WO2001069955A1 - Dispositif de surveillance pour des reseaux sans fil en champ proche - Google Patents

Dispositif de surveillance pour des reseaux sans fil en champ proche Download PDF

Info

Publication number
WO2001069955A1
WO2001069955A1 PCT/DE2001/000522 DE0100522W WO0169955A1 WO 2001069955 A1 WO2001069955 A1 WO 2001069955A1 DE 0100522 W DE0100522 W DE 0100522W WO 0169955 A1 WO0169955 A1 WO 0169955A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitor
connection
directory
alarm signal
participants
Prior art date
Application number
PCT/DE2001/000522
Other languages
German (de)
English (en)
Inventor
Holger Kremer
Original Assignee
Wincor Nixdorf Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wincor Nixdorf Gmbh & Co. Kg filed Critical Wincor Nixdorf Gmbh & Co. Kg
Priority to EP01911442A priority Critical patent/EP1264502A1/fr
Publication of WO2001069955A1 publication Critical patent/WO2001069955A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/001Interfacing with vending machines using mobile or wearable devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/02Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications

Definitions

  • the invention relates to the use of mobile control units, in particular in self-service stations, via wireless near-field networks.
  • a near-field radio connection is used instead of an infrared connection, for example according to the emerging Bluetooth standard, then a problem arises which does not occur for the infrared connection.
  • the latter is namely directed and only effective at a very short distance, so that the user of a mobile control unit can be sure that he is using the correct cash dispenser.
  • the electromagnetic waves are emitted more spherically, so that an attacker could set up a transceiver adjacent to the automated teller machine, which pretends to be an automated teller machine. Since the operation is handled entirely by the mobile control unit, the fraud is only noticed by its users when none of the ATMs dispenses the booked money.
  • an attack known as a 'man-in-the-middle attack' remains particularly problematic.
  • the attacker tries to present himself to both participants as the other participant. He can then filter the communication as desired.
  • the mobile control unit tries to establish a connection to the ATM.
  • the attacker also pretends to be an ATM and tries to fulfill the connection of the mobile control unit.
  • the attacker pretends to be a mobile control unit and tries to establish a connection to the ATM. If he succeeds in this, he can initially simply convey the communication packets unchanged, so that the mobile control unit believes that it is communicating directly with the ATM, and vice versa, it means communicating with the mobile control unit.
  • Encrypting communication only helps to a limited extent here.
  • key management is not part of the Bluetooth standard. If the attacker succeeds in penetrating here, he can agree a session key with each of the two participants and re-encrypt the messages during the transfer. More detailed information on this attack can be found in every textbook on cryptography when analyzing the weak points of the Diffie-Hellmann method for generating session keys. Similar attacks for cellular mobile radio networks are described in US Pat. No. 5,978,669.
  • the object of the invention is therefore to provide a measure which at least hampers an attempt to penetrate wireless communication between, for example, a mobile control unit and a self-service machine.
  • the invention is based on the fact that an additional receiver can detect an intruder by monitoring the communication if at least one of the two communication partners is stationary, as is the case with self-service devices.
  • a monitoring receiver can then check whether at least one of the two participants is listed by comparing it with a list of these stationary participants. This directory can either be maintained manually in the monitor or can be updated automatically by the stationary devices that can be reached using wired communication.
  • Fig. 1 is a symbolic representation of an arrangement with which the invention can be carried out.
  • a stationary self-service station 10 which does not require a screen or a keyboard within the scope of the invention, may have an output slot 11, for example for banknotes. Furthermore, the self-service station 10 comprises an interface 13 for non-directional wireless communication, in particular for a near-field radio network such as "Bluetooth".
  • a near-field radio network such as "Bluetooth”.
  • a mobile control unit 20 which comprises a display 21 and a keyboard 22. Fener, the mobile control unit 20 has an interface 23 corresponding to the interface 13 for non-directional wireless communication, via which, symbolized by the double arrow, a communication link 19 is established with the self-service station 10.
  • Data blocks 18 are exchanged via the connection 19, which usually have a header in a radio network, in which the destination address 18a and the source address 18b are contained, as well as useful data 18c.
  • a monitor 30, which makes up the invention is provided.
  • This comprises a receiver 33 which transmits the entire te communication, in particular of the radio network used by the interface 13, is monitored. Since it is an undirected wireless network, it is possible in principle that a monitor 30 can record all network traffic.
  • the usual interfaces are generally set up in such a way that they only forward the packets whose destination address 18a ultimately receives and passes on with a predetermined destination address, namely that of the subscriber. Nevertheless, it is of course possible to technically modify an interface so that it effectively accommodates every data block.
  • This operating mode is also referred to as 'promiscuious mode' in the area of wired networks of the "Ethernet" type.
  • the interface 33 of the inventive monitor completely ignores the useful data 33 and extracts the destination address 18a and the source address 18b from each transmitted data block 18. These are fed to a comparator 35, which searches these addresses in a directory 34.
  • the address of the interface 13 of the self-service station 10 is contained in the directory. If one of the addresses is contained in the directory 34, then it is a permissible connection to or from the self-service station. If both addresses are not included, the connection is different.
  • FIG. 2 shows the case where an intruder 90 tries to engage in radio communication between the self-service station 10 and the mobile control unit 20.
  • the intruder 90 also contains an interface for the wireless near-field network, which for the sake of clarity is shown as two interfaces 93a and 93b.
  • the intruder 90 simulates the self-service station 10 in the context of the connection 19b relative to the mobile control unit 20, on the interface 93a the mobile control unit 20 simulates the self-service station 10 in the context of the connection 19a. If the intruder 90 succeeds, there are ways to modify the communication.
  • the invention now solves the problem of nipping such an attempt by an intruder 90 in the bud.
  • the monitor 30 determines the destination and source addresses for both connections 19a and 19b. For the connection 19a. Address of interface 13 found in the directory. For the connection 19b, however, the directory contains neither of the two addresses, so that the comparator 35 detects data traffic with unknown subscribers and triggers an alarm.
  • the addresses of the mobile operating parts are not contained in the directory 34, but only the addresses of the stationary devices. Because it should be possible to use a self-service station without registering the private mobile control panel. It would also be easy for an intruder to accept the address of an approved keypad that is not active in the radio network. However, it is hardly possible to use the address of the data station twice, because this would mess up the communication protocols so significantly that normal processing and thus an undetected, falsified transaction are practical is impossible. However, the intruder can easily accept the address of a self-service station on the interface 93b that is securely out of the range of the radio network and can thus deceive the mobile operator, even if it contains a list of the licensed self-service stations.
  • the further use of a generated alarm signal must be selected depending on the application, legal framework and experience.
  • a simple option is to switch on an alarm lamp.
  • the monitor 30 can be expanded to include a jammer that uses the two addresses not found and interferes with a strong radio signal in all data blocks containing these addresses, thus rendering the useful data unusable.
  • the alarm signal can also be sent to all self-service stations within range, wirelessly or via additional wired communication. These then stop operating until the fault has been remedied or for a specified time. In particular, communication relationships that are still in their early stages should be broken off because they are most likely to be affected. If, in addition, the self-service stations inform each other of the start of communication to all others, it can be determined for each station that it relates to the latest connection and should therefore be terminated in any case when the alarm signal occurs.
  • the monitor 30 contains an essentially static directory 34. Since self-service stations are rarely set up or taken down, this is straightforward can be updated manually.
  • wired communication between the self-service station 10 and the monitor 30 is now additionally set up. Since it is not part of the near field wireless network, it cannot be affected by the intruder 90. This will preferably be a line-bound network of a known type. Each self-service station 10 then uses this to log on or off when it starts or stops operating. In this way, directory 34 is automatically kept up to date.
  • the same wired interface is also preferably used to forward the alarm signal, in particular to the subscribers listed in the directory.
  • a near field network such as Bluetooth, in which device classes are supported, is particularly suitable for the invention.
  • a device class would be the class of self-service terminals.
  • the monitor also takes the device class of the transmitted data blocks and only works for data blocks in which one of the two participants belongs to the predetermined device class. This means that a false alarm or a malfunction in other communication relationships that take place in the vicinity of the self-service station but do not relate to its task no longer exist. It is irrelevant whether the device class is only included when establishing a connection or in each data block, in particular in the destination address 18a and source address 18b, or in other fields of administrative information, since it is sufficiently known to the person skilled in the art that and how the supervisor can program it takes into account special circumstances. For an event To clarify the function of the invention, it can readily be assumed that the device class is determined by dividing the address space into disjoint quantities.
  • the extraction of the destination and source address from the transmitted data blocks represents a simple way of obtaining a unique identifier for the respective participant in the communication methods currently used.
  • the only requirement for the invention, however, is that such an indicator can be reliably removed at all within the time available. If one or the other data block cannot be taken into account, this is generally not a problem, since several data packets are usually required to process a transaction and an alarm is still effective even after, for example, the third data packet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un dispositif de surveillance pour un réseau sans fil en champ proche dans lequel les abonnés d'une liaison de communication ont un signe caractéristique univoque pouvant être extrait des données transmises. Selon l'invention, le dispositif de surveillance détermine les signes caractéristiques de chaque communication et génère un signal d'alarme si le répertoire ne contient pas au moins l'un des signes caractéristiques.
PCT/DE2001/000522 2000-03-17 2001-02-10 Dispositif de surveillance pour des reseaux sans fil en champ proche WO2001069955A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP01911442A EP1264502A1 (fr) 2000-03-17 2001-02-10 Dispositif de surveillance pour des reseaux sans fil en champ proche

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10013321 2000-03-17
DE10013321.5 2000-03-17

Publications (1)

Publication Number Publication Date
WO2001069955A1 true WO2001069955A1 (fr) 2001-09-20

Family

ID=7635312

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/000522 WO2001069955A1 (fr) 2000-03-17 2001-02-10 Dispositif de surveillance pour des reseaux sans fil en champ proche

Country Status (2)

Country Link
EP (1) EP1264502A1 (fr)
WO (1) WO2001069955A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5872844A (en) * 1996-11-18 1999-02-16 Microsoft Corporation System and method for detecting fraudulent expenditure of transferable electronic assets
WO1999041876A1 (fr) * 1998-02-11 1999-08-19 Telefonaktiebolaget Lm Ericsson (Publ) Systeme, procede et appareil pour la transmission protegee d'informations confidentielles
US5970405A (en) * 1997-02-28 1999-10-19 Cellular Technical Services Co., Inc. Apparatus and method for preventing fraudulent calls in a wireless telephone system using destination and fingerprint analysis
US5978669A (en) 1994-11-10 1999-11-02 Telefonaktiebolaget Lm Ericsson Method of detecting fraud in a radio communications network by analyzing activity, identification of RF channel data for mobile stations in the network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5978669A (en) 1994-11-10 1999-11-02 Telefonaktiebolaget Lm Ericsson Method of detecting fraud in a radio communications network by analyzing activity, identification of RF channel data for mobile stations in the network
US5872844A (en) * 1996-11-18 1999-02-16 Microsoft Corporation System and method for detecting fraudulent expenditure of transferable electronic assets
US5970405A (en) * 1997-02-28 1999-10-19 Cellular Technical Services Co., Inc. Apparatus and method for preventing fraudulent calls in a wireless telephone system using destination and fingerprint analysis
WO1999041876A1 (fr) * 1998-02-11 1999-08-19 Telefonaktiebolaget Lm Ericsson (Publ) Systeme, procede et appareil pour la transmission protegee d'informations confidentielles

Also Published As

Publication number Publication date
EP1264502A1 (fr) 2002-12-11

Similar Documents

Publication Publication Date Title
DE3303846C2 (fr)
DE19723659B4 (de) Datenkommunikationssystem und Verfahren zur Chiffrierung zu übertragender Daten
DE60028900T2 (de) Automatische Neusynchronisation einer Geiheimsynchronisationsinformation
DE102014113582B4 (de) Vorrichtung, Verfahren und System für die kontextbewusste Sicherheitssteuerung in einer Cloud-Umgebung
DE102004032057A1 (de) Verfahren und Anordnung zum Generieren eines geheimen Sitzungsschlüssels
EP2595083B1 (fr) Procédé destiné à protéger une carte à puce contre les utilisations non autorisées, carte à puce et terminal de carte à puce
DE19651518A1 (de) Verfahren und Vorrichtung zur Kommunikation
DE102005046844A1 (de) Kryptographische Sicherheit für Kommunikationssitzungen
EP1290905B1 (fr) Procede d'identification controlable par cryptographie d'une unite physique dans un reseau de telecommunication ouvert sans fil
DE69823334T2 (de) Gesichertes paketfunknetzwerk
EP3314868B1 (fr) Échange de données avec un laser ou une machine-outil
DE60034054T2 (de) Authentifizierung einer teilnehmerstation
DE60108905T2 (de) Anti-kloning-verfahren
WO2006094566A1 (fr) Deconnexion d'irp (points de reference d'integration)
EP1264502A1 (fr) Dispositif de surveillance pour des reseaux sans fil en champ proche
DE102005014194B4 (de) Lesegerät mit integrierter Kryptographieeinheit
DE102012008519A1 (de) Sicherung eines Energiemengenzählers gegen unbefugten Zugriff
EP4097948B1 (fr) Procédé pour le transfert de données et système de communication
DE102005016784B4 (de) Ferndiagnosesystem für Druckmaschinen
EP1277632A2 (fr) Procédé de commande à distance pour le verrouillage et/ou le déverrouillage d'un véhicule
EP2481183A1 (fr) Procédé pour établir un canal de communication sécurisé
DE102020128700A1 (de) System zur Authentifizierung eines Benutzers an einer Ladevorrichtung und zur Berichterstattung über die Verwendung derselben
EP1163559B1 (fr) Procede et dispositif permettant de securiser l'acces a un dispositif de traitement de donnees
EP1573688A2 (fr) Personnalisation d'un module de securite
DE19923174C1 (de) Verfahren zur gesicherten Übermittlung von geschützten Daten

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): NO US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001911442

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001911442

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2001911442

Country of ref document: EP