PAIRWISE TEMPORAL KEY CREATION FOR SECURE NETWORKS

摘要

A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key.

主权项

1. A method of communication in a body area network, the method comprising:
generating, by an initiator device, a first pairwise temporal key (PTK) frame including a responder address (Address_R), an initiator address (Address_I), an initiator nonce (Nonce_I), and a PTK index; receiving, by the initiator device from a responder device, a second PTK frame including the Address_I, the Address_R, a responder nonce (Nonce_R), the PTK index, and a responder key message authentication code (PTK_KMAC_2B); computing, by the initiator device, a first initiator key message authentication code including an initiator key confirmation key (KCK) by executing a cypher-based message authentication code (CMAC) on an initiator master key (MK) and a first string including the Address_R, the Address_I, the Nonce_R, and the Nonce_I; computing, by the initiator device, a second initiator key message authentication code (PTK_KMAC_2A) by executing the CMAC on the initiator KCK and a second string including the Address_I, the Address_R, the Nonce_I, and the Nonce_R; and verifying, by the initiator device, the PTK_KMAC_2A with the PTK_KMAC_2B.