JPWO2018122367A5 - - Google Patents

Description

The present invention relates to a method for constructing a communication connection between a network node and a communication partner in a data network net. The network node receives at least one message from the communication partner via the wireless interface, and the message is accompanied by matching data.

Nowadays, a large number of diverse devices are equipped, for example, by wireless connection means via wireless links. In order to take the tedious task of setting up a data network from the user, such devices can often and automatically establish communication connections with other compatible devices, and as a result, these. A plurality of devices form an ad hoc network, and as a result, these devices are actively and in the receiving area of each other. An example of a network from such an application field is to automatically connect a smartphone to a vehicle audio system, for example, to use the audio system as a hands-free telephone device for automobiles, etc., via a known Bluetooth standard or the like. And so on. This capability has been extended to everyday items as part of the development known as the "Internet of Things", resulting in approximately household items, smartphones, HiFi devices, indoor appliances, sensors, indoor climate, etc. Controllers, and similar devices, may communicate with each other, which does not need to be absolutely noticeable to the user.

In short, this offers significant benefits to the user, but also significantly increases the potential for exploitation, approximately in the form of cyberattacks, with further networking. The Internet of Things in combination with wireless communications allows attackers to accept communications to technical systems by using masquerading identities, thereby fraudulent to data. There is a risk of gaining access, invoking a function, or making unauthorized changes in some cases. Therefore, before the automatic construction of data communication, the reliability of the communication partner must be ensured by each device.

This credibility confirmation or inspection is commonly referred to as "verification" in the context of this disclosure. This collation work may include, for example, checking if the communication partner is part of the same system. In the above example, the system may include almost any communication partner in the vehicle, and it must be excluded that a crisis outside the vehicle or equipment is incorporated into an ad hoc network in an adjacent vehicle. Currently, this collation is usually "handed" by requiring the user of the smartphone to enter the code displayed on the vehicle's display before a connection is created between the vehicle system and the smartphone. It will be done.

Safety concerns are also the reason why the use of independently contacted equipment in the industrial realm and in the realm of systems with increased safety requirements can be problematic. Therefore, even in this case, the qualification for data communication between each device must be defined by the user. Connections can also be constructed encrypted, with higher security requirements, in which case the exchange of encryption keys is particularly vulnerable to attack.

Measuring instruments in industrial applications, such as measuring instruments present on test benches, can be connected via ad hoc wireless communication and, in some cases, independently of the original conduction of measurement data to an automation system. By exchanging data, additional features can be implemented and additional utility value for the customer is created. In addition to the safety considerations shown above, the equipment is actually installed in-house on the same test bench, allowing wireless communication across spatial boundaries, and thus non-attribution. It must be ensured that the equipment (equipment built in the adjacent space within other test benches) can also be reached. In addition, the communication partner is a trusted, as well as in fact, an active measuring instrument, and is simply disguised by a rogue, rogue, existing or adjacent space, and / or hidden device. What cannot be done must be ensured. This safety precaution may be particularly relevant when test benches are rented to a variety of companies and, as a result, rival companies can simultaneously perform inspections in adjacent spaces. This problem also arises in wireless sensor networks, where measurement data is transmitted wirelessly to automation systems. Therefore, the attribution of equipment to a certain test bench or subject must now be configured by the hands of a test bench technician or the like. This may include other actions that can be done, for example, by entering a serial number, or by declaring other features, or that cannot be fully automated. This manual operation assumes that the input person has already inspected the authenticity of the device as part of this operation, which again poses a safety risk. Currently, this task is not fully automated and errors in authenticity declarations cannot be inspected ex post facto.

Another embodiment is a corresponding (wireless) system (control, sensor, etc.) allocated within the vehicle for testing purposes in the context of a movable measurement system or for mass-produced vehicles. In the networking already mentioned in this embodiment, the safety issues mentioned above are relevant.

The object of the present invention is to form the connection construction of the ad hoc network more reliably and at the same time more easily, and in particular, the drawbacks of the prior art described above must be avoided.

This task is described in claim 1.
A method for establishing a communication connection between a network node (1) and a communication partner (10) in a data network (6).
The network node (1) receives at least one message (M) from the communication partner (10) via the wireless interface (3).
In the method in which the collation data (9) is attached to the message (M).
The collation data (9) includes a transmitter measurement data map (8) showing measurement data (7) ascertained by the communication partner (10) within a predetermined period of time during the preceding recording cycle.
The transmitter measurement data map (8) contained in the received collation data (9) is based on and / or the communication partner (10) known to the network node (1). Stored in the data memory (5) of the network node (1) created regardless of the transmitter measurement data map (8) based on the correlation notified to the network node (1) by. By comparing with the receiver measurement data map (8 ' ), the network node (1) is solved by collating the communication partner (10).
In this method, the collation data includes a transmitter measurement data map, which is representative of the measurement data captured by the communication partner during the preceding recording cycle, and this network node communicates. Match partners. This allows network nodes to automatically recognize and match communication partners without additional manual interaction. In this case, the devices involved make full use of common synchronous time information, which can be ensured, for example, via reception of a radio clock signal or by a time stamp transmitted locally wirelessly. According to the present invention, it can be distinguished whether the communication partner simply declares that it belongs to the same measurement environment, or whether the communication partner actually exists.

The method according to the present invention can be used, for example, in a vehicle. This method can recognize, for example, whether or not the user's smartphone is in the vehicle and accompanied. Only when "accompanied" will a reliable connection be established (eg via Bluetooth). Applications in a broader context, such as vehicle identification and reliable authentication to communicate via V2V (C2C) and placement of a unique vehicle with respect to the environment, may utilize the methods according to the invention.

The receiver measurement data map can be created as a representative of the measurement data grasped by itself, for example, by the network node, which means that when the network node is a measuring device, the network node makes full use of the measurement data grasp. It is assumed that. However, the receiver measurement data map can also be a measurement data map created by a network node, this measurement data map is generated based on the measurement data, and this measurement data is already graded as reliable third. Acquired by the unit. This can happen, for example, when the network node is an automation system, which receives and stores measurement data from a plurality of measuring instruments.

In the present invention, the network node and the communication partner can be an automation system of a measurement location or a measurement environment independently of each other. This is an additional feature, for example, where all the equipment of an individual manufacturer communicates with each other in an ad hoc network, all of these equipment are involved in the measurement of the test bench, and in the dependence of various equipment combinations. Allows you to provide sex. By collation based on the measurement transition, it is ensured that the connection is made only with the equipment that is actually started on the same test table. Communication is equivalent when another instrument (eg, by another manufacturer) is built into the test system, or when an automation system is used and this automation system does not support this ad hoc network construction. Can be built between.

In an advantageous manner with respect to the present invention, a network node may create an encryption key for encrypted communication with a communication partner based on the transmitter measurement data map elephant. At this time, the network node may use the data of the transmitter measurement data map transmitted by the communication partner.

On the other hand, the transmission of encrypted information can be avoided when the network node uses the stored measurement data to create the encryption key. The network node can therefore, in an advantageous way, create an encryption key for encrypted communication with the communication partner based on the receiver measurement data map. For example, the network node may obtain a time cycle corresponding to the transmitter measurement data map in the receiver measurement data map, and create an encryption key based on the time cycle of the receiver measurement data map. .. The communication partner creates the encryption key based on the same time cycle of the transmitter measurement data map. That is, the encrypted data delivery is such that the transmitter measurement data map and the receiver measurement data map correspond to each other, that is, they have already been generated based on the measurement with respect to the same test bench. Works only when the database for is not required to be propagated over the data network.

The concept of "encryption key" is related to the present invention independently of whether this encryption key is useful for encrypting or decrypting a message and is a symmetric or asymmetric encryption method. Generally used for encryption keys in.

Differences between receiver measurement data maps and transmitter measurement data maps can be calculated by known correlations between network nodes and communication partners. This correlation can be, for example, a time delay or a positive or negative increase, which can be easily calculated. However, more complex correlations may be considered when the attributes of network nodes and communication partners are known. In some cases, the parameter can also be a facility, in which a network node and a communication partner are installed and used to determine the correlation. In the case of a test bench, for example, the power data and / or the material data of the dynamometer of the subject can be considered. Correlation arises, for example, by building a facility. For example, in a drive gear, the driven rotation speed correlates with the drive rotation speed via the transmission device.

In an advantageous embodiment, the network node may create at least one virtual network node based on the correlation after matching the communication partners. For example, when the third measurement value is calculated from the first measurement value and the second measurement value, the network node (for example, when this network node measures the first measurement value) receives the measurement data of the communication partner in real time. Then, communication with a communication partner (for example, when this communication partner measures the second measurement) can be used to calculate the third measurement from it, and the third measurement is provided to the automation system. Can be. The automation system can further process the data of the third measurement, thus within its own channel, as if the virtual network node was a real instrument. When a network node is an automation system, it may also create a third measurement based on one or more measurements of one or more communication partners.

In an advantageous embodiment, the data network can be an ad hoc network. The data network is described as an ad hoc network, which is automatically constructed by the users of the participating devices (or network nodes and communication partners) without any configuration, and as a result, these devices are wireless. It exists within the coverage of the interface. Unlike this, it is also possible to construct a data network by the conventional method with the definition preset by the user. At that time, the methods according to the invention may provide an additional level of security.

INDUSTRIAL APPLICABILITY The present invention relates to a network node having at least one measuring transducer, at least one wireless interface, at least one processor unit and at least one data memory, and can be implemented by the network node within the network node. Program logic is implemented, and network nodes implement the methods according to the invention described above when implementing program logic. At this time, the network node can be any device, and this device is suitable for constructing an ad hoc network. The measurement transducer can be a sensor, or other unit that produces measurement data. For mobile applications, the measuring transducer can be, for example, a sensor for obtaining position coordinates, in particular a GPS chip for obtaining geographic coordinates.

In an advantageous manner, the network node can be a measuring instrument for a measuring environment. In the context of the present invention, test and / or analytical tasks such as, for example, a movable or stationary lab, a movable or stationary test bench, an aircraft, a land vehicle and / or a ship, or generally real estate, or a land range. The area defined for the and / or control task is described as the measurement environment.

In another advantageous embodiment, the network node can be a measuring instrument, or an automation system for an engine test bench.

The present invention is described in more detail below in connection with FIGS. 1-4, and these figures show an exemplary, schematic, and non-reducing, superior development of the invention.

It is a schematic diagram of the ad hoc network which uses the method which concerns on this invention. It is a schematic diagram of an engine test bench, and the method according to the present invention is implemented in this engine test bench. It is a comparison by a graph of the measurement signal and is a measurement data map derived from it. as well as It is a comparison by a graph of a plurality of measurement signals.

FIG. 1 schematically shows a measurement environment 13, in which a plurality of measuring devices 11 are arranged, and these measuring devices exchange data with each other via a wireless interface 3. Can be. Each measuring device 11 has a measuring transducer 2, a data memory 5, and a processor unit 4. The timing signal generator 15 provides matching time information to all the measuring devices 11, and as a result, the measuring device 11 obtains the data stored in the data memory 5 as necessary time information. Can be implemented with. The timing signal generator 15 may transmit the time stamp locally and wirelessly. Alternatively, a wireless clock signal may be used for synchronization of the measuring device 11.

For ease of understanding, the following describes the relevance of the method and device implementation according to the invention, especially in a test bench environment, but those skilled in the art will appreciate the ideas disclosed herein in other embodiments as well. Can be applied without. As an embodiment, in particular systems are of interest, in which a plurality of devices can build and use an ad hoc network.

In FIG. 1, three measuring instruments 11 are arranged in the area of the measuring environment 13, and each of these measuring environments produces the measurement data 7 via the measurement transducer 2 and is in the data memory 5. Store and / or communicate to the automation system via any data link. The transmission of measurement data can be done via the wireless interface 3 or via other data links (not shown in FIG. 1).

In addition, the measuring devices 11 are capable of communicating with each other and thus constructing an ad hoc network. This ad hoc network (which is schematically shown as data network 6 in FIG. 1) may have, for example, all the equipment of the manufacturer in the measurement environment 13, and the programming logic of these equipment is , Support the method according to the present invention. Older measuring instruments 11 that do not support ad hoc networks, or components of other manufacturers that should not be involved in ad hoc networks, may be further incorporated into measurement environment 13, but remain unconsidered when constructing ad hoc networks.

The connection construction between the two measuring instruments 11 is described below for the network node 1, which network establishes a communication connection with the communication partner 10. Similarly, the network node 1 and the communication partner 10 are measuring devices 11 of the measuring environment 13, respectively, as shown.

The names "network node" and "communication partner" simply imply clarity of the specification, identifiability of the device, and functional differences in relation to the specification of the present application. Depending on how they are observed, each device can be considered as a network node 1 or a communication partner 10 within an ad hoc network. A device to be proved to be credible is described as a communication partner 10 in relation to the present specification, and a device for collating the communication partner 10 is described as a network node 1.

All the measuring instruments 11 constantly store the measurement data map of the measurement data 7 recorded by the measuring transducer 2 of these measuring instruments in the data memory of these measuring instruments, and the measurement data map of the communication partner is shown below. , The transmitter measurement data map 8 and the measurement data map of the network node 1 are described as the receiver measurement data map 8 ′ . The measurement data map thus represents the transition of the measurement data and may be stored in the data memory 5 via a definable time span (eg, the most recent hour).

The measuring device 11 can always recognize other devices existing in the wireless communication range via the already known protocol, and can be associated with the device found based on the already known algorithm. You can decide if the link should be built.

In the illustrated situation, the communication partner 10 attempts to establish a link with the network node 1. In order to prove that the device is reliable to the network node 1 , the communication partner 10 transmits the message M via the wireless interface 3 . The message M is received by the network node 1. The message M includes collation data 9 representing a partial area of the transmitter measurement data map 8 . In this case, the subregion may be defined by the actual time (eg, the last 2 seconds of the measurement) and / or date . Further, the message M may include ordinary packet data information, for example, information about a communication partner 10. The period may be calculated based on a predetermined characteristic " event " during the measurement transition , for example, based on a load fluctuation that similarly affects the transition of the measurement data 7 of the two measuring devices 11 .

The network node 1 obtains the correlation between the acquired transmitter measurement data map 8 and the receiver measurement data map 8 ′ stored in the data memory of the network node 1 from the information about the communication partner 10. This correlation is applied to the transmitter measurement data map 8 to determine the corresponding region in the receiver measurement data map 8 ' (or vice versa) and to compare both measurement data maps. If both measurement data maps match , the match confirms that the communication partner 10 is in the same measurement environment 13 as the network node 1 and can therefore be considered reliable . Therefore , after confirming the positive reliability, a link with the communication partner 10 may be established for further data exchange. Similarly, of course , the network node 1 can be matched against the communication partner 10 as a reliable device.

It is possible that an attacker could eavesdrop on such data exchanges and re-use the transmitted measurement data map to make false identities appear to be true identities ( replay attack ) . The replay attack , for example , by allowing the measurement data map of a given time cycle to be used only once , that is, by being rejected a second time after one transmission from multiple network nodes in the network. Can be blocked . Multiple network nodes in the network first request a predetermined time cycle in the past for which the data must be supplied by the communication partner by the handshake method, and this time cycle is newly requested for each data exchange. If it is established (eg, randomly), there may be other means .

In some cases, the connection may be encrypted by known procedures to avoid eavesdropping on the communication. In some cases, it can be done based on the encryption key measurement data map 8. The part of the measurement data map has already confirmed that the measurement data map is correlated, and since this part has already been propagated in the collation data 9, the encryption key is otherwise (not propagated). ) Can be created based on the time area of the measurement data map, the network node 1 creates the encryption key based on the receiver measurement data map 8 ′ , and the communication partner 10 creates the encryption key on the transmitter measurement data map. Create based on 8. Although this possibility produces the same code on both sides and allows the execution of a very reliable cryptographic mechanism, this code does not need to be pre-transmitted between both communication partners.

In constructing a reliable link , it is similarly not taken into account that the initial necessary exchange of this measurement data cannot lead to an attack in advance, for example, it is treated here as still untrusted. Must not be. That is, it must be taken into account that only a minimal subset of features are available, such as the firewall in the "maximum protection" setting. Comparisons of locally available data are similarly trusted / untrusted, for example by the use of variable and other unpredictable measurement signals for allocation over a long period of time. It must provide a reasonable basis for determining whether it is untrusted). It is also important for telecommunications partners to ensure that they are no longer compromised. This is, for example, when a normally legitimate, locally existing system has already been compromised, and thus has recognition of information that can only be used locally, and has already been manipulated by an attacker. When that happens, it applies. When these assumptions are ensured, very high safety standards are achieved.

FIG. 1 shows another measuring instrument 11 ′ . Although this measuring device exists outside the measurement environment, it still exists within the wireless communication range of the data network 6. The other measuring device 11 ′ may be , for example, a device placed on another test stand in an adjacent space, or may be a hidden device that attempts a cyber attack on the data network 6 . However, in both cases , even if another measuring device 11'try to build a link, the network node 1 does not collate the other measuring device 11'. This is because the transition of the measurement data of this other measuring device corresponds to another measurement environment and therefore does not match the measurement data map 8.

FIG. 2 shows an engine test bench 14 in which the method of the present invention is implemented . The subject 16 is arranged in the engine test bench 14, for example, an internal combustion engine or a motor-generator, which is optionally connected to a power train, which is connected to the dynamometer 17. In this test structure, a large number of measuring instruments 11a to 11d are arranged by a conventional method, and the measurement of these measuring instruments is evaluated by the automation system 12. The automation system 12 also adjusts the conditions for the subject 16 and the dynamometer 17.

The measuring instruments 11a to 11d periodically grasp the data of the measuring transducers (or sensors) of these measuring instruments after a certain period of time (for example, several hours), and obtain these data in a time sequence (synchronized time). It is stored in the data memory 5 of the measuring device as (along with information and the like). Effective data reduction can be done to save free memory space. For example, certain changes (aspects in measurements, events) can be recognized and only an outline of the events can be stored.

Since various measuring instruments 11a to 11d on the test bench observe the same test structure, these instruments can grasp the events that are temporally correlated or the effect of these events on each measurement scale. I have to keep it. In the general case, it can be envisioned that the system will grasp each other's constant physical activity at a comparable time and in a comparable manner in a given locational neighborhood.

As an example, when starting the engine, the dyno measurement recognizes the change in rotation speed and rotation moment, the exhaust gas measurement recognizes the rise in nitrogen oxides, and the fuel consumption measurement recognizes the change in fuel amount every hour. And the temperature measurement in the cylinder recognizes the (possibly delayed) temperature rise. These correlations are known or can be determined for the test bench, depending on the attributes of each measurement sensor.

Each of the measuring instruments 11a to 11d stores such "events" in the internal memory. Due to the existence of a certain number of such events, there is a certain probability that the physical conditions (defined delay time, dependence, etc.) will be met when the characteristic details (time point, period, shape ...) are met. It can be assumed that the same event (Events) is observed in advance, and therefore the same subject is observed in consideration of the physical scale and the like. That is, the longer the observation time, the more certain that the equipment involved collects more "common history" and, when matched, is the measuring equipment on the same test bench.

For identification, device "proof" to other devices, this common knowledge can be expressed as described above as evidence of attribution.

When this knowledge is encrypted by cryptography and passed on to the outside world, not explicitly, the knowledge can only be inferred within the device without being imitated by a third party. That is, forgery without actually having simultaneous measurements is impossible or very difficult. In other words, in addition to the information that "the measuring device is in the same subject", it can be recognized that "the measuring device is actually a real measuring device".

Under certain circumstances, it is possible to calculate the third measurement scale in real time based on the combination of the measurement data 7 of the two or more measuring devices 11. This enables the generation of a "virtual measuring device" such as the virtual measuring device 11e shown in FIG. 2, and the measurement data 7 of this measuring device is created based on the measurements of both measuring devices 11a and 11b. Will be done.

As a practical example, approximately the measuring device 11a may measure the amount of fuel delivered to the subject 16, and the measuring device 11b may measure the amount of air delivered. From this, the value for the amount of exhaust gas is determined through the found relationship. Thus, the value for this exhaust gas amount can be provided to the automation system 12 as measurement data 7 of the virtual measuring device 11 when both measuring devices 11a and 11b in the ad hoc network communicate with each other. If the automation system 12 is also integrated in the ad hoc network, the virtual measuring device can also be created by the automation system 12. The other measuring instruments 11c and 11d may also be incorporated into an ad hoc network, or may be older instruments, or instruments of other manufacturers, which may be used very commonly in this case.

FIG. 3 schematically shows the relationship between the measurement data 7 recorded by the measuring device 11 and the measurement data map 8 created based on the measurement data 7. When displayed, the measurement data map 8 is, for example, by using a lower sampling rate, or by application of other lossless data compression methods, or lossy data compression methods. , Has a lower data density than the measured data 7. However, the data density is appropriately selected so that certain events that affect the transition of the measurement data 7 can be recognized in the measurement data map 8. Events can be recognized, for example, by positive peaks and / or by negative peaks and / or by the gradient of the lateral region. The region selected from the measurement data map 8 can be used as the collation data _{9 (} between the start time t1 and the end time t2). Then, the collation data 9 corresponds to the measurement data map 8 in a certain time domain.

However, it is also possible to create the collation data 9 by another method, for example, the distance between two peaks for each in a certain time domain is used as a data string to create the collation data 9. .. Even in this case, the collation data 9 corresponds to the measurement data map 8. However, the collation data can also be obtained based on other attributes of the measurement data map 8 such as gradient transitions, zeros, etc. In any case, the collation data is a portion of the data of at least one measurement data map 8 each. including. It is also possible that the collation data 9 is encrypted.

In some cases, the described encryption key may be generated based on the data string obtained from the measurement data map 8 also in relation to the explanation of FIG. 1 above.

In FIG. 4, the transitions of the three measurement data maps 8, 8 ′ and 8 ″ are shown so that they can be created by the three measuring instruments 11 in the sensor network. In FIG. 4, the three measuring instruments 11 are represented. , Nodes S1, S2 and S3. Measurement data maps 8, 8 ′ , 8 ″ are based on each measurement data 7 with a reduced data rate (as illustrated in FIG. 3). It may be the data transition created in the above, or it may correspond to the measurement data 7.

In the example shown, nodes S1 and S2 are measured for the same process, that is, the observations of both nodes S1 and S2 are correlated. Therefore, the transitions of the measurement data 7 of S1 and S2 are in agreement, and S2 is a time difference of Δt with respect to S1. However, any other recognizable correlation is predominant between both measurement data transitions, even the "mild" correlation that occurs when vibrations are measured at various points in the engine. possible.

Node S3 measures for other processes and therefore there is no correlation for S1 and S2.

Here, when node S1 attempts to establish communication to node S2 (eg, by sending message M, as described above), node S1 is a portion of the measurement data map 8. Is added to the message M to prove its legitimacy. This portion forms the collation data 9 displayed in FIG.

Based on the correlation between S1 and S2, S2 finds a portion 9'in the measurement data map 8'unique record, which corresponds to the acquired collation data 9. In the display of FIG. 4, the receiver measurement data map 8 ′ is only moved temporally with respect to the receiver measurement data map 8, and the data transitions match in other respects. More complex correlations can exist, from which S2 can infer that S1 is not only already measured and therefore close to local, but also reliable for the same process. ..

For example, the construction of encrypted and reliable communication follows. A recognition of some of the process history serves as a proof of match. Thus, some of this replaces other mechanisms such as authentication as used at trusted sites (https). This provides the advantage of eliminating the need for tedious (often requiring user access) authentication management.

In some cases, node S2 may, in turn, return data (from another cycle) to S1 to ensure that S1 is also a legitimate communication partner.

1 Network node 2 Measurement transducer 3 Wireless interface 4 Processor unit 5 Data memory 6 Data network 7 Measurement data 8 Transmitter measurement data map 8 ′ Receiver measurement data map 9 Collation data 10 Communication partner 11 Measurement equipment 12 Automation system 13 Measurement environment 14 Engine test bench 15 Timing signal generator 16 Subject 17 Dynamometer