Method to Provision Symmetric Keys in an Astro Radio without a persistent real-time clock
Original Publication Date: 2009-Nov-07
Included in the Prior Art Database: 2009-Nov-07
Thomas, Shanthi: INVENTOR [+3]
Please refer to attached document describing the disclosure.
MobileDevices that Lack Persistent Time-of-Day
Shanthi Thomas, Anthony Metke, Erwin Himawan, Thomas Senese
Advanced Technology, Standards & Common Engineering & Astro System Engineering
This paper provides a brief description of how symmetric key provisioning currently occurs in public safety radios and how it can be improved using public key certificates. The improved method raises a serious concern. This concern arises due to some P25 radios not maintaining a persistent time of day. This paper identifies methods to mitigate this problem.
Current Method of Provisioning Symmetric Keys
The TIA engineering committee TR-8 has developed a set of standards for public safety know as Project 25 (P25), which allow a Key management Facility (KMF) to send “Over the Air Re-keying” (OTAR) Key Management Messages (KMMs) to a radio . When a radio is out of range of the radio system, KMMs can be transferred to the radio via the SKL as the transport medium rather than the common air interface.
The KMM sent from the KMF to the radio includes a message number for replay protection, and a Message Authentication Code (MAC) for authentication. Additionally, the KMM is encrypted, and the transported keys are key-wrapped encrypted. This scheme does not work if the radio does not pre-possess the symmetric keys needed for the MAC, KMM encryption and key wrapping. The scheme also does not work if the message number assigned by the KMF does not fall within the range of message numbers that the radio is willing to accept.
This scheme uses symmetric keys to load a new set of symmetric keys in to a radio. While symmetric keys do not have a requirement for trusted time., the solution opens up issues regarding symmetric key management and the need for manual provisioning of the initial set of symmetric keys, thereby reducing its effectiveness.
Provisioning Symmetric Keys using Public Key Certificates
Public Key Cryptography involves the use of a public-private key pair. The private key remains private and is known only to the owner of the key pair. The public key can be made public and is certified to belong to a particular user or device by means of a pubic key certificate issued by a trusted Certificate Authority that binds the subject of the certificate to the public key in the certificate. A message that is encrypted using a public key can be decrypted only by the private key corresponding to the key pair and is known only to the owner of the key pair.
Once the radios are provisioned with public key certificates for itself and has access to public key certificates of the KMF, the symmetric key provisioning scenario is greatly simplified. There is no need to manually install the initial set of symmetric keys generated by the KMF into the radio. Instead, the radio and the KM...