JP6532438B2 - Wireless communication system, terminal and program - Google Patents

Description

  The present invention relates to a wireless communication system, a terminal and a program.

  BACKGROUND In recent years, an IoT (Internet of Things) technology has been developed in which a terminal having a network communication function is attached to various objects and data obtained in the objects is transmitted to an external server or the like by the terminals. For example, it is conceivable to install a terminal on a door as an object, detect opening and closing of the door, and send out a signal indicating that the door is open or a signal indicating that the door is closed. ing.

  As an example of such a terminal, one that conforms to a communication standard (Non-Patent Document 1) called LoRa (registered trademark) (Long Range) has been considered in recent years. In this standard, a terminal communicates wirelessly with a server installed in the vicinity, and transmits data obtained on the terminal side to the server.

  In addition, before starting communication with the server, the terminal requests communication from the server (connection request), and after receiving assignment of a network address from the server, starts communication of data. There is. Furthermore, a unique encryption key is set in advance for each terminal, and the encryption key for each terminal is stored in advance also on the server side.

  Specifically, in the sequence at the start of communication, as illustrated in FIG. 4, first, the terminal T sends a connection request (Join-Request) to the network to the server S (S1). The connection request includes a device identifier (DevEUI: Device Extended Unique Identifier), an application identifier (AppEUI: Application Extended Unique Identifier), and a device nonce (DevNonce). Here, the device identifier is an extension of the MAC address (Media Access Control address) set for the terminal T to 64 bits, and the application identifier is an identifier unique to each application executed on the terminal T Nonce is a random value issued on the terminal T side. This connection request is not encrypted but sent in plaintext.

  The server S having received this connection request issues a unique device address and an application nonce (AppNonce) to the terminal T (S2), and the issued device address (DevAddr) and a network identifier (NetID). , And an application nonce (AppNonce) are encrypted by using the encryption key AppKey unique to the terminal T and sent out (S3).

  The terminal T receives and decrypts the encrypted response to obtain a device address (DevAddr). Also, a network encryption key (NwkSKey) and an application encryption key (AppSKey) are generated (S4). Also in the server S, a network encryption key (NwkSKey) and an application encryption key (AppSKey) are generated in the same procedure as the terminal T (S5).

  For generation of the network encryption key (NwkSKey) and the application encryption key (AppSKey), an encryption key AppKey unique to the terminal T, an application nonce, a network identifier, and a device nonce are used as parameters. In addition, since the generation algorithm is public, when the above parameters are known, the network encryption key (NwkSKey) and the application encryption key (AppSKey) can also be known. Thereafter, the terminal T encrypts the data to be transmitted with the network encryption key (NwkSKey) and sends it out (S6). At this time, the terminal T includes the device address in the data to be sent. Then, the server S decrypts the encrypted data with the network encryption key (NwkSKey) generated in step S5, and takes out the data transmitted by the terminal T (S7).

LoRaWAN Specification 1.0 (available from inet: https://www.lora-alliance.org/Contact/RequestSpecificationForm.aspx)

  However, according to the above communication start sequence, the response to the connection request from a specific terminal is always encrypted with the encryption key AppKey unique to the terminal, so once AppKey is known, application nonce and Since the network identifier and the device nonce can be acquired, there is a problem that the network encryption key used in the subsequent communication can also be known.

  The present invention has been made in view of the above-mentioned circumstances, and a wireless communication system, a terminal, which can increase the strength of encryption of communication between a terminal and a server in LoRa (registered trademark) without increasing the number of times of communication. And providing a program is one of its purposes.

  The present invention, which solves the problems of the above-described conventional example, holds a plurality of connection request communication encryption key candidates that can be decrypted by the terminal in a wireless communication system including a terminal and a server that communicate with each other wirelessly. Means, means for issuing an encryption key for accept communication used by the server, and a plurality of connection request communication encryption key candidates for holding a plurality of connection requests including the issued encryption key for accept communication. A means for encrypting using the encryption key for connection request communication selected from the above and a means for sending out the encrypted connection request to the server are included.

  At the start of communication, the strength of encryption of communication between the terminal and the server can be increased without increasing the number of times of communication between the terminal and the server.

FIG. 1 is a configuration block diagram illustrating an example of a wireless communication system according to an embodiment of the present invention. It is a functional block diagram showing the example of the terminal which concerns on embodiment of this invention. It is a flowchart showing the example of communication in the radio | wireless communications system which concerns on embodiment of this invention. 1 is a flow chart representing an example of communication in a conventional wireless communication system.

  Embodiments of the present invention will be described with reference to the drawings. The wireless communication system according to the embodiment of the present invention is configured to include a terminal 1 and a server 2 as shown in FIG. The terminal 1 is also connected to the sensor 3.

  The terminal 1 according to the present embodiment includes a control unit 11, a storage unit 12, a communication unit 13, and an input / output unit 14. Here, the control unit 11 is a program control device such as a CPU, issues an encryption key Ka for accept communication to be used by the server 2, and a connection request including the issued encryption key Ka for accept communication will be described later. Encryption is performed using a connection request communication encryption key Kq selected from among a plurality of connection request communication encryption key candidates Kq1, Kq2,. Then, the control unit 11 sends the encrypted connection request to the server 2. The control unit 11 accepts the response including the assignment information of the network address as a response to the connection request from the server 2, and uses the network address specified by the information included in the response to the signal input from the sensor 3 The relevant information is sent to the server 2 address. The operation of the control unit 11 will be described later.

  The storage unit 12 is configured to include a non-volatile memory device and the like. The storage unit 12 stores a program to be executed by the control unit 11. The program may be provided stored in a computer readable non-transitory storage medium such as a DVD-ROM, and may be stored in the storage unit 12. Further, the storage unit 12 stores a plurality of connection request communication encryption key candidates (here, used as public keys) Kq1, Kq2,... Kqn that can be decrypted by the server 2.

  The communication unit 13 is a network interface or the like, and in the example of the present embodiment, communicates with the server 2 wirelessly. The communication unit 13 sends data output by the control unit 11 to the server 2 in accordance with an instruction input from the control unit 11. The communication unit 13 also outputs data received from the server 2 to the control unit 11. The input / output unit 14 is connected to the sensor 3, receives an input of a signal output from the sensor 3, and outputs the signal to the control unit 11.

  Here, the operation of the control unit 11 will be described. In this embodiment, the control unit 11 functionally has an encryption key selection unit 31, an encryption key issuing unit 32, a connection request generation unit 33, and a connection request transmission unit 34, as illustrated in FIG. And a response decryption unit 35, a network encryption key generation unit 36, a data transmission control unit 37, and a command processing unit 38.

  The encryption key selection unit 31 selects one of the connection request communication encryption key candidates Kq1, Kq2, ... Kqn stored in the storage unit 12 as the connection request communication encryption key Kq. This selection may be made randomly. The encryption key issuing unit 32 issues an accept communication encryption key Ka used when the server 2 encrypts the response. The accept communication encryption key Ka is an encryption key instead of the encryption key AppKey unique to the conventional terminal.

  In one example of the present embodiment, even if the encryption key issuing unit 32 generates a random value having the same data length as the conventional encryption key AppKey as the encryption key for accept communication, the encryption key for accept communication is issued. Alternatively, the acceptance communication encryption key may be selected from a plurality of predetermined acceptance communication encryption key candidates.

  The connection request generation unit 33 generates data including a device identifier (DevEUI), an application identifier (AppEUI), a device nonce (DevNonce) issued by the control unit 11, and an encryption key for accept communication (Ka), and this data Are encrypted with the connection request communication encryption key Kq selected by the encryption key selection unit 31 and output to the connection request transmission unit 34. The connection request transmission unit 34 transmits the encrypted data generated by the connection request generation unit 33 to the server 2.

  The response decryption unit 35 uses the response received from the server 2 as the decryption key corresponding to the accept communication encryption key Ka issued by the encryption key issuing unit 32 (the accept communication encryption key Ka is used for encryption by the symmetric encryption method) If it is possible, this decryption key becomes the encryption key Ka for accept communication itself) and decrypts the device address (DevAddr), the application nonce (AppNonce) issued by the server 2, and the network identifier (NetID). get.

  The network encryption key generation unit 36 uses the application nonce (AppNonce), the network identifier (NetID), and the device nonce (DevNonce) included in the connection request generated by the connection request generation unit 33 and is unique to the terminal. Using the encryption key Ka for accept communication issued by the encryption key issuing unit 32 instead of the encryption key AppKey in the above, and the network encryption key (NwkSKey) and the application according to the operation defined in the conventional LoRa (registered trademark) standard Generate an encryption key (AppSKey). This network encryption key corresponds to the data transmission encryption key of the present invention.

  The data transmission control unit 37 encrypts data representing a signal input from the sensor 3 with the network encryption key (NwkSKey) generated by the network encryption key generation unit 36 and sends the data to the server 2.

  When the command processing unit 38 receives a command from the server 2, the command processing unit 38 is configured such that the decryption key (network encryption key (NwkSKey) corresponding to the network encryption key (NwkSKey) generated by the network encryption key generation unit 36 is symmetric encryption. If it is used for encryption by the encryption scheme, this decryption key is decrypted with the network encryption key (NwkSKey) itself), and the command sent out by the server 2 is taken out. The command processing unit 38 executes processing in accordance with the extracted command (for example, temporarily stopping data transmission).

  In addition, the server 2 communicating with the terminal 1 is connected to the wireless gateway GW, and communicates wirelessly with the terminal 1 via the wireless gateway GW. That is, the terminal 1 transmits data addressed to the server 2 to the wireless gateway GW, and transmits data addressed to the server 2 to the server 2 to which the wireless gateway GW is connected by wire. Further, in this example, data addressed to the terminal 1 from the server 2 is also transmitted to the terminal 1 wirelessly via the wireless gateway GW. A plurality of wireless gateways GW may be provided, and the wireless gateway GW and the server 2 may be connected by a wired network including the Internet and the like.

The server 2 operates as follows. In the server 2, decryption keys corresponding to the connection request communication encryption key candidates Kq1, Kq2, ... Kqn stored in advance by the terminal 1 (corresponding to the connection request communication encryption key candidates Kq1, Kq2, ... Kqn respectively) Secret key)).
In this example, although connection request communication encryption key candidates Kq1, Kq2, ... Kqn are public keys, connection request communication encryption key candidates Kq1, Kq2, ... Kqn are used in the symmetric encryption method. In the case of the encryption key to be stored, the decryption key held by the server 2 is the encryption key candidate for connection request communication Kq1, Kq2,.

  Then, when the encrypted connection request is received from the terminal 1, the server 2 sequentially selects each decryption key corresponding to the encryption key candidates for connection request communication Kq1, Kq2, ... Kqn, using the selected decryption key. Until the decryption is successful, the selected decryption key is used to attempt to decrypt the received data.

  When the decryption is successful, the server 2 extracts a device identifier (DevEUI), an application identifier (AppEUI), a device nonce (DevNonce), and an encryption key Ka for accept communication from the decrypted connection request. Then, the server 2 issues a device address (DevAddr) unique to the terminal 1 and an application nonce (AppNonce) in the same manner as in the conventional method, and the issued device address (DevAddr) and a network identifier (NetID) The response including the application nonce (AppNonce) is encrypted with the taken out encryption key for accept communication Ka and sent to the terminal 1.

  The server 2 also generates a network encryption key (NwkSKey) and an application encryption key (AppSKey) in the same manner as in the prior art. At this time, instead of the encryption key AppKey unique to the terminal 1 conventionally used as a parameter, the encryption key Ka for accept communication received from the terminal 1 is used.

  The server 2 decrypts the data received from the terminal 1 with the decryption key corresponding to the network encryption key (NwkSKey), takes out the data transmitted by the terminal 1, and performs predetermined processing (a device address assigned to the terminal 1 of the transmission source) Processing such as recording in association with

  When sending a command to the terminal 1 in accordance with an instruction from the administrator or the like, the server 2 encrypts the command to be sent with the network encryption key (NwkSKey) and sends it to the terminal 1.

  The wireless communication system of the present embodiment has the above configuration, and operates as follows. In the example of the present embodiment, the terminal 1 and the server 2 execute the process illustrated in FIG. 3 at the start of the communication, instead of the conventional method shown in FIG. That is, first, the terminal 1 randomly selects one of the connection request communication encryption key candidates Kq1, Kq2,... Kqn stored in the storage unit 12 as the connection request communication encryption key Kq (S11). The terminal 1 also issues a random number value having the same data length as the conventional encryption key AppKey, and uses this random number value as the encryption key for accept communication Ka used when the server 2 encrypts the response (S12).

  The terminal 1 generates data including a device identifier (DevEUI), an application identifier (AppEUI), a separately issued device nonce (DevNonce), and an acceptance communication encryption key Ka, and this data is selected in step S11 It encrypts with the request communication encryption key Kq (S13), and sends it to the server 2 as a connection request (Join-Request) (S14). In FIG. 3, the fact that the data elements α, β,... Such as device identifiers are encrypted with the encryption key K is denoted as Enq (K; α, β,...).

  When the encrypted connection request is received from the terminal 1, the server 2 selects one of the decryption keys corresponding to the connection request communication encryption key candidates Kq1, Kq2,. A selection is made (S15), and decryption is attempted using the selected decryption key (S16). The server 2 determines whether the decryption is successful (S17), and if it is not successful (S17: No), the process returns to the process S15, selects another decryption key, and continues the process. If it is determined in the process S17 that the decryption is successful (S17: Yes), the device identifier (DevEUI), the application identifier (AppEUI), the device nonce (DevNonce), and the encryption key Ka for accept communication are taken out from the decrypted connection request . Then, the server 2 issues a device address (DevAddr) unique to the terminal 1 and an application nonce (AppNonce) in the same manner as the conventional method (S18), the issued device address (DevAddr), and a network identifier (NetID). And the application nonce (AppNonce) are encrypted with the taken out communication key for accept communication Ka (S19), and sent to the terminal 1 as a response to the connection request (S20).

  The terminal 1 decrypts the response received from the server 2 with the decryption key corresponding to the encryption key Ka for accept communication issued in step S12, and the device address (DevAddr) and the application nonce (AppNonce) issued by the server 2 And a network identifier (Net ID) (S21).

  The terminal 1 receives the encryption key for accept communication Ka issued in step S12, the application nonce (AppNonce), the network identifier (NetID), and the device nonce (DevNonce) included in the connection request generated by the connection request generation unit 33. To generate a network encryption key (NwkSKey) and an application encryption key (AppSKey) in the same manner as in the prior art, using the acceptance communication encryption key Ka instead of the terminal-specific encryption key AppKey. S22).

  At this time, also in the server 2, the encryption key for accept communication Ka, the application nonce (AppNonce), the network identifier (NetID), and the device nonce (DevNonce) included in the connection request generated by the connection request generation unit 33. The network encryption key (NwkSKey) and the application encryption key (AppSKey) are generated by the same method as the conventional method using the acceptance communication encryption key Ka instead of the terminal-specific encryption key AppKey using .

  Thereafter, the terminal 1 encrypts data representing a signal input from the sensor 3 with the network encryption key (NwkSKey) generated in step S22, and sends the data to the server 2 (S24).

  Then, the server 2 decrypts the data received from the terminal 1 with the decryption key corresponding to the network encryption key (NwkSKey) generated in step S23, and takes out the data sent by the terminal 1 (S25). Execute processing such as recording in association with the device address assigned to.

  According to the example of the present embodiment, even if the encryption key Ka for accept communication is leaked once, a different encryption key for accept communication Ka is issued at the start of the next communication, so an opportunity to illegally acquire the network encryption key is provided. It can be reduced. That is, according to the present embodiment, at the start of communication in accordance with the LoRa (registered trademark) standard, the number of times of communication between the terminal 1 and the server 2 is increased until the generation of the network encryption key. Instead, the strength of encryption of communication between the terminal 1 and the server 2 can be increased.

Reference Signs List 1 terminal, 2 server, 3 sensor, 11 control unit, 12 storage unit, 13 communication unit, 14 input / output unit, 31 encryption key selection unit, 32 encryption key issuing unit, 33 connection request generation unit, 34 connection request transmission unit, 35 response decryption unit, 36 network encryption key generation unit, 37 data transmission control unit, 38 command processing unit.

Claims (5)

A wireless communication system including a terminal and a server that communicate with each other wirelessly, wherein
The terminal is
A unit that holds a plurality of encryption key candidates for connection request communication that can be decrypted by the server;
A means for issuing an encryption key for accept communication used by the server at the start of communication for transmitting a connection request ;
Means for encrypting a connection request including the issued encryption key for accept communication, using the encryption key for connection request communication selected from among the plurality of encryption key candidates for connection request communication that are held in plurality;
Means for sending the encrypted connection request to the server;
Including
A server that decrypts the encrypted connection request and extracts an encryption key for accept communication;
A means for encrypting the response using the extracted accept communication encryption key when responding to the connection request;
Wireless communication system including: A terminal that wirelessly sends a signal to a server, and
A unit that holds a plurality of encryption key candidates for connection request communication that can be decrypted by the server;
A means for issuing an encryption key for accept communication used by the server at the start of communication for transmitting a connection request ;
Means for encrypting a connection request including the issued encryption key for accept communication, using the encryption key for connection request communication selected from among the plurality of encryption key candidates for connection request communication that are held in plurality;
Means for sending the encrypted connection request to the server;
A means for receiving a response encrypted from the server using the encryption key for accept communication;
Means for decoding the received response;
Terminals that contain The terminal according to claim 2, wherein
The means for issuing the acceptance communication encryption key is a terminal that generates a random value as the acceptance communication encryption key. The terminal according to claim 2 or 3, wherein
Means for generating a data transmission encryption key using information included in the decrypted response;
Means for accepting data to be sent to the server;
Means for encrypting the received data with the generated data transmission encryption key and transmitting the encrypted data to the server;
Terminals that further include A terminal that transmits a signal to the server wirelessly
A unit that holds a plurality of encryption key candidates for connection request communication that can be decrypted by the server;
A means for issuing an encryption key for accept communication used by the server at the start of communication for transmitting a connection request ;
Means for encrypting a connection request including the issued encryption key for accept communication, using the encryption key for connection request communication selected from among the plurality of encryption key candidates for connection request communication that are held in plurality;
Means for sending the encrypted connection request to the server;
A means for receiving a response encrypted from the server using the encryption key for accept communication;
Means for decoding the received response;
A program to function as

Images