireless network 130 may be configured to support wireless network
protocols such as Cellular Digital Packet Data, Mobitex, IEEE
802.11b, Wireless Application Protocol, GSM-Global System for
Mobile Communications, and other similar protocols.
[0031] A text-pager, a personal digital assistant, a wireless
mobile telephone with integrated displays and other similar devices
may implement the wireless clients 120. Each of the wireless
clients 120, as well as the wired clients 125 may be configured to
execute a client program, which may be implemented as a software
program, utility, and/or subroutine to interface with the
application services network 105. The client may be configured to
provide the software (e.g., utilities, application specific
software, etc.,) to support the respective services designated for
each type of wireless/wired client devices, 120 and 125
respectively.
[0032] The client software of the wireless/wired client devices,
120 and 125 may be further configured to provide a secure
communications module (not show). Users of the wireless/wired
client devices, 120 and 125, may exchange messages without fear of
a replay attack while permitting the messages to arrive
out-of-order within an acceptance window by utilizing the secure
communication module. The secure communication module may be a
software program, utility, object class or subroutine executed by
and/or in conjunction with the client software. Alternatively, the
secure communication module may be an electronic device attached to
a network interface of the client devices, 120 and 125.
[0033] Similarly, the wired protocol gateways 115 may be configured
to interface with the wired clients 120 via a wired network 135.
The wired network 135 may be configured to provide wired
communication protocol support for the wired client devices 125.
The wired network 135 may be configured to support wired protocols
such as Transmission Control Protocol/Internet Protocol, X.25, IEEE
802.5, IEEE 802.3, Asynchronous Transfer Mode, and other similar
network protocols.
[0034] The wired client devices 125 may be implemented as a laptop
computer with a telephone modem, a desktop computer with a
telephone modem, server/client, and other similar computing
platforms. Each of the wired client devices 125 may be configured
to execute a client implemented by a software program, utility
and/or subroutine to interface with the wired network 135 and,
subsequently, the application services network 105.
[0035] Accordingly, messages from wireless client devices 120
and/or wired client devices 125 are transmitted to their protocol
gateways, 110 and 115, respectively, over their respective
networks, 130 and 135, respectively. The protocol gateways, 110 and
115, may be configured to encapsulate the transmitted messages to
the network protocol of the application services network 105.
Similarly, as messages are transmitted from the application
services network 105 to the client devices, 120 and 125, the
protocol gateways, 110 and 115, reformat the transmitted messages
into the respective network protocol of the clients, 120 and
125.
[0036] The application services network 105 may be configured to
provide a variety of services to the wireless and wired clients,
120 and 125, respectively. These services may include session-base
services such as instant messaging, database querying, and other
similar services, i.e., services that permit client devices, 120
and 125 to exchange information and/or services as peers.
[0037] FIG. 2 illustrates an exemplary embodiment of a client
device, 120 or 125, shown in FIG. 1 in accordance with the
principles of the present invention. The client device 200 may
include wireless devices (e.g., a text-messaging pager, a wireless
telephone, a personal digital assistant, etc.) or wired devices
(e.g., a laptop computer, a computer, a server with clients, etc.).
As shown in FIG. 2, the client device 200 may include a controller
205, a network interface 210, a memory 215, a display 220 and a
user interface 2255.
[0038] Although, for purely illustrative purposes, FIG. 2
illustrates the client device 200 with the above-mentioned
components, it should be readily apparent to those of ordinary
skill in the art that FIG. 2 represents a generalized schematic
illustration of a client device and that other components may be
added or existing components may be subtracted without departing
from the spirit or scope of the present invention.
[0039] The controller 205 may be configured to provide a computing
platform for the software/firmware that provides the functionality
of the client device 200 and to execute a computer program
embodiment of the secure communication module (not shown). The
controller 205 may be implemented with a microprocessor, a
micro-controller, an application specific integrated circuit
("ASJC") a digital signal processor, or other similar integrated
circuits.
[0040] The controller 205 may be interfaced with a network
interface 210. The network interface 210 may be configured to
provide the capability for the user to receive and transmit
information via radio frequency techniques such as cellular
networks, pager networks, etc. The network interface 210 may be
implemented by a pager interface, a wireless modem, a personal
communication services ("PCS") interface, and the like.
Alternatively, the network interface 210 may be configured to
provide the capability for the user to receive and transmit
information via wired communication protocols such as IEEE 802.3,
Integrated Services Digital Network, token ring, and other similar
protocols.
[0041] The controller 205 may be further configured to interface
with the memory 215. The memory 215 may be configured to provide
the capability to store information, executable copies of the
client software as well as a computer program embodiment of the
secure communication module, and to provide application memory
space. The memory 215 may be implemented with random access memory
("RAM"), flash memory, or other re-writable memory or in
combination with a read-only memory to provide permanent
storage.
[0042] The display 220 may be configured to interface with the
controller 205. The display 220 may be further configured to
provide an interface for information to be displayed, graphical
user interfaces to enable navigation through the functionality of
the client device 200. The display 220 may be implemented with a
liquid crystal display, thin film display, cathode ray tube, or
other similar display technologies.
[0043] The controller 205 may be configured to interface with the
user interface 225, which is configured to provide a man-machine
interface between the user and the client device 200. The user
interface 225 may be implemented by a numeric keypad, an
alphanumeric keypad, keyboard, or the like.
[0044] FIG. 3 illustrates an exemplary block diagram of a software
architecture 300 of a client device 2000 shown in FIG. 2. As shown
in FIG. 3, the software architecture 300 may include a client 310,
an operating system 320, an application program interface 330, and
a secure communication module 340. Although, for purely
illustrative purposes, FIG. 3 illustrates the client device with
above-mentioned software architecture, it should be readily
apparent to those of ordinary skill in the art that FIG. 3
represents a generalized illustration of the software architecture
and that other software components may be added or existing
software components may subtracted without departing from the
spirit or scope of the present invention.
[0045] The client 310 may be configured to provide the software
(e.g., utilities, application specific software, etc. support the
session services designated for each type of wireless/wired client
devices, 120 and 125, respectively.
[0046] The operating system 320 of the client device 200 may be
configured to manage software programs or applications that provide
functionality to the client device 200 such as EPOC, POCKET PC,
WINDOWS CE, RIM OS and other similar operating systems. The
operating system 320 may be further configured to provide an
interface to the software applications and to the underlying
hardware components, as shown in FIG. 2, of the client device 200
through an application program interface (API) 330.
[0047] The secure communication module 340 may be configured to
intercept received messages from a sender and to determine whether
the received messages are valid. The secure communication module
340 may be a separate software program executed by the client 310.
Alternatively, the secure communication module 340 may he executed
as a utility program as part of the API 330 or may be incorporated
as a subroutine in a network interface program of the client device
200. Any software (or hardware) implementation of the secure
communication module 340 executed by the client is within the scope
and spirit of the present invention.
[0048] FIG. 4 illustrates an exemplary flow diagram 400 of a secure
communication module 340 shown in FIG. 3 in accordance with the
principles of the present invention. The following description of
the flow diagram 400 is made with reference to the block diagram
illustrated in FIG. 2, and thus makes reference to the elements
illustrated therein.
[0049] It is to be understood that the steps illustrated in the
flow diagram 400 may be implemented as a program, a utility, an
object class, and/or subroutine in any desired computer accessible
medium. Such medium may include the memory 215, internal and
external computer memory units, and other types of computer
accessible media, such as a floppy disk, a ZIPDISK, and/or compact
disc readable by a storage device. Thus, although particular
reference is made in the following description of FIG. 2 to the
controller 205 performing certain functions, it is to be understood
that any desired electronic device capable of executing computer
software may perform those functions. Furthermore, the functions
may be coded in FORTRAN, C, C++, JAVA or other computer languages
without departing from the scope or spirit of the present
invention.
[0050] As shown in FIG. 4, the controller 20 executing a computer
program embodiment of the secure communication module 340 may be
configured to be in an idle state 405. In step 410, the client
device 200 receives a message (or packet/datagram) with a nonce
value via the network interface 210. The client device 200 may
perform additional processing that decrypts the received message
into a decrypted message with a nonce value in a header portion of
the received message.
[0051] In step 415, the controller 205 may he configured to compare
the nonce value of the received decrypted message with a largest
nonce value seen, which is the largest nonce value seen by the
controller 205. The controller 205 may be further configured to
allocate location(s) in the memory 215 to create a register for the
storage of the largest nonce value seen. Alternatively, the
register may be implemented using a combination of flip-flops, a
register circuit, and/or a type of memory circuit.
[0052] Moreover, the nonce values may be incrementing until a very
large maximum value, which may be defined by a user and/or network
administrator. At the point of the maximum value, the secure
communication module 340 may be configured to reset the largest
nonce value yet seen along with generating a new cryptographic key.
The reason for the large maximum value is to prevent replay attacks
from occurring across multiple sessions between two parties. For
instance, if for every new session, the nonce value is reset, a
previous session with large nonce values may play havoc on a new
session. The new session would not have seen the large nonce values
of the previous session, thus accepting the messages of the
previous session. Accordingly, by using incrementing nonce values
with a large maximum value, replay attacks using previous sessions
may be detected in a new session.
[0053] Returning to FIG. 4, if the received nonce value is the
largest yet seen by the controller 205 for the current session, the
controller 205 may be configured to adjust a nonce acceptance
window (or filter) based on the received nonce value, in step 420.
The nonce acceptance window may be configured to set a range of
nonce values that may be accepted by the secure communication
module. The range may be defined by a user and/or network
administrator. Alternatively, the range of the nonce acceptance
window may be set dynamically based on time-of-arrival of messages,
network traffic, heuristically based on how many "out-of-order"
messages are expected within in a given time frame, or other
similar parameters. The controller 205 may be further configured to
replace the current largest nonce value yet seen with the received
nonce value.
[0054] In step 425, the controller 205 may be configured to
designate or mark the received nonce value as a nonce value seen by
marking a respective bit in a replay window (or value) mask, stored
in memory 215, for tracking the nonce values seen within the nonce
acceptance window. The replay window mask may be configured to
determine whether the controller 205 of the secure communication
module has previously received the received nonce value.
[0055] In particular, the replay window mask may be configured to
have a bit representing a nonce value within the nonce acceptance
window. For each nonce value seen by the controller 205 within the
nonce acceptance window, the respective bit position in the replay
window mask is set to indicate the nonce value as seen inclusive
with the largest nonce value yet seen. For example, for the case
where the largest nonce value seen is one hundred (100) and a nonce
acceptance window is fifteen (15), the replay window mask would be
15 bits, with one bit assigned to the nonce values of 86-100. If a
message is received with a nonce value equal to 86, the bit
representing 86 in the replay window is set. Furthermore, for each
new largest nonce value yet seen, the replay window mask is shifted
a number of times equivalent to the difference between the new and
old largest nonce value yet seen.
[0056] In step 430, the controller 205 may be configured to accept
the received message and the controller 205 returns to the idle
state of step 405 to wait for the next message.
[0057] Returning to step 415, if the received nonce value is not
the largest seen, the controller 205 may be configured to determine
whether the received nonce value is within the nonce acceptance
window, in step 435. If the received nonce value is not within the
nonce acceptance window, i.e., falls outside the nonce acceptance
window, the controller 205 may be configured to designate the
received nonce value as an old nonce value and assume that the
network device 200 is under replay attack, in step 440.
Subsequently, the controller 205, in step 445, may be configured to
reject the received message and return to idle state of step
405.
[0058] Otherwise, if the received nonce value is within the nonce
acceptance window, the controller 205 may be configured to
determine whether the received nonce value has been seen before by
determining if the bit position representing the received nonce
value had been previously set, in step 450.
[0059] If the bit position representing the received nonce value is
set, the controller 205 may be configured to go to step 440 as
described herein above. Otherwise, if the bit position for received
nonce value is not set, the controller 205 may be further
configured to go to step 425 as described herein above.
[0060] FIG. 5 illustrates an exemplary block diagram 500 of another
embodiment of the secure communication module in accordance with
the principles of the present invention. As shown in FIG. 5, the
secure communication module includes a controller 505, a memory
510, an expected nonce register 515, and a network interface 520.
The controller 505 of the secure communication module may be
configured to provide secure communication between a sender and a
recipient. In particular, the secure communication module may be an
electronic device implemented by a combination of discrete
integrated circuits or an ASIC.
[0061] The embodiment of the secure communication module may be
implemented as a supplemental electronic device that is interfaced
with the network interface 210 of a client device 200. This
embodiment, i.e., an interceptor device, may be configured to
intercept the received messages and to determine if each received
message is a valid message.
[0062] The controller 505 may be configured to provide an execution
platform for the software that provides the functionality of the
secure communication module. An exemplary embodiment of the
software would be computer code (e.g., C, C++, PASCAL, JAVA, or
other computer languages) version of the flow diagram illustrated
in FIG. 3 and described herein above. A microprocessor, a
micro-controller, an application specific integrated circuit, a
digital signal processor or other similar electronic processing
device may implement the controller 505.
[0063] The memory 510 may be configured to provide storage for
software and data as well as a software application environment for
the controller 505. The memory 510 may be a combination of
permanent (e.g., a PROM, EEPROM, disc storage, flash memory),
temporary (e.g., random access memory) memories, or any other type
of electronic device that may provide storage of data and
software.
[0064] The expected nonce register 515 may be configured to provide
storage of the largest nonce value seen by the secure communication
module for a session. The expected nonce register 515 may be
implemented by a series of flip-flops, a register circuit, a memory
circuit, or other similar electronic devices.
[0065] The network interface 520 of the secure communication module
500 may be configured to provide a communication channel between a
client device and a network. The network interface 520 may be
further configured to intercept incoming messages or packets and to
determine the validity of the received message as described below.
If the message is accepted, the network interface 520 may be
further configured to pass the accepted message of the client
device.
[0066] The controller 505 of secure communication module 500 may be
configured to compare the received nonce value of a received
message through the interface 520 with a largest nonce value yet
seen retrieved from the expected nonce register 515. If the
received nonce is greater than the value retrieved from the
expected nonce register 515, the controller 505 may be configured
to accept the received message and pass it to the client
device.
[0067] The controller 505 of the secure communication module may be
further configured to designate the received nonce value as seen by
settling a respective bit in a replay window mask, which is
configured to track the nonce values seen by the controller 505,
stored in a memory location(s) in memory 510.
[0068] The controller 505 may be further configured to replace the
largest nonce value yet seen in the largest nonce register with the
received nonce value. The controller 505 may be further configured
to adjust the nonce acceptance window according to the replaced
largest nonce value yet seen. A user and/or network administrator
may statically set the range of the nonce acceptance window.
Alternatively, the range may be set dynamically.
[0069] Otherwise, when the received nonce value is not the largest
nonce value yet seen, the controller 505 of the secure
communication module may be configured to compare the received
nonce value with the nonce acceptance window. If the received nonce
value fails to fall within the acceptance window, the controller
505 may be further configured to reject the received message and
assume that a replay attack has been detected.
[0070] If the received nonce value falls within the acceptance
window, the controller 505 may be further configured to determine
if the controller 505 has previously seen the received nonce value.
The controller 505 may be further configured to compare the
received nonce value with the replay window mask. If the comparison
is true, the controller 505 may be further configured to reject the
received message and add the received nonce value to the nonce
value seen list. Accordingly, users may be provided with the
capability of preventing (and/or detecting) replay attacks while
providing for out-of-order messages by utilizing the secure
communication module.
[0071] Certain embodiments of the present invention may be
performed as a computer program. The computer program may exist in
a variety of forms both active and inactive. For example, the
computer program can exist as software program(s) comprised of
program instructions in source code, object code, executable code
or other formats; firmware program(s); or hardware description
language (HDL) files. Any of the above can be embodied on a
computer readable medium, which include storage devices and
signals, in compressed or uncompressed form. Exemplary computer
readable storage devices include conventional computer system RAM
(random access memory), ROM (read-only memory), EPROM (erasable,
programmable ROM), EPROM (electrically erasable, programmable ROM),
and magnetic or optical disks or tapes. Exemplary computer readable
signals, whether modulated using a carrier or not, are signals that
a computer system hosting or running the present invention can be
configured to access, including signals downloaded through the
Internet or other networks. Concrete examples of the foregoing
include distribution of executable software program(s) of the
computer program on a CID ROM or via Internet download. In a sense,
the Internet itself, as an abstract entity, is a computer readable
medium. The same is true of computer networks in general.
[0072] While the invention has been described with reference to the
exemplary embodiments thereof, those skilled in the art will be
able to make various modifications to the described embodiments of
the invention without departing from the true spirit and scope of
the invention. The terms and descriptions used herein are set forth
by way of illustration only and are not meant as limitations. In
particular, although the method of the present invention has been
described by examples, the steps of the method may be performed in
a different order than illustrated or simultaneously. Those skilled
in the art will recognize that these and other variations are
possible within the spirit and scope of the invention as defined in
the following claims and their equivalents.
* * * * *