JP6066877B2 - Authentication server, authentication method, and authentication program - Google Patents

Description

  The present invention relates to a risk-based authentication server, an authentication method, and an authentication program.

The use of a communication form called M2M (Machine to Machine) in which various devices such as sensor devices connected to a network exchange information with each other is progressing. In M2M, there are a form in which a device itself includes a communication module and connects to a mobile network, and a form in which a plurality of devices in the vicinity are temporarily accommodated in a gateway and connected to the mobile network.
In the latter form, since it is not necessary for each device to have a communication module for connecting to a mobile network, the cost of the device can be reduced. In this case, the processing capacity or memory capacity of the device is not sufficient, and the function may be limited.

In addition, as a security measure for preventing unauthorized use of resources on a network due to impersonation by a third party, user authentication called risk-based authentication is performed in which the risk level is evaluated according to a level.
For example, Patent Document 1 proposes a technique for changing a risk level evaluation result according to an attribute for each user or a transaction attribute.
Patent Document 2 proposes a technique for changing a risk level evaluation result in accordance with a change in the degree of danger on the Internet.

JP 2010-097467 A JP 2010-152660 A

  However, the above-described technology restricts access to a web application when a user uses a web application such as online banking using a PC, and does not restrict access to the Internet itself. Absent.

  In addition, devices used in the M2M system have limited resources such as a memory or a CPU. Since such a device is not equipped with a security-related function such as an authentication protocol, it is determined whether or not it is possible to connect to the Internet based on the individual identification number of the device. In this case, it has been difficult to prevent unauthorized devices from connecting to the Internet by spoofing.

  An object of the present invention is to provide an authentication server, an authentication method, and an authentication program that can prevent an unauthorized connection of a device to a network.

  An authentication server according to the present invention includes an acquisition unit that acquires performance information indicating communication behavior of a plurality of devices accommodated in a gateway from the gateway, a device information storage unit that accumulates the performance information, and the device information Based on the performance information accumulated in the storage unit, a generation unit that generates model data indicating normal behavior of the device, a determination model storage unit that stores the model data, and a new acquisition by the acquisition unit The performance information is collated with the model data, and a determination unit that determines a risk level of the device corresponding to the performance information, and according to the risk level determined by the determination unit, external to the gateway by the device And a management unit that manages connection to the network.

  The acquisition unit further acquires specification information of the device from the gateway, the device information storage unit stores the specification information and the performance information in association with each other, and the generation unit stores the specification information of the specification information. The model data may be generated for each type.

  The determination unit may adjust the determination criterion for the risk level according to the specification information newly acquired by the acquisition unit.

  The acquisition unit acquires additional performance information from the gateway stepwise according to the risk level determined by the determination unit, and the determination unit determines the risk level based on the additional performance information. May be adjusted.

  When the risk level is within a predetermined range, the management unit may notify the risk level to a predetermined administrator terminal.

  The management unit may receive control method instruction data for the gateway from the administrator terminal in response to notifying the administrator terminal of the risk level.

  The determination unit may determine the risk level at predetermined time intervals.

  The authentication method according to the present invention includes an acquisition step of acquiring performance information indicating communication behavior of a plurality of devices accommodated in a gateway from the gateway, a device information storage step of storing the performance information, and the storage Based on the obtained performance information, a generation step for generating model data indicating a normal behavior of the device, a determination model storage step for storing the model data, and the newly acquired performance information are compared with the model data. Then, the computer executes a determination step of determining a risk level of the device corresponding to the performance information, and a management step of managing connection of the device to the external network from the gateway according to the risk level. .

  An authentication program according to the present invention includes an acquisition step of acquiring performance information indicating communication behavior of a plurality of devices accommodated in a gateway from the gateway, a device information storage step of storing the performance information, and the storage Based on the obtained performance information, a generation step for generating model data indicating a normal behavior of the device, a determination model storage step for storing the model data, and the newly acquired performance information are compared with the model data. And determining the risk level of the device corresponding to the performance information, and causing the computer to execute a management step of managing connection of the device to the external network from the gateway according to the risk level. .

  According to the present invention, unauthorized connection of a device to a network can be prevented.

It is a block diagram which shows the function structure of an authentication system. It is a figure which illustrates the criterion of a risk level. It is a flowchart which shows a risk learning process. It is a flowchart which shows a risk analysis process.

Hereinafter, an example of an embodiment of the present invention will be described.
FIG. 1 is a block diagram showing a functional configuration of an authentication system 100 including an authentication server 1 according to the present embodiment.
The authentication system 100 includes an authentication server 1 that executes an authentication process, a gateway 2, a sensor device 3, and an administrator terminal 4.

  The gateway 2 accommodates a plurality of sensor devices 3. For example, the gateway 2 and the sensor device 3 communicate with each other wirelessly or by wire using a predetermined communication protocol such as ZigBee (registered trademark), WiFi (registered trademark), Bluetooth (registered trademark), or the like. The gateway 2 controls connection or disconnection to a predetermined network 6 such as 3G or 4G, and connects the sensor device 3 to, for example, the cloud database 5 on the Internet.

  The sensor device 3 is a device that is installed in, for example, a house, a store, a public facility, or a building, and acquires environmental information and transmits it to the cloud. The sensor device 3 includes various existing sensors such as a thermometer, a hygrometer, an accelerometer, a fire detector, a human sensor, and a camera.

  The administrator terminal 4 is a terminal used by an authorized user (administrator) of the sensor device 3 and is connected to the authentication server 1 via the network 7. This network 7 may be at least partially in common with the network 6 through which the gateway 2 accesses the cloud.

  The authentication server 1 includes a control unit 10, a storage unit 20, and a communication unit 30, and performs risk level authentication of the sensor device 3 based on data acquired from the gateway 2.

The control unit 10 is a part that controls the entire authentication server 1, and implements various functions in the present embodiment by appropriately reading and executing various programs stored in the storage unit 20. The control unit 10 may be a CPU (Central Processing Unit).
Details of the function of each unit included in the control unit 10 will be described later.

  The storage unit 20 is a storage area for various programs and various data for causing the hardware group to function as the authentication server 1, and may be a ROM, a RAM, a flash memory, a hard disk (HDD), or the like. Specifically, the storage unit 20 stores an authentication program that causes the control unit 10 to execute each function of the present embodiment, a device information DB (database) 21, a determination model DB 22, and the like.

The device information DB 21 accumulates specification information of a plurality of sensor devices 3 and performance information indicating communication behavior in association with each other.
The specification information is information indicating the type and performance of the device, including, for example, the identifier of the sensor device 3, device class, position information, CPU type, memory capacity, and the like.
The performance information includes, for example, a data amount, a data transfer interval, a packet sequence number, the number of connection requests, and the like.

  The determination model DB 22 stores model data indicating normal behavior of the sensor device 3. The sensor device 3 that shows a behavior deviating from the model data is determined as an unauthorized device.

  The communication unit 30 is a network adapter when the authentication server 1 communicates with other devices. Specifically, the communication unit 30 communicates with the gateway 2 via a predetermined network 6 to receive device information and transmit control signals.

Next, the function of the control unit 10 will be described in detail.
The control unit 10 includes an acquisition unit 11, a generation unit 12, a determination unit 13, and a management unit 14.

  The acquisition unit 11 acquires specification information and performance information of the plurality of sensor devices 3 from the gateway 2. The sensor device 3 has specification information about itself, and shares this specification information with the gateway 2 when connecting to the gateway 2. Then, the gateway 2 associates the specification information with the performance information and transmits it as metadata to the authentication server 1.

  Further, the acquisition unit 11 acquires additional performance information from the gateway 2 in a stepwise manner according to the risk level determined by the determination unit 13. The additional performance information may be information indicating the content of communication such as communication log data, and is information for more accurately determining the risk level.

  The generation unit 12 generates model data indicating normal behavior of the sensor device 3 for each type of specification information based on the performance information accumulated in the device information DB 21.

The determination unit 13 collates the performance information newly acquired by the acquisition unit 11 with the model data of the determination model DB 22 and determines the risk level of the sensor device 3 corresponding to the performance information.
At this time, the determination unit 13 adjusts the risk level determination criterion according to the specification information newly acquired by the acquisition unit 11.

Further, when the acquisition unit 11 acquires additional performance information, the determination unit 13 adjusts the risk level based on the additional performance information. For example, as the determined risk level is higher, the determination unit increases the performance information to be acquired and improves the reliability of the risk level.
The risk level determination based on the additional information may be based on comparison with model data including the additional information, or may be based on comparison with known illegal information or normal information.
In addition, the performance information acquired by the acquisition unit 11 in the first stage for risk level determination may be of less types than the performance information accumulated for generating model data. In this case, only part of the model data is referred to for risk level determination. Then, the determination unit 13 requests the remaining types of performance information in the second and subsequent stages.

  The determination unit 13 may continuously acquire specification information and performance information from the gateway 2, but may receive device information at predetermined time intervals and intermittently perform device information accumulation and risk level determination.

FIG. 2 is a diagram exemplifying risk level determination criteria according to the present embodiment.
The determination unit 13 compares the performance information with the model data, and determines a risk level (for example, levels 1 to 4) according to the degree of deviation from the model data (horizontal axis).

  In addition, the risk level judgment criteria (threshold on the horizontal axis) are adjusted according to the degree of impact on the cloud based on the specification information, that is, the variation of the fraud processing assumed by the type and capability of the sensor device 3 and the degree of threat. To do. Specifically, the higher the influence level, the higher the risk level is determined.

The management unit 14 manages connection of the sensor device 3 to the network 6 according to the risk level determined by the determination unit 13. Specifically, when the determined risk level is within a predetermined range (for example, levels 2 to 3), the management unit 14 notifies the administrator terminal 4 of this risk level and determines the gateway 2 according to the risk level. And the connection of the sensor device 3 to the network 6 is restricted. For example, the management unit 14 completely blocks the connection of the sensor device 3 to the network 6 or allows only some types of packets to be transmitted according to the risk level. At this time, in the case of a clearly safe risk level (for example, level 1) and a risk level (for example, level 4) that can be clearly determined as an unauthorized connection, the management unit 14 notifies the administrator terminal 4 You may control the gateway 2 without doing.
At this time, the management unit 14 may receive the control method instruction data for the gateway 2 from the administrator terminal 4 in response to the notification of the risk level to the administrator terminal 4.

FIG. 3 is a flowchart showing the risk learning process according to the present embodiment.
In step S <b> 1, the acquisition unit 11 acquires specification information and performance information as device information of the sensor device 3 from the gateway 2.

  In step S2, the acquisition unit 11 stores the device information acquired in step S1 in the device information DB 21.

  In step S <b> 3, the generation unit 12 determines whether it is time to generate model data (for example, a predetermined time period). If this determination is YES, the process proceeds to step S4, and if the determination is NO, the process returns to step S1.

  In step S4, the generation unit 12 extracts device information accumulated in a predetermined period from the device information DB 21.

  In step S5, the generating unit 12 generates model data including one or more representative performance information for each device type by clustering the device information extracted in step S4.

  In step S6, the generation unit 12 updates the determination model DB 22, and stores the model data generated in step S5.

FIG. 4 is a flowchart showing risk analysis processing according to the present embodiment.
In step S <b> 11, the acquisition unit 11 acquires specification information and performance information as device information of the sensor device 3 from the gateway 2.

  In step S12, the determination unit 13 compares the device information acquired in step S11 with the determination model DB 22, and determines the risk level.

  In step S13, the determination unit 13 determines whether to acquire additional device information based on the risk level determined in step S12. If this determination is YES, the process returns to step S11, and if the determination is NO, the process proceeds to step S14.

  In step S14, the management unit 14 determines whether or not the risk level determined in step S12 is within a predetermined range (for example, level 2 or 3). If this determination is YES, the process proceeds to step S15, and if the determination is NO, the process proceeds to step S18.

  In step S15, the management unit 14 notifies the manager terminal 4 of the risk level determined in step S12.

  In step S16, the management unit 14 determines whether a control instruction has been received from the administrator terminal 4 as a response to the notification in step S15. If this determination is YES, the process proceeds to step S19, and if the determination is NO, the process proceeds to step S17.

  In step S17, the management unit 14 determines whether or not a predetermined time has elapsed since the risk level was notified in step S15. If this determination is YES, the process proceeds to step S18, and if the determination is NO, the process returns to step S16.

  In step S <b> 18, the management unit 14 performs predetermined control based on the determined risk level for the gateway 2 to restrict connection of the sensor device 3 to the network 6.

  In step S <b> 19, the management unit 14 performs control instructed by the administrator terminal 4 to the gateway 2 to restrict connection of the sensor device 3 to the network 6.

  This risk analysis process may be executed in a predetermined cycle, or may be executed in response to an instruction from the administrator terminal 4 or a direct instruction input to the authentication server 1.

According to the present embodiment, the authentication server 1 determines the risk level of unauthorized connection by checking against model data indicating normal behavior generated from the history of performance information of the sensor device 3. Thereby, since the authentication server 1 can control the connection to the network 6 by the sensor device 3 according to the determined risk level, the unauthorized connection of the sensor device 3 to the network 6 can be prevented.
As a result, the authentication server 1 can reduce the risk of getting on the network 6 due to unauthorized connection by a third party, the risk of being used as a stepping stone for network attacks, the risk of information leakage due to intrusion into the network 6, and the like.

Moreover, since the authentication server 1 acquires the specification information of the sensor device 3 and generates model data for each type, the reliability of the determination model is improved, and the accuracy of unauthorized connection detection can be improved.
Furthermore, since the authentication server 1 adjusts the risk level determination criteria according to the specification information, the risk level is appropriately determined with respect to the variation of fraud processing and the degree of threat that change according to the performance of the sensor device 3. can do.

  Moreover, since the authentication server 1 acquires additional device information in steps according to the determined risk level and adjusts the risk level, the amount of information is increased as the risk level is higher, and more accurate determination is performed. Can do. Furthermore, since the authentication server 1 can reduce the device information acquired at the normal time or when the risk level is low, the communication amount and the processing load can be reduced.

In addition, since the authentication server 1 notifies the administrator terminal 4 of the determined risk level, an authorized user of the sensor device 3 can quickly grasp and deal with the occurrence of the risk.
Furthermore, the authentication server 1 can perform appropriate control on the connection of the sensor device 3 to the network 6 based on the judgment of the user by receiving the control method instruction data from the administrator terminal 4. .

  Moreover, since the authentication server 1 determines the risk level intermittently at a predetermined time interval, it is possible to suppress the determination process from being repeated more than necessary, and to reduce the communication amount and the processing load.

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. Further, the effects described in the present embodiment are merely a list of the most preferable effects resulting from the present invention, and the effects of the present invention are not limited to those described in the present embodiment.

  The authentication method by the authentication server 1 is realized by software. When realized by software, a program constituting the software is installed in the information processing apparatus (authentication server 1). These programs may be recorded on a removable medium such as a CD-ROM and distributed to the user, or may be distributed by being downloaded to the user's computer via a network.

DESCRIPTION OF SYMBOLS 1 Authentication server 2 Gateway 3 Sensor device 4 Manager terminal 5 Cloud database 10 Control part 11 Acquisition part 12 Generation part 13 Determination part 14 Management part 20 Storage part 21 Device information DB
22 Judgment model DB
30 Communication Department

Claims (9)

An acquisition unit for acquiring performance information indicating communication behavior of a plurality of devices accommodated in the gateway from the gateway;
A device information storage unit for accumulating the performance information;
Based on performance information accumulated in the device information storage unit, a generation unit that generates model data indicating normal behavior of the device;
A determination model storage unit for storing the model data;
The performance information newly acquired by the acquisition unit is compared with the model data, and a determination unit that determines a risk level of a device corresponding to the performance information,
An authentication server comprising: a management unit that manages connection of the device to an external network from the gateway according to the risk level determined by the determination unit. The acquisition unit further acquires specification information of the device from the gateway,
The device information storage unit stores the specification information and the performance information in association with each other,
The authentication server according to claim 1, wherein the generation unit generates the model data for each type of the specification information.   The authentication server according to claim 2, wherein the determination unit adjusts the risk level determination criterion according to the specification information newly acquired by the acquisition unit. The acquisition unit acquires additional performance information from the gateway stepwise according to the risk level determined by the determination unit,
The authentication server according to claim 1, wherein the determination unit adjusts the risk level based on the additional performance information.   The authentication server according to claim 1, wherein, when the risk level is within a predetermined range, the management unit notifies the predetermined administrator terminal of the risk level.   The authentication server according to claim 5, wherein the management unit receives instruction data of a control method for the gateway from the administrator terminal in response to notifying the administrator terminal of the risk level.   The authentication server according to claim 1, wherein the determination unit determines the risk level at predetermined time intervals. An acquisition step of acquiring performance information indicating communication behavior of a plurality of devices accommodated in the gateway from the gateway;
A device information storage step for accumulating the performance information;
Generating a model data indicating a normal behavior of the device based on the accumulated performance information;
A determination model storing step for storing the model data;
Newly acquired performance information is compared with the model data, and a determination step of determining a risk level of a device corresponding to the performance information;
An authentication method in which a computer executes a management step of managing connection of the device to an external network from the gateway according to the risk level. An acquisition step of acquiring performance information indicating communication behavior of a plurality of devices accommodated in the gateway from the gateway;
A device information storage step for accumulating the performance information;
Generating a model data indicating a normal behavior of the device based on the accumulated performance information;
A determination model storing step for storing the model data;
Newly acquired performance information is compared with the model data, and a determination step of determining a risk level of a device corresponding to the performance information;
An authentication program for causing a computer to execute a management step of managing connection from the gateway to the external network by the device according to the risk level.

Images