JP2017147659A - Terminal support device, terminal support method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To control the response time to a terminal and the load thereof, in a device supporting the processing related to secure communication of the terminal.SOLUTION: A terminal support device supporting the processing related to secure communication for a terminal includes load monitoring means 40 for monitoring the load of the terminal support device, support means 50 for executing support of the processing related to secure communication, and switching means 40 for switching a first system, i.e., a system for executing the support for all terminals connected with the terminal support device, and a second system, i.e., a system for determining whether or not the support is executed for the terminals connected with the terminal support device based on the performance of the terminal, and executing the support when a determination is made to execute, based on the load.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an M2M (Machine-to-Machine) / IoT (Internet of Things) communication system, and in particular, to a technology for supporting processing of an M2M / IoT terminal used in an M2M / IoT communication system. It is related.

  With the development of wired and wireless network technology and terminal technology, the Internet of things (IoT), which connects all things such as home appliances and sensors that were not connected to the network until now, operates without human intervention. The spread of Machine-to-Machine (M2M) is expected.

  There are various types of communication systems that provide M2M / IoT services, but here, as an example, a GW-accommodation type that accommodates M2M / IoT terminals in the network via M2M / IoT-GW (gateway) Intended for communication systems.

  With the spread of M2M / IoT, a terminal that has no contact with the network so far has a much improved convenience by having a contact with the network. It is necessary to take appropriate measures against threats. For example, until now, meter reading of an electric meter has been realized by dispatching a person to a place where the electric meter is installed and reading the value visually. In contrast, an electricity meter connected to a network, called a smart meter, can automatically record values and transfer the values via the network, eliminating the need to send people to the site and reducing labor costs. Etc. can be expected. However, since there is a possibility that the user's home time and behavior pattern can be inferred from the data of the smart meter, it is necessary to take measures to prevent the data exchanged with the smart meter from being seen by malicious third parties .

  Thus, by connecting the terminal to the network, it is necessary to take an appropriate measure against the threat from the network side.

  However, M2M / IoT terminals such as smart meters are more costly than conventional PCs and smartphones connected to the network, and are expected to have various constraints on processing performance, memory, power, etc. Is done. For this reason, existing security techniques may not be applied or may be inefficient to apply.

  Various studies have been made on the above problem. For example, in Non-Patent Document 1, an entity having a certain level of performance is introduced, and a part of security processing that should be originally performed by a low-function terminal has a certain level of performance. A technique for realizing security by having an entity take over is disclosed.

  Also, Non-Patent Document 2 states that only low-function terminals that require security processing support after M2M / IoT-GW estimates the performance of the terminals connected to M2M / IoT-GW are not patented. A technology for assisting using the assistive technology of Document 1 is disclosed. As the estimation method of terminal performance, M2M / IoT terminals that can perform handshake by trying handshake to establish TLS / DTLS for terminals and high-function M2M / IoT that cannot be completed There is a method of making the terminal have a low function.

R. Hummen, H. Shafagh, S. Raza, T. Voigt, K. Wehrle, "Delegation-based Authentication and Authorization for the IP-based Internet of Things," in Proceedings of Sensing, Communication, and Networking (SECON), pp.284-292, 2014. Location study on architecture that can support M2M / IoT terminal security by network as needed, IEICE Technical Report, vol. 115, no. 209, NS2015-83, pp. 71-76, September 2015 "The Transport Layer Security (TLS) Protocol Version 1.2" RFC 5246, IETF, 2008. "E. Rescorla and N. Modadugu. Datagram Trinsport Layer Security Version 1.2" RFC 6347, IETF, 2012. "Transport Layer Security (TLS) Session Resumption without Server-Side State" RFC 5077, IETF, 2008.

  Hereinafter, the method of supporting security processing for all terminals connected to M2M / IoT-GW is referred to as method A, and the terminal performance is estimated as disclosed in Non-Patent Document 2 above. Therefore, a method for supporting security processing only for low-function terminals will be referred to as method B.

Comparing method A and method B, method B is effective in terms of suppressing the load on M2M / IoT-GW, but method A is more effective in terms of support processing time for the terminal. This will be described with reference to FIG. FIG. 1 is a diagram showing the processing load and support processing time of M2M / IoT-GW for a request arriving at M2M / IoT-GW from a terminal for (a) method A and (b) method B. In addition, about the system B of (b) of FIG. 1, the case of a low function terminal is shown. In the figure, t _a is a processing time used for support, l _a is _a processing load used for support, t _d is a time used for determining necessity of support (such as terminal performance estimation), and l _d is support. This is the processing load used for necessity determination.

As shown in FIG. 1, the system A, the processing load l _a for all terminals such. On the other hand, in the method B, a processing load l _d and a processing load l _a are applied to a low function terminal, but only a processing load is applied to a high function terminal.

However, in method A, the support processing time is t _a for all terminals, whereas in method B, t _d is applied to all terminals as the support processing time. Takes more t _a . When the support processing time is long, the terminal takes a long time to start data transmission (hereinafter referred to as response time), and convenience is lowered. Thus, the response time to the terminal and the load of M2M / IoT-GW are in a trade-off relationship, and a technique for controlling these in a balanced manner is required.

  The present invention has been made in view of the above points, and in a device that supports processing related to secure communication of a terminal, a technology that makes it possible to appropriately control the response time to the terminal and the load of the device. The purpose is to provide.

According to an embodiment of the present invention, a terminal support apparatus that supports processing related to secure communication for a terminal,
Load monitoring means for monitoring the load of the terminal support device;
A support means for executing processing support related to secure communication;
A first method, which is a method for executing the support for all terminals connected to the terminal support device, and whether to perform the support for a terminal connected to the terminal support device; Provided with a terminal support device comprising: switching means for switching based on the load to a second method that performs the support when it is determined based on the performance of the terminal and is determined to be executed Is done.

Moreover, according to the embodiment of the present invention, there is provided a terminal support method executed by a terminal support apparatus that supports processing related to secure communication for a terminal,
A load monitoring step of monitoring a load of the terminal support device;
A first method, which is a method for executing the support for all terminals connected to the terminal support device, and whether to perform the support for a terminal connected to the terminal support device; A switching step of switching based on the load to a second method that is a method of executing the support when it is determined based on the performance of the terminal and is determined to be executed,
There is provided a terminal support method comprising: a support step of executing support for processing related to secure communication based on the method switched in the switching step.

  According to the embodiment of the present invention, it is possible to appropriately control the response time to the terminal and the load on the apparatus in the apparatus that supports the process related to the secure communication of the terminal.

It is a figure which shows the support processing time of the system A and the system B. 1 is an overall configuration diagram of a communication system in an embodiment of the present invention. It is a functional block diagram of the terminal assistance system in embodiment of this invention. It is a figure for demonstrating the outline | summary of operation | movement of M2M / IoT-GW. It is a figure for demonstrating the support processing time with respect to the low function terminal in the system C. FIG. It is a figure for demonstrating the example of transition of the load in GW, and support processing time. 10 is a diagram for explaining an example of a priority determination method in method C. FIG. It is a figure which shows the example of the information of a database. 10 is a diagram for explaining an example of a priority determination method in method C. FIG. It is a figure which shows the example of the information of a database. It is a sequence diagram for demonstrating operation | movement of a terminal assistance system. It is a sequence diagram for demonstrating operation | movement of a terminal assistance system. It is a figure which shows the example of the message flow (complete Handshake) of TLS / DTLS. It is a figure which shows the example of the message flow (Omitted Handshake) of TLS / DTLS. It is a figure which shows the other example of the message flow (complete Handshake) of TLS / DTLS. It is a figure which shows the other example of the message flow (Omitted Handshake) of TLS / DTLS.

  Embodiments of the present invention will be described below with reference to the drawings. The embodiment described below is only an example, and the embodiment to which the present invention is applied is not limited to the following embodiment. For example, in the following embodiment, M2M / IoT is targeted. However, the present invention is not limited to M2M / IoT, and can be applied to all communication systems in which a terminal performs secure communication with a server.

(System configuration)
FIG. 2 shows an overall configuration diagram of a communication system assumed in the present embodiment. There are various types of communication systems that provide M2M / IoT services. In this embodiment, as shown in FIG. 2, an M2M / IoT terminal is accommodated in a network via an M2M / IoT-GW (gateway). The target is a GW-accommodating communication system.

  The M2M / IoT terminal in FIG. 2 includes various terminals such as a high-function terminal such as a general PC and a low-function terminal such as a sensor. For example, M2M / IoT terminals can be classified into high functions, low functions, and ultra-low functions according to the memory capacity of the terminal, CPU, presence of display, power consumption, and the like. As an example, a low-function terminal is, for example, a terminal with very limited memory (RAM, ROM) performance. Of course, it may be classified by other methods. The number of classifications is not particularly limited, and the number of classifications may be classified into two, or may be classified into four or more. Hereinafter, the case where it classify | categorizes into two, a high function and a low function, is demonstrated as an example.

  As shown in FIG. 2, each M2M / IoT terminal is connected to an M2M / IoT-GW (gateway) via an area NW (network). Each M2M / IoT-GW is connected to the M2M / IoT-PF (platform) via a wide area network. Various M2M / IoT-applications (applications) are connected to M2M / IoT-PF (platform).

  The area NW is, for example, WiFi (registered trademark), Bluetooth (registered trademark), ZigBee (registered trademark) WiSUN (registered trademark), or the like, but is not limited thereto. M2M / IoT-GW accommodates M2M / IoT terminals that can communicate in area NW, and relays communication between each accommodated M2M / IoT terminal between area NW and wide area NW (one device may be used) Or a plurality of devices).

  The wide area NW is, for example, a network of carriers (carriers). The wide area NW may be the Internet. M2M / IoT-PF is a system (a single device or a plurality of devices) that provides a common control function in a plurality of M2M / IoT services (applications).

  The M2M / IoT terminal communicates with the desired M2M / IoT application via the area NW, M2M / IoT-GW, wide area NW, and M2M / IoT-PF.For example, a sensor control command is issued from the M2M / IoT application. Receives and performs processing such as sending sensor values to M2M / IoT apps.

  Although various business models can be considered as M2M / IoT services, in this embodiment, the telecommunications carrier (carrier) uses the network, M2M / IoT-PF, and M2M / IoT-GW as service providers. It is assumed that the service provider provides M2M / IoT applications and M2M / IoT terminals to end users. However, it is not limited to this. Here, a communication system including M2M / IoT-PF and M2M / IoT-GW, which are connected by a wide area NW, is called an M2M / IoT integrated management platform.

  Hereinafter, the configuration of the M2M / IoT integrated management platform in the present embodiment will be described more specifically. Note that the M2M / IoT integrated management infrastructure includes various existing functions other than those related to terminal security support. Therefore, in the M2M / IoT integrated management platform, the configuration related to terminal security support is called “terminal support system”. In the following, M2M / IoT-GW may be referred to as GW, M2M / IoT-PF may be referred to as PF, M2M / IoT terminal may be referred to as a terminal, and M2M / IoT application may be referred to as an application.

(Functional configuration of terminal support system)
FIG. 3 shows a functional configuration example of the terminal support system according to the present embodiment. In addition, in FIG. 2, in order to show whether each functional part in the terminal support system is provided in M2M / IoT-PF or M2M / IoT-GW, M2M / IoT-PF And M2M / IoT-GW are shown by dotted lines.

  As shown in FIG. 3, the terminal support system includes a terminal information management function 10, a PF side packet relay function 20, a GW side packet relay function 30, a GW load monitoring / switching function 40, a security support function 50, and terminal information estimation. A management function 60 is included.

  The terminal information management function 10 includes a database that manages (stores) terminal information such as terminal identifiers, identifiers of associated applications (service providers), and terminal performance information. Further, as will be described later, the database stores information used for determining the priority of the terminal in method C.

  In the present embodiment, as the terminal information estimation / management function 60, a function for managing terminal information is also provided on the GW side. For example, the terminal information management function 10 has information on all terminals connected to the PF, and the terminal information estimation / management function 60 has some information on terminals under its own GW. As a result, it is not necessary to perform a process of making an inquiry from the GW side to the PF side each time a terminal is connected, and an efficient process can be realized from the viewpoint of traffic, system response speed, and the like.

  The packet relay function 20 on the PF side has a function of relaying packets between the GW and the application. The packet relay function 30 on the GW side has a function of relaying packets between the terminal and the PF. Further, the packet relay function 30 on the GW side has a function of determining whether to support a terminal based on terminal information (performance information) of the terminal. For example, in method B, if the terminal has a low function, it is determined that support is provided, and otherwise, it is determined that support is not provided. Here, when there is no terminal information, the terminal information estimation / management function 60 estimates the terminal performance. Further, the packet relay function 30 on the GW side also has a function of determining whether to perform support according to the priority of the low function terminal in the method C described later.

  The GW load monitoring / switching function 40 has a function of monitoring the GW load and switching the security support method. Details will be described later.

  The security support function 50 supports terminal security processing based on the terminal support necessity determination result. For example, the security support function 50 performs TLS / DTLS Handshake with a high processing load instead of the terminal with the M2M / IoT application, and transmits the agreed security information to the terminal. , Implement omitted TLS / DTLS Handshake with M2M / IoT apps.

  The terminal information estimation / management function 60 has a database that holds terminal information (performance information and the like) and a function of estimating terminal information. The terminal information estimation / management function 60 tries, for example, a handshake for establishing TLS / DTLS with a terminal, and a terminal capable of completing the handshake has a high function and a terminal that cannot complete the function has a low function. Estimate terminal performance. Note that this estimation method is an example, and other methods may be used for estimation.

  The M2M / IoT-GW according to the present embodiment can be realized by causing one or a plurality of computers to execute a program describing the processing contents described in the present embodiment. In other words, the functions of the M2M / IoT-GW are realized by executing a program corresponding to the processing executed by the functional unit using hardware resources such as a CPU, memory, and hard disk built into the computer. Is possible. Further, the program can be recorded on a computer-readable recording medium (portable memory or the like), stored, or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail.

(About processing of GW load monitoring / switching function 40)
In the present embodiment, the GW load monitoring / switching function 40 controls the trade-off between terminal convenience (response time, etc.) and GW load in a balanced manner. In other words, the GW load monitoring / switching function 40 determines whether or not to support method A for all terminals according to the GW load, and only for terminals that are determined to support. Switching is performed so as to use either the method B or the method C that provides support.

  Here, method C determines whether or not to support according to the priority of the terminal when the number of accesses that cannot be processed is reached (when the load of the GW reaches the limit (predetermined threshold)). It is a method to decide. For example, when 10 terminals that need support access M2M / IoT-GW at the same time and M2M / IoT-GW can only process up to 7 of them, priority determined from the terminal location information and terminal movement history Based on the degree, the terminal with higher priority is preferentially supported. In addition, when it is known that the number of terminals is small and the load of the M2M / IoT-GW cannot reach the limit, the method C may not be provided.

  FIG. 4 is a diagram for explaining the outline of the operation of M2M / IoT-GW. First, when the number of accesses from the terminal is small and the load on the M2M / IoT-GW is small, the method A is used as shown in (a) to support access to all terminals. A thick arrow extending from M2M / IoT-GW indicates that support by M2M / IoT-GW is performed, and if there is no such arrow, it means that support by M2M / IoT-GW is not performed. Show.

  When access from the terminal increases and the load satisfies a predetermined condition, the mode B is switched to (b). In method B, every time there is an access from a terminal, the necessity of support is determined, and support is provided only to the terminal requiring support (low function terminal).

  Thereafter, when the load further increases and the load reaches a predetermined threshold value (this is assumed to be ξ), the mode C is switched to (c). In method C, even a low-function terminal is not supported if it has a low priority.

  Here, the processing load and support processing time of the M2M / IoT-GW for the request arriving at the M2M / IoT-GW from the terminal are as described for the method A and the method B with reference to FIG.

The processing load of M2M / IoT-GW and the support processing time for method C are shown in FIG. As described above, t _a in the figure is a processing time used for support, l _a is _a processing load used for support, t _d is a time used for determining necessity of support (performance estimation, etc.), and l _d is a processing load used for determining necessity of support. Furthermore, t _s is the support processing time for priority determination, and l _s is the processing load for priority determination. As shown in FIG. 5, even if it is a low-function terminal, when the support is not performed, the processing load is suppressed to l _s (<l _a ) at the maximum, and the load can be suppressed as compared with the method B.

  Here, an example of a predetermined condition when switching from method A to method B will be described.

Method A provides security support for all terminals connected to M2M / IoT-GW, regardless of terminal performance. That is, the load L _c per request applied to the GW is expressed by the following equation (1).

L _c = l _a t _a (1)
On the other hand, in method B, before the terminal is supported, it is determined whether the connected terminal has a high function or a low function, and then security processing is supported only for the low function terminal. That is, the load applied to the GW per request of a high-function terminal is l _d t _d . Load on the GW per request of the low function terminal becomes _{(l d t d + l a} t a). Here, if the total number of terminals connected to the GW is N and the number of high-function terminals is n (0 ≦ n ≦ N), the number of low-function terminals is Nn. Therefore, the expected value of the load applied to GW per request can be formulated as L _p as shown in Equation (2).

本実施の形態では、GW負荷監視・切替機能４０が、L_cとL_pを計算し、L_c＞L_pを満たす場合に、方式Ａから方式Ｂに切り替える。この条件「L_c＞L_pを満たすこと」をＡ−Ｂ切替条件と呼ぶことにする。

In the present embodiment, the GW load monitoring / switching function 40 calculates L _c and L _p , and switches from method A to method B when L _c > L _p is satisfied. This condition “satisfying L _c > L _p ” will be referred to as an AB switching condition.

As a qualitative image, for example, when the number of low function terminals is considerably larger than that of high function terminals, it is assumed that the load of method A is lower than that of method B because the determination of necessity of support is not performed (that is, L _c <L _p ). On the other hand, when there are many high-function terminals, if the method A is continued, there are many cases where the support is provided even though the support is not required. That is, L _c > L _p is satisfied, and switching from method A to method B is performed. Note that switching from method A to method C may be performed when there are many low function terminal accesses and L _c > L _p is not satisfied and the load is ξ or more.

  FIG. 6A shows an image of a method and load transition according to the number of accesses. FIG. 6B shows the support processing time per terminal in each method in FIG.

As shown in FIG. 6A, in this example, when the number of accesses reaches n ₁ , switching from method A to method B is performed. Then, the system B is continued between n ₁ and n ₂ , the load reaches the threshold value ξ at the time of n ₂ , and the system C is switched.

(Details of method C)
Next, the method C will be described in more detail. As described above, in method C, the packet relay function 30 determines whether to support security processing according to the priority (priority order) of the low function terminal. Although the priority determination method is not limited to a specific method, for example, there are the following methods.

<Example 1 of priority determination method>
FIG. 7 is a diagram for explaining an example 1 of the priority determination method. In the example of FIG. 7, M2M / IoT-GW-M, H, and Y are connected to M2M / IoT-PF-M. In addition, a low function terminal A that does not move is connected to M2M / IoT-GW-M, and a low function terminal C that does not move is connected to M2M / IoT-GW-H. Moreover, the situation where the low function terminal B which moves frequently is connected to each M2M / IoT-GW while moving is shown.

  In Example 1, it can be estimated that the low-function terminal B that moves frequently is highly likely to be a terminal associated with a person. In this case, since it is necessary to protect privacy, it is determined that security processing is preferentially supported. A more specific processing example will be described below.

  For example, the terminal information management function 10 of the PF holds a database including information shown in FIG. As shown in FIG. 8, the database includes, for each terminal, the (GW-ID, access start time, access end time) of the previous access GW (the GW accessed immediately before the current access GW) and the current access GW. (GW-ID, access start time, access end time) and mobility index are retained.

  As the mobility index, for example, the number of times of movement from one GW to another GW within a predetermined time (within a predetermined time from the present time to the past) may be used, but this is not restrictive. It is set to 1 when it does not move from GW within predetermined time (it is considered that there was one movement to the GW). For example, when the packet relay function 30 receives a connection from a terminal, the count of the number of times is performed by the terminal information management function 10 by notifying the terminal information management function 10 of the connection. Further, the number of times is reset every predetermined time for each terminal. The database may be held by the terminal information estimation / management function 60 of the GW.

  For example, the packet relay function 30 of the GW acquires the performance information (indicating the low function terminal) and the movement index of the terminal to be determined from the database of the terminal information management function 10, and the low function terminal having a large value of the movement index Is the terminal to be supported. For example, the value of the movement index is larger than a predetermined threshold value.

<Example 2 of priority determination method>
FIG. 9 is a diagram for explaining an example 2 of the priority determination method. In the example of FIG. 9, it is shown that the low function terminal A is located in a park, the low function terminal B is located in a private house, and the low function terminal C is located in a privately owned field.

  In Example 2, it is assumed that a terminal located in a private space (an individual house, an individual private land, etc.) needs to protect privacy and preferentially supports security processing. A more specific processing example will be described below.

  For example, the terminal information management function 10 of the PF holds a database including information shown in FIG. As shown in FIG. 10, the database holds the current access GW (GW-ID, access start time, access end time) and location information for each terminal. The database may be held by the terminal information estimation / management function 60 of the GW.

  The position information may be acquired by any method. For example, when the terminal has a GPS function, the packet relay function 30 acquires the position information by GPS at the time of connection from the terminal and notifies the PF. Further, information on the area NW to which the terminal is connected (wireless AP-ID, base station ID, etc.) may be acquired from the area NW and used as position information. The acquired position information is stored in the database of the terminal information management function 10.

  Further, for example, the terminal information management function 10 (or the terminal information estimation / management function 60) has, for each position (area), map information indicating whether the position belongs to a private space or a public space. Based on the location of the terminal (low function terminal) and the map information, the packet relay function 30 determines whether the terminal belongs to the private space or the public space. It is determined that security processing is supported.

(Processing sequence)
Next, an operation example of the terminal support system in the present embodiment will be described with reference to the processing sequences of FIGS. In the figure, the solid line indicates the processing flow of the low function terminal, and the dotted line indicates the processing flow of the high function terminal. Hereinafter, when the same processing is performed between the high function terminal and the low function terminal, the high function terminal and the low function terminal are not distinguished from each other and described as “terminal”. Further, in the following example, regarding the switching of the method, an example in which switching from the method A to the method B, switching from the method B to the method A, or switching from the method B to the method C occurs is shown.

  In the example of FIG. 11, first, the system A is started. That is, in step S101, the GW load monitoring / switching function 40 starts monitoring in the method A. Specifically, start monitoring the load on M2M / IoT-GW. Further, the GW load monitoring / switching function 40 requests the packet relay function 30 to execute the method A (step S102).

  When communication from the terminal occurs, the terminal first establishes a connection with the M2M / IoT-GW (packet relay function 30) (step S103). In method A, since security support is provided to all terminals, the packet relay function 30 requests the security support function 50 for security support (step S104).

The security support function 50 performs processing that places a processing load on the security protocol instead of the terminal (step S105). Here, DTLS Handshake is executed on behalf of the terminal. In step S106, the security information agreed with the application is passed to the terminal.
The terminal performs processing with a small remaining processing load, and realizes end-to-end secure communication with the application (step S107). Specifically, Handshake without DTLS is performed to establish secure communication. Steps S105 and S106 are examples of support for processing related to secure communication.

  In step S108, the GW load monitoring / switching function 40 determines whether or not the AB switching condition is satisfied, and in the case of No, the process returns to step S101. In the case of Yes, it progresses to step S109 and the GW load monitoring / switching function 40 starts the monitoring by the system B. In step S110, the GW load monitoring / switching function 40 requests the packet relay function 30 to perform processing in the method B.

  Thereafter, when a connection is established between the terminal and the packet relay function 30 (step S111), the packet relay function 30 inquires of the terminal information estimation / management function 60 about the terminal information of the terminal, and the terminal information is If there is, it is acquired (step S112). The terminal information is information for determining whether the terminal is a low function terminal or a high function terminal, and may be performance information, or may be information that explicitly indicates a low function terminal / high function terminal. Good.

  Step S113 shows the estimation process performed when the terminal information of the terminal cannot be obtained. In this case, the packet relay function 30 acquires terminal information from the terminal information estimation / management function 60 through the estimation process. As described above, the estimation process is performed, for example, by handshake to establish TLS / DTLS with the terminal, and the terminal that can complete the handshake has high functionality and the terminal that cannot complete it has low functionality. Is called.

  In step S114, the packet relay function 30 determines whether to provide security support based on the terminal information of the connected terminal. If it is determined that the connected terminal is a low-function terminal based on the terminal information, security support is performed. That is, steps S115 to S117 are executed as in steps S104 to S107. If it is determined that the connected terminal is a high-function terminal based on the terminal information, security support is not performed.

  In step S119 of FIG. 12, the GW load monitoring / switching function 40 determines whether or not the AB switching condition is satisfied, and if No, the process returns to step S101 and is switched to the method A. In the case of Yes, the process proceeds to step S120, and the GW load monitoring / switching function 40 determines whether or not the load of the GW is equal to or greater than the threshold value ξ. If the load is not equal to or greater than the threshold value ξ, the process returns to step S109. continue.

  If the load is equal to or greater than the threshold value ξ, the process proceeds to step S121, and monitoring of method C is started. In step S122, the GW load monitoring / switching function 40 requests the packet relay function 30 to perform processing in the method C.

  Thereafter, when a connection is established between the terminal and the packet relay function 30 (step S123), the packet relay function 30 inquires of the terminal information function 10 about the terminal information of the terminal and acquires the terminal information ( Step S124). The terminal information includes information for determining whether the terminal is a low-function terminal or a high-function terminal, and information for determining a priority for the low-function terminal as described above (eg, mobility index, location information) ) Is included.

  In step S125, the packet relay function 30 determines whether to perform security support based on the terminal information of the connected terminal. If it is determined that the connected terminal is a low-function terminal with high priority based on the terminal information, security support is performed. That is, steps S126 to S128 are executed as in steps S104 to S107. If it is determined that the connected terminal is a high function terminal or a low function terminal with low priority based on the terminal information, security support is not performed.

(Specific examples of security support processing)
The method described in Non-Patent Document 1 is used to support the security processing shown in steps S105 to S107 in the sequence of FIG.

  In the method described in Non-Patent Document 1, a process for ensuring security in a high-function terminal (hereinafter referred to as terminal DS) instead of a low-function terminal (hereinafter referred to as terminal D) whose performance is limited. By substituting the functions, security can be realized even for low-function terminals.

  Specifically, in a use case where a low-function terminal D and a terminal R on the Internet want to communicate using DTLS, since terminal D does not have enough memory, D itself can use Handshake to implement DTLS. Can't complete. Therefore, a high-function terminal DS is introduced here, and instead of the terminal D, the terminal DS first performs a complete handshake with the terminal R. After that, the terminal DS passes the information agreed with the handshake with the terminal R to the terminal D, and the terminal D is abbreviated as the terminal R by using the DTLS session resumption mechanism based on the information received from the terminal DS. Handshake can be performed.

  In the terminal support system according to the present embodiment, the terminal DS corresponds to the security support function 50, and the terminal R corresponds to an application.

  FIG. 13 shows a detailed sequence example of the above complete Handshake. Examples of technologies designed with the aim of ensuring communication safety include TLS described in Non-Patent Document 3 and DTLS described in Non-Patent Document 4, and FIG. 13 shows a DTLS sequence. Show. Note that DTLS differs from TLS in that there are more messages called HelloVerifyRequest (Flight2 in FIG. 13).

  When using TLS / DTLS, first establish a session with the communication partner using the Handshake protocol. FIG. 13 shows DTLS Handshake, which corresponds to the processing in step S105 in the sequence of FIG. A session here is an agreed state in which authentication is performed between the client and server to identify the other party, information on the encryption algorithm to be used, information on the compression method of communication data, information on the encryption key, etc. are exchanged. It means having. Since the sequence of FIG. 13 itself is a conventional technique, detailed description thereof is omitted.

  After the session is established, the change cipher spec protocol notifies that the plain text communication is switched to the cipher communication using the cipher algorithm agreed with the Handshake protocol. After that, data is divided, compressed, and encrypted through the Record protocol, and if any abnormality occurs during that time, processing such as notifying the communication partner of the abnormality by the Alart protocol is performed.

  The complete Handshake of DTLS or TLS as shown in Fig. 13 is very expensive in terms of CPU processing time and the number of times required to exchange information. To reduce the runtime cost, TLS / DTLS has a session resumption mechanism. With this mechanism, if the client and server have previously communicated, the process can proceed to data transfer at once without completing Handshake.

  Specifically, the server configured to resume the session passes the session_id to the client in a ServerHello message and caches the master_secret (which is generated from the random number shared by the Handshake protocol and pre_master_secret) for later reference. To do. When the client starts a new connection later with this server, it sends this session_id in a ClientHello message. The server sends the same session_id in ServerHello to notify that it agrees to resume the session. At this point, Handshake is skipped, and all keys related to encryption technology are generated using the stored master_secret.

  FIG. 14 shows a sequence example of this processing in DTLS. Session_id is transmitted to the server in ClientHello shown in FIG. 14, and the same session_id is notified to the client in ServerHello, and Handshake omitted is executed.

  In the example shown in FIG. 10, in step S106, session_id and the like are passed from the security support function 50 to the terminal, and Handshake omitted in step S107 is executed.

  In the above-described techniques (FIGS. 13 and 14), as a mechanism for session resumption, a server configured to be able to resume a session passes a session_id to the client in a ServerHello message and caches the master_secret so that it can be referenced later. However, there is also a method to resume the session by encrypting the session information that the server should hold and sending it to the client. In this case, the session information is sent back from the client, and if there is no problem when the server decrypts and verifies the information, the session is resumed. This mechanism is described in Non-Patent Document 5. An example of a complete Handshake sequence in this case is shown in FIG. The difference between FIG. 15 and FIG. 13 is the bold portion in FIG.

  In the technology based on Non-Patent Document 5, “encrypted session information” is called a Session Ticket, and when resuming a connection using the Session Ticket, the client includes the Session Ticket in the ClientHello message and sends it to the server. send. The server that has received the Session Ticket decrypts and verifies the received Session Ticket, and resumes connection when the verification is successful. At this time, if the session ticket is updated, the server returns ServerHello including an empty SessionTicket TLS Extension to the client, and then returns a new Session Ticket, NewSessionTicket, to the client. Thereafter, the server and the client exchange Change Cipher Spec and Finished, and the server resumes the session using the session information obtained from the decrypted session ticket. If the session ticket is not updated, the server returns ServerHello that does not include the Session TLS Extension to the client, exchanges Change Cipher Suite and Finished, and resumes the session.

  A sequence example of this processing is shown in FIG. FIG. 16 shows an example in the case where the Session Ticket is updated, and ServerHello including an empty SessionTicket TLS Extension is notified to the client.

  When this technique is used, in the example shown in FIG. 10, in Step S106, a session ticket or the like is passed from the security support function 50 to the terminal, and Handshake omitted in Step S107 is executed.

(Summary of embodiment)
As described above, according to the present embodiment, a terminal support apparatus that supports a process related to secure communication for a terminal, a load monitoring unit that monitors the load of the terminal support apparatus, and a process related to secure communication Support means for executing the support, a first method for executing the support for all terminals connected to the terminal support device, and the terminal for connecting to the terminal support device. A terminal provided with switching means for determining whether or not to execute support based on the performance of the terminal and switching the second method, which is a method for executing the support when it is determined to execute the support, based on the load A support device is provided.

  The M2M / IoT-GW described in the embodiment is an example of a terminal support device. The GW load monitoring / switching function 40 is an example of load monitoring means and switching means, and the security support function 50 is an example of support means. System A, system B, and system C are examples of the first system, the second system, and the third system, respectively.

  The switching means performs switching to a third method for determining whether to perform the support based on the priority of a terminal connected to the terminal support device when the load is equal to or greater than a predetermined threshold. It is good as well.

  In the case where the terminal support apparatus uses the first method, the switching unit is configured such that the load per terminal in the first method is equal to the load per terminal in the second method. When the value is larger than the expected value, switching from the first method to the second method may be performed.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

10 Terminal information management function 20 Packet relay function 30 Packet relay function 40 GW load monitoring / switching function 50 Security support function 60 Terminal information estimation / management function

Claims (7)

A terminal support device for supporting processing related to secure communication for a terminal,
Load monitoring means for monitoring the load of the terminal support device;
A support means for executing processing support related to secure communication;
A first method, which is a method for executing the support for all terminals connected to the terminal support device, and whether to perform the support for a terminal connected to the terminal support device; A terminal support apparatus, comprising: a switching unit that switches based on the load to a second method that is a method of executing the support when it is determined to execute based on the performance of the terminal. The switching means performs switching to a third method for determining whether to perform the support based on the priority of a terminal connected to the terminal support device when the load is equal to or greater than a predetermined threshold. The terminal support apparatus according to claim 1. When the terminal support apparatus uses the first method, the switching unit is configured such that the load per terminal in the first method is the expected value of the load per terminal in the second method. 3. The terminal support device according to claim 1, wherein the terminal support device performs switching from the first method to the second method when the value becomes larger than the first method. A terminal support method executed by a terminal support apparatus that supports processing related to secure communication for a terminal,
A load monitoring step of monitoring a load of the terminal support device;
A first method, which is a method for executing the support for all terminals connected to the terminal support device, and whether to perform the support for a terminal connected to the terminal support device; A switching step of switching based on the load to a second method that is a method of executing the support when it is determined based on the performance of the terminal and is determined to be executed,
A terminal support method comprising: a support step of performing support for processing related to secure communication based on the method switched in the switching step. In the switching step, the terminal support device determines whether to perform the support based on a priority of a terminal connected to the terminal support device when the load is equal to or greater than a predetermined threshold. The terminal support method according to claim 4, wherein switching to a method is performed. When the terminal support apparatus uses the first method, in the switching step, the load per terminal in the first method is an expected value of the load per terminal in the second method. 6. The terminal support method according to claim 4, wherein switching from the first method to the second method is performed when the value becomes larger than the first method.   The program for functioning a computer as each means in the terminal assistance apparatus of any one of Claims 1 thru | or 3.

Images