JPWO2013175539A1 - Network system, node, and communication method. - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform packet verification using the same code information in each node without sharing logical information in advance between all nodes. A first encryption processing unit that encrypts second logical information using first logical information shared between the first node and the second node, and an encrypted second A first node having a first transmission unit that transmits a packet including logical information, data, code information that depends on the data content and the second logical information, and a reception unit that receives the packet The second logical information is decoded by the first logical information, the third logical information shared by the second node and the third node, and the second logical information A second node having a second encryption processing unit for encrypting, a second transmission unit for transmitting the encrypted second logical information, data, and code information to the third node; Including network system.

Description

  The technology disclosed in this specification relates to a technology for transmitting and receiving packets between nodes in an ad hoc network system.

  An ad hoc network is a type of self-configuring network that is linked by wireless communication. An ad hoc network is composed of a plurality of devices having a communication function. A device having a communication function in an ad hoc network is called a node. Each node in the ad hoc network transmits and receives packets by multi-hop communication. Multi-hop communication is a technology that enables communication even between nodes that are not within the communication range of each other, via another node that is within the communication range of each node. A route through which a packet is subjected to multi-hop communication is referred to as a transfer route. The transfer path is formed by a plurality of nodes.

  For example, as a system using an ad hoc network, there is a meter-reading system that collects power consumption of each home via the ad hoc network by incorporating a node capable of wireless communication into the power meter of each home. In the meter-reading system, a packet including the power consumption amount of each home detected by each power meter is transferred from each node provided in each home power meter to the system of the power company. As described above, the packet transferred by the meter-reading system includes personal information related to the power usage of each household.

  As a security measure in an ad hoc network, there is a technique for concealing the content of a packet by encrypting at least a part of the packet, even when the packet is exploited by a third party through a transfer path. Furthermore, when a packet is transmitted to a certain node, there is a technique for using a message authenticator (MAC) to verify whether the packet is falsified or a sender is impersonated. A technique for performing packet verification using encryption and MAC is disclosed in Patent Document 1, for example.

  On the other hand, in order to further enhance security, the encryption key for encryption at each node is not shared by all nodes, but shared between a node and other nodes that are within a range that can communicate with the node. There is a technique for encrypting data using an access key. A technique for performing ad hoc communication using an access key is disclosed in Patent Document 2, for example.

International Publication No. 2011-121713 International Publication No. 2009-130917

  Hereinafter, verifying packet alteration and sender impersonation is referred to as verifying a packet. As described above, as a typical method for verifying a packet, there is MAC verification.

  First, packet verification using MAC will be described by taking an ad hoc network as an example. A common key encryption technique is adopted for the MAC. Packets can be verified by sharing the MAC key for MAC calculation between the sender and the receiver in a secret state.

  Specifically, first, the transmission side calculates a tag depending on the data to be transmitted and the MAC key. The tag is a fixed-length bit string, for example, 128 bits.

  FIG. 1 is a diagram illustrating an example of MAC calculation using CMAC. CMAC is one of MAC calculation algorithms. When a tag is calculated using an algorithm called CMAC, plain text data is divided into a predetermined bit length. Each divided data is referred to as a block.

  Of the plurality of blocks, the first block 1 is block-encrypted with the MAC key. Next, XOR calculation is performed on the encrypted block 1 and the next block. The result of the XOR calculation is further block encrypted. The processor performs such processing in a chain. The last block 4 is subjected to XOR calculation using a constant derived from the MAC key, and is further block-encrypted.

  With the above processing, a fixed-length tag is obtained. The tag depends on the MAC key and the data content. In an ad hoc network, a tag calculated by a transmission side node is set in a packet and transmitted to another node.

  The node that receives the packet performs packet verification. Specifically, first, the receiving node also calculates a tag depending on the data and the MAC key by the same processing as described above.

  Next, the tag set in the packet is compared with the calculated tag. If they match, the receiving node can determine that the received packet is a legitimate packet that does not falsify data or impersonate the sender. In other words, it is proved that the MAC key and MAC calculation target data used on the transmission side are the same as the MAC key and MAC calculation target data used on the reception side.

  On the other hand, if they do not match, the receiving-side node can determine that the received packet is an illegal packet that may be tampered with data or spoofed by the sender.

  As described above, in order to calculate a tag, a processing load comparable to that of the common key encryption process is required. Here, the MAC has been described as an example. However, in other techniques for verifying a packet, a processing load is generated in order to calculate code information for verifying the packet. Other techniques include convolution error correction codes.

  The code information is information uniquely determined according to the logical information and the data contents. The tag described above is a kind of code information. The logical information is information that defines the logic adopted in a certain algorithm. Note that the logical information needs to be secret from a third party in order to establish secure communication. For example, the MAC key is a kind of logical information. An encryption key used in an encryption algorithm for encrypting data is also a kind of logical information.

  Here, in the above-described conventional technology, a common MAC key is used in a plurality of nodes constituting the ad hoc network. By using a common MAC key for each node, the following advantages can be considered.

  Consider a case where a packet is transferred a plurality of times with nodes A, B, C, and D, which are the starting points of the transfer path. If all the nodes have the same MAC key, the tag calculated by the node A matches the tag calculated by another node unless the packet is falsified or spoofed.

  That is, if the same logical information is shared by all nodes, the code information set in the packet does not need to be updated. Any node can appropriately verify the packet by using the code information calculated with the common logical information and the code information set first in the packet.

  However, from the viewpoint of security, it is not preferable to use logical information common to all nodes for packet verification. The reason is that the extent of damage when the logical information is leaked to a third party is large, and the possibility that a malicious third party can obtain the logical information is increased.

  Therefore, it is conceivable to change the access key disclosed in the prior art so as not to use logical information common to all nodes by adopting it as logical information for packet verification. That is, the logical relationship defined in the access key is used as logical information for calculating code information.

  FIG. 2 is a diagram for explaining packet verification in a case where logical information is shared by some nodes among all nodes in ad hoc communication.

  In FIG. 2, a transfer path including node A, node B, node C, and node D is shown. For example, assume that node A and node B share logical information X, node B and node C share logical information Y, and node C and node D share logical information Z. Note that different logical relationships are defined in the logical information XYZ. The logical information for calculating the code information may be recorded in advance in the storage area of each node, or distributed periodically by each node in the same manner as the access key shown in the prior art. Form may be sufficient.

  First, when transmitting a packet including data to the node B, the node A calculates code information X for verifying the packet by using the logical information X shared with the node B. Then, the packet including the data and the code information X is transmitted to the node B.

  Next, Node B verifies the packet. The code information is calculated using the logical information X shared with the node A which is the packet transmission source, and is compared with the code information X included in the packet. If the packet is valid, the node B transmits the packet to the node C, but the node B calculates the code information Y using the logical information Y shared with the node C. Then, a packet including data and code information Y is transmitted to node C.

  Similarly, a packet including data and code information Z is transmitted from node C to node D. The code information Z is information calculated from the logical information Z shared by the nodes C and D. In this way, each node performs processing of packet verification and calculation of code information corresponding to the next transmission destination. By adopting the technique shown in FIG. 2, it is possible to verify a packet in the transfer path, and it is not necessary to share common logical information among all nodes.

  However, as described above, each node is forced to perform a process of calculating code information according to the next transmission destination in addition to the packet verification process. This is because the logical information for packet verification is not the same in the transfer path, and the code information depending on each logical information is not common. In other words, since all the nodes cannot use the same code information in packet verification, each node must newly calculate code information corresponding to the next transmission destination.

  For example, in FIG. 2, the node A transmits a packet in which the code information X depending on the logical information X is set to the node B. Here, it is assumed that the node B transmits the packet in which the code information X is set to the node C as it is. When the node C verifies the packet using the logical information Y shared with the node B, the code information calculated from the code information X in the packet and the logical information Y even if the packet is not falsified or spoofed. Does not match. Therefore, the node C determines that the received packet is an illegal packet. In order to avoid such a situation, a process for calculating code information with logical information corresponding to a transmission destination is required in all nodes.

  Therefore, by employing partially shared logical information, security is improved, but the same code information cannot be used. This imposes a process for newly calculating code information on all nodes in addition to the packet verification process, and causes a processing load on each node. Further, the process of newly calculating the code information is not preferable from the viewpoint that the processing load is high as described above.

  Accordingly, an object of the present invention is to enable each node to perform packet verification using the same code information without sharing logical information in advance between all nodes.

  According to an aspect of the present invention, in a network system including a first node, a second node, and a third node, the first node includes the first node and the second node. First encryption processing for encrypting second logical information in which a second logic used for verifying data is encrypted using first logical information in which the shared first logic is defined A packet including a second portion, the second logical information encrypted with the first logical information, the data, the content of the data, and code information depending on the second logical information, A first transmission unit that transmits to a second node, wherein the second node decodes the second logical information with the first logical information, and a reception unit that receives the packet The decryption processor, the second node, and the third node The second logic processing unit encrypts the second logic information with the third logic information in which the third logic is defined, and the second logic information encrypted with the third logic information A second transmission unit configured to transmit logical information, data included in the received packet, and the code information to the third node;

  According to an aspect of the present invention, a plurality of nodes forming a transfer path can verify a packet using the same code information without sharing logical information in advance with all nodes.

FIG. 1 is a diagram illustrating an example of MAC calculation using CMAC. FIG. 2 is a diagram for explaining packet verification in a case where logical information is shared by some of all nodes in ad hoc communication. FIG. 3 is an explanatory diagram of an example of the network system according to the embodiment. FIG. 4 is a functional block diagram of the node. FIG. 5 is a diagram illustrating a data configuration example of a packet. FIG. 6 is a diagram illustrating a data configuration of the routing table. FIG. 7 is a diagram illustrating a data configuration example of the management table. FIG. 8 is a functional block diagram of the node 10. FIG. 9 is a flowchart of packet transmission processing by the node 11. FIG. 10 is a flowchart of packet verification and packet transfer processing by the node 12. FIG. 11 is a first diagram for explaining one effect of the technique disclosed in the present embodiment. FIG. 12 is a second diagram for explaining one effect of the technique disclosed in this embodiment. FIG. 13 is a hardware configuration example of a node.

  Exemplary embodiments of a communication device, a communication method, and a system according to the present invention will be described below in detail with reference to the accompanying drawings.

Example 1
FIG. 3 is an explanatory diagram of an example of the network system according to the embodiment. The network system includes a plurality of nodes N, a sink node SN, and a server S. First, the network system according to the present embodiment and packet transmission in the network system will be described with reference to FIG. The network system according to the present embodiment is an ad hoc network system.

  The server S and the sink node SN are connected via a normal network 200 such as the Internet, a LAN, and a WAN. The sink node SN and the nodes Na to Nh are connected via the ad hoc network 100.

  In the ad hoc network 100, a plurality of nodes N are provided. In FIG. 3, nodes Na to Nh are shown as representatives.

  The sink node SN is a relay device that connects the ad hoc network 100 and the normal network 200. The sink node SN can transmit and receive both the protocol format information of the ad hoc network 100 and the protocol format information of the normal network 200.

  Further, the sink node SN performs communication by converting information between the ad hoc network 100 and the normal network 200 by protocol conversion. For example, a packet transmitted from any of the nodes N in the ad hoc network 100 to the server S is subjected to protocol conversion at the sink node SN. Thereafter, the sink node SN transmits the packet to the normal network 200, so that the packet reaches the server S.

  Data transmitted from the server S or the sink node SN to each node N is protocol-converted by the sink node SN, and is transmitted as a packet from the sink node SN to each node N in the ad hoc network 100.

  The sink node SN grasps whether or not communication between the nodes N is possible by using a routing table. Then, the sink node SN autonomously generates a packet transmission route based on the information in the routing table.

  Further, each node N may generate a routing table individually. Each node N exchanges information regarding communication status with surrounding nodes N. And each node N produces | generates a routing table based on the information regarding a communication condition. For example, even when the node Nf and the node Ng become unable to communicate, a new transmission route can be set. For example, the node Ng can construct a new route via the node Ne. In the present embodiment, the following description will be made assuming that each node generates a routing table.

  Each node is a device that can perform multi-hop communication with other nodes that can communicate within a predetermined communication range. In the ad hoc network 100, it is not necessary that all the nodes Na to Nh can directly communicate with the sink node SN, and each node Na to Nh communicates with the sink node SN by passing through other nodes.

  Therefore, in the ad hoc network 100, it is only necessary that some nodes can communicate with the sink node SN. In FIG. 3, nodes that can directly communicate with the sink node SN are nodes Na and Nd.

  In the example of FIG. 3, one sync node SN is provided in the ad hoc network 100, but a plurality of sink nodes SN may be provided in one ad hoc network 100. In FIG. 3, there is one ad hoc network 100, but there may be a plurality of ad hoc networks. When a plurality of ad hoc networks are included, each of the plurality of ad hoc networks includes at least one sink node SN, and the server S is connected to the sink node SN via the normal network. With this configuration, data transmission / reception between the server S and all the nodes N becomes possible.

  The ad hoc network system according to the present embodiment is applied to a system that collects the amount of power used in each household, for example. In the case of such a system, each node N is installed in a power meter in each home for detecting the amount of power used in each home. By transmitting the power usage detected by each node N to the server S via the sink node SN, the server S can collect the power usage of each household.

  Specifically, for example, it is assumed that the node N is incorporated in each household power meter. Each node N transmits the power and usage of each household to the server S via the ad hoc network 100.

  In addition, each node may measure the amount of electric power used in each household, and each node may acquire it from an electric power meter. Each node stores the detected power usage amount in its own storage area. The sink node SN transmits the power and usage of each home received from each node in the ad hoc network 100 to the server S of the power company via the normal network 200. Thereby, the amount of electric power used can be collected without a worker going to the site.

  In addition to collecting power usage, this network system can also be used for surveying the environment, for example, by providing each node with a sensor function that detects temperature, humidity, light quantity, etc. .

  In FIG. 3, it is assumed that four transfer paths R1 to R4 are set by the nodes Na to Nh constituting the ad hoc network 100. Specifically, the transfer route R1 is a route including the node Nc, the node Nb, the node Na, and the sink node SN. The transfer route R2 is a route including the node Ne, the node Nd, and the sink node SN. The transfer route R3 is a route including the node Ng, the node Nf, the node Nd, and the sink node SN. The transfer route R4 is a route including the node Nh, the node Nf, the node Nd, and the sink node SN. Note that the node Na and the node Nd are nodes that directly communicate with the sink node SN.

  A node close to the sink node SN is called an upstream node. Depending on the scale of the ad hoc network 100, the node Nb and the node Ne are also upstream nodes. When data is transmitted from each of the nodes Na to Nh to the server S, each of the nodes Na to Nh transmits the detected data to the sink node SN according to the routed transfer paths R1 to R4.

  FIG. 4 is a functional block diagram of the node. In addition, when a node becomes a transmission node which transmits a packet, it functions as the node 11 in FIG. On the other hand, when the node becomes a relay node for transferring a packet, it functions as the node 12 in FIG. For example, in the transfer route R1 in FIG. 3, when a packet is transferred from the node Nc to the sink node SN, the node Nc becomes the transmission node. Nodes Na and Nb become relay nodes.

  The node 11 includes an acquisition unit 111, a packet generation unit 112, a logical information generation unit 113, a calculation unit 114, an encryption processing unit 115, a communication unit 116, and a storage unit 117.

  The acquisition unit 111 is a processing unit that acquires a detection value from the sensor. For example, the acquisition unit 111 acquires detection values such as power consumption and temperature from a sensor that can communicate with the node 11. The acquired detection value is transmitted to another node or sink node as part of the packet.

  The packet generation unit 112 is a processing unit that generates a packet. For example, the packet generator 112 generates header information and a packet including the detection value and header information.

  The packet generation unit 112 in FIG. 4 generates the packet shown in FIG.

  FIG. 5 is a diagram illustrating a data configuration example of a packet.

  A first header part 21, a second header part 22, a payload data part 23, a code information storage part 24, and a logical information storage part 25 are allocated to the packet 20, respectively. In the first header portion 21, first header information is described. The first header information includes a local transmission source address and a local transmission destination address.

  The local transmission source address is information regarding the address of the device that transmits the packet 20. The local transmission destination address is information regarding the address of the device that is the destination of the packet 20. In this embodiment, the local transmission source address and the local transmission destination address are the addresses of the node and the sink node.

  In the second header portion 22, second header information is described. The second header information includes a global transmission source address and a global transmission destination address. The header information is information including first header information and second header information. The global transmission source address is information related to the address of the device that generated the payload data described in the payload data section 23.

  The global transmission destination address is information related to the address of the device that finally receives the payload data described in the payload data section 23. In this embodiment, the global transmission source address and the global transmission destination address are addresses of nodes and sink nodes.

  In the payload data portion 23, payload data is described. For example, the detection value acquired at each node is described. In the meter reading system, the payload data includes information on the power consumption of each household. Note that the payload data stored in the payload data unit 23 may be encrypted payload data.

  In the code information storage unit 24, code information for verifying the packet 20 is described. Code information is information uniquely determined according to logical information and data contents. For example, a tag calculated by the MAC algorithm is a kind of code information. The logical information is information that defines the logic adopted in a certain algorithm.

  Here, in this embodiment, it is assumed that the code information is calculated for data including the second header information and payload data. Note that code information may be calculated for payload data. However, the first header information is excluded from the code information calculation target.

  The logical information storage unit 25 describes encrypted logical information for verification. The verification logical information is information that defines the logic used during packet verification among the logical information. For example, a MAC key generated by a later-described logical information generation unit is an example of verification logical information. The verification logical information is encrypted according to the local transmission destination address by an encryption processing unit 115 described later.

  The verification logical information is information corresponding to a key used in a data verification algorithm, and is, for example, a MAC key. On the other hand, logical information used for encryption by an encryption processing unit 115 described later is referred to as encryption logical information. The logical information for encryption is information corresponding to a key used in the encryption algorithm.

  The packet generator 112 sets the global destination address and the global source address in the second header part. The packet generator 112 sets the encrypted payload data in the payload data part. Then, the packet generation unit 112 stores the code information in the code information storage unit. Further, the packet generation unit 112 refers to the routing table and determines a local transmission destination address. Then, the local transmission destination address and the local transmission source address are set in the first header part. Further, the packet generation unit 112 stores the logical information for verification encrypted according to the local transmission destination address in the logical information storage unit.

  The logical information generation unit 113 in FIG. 4 generates verification logical information. For example, the logical information generation unit 113 generates a random number as logical information for verification. The logical information generation unit 113 may be configured by a random number generator.

  The calculation unit 114 calculates code information using logical information for verification. For example, the calculation unit 114 performs a MAC calculation process on the second header information and payload data. A tag which is code information is acquired by MAC calculation. The calculation target of the code information may be encrypted payload data. For example, the calculation unit 114 acquires payload data encrypted by an encryption processing unit 115 described later, and calculates code information for the encrypted payload and second header information.

  The encryption processing unit 115 is a processing unit that encrypts the verification logical information. When encrypting the verification logical information, the logical information for encryption shared by the local transmission destination node and the own node is used. For example, the encryption processing unit 115 uses an access key distributed from a local transmission destination as logical information for encryption.

  In addition, the encryption processing unit 115 encrypts the payload data in order to keep the packet secret from a third party. When the payload data is encrypted, logical information for encryption shared by the node or sink node of the global transmission destination and the own node is used. For example, the encryption processing unit 115 uses a server key distributed in advance.

  The communication unit 116 is a processing unit that communicates with other nodes. For example, the packet generated by the packet generation unit 112 is transmitted to the local transmission destination address. The communication unit 116 functions as a reception unit and a transmission unit in the transmission node.

  The storage unit 117 stores various types of information. For example, the storage unit 117 stores a management table for managing a routing table and encryption logical information.

  FIG. 6 is a data configuration example of the routing table. The routing table 1171 stores a global transmission destination address, a local transmission destination address, and an evaluation value in association with each other.

  Note that a conventional method is employed as a method of creating the routing table. Further, the nodes 11 and 12 have a means for creating a routing table. Then, the means creates a routing table 1171 and stores it in the storage unit 117. Note that the routing table is periodically updated.

  In the item “global destination address”, an address of a node that is a global destination of the packet is described. In the item “local transmission destination address”, addresses of other nodes that can communicate with the own node are described in each record. The item “evaluation value” stores an evaluation value calculated according to the communication status between each local transmission destination and the own node. For example, a larger value is set as the communication strength is higher.

  In other words, the packet generation unit 112 refers to the routing table at the time of packet transmission using the global destination address that is the global destination of the packet as a key. Then, the packet generation unit 112 acquires a local transmission destination address having the largest evaluation value among local transmission destination addresses corresponding to the global transmission destination address. Then, the packet generation unit 112 sets the acquired local transmission destination address in the first header part.

  FIG. 6 shows a routing table of the node Nc. For example, when the node Nc sends a packet to the sink node SN, the “Nb address” having the largest evaluation value is acquired as the local transmission destination address.

  7A and 7B are data configuration examples of the management table. FIG. 7A shows a first management table 1172 for managing logical information when encrypting logical information for verification. FIG. 7B is a second management table 1173 for managing logical information when data such as payload data is encrypted.

  The first management table 1172 stores the local sharing destination address and the logical information for encryption in association with each other. The item “local sharing destination address” stores the address of the node sharing the logical information. The item “logical information for encryption” stores logical information shared between the local sharing destination and the own node. For example, for each local sharing destination, an access key shared with the local sharing destination is stored. That is, the logical information for encrypting the verification logical information is logical information shared among communicable nodes among all nodes.

  FIG. 7A is a first management table of the node Nc, for example. When the packet generation unit 112 determines that the local destination address is “Nb address”, the encryption processing unit 115 encrypts the verification logical information using the “Nb access key”.

  The second management table 1173 stores a global sharing destination address and logical information for encryption in association with each other. The item “global sharing destination address” stores the address of the node or sink node that shares the logical information. The item “logical information for encryption” stores logical information shared between the global sharing destination and the own node. For example, for each global sharing destination, a server key shared with the global sharing destination is stored.

  FIG. 7B is a second management table of the node Nc, for example. When the packet generation unit 112 sets “SN address” as the global transmission destination address, the encryption processing unit 115 encrypts the payload data using the “server key”.

  Next, the node 12 that functions as a relay node will be described. The node 12 includes a communication unit 121, a decryption processing unit 122, a verification unit 123, a packet generation unit 124, an encryption processing unit 125, and a storage unit 126.

  The communication unit 121 is a processing unit that communicates with other nodes. For example, a packet is received from the node 11. Furthermore, the packet is transferred to other nodes and sink nodes. The communication unit 121 functions as a reception unit and a transmission unit in the relay node.

  The decryption processing unit 122 decrypts the logical information stored in the logical information storage unit of the received packet. Note that the decryption processing unit 122 performs decryption using logical information for encryption shared between the local transmission source of the packet and the own node. In addition, when the own node corresponds to the global transmission destination address, the decoding processing unit 122 obtains payload data by decoding the payload data.

  The verification unit 123 verifies the packet using the logical information for verification. For example, the verification unit 123 performs MAC verification of the packet using the MAC key. Each time a packet is received, the packet is verified. Further, the packet may be verified when the processing load of the own node is equal to or less than a predetermined value. As a result of the packet verification, when it is determined that the packet is a valid packet, the packet is transferred to another node. On the other hand, when it is determined that the packet is an illegal packet, the packet is discarded.

  The packet generation unit 124 generates a packet to be transferred to another node when the received packet is a valid packet. That is, the packet generation unit 124 rewrites the first header information. Further, the packet generation unit 124 sets the verification logical information re-encrypted by the later-described encryption processing unit 125 in the logical information storage unit.

  The encryption processing unit 125 is a processing unit that encrypts the verification logical information according to the local transmission destination in the rewritten first header information. Similar to the storage unit 125, the storage unit 126 stores a routing table and a management table. That is, the packet generation unit 124 refers to the routing table, acquires the local transmission destination address, and sets it as the first header information. In addition, the cryptographic processing unit 125 searches the first management table for a record having the local transmission destination address as the local shared destination address, and acquires the logical information for encryption in the record. Then, the cryptographic processing unit 125 encrypts the verification logical information by using the acquired logical information for encryption.

  In FIG. 4, for the sake of explanation, the node 11 that is a transmission node and the node 12 that is a relay node are described as separate nodes, but in reality, a certain node 10 functions as a node 11 and a node 12 may function.

  FIG. 8 is a functional block diagram of the node 10. Each processing unit performs the same processing as each processing unit shown in FIG. For example, when a certain node 10 transmits a detection value to the sink node SN, it functions as the node 11 that is a transmission node. On the other hand, when a node forwards a packet received from another node to another node, it functions as the node 12 that is a relay node. In FIG. 8, each processing unit performs the same processing as the same processing unit in the node 11 or the node 12.

  FIG. 9 is a processing flowchart of packet transmission processing by the node 11. That is, this is a processing flow of packet transmission processing when the node 10 functions as a transmission node.

  First, the acquisition unit 111 acquires a detection value from the sensor (Op. 1). Then, the packet generator 112 generates second header information (Op. 2). The generated header information is set in the second header portion of the packet. That is, the global destination is determined and the global destination address is acquired. The storage unit 17 has a table for storing the addresses of the nodes and the sink nodes, and the packet generation unit 112 acquires the addresses from the table. Further, the packet generation unit 112 sets the address of its own node as the global transmission source address.

  Subsequently, the encryption processing unit 115 encrypts the payload data including the detection value with logical information corresponding to the global transmission destination (Op. 3). The encrypted payload data is set in the payload data portion of the packet. For example, when the global destination address is “SN address”, the cryptographic processing unit 115 refers to the second management table, and from the record having “SN address” as the global shared destination address, the server key is obtained. get. Then, the payload data is encrypted with the server key.

  Next, the logical information generation unit 113 generates logical information for verification (Op. 4). Then, the calculation unit 114 calculates code information depending on the verification logical information for the encrypted payload data and the second header information (Op. 5). The calculated code information is stored in the code information storage unit of the packet.

  The packet generator 112 generates first header information (OP.6). The generated first header information is set in the first header part of the packet. Specifically, the packet generator 112 refers to the routing table 1171 and determines a local transmission destination address. The packet generator 112 generates first header information including the local transmission destination address and the address of its own node.

  Next, the encryption processing unit 115 encrypts the verification logical information (Op. 7). The encrypted logical information for verification is stored in the logical information storage unit. Specifically, the cryptographic processing unit 115 refers to the first management table and acquires the logical information for encryption from the record including the local transmission destination address. The encryption processing unit 115 encrypts the verification logical information with the logical information shared with the local transmission destination.

  The communication unit 116 transmits the packet to the local transmission destination address (Op.8).

  Through the above processing, the packet is transmitted from the transmission note to the relay node. According to the present embodiment, verification logical information is generated at the transmission node. Further, since the verification logical information is encrypted according to the local transmission destination address, it is transmitted with higher security. Furthermore, since the code information is information that depends on the verification logic information, the packet can be verified using the same code information as long as the node can obtain the verification logic information. That is, common code information can be used in the transfer path.

  FIG. 10 is a flowchart of packet verification and packet transfer processing by the node 12. That is, this is a packet verification and packet transfer processing flow when the node 10 functions as a relay node.

  The communication unit 121 receives the packet (Op. 10). The decryption processing unit 122 decrypts the verification logical information stored in the packet logical information storage unit (Op.11). Note that the decryption processing unit 122 refers to the second management table and performs decryption using the encryption logical information corresponding to the address of the local transmission source.

  The verification unit 123 determines whether the global transmission destination address set in the packet matches the address of its own node (Op.12). If they match (Op.12 Yes), the received packet is a packet having the final destination as its own node.

  If they match (Op. 12 Yes), the verification unit 123 verifies the packet and determines whether it is a valid packet (Op. 13). That is, Op. Code information is calculated using the verification logical information decoded in step 12 for the information stored in the payload data storage unit and the information stored in the second header unit. Then, the verification unit 123 compares the calculated code information with the information stored in the packet code information storage unit. If they match, the received packet is determined to be a valid packet.

  When the packet is a valid packet (Op. 13 Yes), the decryption processing unit 122 refers to the second management table and decrypts the payload data (Op. 14). That is, the decryption processing unit 122 searches the second management table for a record having the global transmission destination address as the global sharing destination address. Then, the decryption processing unit 122 acquires the encryption logical information in the record. The payload data is decoded using the acquired logical information.

  On the other hand, when the received packet is not a valid packet (Op. 13 No), the verification unit 123 discards the received packet (Op. 15).

  Op. When the determination result is No in 12, the verification unit 123 determines whether to perform packet verification (Op.16). For example, when the processing load is greater than or equal to a threshold value, packet verification may be omitted. Op. The processing of 16 may be omitted and the packet verification may be performed without fail.

  When executing packet verification (OP.16 Yes), the verification unit 123 executes packet verification. If the received packet is a valid packet (Op. 17 Yes), the packet generator 124 generates first header information (Op. 18).

  Specifically, referring to the routing table, the address having the highest evaluation value is acquired from the local destination addresses corresponding to the global destination address. Then, first header information including the local address as the local transmission source address and the acquired address as the local transmission destination address is generated. The first header information is stored in the first header part.

  Next, the encryption processing unit 125 encrypts the verification logical information according to the local transmission destination (Op. 19). Specifically, referring to the first management table, the logical information for encryption is acquired from the record having the local transmission destination address as the local sharing destination address. Then, the encryption processing unit 125 encrypts the verification logical information using the encryption logical information. Note that the encrypted logical information is stored in the logical information storage unit.

  Subsequently, the communication unit 121 transfers the packet to the local transmission destination address. Note that the first header information of the received packet is changed in the transmitted packet. Also, the information stored in the logical information storage unit is re-encrypted according to the local transmission destination.

  When the packet is an illegal packet (Op. 17 No), the packet is discarded (Op. 21). When packet verification is not executed (Op. 16 No), Op. The process after 18 is executed.

  Through the above processing, the code information included in the received packet is shared with the local transmission destination node together with the verification logical information. That is, the same code information and the same logical information for verification are shared by the nodes forming the transfer path. Therefore, it is possible to eliminate the process in which the relay node newly recalculates code information according to a new local transmission destination. Further, the verification logical information is encrypted by the logical information shared between the own node and the local transmission destination node. That is, no verification logical information is acquired other than the regular node.

  Therefore, in the technique disclosed in the present embodiment, the security is improved as compared with the case where the verification logical information shared in advance by all nodes is used. Further, unlike the technique shown in FIG. 2, since the logical information for verification does not differ between nodes, a process of recalculating code information for each packet transfer other than the packet verification process becomes unnecessary.

  Here, it can be said that the technique disclosed in the present embodiment is more advantageous than the technique shown in FIG. 2 from the following aspects. FIG. 11 is a first diagram for explaining one effect of the technique disclosed in the present embodiment. FIG. 11 is a diagram showing a CBC mode of block cipher as an example of the encryption process.

  In the CBC mode, plain text data is divided into blocks having a predetermined bit length. In the CBC mode, XOR calculation is performed with block 1 using a random number prepared as an initial value. Then, block encryption is performed using an encryption key corresponding to the logical information for encryption. Such processing is carried out in a chain. When the last block 4 is encrypted, the combined result of all blocks is encrypted data.

  When the code information calculation process is compared with the encryption process, the processing load depends on the data length. In particular, as can be seen from FIG. 1 and FIG. 11, the CMAC calculation process and the encryption in the CBC mode are similar in processing content, and therefore, it can be considered that each processing cost increases as the data length increases.

  FIG. 12 is a second diagram for explaining one effect of the technique disclosed in this embodiment. FIG. 12 shows the processing cost related to the relay node. A relay node is a node that receives a packet from a certain node and further forwards the packet to another node. As described above, in this embodiment, packet verification processing may be omitted, but here, description will be made assuming that packet verification processing is executed.

  Normally, the payload data of a packet transferred in an ad hoc network has a variable length, but here it will be described as 128 bytes. The logical information for verification is 16 bytes here. This is because the key length used in MAC calculation is generally 128 bits (ie, 16 bytes).

  Here, the processing cost of the packet verification processing is set to “1”. Note that the packet verification process is basically a process of calculating code information for payload data in the received packet, so the code information calculated and the code information set in the packet are the bottleneck. It is assumed that the process of comparing is basically negligible. Therefore, it can be considered that the packet verification processing cost and the code information processing cost are substantially equal.

  In the description of FIG. 12, the description is made assuming that the code information is calculated only for the payload data. However, when the code information is calculated for the payload data and the second header information, the code information is used. This calculation requires a larger processing cost.

  First, the technique shown in FIG. 2 requires processing for recalculating code information in addition to packet verification processing. As described above, in the technique shown in FIG. 2, the processing cost “2” is generally generated in the relay node. The code information recalculation process has the same processing cost as the packet verification process.

  Next, in this embodiment, in addition to the packet verification process, a process for decrypting the verification logical information included in the packet and a process for encrypting the verification logical information according to the local transmission destination are required. It becomes. The decryption process and the encryption process for the verification logical information are necessary so that the encrypted logical information included in the received packet can be decrypted even at the local transmission destination.

  The process of decrypting the verification logical information and the process of encrypting the verification logical information are considered to depend on the data length to be encrypted (or decrypted), as shown in FIGS. Therefore, the process for calculating the code information for the 128-byte payload data and the process for encrypting (or decrypting) the 16-byte verification logical information are generally in an 8-to-1 processing cost relationship. it is conceivable that. Therefore, the processing cost “1.25” is generated in the relay node in the present embodiment together with the decryption processing, the encryption processing, and the packet verification processing.

  As described above, according to the present embodiment, the code information recalculation process is not required even if the verification logical information is not shared in advance, so that the processing load at the relay node is also reduced as compared with the technique of FIG. can do. In addition, this effect becomes more prominent as the data length for which the code information is calculated becomes longer. Therefore, this practical example is more effective when transferring larger data in packets.

  FIG. 13 is a hardware configuration example of the node 10. The node 10 includes a CPU (Central Processing Unit) 301, a RAM (Random Access Memory) 302, a flash memory 303, an interface (I / F) 304, an encryption circuit 305, a sensor 306, and a bus 307. I have. The CPU 301 to the sensor 306 are connected by a bus 307, respectively.

  The CPU 301 governs overall control of the node 10. The CPU 301 functions as the acquisition unit 111, the packet generation unit 112 or 124, the logical information generation unit 113, the calculation unit 114, and the verification unit 123 by executing the program expanded in the RAM 302.

  The RAM 302 is used as a work area for the CPU 301. The flash memory 303 stores programs, information on various keys, and a routing table. The flash memory 303 is an example of the storage device 117 or 126. The program includes, for example, a program for executing each process in the node shown in the flowcharts of FIGS. For example, a control program for causing a node to execute packet transmission processing, packet verification processing, and packet transfer processing is stored in the flash memory 303.

  When the program stored in the flash memory 303 is expanded in the RAM 302 and executed by the CPU 301, the node 10 functions as various processing units described in FIG. 4 or FIG. Further, the node 10 executes the processes of FIGS. 9 and 10.

  The I / F 304 transmits and receives packets by multi-hop communication. The I / F 304 is an example of the communication unit 116 or 121.

  The encryption circuit 305 is a circuit that encrypts data using an encryption key when encrypting data. For example, when the packet is encrypted and transmitted, the encryption circuit 305 functions. The encryption circuit 305 is an example of the encryption processing unit 115 or 125 and the decryption processing unit 122. Note that when the encryption is executed by software, the CPU 301 functions as the encryption processing unit 115 or 125 and the decryption processing unit 122. The CPU 301 reads a program corresponding to the encryption circuit 305 from the flash memory 23 and executes it.

  The sensor 306 detects data unique to the sensor 306. For example, data suitable for the measurement target is detected, such as temperature, humidity, water level, precipitation, air volume, volume, power consumption, time, time, and acceleration. When the CPU 301 functions as the acquisition unit 111, the detection value is acquired from the sensor 306.

10 node 11 transmission node 12 relay node 111 acquisition unit 112 packet generation unit 113 logical information generation unit 114 calculation unit 115 encryption processing unit 116 communication unit 117 storage unit 121 communication unit 122 decryption processing unit 123 verification unit 124 packet generation unit 125 encryption processing Unit 126 Storage unit 301 CPU
302 RAM
303 Flash memory 304 I / F
305 Encryption circuit 306 Sensor 307 Bus

Claims (15)

In a network system including a first node, a second node, and a third node,
The first node is
The second logic used when verifying the data is defined using the first logic information that defines the first logic shared between the first node and the second node. A first encryption processing unit for encrypting the second logical information;
A packet including the second logical information encrypted with the first logical information, the data, the content of the data, and code information depending on the second logical information, and the second node A first transmitter for transmitting to
The second node is
A receiver for receiving the packet;
A decoding processor that decodes the second logical information with the first logical information;
A second cryptographic processing unit that encrypts the second logical information with third logical information in which a third logic shared by the second node and the third node is defined;
A second transmitter for transmitting the second logical information encrypted with the third logical information, data included in the received packet, and the code information to the third node; A network system comprising: In a network system including a first node, a second node, and a third node, the first node is
Data, encryption information obtained by encrypting first logic information defining first logic used when verifying the data, code information depending on the contents of the data and the second logic information, A receiving unit that receives a packet containing the second node from the second node;
A decryption processing unit for decrypting the cipher information using second logic information in which a second logic shared by the first node and the second node is defined;
An encryption processor that encrypts the first logical information obtained by decryption with the third logical information in which the third logic shared by the first node and the third node is defined; ,
And a transmission unit configured to transmit the first logical information encrypted with the third logical information, the data, and the code information to the third node.   The first node according to claim 2, further comprising a verification unit that verifies the packet using the code information and the first logical information. The verification unit calculates other code information using the first logical information for the data in the received packet,
4. The first node according to claim 3, wherein when the code information matches the other code information, the packet is determined to be a valid packet. The code information is a message authentication code,
The first logical information is key information for a message authentication code used when calculating the message authentication code,
The second logical information is encryption key information shared between the first node and the second node,
The said 3rd logical information is the other encryption key information shared by said 1st node and said 3rd node, It is any one of Claim 2 thru | or 4 characterized by the above-mentioned. The first node. In a network system including a first node, a second node, and a third node, the first node is
A logical information generation unit that generates first logical information in which a first logic used when verifying data is defined;
A calculation unit for calculating code information depending on the content of the data and the first logical information;
An encryption processor that encrypts the first logical information using second logical information in which a second logic shared by the first node and the second node is defined;
A packet including the first logical information encrypted with the second logical information, the data, and the code information is transmitted to the second node communicating with the third node. And a transmission unit. The first node further includes an acquisition unit that acquires a detection value from a sensor;
The first node according to claim 6, wherein the code information is calculated according to a content of the data including the detection value. The code information is a message authentication code,
The first logical information is key information for a message authentication code used when calculating the message authentication code,
8. The second logical information according to claim 6, wherein the second logical information is encryption key information shared by the first node and the second node. One node. In a network system including a first node, a second node, and a third node, the first node is
Data, encryption information obtained by encrypting first logic information defining first logic used when verifying the data, code information depending on the contents of the data and the second logic information, Received from the second node,
Decrypting the cryptographic information using second logical information defining a second logic shared between the first node and the second node;
Encrypting the first logical information with third logical information defining a third logic shared between the first node and the third node;
A communication method characterized by executing a process of transmitting the first logical information encrypted with the third logical information, the data, and the code information to the third node. The first node is
The communication method according to claim 9, wherein a process of verifying the packet is executed using the code information and the first logical information. In the verification process, the first node uses the first logical information to calculate other code information for the data in the received packet,
The communication method according to claim 10, wherein the packet is determined to be a valid packet when the code information matches the other code information. The code information is a message authentication code,
The first logical information is key information for a message authentication code used when calculating the message authentication code,
The second logical information is encryption key information shared between the first node and the second node,
12. The third logical information according to claim 9, wherein the third logical information is other encryption key information shared by the first node and the third node. Communication method. In a network system including a first node, a second node, and a third node, the first node is
Generating first logic information that defines the first logic used to validate the data;
Calculating code information depending on the content of the data and the first logical information;
Encrypting the first logical information using second logical information in which a second logic shared by the first node and the second node is defined,
A packet including the first logical information encrypted with the second logical information, the data, and the code information is transmitted to the second node communicating with the third node. A communication method characterized by executing processing. The first node further includes:
Execute the process to get the detection value from the sensor,
14. The communication method according to claim 13, wherein, in the calculation process, the code information is calculated according to a content of the data including the detection value. The code information is a message authentication code,
The first logical information is key information for a message authentication code used when calculating the message authentication code,
The communication according to any one of claims 13 and 14, wherein the second logical information is encryption key information shared by the first node and the second node. Method.

Images