JPWO2013145026A1 - Network system, node, verification node, and communication method - Google Patents

Abstract

An object is to effectively verify a packet flowing in a network.
[Solution]
In a network system including a plurality of nodes and a verification node having a higher processing capability than the plurality of nodes, a verification node is configured to establish a transmission route for the second packet by exchanging the first packet between the plurality of nodes. A communication unit that transmits a third packet including an identifier indicating that the node is a verification node to at least some of the plurality of nodes, and a second packet is received from the plurality of nodes by the communication unit. Has a verification unit that verifies the validity of the second packet, and each of the plurality of nodes receives a first packet from another node and receives a third packet from the verification node; And a control unit that determines a transmission destination of the second packet from among the verification node and other nodes based on the first packet and the third packet.

Description

  The technology disclosed in this specification relates to a technology for transmitting and receiving packets in an ad hoc network.

  An ad hoc network is a type of self-configuring network that is linked by wireless communication. An ad hoc network is composed of a plurality of devices having a communication function. A device having a communication function in an ad hoc network is called a node. In addition, each node in the ad hoc network transmits and receives packets by multi-hop communication via nodes other than the communication target node, so that the communication target can be transmitted without going through a relay station such as an access point or a base station. Communication with the other node becomes possible. Multi-hop communication is a technology that enables nodes that do not exist within the communication range of each other to communicate via another node that exists within the communication range of each node.

  For example, as a system using an ad hoc network, there is a meter-reading system that collects power consumption of each home via the ad hoc network by incorporating a node capable of wireless communication into the power meter of each home. In the meter-reading system, a packet including the power consumption amount of each home detected by each electric meter is transferred from each node included in each home electric meter to the server of the electric power company. In such a system, in order to handle personal information such as the power consumption of each household in the ad hoc network, it is required to perform secure communication from the viewpoint of confidentiality and prevention of tampering.

  There is a technique for ensuring the confidentiality of information included in a packet by encrypting a packet transmitted and received between nodes in an ad hoc network.

  Further, the node that received the packet verifies the integrity of the data in the packet and the validity of the transmission source of the packet. Note that the integrity of data in a packet means that the data set in the packet is not falsified or lost. The validity of the packet transmission source means that a node that normally participates in the ad hoc network is the transmission source.

  For example, there is a technique in which each node detects a malicious packet transmitted from an unauthorized node by executing verification of a message authentication code (MAC) on the received packet. When the technology detects an illegal packet, the technology discards the packet (Patent Document 1).

International publication WO2011-121713

  When each node performs a process of verifying a packet, each node is subjected to a load due to the verification process in addition to the packet transmission / reception process. Especially when the processing capability of each node is not high, it is necessary to suppress processing loads other than transmission / reception processing as much as possible.

  Furthermore, when a large number of packets are sent from an unauthorized node to the network, the verification processing load on the entire network increases. In other words, since a large number of packets are verified at each node, the processing load caused by the verification process causes a decrease in packet transfer speed in the network.

  Therefore, it is conceivable to reduce the processing load due to the verification process in a normal node by causing the apparatus suitable for performing the verification process to perform the verification process. However, in the conventional technique, a packet flowing in the network is appropriately transferred to a device suitable for performing verification processing, and the packet flowing in the network cannot be effectively verified.

  Therefore, an object of the present invention is to effectively verify a packet flowing in a network.

  According to an aspect of the present invention, a transmission route of a second packet is established by exchanging a first packet between a plurality of nodes, and the processing capability is higher than that of the plurality of nodes and the plurality of nodes. In the network system including a high verification node, the verification node transmits, to at least a part of the plurality of nodes, a communication unit that transmits a third packet including an identifier indicating that the verification node is a verification node; When the second packet is received from any one of the plurality of nodes by the communication unit, a verification unit that verifies the validity of the second packet, and each of the plurality of nodes Receiving the first packet from another node of the plurality of nodes and receiving the third packet from the verification node; and the first packet and Based on the third packet, from among the verification node and the other nodes, and a control unit for determining the destination of the second packet.

  According to one aspect of the present invention, it is possible to effectively verify the integrity of data in a packet and the validity of a packet transmission source for a packet flowing in a network.

FIG. 1 is an explanatory diagram for comparing an ad hoc network system according to the present embodiment with a conventional ad hoc network system. FIG. 2 is a diagram illustrating a data configuration example of the management packet. FIG. 3 is a diagram illustrating a data configuration example of a data packet. FIG. 4 is a functional block diagram of the node Nx. FIG. 5 is a diagram for comparing a data configuration example of a conventional routing table with a data configuration example of a routing table according to the present embodiment. FIG. 6 is a diagram for explaining a route through which a time packet arrives from the sink node SN to the node Nb. FIG. 7 is a diagram for explaining exchange of hello packets between nodes. FIG. 8 shows an example of data stored in the key information storage unit 132. FIG. 9 is a functional block diagram of the node Ntest. FIG. 10 is a flowchart of the routing table generation process. FIG. 11 is a flowchart of the transfer process in the node Nx. FIG. 12 is a flowchart of the transfer process in the node Ntest. FIG. 13 is a hardware configuration example of the node Nx. FIG. 14 is a hardware configuration example of the verification node Ntest.

  Exemplary embodiments of a communication device, a communication method, and a system according to the present invention will be described below in detail with reference to the accompanying drawings.

  FIG. 1 is an explanatory diagram for comparing an ad hoc network system according to the present embodiment with a conventional ad hoc network system.

  The conventional ad hoc network system includes a plurality of nodes Nx, a sink node SN, and a server S. The server S and the sink node SN are connected via a normal network 101 such as the Internet, LAN, or WAN. The sink node SN and the node Nx are connected via the ad hoc network 100.

  In the ad hoc network 100, a plurality of nodes Nx are provided. In FIG. 1, nodes Na to Nh are shown as representatives. When it is not necessary to distinguish the nodes Na to Nh, they are denoted as a node Nx.

  The sink node SN is a relay device that connects the ad hoc network 100 and the normal network 101. The sink node SN can transmit and receive both the protocol format information of the ad hoc network 100 and the protocol format information of the normal network 101.

  Also, the sink node SN performs communication by converting information between the ad hoc network 100 and the normal network 101 by protocol conversion. For example, a packet transmitted from any of the nodes Nx in the ad hoc network 100 to the server S is subjected to protocol conversion at the sink node SN. Thereafter, the sink node SN transmits the packet to the normal network 101, so that the packet reaches the server S.

  Each node Nx is a device capable of multi-hop communication with another node Nx or a sink node SN. Note that the other node Nx or the sink node SN needs to exist within a communicable area. In the ad hoc network 100, it is not necessary that all the nodes Na to Nh can directly communicate with the sink node SN, and each node Na to Nh communicates with the sink node SN by passing through other nodes.

  Each node Nx generates a routing table. Each node Nx transmits a packet according to the routing table. In FIG. 1, when a packet is transmitted to a sink node, it is assumed that the conventional ad hoc system follows a route indicated by a white arrow and a hatched arrow.

  For example, when a packet is transmitted from the node Nc toward the sink node SN, the packet passes through the node Nb and the node Na. Further, in the process of transmitting the packet to the sink node SN, the node Nb and the node Na included in the path verify the integrity of the data in the packet and the validity of the packet transmission source. For example, the node Nb and the node Na perform verification using the MAC value.

  On the other hand, the ad hoc network system according to the present embodiment includes a plurality of nodes Nx, a sink node SN, a server S, and a verification node Ntest.

  Ntest is a device having a higher processing capability than the node Nx. The verification node Ntest is a device capable of multihop communication with the node Nx. In the present embodiment, the node Nx can perform multi-hop communication with the verification node Ntest in addition to the other node Nx or the sink node SN. Note that the other node Nx, the sink node SN, and the verification node Ntest need to exist within a communicable area.

  However, any of the node Na to the node Nh may fulfill the Ntest function. In that case, the processing capability is required to be higher than that of other nodes.

  In the present embodiment, the packet is transferred according to the routing table according to the present embodiment. In FIG. 1, when a packet is transmitted to a sink node, the ad hoc system according to the present embodiment follows a route indicated by a white arrow and a black arrow.

  For example, when a packet is transmitted from the node Nc to the sink node SN, the packet passes through the node Nb, Ntest, and node Na. Further, in the process of transmitting the packet to the sink node SN, the node Ntest included in the path verifies the integrity of the data in the packet and the validity of the transmission source of the packet. For example, the node Ntest performs verification using the MAC value.

  Nodes Nb and Na do not have to perform MAC verification. However, if there is a margin in processing capacity, the other nodes Nb and Na may also perform MAC verification. In the following description, it is assumed that verification using the MAC value is performed only by Ntest, and that the node Nx does not perform MAC verification.

  As can be seen from FIG. 1, the ad hoc network system according to the embodiment of the present invention differs from the conventional ad hoc network system in that the packet transmission path includes a path passing through the verification node Ntest.

  Next, a packet flowing through the ad hoc network will be described. A packet flowing through an ad hoc network includes a plurality of types of packets. For example, there are a management packet and a data packet. The management packet is a packet to be broadcast, and is a packet for sharing information necessary for each node Nx or verification node Nx to communicate with other nodes or sink node packets SN. For example, the management packet includes a hello packet for each node to distribute a session key to surrounding nodes and a time packet for a sink node to distribute time information to each node.

  A data packet is a unicast packet that includes data that is to be transmitted to a specified destination.

  FIG. 2 is a diagram illustrating a data configuration example of the management packet. The management packet shown in FIG. 2 is exchanged between the broadcasting device and other devices existing in the communicable range by broadcasting each of the sink node, each node Nx, and the verification node Ntest.

  A header information storage unit 2 and a payload data storage unit 3 are allocated to the management packet 1. The header information storage unit 2 stores header information. The header information includes a destination address, a local source address, a global source address, a packet type, and additional information. The payload data storage unit 3 stores payload data.

  The destination address is a special address dedicated to broadcasting. For example, the destination address is an address “255.255.255.255” prepared in advance. Each node receives a packet transmitted to an address set individually, but also receives a packet transmitted to the special address. That is, a packet in which a special address is set is received by all nodes that are in a range where communication with the node that transmitted the packet is possible.

  The local transmission source address is information related to the address of the device that transmits the management packet 1. In other words, the local transmission source address is rewritten to the address of the main device that transmits data each time a management packet is transmitted once during multi-hop communication. The global transmission source address is information regarding the address of the device that generated the payload data. That is, the global transmission source address is information regarding the address of the device that is the starting point in multihop communication.

  The packet type is information indicating the type of the packet. For example, “0” is set for a time packet that is a management packet, and “1” is set for a hello packet that is a management packet. In the case of a data packet, “2” is set.

  Each node that has received the broadcast management packet determines whether or not to forward the received management packet to another node according to the packet type. For example, when the node Nx receives a management packet in which a special address is set as the destination address, and the packet type is “0”, the received management packet is transferred to another node Nx. That is, the time packet is transferred through the network as a target of multihop communication.

  On the other hand, when the node Nx receives a management packet in which a special address is set as the destination address, if the packet type is “1”, the received management packet is not transferred to another node Nx. That is, the hello packet is excluded from the target of multi-hop communication, and the packet transfer converges at a certain node Nx.

  In this embodiment, in order to unify the data structure of the management packet with the hello packet and the time packet, the header information in the hello packet includes the local transmission source address and the global transmission source address. However, since the same address is set for the local source address and the global source address in the hello packet, only the local source address may be included in the header information of the hello packet.

  The additional information is header information other than the address and packet type, and is information according to the type of packet. For example, when the packet is a time packet, the additional information is information regarding the number of hops. The number of hops is stored as additional information in the header information storage unit 2 of the packet 1. The number of hops is the number of times that the packet has been subjected to multi-hop communication. For example, when the node Nc receives the time packet transmitted by the sink node SN via the node Na and the node Nb, “3” is set as the hop number in the management packet received by the node Nc. Yes.

  When the packet is a hello packet, the additional information is node type information. The node type is stored in the header information storage unit 2 of the packet 1 as additional information. The node type is information indicating the type of the node that generated the hello packet, and is an identifier for identifying the type of the node. For example, when the node that generated the hello packet is the verification node Ntest, the node type is “3”. When the node that generated the hello packet is not the verification node Ntest, the node type is “4”.

  The payload data is information excluding header information. Also, the content of payload data varies depending on the type of packet. For example, when the packet is a time packet, time information is stored in the payload data storage unit 3 of the packet 1 as payload data. Each node Nx or verification node Ntest that has received the time packet acquires time information from the payload data storage unit and sets the time of each node Nx or verification node Ntest.

  For example, when the packet is a hello packet, the payload data is information including a session key. The session key is a key used for communication between two nodes of each node Nx and the verification node Ntest. The session key is used when the payload data is encrypted.

  When the payload data is encrypted with the session key, each node encrypts the payload data with the session key corresponding to the transmission destination. Therefore, the node that transfers the data packet decrypts the payload data in the received data packet with its own session key, and then re-encrypts it with the session key of the next transmission destination. By decoding the payload data, it is possible to verify the legitimacy of the transmission source.

  Each node Nx or verification node Ntest that has received the hello packet acquires session key information from the payload data storage unit, and associates it with the local transmission source address in the key information storage unit of each node Nx or verification node Ntest. Remember.

  On the other hand, the payload data may be encrypted with a server key shared with the sink node SN or the server S instead of the session key. When the server key is used for encryption of payload data, each node does not need to perform decryption and re-encryption. When the sink node SN is designated as the global destination address, the payload data is decoded when the sink node SN receives the packet.

  Thus, since each node Nx does not need to perform decryption and re-encryption processing, the processing load is reduced compared to the case where payload data is encrypted using a session key. When a server key is used for encryption, the payload data storage unit of the hello packet may be empty. In the present embodiment, description will be made assuming that a server key is used for encryption.

  FIG. 3 is a diagram illustrating a data configuration example of a data packet. A header information storage unit 5, a payload data storage unit 6, and a value storage unit 7 are allocated to the data packet 4, respectively. The header information storage unit 5 stores header information. The header information includes a local transmission source address, a local transmission destination address, a global transmission source address, a global transmission destination address, a packet type, and attached information. Payload data is stored in the payload data storage unit 6. The value storage unit 7 stores a value calculated for predetermined data in the packet.

  The local transmission source address, global transmission source address, and packet type are the same information as the management packet 1. However, in the case of a data packet, “2” is set as the packet type.

  The local transmission destination address is information related to the address of the device that is the transmission destination of the data packet 4 in one communication forming the multi-hop communication. The global transmission destination address is information related to the address of the device that finally receives the payload data described in the payload data storage unit 6. That is, the global transmission destination address is information related to the address of a device that is an end point in multihop communication.

  The attached information is header information other than various addresses and packet types. For example, information relating to the number of hops, transmission date and time, and the like is stored as attached information.

  The payload data is information excluding header information and values. The payload data is, for example, data acquired from the sensor by each node Nx. For example, the power consumption data acquired by the node Nc is set in the payload data storage unit 6.

  The value is a value having a predetermined logical relationship with predetermined data in the data packet. For example, the MAC value is calculated for the payload data, the global transmission destination address, and the global transmission source address.

  The data packet shown in FIG. 3 flows in the ad hoc network according to the routing table of each node Nx and verification node Ntest. In this embodiment, the integrity of the data is verified with respect to the payload data in the data packet, and the validity of the global transmission source is verified.

  Next, the processing unit of the node Nx will be described with reference to FIG. FIG. 4 is a functional block diagram of the node Nx.

  The node Nx includes a communication unit 11, a control unit 12, a storage unit 13, and an acquisition unit 14. The communication unit 11 is a processing unit that wirelessly communicates with another node Nx, the verification node Ntest, or the sink node SN. For example, the communication unit 11 transmits / receives a hello packet or a data packet to / from another node Nx existing in a communicable range. When the communication unit 11 can communicate with the verification node Ntest, the communication unit 11 transmits the data packet to the verification node Ntest.

  The control unit 12 is a processing unit that controls various processes of the node Nx. For example, when the node Nx is a global transmission source, the control unit 12 generates various packets. Moreover, the control part 12 produces | generates a routing table based on a management packet. In addition, the control unit 12 determines a node that is a local transmission destination of the data packet based on the routing table.

  The storage unit 13 stores various information. For example, the storage unit 13 stores an encryption key used for encryption processing, a routing table, and the like. The storage unit 13 includes a routing table storage unit 131 and a key information storage unit 132.

  The acquisition unit 14 is a processing unit that acquires data. For example, the acquisition unit 14 acquires data such as power consumption and temperature from a sensor that can communicate with the node Nx. The acquired data is transmitted as payload data of a data packet to another node Nx, verification node Ntest, or sink node.

  The control unit 12 includes a packet generation unit 121, a calculation unit 122, an encryption unit 123, a route generation unit 124, and a decryption unit 125.

  The packet generation unit 121 is a processing unit that generates data packets and hello packets. For example, when the node Nx is the global transmission source, the packet generation unit 121 sets the address of the own node as the global transmission source address and the local transmission source address in the header information storage unit. Furthermore, the global destination address is determined, and the determined global destination address is set in the header information storage unit.

  Then, the packet generation unit 121 sets the data acquired by the acquisition unit 14 in the payload data storage unit. Further, the packet generation unit 121 refers to the routing table stored in the storage unit 13 and determines the local transmission destination address of the data packet. The packet generation unit 121 sets the determined address as the local transmission destination address in the header information storage unit. Further, the packet generation unit 121 sets the packet type “2” indicating the data packet in the header information storage unit.

  When transferring the received data packet, the packet generation unit 121 performs a process of updating the data packet. That is, the local transmission source address and the local transmission destination address are updated. Details will be described later.

  On the other hand, when generating a hello packet, the packet generation unit 121 sets the address of its own node as the global transmission source address and local transmission source address in the header information storage unit. The packet generator 121 sets “1” as the packet type of the hello packet and sets “4” as the node type in the additional information of the hello packet. The node type “4” indicates that the node Nx is not the verification node Ntest. Further, the packet generation unit 121 sets predetermined information such as session key information in the payload data storage unit.

  The calculation unit 122 is a processing unit that calculates a value having a predetermined logical relationship with respect to predetermined data in a data packet when the node Nx is a global transmission source. In the present embodiment, for example, the calculation unit 122 calculates the MAC value for the payload data, the global transmission destination address, and the global transmission source address using the MAC key. The MAC key is a key shared in advance by the node Nx, the verification node Ntest, and the sink node SN. Further, a different MAC key may be used for each node Nx.

  The encryption unit 123 executes payload data encryption processing as necessary. For example, the encryption unit 123 encrypts the payload data using the encryption key stored in the key information storage unit 132.

  The route generation unit 124 generates a routing table based on the management packet received by the communication unit 11. Then, the route generation unit 124 stores the generated routing table in the routing table storage unit 131. The route generation unit 124 updates the routing table every time a management packet is received or periodically.

  Next, the decryption unit 125 decrypts the encrypted payload data as necessary. For example, the decoding unit 125 refers to the header information storage unit in the packet, and determines whether the global transmission destination address is the address of its own node. When the global transmission destination address is the address of its own node, the decryption unit 125 decrypts the payload data.

  Note that the control unit 12 of the node Nx may further include a verification unit. Then, the control unit may cause the verification unit to function when the processing load is less than or equal to the processing capacity of the node Nx. The verification unit verifies the integrity of the payload data and the validity of the global transmission source using the value stored in the received packet. Specifically, the same processing as that of the verification unit 223 of the verification node Ntest described later is performed.

  FIG. 5 is a diagram for comparing a data configuration example of a conventional routing table with a data configuration example of a routing table according to the present embodiment. FIG. 5A is a diagram illustrating a data configuration example of the routing table according to the present embodiment. FIG. 5B is a diagram illustrating a data configuration example of a conventional routing table.

  The routing table stored in the routing table storage unit 131 in this embodiment stores a global transmission destination address, a local transmission destination address, communication strength, the number of hops, a node type, and an evaluation value in association with each other. FIG. 5A shows the routing table of the node Nb.

  On the other hand, the conventional routing table stores a global destination address, a local destination address, communication strength, the number of hops, and an evaluation value in association with each other. That is, the conventional routing table has no information regarding the node type.

  Here, the routing table shown in FIG. 5A shows the communication strength, the number of hops, and the node type in order to explain the difference between the two, but the communication strength, the number of hops, and the node type are different from the routing table. May be managed. In this case, the calculated evaluation value is stored in association with the global destination address and the local destination address based on the communication strength, the number of hops, and the node type. Furthermore, only a combination of a global transmission destination address with a predetermined evaluation value or more and a local transmission destination address may be stored in the routing table.

  The global destination address is information on the address of a device corresponding to the end point in multihop communication. The local transmission destination address is information on an address of a device that is a transmission destination of one communication in the multi-hop communication. The local transmission destination address stores information on the address of another node with which the node Nx storing the routing table can communicate.

  The communication strength is a value indicating the strength of stability in communication between the node corresponding to each local destination address and the own node. For example, the communication strength is calculated based on the number of management packets and the number of data packets received from the node corresponding to the signal reception strength and the local transmission destination address. Further, the communication strength may be calculated based on a communication success probability, an error rate, a received electric field strength, and the like. In this embodiment, the communication strength is the sum of the number of management packets and the number of data packets received from the node corresponding to the local transmission destination address.

  The number of hops is a value indicating how many times the management packet transmitted by the node corresponding to the global transmission destination address has been transferred by the own node. For example, the number of hops set as additional information in the time packet is stored in the item “number of hops” in the routing table.

  The node type is information indicating the type of node corresponding to the local transmission source address. Information corresponding to the node type set in the hello packet is stored in the item “node type” in the routing table.

  The evaluation value is a value indicating which address is preferable as the local destination of the data packet for each combination of the global destination address and the local destination address. That is, the evaluation value indicates the possibility of the data packet being transmitted to each local transmission destination address. The evaluation value is calculated based on the communication strength, the number of hops, and the node type.

  The evaluation value is calculated as a larger value as the communication strength increases or the number of hops decreases. Furthermore, the evaluation value is calculated as a large value when the node type indicates that the node corresponding to the local transmission destination address is a verification node. For example, it is calculated based on Equation 1.

  In Equation 1, the evaluation value is X, the communication strength is A, the hop count is B, the constant is α, and the evaluation coefficient is β. The constant is a value for correcting the evaluation value so as to be in an appropriate range. For example, α is “6”. The evaluation coefficient is a value for weighting according to the node type. That is, the value is changed according to the node type. For example, when the node type is “3” indicating that the node is a verification node, β is “2”. On the other hand, when the node type is “4” indicating that the node is not a verification node, β is “1”.

  Here, as shown in FIG. 5B, the conventional routing table cannot manage the node type. Therefore, the evaluation value is calculated without considering the node type. Therefore, according to the conventional method, the higher the communication strength and the smaller the number of hops, the higher the evaluation value. For example, the evaluation value shown in FIG. 5B is calculated. Therefore, when the global transmission destination address is the address of the sink node SN, the node Nb determines the node Na having the highest evaluation value as the local transmission destination.

  On the other hand, according to the present embodiment, the verification node Ntest is added to the ad hoc network, and the node type is further added in the calculation of the evaluation value. Therefore, the evaluation value corresponding to Ntest is weighted as compared with the evaluation values of other nodes Nx. For example, when the node type is “3”, the route generation unit 124 in the node Nx adopts “2” as the evaluation coefficient, thereby doubling the evaluation value compared to the case of the node Nx. can do.

  Therefore, in this embodiment, when the global destination address is the address of the sink node SN, the node Nb determines the node Ntest having the highest evaluation value as the local destination. Therefore, the data packet that needs to be verified can be transferred to the verification node Ntest.

  In addition, when the node Nx other than the node Nb can communicate with the verification node Ntest, the evaluation value with the verification node as the local transmission destination Ntest is weighted, so that the data packet is sent to the verification node Ntest. The possibility of being transferred increases. As a result, in the entire ad hoc network system, there is a high possibility that packets will be transferred via the verification node Ntest, and illegal packets are effectively discarded from the ad hoc network.

  Next, generation of a routing table by transmission / reception of a management packet will be described in detail with reference to FIGS. First, generation of a routing table when the node Nx receives a time packet will be described. FIG. 6 is a diagram for explaining a path through which a time packet is transferred from the sink node SN to the node Nb. Note that the route generation unit 124 of the node Nx generates a routing table.

  A plurality of routes are conceivable until the time packet is transmitted from the sink node SN and received by the node Nb. In FIG. 6, three routes among a plurality of routes are shown. In FIG. 6, among the nodes Nx illustrated in FIG. 1, the node Na, the node Nb, the node Nd, the node Nf, the verification node Ntest, and the sink node SN are illustrated in order to explain a partial route.

  Note that the time packet flows in the ad hoc network even in the route not shown in FIG. 6 by multi-hop communication. Further, for the nodes other than the node Nb, a routing table is generated in response to the reception of the time packet.

  It is assumed that the nodes Nx that can communicate with the sink node SN are the node Na and the node Nd. Further, it is assumed that the node Na can communicate with the node Ntest and the node Nb. It is assumed that the node Nb can communicate with the node Na, the node Nc, the node Nf, and the verification node Ntest. It is assumed that the node Nd can communicate with the sink node SN, the node Ne, and the node Nf. It is assumed that the node Nf can communicate with the node Nb, the node Nd, the node Ng, the node Nh, and the verification node Ntest. It is assumed that the verification node Ntest can communicate with the node Na, the node Nb, and the node Nf.

  First, the sink node SN sets a special broadcast address as the destination address of the time packet. Furthermore, the sink node SN sets the address of the sink node SN as the local transmission source address and the global transmission source address. Furthermore, the sink node SN sets “0” indicating that it is a time packet to the packet type. Then, the sink node SN sets the hop number “1” as additional information. Further, the sink node SN stores information on time in the payload data storage unit. Then, the sink node SN broadcasts a time packet.

  For example, when the power is turned on, the sink node SN broadcasts a time packet (1001). If the nodes that can communicate with the sink node SN are Na and Nd, the time packet broadcast in 1001 is received by Na and Nb. Here, the node Na and the node Nb recognize that the received packet is a packet addressed to the own node because the address set as the destination address is a special address.

  Here, among the plurality of routes, there is a route 1 through which the time packet reaches the node Nb from the sink node SN via the node Na. In the path 1, the time packet transmitted by the sink node is received by the node Na that can communicate with the sink node (1001). Since the packet type is “0”, the node Na further transfers the received packet.

  Note that before the transfer, the node Na updates the local source address of the time packet and the number of hops as additional information. Specifically, the address of the node Na is set as the local transmission source address, and 1 is added to the hop count. Therefore, the additional information is updated to the hop count “2”. Here, although the details of the generation of the routing table in the node Na will not be described, the generation process of the routing table is also performed in the node Na when the time packet is received.

  Then, the node Na broadcasts the updated time packet (1002). The broadcast time packet is received by the node Nb that can communicate with the node Na. In the example of FIG. 6, the broadcast time packet is also received by the node Ntest that can communicate with the node Na.

  For the time packet that has reached the node Nb via the path 1, the “sink node SN address” is the global source address, the “node Na address” is the local source address, and the hop count “2” is the additional information. "Is set.

  Next, the node Nb adds a new record to the routing table (1003). Specifically, the global transmission source address “address of sink node SN” of the time packet is set as the global transmission destination address. The node Nb sets the local transmission source address “node Na address” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “2” of the time packet as the number of hops in the routing table. Note that the node Nb further transfers the received time packet in the same manner as other nodes.

  On the other hand, there is a path 2 through which the time packet reaches the node Nb from the sink node SN via the node Na and further Ntest. In the path 2, the time packets broadcasted by 1001, 1002, and 1004 in FIG. 6 are received by the Nb.

  In the time packet that has reached the node Nb via the path 2, the global transmission source address is “sink node SN address”, the local transmission source address is “node Ntest address”, and the additional information is the hop count “3”. "Is set.

  The node Nb that has received the time packet transferred through the route 2 adds a new record to the routing table (1005). Specifically, the global transmission source address “address of sink node SN” of the time packet is set as the global transmission destination address. The node Nb sets the local transmission source address “address of the node Ntest” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “3” of the time packet as the number of hops in the routing table.

  Further, there is a path 3 from the sink node SN to the node Nb via the nodes Nd and Nf. In the path 3, the time packets broadcast in 1001, 1006, and 1007 in FIG. 6 are received by Nb.

  The time packet that arrived at the node Nb via the path 3 has the “sink node SN address” as the global source address, the “node Nf address” as the local source address, and the hop number “3” as the additional information. "Is set.

  The node Nb that has received the time packet transferred through the path 3 adds a new record to the routing table (1008). Specifically, the global transmission source address “address of sink node SN” of the time packet is set as the global transmission destination address. The node Nb sets the local transmission source address “address of the node Nf” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “3” of the time packet as the number of hops in the routing table.

  Although not shown in FIG. 6, there is a time packet that reaches the node Nb from the sink node SN via the node Na, the node Ntest, and the node Nf. In this case, “SN address” is set as the global destination address of the routing table, “Nf address” is set as the local destination address, and “4” is set as the number of hops. However, when a record having the same combination of the global transmission address and the local transmission destination address already exists in the routing table, only the record having a smaller hop count may be adopted and the other may be discarded.

  In the following description, when a record having the same combination of the global transmission address and the local transmission address exists in the routing table, only the record having a smaller hop number is used.

  In addition, when the global transmission destination address, the local transmission destination address, and the number of hops are added to the routing table, initial values may be set for the communication strength and the node type. For example, “10” is set as the communication strength and “4” is set as the node type.

  Next, update of the routing table when the node Nx receives a hello packet will be described with reference to FIG. FIG. 7 is a diagram for explaining exchange of hello packets between nodes. Note that the route generation unit 124 of the node Nx updates the routing table.

  The packet generation unit 121 in each node Nx generates a hello packet. For example, the node Na sets a broadcast address as the destination address. Further, the node Na sets the address of the node Na as the global transmission source address and the local transmission source address. In the packet type, “1” indicating a hello packet is set. In addition, “4” indicating that the node is not a verification node is set in the node type as additional information.

  The node Na broadcasts the packet (2001). The node Nb that can communicate with the node Na receives the packet. Although not shown in FIG. 7, other nodes that can communicate with the node Na also receive the packet. The node Nb updates the routing table (2002). The node Nb converges the transfer of the received hello packet because the packet type is “1”.

  Specifically, the node Nb acquires the local transmission source address in the received packet. Then, the routing table stored in the storage unit 13 is referred to, and a record having the local transmission source “node Na address” in the local transmission destination address is specified.

  Then, the node Nb updates the communication strength of the specified record. For example, when using the number of packets received from the node Na as the communication strength, the node Nb adds a predetermined number to the communication strength every time a hello packet is received. For example, 5 is added every time a hello packet or a data packet is received. The node Nb can also calculate the number of received packets per unit time and store it in the communication strength.

  Further, the node Nb updates the node type in the routing table if the node type in the routing table and the node type set as additional information in the hello packet do not match. However, since the node type “4” is set in the hello packet received from the node Na, the node type in the routing table is not updated.

  Next, the node Nb calculates an evaluation value based on the communication strength, the number of hops, and the node type each time various packets are received or periodically. Then, the newly calculated evaluation value is re-registered in the routing table.

  Also, as shown in FIG. 7, the node type in the routing table is updated in the same manner when a hello packet is broadcast from Ntest (2003) and when a hello packet is broadcast from node Nf (2005) (2004, 2006). . However, since the node type “3” is set in the hello packet received from the verification node Ntest, the node type in the routing table is updated to “3”. Therefore, in the process of updating the routing table (2004), the node type is also updated, and the evaluation value is also updated according to the updated node type.

  Note that FIG. 7 is an example of the order in which hello packets are received from each node Na or verification node Ntest. Further, the node Nb also broadcasts a hello packet.

  FIG. 8 shows an example of data stored in the key information storage unit 132. The key information storage unit 132 stores information on the MAC key shown in FIG. 8A. Further, the key information storage unit 132 stores information on the encryption key shown in FIG. 8B. In this embodiment, a common MAC key and encryption key are used in all nodes.

  Further, the MAC key or the encryption key, or both keys may be different for each node. For example, the node Nx corresponding to the global transmission source address may calculate the MAC by using a different MAC key for each node. Then, the calculated MAC value is set in the value storage unit of the data packet.

  On the other hand, when the verification node Ntest receives the data packet, the verification node Ntest performs verification using the MAC key corresponding to the global transmission source address.

  Further, the node Nx corresponding to the global transmission source address may encrypt the information stored in the payload data storage unit by using a different encryption key for each node Nx. In this case, the device serving as the global transmission destination needs to grasp the encryption key of each node Nx in advance. For example, when the global transmission destination is the sink node SN, after receiving the data packet, the sink node SN decrypts the data using the encryption key corresponding to the node Nx of the global transmission source address.

  Next, the processing unit of the verification node Ntest will be described with reference to FIG. FIG. 9 is a functional block diagram of the node Ntest.

  The verification node Ntest includes a communication unit 21, a control unit 22, and a storage unit 23. The verification node Ntest may include an acquisition unit that acquires the detection value detected by the sensor, like the node Nx.

  The communication unit 21 is a processing unit that performs wireless communication with the node Nx. For example, the communication unit 21 exchanges hello packets with the node Nx. The communication unit 21 receives the data packet from the node Nx and transfers the data packet to another node Nx.

  The control unit 22 is a processing unit that controls various processes of the verification node Ntest. For example, the control unit 22 verifies the data packet. Further, the control unit 22 generates a hello packet in which the node type “3” is set.

  The storage unit 23 stores various information. For example, the storage unit 23 stores an encryption key used for encryption processing, a routing table, and the like. The storage unit 23 includes a routing table storage unit 231 and a key information storage unit 232. Note that the data configurations of the routing table storage unit 231 and the key information storage unit 232 are the same as those of the node Nx.

  Further, the control unit 22 includes a packet generation unit 221, a verification unit 222, and a route generation unit 223. Similarly to the node Nx, the control unit 22 in the verification node Ntest may further include an encryption unit and a decryption unit.

  The packet generation unit 221 is a processing unit that generates a hello packet and updates a data packet. For example, the packet generation unit 221 generates a hello packet in which “1” is set as the packet type and “3” is set as the node type in the additional information of the hello packet.

  The verification unit 222 is a processing unit that verifies the packet. The verification unit 222 calculates a value having a predetermined logical relationship with the received packet. Then, the verification unit 222 verifies the integrity of the received packet and the validity of the node that generated the packet by comparing the calculated value with the value stored in the value storage unit 7 of the received packet. To do. In the present embodiment, for example, the verification unit 222 uses a MAC value as a value.

  The route generation unit 223 generates a routing table based on the management packet. Then, the route generation unit 223 stores the generated routing table in the routing table storage unit 231. The route generation unit 223 updates the routing table every time a management packet is received or periodically.

  Here, the routing table generation processing by the node Nx and the verification node Ntest according to the present embodiment will be described. FIG. 10 is a flowchart of the routing table generation process.

  In the following, the routing table generation process when the node Nx is the main body will be described, but the same process is executed also in the verification node Ntest. However, when the subject is the verification node Ntest, in the following description, the communication unit 11 is replaced with the communication unit 21, the route generation unit 124 is replaced with the route generation unit 223, and the routing storage unit 131 is replaced with the routing storage unit 231.

  The communication unit 11 receives the packet (Op. 1). Then, the route generation unit 124 determines whether the packet type set in the received packet is “0” (Op. 2). When the packet type is “0” (Op. YES), the received packet is a time packet.

  The control unit 12 determines whether the time set in the timing unit of the node Nx has been synchronized with the time packet. Note that the timing unit is a processing unit included in the node Nx in addition to the processing units illustrated in FIG. When not synchronized (Op. 3 NO), the control unit 12 synchronizes the time (Op. 4).

  On the other hand, when the synchronization has been completed (Op. 3 YES), the route generation unit 124 refers to the header information storage unit in the received packet. Then, the route generation unit 124 determines whether there is a record in which the combination of the global transmission source address and the local transmission source address stored in the header information storage unit is a combination of the global transmission destination address and the local transmission destination address in the routing table. It is determined whether or not (Op.4). That is, the route generation unit 124 determines whether it is necessary to add a new record. Judge at 4.

  When it is necessary to add a record (Op. 4 YES), the route generation unit 124 adds a new record to the routing table (Op. 6). Specifically, the route generation unit 124 acquires a global transmission source address from the received packet and sets it as the global transmission destination address in the routing table. In addition, the route generation unit 124 acquires a local transmission source address from the received packet, and sets the local transmission source address in the routing table. The route generation unit 124 acquires additional information from the received packet and sets it to the number of hops in the routing table.

  Op. At the time point 6, the route generation unit 124 sets “4” as an initial value, for example, to the node type in the routing table. Further, the route generation unit 124 sets “10” as the initial value for the communication strength, for example.

  The route generation unit 124 calculates an evaluation value based on the communication strength, the number of hops, and the node type (Op. 7). The calculated evaluation value is Op. 6 is stored in the record added.

  On the other hand, when there is no need to add a record (Op.4 NO), the route generation unit 124 identifies a record having the local transmission source address set in the received packet as the local transmission destination address in the routing table. . Then, the route generation unit 124 updates the communication strength in the identified record. For example, the route generation unit 124 adds 5 to the communication strength.

  Then, the route generation unit 124 updates the evaluation value based on the updated communication strength (Op.8). When there are a plurality of records in which the local transmission source address set in the received packet is a local transmission destination address in the routing table, the evaluation value of each record is updated.

  For example, in the flow of FIG. 10, the route generation unit 124 adds a predetermined number to the communication strength every time a new packet is received. However, Op. In 8, it is good also as updating only communication strength. Then, the route generation unit 124 may calculate the evaluation value periodically.

  Next, the communication unit 11 transfers the time packet (Op. 9). Specifically, after the local source address and the hop number of the time packet are updated by the packet control unit 121, the communication unit 11 broadcasts the time packet. Then, the series of processing ends, but when a new packet is received, the node Nx repeats the series of processing.

  On the other hand, when the packet type is not “0” (Op. 2), the route generation unit 124 identifies a record having the local transmission source address set in the packet as the local transmission destination address in the routing table. Then, the route generation unit 124 updates the communication strength of the identified record (Op. 10).

  Next, the route generation unit 124 determines whether the packet type set in the received packet is “1” (Op. 11). If the packet type is “1” (Op. 11 YES), it can be seen that the received packet is a hello packet. When the packet type is “1”, the information acquired from the additional information is updated to “node type” in the routing table (Op.12).

  Here, information regarding the node type is set in the additional information in the hello packet. Therefore, when the node that transmitted the hello packet is the verification node Ntest, the node type in the routing table is updated to “3”.

  On the other hand, when the packet type is not “1” (Op. 11 NO), since the received packet is a data packet, a transfer process described later is executed (Op. 13).

  Next, the route generation unit 124 calculates an evaluation value based on the communication strength, the number of hops, and the node type in the routing table (Op. 14). The evaluation value may be calculated at regular time intervals. Then, the control unit 12 discards the hello packet or the data packet (Op.15).

  Through the above processing, each node Nx can generate and update the routing table. Also, by receiving a packet including the node type, each node Nx can grasp whether or not the verification node test is included in a node that can communicate with each node Nx. Each node Nx can weight the evaluation value for the verification node Ntest in the routing table so that the data packet is preferentially transferred to the verification node Ntest.

  Next, transfer processing in the node Nx according to the present embodiment will be described. FIG. 11 is a flowchart of the transfer process in the node Nx.

  The control unit 12 determines whether or not the global transmission destination address in the data packet matches the own address (Op.20). If they match, it can be seen that the node designated as the global destination of the received data packet is its own node.

  When the global transmission destination is the local node (Op. 20 YES), the decoding unit 125 decodes the payload data in the data packet (Op. 24). The encryption key stored in the key information storage unit 132 is used for decryption.

  On the other hand, when the global transmission destination is not its own node (Op. 20 NO), the forwarding address is determined by referring to the routing table (Op, 21). Specifically, the packet generation unit 121 specifies a record having the highest evaluation value among records including the same global destination address as the global destination address set in the data packet in the routing table. Then, the packet generation unit 121 determines the local transmission destination address included in the identified record as the transfer destination address of the data packet.

  Here, when the local destination address in the record having the highest evaluation value matches the local source address of the received data packet, the local destination address in the record having the next highest evaluation value is set as the transfer destination address. To do. This is to prevent a situation where a data packet is sent back to the local transmission source node.

  Subsequently, the packet generation unit 121 rewrites the local transmission destination address of the received data packet to the determined transfer destination address, and rewrites the local transmission source address to the address of its own node (Op.22). Then, the communication unit 11 transfers the updated data packet to the local transmission destination address (Op.23).

  Through the above processing, the data packet is transferred to the transfer destination address having the highest evaluation value in the routing table. For example, since the evaluation value is weighted, there is a high possibility that the evaluation value is transferred to the verification node Ntest. In addition to weighting the evaluation value, for example, the local transmission destination address of the node type “3” may be determined as the transfer destination.

  Next, transfer processing in the verification node Ntest will be described. FIG. 12 is a flowchart of the transfer process in the node Ntest. When the transfer process in FIG. 10 is the transfer process in the verification node Ntest shown in FIG. 12, naturally, the subject of each process in FIG. 10 is also each processing unit of the verification node Ntest.

  The verification unit 222 calculates a MAC value for the payload data, the global transmission source address, and the global transmission destination address in the data packet (Op.30). The MAC key stored in the key information storage unit 232 is used when calculating the MAC value. Then, the verification unit 222 compares the MAC value stored in the value storage unit in the data packet with the calculated MAC value (Op.31).

  If they match (Op. 31 YES), Op. Proceed to 20. Op. 20 to Op. 24 is the same as the transfer process in the node Nx. However, in the transfer process executed by the verification node Ntest, the communication unit 11 is replaced with the communication unit 21, the route generation unit 124 is replaced with the route generation unit 223, and the routing storage unit 131 is replaced with the routing storage unit 231.

  On the other hand, if they do not match (Op. 31 NO), the verification node Ntest ends the transfer process. That is, the data packet is not transferred. Then, as shown in FIG. At 15, the data packet is discarded.

  Through the above processing, the data packet received by the verification node Nx can verify the integrity of the data and the validity of the node that generated the data packet. Therefore, data packets whose data has been tampered with or data packets generated by an unauthorized node can be excluded from transfer targets.

  According to this embodiment, by introducing a verification node Ntest having higher processing capability than the node Nx into the ad hoc network system, the node Nx can reduce verification processing. In addition, in the routing table generation process by each node Nx, the evaluation value can be weighted so as to give priority to the transfer to the verification node Ntest. Therefore, since there is a high possibility that the data packet is transferred to the verification node Ntest, the data packet flowing in the ad hoc network is effectively verified by the verification node Ntest.

  Here, the sink node SN in the ad hoc network system transfers the payload data of the data packet to the server S when receiving the data packet. By performing the verification process prior to the transfer process to the server S by the sink node SN, it is possible to prevent the server S from transmitting data whose data integrity and the validity of the node that generated the data packet are not guaranteed. be able to.

  However, for example, when an unauthorized node transmits a large number of packets to the ad hoc network, a large verification load may be generated in the sink node SN. According to the present embodiment, even at the verification node Ntest, at least a part of a large number of packets is verified and discarded, so that the load caused by the verification processing at the sink node SN is reduced.

  As described above, the ad hoc network system disclosed in the present embodiment is effective in verifying a data packet in which data is not complete or a data packet generated by a node not sharing a MAC key by verification by a verification node. Can be discarded. Furthermore, a conventional method for discarding a packet due to a retransmission attack may be adopted in the ad hoc network system of the present example together with the present embodiment.

  The retransmission attack is performed as follows. For example, an unauthorized node illegally joins an ad hoc network and captures regular data packets flowing through the ad hoc network. An unauthorized node replicates a large number of captured packets. That is, data in the data packet is complete, and a large number of packets including a MAC value calculated with a properly shared MAC key are duplicated. Then, the unauthorized node causes the ad hoc network to be congested by flowing a large amount of replicated data packets to the ad hoc network.

  As one method of discarding a packet due to a replay attack on an ad hoc network system, for example, there is a method of updating a MAC key at regular intervals. Each node Na and verification node Ntest updates the MAC key according to a predetermined rule. In addition, by unifying predetermined rules in advance between regular nodes, the MAC keys updated individually at each node are the same. Therefore, the MAC value in the data packet copied by the unauthorized node is discarded by the MAC verification using the updated MAC key.

  FIG. 13 is a hardware configuration example of the node Nx. The node Nx includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a flash memory 103, an interface (I / F) 104, an encryption circuit 105, a sensor 106, and a bus 107. I have. The CPU 101 to the sensor 106 are connected by a bus 107, respectively.

  The CPU 101 governs overall control of the node Nx. The CPU 101 functions as the control unit 12, the acquisition unit 14, and the like by executing the program expanded in the RAM 102.

  The RAM 102 is used as a work area for the CPU 101. The flash memory 103 stores a program, various key information, and a routing table. The flash memory 103 is an example of the storage device 13. The program includes, for example, a program for executing each process shown in the flowchart. For example, a control program for causing the node Nx to execute the routing table generation process and the packet transfer process is stored in the flash memory 103.

  When the program stored in the flash memory 103 is expanded in the RAM 102 and executed by the CPU 101, the node Nx functions as various processing units illustrated in FIG. Further, the node Nx executes the processes of FIGS. 10 and 11.

  The I / F 104 transmits and receives packets by multi-hop communication. The I / F 104 is an example of the communication unit 11.

  The encryption circuit 105 is a circuit that encrypts data using an encryption key when encrypting the data. For example, when encrypting and transmitting a packet, the encryption circuit 105 functions. When encryption is executed by software, the encryption circuit 105 is unnecessary by storing a program corresponding to the encryption circuit 105 in the flash memory 103.

  The sensor 106 detects data unique to the sensor 106. For example, data suitable for the measurement target is detected, such as temperature, humidity, water level, precipitation, air volume, volume, power consumption, time, time, and acceleration. Note that when the CPU 101 functions as the acquisition unit 14, data is acquired from the sensor.

  FIG. 14 is a hardware configuration example of the verification node Ntest. The verification node Ntest includes a CPU (Central Processing Unit) 201, a RAM (Random Access Memory) 202, a flash memory 203, an interface (I / F) 204, and a bus 205. The CPU 201 to the I / F 204 are connected to each other via a bus 205. The verification node Ntest may further include an encryption circuit and a sensor.

  The CPU 201 governs overall control of the verification node Ntest. The CPU 201 functions as the control unit 22 and the like by executing a program expanded in the RAM 202.

  The RAM 202 is used as a work area for the CPU 201. The flash memory 203 stores a program, various key information, and a routing table. The flash memory 203 is an example of the storage device 23. The program includes, for example, a program for executing each process shown in the flowchart. For example, a control program for causing the verification node Ntest to execute a routing table generation process and a packet transfer process is stored in the flash memory 203.

  The verification node Ntest functions as various processing units illustrated in FIG. 9 by developing the program stored in the flash memory 203 in the RAM 202 and executing the program by the CPU 201. Further, the verification node Ntest executes the processes of FIGS. 10 and 12.

  The I / F 204 transmits and receives packets by multi-hop communication. The I / F 204 is an example of the communication unit 21.

  The verification node Ntest may be a general-purpose computer. In this case, the communication control program describing the routing table generation process and the packet transfer process shown in the flowchart is recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include an HDD, a flexible disk (FD), and a magnetic tape (MT).

  Examples of the optical disc include a DVD (Digital Versatile Disc), a DVD-RAM, a CD-ROM (Compact Disc-Read Only Memory), and a CD-R (Recordable) / RW (ReWriteable). Magneto-optical recording media include MO (Magneto-Optical disk). When the communication control program is distributed, for example, a portable recording medium such as a DVD or CD-ROM in which the program is recorded may be sold.

  In the computer that executes the communication control program, for example, the medium reading device reads the program from the recording medium on which the control program is recorded. Note that the CPU in the general-purpose computer stores the read program in the HDD, ROM, or RAM.

Nx node Ntest Verification node 11 Communication unit 12 Control unit 13 Storage unit 14 Acquisition unit 21 Communication unit 22 Control unit 23 Storage unit

FIG. 1 is an explanatory diagram for comparing an ad hoc network system according to the present embodiment with a conventional ad hoc network system. FIG. 2 is a diagram illustrating a data configuration example of the management packet. FIG. 3 is a diagram illustrating a data configuration example of a data packet. FIG. 4 is a functional block diagram of the node Nx. FIG. 5 is a diagram for comparing a data configuration example of a conventional routing table with a data configuration example of a routing table according to the present embodiment. FIG. 6 is a diagram for explaining a route through which a time packet arrives from the sink node SN to the node Nb. FIG. 7 is a diagram for explaining exchange of hello packets between nodes. FIG. 8 shows an example of data stored in the key information storage unit 132. FIG. 9 is a functional block diagram of the verification node Ntest. FIG. 10 is a flowchart of the routing table generation process. FIG. 11 is a flowchart of the transfer process in the node Nx. FIG. 12 is a flowchart of the transfer process in the verification node Ntest. FIG. 13 is a hardware configuration example of the node Nx. FIG. 14 is a hardware configuration example of the verification node Ntest.

The verification node Ntest is a device having a higher processing capacity than the node Nx. The verification node Ntest is a device capable of multihop communication with the node Nx. In the present embodiment, the node Nx can perform multi-hop communication with the verification node Ntest in addition to the other node Nx or the sink node SN. Note that the other node Nx, the sink node SN, and the verification node Ntest need to exist within a communicable area.

For example, when a packet is transmitted from the node Nc toward the sink node SN, the packet passes through the node Nb, the verification node Ntest, and the node Na. Further, in the process of transmitting the packet to the sink node SN, the verification node Ntest included in the path verifies the integrity of the data in the packet and the validity of the packet transmission source. For example, the verification node Ntest performs verification using the MAC value.

Nodes Nb and Na do not have to perform MAC verification. However, if there is a margin in processing capacity, the other nodes Nb and Na may also perform MAC verification. In the following description, it is assumed that verification using the MAC value is performed only by the verification node Ntest, and that the node Nx does not perform MAC verification.

Next, a packet flowing through the ad hoc network will be described. A packet flowing through an ad hoc network includes a plurality of types of packets. For example, there are a management packet and a data packet. The management packet is a broadcasted packet for sharing information necessary for each node Nx or verification node Ntest to communicate with another node Nx or sink node SN . For example, each node Nx is and hello packet for distributing the session key to the periphery of the node Nx, time packet for sink node SN to distribute the time information in each node Nx is included in the management packet.

FIG. 2 is a diagram illustrating a data configuration example of the management packet. The management packet shown in FIG. 2 is exchanged between the broadcast device and other devices existing in the communicable range by broadcasting each of the sink node SN , each node Nx, and the verification node Ntest. .

The acquisition unit 14 is a processing unit that acquires data. For example, the acquisition unit 14 acquires data such as power consumption and temperature from a sensor that can communicate with the node Nx. The acquired data is transmitted as payload data of a data packet to another node Nx, verification node Ntest, or sink node SN .

Here, as shown in FIG. 5B, the conventional routing table cannot manage the node type. Therefore, the evaluation value is calculated without considering the node type. Therefore, according to the conventional method, the higher the communication strength and the smaller the number of hops, the higher the evaluation value. For example, the evaluation value shown in FIG. 5B is calculated. Therefore, when the global transmission destination address is the address of the sink node SN, the node Nb determines the node Na having the highest evaluation value as the local transmission destination.

On the other hand, according to the present embodiment, the verification node Ntest is added to the ad hoc network, and the node type is further added in the calculation of the evaluation value. Therefore, the evaluation value corresponding to the verification node Ntest is weighted as compared with the evaluation values of the other nodes Nx. For example, when the node type is “3”, the route generation unit 124 in the node Nx adopts “2” as the evaluation coefficient, thereby doubling the evaluation value compared to the case of the node Nx. can do.

Therefore, in this embodiment, when the global destination address is the address of the sink node SN, the node Nb determines the verification node Ntest having the highest evaluation value as the local destination. Therefore, the data packet that needs to be verified can be transferred to the verification node Ntest.

In addition, when the node Nx other than the node Nb can communicate with the verification node Ntest , the evaluation value with the verification node Ntest as the local transmission destination is weighted, so that the data packet is sent to the verification node Ntest. The possibility of being transferred increases. As a result, in the entire ad hoc network system, there is a high possibility that packets will be transferred via the verification node Ntest, and illegal packets are effectively discarded from the ad hoc network.

It is assumed that the nodes Nx that can communicate with the sink node SN are the node Na and the node Nd. Further, it is assumed that the node Na can communicate with the verification node Ntest and the node Nb. It is assumed that the node Nb can communicate with the node Na, the node Nc, the node Nf, and the verification node Ntest. It is assumed that the node Nd can communicate with the sink node SN, the node Ne, and the node Nf. It is assumed that the node Nf can communicate with the node Nb, the node Nd, the node Ng, the node Nh, and the verification node Ntest. It is assumed that the verification node Ntest can communicate with the node Na, the node Nb, and the node Nf.

For example, when the power is turned on, the sink node SN broadcasts a time packet (1001). If the nodes that can communicate with the sink node SN are Na and Nd, the time packet broadcast in 1001 is received by Na and Nd . Here, the node Na and the node Nd recognize that the received packet is a packet addressed to its own node because the address set as the destination address is a special address.

Next, the node Nb adds a new record to the routing table (1003). Specifically, the node Nb sets the global transmission source address “address of the sink node SN” of the time packet to the global transmission destination address in the routing table . The node Nb sets the local transmission source address “node Na address” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “2” of the time packet as the number of hops in the routing table. Note that the node Nb further transfers the received time packet in the same manner as other nodes.

On the other hand, there is a path 2 through which the time packet reaches the node Nb from the sink node SN via the node Na and further the verification node Ntest. In the path 2, the time packets broadcast in 1001, 1002, and 1004 in FIG. 6 are received by the node Nb.

The node Nb that has received the time packet transferred through the route 2 adds a new record to the routing table (1005). Specifically, the node Nb is the global destination address definitive in the routing table, it sets the global source address of the time packet "address of the sync node SN". The node Nb sets the local transmission source address “address of the node Ntest” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “3” of the time packet as the number of hops in the routing table.

Further, there is a path 3 from the sink node SN to the node Nb via the nodes Nd and Nf. In the path 3, the time packets broadcast in 1001, 1006, and 1007 in FIG. 6 are received by the node Nb.

The node Nb that has received the time packet transferred through the path 3 adds a new record to the routing table (1008). Specifically, the node Nb is the global destination address definitive in the routing table, it sets the global source address of the time packet "address of the sync node SN". The node Nb sets the local transmission source address “address of the node Nf” of the time packet as the local transmission destination address in the routing table. The node Nb sets the additional information “3” of the time packet as the number of hops in the routing table.

Although not shown in FIG. 6, there is a time packet that reaches the node Nb from the sink node SN via the node Na, the verification node Ntest, and the node Nf. In this case, “the address of the sink node SN” is set as the global destination address of the routing table, “the address of the node Nf” is set as the local destination address, and “4” is set as the number of hops. However, when a record having the same combination of the global transmission address and the local transmission destination address already exists in the routing table, only the record having a smaller hop count may be adopted and the other may be discarded.

Further, the MAC key or the encryption key, or both keys may be different for each node. For example, the node Nx corresponding to the global transmission source address may calculate the MAC value using a different MAC key for each node. Then, the calculated MAC value is set in the value storage unit of the data packet.

In the following, the routing table generation process when the node Nx is the main body will be described, but the same process is executed also in the verification node Ntest. However, when the subject is the verification node Ntest, in the following description, the communication unit 11 is replaced with the communication unit 21, the route generation unit 124 is replaced with the route generation unit 223, and the routing storage unit 131 is replaced with the routing table storage unit 231. .

The communication unit 11 receives the packet (Op. 1). Then, the route generation unit 124 determines whether the packet type set in the received packet is “0” (Op. 2). When the packet type is “0” (Op. 2 YES), the received packet is a time packet.

Next, the communication unit 11 transfers the time packet (Op. 9). Specifically, after the local source address and the number of hops of the time packet are updated by the route generation unit 124 , the communication unit 11 broadcasts the time packet. Then, the series of processing ends, but when a new packet is received, the node Nx repeats the series of processing.

On the other hand, when the packet type is not “0” (Op.2 NO ), the route generation unit 124 identifies a record in which the local transmission source address set in the packet is the local transmission destination address in the routing table. Then, the route generation unit 124 updates the communication strength of the identified record (Op. 10).

Through the above processing, each node Nx can generate and update the routing table. Also, by receiving a packet including the node type, each node Nx can grasp whether or not the verification node N test is included in a node that can communicate with each node Nx. Each node Nx can weight the evaluation value for the verification node Ntest in the routing table so that the data packet is preferentially transferred to the verification node Ntest.

If they match (Op. 31 YES), Op. Proceed to 20. Op. 20 to Op. 24 is the same as the transfer process in the node Nx. However, in the transfer process executed by the verification node Ntest, the communication unit 11 is replaced with the communication unit 21, the route generation unit 124 is replaced with the route generation unit 223, and the routing storage unit 131 is replaced with the routing table storage unit 231.

Through the above processing, the data packet received by the verification node N test can verify the integrity of the data and the validity of the node that generated the data packet. Therefore, data packets whose data has been tampered with or data packets generated by an unauthorized node can be excluded from transfer targets.

According to the present embodiment, by introducing the verification node Ntest having higher processing capability than the node Nx into the ad hoc network system, the node Nx can reduce verification processing. In addition, in the routing table generation process by each node Nx, the evaluation value can be weighted so as to give priority to the transfer to the verification node Ntest. Therefore, since there is a high possibility that the data packet is transferred to the verification node Ntest, the data packet flowing in the ad hoc network is effectively verified by the verification node Ntest.

As one method of discarding a packet due to a replay attack on an ad hoc network system, for example, there is a method of updating a MAC key at regular intervals. Each node N x and the verification node N test each update the MAC key according to a predetermined rule. In addition, by unifying predetermined rules in advance between regular nodes, the MAC keys updated individually at each node are the same. Therefore, since the MAC value in the data packet copied by the illegal node is different from the updated MAC key , the data packet is discarded by the MAC verification using the updated MAC key .

The sensor 106 detects data unique to the sensor 106. For example, data suitable for the measurement target is detected, such as temperature, humidity, water level, precipitation, air volume, volume, power consumption, time, time, and acceleration. Note that, when the CPU 101 functions as the acquisition unit 14, data is acquired from the sensor 106 .

Claims (13)

A network system including a plurality of nodes and a verification node having a higher processing capability than the plurality of nodes while a transmission route of the second packet is constructed by exchanging the first packet between the plurality of nodes Because
The verification node is
A communication unit that transmits, to at least some of the plurality of nodes, a third packet including an identifier indicating that the node is a verification node;
When the second packet is received from any of the plurality of nodes by the communication unit, a verification unit that verifies the validity of the second packet,
Each of the plurality of nodes is
A communication unit that receives the first packet from another node of the plurality of nodes and receives the third packet from the verification node;
And a control unit that determines a transmission destination of the second packet from the verification node and the other nodes based on the first packet and the third packet. . The control unit included in each of the plurality of nodes includes:
Based on the first packet, the third packet, and the identifier, an evaluation value indicating the likelihood of transmitting the second packet to each of the other nodes and the verification node, Calculate
The network system according to claim 1, wherein the transmission destination is determined based on the magnitude of the evaluation value. The control unit included in each of the plurality of nodes includes:
The network system according to claim 2, wherein the evaluation value for the verification node is weighted more than the evaluation value for the other node based on the identifier. The second packet includes a first value having a specific logical relationship with respect to at least a part of data included in the second packet;
The verification unit included in the verification node includes:
When the second packet is received, a second value having a specific logical relationship is calculated for at least a part of the data included in the second packet, and the first value and the first value are calculated. The network system according to any one of claims 1 to 3, wherein the second value is compared. The communication unit included in the verification node includes:
When the verification unit determines that the first value and the second value match, the second packet is transmitted to any one of the plurality of nodes, and
The network system according to claim 4, wherein when the verification unit determines that the first value and the second value do not match, the second packet is discarded. A verification node capable of communicating with at least a part of a plurality of nodes constituting the network system,
A communication unit that transmits a first packet including an identifier indicating that the device is a verification node to a communicable node, and receives a second packet from the communicable node;
A verification node that verifies the validity of the second packet and has a verification unit that controls transmission of the second packet to another communicable node based on the verification result; The second packet includes a first value having a specific logical relationship with respect to at least a part of data included in the second packet;
The verification unit
When the second packet is received, a second value having a specific logical relationship is calculated for at least a part of the data included in the second packet, and the first value and the first value are calculated. The verification node according to claim 6, wherein the verification node compares the second value. The communication unit is
When the verification unit determines that the first value matches the second value, the second packet is transmitted to the other communicable node,
The verification node according to claim 7, wherein the second packet is discarded when the verification unit determines that the first value and the second value do not match. One of a plurality of nodes constituting a network system, a node communicating with a verification node that verifies a first packet transmitted / received between the plurality of nodes,
A communication unit that receives a second packet from another node included in the network system and receives a third packet including an identifier indicating that the node is a verification node from the verification node;
And a control unit that determines a transmission destination of the first packet among the verification node and the other nodes based on the second packet and the third packet. The controller is
Based on the second packet, the third packet, and the identifier, an evaluation value indicating the likelihood of transmitting the first packet to each of the other nodes and the verification node, Calculate
The node according to claim 9, wherein the destination is determined based on the magnitude of the evaluation value. The controller is
The node according to claim 10, wherein the evaluation value for the verification node is weighted more than the evaluation value for the other node based on the identifier. A verification node capable of communicating with at least a part of the plurality of nodes constituting the network system,
A first packet including an identifier indicating that the device is a verification node is transmitted to a communicable node;
Receiving a second packet from the communicable node;
Verify the validity of the second packet;
A communication method, comprising: executing processing for controlling transmission of the second packet to another communicable node based on the verified result. A node that communicates with a verification node that is one of a plurality of nodes constituting a network system and that verifies a first packet transmitted and received between the plurality of nodes.
Receiving a second packet from another node included in the network system;
Receiving from the verification node a third packet including an identifier indicating that it is a verification node;
A communication method, comprising: performing a process of determining a transmission destination of the first packet among the verification node and the other nodes based on the second packet and the third packet.