CN115136634A - Apparatus and method for zero configuration deployment in a communication network - Google Patents

Apparatus and method for zero configuration deployment in a communication network Download PDF

Info

Publication number
CN115136634A
CN115136634A CN202080096286.1A CN202080096286A CN115136634A CN 115136634 A CN115136634 A CN 115136634A CN 202080096286 A CN202080096286 A CN 202080096286A CN 115136634 A CN115136634 A CN 115136634A
Authority
CN
China
Prior art keywords
network device
network
manager
key
device manager
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080096286.1A
Other languages
Chinese (zh)
Inventor
奥列格·波戈尼克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN115136634A publication Critical patent/CN115136634A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

The invention relates to a network device (101) for establishing a secure management connection (110) with a network device manager (103) in a communication network (107), in particular a wireless communication network (107). The network device (101) is configured to provide one of the plurality of portions of the key of the network device (101) to one of a plurality of anchor network devices (105). The plurality of anchoring network devices (105) have established a secure management connection (120) with the network device manager (103). Reconstructing the key of the network device (101) requires at least two of the plurality of portions of the key of the network device (101). The invention further relates to a corresponding network device manager (103). The invention enables zero-configuration deployment of the network device (101) by the network device manager (103) in the communication network (107).

Description

Apparatus and method for zero configuration deployment in a communication network
Technical Field
The present invention relates generally to telecommunications. More particularly, the present invention relates to an apparatus and method for zero configuration deployment of network devices in a communication network, in particular a wireless communication network.
Background
Internet of Things (IoT) presents new challenges, particularly in terms of network security, in view of the large number of network devices, often low complexity, and simple and easy-to-use features (e.g., "plug and play"). Currently, there are several independent protocols available to handle IoT-related issues, such as configuring deployment of new network devices, determining authorization and access control policies for network devices, and the like.
Zero configuration deployment (ZTP) is intended to support easy and error-free installation of new network devices and connection to a management system. Ideally, with a ZTP network device, the user need only physically install the network device in place and power up. The remaining configuration deployment steps will be automatically performed by the network device itself and the support management system. Thus, ZTP aims to avoid configuring a deployed network device by any complicated, time-consuming, and error-prone manual operation. Thus, ZTP is particularly beneficial for communication networks and areas that typically require large-scale device configuration deployments and reconfiguration deployments, such as smart homes, smart cities, industrial applications, and so forth.
However, conventional ZTP schemes typically involve some manual operations in practice, and thus may be cumbersome, expensive, and sometimes unsuitable for configuring deployment IoT, e.g., where network devices are configured to be deployed in inaccessible locations. In other words, conventional schemes for configuring deployed network devices do not support their fully zero-configuration deployment, and thus network device operators or users still have to deal with manual operations that are often cumbersome.
In some conventional Configuration and deployment schemes, a network device to be configured and deployed is configured to establish an initial connection with a trusted management Service according to a Service Set Identifier (SSID), a Domain Name System (DNS), a Dynamic Host Configuration Protocol (DHCP), and the like. However, for security reasons, establishing such an initial connection between a network device and a management system often requires different security measures to be taken to ensure that the network device can trust the management system before accepting control and operation of the management system. This is because the secure configuration deployment program must be able to run in a complex environment with several available management systems and be able to resist attempts by hostile third parties running malicious management systems to hijack the not yet configured deployed network devices. Some security measures for evaluating the security trustworthiness of the management system include using digital certificates, adjusting the management system (e.g., an analog SSID) of each network device, and/or some manual operations, such as scanning a QR code associated with a network device to be deployed for configuration, pressing one or more buttons of a network device for a particular period of time, pre-configuring a network device during a segmentation operation, and so forth.
Disclosure of Invention
The present invention provides an apparatus and method for zero configuration deployment of network devices in a communication network, in particular a wireless communication network.
The above and other objects are achieved by the subject matter claimed by the independent claims. Other implementations are apparent from the dependent claims, the description and the drawings.
In general, embodiments of the invention enable complete zero configuration deployment (CZTP) of network devices in an environment with several legitimate (i.e., non-hostile) network device managers, each of which may control one or more of a large number of network devices. As will be described in greater detail below, embodiments of the present invention enable a given, but not yet deployed, network device to find the network device manager that is appropriate for and/or should manage the given network device. In addition, embodiments of the present invention allow the network devices that are not yet configured for deployment to evaluate trust, i.e., the security trust of a given network device manager, before accepting control of the network device manager. In addition, embodiments of the present invention provide a scheme for a network device to recover from association with a faulty or malicious network device manager.
More particularly, according to a first aspect, the present invention relates to a network device for establishing a secure management connection with a network device manager in a communication network, in particular a wireless communication network. The network device is to: providing one of a plurality of portions of a key of a network device to one of a plurality of anchor network devices, wherein the plurality of anchor network devices have established a secure management connection with the network device manager. Reconstructing the key of the network device requires at least two of the plurality of portions of the key of the network device. In the event that the network device manager can reconstruct the key for the network device, the network device itself will establish a secure management connection with the network device manager for further configuration deployment and management by the network device manager. Advantageously, therefore, the network device is used to establish a secure management connection with the network device manager without any manual action by the user, i.e. to complete a zero configuration deployment. This may save labor, reduce complexity of operation and maintenance, and improve security and manageability experience.
In another possible implementation manner of the first aspect, the network device is further configured to: providing information identifying the plurality of anchoring network devices to the network device manager. This allows the network device to efficiently identify the anchoring network device that has established a secure management connection with the network device manager in the communication network.
In another possible implementation manner of the first aspect, the network device is further configured to: providing one of the plurality of portions of the key of the network device to the network device manager. This allows the network device manager to more efficiently retrieve the portions of the key of the network device, thereby reconstructing the key of the network device more quickly.
In another possible implementation manner of the first aspect, the network device is further configured to: determining the plurality of portions by dividing the key of the network device into the plurality of portions. In one implementation, the network device may be configured to: the key is divided into the plurality of portions according to Shamir's key sharing scheme. This allows for an efficient splitting of the key into the plurality of parts. In another implementation, the key and portions thereof may be preconfigured in the network device.
In another possible implementation manner of the first aspect, the network device is further configured to: the network device manager is selected from a plurality of available network device managers based on information received by the network device from the plurality of available network device managers over the communication network. For example, the network device may implement IFTTT logic for selecting the network device manager from the plurality of available network device managers. Advantageously, this allows the network device to efficiently select the network device manager.
In another possible implementation manner of the first aspect, the information received by the network device from the plurality of available network device managers includes at least one of: an identifier of an available network device manager; an identifier of an anchoring network device that has established a secure management connection with a corresponding available network device manager; a service area of an available network device manager; network device types that may be managed by an available network device manager. Advantageously, this allows the network device to select the most appropriate network device manager based on the retrieved information.
In another possible implementation manner of the first aspect, the network device is further configured to: selecting the plurality of anchoring network devices from a plurality of network devices that have established a secure management connection with the network device manager. This allows the network device to efficiently select the most appropriate anchoring network device. The number of key portions, and thus the number of anchoring network devices, may be set or adjusted according to the desired security level, wherein the more anchoring network devices, the higher the security level.
In another possible implementation manner of the first aspect, the network device is further configured to: providing the portion to the respective anchoring network device using a public key of the respective anchoring network device. This allows to increase the safety of the part. This is because a malicious party intercepting a respective portion cannot decrypt the portion unless it has access to the private key of the respective anchoring network device.
In another possible implementation manner of the first aspect, reconstructing the key of the network device requires all of the plurality of portions of the key of the network device. Advantageously, this improves safety.
In another possible implementation manner of the first aspect, the key of the network device is the public key of a pair of a public key and a private key of the network device. Advantageously, this allows the secure management connection to be efficiently established between the network device and the network device manager, because the network device manager may use the public key of the network device for secure communication with the network device after the network device manager has reconstituted the public key of the network device. As should be appreciated, after the secure management connection is established between the network device and the network device manager, the network device itself becomes a potential anchoring network device.
In another possible implementation manner of the first aspect, the network device is further configured to: broadcasting the public key over the communication network after establishing the secure management connection with the network device manager. Advantageously, this allows the network device to act as an anchoring network device for another network device in the communication network that has not been configured for deployment.
In another possible implementation manner of the first aspect, the network device is further configured to: broadcasting an identifier of the network device manager after establishing the secure management connection with the network device manager. This allows another network device that has not yet been configured for deployment to efficiently identify potential anchor network devices that have established a secure management connection with the selected network device manager.
In another possible implementation manner of the first aspect, the network device is further configured to: in response to receiving a resume signal regarding manual configuration deployment, terminating the secure management connection with the network device manager and establishing another secure management connection with another network device manager. For example, a user of the network device may generate the restore signal by manually pressing a button of the network device.
According to a second aspect, the invention relates to a method for establishing a secure management connection with a network device manager in a communication network, in particular a wireless communication network. The method comprises the following steps: a network device provides one of a plurality of portions of a key of the network device to one of a plurality of anchor network devices, wherein the plurality of anchor network devices have established a secure management connection with the network device manager. Reconstructing the key of the network device requires at least two of the plurality of portions of the key of the network device.
The method according to the second aspect of the invention may be performed by a network device according to the first aspect of the invention. Thus, the other features of the method according to the second aspect of the present invention are directly achieved by the functionality of the network device according to the first aspect of the present invention and the different implementations described above and below thereof.
According to a third aspect, the present invention relates to a network device manager for managing a plurality of network devices in a communication network, in particular a wireless communication network. The network device manager is to: obtaining one of a plurality of portions of a key of a network device from one of a plurality of anchor network devices, wherein the plurality of anchor network devices have established a secure management connection with the network device manager. Further, the network device manager is to: reconstructing the key of the network device from the plurality of portions of the key of the network device; and establishing a security management connection with the network equipment manager. Advantageously, therefore, the network device manager is configured to: a secure management connection is established with the network device without any manual action by the user of the network device, i.e. a completely zero-configuration deployment. This may save labor, reduce complexity of operation and maintenance, and improve security and manageability experience.
In another possible implementation manner of the third aspect, the network device manager is further configured to: receiving information from the network device identifying the plurality of anchoring network devices. Advantageously, this allows the network device manager to efficiently identify the anchoring network device selected by the network device.
In another possible implementation manner of the third aspect, the key of the network device is a public key of the network device. Advantageously, this allows the secure management connection to be efficiently established between the network device and the network device manager, because the network device manager may use the public key of the network device for secure communication with the network device after the network device manager has reconstituted the public key of the network device.
In another possible implementation manner of the third aspect, the network device manager is further configured to: receiving one of the plurality of portions of the key from the network device. Advantageously, this allows the network device manager to efficiently reconstruct the keys of the network device.
In another possible implementation manner of the third aspect, the network device is further configured to: broadcasting information over the communication network, the information comprising at least one of: an identifier of the network device manager; an identifier of an anchoring network device that has established a secure management connection with (i.e., managed by) the network device manager; a service area of the network device manager; network device types that can be managed by the network device manager. Advantageously, this allows a network device that has not been configured for deployment to select the most appropriate network device manager.
According to a fourth aspect, the present invention relates to a method for operating a network device manager for managing a plurality of network devices in a communication network, in particular a wireless communication network. The method comprises the following steps: obtaining one of a plurality of portions of a key of a network device from one of a plurality of anchor network devices, wherein the plurality of anchor network devices have established a secure management connection with the network device manager; reconstructing the key of the network device from the plurality of portions of the key; and establishing a security management connection with the network equipment.
The method according to the fourth aspect of the present invention may be performed by a network device manager according to the third aspect of the present invention. Thus, the other features of the method according to the fourth aspect of the present invention are directly achieved by the functionality of the network device manager according to the third aspect of the present invention and the different implementations described above and below thereof.
According to a fifth aspect, the invention relates to a computer program product comprising a non-transitory computer-readable storage medium carrying program code which, when executed by a computer or processor, causes the computer or processor to perform the method according to the second aspect or the method according to the fourth aspect.
The different aspects of the invention may be implemented by software and/or hardware.
The details of one or more embodiments are set forth in the accompanying drawings and the description. Other features, objects, and advantages will be apparent from the description and drawings, and from the claims.
Drawings
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 shows a schematic diagram of components of an exemplary communication network comprising an embodiment-provided network device and an embodiment-provided network device manager;
fig. 2 shows a schematic diagram of components of another exemplary communication network comprising the network device provided by the embodiment and the network device manager provided by the embodiment;
FIG. 3 illustrates a schematic diagram of aspects of establishing a secure management connection between a network device provided by an embodiment and a network device manager provided by an embodiment;
FIG. 4 illustrates a schematic diagram of aspects of establishing a secure management connection between a network device provided by an embodiment and a network device manager provided by an embodiment;
fig. 5 is a schematic diagram illustrating a network device provided by an embodiment in communication with a network device manager provided by an embodiment;
FIG. 6 illustrates a schematic diagram of aspects of establishing a secure management connection between a network device provided by an embodiment and a network device manager provided by an embodiment;
FIG. 7 shows a flow diagram of a method for operating a network device provided by an embodiment;
fig. 8 shows a flowchart of a method for operating a network device manager provided by an embodiment.
In the following, the same reference numerals refer to identical or at least functionally equivalent features.
Detailed Description
In the following description, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific aspects of embodiments of the invention or by which embodiments of the invention may be practiced. It is to be understood that embodiments of the invention may be utilized in other respects, and include structural or logical changes not depicted in the figures. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present invention is defined by the appended claims.
It is to be understood that the disclosure relating to the described method is equally applicable to a device or system corresponding to the method for performing the method, and vice versa. For example, if one or more particular method steps are described, the corresponding apparatus may include one or more elements, e.g., functional elements, for performing the described one or more method steps (e.g., one element that performs the one or more steps, or multiple elements that each perform one or more of the multiple steps), even if such one or more elements are not explicitly described or illustrated in the figures. On the other hand, for example, if a particular apparatus is described in terms of one or more units (e.g., functional units), the corresponding method may include one step to perform the function of the one or more units (e.g., one step performs the function of the one or more units, or multiple steps each perform the function of one or more of the units), even if such one or more steps are not explicitly described or illustrated in the figures. Furthermore, it is to be understood that features of the various exemplary embodiments and/or aspects described herein may be combined with each other, unless specifically noted otherwise.
Fig. 1 shows a schematic diagram of electronic devices communicating over a communication network 107, the communication network 107 comprising an embodiment provided network device 101, an embodiment provided network device manager 103 and an anchoring network device 105. In the embodiment shown in fig. 1, the communication network 107 is a wireless communication network 107, such as a cellular or WiFi communication network. In other embodiments, the communication network 107 may be or include a wired network, such as an ethernet network.
As will be described in more detail below, to implement a network device 101 that is not yet configured for deployment in a wireless communication network 107, the network device 101 is used to establish a secure management connection 110 with a network device manager 103 (as indicated by the double-headed arrow with the dashed line in fig. 1). To this end, network device 101 is configured to provide a plurality of anchor network devices 105 (e.g., via communication channel 130 shown in fig. 1), such as the example anchor network device 105 shown in fig. 1, with respective ones of a plurality of portions of a key of network device 101, wherein reconstructing the key of network device 101 requires at least two of the plurality of portions of the key of network device 101. A plurality of anchoring network devices 105, such as the exemplary anchoring network device 105 shown in fig. 1, have established respective secure management connections 120 with the network device manager 103 (as indicated by the double-headed arrow with solid lines in fig. 1). In other words, the example anchoring network device 105 has been configured for deployment by the network device manager 103.
Thus, as will be described in greater detail below, the network device manager 103 is used to configure deployment and manage a plurality of network devices via the wireless communication network 107, including the unconfigured deployment of network device 101 shown in fig. 1. To this end, the network device manager 103 is configured to: respective ones of the plurality of portions of the key of network device 101 are obtained from respective ones of a plurality of anchor network devices, such as anchor network device 105 shown in fig. 1. As described above, the plurality of anchoring network devices 105 have established a secure management connection 120 with the network device manager 103. Further, the network device manager 103 is configured to: reconstructing the key of network device 101 from the plurality of portions of the key of network device 101 retrieved from the plurality of anchor network devices 105; a secure management connection 110 is established with the network device 101 based on the reconstructed key of the network device 101.
As shown in fig. 1, the network device 101 may include: a processor 111 for processing data; a non-transitory memory 113 for storing and retrieving data; a communication interface 115 for exchanging data with the network device manager 103 and the plurality of anchor network devices 105 over the wireless communication network 107. The processor 111 may be implemented by hardware and/or software. The hardware may include digital circuitry, or both analog and digital circuitry. The digital circuit may include an application-specific integrated circuit (ASIC), a field-programmable array (FPGA), a Digital Signal Processor (DSP), or a general-purpose processor. The non-transitory memory 113 may store executable program code that, when executed by the processor 111, causes the network device 101 to perform the functions and methods described herein. The communication interface 115 may include one or more communication ports and/or antennas for exchanging data over the wireless communication network 107. Also, the network device manager 103 may include: a processor 121 for processing data; a non-transitory memory 123 for storing and retrieving data; a communication interface 125 for exchanging data with network device 101 and anchoring network device 105 over wireless communication network 107. Also, anchoring network device 105 may include: a processor 131 for processing data; a non-transitory memory 133 for storing and retrieving data; a communication interface 135 for exchanging data with the network device 101 and the network device manager 103 via the wireless communication network 107.
In one embodiment, one or more of network device 101 and anchor network device 105 may be similar or identical devices, the only difference being that one or more anchor network devices 105 have established a secure management connection 120 with network device manager 103, i.e., have been configured for deployment and management by network device manager 103, while network device 101 is establishing a secure management connection 110 with network device manager 103, i.e., is configuring for deployment. In one embodiment, the wireless communication network 107 may include a plurality of network device managers 103 shown in FIG. 1. In one embodiment, the wireless communication network 107 may include a wireless router (not shown in the figure). In one embodiment, the wireless router may be implemented as or associated with a component of the network device manager 103.
Fig. 2 shows a schematic diagram of an implementation of the wireless communication network 107 as a smart home network, the wireless communication network 107 comprising a not yet configured deployed network device 101 in the form of a surveillance camera device, a network device manager 103 for configuring deployment and managing the surveillance camera device 101, and a plurality of anchoring network devices 105 that have been configured for deployment by the network device manager 103. For example, in the smart home implementation shown in fig. 2, the plurality of anchor network devices 105 includes different types of HDTV devices, HVAC devices, LED lighting devices, motion sensor devices, temperature/humidity/brightness sensor devices, and further surveillance camera devices (for clarity, not all of these anchor network devices have reference numbers in fig. 2).
In one embodiment, one or more network device managers 103 may be used to advertise (i.e., broadcast) the types and/or locations of network devices 101 that they may manage. In one embodiment, for example, a network device 105 that has been configured for deployment may broadcast a device identifier, an identifier of the network device manager 103 that controls the network device 105, a public key of the network device 105. For example, in the scenario shown in fig. 2, a network device 105 that has been configured for deployment may broadcast the following information: "light bulb 11, controlled by Manager _1, public _ key 1234", etc.
Based on information broadcast by one or more network device managers 103 and network devices 105 that have been configured for deployment, a network device 101 that has not been configured for deployment may select an appropriate network device manager 103 from among a plurality of available network device managers 103, and a subset of a plurality of anchor network devices 105, i.e., network devices 105 that establish a secure management connection with the selected network device manager 103. For example, in the scenario shown in fig. 2, the monitoring camera device 101 that is not yet configured to deploy may detect from the advertised information that other monitoring cameras 105 in the wireless communication network have been controlled by a particular network device manager 103, and therefore, may select that network device manager 103.
In one embodiment, network device 101 is configured to securely communicate with a selected anchoring network device 105 using the advertised public key. As described above and in more detail below, to protect the network device manager 103 from fraud, the deployed network device 101 is not yet configured to assess security trustworthiness, i.e., the "trustworthiness" of the network device manager 103, before transferring control to the network device manager 103.
As described above, the embodiment of the present invention employs verification of the security trust of the network device manager 103. Embodiments of the present invention use an encryption scheme for sharing electronic keys to enable verification of the security trust of the network device manager 103. In one embodiment, the deployed network device 101 is not yet configured for generating a key public key or nonce that the network device manager 103 must reconstruct to prove its security trustworthiness; if the reconfiguration is successful, it is used to establish a secure management connection between the network device 101 and the network device manager 103.
As described above and in more detail below, network device 101 does not send the public key directly to network device manager 103, but rather serves to split the public key into the multiple portions and send the portions to the selected anchor network device 105. To secure the communication, network device 101 may use the public key of the corresponding anchoring network device 105. In one embodiment, a portion of the key public key may be sent directly to the network device manager 103. In order to obtain (i.e., reconstruct) the key public key and establish a secure management connection with network device 101, network device manager 103 must retrieve at least a subset, and preferably all of the plurality of portions of the key public key of network device 101. The fact that the network device manager 103 is able to retrieve portions (the retrieved information is part of the management and is typically well protected by the network device) from a relatively large number of anchoring network devices 105 (which can be configured according to the required level of security) is considered a good proof that the network device manager 103 is secure and trustworthy.
With further reference to fig. 3, further embodiments of the present invention will be described in the context of the first association of network device 101 with network device manager 103. In the embodiment illustrated in fig. 3, communication Network 107 may include a Management Advertisement Network (MAN) component 107 to allow one or more Network device managers 103 and one or more Network devices 101 to advertise information. As shown in fig. 3, after the network device manager 103 has verified its security trust, communications between the now-configured deployed network device 101 and the network device manager 103 may proceed through the operational network component 107 of the communication network 107.
Upon power-up, network devices 101 that have not configured a deployment may wait for a predefined timeout period to allow manual configuration deployment. For example, network device 101 may be configured to wait for a timeout of approximately 60 seconds before performing the following steps. According to one embodiment, network device 101 may include a manual configuration deployment button for generating a recovery signal, and may be configured to execute a conventional configuration deployment procedure when the manual configuration deployment button is pressed and the recovery signal is received within the timeout. After the timeout, the network device 101 is used to connect to a communication network 107, in particular a wireless communication network 107.
Once connected to the MAN component of the communication network 107, the network device 101 may begin collecting "manageability advertisements," i.e., information about the available network device managers 103 in the communication network 107. According to one embodiment, the information collected by the network device 101 over the communication network 107 may include information regarding the capabilities of the respective network device manager 103 and/or other network devices 105 with which it has been associated (i.e., other network devices 105 with which secure (i.e., trusted) management connections have been established with the respective device manager 103).
Based on information collected from multiple network device managers 103 over the communication network 107, the network device 101 may select an appropriate network device manager 103, such as the network device manager 103 shown in fig. 3. According to one embodiment, the selection may be based on IFTTT logic implemented in network device 101. According to one embodiment, if the IFTTT logic fails and the network device 101 is unable to decide on the correct network device manager 103, the network device 101 may switch to a regular configuration deployment mode and advertise on the communication network 107.
To assess the security trust of the network device manager 103, the network device 101 may randomly select a subset of the plurality of network devices 105 that have been associated with the network device manager 103. The network devices of this selected subset of the plurality of network devices 105 that have been associated with the network device manager 103 are referred to herein as anchoring network devices 105. As described above, network device 101 is operable to securely transmit a corresponding portion of the electronic key (e.g., the public key of network device 101) to a selected anchor network device 105. In order to obtain (i.e., reconstruct) the key and establish secure management connection 110 with network device 101, network device manager 103 must retrieve at least a subset, and preferably all of the portions of the key public key of network device 101. Once the network device manager 103 has reconstructed the key and established the secure management connection 110 with the network device 101, the network device manager 103 may begin controlling the network device 101. For example, network device 101 may follow further configuration deployment instructions provided by network device manager 103 via secure management connection 110. In one embodiment, network device 101 may be used to subsequently change its operating state to a "configuration deployment state" to prevent a different, potentially malicious network device manager from further taking over and enabling reconfiguration deployment. Thereafter, the network device 101 may begin operating and periodically announce information about its associations and device details over the communication network 107, as described above.
In one embodiment, the network device 101 may maintain an "unsecured" connection with the MAN component of the wireless communication network 107 (the name may be encoded to reflect owner, location, etc. and may contain information such as "Light CONTROL SEGMENT, Huawei _ IOT _ CONTROLLER" to select the appropriate network device manager). In one embodiment, the SSID of the MAN component of the wireless communication network 107 may be preconfigured in the network device 101 and/or the network device manager 103 (which may also include a wireless router).
Once powered on, network device 101 may search for one or more available MAN wireless networks 107 (the SSID filter may be SSID ═ MAN _ XXX if XXX represents any location _ owner). After retrieving the SSID, the network device 101 connects to the network device manager 103 (or a wireless router associated therewith) and begins to collect information about the available network device managers 103. As described above, this information may include details necessary for network device 101 to select an appropriate network device manager 103, such as a network device manager identifier, information about supported device types, information about network device manager vendors, location, owner, and so forth. For example, the information about the network device manager 103 retrieved by the network device 101 may be: { supervisory controller, VCR; huachi, millet; 1 layer; apartment # 12 # 33 j. smith et al + public key for secure exchange }.
Further, network devices 105 that have been configured for deployment may also broadcast information, including identifiers of network devices 105, identifiers of network device managers 103 that control network devices 105, information about network device vendors, locations, owners, and the like. For example, the information retrieved by network device 101 about network device 105 may be: { VCR _3 F.5A; a monitoring controller; VCR, streaming; hua is; apartment # 12 # 33 j. smith + public key for secure exchange }.
With further reference to fig. 4, an embodiment of the invention for verifying the security trust of the network device manager 103 will be described in more detail. As previously described, the network device 101 is used to verify that the network device manager 103 is not spoofed prior to binding to the network device manager 103. The network device manager 103 is able to control that K-1 anchor network devices 105 are considered to be very good trust proofs. As described above, prior to running security verification, a network device 101 that has not been configured for deployment may collect a plurality of data packets (including advertisements) that various devices transmit through the MAN component 107 of the communication network 107. The collected data may be organized in a tabular form for allowing random selection of the anchoring network device 105.
The number of anchoring network devices selected and their types may be dynamically determined by network device 101 and may vary depending on the level of security required. The more anchors involved, the more powerful the trust granted by the authentication procedure implemented by embodiments of the present invention proves. For example, the verification procedure may involve selecting 3 to 10 anchor network devices 105 among 30 to 100 already configured deployed network devices 105.
In one embodiment, network device 101 is configured to generate the portions of its electronic key according to Shamir's key sharing scheme. This scheme ensures that the network device 101 partitions the keys in a manner that allows reconstruction only when the network device manager 103 obtains the minimum portion required. Since the portion is owned by an independent holder (i.e., anchor network device 105), an attacker must successfully destroy all of these devices to gain access to the key.
As described above, the network device 101 is configured to generate the key, such as a public key, a random number, or the like, and divide the key into a plurality of parts. Further, network device 101 is configured to securely transmit portions of the key to the respective anchor network device 105 using the public key of the respective anchor network device 105.
Assuming that most of the anchor network devices 105 have not suffered a breach, the only way for the network device manager 103 to reconstruct the key through the network device 101 in order to continue configuring the deployment program is to retrieve the multiple portions from the anchor network devices 105. Only the network device manager 103 that is in true control of these anchoring network devices 105 can retrieve the portion and unlock the key. In other words, an attacker (e.g., a malicious network device manager) will not be able to reconstruct the key of network device 101 without destroying the plurality of anchor network devices 105.
In the embodiment shown in fig. 4, the following operational phases are shown. In phase [1], network device 101 generates the key (such as a public key, a random number, etc.) and N parts, at least K of which are necessary to reconstruct the key, using Shamir's key sharing algorithm. In stage [2], network device 101 randomly selects K-1 anchor network devices 105 from a plurality of network devices that have been associated with the selected network device manager 103 and provides the key portions to these anchor network devices 105. In phase [3], the network device 101 provides the last portion (i.e., the kth portion) to the network device manager 103, along with information such as a list of selected anchor network devices 105 for reconstructing the key. In phase [4], the network device manager 103 queries the anchoring network device 105 for the portion, and the anchoring network device 105 only issues the portion to the network device manager 103 that is known to be trusted. In stage [5], the network device manager 103 reconstructs the key using the plurality of portions. In phase [6], a secure management connection 110 is established between the network device 101 and the network device manager 103, based on the reconstructed key. In phase [7], network device manager 103 completes the configuration deployment of network device 101.
As described above, verification of the security trust of the network device manager 103 prevents the network device 101 from being associated with a malicious network device manager 103. However, in embodiments with several "legitimate" network device managers 103, the network device 101 may still establish a secure management connection with the "wrong" network device manager 103. For example, two users may have separate VCR management systems broadcasting over the same MAN segment so that VCR devices not yet configured for deployment may select and connect to the first appropriate network device manager.
An embodiment of the present invention for mitigating and recovering from an association of network device 101 with a faulty network device manager 103 will be described below. In one embodiment, network device 101 and network device manager 103 may implement an automatic manager takeover procedure. In one embodiment, the network device manager 103 may be used to request reconfiguration to deploy a particular network device 101 from another network device manager 103 via a dedicated interface between the network device managers (assuming here that the legitimate network device manager 103 is trusted and may use conventional security tools such as certificates, strong passwords, cloud-based checks, etc. for mutual authentication). The network device manager 103 may force a particular network device 101 to update its management settings and "migrate" to the network device manager 103.
In one embodiment, a user of network device 101 may detect an association of network device 101 with a faulty network device manager 103. For example, network device 101 may not appear in a dedicated control application running on the "correct" network device manager 103, nor may data such as camera data streams provided by network device 101 appear in a dedicated output device. To handle these situations, network device 101 may be used to follow a recovery configuration deployment procedure. In one embodiment, the network device 101 may receive a recovery signal generated by pressing a particular button of the network device 101 or scanning a QR code associated with the network device 101 to trigger the recovery procedure.
In one embodiment, network device 101 is configured to maintain different operating states indicated by flags or the like to distinguish between automatic configuration deployments and restoration configuration deployments. In one embodiment, the recovery configuration deployment may override the automatic configuration deployment.
Fig. 5 shows a schematic diagram of a system architecture of the network device 101 provided by the embodiment and the network device manager 103 provided by the embodiment. As shown in fig. 5, both the network device 101 and the network device manager 103 may include legacy management systems 511 and 527, respectively. These legacy management systems 511 and 527 may be implemented to execute legacy configuration deployment programs. In addition, both network device 101 and network device manager 103 may include ZTP modules 501 and 521, respectively.
As described above, ZTP module 521 of network device manager 103 may include broadcast device 525 for broadcasting information about capabilities and associations of network device manager 103 over wireless communication network 107. Conventional broadcast techniques and pre-configured connection settings may be applied. In addition, ZTP module 521 of network device manager 103 may include a take-over controller 523 for implementing the recovery procedure described above.
The ZTP module 501 of the network device 101 may include a broadcaster listener 507 and an evaluation engine 505 in addition to a broadcaster 509 (having similar functionality to the broadcaster 525 of the network device manager 103) and a gateway controller 503 (having similar functionality to the gateway controller 523 of the network device manager 103). The broadcaster listener 507 is used to collect information about other network devices 105 and network device managers 103 and to select an appropriate network device manager 103 (such as an IFTTT-like rules engine). As described in detail above, evaluation engine 505 is used to select an anchor network device 105, generate a portion of the key, and share the portion with the selected device. The key of the network device 101 may be provided to the legacy management system 511 for further manager authentication.
As shown in fig. 5, as provided by the embodiment of the present invention, the network device 101 may operate in a configuration deployment mode, which is a configuration that the network device 101 uses to distinguish between legacy (non-auto-takeover) and auto-configuration deployments, as described above. The anchor stream 513 shown in fig. 5 may be implemented as part of a conventional management configuration retrieval stream that supports both the set-up (by peer IoT) and the retrieval by the network device manager 103. As described above, the retrieval by the network device manager 103 may be strongly authenticated and the portions may be protected using a public key infrastructure, wherein the public key of the respective network device 105 is advertised by the broadcasting device 509 over the communication network 107. The public key reconstructed and/or retrieved by the network device manager 103 may be stored in a registry 529, which may be part of the memory 123 of the network device manager 103. In addition, any private key used by the network device manager 103 may be stored therein. Likewise, network device 101 may store any public keys used to communicate with network device manager 103 and/or anchoring network device 105 in management settings database 515, which may be implemented in memory 113 of network device 101.
Fig. 6 shows a signaling diagram of aspects of establishing a secure management connection between an embodiment-provided network device 101 and an embodiment-provided network device manager 103. In the embodiment shown in FIG. 6, a network device 101 that has not been configured for deployment may select between two network device managers 103 and K-1 anchor network devices 105. More specifically, fig. 6 shows the following steps and processes.
601: network device 101 starts (which may include connecting to wireless network 107) and waits for a timeout 601 a. For example, the timeout 601a may be 30 seconds long. As described above, network device 101 may wait for timeout 601a to allow manual configuration deployment operations before starting the automatic configuration deployment procedure described below.
603: the network device 101 collects information advertised by different network device managers 103 available in the wireless communication network 107, such as the network device manager 103 referred to as "manager 2" in step 602a shown in fig. 6. Further, the network device 101 collects information advertised by different network devices 105 that have been configured for deployment in the wireless communication network 107 (such as the configured deployed network device 105 referred to as "IoT 3" in step 602b described in fig. 6).
605: the network device 101 selects an appropriate network device manager 103 based on the information collected in step 603. In the exemplary embodiment shown in fig. 6, network device 101 selects network device manager 103, referred to in fig. 6 as "manager 2," as shown in detail at 606.
607: after selecting the appropriate network device manager 103, the network device 101 generates a key (such as a public key) and splits the key into portions.
609: network device 101 selects an anchor network device 105 from the plurality of already configured deployed network devices and provides a corresponding portion of the key to the selected anchor network device 105. The portion may be encrypted using the public key of the corresponding anchor network device 105, as shown in step 610.
611: the network device 101 requests the selected network device manager 103 to provide evidence of its secure trust by providing a portion of the key and information about the selected anchoring network device 105 to the selected network device manager.
613: in response to the request by network device 101, selected network device manager 103 retrieves portions of the key for network device 101 from among the plurality of anchor network devices 105 identified by the request by network device 101.
615: if all parts have been collected, the selected network device manager 103 may preferably use all these parts to unlock, i.e. reconstruct said key of the network device 101 (see step 616 a). If the selected network device manager 103 is unable to retrieve all of the portions required to unlock the key (see step 616b), the configuration deployment process may be terminated by sending an error message to the network device 101.
617: after unlocking the key in step 616a, the selected network device manager 103 establishes the secure management connection 110 with the network device 101 and may complete the configuration deployment of the network device 101.
619: the network device 101 is now the network device itself that is configured for deployment (similar to the selected anchor network device 105) and can begin distributing information about its capabilities over the wireless communication network 107.
Fig. 7 illustrates a flow diagram of a method 700 of establishing a secure management connection 110 with a network device manager 103 in a wireless communication network 107. Method 700 includes step 701, where network device 101 provides one of a plurality of portions of a key of network device 101 to a respective anchor network device 105 of a plurality of anchor network devices 105. The plurality of anchoring network devices 105 have established a secure management connection 120 with the network device manager 103. Reconstructing the key of network device 101 requires at least two of the plurality of portions of the key of network device 101.
Fig. 8 shows a flow diagram of a method 800 for operating a network device manager 103, the network device manager 103 for managing a plurality of network devices 101 in a wireless communication network 107. Method 800 includes step 801 of obtaining a respective one of a plurality of portions of a key of network device 101 from a respective one of a plurality of anchor network devices 105. The plurality of anchoring network devices 105 have established a secure management connection 120 with the network device manager 103. Furthermore, the method 800 comprises a step 803 of reconstructing said key of the network device 101 from said plurality of parts of said key, and a step 805 of establishing the secure management connection 110 with the network device 101 from said reconstructed key.
Those skilled in the art will appreciate that the "blocks" ("elements") in the various figures (methods and apparatus) represent or describe the functionality of embodiments of the present invention (rather than merely individual "elements" in hardware or software), thereby describing the same functionality or features of apparatus embodiments as well as method embodiments (elements-steps).
In the several embodiments provided by the present invention, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the described apparatus embodiments are merely exemplary. For example, a unit partition is only a logical function partition, and may be other partitions in an actual implementation. For example, multiple units or components may be combined or integrated in another system, or some features may be omitted, or not performed. Further, the mutual coupling or direct coupling or communicative connection shown or discussed may be realized by some interfaces. A direct coupling or communicative connection between the devices or units may be achieved through electrical, mechanical, or other means.
Elements described as separate parts may or may not be physically separate, and parts described as elements may or may not be physical elements, may be located in one position, or may also be distributed over a plurality of network elements. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiment schemes.
In addition, the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist separately physically, or two or more units are integrated into one unit.

Claims (21)

1. A network device (101) for establishing a secure management connection (110) with a network device manager (103) in a communication network (107), the network device (101) being configured to:
providing one of a plurality of portions of a key of the network device (101) to one of a plurality of anchoring network devices (105), wherein the plurality of anchoring network devices (105) have established a secure management connection (120) with the network device manager (103),
wherein reconstructing the key of the network device (101) requires at least two of the plurality of portions of the key of the network device (101).
2. The network device (101) of claim 1, wherein the network device (101) is further configured to: providing information identifying the anchoring network device (105) to the network device manager (103).
3. The network device (101) according to claim 1 or 2, wherein the network device (101) is further configured to: providing one of the plurality of portions of the key of the network device (101) to the network device manager (103).
4. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: determining the plurality of portions by dividing the key of the network device (101) into the plurality of portions.
5. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: selecting the network device manager (103) from a plurality of available network device managers (103) based on information received by the network device (101) from the plurality of available network device managers (103) over the communication network (107).
6. The network device (101) of claim 5, wherein the information received by the network device (101) from the plurality of available network device managers (103) comprises at least one of: an identifier of an available network device manager (103); an identifier of an anchoring network device (105) that has established a secure management connection (120) with a respective available network device manager (103); a service area of an available network device manager (103); network device types that can be managed by an available network device manager (103).
7. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: selecting the anchoring network device (105) from a plurality of network devices that have established a secure management connection (120) with the network device manager (103).
8. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: providing the portion to the anchoring network device (105) using a public key of the anchoring network device (105).
9. The network device (101) of any of the preceding claims, wherein all of the plurality of portions of the key of the network device (101) are required to reconstruct the key of the network device (101).
10. The network device (101) of any of the preceding claims, wherein the key of the network device (101) is the public key of a pair of a public key and a private key of the network device (101).
11. The network device (101) of claim 10, wherein the network device (101) is further configured to: broadcasting the public key over the communication network (107) after establishing the secure management connection (110) with the network device manager (103).
12. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: broadcasting an identifier of the network device manager (103) after establishing the secure management connection (110) with the network device manager (103).
13. The network device (101) of any of the preceding claims, wherein the network device (101) is further configured to: in response to receiving a resume signal, terminating the secure management connection (110) with the network device manager (103) and establishing another secure management connection with another network device manager (103).
14. A method (700) for establishing a secure management connection (110) with a network device manager (103) in a communication network (107), the method (700) comprising:
the network device (101) providing (701) one of a plurality of portions of a key of the network device (101) to one of a plurality of anchoring network devices (105), wherein the plurality of anchoring network devices (105) have established a secure management connection (120) with the network device manager (103),
wherein at least two of the plurality of portions of the key of the network device (101) are required to reconstruct the key of the network device (101).
15. A network device manager (103) for managing a plurality of network devices (101) in a communication network (107), the network device manager (103) being configured to:
obtaining one of a plurality of portions of a key of a network device (101) from one of a plurality of anchoring network devices (105), wherein the plurality of anchoring network devices (105) have established a secure management connection (120) with the network device manager (103);
reconstructing the key of the network device (101) from the plurality of portions of the key of the network device (101);
establishing a secure management connection (110) with the network device (101).
16. The network device manager (103) of claim 15, wherein the network device manager (103) is further configured to: receiving information from the network device (101) identifying the anchoring network device (105).
17. The network device manager (103) according to claim 15 or 16, wherein the key of the network device (101) is a public key of the network device (101).
18. The network device manager (103) according to any of claims 15 to 17, wherein the network device manager (103) is further configured to: receiving one of the plurality of portions of the key from the network device (101).
19. The network device manager (103) according to any of claims 15 to 18, wherein the network device manager (103) is further configured to: broadcasting information over the communication network (107), the information comprising at least one of: an identifier of the network device manager (103); an identifier of an anchoring network device (105) that has established a secure management connection (120) with the network device manager (103); a service area of the network device manager (103); network device types that can be managed by the network device manager (103).
20. A method (800) for operating a network device manager (103), the network device manager (103) being configured to manage a plurality of network devices (101) in a communication network (107), the method (800) comprising:
obtaining (801) one of a plurality of portions of a key of a network device (101) from one of a plurality of anchor network devices (105), wherein the plurality of anchor network devices (105) have established a secure management connection (120) with the network device manager (103);
reconstructing (803) the key of the network device (101) from the plurality of portions of the key;
establishing (805) a secure management connection (110) with the network device (101).
21. A computer program product, characterized in that it comprises program code, which, when executed by a computer or a processor, causes the computer or the processor to perform the method (700) according to claim 14 or the method (800) according to claim 20.
CN202080096286.1A 2020-05-29 2020-05-29 Apparatus and method for zero configuration deployment in a communication network Pending CN115136634A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2020/064978 WO2021239249A1 (en) 2020-05-29 2020-05-29 Devices and methods for zero touch provisioning in a communication network

Publications (1)

Publication Number Publication Date
CN115136634A true CN115136634A (en) 2022-09-30

Family

ID=70968950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080096286.1A Pending CN115136634A (en) 2020-05-29 2020-05-29 Apparatus and method for zero configuration deployment in a communication network

Country Status (2)

Country Link
CN (1) CN115136634A (en)
WO (1) WO2021239249A1 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9571464B2 (en) * 2014-08-11 2017-02-14 Intel Corporation Network-enabled device provisioning
US20180123784A1 (en) * 2015-04-24 2018-05-03 Pcms Holdings, Inc. Systems, methods, and devices for device credential protection

Also Published As

Publication number Publication date
WO2021239249A1 (en) 2021-12-02

Similar Documents

Publication Publication Date Title
US20230035336A1 (en) Systems and methods for mitigating and/or preventing distributed denial-of-service attacks
US9179398B2 (en) Managed access point protocol
US8577044B2 (en) Method and apparatus for automatic and secure distribution of an asymmetric key security credential in a utility computing environment
US7953227B2 (en) Method for securely and automatically configuring access points
US7822982B2 (en) Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment
EP2408140B1 (en) Method, control point, apparatus and communication system for configuring access right
US20200359349A1 (en) Establishing simultaneous mesh node connections
FI125972B (en) Equipment arrangement and method for creating a data transmission network for remote property management
CN112737902B (en) Network configuration method and device, storage medium and electronic equipment
CN101340287A (en) Network access verifying method, system and apparatus
US20170324564A1 (en) Systems and methods for enabling trusted communications between entities
WO2015088324A2 (en) System and method for managing a faulty node in a distributed computing system
CN106535089B (en) Machine-to-machine virtual private network
CN108599968B (en) Information broadcasting method for urban Internet of things
JP6453351B2 (en) Authentication of network elements in communication networks
JP3746782B2 (en) Network system
US20220400118A1 (en) Connecting internet of thing (iot) devices to a wireless network
CN115136634A (en) Apparatus and method for zero configuration deployment in a communication network
WO2021134562A1 (en) Configuration device replacement method and apparatus, device, and storage medium
US11757876B2 (en) Security-enhanced auto-configuration of network communication ports for cloud-managed devices
AU2018304187B2 (en) Systems and methods for mitigating and/or preventing distributed denial-of-service attacks
CN113347628A (en) Method, access point and terminal for providing network access service
CN116458111A (en) Method, configurator and system for configuring a plurality of operatively interconnected node devices in a network
CN113347629A (en) Method, access point and terminal for providing network access service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination