WO2005079036A1 - Device registration in a wireless multi-hop ad-hoc network - Google Patents

Device registration in a wireless multi-hop ad-hoc network Download PDF

Info

Publication number
WO2005079036A1
WO2005079036A1 PCT/EP2004/009057 EP2004009057W WO2005079036A1 WO 2005079036 A1 WO2005079036 A1 WO 2005079036A1 EP 2004009057 W EP2004009057 W EP 2004009057W WO 2005079036 A1 WO2005079036 A1 WO 2005079036A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
node
wireless
user
registration
Prior art date
Application number
PCT/EP2004/009057
Other languages
French (fr)
Inventor
Fritz Hohl
Ernö Kovacs
Original Assignee
Sony Deutschland Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Deutschland Gmbh filed Critical Sony Deutschland Gmbh
Priority to CN2004800417283A priority Critical patent/CN1918876B/en
Priority to US10/588,531 priority patent/US7573855B2/en
Priority to EP04764057A priority patent/EP1716686B1/en
Priority to JP2006553446A priority patent/JP2007523551A/en
Publication of WO2005079036A1 publication Critical patent/WO2005079036A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data

Definitions

  • the present invention refers to the field of device registration in a wireless network wherein wireless communication devices shall be allowed to participate to the network in a secure and easy-to-use way.
  • the registration process describes how new devices are allowed to participate to a network.
  • This process contains four roles: a wireless communication device that wishes to participate to the network Kirrequesting node,,), a node connected to the network that decides whether to allow the Huaweirequesting node,, to participate to the network or notbrakingallowing node,,), a Uberuserpour who, in some registration variants, sanctions the registration, and a possible poseattacker anger being able to interfere and to read messages exchanged between the Vietnameserequesting node,, and the Hopkinsallowing node,, during the authentication and registration process.
  • the problems involved with the registration process arise from its requirements that stem from different areas, namely the technical area, the human usage area, and the economic area.
  • An ideal registration process has to fulfill the following requirements:
  • the registering device and the device a user wants to be registered have to be identical. Thereby, the user specifies a device to be a deliciousrequesting node,, . When the registration process is finished and a new device can now participate to the network, it must be the device specified by the user and not another device. This requirement is important because the membership to a network might be associated with certain rights such as knowing sensitive data or being able to use certain resources.
  • the network the Huaweirequesting node wants to be registered to and the network it is registered to have to be identical. The user thereby specifies the network the noirrequesting node,, shall participate to.
  • the Hughesrequesting node When the registration process is finished, the Spotifyrequesting node, shall participate in the specified network, not another one. This requirement is important because other members of the network might also have certain rights on the new device. Third, masking attacks have to be precluded. While anacrequesting node, might later on be connected to the current network and the node itself might be specified by the user, an attack might be possible where an attacker between the Tharequesting node,, and the network relays the messages between these parties, thus being able to interfere and to read the communication. Fourth, an attacker must not be able to mask after the registration process as one of the participating nodes in the network.
  • a user interface for controlling the registration process has to be easy to use. This means that user actions to be executed should be easy to understand, easy to remember, and easy to execute.
  • the registration process should be able to cope with the existence of multiple networks, e.g. in case a node is currently in a network A and wants to register with a network B.
  • - WLAN (ad-hoc mode) : If the secure mode in the ad-hoc mode of 802.11-like wireless networks is used, a network name and a cryptographic key protect the network. In order to participate to the network which is protected in this way, the network name and the key have to be configured at the Huaweirequesting node,, . There is also the possibility to participate in a network without the need for any configuration. As a consequence, there is no cryptographic protection such that the default network name has to be used. Therefore, the resulting network is not secure, and multiple networks are not supported.
  • DECT In DECT (seeburyT-Sinus 512. Das schnurlose Kon. Mit SMS,, (DeutscheInstitut, Handbuch von DECT-Telefon T- Sinus 512, 10/2002 for a handbook of a typical contemporary DECT system) , a wireless network technology, a base station and a mobile phone register by choosing the base station by selecting its name in a list of base station names and entering the PIN number of the base station at the mobile phone. By pressing a 'paging' button at the base station, all mobile phones registered at this base station ring.
  • the present invention is basically dedicated to a method for registering a user's wireless communication device to a wireless multi-hop ad-hoc network and authenticating said user's identity before allowing said device to enter the network and participate in communication with wireless nodes connected to the network.
  • the invention allows a user to audio-visually verify the identity of the mobile or fixed device to be registered and of a mobile or immobile node that shall allow the device to register to the network.
  • each device participating in a wireless network scenario comprises five components: a wireless communication unit (WCU) , a distance measurement unit (DMU) , an audio/video output unit (AVOU) , a user interaction unit (UIU) , and a registration control unit (RCU) .
  • WCU wireless communication unit
  • DMU distance measurement unit
  • AVOU audio/video output unit
  • UOU user interaction unit
  • RCU registration control unit
  • each device contains a WCU that provides the communication between the devices.
  • the DMU is able to determine the distances of the local device to the other devices in the wireless multi-hop ad-hoc network.
  • the AVOU is able to play out a number of different signals. These signals may consist of a series of different audible elements, visible elements, or both.
  • the UIU allows the user to start a number of actions and to experience a variety of different states the device is in.
  • These actions comprise: entering a network without being in a network before, changing the network, querying the own current network, accepting a query of another device that wants to join to the own network, rejecting a query of another device which wants to join to the own network, and creating a new network.
  • the RCU controls the entire registration process from the viewpoint of the respective device .
  • the RCU uses the DMU and the WCU to determine the nearest niethylallowing node,,.
  • the RCU uses the WCU to send a registration request message to thisillerallowing node,, .
  • the RCU of the boss sends back a start test message to the RCU of the possiblyrequesting node,, using the WCU.
  • the suspendedallowing node plays out an audio-visual signal by using its AVOU.
  • the particularlyrequesting node After having received and decrypted the start test message, the possiblyrequesting node, also plays out a signal by using its AVOU. A user is thus able to verify that a signal is played out both at the Samuelallowing node,, and at the constituting node,, .
  • both nodes play out the same signal out of a broad range of possible signals, where "same" signal might refer to two different signals the user can recognize as a match.
  • the user starts the action Uberaccept query of another device to join my network, at the Arthurallowing node,, .
  • the RCU of the possiblyallowing node accepts the Samuelrequesting node,, to the network of the quiteallowing node,, .
  • the RCU then sends an acceptance message to the RCU of the possiblyrequesting node,, by using the WCU.
  • This special security problem consists of a scenario, where the control logic selected a node as the "allowing node” that is a member of the near-by network of an attacker.
  • the "requesting node” and the node in the attacker network play out the audio-visual signal.
  • the attacker presses the registration button at the "allowing node” in the attacker network and the "requesting node” is now a member of the attacker network. This hurts the security requirement, and the nodes in the attacker network might access resources of the "requesting node” .
  • the "requesting node” has to ask the user for a final sanction of the registration by awaiting the user starting the action "enter network without being in a network before” at the UIU of the "requesting node” again.
  • the "requesting node” signals to the user via the UIU that a final action is needed, e.g. by letting a button flash.
  • the user now decides whether he/she starts the action "enter network without being in a network before" (if he/she really sanctioned the registration at the "allowing node") or whether he/she simply waits some time until the UIU informs the user that another registration attempt can be done.
  • the "requesting node” removes all membership data and selects the next node as the "allowing node” . In this case, the "requesting node” cancels the registration attempt, and sends the registration request message to the new "allowing node” and continues as described above. In case the user pressed the button a second time, the registration process is now finished, and the Arthurrequesting node, is a part of the same network as the Samuelallowing node,, .
  • the user does not start any further action.
  • the RCU of the rougerequesting node registers the lack of an acceptance or rejection message after a certain time interval and stops the registration process.
  • the RCU of the handheldallowing node also registers the lack of a user action after said time interval and stops the registration process. The registration process is now finished, and the investigating node, is not part of the same network as the Samuelallowing node,, .
  • the user can press the action chassisenter network without being in a network before,, or the action instructchange network,, at the UIU of the Crurequesting node, again, thus selecting the second- nearest node asußallowing node,, .
  • the Stahlrequesting node uses the protocol to cancel the registration, then continues with sending the nowillerallowing node,, a registration request message and continues as described above. The user repeats this process until he/she sees and/or hears the signal played out at the sauallowing node,, the user wants to use. If the user does not start the action, the registration process times out as described above .
  • the RCU of the Ranrequesting node uses the protocol to signal to the environment that the registration process is finished and that now other registration processes can be started.
  • the present invention provides an effortless registration of a new device into the network while maintaining given security guarantees. From a commercial point of view this is an extremely important aspect for future wireless networks.
  • the invention and the prior art are compared with regard to a number of characteristics.
  • Fig. 1 shows a table wherein characteristics of conventional wireless standards according to the state of the art are compared to the present invention
  • Fig. 2 is a wireless ad-hoc scenario showing the system components of a wireless communication device that wishes to participate to a multi-hop ad-hoc network drasticting node,,) and a node that decides whether to allow a saurequesting node,, participating to a network or not Krebsallowing node,,),
  • Fig. 3 shows a UML interaction diagram illustrating the normal flow of the ensuring protocol according to the present invention
  • Fig. 4 shows a UML interaction diagram illustrating the normal flow of the registration protocol according to the present invention.
  • Fig. 5 shows two possible realizations of the user interaction unit (UIU) at the deliberatelyrequesting node,, according to the present invention.
  • UUI user interaction unit
  • One embodiment of the present invention refers to a method for registering a user's wireless communication device 201a before allowing said device 201a to enter a wireless multi- hop ad-hoc network and participate in communication with wireless nodes 201b+c connected to the network as depicted in Fig. 4.
  • said device 201a wirelessly transmits (Sla) a registration request message to all these wireless nodes 201b+c and determines the nearest wireless node 201b in its environment being authorized to register (S3a) said device 201a to the network.
  • the wireless communication device 201a In order to prevent man-in-the-middle-attacks, the wireless communication device 201a now starts a protocol that ensures that only the said device 201a can register at nodes in the environment for a certain time interval. To that end, said device 201a monitors the environment to detect other nodes. After a certain time interval, said device 201a sends out emissions messages" to the detected nodes. Only if all detected devices answer with a "yes" vote, the registration process is continued by said device 201a, else it is stopped.
  • the following steps are executed for registering the wireless communication device 201a to a wireless multi-hop ad-hoc network using the authorized wireless node 201b: First, said wireless communication device 201a wirelessly transmits (Sib' ) a request message to the wireless node 201b for demanding a public-key certificate proving the authentication of said wireless node 201b and their authorization for registering the wireless communication device 201a to said network. After that, said device 201a waits for wirelessly receiving (Sib'') a response message from the authorized wireless node 201b, said message containing the public-key certificate of said wireless node 201b.
  • a further aspect of the present invention pertains to an identification (S6) of registered devices 201b+c of a specific wireless multi-hop ad-hoc network by decrypting (S6a) and recognizing (S6b) a network-identifying signal generated by a wireless node 201b connected to said network.
  • This network-identifying signal can e.g. be a pure acoustic signal, a pure optical signal or an audio-visual signal.
  • a second embodiment of the invention specially refers to a wireless communication device 201a to be registered (S3a) to the wireless multi-hop ad-hoc network.
  • said device comprises the following components (cf. Fig. 2):
  • - processing means 208a for determining (Sib) the nearest wireless node 201b in the environment of the wireless communication device 201a being authorized to register (S3a) said device 201a to the network by evaluating wirelessly received response messages from said nodes 201b+c,
  • - decryption means 210a for decrypting (S2a) information wirelessly received from, audio-visually signaled and encrypted by the authorized wireless node 201b by means of a public/private key pair out of which the secret key is known to the wireless communication device 201a and the public key is known to the authorized wireless node 201b, and
  • a possible extension of the above-described method uses a dynamic audio/video signal, e.g. one that is randomly chosen for every registration attempt among a large space of possible signals.
  • This signal, chosen by the choirallowing node,, is then played both at the Schlallowing node,, and the Hopkinsrequesting node,,. This may mean that the signal is not played exactly in the same way at both devices (as their AVOUs might be realized differently) but in a similar way such that the user is able to recognize that both reproductions shall refer to the same signal.
  • the start test message contains a random signal description. This message is encrypted with the public key of the Crunning node,, thus allowing only the Arthurrequesting node, to know the content of the message.
  • the considerablyrequesting node plays out the signal specified in the start test message by using the AVOU. Now, the user verifies that the signal played out at the constituallowing node,, and the one at the constiturequesting node, refer to the same signal . - If the signal played out at the didacticallowing node, and the one at the constiturequesting node, do not refer to the same signal, the user either starts the actiontechnischreject query of another device to join my network,, at the Samuelallowing node,, or does not start any further action. If the user has started said action, the RCU of the noirallowing node,, sends a rejection message to the RCU of the noirrequesting node,, by using the WCU.
  • the RCU of the Ranking node registers the lack of an acceptance or rejection message after a certain time interval and stops the registration process.
  • the RCU of the rougeallowing node registers the lack of a user action after said time interval and stops the registration process. After that, the registration process is finished, and the Arthurrequesting node, is not part of the same network as the Samuelallowing node,, .
  • the extension described above can be improved by the following optional technique:
  • the Arthurrequesting node When sending the registration request message, the Arthurrequesting node, can put a list of its capabilities into the message. Said capabilities describe which type of multimedia data the node is able to display.
  • the authoring node Upon receiving the request, the authoring node can ensure that the signal it wants to play out matches the capabilities of the device.
  • this requires a general agreement on how to describe device capabilities. It can be e.g. as coarse-grained as differentiating audio and video or as fine- grained as considering media formats that can be played by the device.
  • the protocol between the requesting and entirelyallowing node can be modified in the following way:
  • the Crunning node can examine the provided spaciousrandom signal,,.
  • the device has no capability to play the signal, it can send a stiireject signal,, message back.
  • the Stahlallowing node sends a new message with a changed signal that might better fit to the other node capabilities.
  • the AVOUs of all nodes in the same network are used to play the same signal, such that the user can see which devices are currently a member of this network.
  • the RCU creates a new network containing this node as the only member.
  • ensuring protocol For the above-described method the use of a protocol, called ensuring protocol, is proposed that ensures that only one registration process is running. Such a protocol can be realized in different ways.
  • One of these protocols is illustrated by the interaction diagram depicted in Fig. 3. As shown in this figure, the presented protocol consists of three phases: First, all nodes in the neighborhood are stated and their public key certificates are retrieved. Second, a special voting protocol is used to ensure that all of the nodes in the neighborhood are aware of the currently executed registration process. Finally, the perhapsstop phase, informs all the participating nodes about the end of the currently executed registration process and ensures that another process can be started again. The first phase is called the "initial phase".
  • every node acting as a einrequesting node ensures that it is fulfilling this role only for one registration process at a time.
  • the Stahl requesting node surveys the neighborhood for a certain time period in order to state all nodes of this neighborhood.
  • the neighborhood of a node consists of all nodes this node can communicate with directly.
  • the time period is e.g. of such a length that all nodes have to send their beacons at least once.
  • the decisively sends a predominantlyrequest for voting,, message to every stated node in the neighborhood.
  • This message consists of a plausiblerequest for voting,, message ID, the ID of the volleyballrequest- ing node,,, a random secret value specific for the Indeedvoting phase,,, and the public key certificate of the Actuallyrequesting node,,, all encrypted with the public key of the corresponding receiver.
  • Each receiver decrypts this message and sends a knewresponseflower message.
  • This response contains theticianresponseflower message ID, the ID of the perhapsrequesting node,,, the answer (i.e. ⁇ yes' or v no') and the secret value of the Wegrequest for voting,, message.
  • the answer of a receiver is 'yes' if the receiver is not aware of any other registration currently ongoing, and ⁇ no' else.
  • the maybesponseflower message, encrypted with the public key of the réellerequesting node,, is sent back to the Samuelrequesting node,, .
  • the triedrequesting node then decrypts the josresponseen messages. If all votes are 'yes', the protocol states that only one registration process is currently executed and signals this to the registration process (which is then continued) .
  • the Getrequesting node If there is at least one ⁇ no' vote or if not all votes can be gathered in a certain time period, the carefullyrequesting node, sends out emissions from the atmosphere (see below), waits a random time interval and tries again to start the navalvoting phase,, while during the waiting interval states possible additional nodes. If a certain number of investigatedvoting phases,, fail, the entire protocol process is canceled and an error message is returned (thus also canceling the registration process that waits on this protocol process) .
  • a complete registration mechanism has to state how it realizes the following use cases. In the following sections it is briefly described how the present invention is covering these use cases .
  • this use case is equal to the use case imparting the network,, .
  • the point is that it is unlikely that a network is changed without an intention, as several actions have to be done in the correct order.
  • this use case is equal to the use case solicitentering a network without being in a network before,, .
  • the point is that it is unlikely that a network is entered without an intention, as several actions have to be done in the correct order.
  • ⁇ . . . ⁇ PK ⁇ denotes some data encrypted with the public key of node X. This means that only node X is able to decrypt the data by using his/her secret key, and
  • ⁇ . . . ⁇ SK X denotes some data signed with the secret key of node X. This means that everybody is able to decrypt this message, but only node X can have created it.
  • key certificate request message key certificate response message
  • registration request message registration request message
  • start test message start test message
  • acceptance message acceptance message
  • the key certificate request message contains the message ID (i.e. KEY CERTIFICATE REQUEST MESSAGE), the ID of the sauallowing node,, (from whom the key certificate is needed), and the ID of the perhapsrequesting node,, (to whom the key certificate shall be sent) :
  • This message can also be part of another protocol, e.g. a PKI protocol.
  • the key certificate response message contains the message ID (i.e. KEY CERTIFICATE RESPONSE MESSAGE), and the key certificate of the possiblyallowing node,, containing the public key of the sauallowing node,, signed by a certain authority whose signature can be checked by any node.
  • message ID i.e. KEY CERTIFICATE RESPONSE MESSAGE
  • Allowing node > Requesting node: (message id, key certificate a ⁇ ow ⁇ ng node)
  • This message can also be part of another protocol, e.g. a PKI protocol .
  • the registration request message contains two parts.
  • the first part is the key certificate of the deliberatelyrequesting node,, .
  • the second part consists of the message ID (i.e. REGISTRATION REQUEST MESSAGE) , the ID of the perhapsrequesting node,,, and a random value.
  • This second part is encrypted with the public key of the possiblyrequesting node,,, i.e. the receiver, thus allowing only the mecanicallowing node,, to read the content of the message.
  • Requesting node > Allowing node: (key certificate reqU est-.ng node/ ⁇ ⁇ message ID, requesting node ID, random value ⁇ -Slender)
  • This message again is signed by the sender (by using its secret key) .
  • the Anlagenallowing node must not react to such messages where the foundedrequesting node, ID differs from the ID in the key certificate or differs from the ID the Samuelallowing node,, has voted for in the ensuring protocol.
  • the key certificate part can be omitted and replaced by message of the PKI protocol.
  • the start test message contains the message ID (i.e. START TEST MESSAGE), an optional random signal description, i.e. a value describing the test signal, and the random value received in the Registration Request Message. If existing, the signal description value is chosen randomly among a suitably large value space (in order to prevent that the attacker tries to guess the value) .
  • the message is encrypted with the public key of the Arthurrequesting node,, i.e. the receiver, thus allowing only the Arthurrequesting node,, to read the content of the message.
  • Allowing node > Requesting node: ( ⁇ ⁇ message ID [ , signal description] , random value ⁇ PK rece ⁇ ve r J )
  • This message again is signed by the sender (by using its secret key) .
  • the acceptance message contains the message ID (i.e. ACCEPTANCE MESSAGE) , some participation data, and the random value received in the registration request message. Allowing node — > Requesting node: ( ⁇ message ID, participation data, random value ⁇ PK recelve r J fc' g nder )
  • the participation data allows theticianrequesting node, to participate to the network of the rougeallowing node,,.
  • this data can differ.
  • the participation data contains this key.
  • this participation data contains the passport, and so on.
  • the message is encrypted with the public key of the Crurequesting node,, i.e. the receiver, thus allowing only the mecanicrequesting node, to read the content of the message. This message again is signed by the sender (by using its secret key) .
  • buttons there are several possibilities to realize the actions performed in the UIU.
  • One possibility is to provide basically one button per action (see Fig. 5a).
  • Another possibility is to use only two buttons: an on/off switch and a towardsnetwork button, with two states, visualized e.g. by a light inside the button (see Fig. 5b for the two buttons in the unlit state and Fig. 5c for the two buttons in the lit state) .
  • two states visualized e.g. by a light inside the button
  • Fig. 5b for the two buttons in the unlit state
  • Fig. 5c for the two buttons in the lit state
  • the registration process starts when the user presses the Roomregistration" button at the requesting node.
  • the system now selects a node in the environment that is already member of a a priori different network as the allowing node. If there are different nodes that could be used for this purpose, the selection criteria can be for example a minimum in the number of hops to that node or, if available, the minimum distance to a node.
  • both the requesting and the allowing node audio-visually signal to the user that a registration is possible, for example by letting the display blink and by emitting some sound. If the allowing device that signals is not the one the user wants to use, he/she presses the registration button at the requesting node again.
  • the user does not see any allowing device signalling, e.g. because the system selected the stereo in the other flat.
  • the system now selects another device at the allowing node, and again both devices signal this fact to the user. If now the allowing device was selected the user wanted to use, he/she presses the choirregistration" button at the allowing device. Afterwards, the requesting device is a member of the network of the allowing device.
  • a public key cryptosystem can be used (either directly for encryption or, as it is done normally for enhancing the performance, for encrypting a symmetric session key that is used for symmetric encryption and decryption of data) .
  • This aspect also concerns required public key certificates as mentioned above.
  • any public key cryptosystem such as RSA or El- Gamal available on the market can be used.
  • a symmetric cryptosystem e.g. AES
  • AES symmetric cryptosystem
  • all occurrences of "encryption with a public key” and “decryption with a private key” have to be replaced by a “generate and exchange a key for a secure connection between A and B" , a “encryption with the generated key”, and “decryption with the generated key”, respectively.
  • occurrences of "sending a Public Key Certificate” can be replaced by a “generate and exchange a key for a secure connection between A and B” .
  • For key exchange e.g. a (known) Diffie-Hellmann mechanism can be used.
  • the DMU Different techniques can be employed in order to measure the distance between two nodes in the wireless ad-hoc network. If the wireless transmission technology already allows distance measurements of the needed accuracy (here the requirement is that, prior to the registration, the different other nodes can be ordered according to their distance to a certain node) , normally this possibility will be used. In other cases, e.g. the following technology can be used for any of the signal propagation techniques radio and ultrasonic sound: - Time Of Arrival (ToA) Measurements: For ToA measurements one device measures the time it takes for a signal from another device to this device. This time period is then calculated into a distance . In order to be able to measure this time, the clocks of these two devices need to be as synchronous as possible. Terms and Definitions
  • UUIU User Interaction Unit
  • AVOU Audio/Video Output Unit
  • DMU Distance Measurement Unit
  • DMU Distance Measurement Unit
  • WCU Wireless Communication Unit
  • WCU Wireless Communication Unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

In a wireless multi-hop ad-hoc network a wireless communication device (201a) shall be enabled to register with a multi-hop network in a secure and easy-to-use way. One embodiment refers to a method for registering a user’s wireless communication device (201a) before allowing said device (201a) to enter a wireless multi-hop ad-hoc network and participate in communication with wireless nodes (201b+c) connected to the network. For this purpose, said device (201a) wirelessly transmits (S1a) a registration request message to all these wireless nodes (201b+c) and determines (S1b) the nearest wireless node (201b) in its environment being authorized to register (S3a) said device (201a) to the network by evaluating wirelessly received response messages from said nodes (201b+c). In order to prevent man-in-the­ middle-attacks, said device 201a starts a protocol that ensures that not other registration is executed at all devices in the neighborhood of said device 201a before continuing. The device (201a) then identifies (S2) itself towards the user by decrypting (S2a) and audio-visually signaling (S2b) information wirelessly received (S2c) from, audio-visually signaled (S2b') and encrypted (S2a') by the authorized wireless node 201b. The said node 201b also identifies itself towards the user by an audio-visual signal. If the user has verified that the two devices that signal are the two devices he/she intended to use, he/she sanctions the registration at the said device 201b. The authorized wireless node 201b then registers (S3a) said device 201a so said device 201a becomes a member of said wireless network.

Description

Device Registration in a Wireless Multi-Hop Ad-hoc Network
FIELD AND BACKGROUND OF THE INVENTION
The present invention refers to the field of device registration in a wireless network wherein wireless communication devices shall be allowed to participate to the network in a secure and easy-to-use way.
In the field of wireless multi-hop ad-hoc networks the registration process describes how new devices are allowed to participate to a network. This process contains four roles: a wireless communication device that wishes to participate to the network („requesting node,,), a node connected to the network that decides whether to allow the „requesting node,, to participate to the network or not („allowing node,,), a „user„ who, in some registration variants, sanctions the registration, and a possible „attacker„ being able to interfere and to read messages exchanged between the „requesting node,, and the „allowing node,, during the authentication and registration process. The problems involved with the registration process arise from its requirements that stem from different areas, namely the technical area, the human usage area, and the economic area.
An ideal registration process has to fulfill the following requirements:
- Security: For achieving security of registration, the following requirements have to be fulfilled. First, the registering device and the device a user wants to be registered have to be identical. Thereby, the user specifies a device to be a „requesting node,, . When the registration process is finished and a new device can now participate to the network, it must be the device specified by the user and not another device. This requirement is important because the membership to a network might be associated with certain rights such as knowing sensitive data or being able to use certain resources. Second, the network the „requesting node,, wants to be registered to and the network it is registered to have to be identical. The user thereby specifies the network the „requesting node,, shall participate to. When the registration process is finished, the „requesting node,, shall participate in the specified network, not another one. This requirement is important because other members of the network might also have certain rights on the new device. Third, masking attacks have to be precluded. While a „requesting node,, might later on be connected to the current network and the node itself might be specified by the user, an attack might be possible where an attacker between the „requesting node,, and the network relays the messages between these parties, thus being able to interfere and to read the communication. Fourth, an attacker must not be able to mask after the registration process as one of the participating nodes in the network.
- Ease of use: In order to also allow users without special computer skills to do the registration (thus broaden the market for corresponding devices), a user interface for controlling the registration process has to be easy to use. This means that user actions to be executed should be easy to understand, easy to remember, and easy to execute.
- Support of multiple networks: The registration process should be able to cope with the existence of multiple networks, e.g. in case a node is currently in a network A and wants to register with a network B.
- Low probability of an unwanted registration: Especially in case of multiple networks, there might be the situation that the device is in a network A and suddenly comes also into the range of another network B (e.g. when a user carrying a mobile device is walking in a train) . In these situations the registration process should not automatically start, thus either automatically entering network B or putting a burden on the user to cancel a registration .
- Minimal additional hardware means: In order to have lower production costs, hardware means that are needed for the registration process and that would not be a part of the device without the registration should be minimal.
- Self-contained devices: Finally, in order to allow also wireless ad-hoc networks of devices without the user interactions means of PCs or PDAs, said registration should be done using existing means in these devices themselves. This means that the devices should be self-contained in terms of registration.
BRIEF DESCRIPTION OF THE PRESENT STATE OF THE ART
- WLAN (ad-hoc mode) : If the secure mode in the ad-hoc mode of 802.11-like wireless networks is used, a network name and a cryptographic key protect the network. In order to participate to the network which is protected in this way, the network name and the key have to be configured at the „requesting node,, . There is also the possibility to participate in a network without the need for any configuration. As a consequence, there is no cryptographic protection such that the default network name has to be used. Therefore, the resulting network is not secure, and multiple networks are not supported.
- Bluetooth: The registration (also called „pairing„ as it is a relation between two devices in the Bluetooth area) requires to type in a user-selected passcode to both devices before they can be paired. While this solution is reasonably secure, it requires the user to know how pairing works to find the pairing control in each of the two devices and to enter the passcode in each of the devices. To this end, each device needs a means to enter at least a number. Pairing can also be switched off, which results in a network that is not secured in this aspect.
- DECT: In DECT (see „T-Sinus 512. Das schnurlose Telefon. Mit SMS,, (Deutsche Telekom, Handbuch zum DECT-Telefon T- Sinus 512, 10/2002 for a handbook of a typical contemporary DECT system) , a wireless network technology, a base station and a mobile phone register by choosing the base station by selecting its name in a list of base station names and entering the PIN number of the base station at the mobile phone. By pressing a 'paging' button at the base station, all mobile phones registered at this base station ring.
OBJECT OF THE PRESENT INVENTION
It is the object of the present invention to provide a registration technique which allows wireless devices to participate to a wireless multi-hop ad-hoc network in a secure and easy-to-use manner.
This object is achieved by means of the features of the independent claims. Advantageous features are defined in the dependent claims. Further objects and advantages of the invention are apparent in the detailed description which follows .
SUMMARY OF THE INVENTION
The present invention is basically dedicated to a method for registering a user's wireless communication device to a wireless multi-hop ad-hoc network and authenticating said user's identity before allowing said device to enter the network and participate in communication with wireless nodes connected to the network. For this registration process the invention allows a user to audio-visually verify the identity of the mobile or fixed device to be registered and of a mobile or immobile node that shall allow the device to register to the network.
To solve the registration problem described above, each device participating in a wireless network scenario comprises five components: a wireless communication unit (WCU) , a distance measurement unit (DMU) , an audio/video output unit (AVOU) , a user interaction unit (UIU) , and a registration control unit (RCU) . As the network is wireless, each device contains a WCU that provides the communication between the devices. The DMU is able to determine the distances of the local device to the other devices in the wireless multi-hop ad-hoc network. The AVOU is able to play out a number of different signals. These signals may consist of a series of different audible elements, visible elements, or both. The UIU allows the user to start a number of actions and to experience a variety of different states the device is in.
These actions comprise: entering a network without being in a network before, changing the network, querying the own current network, accepting a query of another device that wants to join to the own network, rejecting a query of another device which wants to join to the own network, and creating a new network. The RCU, finally, controls the entire registration process from the viewpoint of the respective device .
When the user starts the action „enter network without being in a network before,, or the action „change network,, at the UIU of the „requesting node,,, the RCU uses the DMU and the WCU to determine the nearest „allowing node,,. The RCU uses the WCU to send a registration request message to this „allowing node,, .
In order to make the registration process secure, only one registration process in one environment (i.e. a network plus all „requesting nodes,, around this network) is allowed at a time. In order to achieve that, the RCU of the „requesting node,, starts the protocol that ensures that only one registration process is running. This protocol sends messages to all nodes in the environment. After having ensured this, the registration process is continued. From this point of time on only the „requesting node,, with which the currently allowed registration process is associated is accepted by the other devices participating in the registration process.
The RCU of the „allowing node,, sends back a start test message to the RCU of the „requesting node,, using the WCU.
Then, the „allowing node,, plays out an audio-visual signal by using its AVOU. After having received and decrypted the start test message, the „requesting node,, also plays out a signal by using its AVOU. A user is thus able to verify that a signal is played out both at the „allowing node,, and at the „requesting node,, .
Optionally, instead of merely using possibly different signals at the „allowing node,, and the „requesting node,,, both nodes play out the same signal out of a broad range of possible signals, where "same" signal might refer to two different signals the user can recognize as a match.
If this is the case, the user starts the action „accept query of another device to join my network,, at the „allowing node,, . In this case, the RCU of the „allowing node,, accepts the „requesting node,, to the network of the „allowing node,, . The RCU then sends an acceptance message to the RCU of the „requesting node,, by using the WCU.
In principle now the "requesting node" could enter the network, i.e. act as a member. However, a special security problem can arise then. This special security problem consists of a scenario, where the control logic selected a node as the "allowing node" that is a member of the near-by network of an attacker. The "requesting node" and the node in the attacker network play out the audio-visual signal. The attacker presses the registration button at the "allowing node" in the attacker network and the "requesting node" is now a member of the attacker network. This hurts the security requirement, and the nodes in the attacker network might access resources of the "requesting node" .
Therefore, in order to prevent this security problem, the "requesting node" has to ask the user for a final sanction of the registration by awaiting the user starting the action "enter network without being in a network before" at the UIU of the "requesting node" again. To that end the "requesting node" signals to the user via the UIU that a final action is needed, e.g. by letting a button flash. The user now decides whether he/she starts the action "enter network without being in a network before" (if he/she really sanctioned the registration at the "allowing node") or whether he/she simply waits some time until the UIU informs the user that another registration attempt can be done. In case of no user action in this time interval the "requesting node" removes all membership data and selects the next node as the "allowing node" . In this case, the "requesting node" cancels the registration attempt, and sends the registration request message to the new "allowing node" and continues as described above. In case the user pressed the button a second time, the registration process is now finished, and the „requesting node,, is a part of the same network as the „allowing node,, .
If there is a signal played out at the „allowing node,, and none at the „requesting node,,, the user does not start any further action. In this case, the RCU of the „requesting node,, registers the lack of an acceptance or rejection message after a certain time interval and stops the registration process. In this case, the RCU of the „allowing node,, also registers the lack of a user action after said time interval and stops the registration process. The registration process is now finished, and the „requesting node,, is not part of the same network as the „allowing node,, .
If there is a signal played out at the „requesting node,, and none at the „allowing node,, the user intends to use, the user can press the action „enter network without being in a network before,, or the action „change network,, at the UIU of the „requesting node,, again, thus selecting the second- nearest node as „allowing node,, . In this case, the „requesting node,, uses the protocol to cancel the registration, then continues with sending the now „allowing node,, a registration request message and continues as described above. The user repeats this process until he/she sees and/or hears the signal played out at the „allowing node,, the user wants to use. If the user does not start the action, the registration process times out as described above .
When the registration process is finished, the RCU of the „requesting node,, uses the protocol to signal to the environment that the registration process is finished and that now other registration processes can be started.
The most advantageous difference between the invention and the state of the art is that the present invention provides an effortless registration of a new device into the network while maintaining given security guarantees. From a commercial point of view this is an extremely important aspect for future wireless networks. In contrast to the prior art, this especially means that the invention allows users to register a mobile or immobile device to a wireless ad-hoc network by using a mechanism that allows a user to audio- visually verify the identity of the device to be registered and of the mobile or immobile device that shall allow the device to be registered to the network without the need for the user to enter a secret code to any of these two devices . In Fig. 1, the invention and the prior art are compared with regard to a number of characteristics.
BRIEF DESCRIPTION OF THE DRAWINGS
Further advantages and possible applications of the present invention result from the subordinate claims as well as from the following description of the preferred embodiment of the invention which is depicted in the following drawings:
Fig. 1 shows a table wherein characteristics of conventional wireless standards according to the state of the art are compared to the present invention, Fig. 2 is a wireless ad-hoc scenario showing the system components of a wireless communication device that wishes to participate to a multi-hop ad-hoc network („requesting node,,) and a node that decides whether to allow a „requesting node,, participating to a network or not („allowing node,,),
Fig. 3 shows a UML interaction diagram illustrating the normal flow of the ensuring protocol according to the present invention,
Fig. 4 shows a UML interaction diagram illustrating the normal flow of the registration protocol according to the present invention, and
Fig. 5 shows two possible realizations of the user interaction unit (UIU) at the „requesting node,, according to the present invention.
DETAILED DESCRIPTION OF THE PRESENT INVENTION
In the following, the preferred embodiment of the present invention as depicted in Figs. 1 to 5 shall be explained in detail. The meaning of the depicted symbols and their corresponding reference signs can be taken from an annexed table .
One embodiment of the present invention refers to a method for registering a user's wireless communication device 201a before allowing said device 201a to enter a wireless multi- hop ad-hoc network and participate in communication with wireless nodes 201b+c connected to the network as depicted in Fig. 4. For this purpose, said device 201a wirelessly transmits (Sla) a registration request message to all these wireless nodes 201b+c and determines the nearest wireless node 201b in its environment being authorized to register (S3a) said device 201a to the network.
In order to prevent man-in-the-middle-attacks, the wireless communication device 201a now starts a protocol that ensures that only the said device 201a can register at nodes in the environment for a certain time interval. To that end, said device 201a monitors the environment to detect other nodes. After a certain time interval, said device 201a sends out „voting messages" to the detected nodes. Only if all detected devices answer with a "yes" vote, the registration process is continued by said device 201a, else it is stopped.
In case the registration process continues, the following steps are executed for registering the wireless communication device 201a to a wireless multi-hop ad-hoc network using the authorized wireless node 201b: First, said wireless communication device 201a wirelessly transmits (Sib' ) a request message to the wireless node 201b for demanding a public-key certificate proving the authentication of said wireless node 201b and their authorization for registering the wireless communication device 201a to said network. After that, said device 201a waits for wirelessly receiving (Sib'') a response message from the authorized wireless node 201b, said message containing the public-key certificate of said wireless node 201b.
In case the wireless communication device 201a and/or the wireless node 201b register (S5a) the lack of an acceptance or rejection message after a preprogrammed time interval has expired, the authentication and registration process will be terminated (S5b) . A further aspect of the present invention pertains to an identification (S6) of registered devices 201b+c of a specific wireless multi-hop ad-hoc network by decrypting (S6a) and recognizing (S6b) a network-identifying signal generated by a wireless node 201b connected to said network. This network-identifying signal can e.g. be a pure acoustic signal, a pure optical signal or an audio-visual signal.
A second embodiment of the invention specially refers to a wireless communication device 201a to be registered (S3a) to the wireless multi-hop ad-hoc network. Thereby, said device comprises the following components (cf. Fig. 2):
- user interaction and control means 202a and 206a for controlling the registration and authentication process,
- processing means 208a for determining (Sib) the nearest wireless node 201b in the environment of the wireless communication device 201a being authorized to register (S3a) said device 201a to the network by evaluating wirelessly received response messages from said nodes 201b+c,
- decryption means 210a for decrypting (S2a) information wirelessly received from, audio-visually signaled and encrypted by the authorized wireless node 201b by means of a public/private key pair out of which the secret key is known to the wireless communication device 201a and the public key is known to the authorized wireless node 201b, and
- signaling means 204a for audio-visually signaling (S2b) said information to authenticate the identity of the wireless communication device 201a. Instead of using a single static signal at the „ requesting node,, and at the „allowing node,,, a possible extension of the above-described method uses a dynamic audio/video signal, e.g. one that is randomly chosen for every registration attempt among a large space of possible signals. This signal, chosen by the „allowing node,,, is then played both at the „allowing node,, and the „requesting node,,. This may mean that the signal is not played exactly in the same way at both devices (as their AVOUs might be realized differently) but in a similar way such that the user is able to recognize that both reproductions shall refer to the same signal.
As a result of this extension, security is enhanced as it is not enough for an attacker to find a way to let the allowing or the „requesting node,, play the signal. Instead, he/she has to find a way to play the right signal at the corresponding node .
In order to realize this extension, the above-described mechanism can be extended as follows:
- The start test message contains a random signal description. This message is encrypted with the public key of the „requesting node,,, thus allowing only the „requesting node,, to know the content of the message.
- After having received and decrypted the start test message, the „requesting node,, plays out the signal specified in the start test message by using the AVOU. Now, the user verifies that the signal played out at the „allowing node,, and the one at the „requesting node,, refer to the same signal . - If the signal played out at the „allowing node,, and the one at the „requesting node,, do not refer to the same signal, the user either starts the action „reject query of another device to join my network,, at the „allowing node,, or does not start any further action. If the user has started said action, the RCU of the „allowing node,, sends a rejection message to the RCU of the „requesting node,, by using the WCU. If the user has not started any action, the RCU of the „requesting node,, registers the lack of an acceptance or rejection message after a certain time interval and stops the registration process. In this case, also the RCU of the „allowing node,, registers the lack of a user action after said time interval and stops the registration process. After that, the registration process is finished, and the „requesting node,, is not part of the same network as the „allowing node,, .
According to the described extension, all devices have the same capability of playing a given sound or displaying a text or an image. Unfortunately, giving today's vast range of consumer electronics equipment and appliances, this might not be the case. Therefore, registration might fail because a device is not able to play the signal provided by the authoring node.
The extension described above can be improved by the following optional technique: When sending the registration request message, the „requesting node,, can put a list of its capabilities into the message. Said capabilities describe which type of multimedia data the node is able to display. Upon receiving the request, the authoring node can ensure that the signal it wants to play out matches the capabilities of the device. Of course, this requires a general agreement on how to describe device capabilities. It can be e.g. as coarse-grained as differentiating audio and video or as fine- grained as considering media formats that can be played by the device. Alternatively, the protocol between the requesting and „allowing node,, can be modified in the following way: When receiving the reply from the „allowing node,,, the „requesting node,, can examine the provided „random signal,,. In case the device has no capability to play the signal, it can send a „reject signal,, message back. In this case, the „allowing node,, sends a new message with a changed signal that might better fit to the other node capabilities.
After the user has started the action „query my current network,, in the UIU of a wireless node, the AVOUs of all nodes in the same network are used to play the same signal, such that the user can see which devices are currently a member of this network.
After the user has started the action „create a new network,, in the UIU of a node, the RCU creates a new network containing this node as the only member.
For the above-described method the use of a protocol, called ensuring protocol, is proposed that ensures that only one registration process is running. Such a protocol can be realized in different ways. One of these protocols is illustrated by the interaction diagram depicted in Fig. 3. As shown in this figure, the presented protocol consists of three phases: First, all nodes in the neighborhood are stated and their public key certificates are retrieved. Second, a special voting protocol is used to ensure that all of the nodes in the neighborhood are aware of the currently executed registration process. Finally, the „stop phase,, informs all the participating nodes about the end of the currently executed registration process and ensures that another process can be started again. The first phase is called the "initial phase". As a prerequisite, every node acting as a „requesting node,, ensures that it is fulfilling this role only for one registration process at a time. In order to start the protocol, the „ requesting node,, surveys the neighborhood for a certain time period in order to state all nodes of this neighborhood. The neighborhood of a node consists of all nodes this node can communicate with directly. In a beacon- based wireless ad-hoc network, the time period is e.g. of such a length that all nodes have to send their beacons at least once.
After having stated the neighborhood, the „requesting node,, queries a public key certificate for every stated node if this certificate is not already contained in the corresponding beacon. This query can be done by using the corresponding node itself or by (at least partially) using another node that stores these certificates. Now the „voting phase,, can be entered.
In the second phase that is the "voting phase", the „requesting node,, sends a „request for voting,, message to every stated node in the neighborhood. This message consists of a „request for voting,, message ID, the ID of the „request- ing node,,, a random secret value specific for the „voting phase,,, and the public key certificate of the „requesting node,,, all encrypted with the public key of the corresponding receiver.
Each receiver decrypts this message and sends a „response„ message. This response contains the „response„ message ID, the ID of the „requesting node,,, the answer (i.e. λyes' or vno') and the secret value of the „request for voting,, message. The answer of a receiver is 'yes' if the receiver is not aware of any other registration currently ongoing, and λno' else. The „response„ message, encrypted with the public key of the „requesting node,,, is sent back to the „requesting node,, .
The „requesting node,, then decrypts the „response„ messages. If all votes are 'yes', the protocol states that only one registration process is currently executed and signals this to the registration process (which is then continued) .
All nodes that have voted for one registration process must react only to such registration protocol messages where the ID of the „requesting node,, is equal to the ID of the „requesting node,, in the ensuring protocol (cf. ID-A in Fig. 3) .
If there is at least one λno' vote or if not all votes can be gathered in a certain time period, the „requesting node,, sends out „over„ messages (see below), waits a random time interval and tries again to start the „voting phase,, while during the waiting interval states possible additional nodes. If a certain number of „voting phases,, fail, the entire protocol process is canceled and an error message is returned (thus also canceling the registration process that waits on this protocol process) .
In the third and last phase that is the "stop phase", when the registration process is finished, the „requesting node,, sends „over„ messages to all nodes in the neighborhood. These messages are encrypted again with the public key of the corresponding receivers and contain the ID of the „requesting node,,, the secret value from the „request for voting,, message and an „over„ message ID. After having received this message, each node can vote again for another registration process. This state at each node is also reached when a certain time interval after each 'yes' vote is passed without a message concerning this registration process.
A complete registration mechanism has to state how it realizes the following use cases. In the following sections it is briefly described how the present invention is covering these use cases .
— Entering a network without being in a network before: This use case is started with the action „enter network without being in a network before,, . It is done unless the intended „allowing node,, is used. The registration mechanism is continued with use case „accept a new device,, or „reject a new device,, .
- Changing the network: This use case is started with the action „change network,, . It is done again unless the intended „allowing node,, is used. The registration mechanism is continued with use case „accepting a new device,, or „rejecting a new device,, .
- Unintentionally changing the network: This is a negative use case, i.e. an unwanted one. In the present invention, this use case is equal to the use case „changing the network,, . The point is that it is unlikely that a network is changed without an intention, as several actions have to be done in the correct order.
- Unintentionally entering a network: This is a negative use case, i.e. an unwanted one. In the present invention, this use case is equal to the use case „entering a network without being in a network before,, . The point is that it is unlikely that a network is entered without an intention, as several actions have to be done in the correct order.
- Maintaining the network: In this use case a user simply switches on his/her device as normal.
- Querying the currently used network: This use case is started with the action „query my current network,, .
- Accepting a new device: This use case is started with the action „accept query of another device to join my network,,.
- Rejecting a new device: This use case is started with the action „reject query of another device to join my network,,.
- Creating a new network: This use case is started with the action „create a new network,, .
In the following section the aforementioned messages, which are used for the proposed registration protocol, will be examined further. Thereby, the following notation is used:
(...) denotes a message, { . . . }PKχ denotes some data encrypted with the public key of node X. This means that only node X is able to decrypt the data by using his/her secret key, and
{ . . . } SKX denotes some data signed with the secret key of node X. This means that everybody is able to decrypt this message, but only node X can have created it.
In the following, five method types which are used in the proposed registration protocol according to the present invention shall briefly be described: key certificate request message, key certificate response message, registration request message, start test message, and acceptance message.
- The key certificate request message contains the message ID (i.e. KEY CERTIFICATE REQUEST MESSAGE), the ID of the „allowing node,, (from whom the key certificate is needed), and the ID of the „requesting node,, (to whom the key certificate shall be sent) :
Requesting node —> Allowing node: (message ID, allowing node ID, requesting node ID)
In principle, any node that knows this key certificate can answer to this request. This message can also be part of another protocol, e.g. a PKI protocol.
- The key certificate response message contains the message ID (i.e. KEY CERTIFICATE RESPONSE MESSAGE), and the key certificate of the „allowing node,, containing the public key of the „allowing node,, signed by a certain authority whose signature can be checked by any node.
Allowing node —> Requesting node: (message id, key certificateaιιowιng node)
This message can also be part of another protocol, e.g. a PKI protocol .
- The registration request message contains two parts. The first part is the key certificate of the „requesting node,, . The second part consists of the message ID (i.e. REGISTRATION REQUEST MESSAGE) , the ID of the „requesting node,,, and a random value. This second part is encrypted with the public key of the „requesting node,,, i.e. the receiver, thus allowing only the „allowing node,, to read the content of the message. Requesting node —> Allowing node: (key certificatereqUest-.ng node/ { {message ID, requesting node ID, random value}
Figure imgf000022_0001
-Slender)
This message again is signed by the sender (by using its secret key) . The „allowing node,, must not react to such messages where the „requesting node,, ID differs from the ID in the key certificate or differs from the ID the „allowing node,, has voted for in the ensuring protocol. Please note that by e.g. the use of a more general PKI protocol, the key certificate part can be omitted and replaced by message of the PKI protocol.
- The start test message contains the message ID (i.e. START TEST MESSAGE), an optional random signal description, i.e. a value describing the test signal, and the random value received in the Registration Request Message. If existing, the signal description value is chosen randomly among a suitably large value space (in order to prevent that the attacker tries to guess the value) . The message is encrypted with the public key of the „requesting node,,, i.e. the receiver, thus allowing only the „requesting node,, to read the content of the message.
Allowing node —> Requesting node: ( { {message ID [ , signal description] , random value} PKreceιver J
Figure imgf000023_0001
)
This message again is signed by the sender (by using its secret key) .
The acceptance message contains the message ID (i.e. ACCEPTANCE MESSAGE) , some participation data, and the random value received in the registration request message. Allowing node — > Requesting node: ({{message ID, participation data, random value} PKrecelver J fc' g nder )
The participation data allows the „requesting node,, to participate to the network of the „allowing node,,. Depending on the security mechanisms the wireless ad-hoc network uses, this data can differ. In a network where e.g. a commonly known key is the secret every member of this network shares, the participation data contains this key. In a network that is based on a „passport„ system, this participation data contains the passport, and so on. The message is encrypted with the public key of the „requesting node,,, i.e. the receiver, thus allowing only the „requesting node,, to read the content of the message. This message again is signed by the sender (by using its secret key) .
There are several possibilities to realize the actions performed in the UIU. One possibility is to provide basically one button per action (see Fig. 5a). Another possibility is to use only two buttons: an on/off switch and a „network button,, with two states, visualized e.g. by a light inside the button (see Fig. 5b for the two buttons in the unlit state and Fig. 5c for the two buttons in the lit state) . In the following, it is briefly described how the aforementioned actions could be mapped to uses of these two buttons.
- „Enter network without being in a network before,, : For executing this action, a user has to press the „network button,, once when the light is off.
- „Change network,, : For executing this action, a user has to press the „network button,, once when the light is off.
- „Query my current network,, : For executing this action, a user has to keep pressing the „network„ button when the light is off.
- „Accept query of another device to join my network,,: For this purpose, a user has to press the „network button,, once when the light is off.
- „Reject query of another device to join my network,,: In this case, nothing has to be done.
- „Create a new network,, : For executing this action, a user has to simultaneously press the on/off switch and the „network button,, when the light is off.
In the following, the registration approach according to the present invention will be illustrated from a user's point of view in connection with the user interaction unit (UIU) .
The registration process starts when the user presses the „registration" button at the requesting node. The system now selects a node in the environment that is already member of a a priori different network as the allowing node. If there are different nodes that could be used for this purpose, the selection criteria can be for example a minimum in the number of hops to that node or, if available, the minimum distance to a node. Now, both the requesting and the allowing node audio-visually signal to the user that a registration is possible, for example by letting the display blink and by emitting some sound. If the allowing device that signals is not the one the user wants to use, he/she presses the registration button at the requesting node again. The same remains true if the user does not see any allowing device signalling, e.g. because the system selected the stereo in the other flat. The system now selects another device at the allowing node, and again both devices signal this fact to the user. If now the allowing device was selected the user wanted to use, he/she presses the „registration" button at the allowing device. Afterwards, the requesting device is a member of the network of the allowing device.
For implementing different parts of the invention the following technologies can be used:
- Public Key Cryptography: For en- /decrypting and signing/verifying purposes, advantageously a public key cryptosystem can be used (either directly for encryption or, as it is done normally for enhancing the performance, for encrypting a symmetric session key that is used for symmetric encryption and decryption of data) . This aspect also concerns required public key certificates as mentioned above. For this purpose, any public key cryptosystem (such as RSA or El- Gamal) available on the market can be used.
- Symmetric Cryptography: For encrypting purposes, alternatively a symmetric cryptosystem (e.g. AES) can be used. To this purpose, all occurrences of "encryption with a public key" and "decryption with a private key" have to be replaced by a "generate and exchange a key for a secure connection between A and B" , a "encryption with the generated key", and "decryption with the generated key", respectively. Additionally, occurrences of "sending a Public Key Certificate" can be replaced by a "generate and exchange a key for a secure connection between A and B" . For key exchange, e.g. a (known) Diffie-Hellmann mechanism can be used.
Distance Measurements: For the DMU, different techniques can be employed in order to measure the distance between two nodes in the wireless ad-hoc network. If the wireless transmission technology already allows distance measurements of the needed accuracy (here the requirement is that, prior to the registration, the different other nodes can be ordered according to their distance to a certain node) , normally this possibility will be used. In other cases, e.g. the following technology can be used for any of the signal propagation techniques radio and ultrasonic sound: - Time Of Arrival (ToA) Measurements: For ToA measurements one device measures the time it takes for a signal from another device to this device. This time period is then calculated into a distance . In order to be able to measure this time, the clocks of these two devices need to be as synchronous as possible. Terms and Definitions
Figure imgf000027_0001
Depicted Features and their Corresponding Reference Signs o Technical Feature
100 table wherein characteristics of conventional wireless standards according to the state of the art are compared to the present invention,
200 wireless ad-hoc scenario showing the system components of a wireless communication device 201a that wishes to participate to a wireless multi-hop ad-hoc network („requesting node,,) and a node 201b that decides whether to allow a „requesting node,, participating to a network or not („allowing node,,)
201a „requesting node,, in the wireless ad-hoc scenario 200
201b „allowing node,, in the environment of the „requesting node,, 201a, which already participates to said network
201c another node in the environment of the „requesting node,, 201a, which already participates to said network
202a User Interaction Unit (UIU) of the „requesting node,, 201a
202b User Interaction Unit (UIU) of the „allowing node,, 201b
204a Audio/Video Output Unit (AVOU) of the „requesting node,, 201a
204b Audio/Video Output Unit (AVOU) of the „allowing node,, 201b
206a Registration Control Unit (RCU) of the „requesting node, 201a
206b Registration Control Unit (RCU) of the „allowing node,, 201b
208a Distance Measurement Unit (DMU) of the „requesting node,, 201a
208b Distance Measurement Unit (DMU) of the „allowing node,, 201b
210a Wireless Communication Unit (WCU) of the „requesting node,, 201a
210b Wireless Communication Unit (WCU) of the „allowing node,, 201b
212 user of the „requesting node,, 201a and of the „allowing node,, 201b who sanctions a registration to the wireless ad- hoc network
Figure imgf000029_0001
Figure imgf000030_0001

Claims

Claims
1. A method for registering and authenticating a wireless communication device (201a) with a wireless ad-hoc network, said method being characterized by the following steps:
- wirelessly transmitting (Sla) a registration request message from the requesting device (20la) to a node (201b) authorized to register (S3a) said device (201a) to the network,
- authenticating (S2) said requesting device (201a) towards the user by playing an audio-visual signal, - authenticating said authorized node (210b) towards the user by playing an audio-visual signal,
- sanctioning the registration by the user in case the device (201a) and the authorized node (201b) playing the audiovisual signal are the ones the user intended to use, and - wirelessly transmitting (S3a) a registration message in the positive case from said authorized node (201b) to said requesting device (201a) .
2. A method according to claim 1, characterized by the following step: in case the wireless communication device (201a) and/or the wireless node (201b) registers (S5a) the lack of an acceptance or rejection message after a preprogrammed time interval has expired, terminating (S5b) the authentication and registration process.
3. A method according to anyone of the preceding claims, characterized in that - said audio-visual signals by the wireless communication device (201a) and by the authorized wireless node (201b) have a common structure out of a large number of possible structures so the user can make his sanctioning decision dependent on whether both signals have the same structure, and - the description of the audio-visual signal to be signaled by said device (201a) is wirelessly sent by said authorized node (201b) in an encrypted way, so only said requesting device (201a) can decrypt it.
4. A method according to anyone of the preceding claims, characterized by the step of identifying registered devices (201b+c) of a specific wireless multi-hop ad-hoc network by decrypting and recognizing a network-identif ing signal out of a range of different possible signals that is specific for said network generated by a wireless node (201b) connected to said network.
5. A method according to claim 4, characterized in that said network-identifying signal is an audio signal.
6. A method according to claim 4, characterized in that said network-identifying signal is a visual signal.
7. A method according to claim 4, characterized in that said network-identifying signal is an audio-visual signal.
8. A method according to anyone of the preceding claims, characterized in that the registration request message contains a list containing the device capabilities of the wireless communication device (201a) to be registered.
9. A wireless communication device to be registered (S3a) to a wireless multi-hop ad-hoc network, characterized by
- user interaction and control means (202a, 206a) for controlling the registration and authentication process, - processing means (208a) for determining the nearest wireless node (201b) in the environment of the wireless communication device (201a) being authorized to register (S3a) said device (201a) to the network by evaluating wirelessly received response messages from said nodes (201b+c),
- decryption means (210a) for decrypting information wirelessly received from, audio-visually signaled and encrypted by the authorized wireless node (201b) by means of a secret key which is known to both the wireless communication device (201a) and the authorized wireless node (201b) , and
- signaling means (204a) for audio-visually signaling (S2b) said information to authenticate the identity of the wireless communication device (201a) .
PCT/EP2004/009057 2004-02-18 2004-08-12 Device registration in a wireless multi-hop ad-hoc network WO2005079036A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN2004800417283A CN1918876B (en) 2004-02-18 2004-08-12 Device registration in a wireless multi-hop ad-hoc network
US10/588,531 US7573855B2 (en) 2004-02-18 2004-08-12 Device registration in a wireless multi-hop ad-hoc network
EP04764057A EP1716686B1 (en) 2004-02-18 2004-08-12 Device registration in a wireless multihop ad-hoc network
JP2006553446A JP2007523551A (en) 2004-02-18 2004-08-12 Device registration in wireless multi-hop ad hoc networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04003647A EP1566938A1 (en) 2004-02-18 2004-02-18 Device registration in a wireless multi-hop ad-hoc network
EP04003647.7 2004-02-18

Publications (1)

Publication Number Publication Date
WO2005079036A1 true WO2005079036A1 (en) 2005-08-25

Family

ID=34707311

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/009057 WO2005079036A1 (en) 2004-02-18 2004-08-12 Device registration in a wireless multi-hop ad-hoc network

Country Status (6)

Country Link
US (1) US7573855B2 (en)
EP (2) EP1566938A1 (en)
JP (1) JP2007523551A (en)
KR (1) KR20060134069A (en)
CN (1) CN1918876B (en)
WO (1) WO2005079036A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008199181A (en) * 2007-02-09 2008-08-28 Sumitomo Electric Ind Ltd System, device and method for communication
CN102474839A (en) * 2009-07-16 2012-05-23 捷讯研究有限公司 Methods and apparatus to register with external networks in wireless network environments
US8423772B2 (en) 2006-12-28 2013-04-16 Samsung Electronics Co., Ltd. Multi-hop wireless network system and authentication method thereof
US9087185B2 (en) 2010-03-08 2015-07-21 Panasonic Intellectual Property Management Co., Ltd. Server device for transmitting and receiving data to and from client device through access point
US9684801B2 (en) 2013-01-18 2017-06-20 Apple Inc. Data protection for keychain syncing
US10218685B2 (en) 2013-01-18 2019-02-26 Apple Inc. Keychain syncing

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4728767B2 (en) * 2005-03-18 2011-07-20 株式会社リコー COMMUNICATION DEVICE, COMMUNICATION DEVICE CONTROL METHOD, COMMUNICATION SYSTEM, PROGRAM, AND RECORDING MEDIUM
US8850194B2 (en) * 2005-04-19 2014-09-30 Motorola Solutions, Inc. System and methods for providing multi-hop access in a communications network
US8233554B2 (en) 2010-03-29 2012-07-31 Eices Research, Inc. Increased capacity communications for OFDM-based wireless communications systems/methods/devices
USRE47633E1 (en) * 2005-06-22 2019-10-01 Odyssey Wireless Inc. Systems/methods of conducting a financial transaction using a smartphone
US8670493B2 (en) * 2005-06-22 2014-03-11 Eices Research, Inc. Systems and/or methods of increased privacy wireless communications
DE102005040889A1 (en) * 2005-08-29 2007-03-15 Siemens Ag Method and arrangement for the secure transmission of data in a multi-hop communication system
KR100659253B1 (en) 2005-11-07 2006-12-20 삼성전자주식회사 Method for searching of bluetooth device in portable terminal
DE102006030602A1 (en) * 2006-07-03 2008-01-24 Siemens Audiologische Technik Gmbh Method for identifying hearing aids in the context of wireless programming
US7843833B2 (en) * 2006-11-09 2010-11-30 Avaya Inc. Detection and handling of lost messages during load-balancing routing protocols
EP1921817A1 (en) 2006-11-09 2008-05-14 Thomson Licensing Methods and a device for associating a first device with a second device
US20080112326A1 (en) * 2006-11-09 2008-05-15 Avaya Technology Llc Load-Balancing Routes In Multi-Hop Ad-Hoc Wireless Networks
US8009615B2 (en) * 2006-11-09 2011-08-30 Avaya Inc. Multi-hop ad-hoc wireless networks that support non-multi-hop wireless terminals
US20080113618A1 (en) * 2006-11-09 2008-05-15 Sony Ericsson Mobile Communications Ab Pairing system and method for mobile devices
US7848681B2 (en) * 2007-03-16 2010-12-07 Kabushiki Kaisha Toshiba Method of rotating revolver unit using a plurality of motors
CN101232378B (en) * 2007-12-29 2010-12-08 西安西电捷通无线网络通信股份有限公司 Authentication accessing method of wireless multi-hop network
DE102008003574A1 (en) * 2008-01-09 2009-07-16 Endress + Hauser Process Solutions Ag Method for integrating a field device in a network of process automation technology
DE102008003573A1 (en) * 2008-01-09 2009-07-16 Endress + Hauser Process Solutions Ag A method of integrating a subscriber into a wireless communication network of process automation
JP5046964B2 (en) * 2008-01-10 2012-10-10 キヤノン株式会社 COMMUNICATION SYSTEM AND COMMUNICATION TERMINAL, METHOD, PROGRAM
US9374746B1 (en) 2008-07-07 2016-06-21 Odyssey Wireless, Inc. Systems/methods of spatial multiplexing
KR101405914B1 (en) * 2008-07-23 2014-06-12 삼성전자주식회사 Method for registering a device in access point and device for therefor
US9462411B2 (en) 2008-11-04 2016-10-04 Telcom Ventures, Llc Mobile device mode enablement responsive to a proximity criterion
TWI376122B (en) 2008-12-15 2012-11-01 Ind Tech Res Inst Method and system for a new node to join a wireless ad-hoc network
JP5374172B2 (en) * 2009-01-29 2013-12-25 オリンパス株式会社 Wireless communication terminal and wireless network connection setting method
US9035744B2 (en) * 2009-10-01 2015-05-19 Blackberry Limited Method and apparatus for monitoring and controlling a medical device using a wireless mobile communication device
KR101083127B1 (en) * 2010-08-25 2011-11-11 경희대학교 산학협력단 Method for sharing secret key between sensor nodes in wireless multi-hop sensor network
US20130136033A1 (en) * 2011-11-28 2013-05-30 Abhishek Patil One-click connect/disconnect feature for wireless devices forming a mesh network
CN102612091B (en) * 2012-03-01 2014-07-16 天津大学 Media access control method based on spatial fairness in underwater sensor network
US9178893B2 (en) * 2012-04-11 2015-11-03 Motorola Solutions, Inc. Secure AD HOC communication systems and methods across heterogeneous systems
CN103748943A (en) * 2012-08-17 2014-04-23 华为技术有限公司 User equipment pairing processing method, network side device, and user equipment
US9762558B2 (en) * 2013-03-12 2017-09-12 Trividia Health, Inc. Wireless pairing of personal health device with a computing device
US9215075B1 (en) 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
JP6311246B2 (en) 2013-09-13 2018-04-18 沖電気工業株式会社 Registration device, communication device, and network registration system
US9277573B2 (en) 2013-11-21 2016-03-01 At&T Intellectual Property I, L.P. Method and apparatus for establishing an ad hoc communication with an unknown contact
US10091310B2 (en) * 2014-07-17 2018-10-02 Verizon Patent And Licensing Inc. Method and system for high-latency data collection from sensors
US9706401B2 (en) 2014-11-25 2017-07-11 Microsoft Technology Licensing, Llc User-authentication-based approval of a first device via communication with a second device
CN107432046A (en) * 2015-03-30 2017-12-01 日本电气方案创新株式会社 Wireless network construction device, wireless network construction method and computer-readable recording medium
CN114079568B (en) * 2020-07-30 2023-12-12 庄连豪 Information transmission encryption protection method and implementation system thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10039954A1 (en) 2000-08-16 2002-02-28 Siemens Ag Method of registering Bluetooth device with equipment by outputting instruction to user when authorization fails

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10336176A (en) * 1997-06-04 1998-12-18 Nippon Telegr & Teleph Corp <Ntt> Group communication method, its system and storage medium for storing group communication program
US6630883B1 (en) * 1997-12-02 2003-10-07 At&T Wireless Services, Inc. Method and system for delivering a short-message notification
JP3670541B2 (en) * 1999-11-26 2005-07-13 株式会社エヌ・ティ・ティ・ドコモ Wireless communication terminal and wireless communication method
AU2108101A (en) * 1999-12-23 2001-07-09 Sony Electronics Inc. Information gateway system and method
CA2485100C (en) * 2002-05-06 2012-10-09 David Goldberg Localized audio networks and associated digital accessories
CN1124759C (en) * 2002-08-15 2003-10-15 西安西电捷通无线网络通信有限公司 Safe access method of mobile terminal to radio local area network
US7158756B2 (en) * 2003-06-25 2007-01-02 Nokia Corporation Method and system for establishing short-range service sessions

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10039954A1 (en) 2000-08-16 2002-02-28 Siemens Ag Method of registering Bluetooth device with equipment by outputting instruction to user when authorization fails

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8423772B2 (en) 2006-12-28 2013-04-16 Samsung Electronics Co., Ltd. Multi-hop wireless network system and authentication method thereof
JP2008199181A (en) * 2007-02-09 2008-08-28 Sumitomo Electric Ind Ltd System, device and method for communication
CN102474839A (en) * 2009-07-16 2012-05-23 捷讯研究有限公司 Methods and apparatus to register with external networks in wireless network environments
US9087185B2 (en) 2010-03-08 2015-07-21 Panasonic Intellectual Property Management Co., Ltd. Server device for transmitting and receiving data to and from client device through access point
US9684801B2 (en) 2013-01-18 2017-06-20 Apple Inc. Data protection for keychain syncing
US10218685B2 (en) 2013-01-18 2019-02-26 Apple Inc. Keychain syncing

Also Published As

Publication number Publication date
JP2007523551A (en) 2007-08-16
US7573855B2 (en) 2009-08-11
US20070184837A1 (en) 2007-08-09
EP1716686A1 (en) 2006-11-02
CN1918876B (en) 2011-05-18
EP1716686B1 (en) 2013-02-06
CN1918876A (en) 2007-02-21
EP1566938A1 (en) 2005-08-24
KR20060134069A (en) 2006-12-27

Similar Documents

Publication Publication Date Title
US7573855B2 (en) Device registration in a wireless multi-hop ad-hoc network
US8345881B2 (en) Communication system, information processing apparatus, method and computer program
US9557188B2 (en) Method and system for using relationship information from a social network to enable mobile device communications in a privacy enhanced network
EP1792442B1 (en) Secure pairing for wired or wireless communications devices
KR100405746B1 (en) Method for executing synchronous processing of data, recording medium storing computer program for executing synchronous processing of data, and electronic instruments
US8170591B2 (en) Proximity-based mobile message delivery
US7039392B2 (en) System and method for providing device authentication in a wireless network
JP3552648B2 (en) Data transmission / reception system for ad hoc wireless communication and data transmission / reception method for ad hoc wireless communication
EP1473899A1 (en) Security in a communications network
US20040192383A1 (en) Method and system for establishing a communication network
WO2005076107A1 (en) Validation for secure device associations
JP2003309558A (en) Method for authenticating communication on network medium
US10531300B2 (en) Terminal device, management device, storage medium adapted for communication between multiple terminal devices within a group
JP2017192035A (en) Intercom system, interphone for this intercom system and portable communication terminal
CN104488302A (en) Wireless connection authentication method and server
CN107846685A (en) The transmission method of configuration information, apparatus and system, storage medium
JP2006191403A (en) Method for exchanging security information, recorder apparatus and television receiver
JP6724514B2 (en) Intercom system, intercom and server device for this intercom system
Ferreres et al. Guaranteeing the authenticity of location information
CN106372557B (en) Certificate card information acquisition method, device and system
US10334433B2 (en) Terminal device, management device, communication system, memory medium, and communication method for notifying users of authentication status of multiple terminal devices within a group
JP6299264B2 (en) Mobile device, system and method for performing authentication in a restricted area
Kindberg et al. Evidently secure device associations
US11290442B2 (en) Communication device, communication method, and computer program
Hohl et al. Secure and easy-to-use registration of mobile and stationary devices to wireless ad-hoc CE networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004764057

Country of ref document: EP

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10588531

Country of ref document: US

Ref document number: 2007184837

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 200480041728.3

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 1020067016595

Country of ref document: KR

Ref document number: 2006553446

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWP Wipo information: published in national office

Ref document number: 2004764057

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067016595

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 10588531

Country of ref document: US