WO2011074937A2 - Method for secure direct communication between communicator and sensor node - Google Patents

Method for secure direct communication between communicator and sensor node Download PDF

Info

Publication number
WO2011074937A2
WO2011074937A2 PCT/MY2010/000186 MY2010000186W WO2011074937A2 WO 2011074937 A2 WO2011074937 A2 WO 2011074937A2 MY 2010000186 W MY2010000186 W MY 2010000186W WO 2011074937 A2 WO2011074937 A2 WO 2011074937A2
Authority
WO
WIPO (PCT)
Prior art keywords
communicator
data packet
sensor node
corresponding data
secure
Prior art date
Application number
PCT/MY2010/000186
Other languages
French (fr)
Other versions
WO2011074937A3 (en
Inventor
Usman Sarwar
Gobinath Rao Sinniah
Zeldi Suryady
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2011074937A2 publication Critical patent/WO2011074937A2/en
Publication of WO2011074937A3 publication Critical patent/WO2011074937A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network

Definitions

  • the present invention relates generally to a method for secure direct communication between communicators and sensor nodes.
  • Low power wireless sensor devices utilize an IPv6 Low Power Wireless Personal Area Network commonly referred to as 6L0WPAN (IEEE 802.15.4) and this standard is being widely deployed for various purposes and in different scenarios of wireless sensor network.
  • a gateway is a primary component for external network IPv6 clients from the Internet to securely communicate with the above-mentioned sensor network. It also allows a web server to retrieve sensor data and publish the same on the Internet.
  • the present invention is a method for secure direct communication between a communicator and a sensor node.
  • the method comprises sending a request packet from the communicator to the sensor node, processing the request packet in the sensor node, sending a corresponding data packet from the sensor node to the communicator and processing the corresponding data packet in the communicator.
  • a further embodiment of the present invention is the method for the communicator, setting a security mode bit in a header of the request packet to "1", encrypting a payload of the request packet for a secure request packet and thereafter, the sensor node, decrypting a payload of the request packet and identifying the corresponding data packet.
  • yet another further embodiment of the present invention is the method for the sensor node, encrypting a payload of the corresponding data packet, setting a security mode bit in a header of the corresponding data packet to T for a secure data packet and thereafter, the communicator, decrypting a payload of the corresponding data packet and displaying the corresponding data packet to a user.
  • FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • the present invention relates to a method for secure direct communication between communicators and sensor nodes.
  • this specification will describe the present invention according to the preferred embodiments of the present invention. However, it is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.
  • the present invention relates to a method for a secure direct communication at a network layer for a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) communicator and a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) sensor node.
  • a secure data communication algorithm is provided in a 6L0WPAN network that may be used for a single hop secure direct communication between the 6L0WPAN communicators and the 6L0WPAN sensor nodes. This algorithm is required to be loaded in both the communicator and sensor nodes for secure direct communication.
  • the secure direct communication comprises transmitting and receiving request packets and response packets, without the need for packets being routed through the routers or gateways.
  • FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • the method (100) for secure direct communication between the 6L0WPAN communicator and the 6L0WPAN sensor node comprises sending a request packet from the communicator to the sensor node (102), processing the request packet in the sensor node (104), sending a corresponding data packet from the sensor node to the communicator (106) and processing the corresponding data packet in the communicator (108).
  • FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
  • a 6LoWPAN_HC1 (Header Compression) header which is defined in the RFC 4944 is applied.
  • the 6L0WPAN LOWPAN_HC1 header comprises 3 bytes which includes a dispatch byte and general header information with hop limit.
  • the sixth bit of the header is used by setting "1" or "0" for secure or unsecured communication mode with 6LoWPAN_HC1 header type mode.
  • the 6L0WPAN HC1 header bit pattern is updated with a security mode sixth bit.
  • the 6L0WPAN communicators and 6L0WPAN sensor nodes are required to set (to "1") the sixth bit for secure direct communication.
  • the step of sending the request packet from the communicator to the sensor node (102) further comprises the communicator setting a security mode bit in a header of the request packet to T (202) and encrypting a payload of the request packet (204) for a secure request packet.
  • the security mode bit in the header of the request packet is retained at a default value of "0" in the communicator. The request packet is now ready to be transmitted directly to the sensor node.
  • the step of processing the request packet in the sensor node (104) further comprises determining, in the sensor node, if the request packet received is a secure request packet (206). If the request packet received is a secure request packet, then the payload of the request packet is decrypted (210) in the sensor node and the corresponding data packet identified (212) by the sensor node. Indentifying the corresponding data packet further comprises, firstly extracting a message of the request packet received and thereafter processing the message to obtain the corresponding data packet according to the message of the request packet.
  • the step of sending the corresponding data packet from the sensor node to the communicator (106) further comprises the sensor node encrypting a payload of the corresponding data packet (214) and setting a security mode bit in a header of the corresponding data packet to " (216) for a secure data packet.
  • the security mode bit in the header of the corresponding data packet is retained at a default value of "0" in the sensor node. The corresponding data packet is now ready to be transmitted directly to the communicator.
  • the step of processing the corresponding data packet in the communicator (108) further comprises determining, in the communicator, if the corresponding data packet received is a secure data packet (220). If the data packet is a secure data packet, the payload of the corresponding data packet received is decrypted (222) by the communicator and the corresponding data packet is displayed to a user (224).
  • the decryption and encryption in the 6L0WPAN communicator and the 6L0WPAN may comprise of any type of light weight key encryption algorithm.
  • Network layer security provides authentication and confidentiality between end-nodes and across multiple LoWPAN-links", and subsequently prevents from network layer attacks on the 6L0WPAN network.

Abstract

A method for secure direct communication between a communicator and a sensor node is disclosed. The method (100) comprises sending a request packet from the communicator to the sensor node (102), processing the request packet in the sensor node (104), sending a corresponding data packet from the sensor node to the communicator (106) and processing the corresponding data packet in the communicator (108).

Description

METHOD FOR SECURE DIRECT COMMUNICATION BETWEEN COMMUNICATOR AND
SENSOR NODE
FIELD OF INVENTION
The present invention relates generally to a method for secure direct communication between communicators and sensor nodes.
BACKGROUND ART
Current trends have directed the usage of wireless sensor network for various purposes. The application of this technology is endless from agriculture to health monitoring to military purposes. The deployment of IP based wireless sensor network is a next step to integrate this technology with the Internet devices for global connectivity to provide end to end communication.
Low power wireless sensor devices utilize an IPv6 Low Power Wireless Personal Area Network commonly referred to as 6L0WPAN (IEEE 802.15.4) and this standard is being widely deployed for various purposes and in different scenarios of wireless sensor network. A gateway is a primary component for external network IPv6 clients from the Internet to securely communicate with the above-mentioned sensor network. It also allows a web server to retrieve sensor data and publish the same on the Internet.
In view of the presence of the said gateway, only conventional security mechanisms are implemented by way of application layer encryption. Therefore direct communication between end-nodes is open to any malicious user to sniff the communication, rendering the communication unsecure. SUMMARY OF INVENTION
In one embodiment of the present invention is a method for secure direct communication between a communicator and a sensor node. The method comprises sending a request packet from the communicator to the sensor node, processing the request packet in the sensor node, sending a corresponding data packet from the sensor node to the communicator and processing the corresponding data packet in the communicator.
In a further embodiment of the present invention is the method for the communicator, setting a security mode bit in a header of the request packet to "1", encrypting a payload of the request packet for a secure request packet and thereafter, the sensor node, decrypting a payload of the request packet and identifying the corresponding data packet.
In yet another further embodiment of the present invention is the method for the sensor node, encrypting a payload of the corresponding data packet, setting a security mode bit in a header of the corresponding data packet to T for a secure data packet and thereafter, the communicator, decrypting a payload of the corresponding data packet and displaying the corresponding data packet to a user.
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it is being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated, in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention relates to a method for secure direct communication between communicators and sensor nodes. Hereinafter, this specification will describe the present invention according to the preferred embodiments of the present invention. However, it is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.
The present invention relates to a method for a secure direct communication at a network layer for a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) communicator and a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) sensor node. According to the embodiments of the present invention, a secure data communication algorithm is provided in a 6L0WPAN network that may be used for a single hop secure direct communication between the 6L0WPAN communicators and the 6L0WPAN sensor nodes. This algorithm is required to be loaded in both the communicator and sensor nodes for secure direct communication. The secure direct communication comprises transmitting and receiving request packets and response packets, without the need for packets being routed through the routers or gateways.
Reference is first being made to FIG. 1. FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
According to the embodiments of the present invention, the method (100) for secure direct communication between the 6L0WPAN communicator and the 6L0WPAN sensor node, comprises sending a request packet from the communicator to the sensor node (102), processing the request packet in the sensor node (104), sending a corresponding data packet from the sensor node to the communicator (106) and processing the corresponding data packet in the communicator (108).
Reference is now collectively being made to FIGs. 2 and 3. FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node. FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.
In one embodiment of the present invention, a 6LoWPAN_HC1 (Header Compression) header which is defined in the RFC 4944 is applied. The 6L0WPAN LOWPAN_HC1 header comprises 3 bytes which includes a dispatch byte and general header information with hop limit.
In the embodiment of the present invention, the sixth bit of the header is used by setting "1" or "0" for secure or unsecured communication mode with 6LoWPAN_HC1 header type mode. In FIG. 3, the 6L0WPAN HC1 header bit pattern is updated with a security mode sixth bit. The 6L0WPAN communicators and 6L0WPAN sensor nodes are required to set (to "1") the sixth bit for secure direct communication.
The step of sending the request packet from the communicator to the sensor node (102) further comprises the communicator setting a security mode bit in a header of the request packet to T (202) and encrypting a payload of the request packet (204) for a secure request packet. In the event of a non-secure request packet, the security mode bit in the header of the request packet is retained at a default value of "0" in the communicator. The request packet is now ready to be transmitted directly to the sensor node.
The step of processing the request packet in the sensor node (104) further comprises determining, in the sensor node, if the request packet received is a secure request packet (206). If the request packet received is a secure request packet, then the payload of the request packet is decrypted (210) in the sensor node and the corresponding data packet identified (212) by the sensor node. Indentifying the corresponding data packet further comprises, firstly extracting a message of the request packet received and thereafter processing the message to obtain the corresponding data packet according to the message of the request packet.
The step of sending the corresponding data packet from the sensor node to the communicator (106) further comprises the sensor node encrypting a payload of the corresponding data packet (214) and setting a security mode bit in a header of the corresponding data packet to " (216) for a secure data packet. In the event of a non-secure data packet, the security mode bit in the header of the corresponding data packet is retained at a default value of "0" in the sensor node. The corresponding data packet is now ready to be transmitted directly to the communicator.
The step of processing the corresponding data packet in the communicator (108) further comprises determining, in the communicator, if the corresponding data packet received is a secure data packet (220). If the data packet is a secure data packet, the payload of the corresponding data packet received is decrypted (222) by the communicator and the corresponding data packet is displayed to a user (224).
The decryption and encryption in the 6L0WPAN communicator and the 6L0WPAN may comprise of any type of light weight key encryption algorithm.
By introducing network layer security in the 6L0WPAN communicator and 6L0WPAN sensor network, a higher security level is provided as compared to conventional security implemented by way of application layer encryption. Network layer security provides authentication and confidentiality between end-nodes and across multiple LoWPAN-links", and subsequently prevents from network layer attacks on the 6L0WPAN network.

Claims

1. A method for secure direct communication between a communicator and a sensor node, wherein the method (100) comprises
sending a request packet from the communicator to the sensor node (102); processing the request packet in the sensor node (104);
sending a corresponding data packet from the sensor node to the communicator (106); and
processing the corresponding data packet in the communicator (108).
2. The method according to claim 1, wherein sending the request packet from the communicator to the sensor node (102) further comprises
setting a security mode bit in a header of the request packet to "1" (202) and encrypting a payload of the request packet (204) for a secure request packet; or
setting the security mode bit in the header of the request packet to "0" for a non-secure request packet.
3. The method according to claim 1, wherein processing the request packet in the sensor node (104) further comprises
determining, in the sensor node, if the request packet is a secure request packet (206); and
if the request packet is a secure request packet, decrypting a payload of the request packet (210) and identifying the corresponding data packet (212).
4. The method according to claim 1 , wherein sending the corresponding data packet from the sensor node to the communicator (106) further comprises encrypting a payload of the corresponding data packet (214) and setting a security mode bit in a header of the corresponding data packet to "1 " (216) for a secure data packet; or
setting the security mode bit in the header of the corresponding data packet to "0" for a non-secure data packet.
5. The method according to claim 1 , wherein processing the corresponding data packet in the communicator (108) further comprises
determining, in the communicator, if the corresponding data packet is a secure data packet (220); and
if the data packet is a secure data packet, decrypting a payload of the corresponding data packet (222) and displaying the corresponding data packet to a user (224).
6. The method according to claim 1 , wherein the communicator is a 6L0WPAN communicator.
7. The method according to claim 1, wherein the sensor node is part of a 6L0WPAN sensor network.
PCT/MY2010/000186 2009-12-14 2010-09-30 Method for secure direct communication between communicator and sensor node WO2011074937A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI20095358A MY164486A (en) 2009-12-14 2009-12-14 Method for secure direct communication between communicator and sensor node
MYPI20095358 2009-12-14

Publications (2)

Publication Number Publication Date
WO2011074937A2 true WO2011074937A2 (en) 2011-06-23
WO2011074937A3 WO2011074937A3 (en) 2011-08-11

Family

ID=44167910

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000186 WO2011074937A2 (en) 2009-12-14 2010-09-30 Method for secure direct communication between communicator and sensor node

Country Status (2)

Country Link
MY (1) MY164486A (en)
WO (1) WO2011074937A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070129081A1 (en) * 2005-12-02 2007-06-07 Samsung Electronics Co., Ltd. Local congestion-avoidance method in wireless personal area network
US20090073983A1 (en) * 2007-09-13 2009-03-19 Jin-Hyoung Kim METHOD AND APPARATUS FOR PROVIDING GATEWAY TO TRANSMIT IPv6 PACKET IN A WIRELESS LOCAL AREA NETWORK SYSTEM
US7609838B2 (en) * 2004-03-31 2009-10-27 Nec Corporation Method of transmitting data in a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7609838B2 (en) * 2004-03-31 2009-10-27 Nec Corporation Method of transmitting data in a network
US20070129081A1 (en) * 2005-12-02 2007-06-07 Samsung Electronics Co., Ltd. Local congestion-avoidance method in wireless personal area network
US20090073983A1 (en) * 2007-09-13 2009-03-19 Jin-Hyoung Kim METHOD AND APPARATUS FOR PROVIDING GATEWAY TO TRANSMIT IPv6 PACKET IN A WIRELESS LOCAL AREA NETWORK SYSTEM

Also Published As

Publication number Publication date
WO2011074937A3 (en) 2011-08-11
MY164486A (en) 2017-12-29

Similar Documents

Publication Publication Date Title
Hennebert et al. Security protocols and privacy issues into 6LoWPAN stack: A synthesis
US11075892B2 (en) Fully cloaked network communication model for remediation of traffic analysis based network attacks
Glissa et al. 6LowPSec: An end-to-end security protocol for 6LoWPAN
Dragomir et al. A survey on secure communication protocols for IoT systems
US9461975B2 (en) Method and system for traffic engineering in secured networks
Granjal et al. Security in the integration of low-power Wireless Sensor Networks with the Internet: A survey
Tschofenig et al. Transport layer security (tls)/datagram transport layer security (dtls) profiles for the internet of things
US7797411B1 (en) Detection and prevention of encapsulated network attacks using an intermediate device
Granjal et al. Network‐layer security for the Internet of Things using TinyOS and BLIP
US20130212249A1 (en) Method and system for dynamically obscuring addresses in ipv6
JP4107213B2 (en) Packet judgment device
Oliveira et al. Network admission control solution for 6LoWPAN networks based on symmetric key mechanisms
Jara et al. Secure and scalable mobility management scheme for the Internet of Things integration in the future internet architecture
Fossati RFC 7925: Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
Fujdiak et al. Security in low-power wide-area networks: State-of-the-art and development toward the 5G
CN110832806A (en) ID-based data plane security for identity-oriented networks
US20120216036A1 (en) Encryption methods and systems
Pacheco et al. Enhancing and evaluating an architecture for privacy in the integration of Internet of Things and cloud computing
Migault et al. Diet-ESP: IP layer security for IoT
Sanchez-Iborra et al. Internet access for lorawan devices considering security issues
WO2011074937A2 (en) Method for secure direct communication between communicator and sensor node
Matthias et al. Study on impact of adding security in a 6LoWPAN based network
Seitz et al. Enabling en-route filtering for end-to-end encrypted coap messages
Garai et al. IOT Securities: A Review
Raza et al. Security and Privacy in the IPv6-Connected Internet of Things

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10837932

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10837932

Country of ref document: EP

Kind code of ref document: A2