CN101635922A - Safety communication method of wireless mesh network - Google Patents
Safety communication method of wireless mesh network Download PDFInfo
- Publication number
- CN101635922A CN101635922A CN200910056682A CN200910056682A CN101635922A CN 101635922 A CN101635922 A CN 101635922A CN 200910056682 A CN200910056682 A CN 200910056682A CN 200910056682 A CN200910056682 A CN 200910056682A CN 101635922 A CN101635922 A CN 101635922A
- Authority
- CN
- China
- Prior art keywords
- mesh network
- wireless mesh
- wireless
- key
- candidate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to a safety communication method of a wireless mesh network which belongs to the technical field of network. The method comprises the following steps: requesting initial authentication, starting an initial authentication protocol procedure by an authentication server and performing enciphered data communication by a pre-shared key and other legal wireless mesh network nodes in the wireless mesh network to realize functions of the wireless mesh network. The method meets new requirements of dynamic self-organization of the wireless mesh network, also provides safety performance approaching to 802.11 standard requirements for the network. The method is based on a wireless network communication standard of 802.11 protocol family, and is applicable to the wireless mesh network established based on 802.11 link. The method provides simple frame and structure, ensures compatibility and flexibility, and is easily realized.
Description
Technical field
What the present invention relates to is a kind of method of networking technology area, specifically is a kind of safety communication method of wireless mesh network.
Background technology
Based on wireless mesh network (Wireless Mesh Network) is a kind of and the diverse multi-hop ad hoc wireless network architecture of conventional wireless network.In traditional WLAN (wireless local area network), each client all visits network by a fixing Radio Link that links to each other with access point, and each access point all is connected to the Internet by cable network.And in based on wireless mesh network, any based on wireless mesh network node all exists as AP and transfer router simultaneously, wherein several nodes are connected to the Internet by cable network, and other nodes link to each other with the Internet by the multi-hop wireless link by the based on wireless mesh network routing algorithm.And the user can move in the based on wireless mesh network signal cover, by the Internet of based on wireless mesh network node access arbitrarily.The based on wireless mesh network technology has been widely used in fields such as municipal administration, disaster relief, security monitoring, industrial management, medical first aid.In view of its main application fields, the safety that how to guarantee the based on wireless mesh network network is that can this technology be able to one of key issue of successful Application.
Safety communication technology is widely used in network field.This technology is used to verify the validated user identity, determines the validated user permissions, and generation one cover key code system is also used it in the data communication to transmit the confidentiality and integrity of data in the protecting network.In common WLAN (wireless local area network), owing to all radio communications only occur over just between user and the access point (Access Point), so secure communication also only is used to protect the fail safe of this single link.And in wireless mesh network, be connected by Radio Link equally between the mesh network access point, this need on this link just to require a whole set of safety communication technology to protect its fail safe.
In the application in existing WLAN (wireless local area network), because simple wired equivalent protection agreement (WEP) mechanism can't effectively guarantee transmission over networks safety of data and access user's legitimacy.Therefore IEEE (international IEEE) standardization body has proposed 802.11i and has augmented the security feature that scheme is used to improve WLAN (wireless local area network).IEEE 802.11i standard provides reliable security solution for wireless local network user, has wherein proposed the new security system robust security network of WLAN (wireless local area network) (RSN, Robust SecurityNetwork).The RSN architecture is divided into the two large divisions: security association management and data encryption mechanism.Wherein RSN security association management mechanism comprises: RSN negotiating safety capability process, 802.1x verification process and 802.1x cipher key distribution process.802.11i selected the access control protocol of IEEE 802.1x, realized the access control pattern of applicant (Supplicant), authenticator (Authenticator) and certificate server (AS) based on port.Carrying out the 802.1x authentication behind the RSN negotiating safety capability, is the cipher key distribution process 4-Way Handshake of 802.1x after authentication is finished, and produces the key that is used for data communication.RSN data encryption mechanism mainly contains TKIP (Temporal Key Integrirty Protocol) and CCMP (counter mode cypher block chaining message authentication code agreement).Above-mentioned ins and outs provide reference for Safety Design between the based on wireless mesh network node.
In order to adapt to the characteristics of based on wireless mesh network network, IEEE has also proposed a safety approach that is called mesh network security association (MSA) specially.Compare with the 802.11i scheme, MSA has used new key code system, and has stipulated a series of different role definitions, and uses the new authentication protocol of a cover to set up and use this key code system.The purpose of role definition is to distinguish the different objects of safety certification and coded communication.Set up mainly being of key architecture, set up branch and zone isolation enhanced safety by refinement mesh network node role.Simultaneously, add new role MKD (Mesh Key Distributor in the system, Mesh key distribution person) exercises the partial function act on behalf of AS, the no key of use of communicating by letter between MP and MA (Mesh Authenticator, Mesh authenticator) and the MKD branch different with MA.
Find that through retrieval application number is 02155172 Chinese patent " Verification System of Wi-Fi and authentication encryption method ", comprising to prior art: a certificate server, this certificate server can produce random number; One authenticating device writes first random number in this authenticating device; One terminal equipment, this terminal equipment is connected with this authenticating device, and comprise a radio transmitting device at least, this certificate server and this terminal equipment utilize this radio transmitting device to communicate with one another, when the terminal use desires to obtain when authentication, this terminal equipment can send an authentication request and a user name to this certificate server; And, an authentication database, this authentication database is connected with this certificate server, and writes this first random number in this authentication database.Above-mentioned wireless network authentication encryption method has just adopted simple Handshake Protocol process to add that the server authentication method realizes, be not suitable for the present invention at wireless mesh network.At first from the angle of safety, this invention is only finished authentication alternately with random number, packet carries out Replay Attack and gains server trust by cheating and illegally obtain key and add network thereby this is easy to be stolen in wireless network, the angle of next slave unit demand, this invention lacks necessary communication encryption technology and guarantees that the wireless data in the whole network is not stolen, and this is inappropriate in wireless mesh network.The 3rd, because based on wireless mesh network is the wireless network of a multi-hop, so we need keep a same ciphered data link at the node and the viability of needs authentication, can ensure that encrypting application is not eavesdropped and Replay Attack.Therefore, this patent can't satisfy the technical need for safety verification and coded communication of based on wireless mesh network.
Summary of the invention
The present invention is directed to the prior art above shortcomings, a kind of safety communication method of wireless mesh network is provided, distinguish by role in wireless mesh network system the based on wireless mesh network node, and carry out the design of security authentication process and encryption communication method, satisfy the demand of inter-node communication safety in the based on wireless mesh network.
The present invention is achieved by the following technical solutions, the present invention includes following steps:
The first step, all legal based on wireless mesh network nodes that existed in the based on wireless mesh network, use a current wildcard that all data of transmitting on wireless channel are encrypted, when candidate's based on wireless mesh network node when the nearest legal based on wireless mesh network node of this candidate's based on wireless mesh network nodal distance sends the initial authentication request, legal based on wireless mesh network node is transmitted to certificate server with the initial authentication request of candidate's based on wireless mesh network node by the link in the based on wireless mesh network, with beginning initial authentication agreement flow process.
Described based on wireless mesh network node is meant: possess the node with other mesh network node communication capacity.All nodes that passed through certificate server authentication back adding based on wireless mesh network all become legal based on wireless mesh network node, the packet of the legal based on wireless mesh network node communication of can in network, transmitting and receive data, and the authentication request of forwarding both candidate nodes.
Described wildcard is meant: be used for encrypting one group of character of communicating by letter on the based on wireless mesh network wireless channel, this character is total by all legal based on wireless mesh network nodes, and can descend at certain time intervals, is changed by mesh network key distribution node.
Described encryption is meant: use a wildcard, adopt identical cipher mode that packet is carried out cryptographic calculation, the third party that the ciphertext of gained can't not had key resolves to expressly.
Described cipher mode is meant the DES algorithm.
Described candidate's based on wireless mesh network node is meant: hope can add the based on wireless mesh network node of current wireless mesh network, promptly becomes legal based on wireless mesh network node after this based on wireless mesh network node is by the certificate server authentication.
Link in the described based on wireless mesh network is meant the wireless data link between legal based on wireless mesh network node and the certificate server, and this wireless data link and based on wireless mesh network encrypted data link are isolated mutually.
Described certificate server is meant: the server that links to each other with the Internet outlet in the based on wireless mesh network, this server is connected with mesh network key distribution node by a fixing wired connection, is responsible for candidate's based on wireless mesh network node of all application adding networks is carried out initial authentication agreement flow process.
In second step, certificate server begins initial authentication agreement flow process: at first candidate's based on wireless mesh network node is initiated a checking request message by the legal based on wireless mesh network node described in the first step to certificate server; After certificate server is received the checking request message, verify processing, whether can join in the network to judge this both candidate nodes;
Described checking request message comprises: candidate's based on wireless mesh network node address, key to be verified and key exchange message, this checking request message use the built-in default key of certificate server to encrypt.
Described checking is handled and is meant: identity information in the authentication request that sends and the identity information in the background data base compared, determines that the connector has used a legal identity to enter in the based on wireless mesh network,
Handle by then carrying out cipher key change one time when checking, distribute wildcard by mesh network key distribution node to candidate's based on wireless mesh network node then, and carried out for the 3rd step at certificate server and candidate's based on wireless mesh network node.
Handle not by candidate's based on wireless mesh network node then can't join in the based on wireless mesh network when checking, also can't obtain communication encryption mode and key in the current network, the secure communication failure.
Described cipher key change is meant the public security set agreement that certificate server and candidate's based on wireless mesh network node were set up before swap data, be used for handing over safely the transducer set key, so that use in their connection.
Described key is had separately by certificate server and both candidate nodes, and all data communication all encrypt with this a pair of key, and the legal mesh network node that data relay is carried out in the centre can't be known key and Content of Communication.
Described mesh network key distribution node is meant: be responsible for the distribution of the key in the based on wireless mesh network and the node of management, communicate by secure path between this mesh network key distribution node and the certificate server and be connected.
The wildcard of described mesh network key distribution node after periodically all legal based on wireless mesh network nodes send to upgrade by safety chain in based on wireless mesh network.
In the 3rd step, candidate's based on wireless mesh network node carries out encrypted data communications by other legal based on wireless mesh network nodes in wildcard and the based on wireless mesh network, realizes the function of based on wireless mesh network.
The present invention had both satisfied the demand of the new features such as dynamic self-organization of based on wireless mesh network, provided the security performance that approaches 802.11 standard-requireds for its network again.The present invention is based on the wireless network communication standards of 802.11 protocol suites, be convenient in based on wireless mesh network network, use based on 802.11 link establishments.The framework that the present invention proposes and simple in structure has not only been guaranteed compatibility and flexibility, and is easy to realize.
Description of drawings
Fig. 1 is the inventive method schematic diagram.
Embodiment
Below embodiments of the invention are elaborated, present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As shown in Figure 1, present embodiment may further comprise the steps:
1) all legal based on wireless mesh network nodes that existed in the based on wireless mesh network, comprise a plurality of unlimited mesh network nodes (MA) and mesh network key distribution node (MKD), use a current wildcard that all data of transmitting on wireless channel are encrypted jointly.Simultaneously, the based on wireless mesh network node in the network is by self-organizing, guarantees being communicated with of all nodes and Internet.
2) candidate's based on wireless mesh network node (Candidate MP) wishes to add current this based on wireless mesh network, but it does not have legal identity in network, does not also know current shared key in the network.So it sends the initial authentication request to the legal based on wireless mesh network node nearest with it, with beginning initial authentication agreement flow process (1).A basic shared secret key encryption is used in its initial authentication request, keeps the fail safe of initial request.
3) the legal based on wireless mesh network node in the based on wireless mesh network is transmitted to certificate server (AS) with the request of candidate's based on wireless mesh network node by a wireless data link of isolating with the based on wireless mesh network encrypted data link in logic.Certificate server is verified (2) to its request after receiving the request of candidate's based on wireless mesh network node verification.
4) above-mentioned steps 3) authentication failed after, this candidate's based on wireless mesh network node can't join in the based on wireless mesh network, also can't obtain communication encryption mode and key in the current network.Authentication failed information will be sent to this candidate's based on wireless mesh network node, and in the short time, this node can't ask to verify request again.
5) the legal based on wireless mesh network node in the based on wireless mesh network is transmitted to communicating by letter of certificate server and candidate's based on wireless mesh network node with the Radio Link that the based on wireless mesh network encrypted data link is isolated in logic with continuing to keep this, determines successfully or fail (3) up to the initial authentication agreement.
6) request of candidate's based on wireless mesh network node is by above-mentioned steps 3) checking after, certificate server and candidate's based on wireless mesh network node communicate shakes hands, and finishes key exchange process one time.Afterwards, the public private key pair that cipher key change generates will protect certificate server and this candidate's based on wireless mesh network node to finish the initial authentication agreement, help both candidate nodes to become a legal based on wireless mesh network node (4).
7) after candidate's based on wireless mesh network node obtains the interior wildcard of network, use other nodes in this key and the network to carry out encrypted data communications.Candidate's based on wireless mesh network node becomes a legal based on wireless mesh network node.Key will be used to protect the data communication (5) in the based on wireless mesh network.
8), in network, upgrade a new wildcard by the mesh network key distribution node in the network for the fail safe in the maintaining network.Before distributed key, mesh network key distribution node will carry out cipher key change one time in all legal mesh network nodes, and use the communication of a pair of public private key pair key distribution process to encrypt.All legal mesh network nodes all will be received new wildcard (6) by privately owned encrypted link, and can use it for the coded communication of based on wireless mesh network.
Claims (10)
1, a kind of safety communication method of wireless mesh network is characterized in that, may further comprise the steps:
The first step, all legal based on wireless mesh network nodes that existed in the based on wireless mesh network, use a current wildcard that all data of transmitting on wireless channel are encrypted, when candidate's based on wireless mesh network node when the nearest legal based on wireless mesh network node of this candidate's based on wireless mesh network nodal distance sends the initial authentication request, legal based on wireless mesh network node is transmitted to certificate server with the initial authentication request of candidate's based on wireless mesh network node by the link in the based on wireless mesh network, with beginning initial authentication agreement flow process;
In second step, certificate server begins initial authentication agreement flow process: at first candidate's based on wireless mesh network node is initiated a checking request message by the legal based on wireless mesh network node described in the first step to certificate server; After certificate server is received the checking request message, verify processing, whether can join in the network to judge this both candidate nodes;
In the 3rd step, candidate's based on wireless mesh network node carries out encrypted data communications by other legal based on wireless mesh network nodes in wildcard and the based on wireless mesh network, realizes the function of based on wireless mesh network.
2, safety communication method of wireless mesh network according to claim 1, it is characterized in that, wildcard described in the first step is meant: be used for encrypting one group of character of communicating by letter on the based on wireless mesh network wireless channel, this character is total by all legal based on wireless mesh network nodes, and can descend at certain time intervals, changed by mesh network key distribution node.
3, safety communication method of wireless mesh network according to claim 1, it is characterized in that, candidate's based on wireless mesh network node described in the first step is meant: hope can add the based on wireless mesh network node of current wireless mesh network, promptly becomes legal based on wireless mesh network node after this based on wireless mesh network node is by the certificate server authentication.
4, safety communication method of wireless mesh network according to claim 1, it is characterized in that, link in the based on wireless mesh network described in the first step is meant the wireless data link between legal based on wireless mesh network node and the certificate server, and this wireless data link and based on wireless mesh network encrypted data link are isolated mutually.
5, safety communication method of wireless mesh network according to claim 1, it is characterized in that, checking request message described in second step comprises: candidate's based on wireless mesh network node address, key to be verified and key exchange message, this checking request message use the built-in default key of certificate server to encrypt.
6, safety communication method of wireless mesh network according to claim 1, it is characterized in that, checking described in second step is handled and is meant: identity information in the authentication request that sends and the identity information in the background data base are compared, determine that the connector has used a legal identity to enter in the based on wireless mesh network
Handle by then carrying out cipher key change one time when checking, distribute wildcard by mesh network key distribution node to candidate's based on wireless mesh network node then, and carried out for the 3rd step at certificate server and candidate's based on wireless mesh network node;
Handle not by candidate's based on wireless mesh network node then can't join in the based on wireless mesh network when checking, also can't obtain communication encryption mode and key in the current network, the secure communication failure.
7, safety communication method of wireless mesh network according to claim 1, it is characterized in that, cipher key change described in second step is meant the public security set agreement that certificate server and candidate's based on wireless mesh network node were set up before swap data, be used for handing over safely the transducer set key, so that in their connection, use.
8, safety communication method of wireless mesh network according to claim 1, it is characterized in that, key described in second step is had separately by certificate server and both candidate nodes, and all data communication are all encrypted with this a pair of key, and the legal mesh network node that data relay is carried out in the centre can't be known key and Content of Communication.
9, safety communication method of wireless mesh network according to claim 1, it is characterized in that, mesh network key distribution node described in second step is meant: be responsible for the distribution of the key in the based on wireless mesh network and the node of management, communicate by secure path between this mesh network key distribution node and the certificate server and be connected.
10, safety communication method of wireless mesh network according to claim 1, it is characterized in that the wildcard of the mesh network key distribution node described in second step after periodically all legal based on wireless mesh network nodes send to upgrade by safety chain in based on wireless mesh network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100566827A CN101635922B (en) | 2009-08-20 | 2009-08-20 | Safety communication method of wireless mesh network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100566827A CN101635922B (en) | 2009-08-20 | 2009-08-20 | Safety communication method of wireless mesh network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101635922A true CN101635922A (en) | 2010-01-27 |
| CN101635922B CN101635922B (en) | 2011-08-31 |
Family
ID=41594937
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100566827A Expired - Fee Related CN101635922B (en) | 2009-08-20 | 2009-08-20 | Safety communication method of wireless mesh network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101635922B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170637A (en) * | 2010-02-26 | 2011-08-31 | 杭州华三通信技术有限公司 | Key management method, system and device for centrally-controlled MESH network |
| CN103621040A (en) * | 2011-06-30 | 2014-03-05 | 高通股份有限公司 | Facilitating group access control to data objects in peer-to-peer overlay networks |
| CN103929745A (en) * | 2014-04-16 | 2014-07-16 | 东北大学 | Wireless MESH network access authentication system and method based on privacy protection |
| CN106535137A (en) * | 2016-10-13 | 2017-03-22 | 天津光电华典科技有限公司 | Link data transmission control method in wireless network |
| CN112652097A (en) * | 2020-12-16 | 2021-04-13 | 浙江大学 | Commercial vehicle remote anti-theft system and working method thereof |
| WO2022142933A1 (en) * | 2020-12-30 | 2022-07-07 | 中兴通讯股份有限公司 | Network access method and system for wireless access point, and ap and storage medium |
-
2009
- 2009-08-20 CN CN2009100566827A patent/CN101635922B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170637A (en) * | 2010-02-26 | 2011-08-31 | 杭州华三通信技术有限公司 | Key management method, system and device for centrally-controlled MESH network |
| CN102170637B (en) * | 2010-02-26 | 2014-04-02 | 杭州华三通信技术有限公司 | Key management method, system and device for centrally-controlled MESH network |
| CN103621040A (en) * | 2011-06-30 | 2014-03-05 | 高通股份有限公司 | Facilitating group access control to data objects in peer-to-peer overlay networks |
| CN103929745A (en) * | 2014-04-16 | 2014-07-16 | 东北大学 | Wireless MESH network access authentication system and method based on privacy protection |
| CN103929745B (en) * | 2014-04-16 | 2017-04-12 | 东北大学 | Wireless MESH network access authentication system and method based on privacy protection |
| CN106535137A (en) * | 2016-10-13 | 2017-03-22 | 天津光电华典科技有限公司 | Link data transmission control method in wireless network |
| CN106535137B (en) * | 2016-10-13 | 2019-12-13 | 天津光电华典科技有限公司 | Link data transmission control method in wireless network |
| CN112652097A (en) * | 2020-12-16 | 2021-04-13 | 浙江大学 | Commercial vehicle remote anti-theft system and working method thereof |
| CN112652097B (en) * | 2020-12-16 | 2022-06-10 | 浙江大学 | Commercial vehicle remote anti-theft system and working method thereof |
| WO2022142933A1 (en) * | 2020-12-30 | 2022-07-07 | 中兴通讯股份有限公司 | Network access method and system for wireless access point, and ap and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101635922B (en) | 2011-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9113330B2 (en) | Wireless authentication using beacon messages | |
| EP1997292B1 (en) | Establishing communications | |
| US8510560B1 (en) | Efficient key establishment for wireless networks | |
| CN101222772B (en) | Wireless multi-hop network authentication access method based on ID | |
| Shen et al. | Secure device-to-device communications over WiFi direct | |
| CN101232378B (en) | Authentication accessing method of wireless multi-hop network | |
| CN102215487B (en) | Method and system safely accessing to a private network through a public wireless network | |
| EP3700124B1 (en) | Security authentication method, configuration method, and related device | |
| US20100211790A1 (en) | Authentication | |
| CN101300809A (en) | Method, system and readable medium for setting up secure direct links between wireless network stations using direct link set-up (DLS) protocol | |
| CN101375545A (en) | Method and arrangement for providing a wireless mesh network | |
| CN105577365B (en) | A kind of user accesses the cryptographic key negotiation method and device of WLAN | |
| KR20120105507A (en) | Method and system for establishing secure connection between user terminals | |
| CN101635922B (en) | Safety communication method of wireless mesh network | |
| CN102421095B (en) | Access authentication method for wireless mesh network | |
| WO2012019466A1 (en) | Secret communication method, terminal, switching equipment and system between neighboring user terminals | |
| CN101552984B (en) | Base station secure accessing method of mobile communication system | |
| CN100525182C (en) | Authentication and encryption method for wireless network | |
| CN101741548B (en) | Method and system for establishing safe connection between switching equipment | |
| Noh et al. | Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks | |
| CN101442749B (en) | Authentication method for wireless netted network based on WAPI | |
| CN106992866A (en) | It is a kind of based on wireless network access methods of the NFC without certificate verification | |
| US20100131762A1 (en) | Secured communication method for wireless mesh network | |
| CN104902467A (en) | Access method for wireless local area network (WLAN) based on near field communication (NFC) | |
| CN104581715A (en) | Sensing system key protecting method in field of Internet of things and wireless access equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: AVIC Shanghai Aeronautical Measurement-Controlling Research Institute Assignor: Shanghai Jiao Tong University Contract record no.: 2011310000235 Denomination of invention: Safety communication method of wireless mesh network Granted publication date: 20110831 License type: Exclusive License Open date: 20100127 Record date: 20111206 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110831 Termination date: 20160820 |