WO2009050322A1 - Privacy seed with data structure filter - Google Patents

Privacy seed with data structure filter Download PDF

Info

Publication number
WO2009050322A1
WO2009050322A1 PCT/FI2007/000246 FI2007000246W WO2009050322A1 WO 2009050322 A1 WO2009050322 A1 WO 2009050322A1 FI 2007000246 W FI2007000246 W FI 2007000246W WO 2009050322 A1 WO2009050322 A1 WO 2009050322A1
Authority
WO
WIPO (PCT)
Prior art keywords
apparatuses
filter
contributory
value
wireless
Prior art date
Application number
PCT/FI2007/000246
Other languages
French (fr)
Inventor
Jan-Erik Ekberg
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to PCT/FI2007/000246 priority Critical patent/WO2009050322A1/en
Publication of WO2009050322A1 publication Critical patent/WO2009050322A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • H04W52/0212Power saving arrangements in terminal devices managed by the network, e.g. network or access point is master and terminal is slave
    • H04W52/0219Power saving arrangements in terminal devices managed by the network, e.g. network or access point is master and terminal is slave where the power saving management affects multiple terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

Various embodiments of the invention provide a contributory value (rand) (alternatively the contributory value is referred to as a random field or a rand), according to which a seed can be commonly created so that the seed is configured to be similar for all apparatuses. In the apparatus discovery phase this reduces the need for making several calculations to define whether an apparatus is known or not. A bloom filter can embody as an example of a data structure filter. If the values, e.g. the fields, are put together with a filter, it can be estimated by certain probability whether there are any known apparatuses or not. This estimation can be performed even by a single calculation or processing step. In various embodiments it should be noted that apparatuses may alternatively be referred to as devices as well.

Description

Privacy Seed with Data Structure Filter
TECHNICAL FIELD OF THE INVENTION
The invention concerns an apparatus configured to test whether another apparatus is a member of a known set. Furthermore the invention concerns an apparatus configured to generate a seed for the testing. Furthermore the invention concerns a wireless ad hoc network system comprising the apparatus. Even furthermore the invention concerns the use of the apparatuses or the system. Yet furthermore the invention concerns a computer program configured to operate the method.
BACKGROUND ART
Wireless communications has spread out widely. Wireless communication can be of ad hoc type, wherein the configuration and characteristics of the network may change dynamically due to uncoordinated behaviour of at least mobile apparatuses of the network. The communication distances may also vary being of a relatively short distance to even longer distance communications. Typically each apparatus comprises an address, typically used not only for addressing but also as an identity. The latter use makes it possible to gather and possibly mis-use the location information of the device (holder). For groups of wireless apparatuses such as mobile personal area network (PAN) devices, address tracking and as a consequence involuntary positioning of the device holder is thus a possible nuisance, in some scenarios an outright threat. In view of the above, wireless ad hoc radio technologies have been subjected to various efforts to eliminate the mobile tracking threat. As an example Wibree radio that will be merged with the Bluetooth™ SIG for advancing Bluetooth™ wireless technology with ultra low power characteristics has introduced private addressing feature, where devices can have parallel identities that are not trackable to the unique addresses of the devices by an external source having no association with said devices. However a simple algorithmic construct falls short in known solutions where either multiple parallel identities need to be mapped to a single address. Also the construct fails in known solutions where there are numerous devices, needed to be found, (like members of a football club) rather than a limited set of devices that a user carries on his own person. This is mainly because the address resolving algorithm must be done for each target and address pair separately. Thus the problem of known solutions relates to private address aspect that is introduced in short range ad hoc network such as Bluetooth ULP or a Wibree technology (www.wibree.com). In the private address concept, some messages such as advertisement message, including the private address that is derived from the actual unique address of the device, comprises a random field alternatively referred to as a challenge field, and a response fields. A device receiving the message can check with a keyed one-way function whether the device is a known device or not by calculating the result using the challenge. If it matches with the received result, the device can be identified. The problem with this kind of solution is that if there are lots of known devices, the device has to make the same calculation for each of the known devices to see whether the advertising device is a known device or not.
Further, in communication among groups, revocation and group management in general is a difficult problem to solve with simple mechanisms. An improved identity mechanism may enable more dynamism e.g. for pair wise identity contexts, bypassing the group management issues altogether.
SUMMARY
It is therefore the object of the invention to provide a lightweight mapping for encrypted private addresses of apparatuses within a network. In accordance with an aspect of the invention there is provided an apparatus, comprising: a communication module configured to communicate in a wireless ad hoc network, and
a data structure filter configured to test whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network based on at least one message received via said communication module.
In accordance with another aspect of the invention there is provided an apparatus, comprising: a generator arranged to generate at least one contributory value corresponding to the apparatus,
a communication module configured to communicate in a wireless ad hoc network including other apparatuses, wherein the communication module is configured to send and receive contributory values of one or more apparatuses within the wireless ad hoc network, and further configured to send the at least one contributory value corresponding to the apparatus, and
a data structure filter arranged to generate a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
In accordance with yet another aspect of the invention there is provided a system, comprising:
a first apparatus, comprising: a communication module configured to communicate in a wireless ad hoc network, and a first data structure filter configured to test whether a second apparatus is a member of a known set of apparatuses of said wireless ad hoc network based on at least one message received via said communication module,
the second apparatus, comprising: a generator arranged to generate at least one contributory value corresponding to the second apparatus, a communication module configured to communicate in the wireless ad hoc network including one or more apparatuses, wherein the communication module is configured to send and receive contributory values of the one or more apparatuses within the wireless ad hoc network, and further configured to send the at least one contributory value corresponding to the apparatus, and a second data structure filter arranged to generate a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
In accordance with yet another aspect of the invention there is provided a method, comprising: communicating by a communication module of a wireless ad hoc network, receiving at least one message, and on a basis of the received message
testing, by a data structure filter, whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network.
In accordance with yet another aspect of the invention there is provided a computer program comprising computer code arranged to
communicating by a communication module of a wireless ad hoc network, receiving at least one message, and on a basis of the received message
testing, by a data structure filter, whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network.
In accordance with yet another aspect of the invention there is provided A method comprising:
generating, by a generator, at least one contributory value corresponding to the apparatus,
communicating, by a communication module, in a wireless ad hoc network including other apparatuses,
sending and receiving, by the communication module, contributory values of one or more apparatuses within the wireless ad hoc network,
sending, by the communication module, the at least one contributory value corresponding to the apparatus, and generating, by a data structure filter, a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
In accordance with yet another aspect of the invention there is provided a computer program comprising computer code arranged to generating, by a generator, at least one contributory value corresponding to the apparatus, communicating, by a communication module, in a wireless ad hoc network including other apparatuses, sending and receiving, by the communication module, contributory values of one or more apparatuses within the wireless ad hoc network, sending, by the communication module, the at least one contributory value corresponding to the apparatus, and generating, by a data structure filter, a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
Various embodiments of the invention provide an efficient way to construct a contributory value to be used as an input for seed generation for the privacy mechanism of the network. Furthermore the discovery of the apparatuses within the network can be performed efficiently by the filter on a basis of the value. Various embodiments provide advantages, for example so that the filter is lightweight, further the closure result can be achieved relatively fast. Furthermore the filter saves significantly power at the discovery phase of the apparatus because the needed processing is significantly reduced. Thus the apparatus discovery can be significantly improved. The private address can be encrypted; however they can be efficiently discovered. Yet furthermore various embodiments can interact / co-exist with the earlier network systems.
BRIEF DESRIPTION OF THE DRAWINGS
Various embodiments of the invention will now be described, by way of examples only, with reference to the accompanying drawings, in which:
Figure 1 depicts an embodiment the invention relating to the generation for the seed,
Figure 2 depicts an embodiment of the invention relating to the discovery of the apparatuses,
Figure 3 depicts apparatuses each having a communication module of a wireless ad hoc network in accordance with various embodiments of the invention,
Figure 4 depicts an example of synchronizing the data structure filter according to an embodiment of the invention, Figure 5 depicts a further example of adding supplementary value to increase diffusion of data structure filter in the group in accordance with a further embodiment of the invention,
Figure 6 depicts another further example of adding a least common denominator to further increase diffusion of data structure filter within the group in accordance with a further embodiment of the invention,
Figure 7 shows an example of simulation results about the creation of the common contributory value for the data structure filter,
Figure 8 shows an example of apparatus volatility within the network, and Figure 9 depicts an example of the apparatus that can be used in various embodiments of the invention.
DESCRIPTION OF FURTHER EMBODIMENTS
Figure 1 depicts an embodiment the invention relating to the generation for the seed. In various further embodiments, apparatuses (e.g. a-c) are generating contributory values (rand). A generator (G) containing data structure filter (BF1 for example) receives the contributory value. The data structure filter outputs a seed, which is alternatively referred to as a beacon.
Figure 2 depicts an embodiment of the invention relating to the discovery of the apparatuses. Apparatuses (e.g. a-c) are communicating with each other by sending message containing at least the contributory value (rand) and possibly the result value. Each apparatus contains a list of known apparatuses (001 ,002,003,...). During device discovery operation, an apparatus (a,b,c) contains a discoverer module (D) that includes a data structure filter (for example BF2, the second filter). The filter receives as an input at least the common seed and identify value of one or more other devices. The filter, in response to the inputs, processes the inputs and outputs a result value, thereby a check for the correspondence between result values can be made so that the correspondence between the known set of apparatuses is performed.
Various embodiments of the invention provide a contributory value (rand) (alternatively the contributory value is referred to as 'random field' or 'rand'), according to which a seed can be commonly created so that the seed is configured to be similar for all apparatuses. In the device discovery phase this reduces the need for making several calculations to define whether an apparatus in the network is known to the local device or not. A Bloom filter can serve as an example of a data structure filter. If the values, e.g. the fields, are put together with a filter, it can be estimated by a certain probability whether there are any known apparatuses or not in the environment. This estimation can be performed even by a single calculation or processing step. In various embodiments it should be noted that apparatuses may alternatively be referred to as devices as well.
In various embodiments of the invention, a plurality of apparatuses, or all apparatuses of a wireless ad hoc network, take part of the creation of the seed by contributory values so that the seed can be considered as a fresh value (i.e. the seed is dynamic that hinders potential eavesdroppers and other outside sources to track the apparatuses of the network). The creation of common seed by the contributory values can be reasonably fast. Accordingly, a relatively straightforward applicability of the value for discovering whether a certain apparatus is part of the known set of the apparatus can be performed, even by a single calculation step/process.
In various embodiments of the invention, the message to be communicated between the apparatuses comprises at least a contributory value, alternatively referred to as a rand, and possibly a result value as well. The result value can be used along with the seed for testing for the correspondence with the known set of apparatuses. It should be noted that the system comprises two different filters. The first one is used in the creation of the common seed, wherein the filter inputs the contributory values and outputs the seed. The second (alternatively referred to as a local) filter is used in the discovery so that the second filter inputs the common seed and result value and output the correspondence between the known set of apparatuses.
Referring to Figure 3, there is depicted apparatuses (a,b,c,d,e) each having a communication module (CM) of a wireless ad hoc network (N) in accordance with various embodiments of the invention. The network in the example of figure 3 comprises five apparatuses (a,b,c,d,e). It should be noted that the invention is by no means limited into these examples but the number of apparatuses may vary greatly. Each apparatus (a,b,c,d,e) comprises various operational modules, including a contributory value (rand) and a data structure filter (BF). Furthermore each apparatus (a,b,c,d,e) comprises a seed value generator (G), discoverer (D) arranged to search for peer apparatuses that are known in a set of known apparatuses of the wireless ad hoc network (N), a replay-protector (R-P), a replay- discoverer (R-D), and a combiner (C) arranged to combine several identities into one address. The operation and functions of the operational modules that may comprise software and/or hardware are described in more detail in the various embodiments. In a further embodiment the network (N) can be a Wibree network, in another further embodiment the network (N) may be a Bluetooth™ network etc.
Data structure filters
Various embodiments of the invention embody Bloom filters. A Bloom filter, conceived by Burton H. Bloom in 1970, is an example of a space-efficient data structure filter (BF) that is used to test whether an element is a member of a set. The data structure filter can be a probabilistic data structure filter in a further embodiment. False positives are possible, but typically false negatives are not. Elements can be added to the set, but typically not removed (though this can be addressed with a counting filter). The more elements that are added to the set, the larger the probability of false positives. There are alternatives to the Bloom filter such as the one based on space efficient variants of cuckoo hashing.
As said various embodiments of the invention uses the data structure filters (BF) as accumulators for a variety of different purposes:
1. The data structure filters (BF) are used for seed, e.g. the logical beacon, generation (G) - the agreement of one (or a few) shared, contributory seed values (rand) among the apparatuses advertising their presence in local communication.
2. The data structure filters (BF) are used for optimizing the search (D) for peers that are known to the discoverer. This optimization is made possible based on the seed feature.
3. The data structure filters (BF) are used for repiay-protection (R-P). The contributory algorithm may be attacked by an active adversary, and each apparatus (a...e) will see to it that a single private address is not re-used many times (this would allow apparatus tracking).
4. The data structure filters (BF) are used by initiating devices for replay-discovery (R-D). Adversaries may replay old addresses to trick incoming connections to be established, thereby possibly exposing the identity of the connecting apparatus.
5. The data structure filters (BF) can also potentially be used for combining several identities into one advertised address. This might be reasonable if a single apparatus needs to advertise a large number of identities - so large that simply interleaving advertisements for unique identities becomes infeasible.
Wherever the input parameters (rand) to the filters (BF) are random data (or pseudo-random data like the image of an encryption function) the identity function can serve as the hash function for the filters. Typically, however not as a limiting option, for private addresses almost all input data is pseudo-random by nature.
Logical Beacon - the seed
The seed can be alternatively referred to as a logical beacon or the beacon. The reason for defining a beacon algorithm is to construct a common seed for private address generation. The common beacon in turn makes it possible to devise efficient algorithms for resolving identity presence. The property of a beacon in various further embodiments is that its value distribution should be close to a nonce (a non-repeating value) and that, either the origin of the beacon can be trusted, or that the non-repeating property can be asserted by all participants. The second requirement is in a distributed environment easiest achieved by making the beacon contributory in a way where all participants can assert their own (pseudo-random) contribution (rand) to the beacon.
As the reason for the beacon is to provide efficiency for resolving private addresses, it is not absolutely necessary that the beacon is unique. Savings are achieved with any system where the number of seeds for the random addresses can be narrowed down from the case where every apparatus has its own random address. Accordingly it is appropriate that a given environment has 2-3 seeds "active" at any given time.
The actual seed value, i.e. the logical beacon value, can be the value of any one- directional function with all input contributions considered. In a further embodiment of the invention a possible structure for seed construction is to calculate a CBC- MAC (Cipher Block Chaining - Message Authentication Code) over a symmetric cipher like AES (Advanced Encryption System ), where the input is ordered according to byte values. The following formulae can keep and maintain the seed within certain bytes (for example 128 bits) seed = E(Mx θ E(Mx-1 Φ E(...)))
Referring to an embodiment of Figure 4, every apparatus (a,b,c,d) is arranged to collect all input (randa,b,c,d) from all apparatuses (a,b,c,d). Furthermore all apparatuses (a,b,c,d) are arranged to apply to the seed construction function, the data structure filter (BFa,b,c,d) on the distributed values. As every apparatus' contribution (randa,b,c,d) is broadcast, one can, to a fair degree of accuracy, confirm that every apparatus sees the same input values by having every entity append to its random contribution a Bloom filter collecting all the inputs that the device has seen in the ether. Therefore any participant (a,b,c,d) can validate that its own contribution is present in the seed of any other apparatus - some advertisement messages may not reach all participants immediately, but even for those participants with a less-than complete picture of the environment any other participant with more information can calculate the seed used by the former participant.
The drawbacks of the embodiment of Figure 4 include problems caused by incomplete network topology (in a case not all advertisements reach all participants) and a high seed fluctuation probability at times where apparatuses enter or leave the network.
Referring now to Figure 5, the problems related to network topology and incomplete message diffusion can be remedied, for example by including supplemental information (randχ,Wiu,s..randyiV,r,t) in every broadcast - the contributions of other apparatuses (e.g. b,c,d). Thus even if a given apparatus (such as a) cannot hear some of the nodes, their contributions, i.e. the contributory values, will be forwarded by neighbours (b,c,d) that do hear the contribution. To add as supplemental information (rand^w.u.s.jandy^r.t) all contributions that an apparatus knows about quickly become a significant transmission overhead, and force the advertisements to have dynamic length. Instead a fixed number of input value can be selected at random / in order. But even better, as everybody knows their own and their neighbours" Bloom filters (BF) indicating seed input but also knowledge of the values (rand), the operation
Figure imgf000011_0001
will in each apparatus (a,b,c,d) give a bit-vector, from which seed values present in this apparatus but missing in some apparatuses can be determined. Adding (at lest one or even a number of) these values as supplementary parameters (randχiWiU,s..randy,v,r,t) will speed up the diffusion of input values (rand). Thereby the process of creating the common operating filter can be speed-up. In a further embodiment in order to make data aging relatively easy to implement, the supplemental input data broadcast by an apparatus will only be such data, which the apparatus has received first hand. Thus, when an apparatus leaves the neighbourhood, its contribution will also disappear shortly afterwards.
Referring to further embodiment of Figure 6, the question of seed fluctuation can be addressed by including only stable values as input parameters. Stable values would be such "inputs" that have diffused into the network, and on the other hand, apparatuses that leave should impact the whole network more or less simultaneously. Some examples for the system to stabilize for devices: 1. In a further embodiment of the invention, there is being calculated the seed based on an intersection (BF$) such as the least common denominator (BF$) between its own Bloom filter (BFa,b,c, ord) and the Bloom filters (BFa,b,c,andd) seen during a small fresh time interval, and also advertise this filter for possible initiating apparatuses to use. 2. In a further embodiment of the invention, there isn't being contributed to beacon generation anymore if more than a limit of n apparatuses already are contributing to the beacon, and the resulting value is acceptable to the apparatus (it has not been used before).
With respect to the limit n in the context of seed generation, the seed will have entropy corresponding to the one-directional function deployed for its generation. It is advantageous to try to maximize the entropy of the seed, since it minimizes the probability for accidental replay. Thus, if e.g. every apparatus contributes 24 bits of input material, 6 apparatuses would already exceed entropy of 128 bits for the resulting value if the hash function produces 16 bytes of output. Thus, 6 could be a suitable value for n if combined with the AES-CBC construct above.
Referring back to the embodiment of Figure 6, the least common denominator can be represented as the difference to the broadcast, Bloom filter (BF$) indicating input value knowledge. In this manner this information should be sparsely populated with l-bits and thus efficiently compressable. If the Hamming distance between the two values is high, it is anyway an indication of the fact that the apparatus in question has not yet collected the information needed for the beacon, and the value can be left out altogether. Compressing Bloom filters can e.g. be done by encoding a maximum of 4 1 -bits by the position indices of the respective bits, achieving a fixed 1-4/32 = 87% compression. In various further embodiments, the aging of data in the network system is based on time. When apparatuses do not broadcast any more, the input data, which these apparatuses represent, will age in each apparatus with a predetermined speed. As the information is released from memories of the individual apparatuses there will be an intermediary period during which the beacon transforms into another value.
In the minimal case where an apparatus is broadcasting alone, it may indicate in its supplemental data (randXiW)u,s..randyiV,r,t) additional random values to artificially enlarge the entropy of the resulting seed. The same approach can be made for two or even three apparatuses, but apparatuses should soon stop this activity as the network grows, since these "imaginary peers" will not traverse the limits of the fully connected network.
Measures
In various further embodiments of the invention, a single advertisement with beacon generation, for example as described above comprises
1. A 3-byte random input
2. A 9-byte supplementary random field
3. A 32-byte Bloom filter
4. A 4-byte compressed representation of another Bloom filter
5. A checksum for identity validation (3 bytes in Wibree)
Mapped to the Wibree specification, the random contribution and the result value (alternatively referred to as the checksum) can constitute the address. However the remaining 45 bytes may sometimes be too high for inclusion in a single advertisement package - not only in terms of energy consumption but also since the payload size is limited to 32 bytes. Accordingly in yet another further embodiment, wherein there is not added any significant complexity, there is being defined the Bloom filters to be 128-bits in size. The Bloom filter hashing function cannot any more be the identity function, but an extension for the mapping of a byte for example using
Figure imgf000013_0001
brings the Bloom filter size down to 16 bytes at the cost of requiring double the amount lookups when figuring out which addresses are part of a filter. With this extension, the payload size is decreased to 29 bytes which is within the acceptable limits of e.g. Wibree broadcasts. If the rule for typically including only 6 participants in the beacon, the false positive rate of the beacon filter remains acceptable, as the false positive rate is defined by
Figure imgf000014_0001
where m is the 128 bits, k the number of hash functions (e.g. 3) and n the number of entries (e.g. 6), results in a false positive rate for the filter to be 2.2% compared with 0.3% for a 256-bit filter with the same parameters. Since the false positive rate is high, it must be circumvented in the beacon case. This can be achieved by constructing the local Bloom filter (BFI) in a way where the local contribution is added last. If the adding of the local contribution does not add a new T-bit to the filter, the local contribution is changed. If all participants follow this precautionary algorithm, the false positives are soon eliminated.
Simulation results of further embodiments
Next there is being demonstrated some simulations with parameters that may be deployable e.g. with the Wibree radio technology. The random inputs are 24 bits each, and up to 3 supplementary random parameters are sent to improve diffusion. In the example every apparatus broadcasts in every timeslot, and a broadcast is received in a given device with 20 otherwise indicated. The bloom filters are 256 bits in width, and the hash function is trivially mapping each input byte to the Bloom filter.
Figure 7 shows the effect of lessening the probability of a broadcast being received according to at least one embodiment of the invention. A set of 70 apparatuses agreeing on a beacon is chosen to highlight the effect. The example graphs arc form four specific runs of the protocol, but the variation between runs is small. There can be seen that if a broadcast is received in an apparatus with 20% probability, the whole ad hoc network will close in on a common beacon in less than 10 time units. The algorithm works reasonably well with a 10% receiving rate, but around a broadcast throughput of 5% the network still has two clusters (seeds) after 40 time units, and the variation in the clustering rate is already evident from the graph. The effects of apparatus volatility are relatively small for the network system as shown in an example of Figure 8. A network initially has 6 apparatuses. The network gets new incoming apparatuses from time to time, and some apparatuses will leave. The two graphs in the example show the total number of apparatuses in the network, as well as the number of clusters. The test run was made with the 20% broadcast receiving rate. From the test results, one can see that the seed value quickly stabilizes after a new entry or an exit.
Replay protection
Further embodiment of the invention employs replay protection (R-P). A local replay protection prevents producing addresses for the same beacon value twice. Anyway since the seed value may be, for example 128-bits the probability of an accidental re-occurrence is small. If a re-occurrence is found, the apparatus (a,b,c,d) may always contribute the beacon to move to another value. The concept of a contributory beacon (BF$) integrates well with the fact that also the replay protection Bloom filter will be triggered by false positives - now it does not really matter whether the "positive" is rightful or false, the consequence can in both cases be that the apparatus participates in the beacon generation and therefore re-adjusts it as long as a positive is not found.
The size of the replay protection (R-P) Bloom filter (BF) can be designed based on apparatus capabilities. If only limited memory is available, a rotation system of for example, 3-10 256- bit filters can be deployed (filled to "the limit" in rotating order). Around 50 seed values (increasing the false positive rate to around 2% for 50 values) can be stored per filter. The replay protection needs to be considered only when the apparatus is advertising. An improvement to this concept is to store encountered positives in one (or several) separate longer-lived filter to identify "capture and replay" - attacks.
A memory efficient solution is for a device to always contribute to beacon construction. In that case no replay protection is needed.
Discovery
The value of the system is evident from the discovery phase. A network environment where the advertising apparatuses have agreed on a single beacon and thus the seed for the privacy system. The method trivially extends to the case where a few beacons are present too. For each peer apparatus (a,b,c,d) for which the identity parameters are known, and to which one wants to make a connection, the result value (alternatively referred to as address checksum) is calculated based on the seed. The result values are added to a local Bloom filter (BFa,b,c,d)- Now, for each radio advertisement (i.e. the message), there is being checked for a match in the Bloom filter (BFa,b,c,d)- If a match is found the apparatus (e.g. a) knows that with a high probability one of the advertising apparatuses (e.g. b,c,d) is one of the apparatuses known. At this stage the apparatus (a) can resolve which of the identities matches the identity in advertisement, and initiate the connection.
The process of (re)generating the Bloom filter (BF) should be done every time the seed value changes, or if there are several seed values - for each value visible. This cryptographic operation is significantly smaller than to match every known identity to every seen address, which implies invocating the cryptographic algorithm at every intermediate step - the latter being the case in the current Wibree privacy system. Various embodiments of the invention are especially advantageous in high-density networks with low volatility (among the beacon participants) - resolving the privacy reduces to a simple match - equivalent to resolving public addresses without any privacy system at all.
Figure 9 depicts an example of the apparatus (any one of a,b,c,d,e etc.) that can be used in various embodiments of the invention. Apparatus has the communication module (CM) of a wireless ad hoc network (N). The apparatus (a) comprises the seed value and a data structure filter (BF). Furthermore the apparatus (a) comprises the seed value generator (G), discoverer (D) arranged to search for peers that are known in the set, a replay-protector (R-P), a replay- discoverer (R-D), and a combiner (C) arranged to combine several identities into one address. The operation and functions of the blocks are described in more detail with respect to the Figures. Thus the apparatus comprises blocks and functions arranged to carry out the operations described in these figures. For example the apparatus may contain software, middleware and/or hardware arranged to carry out the operations described in the Figures.
In various embodiments of the invention the computer program can be a computer program product. The product is an example of a tangible object. For example, it can be a medium such as a disc, a hard disk, an optical medium, CD-ROM, floppy disk, or the like storage etc. In another example the product may in a form of a signal such as an electromagnetic signal. The signal can be transmitted within the network for example. The product comprises computer program code or code means arranged to perform the operations of various embodiments of the invention.
Ramifications and Scope
Although the description above contains many specifics, these are merely provided to illustrate the invention and should not be construed as limitations of the invention's scope. It should be also noted that the many specifics can be combined in various ways in a single or multiple embodiments. Thus it will be apparent to those skilled in the art that various modifications and variations can be made in the apparatuses and processes of the present invention without departing from the spirit or scope of the invention.

Claims

Claims
1. An apparatus, comprising: a communication module configured to communicate in a wireless ad hoc network, and a data structure filter configured to test whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network based on at least one message received via said communication module.
2. An apparatus according to claim 1 , wherein the at least one message comprises at least a contributory value arranged to be used as an input for seed generation.
3. An apparatus according to claim 2, wherein a result value is arranged to be obtained on a basis of the generated seed, and wherein the filter is arranged to receive the result value and output whether the another apparatus is the member of the known set of apparatuses.
4. An apparatus according to any of the preceding claims, further comprising a memory configured to store identity values of the known set of apparatuses of said wireless ad hoc network.
5. An apparatus according to any of the preceding claims, wherein the data structure filter is further configured to check whether the obtained result value correlates with any identity values stored on the memory.
6. An apparatus according to any of the preceding claims, wherein the apparatus is further arranged to establish a connection to said another apparatus if an identity value corresponding to said another apparatus correlates with the obtained result value corresponding to said another apparatus.
7. An apparatus according to any of the preceding claims, wherein the filter is arranged to be regenerated every time a seed, according to which the filter is arranged to be created, changes.
8. An apparatus according to any of the preceding claims, wherein the result value comprises an encryption of the seed and the identity value.
9. An apparatus, comprising: a generator arranged to generate at least one contributory value corresponding to the apparatus,
a communication module configured to communicate in a wireless ad hoc network including other apparatuses, wherein the communication module is configured to send and receive contributory values of one or more apparatuses within the wireless ad hoc network, and further configured to send the at least one contributory value corresponding to the apparatus, and a data structure filter arranged to generate a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
10. An apparatus according to claim 9, wherein the apparatus is arranged to validate its contribution present in the seed.
11. An apparatus according to claim 9, wherein the filter is further configured according to supplementary information in messages between the apparatuses.
12. An apparatus according to claim 11 , wherein the supplementary information comprises contributory values of the one or more apparatuses.
13. An apparatus according to claim 12, wherein the supplementary information comprises aggregates of all contributory values known to the apparatus.
14. An apparatus according to claim 13, wherein the apparatus is arranged to send within the supplementary information, on a basis of an aggregate of one or more apparatuses, contributory values missing from the one or more apparatuses.
15. An apparatus according to claim 11 , wherein the supplementary information further comprises parameters corresponding to the data structure filter.
16. An apparatus according to claim 9, wherein the data structure filter is further configured to determine an intersection between the contributory value of the apparatus and the contributory values of the one or more apparatuses.
17. An apparatus according to any of the preceding claims, wherein the data structure filter comprises a probabilistic data structure filter.
18. An apparatus according to any of the preceding claims, wherein said probabilistic data structure filter comprises a Bloom filter.
19. An apparatus according to any of the preceding claims, wherein said filter comprises a one-way algorithm.
20. An apparatus according to any of the preceding claims, wherein an identity of the apparatus of the ad hoc wireless network can be detected on a basis of the seed and the filter.
21. An apparatus according to any of the preceding claims, wherein the ad hoc wireless network comprises a Wibree network or a Bluetooth network.
22. A system, comprising: a first apparatus, comprising:
a communication module configured to communicate in a wireless ad hoc network, and a first data structure filter configured to test whether a second apparatus is a member of a known set of apparatuses of said wireless ad hoc network based on at least one message received via said communication module, the second apparatus, comprising:
a generator arranged to generate at least one contributory value corresponding to the second apparatus, a communication module configured to communicate in the wireless ad hoc network including one or more apparatuses, wherein the communication module is configured to send and receive contributory values of the one or more apparatuses within the wireless ad hoc network, and further configured to send the at least one contributory value corresponding to the apparatus, and
a second data structure filter arranged to generate a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
23. A method, comprising: communicating by a communication module of a wireless ad hoc network, receiving at least one message, and on a basis of the received message testing, by a data structure filter, whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network.
24. A computer program comprising computer code arranged to
communicating by a communication module of a wireless ad hoc network, receiving at least one message, and on a basis of the received message
testing, by a data structure filter, whether another apparatus is a member of a known set of apparatuses of said wireless ad hoc network.
25. A method comprising:
generating, by a generator, at least one contributory value corresponding to the apparatus, communicating, by a communication module, in a wireless ad hoc network including other apparatuses, sending and receiving, by the communication module, contributory values of one or more apparatuses within the wireless ad hoc network, sending, by the communication module, the at least one contributory value corresponding to the apparatus, and generating, by a data structure filter, a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
26. A computer program comprising computer code arranged to generating, by a generator, at least one contributory value corresponding to the apparatus, communicating, by a communication module, in a wireless ad hoc network including other apparatuses, sending and receiving, by the communication, module, contributory values of one or more apparatuses within the wireless ad hoc network, sending, by the communication module, the at least one contributory value corresponding to the apparatus, and
generating, by a data structure filter, a seed on a basis of the at least one contributory value corresponding to the apparatus and the contributory values of the one or more apparatuses.
PCT/FI2007/000246 2007-10-15 2007-10-15 Privacy seed with data structure filter WO2009050322A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/FI2007/000246 WO2009050322A1 (en) 2007-10-15 2007-10-15 Privacy seed with data structure filter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2007/000246 WO2009050322A1 (en) 2007-10-15 2007-10-15 Privacy seed with data structure filter

Publications (1)

Publication Number Publication Date
WO2009050322A1 true WO2009050322A1 (en) 2009-04-23

Family

ID=40567049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2007/000246 WO2009050322A1 (en) 2007-10-15 2007-10-15 Privacy seed with data structure filter

Country Status (1)

Country Link
WO (1) WO2009050322A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013144423A1 (en) * 2012-03-30 2013-10-03 Nokia Corporation Identity based ticketing
CN104020347A (en) * 2013-03-01 2014-09-03 北海市聚志电子科技有限公司 Method for fast searching electric energy meter in transformer area

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006119281A2 (en) * 2005-05-03 2006-11-09 Packethop, Inc. Discovery and authentication scheme for wireless mesh networks
US20070177554A1 (en) * 2006-02-01 2007-08-02 Microsoft Corporation Automated Service Discovery and Wireless Network Set-Up

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006119281A2 (en) * 2005-05-03 2006-11-09 Packethop, Inc. Discovery and authentication scheme for wireless mesh networks
US20070177554A1 (en) * 2006-02-01 2007-08-02 Microsoft Corporation Automated Service Discovery and Wireless Network Set-Up

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"First International Workshop on Security for Spontaneous Interaction (IWSSI 2007)", September 2007, article EKBERG, J.-E.: "Implementing Wibree Address Privacy" *
"IEEE 16th International Symposium on Personal, Indoor and Mobile Radio Communications", vol. 3, September 2005, article PAPAPETROU, E. ET AL.: "Speeding-up Cache Lookups in Wireless Ad-Hoc Routing using Bloom Filters", pages: 1419 - 1423, XP010926615, DOI: doi:10.1109/PIMRC.2005.1651679 *
"Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks", June 2007, article REN, K. ET AL.: "Multi-user Broadcast Authentication in Wireless Sensor Networks", pages: 223 - 232, XP031128713 *
"Proceedings of the IEEE International Conference on Communications", June 2007, article MACCARI, L. ET AL.: "Mesh network firewalling with Bloom Filters", pages: 1546 - 1551, XP031125892 *
ZHANG, L. ET AL.: "Integrated location management and location-aided routing system for mobile ad hoc networks", JOURNAL OF PARALLEL AND DISTRIBUTED COMPUTING, vol. 66, no. 3, March 2006 (2006-03-01), pages 367 - 378, XP024904529, DOI: doi:10.1016/j.jpdc.2005.08.003 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013144423A1 (en) * 2012-03-30 2013-10-03 Nokia Corporation Identity based ticketing
CN104428819A (en) * 2012-03-30 2015-03-18 诺基亚公司 Identity based ticketing
US9961075B2 (en) 2012-03-30 2018-05-01 Nokia Technologies Oy Identity based ticketing
CN104020347A (en) * 2013-03-01 2014-09-03 北海市聚志电子科技有限公司 Method for fast searching electric energy meter in transformer area
CN104020347B (en) * 2013-03-01 2017-09-29 北海市聚志电子科技有限公司 A kind of method of the affiliated electric energy meter of fast search platform area transformer

Similar Documents

Publication Publication Date Title
Jan et al. PAWN: a payload‐based mutual authentication scheme for wireless sensor networks
AU2015320663B2 (en) Method of communication and apparatus
Chakrabarty et al. Black SDN for the Internet of Things
US9866389B2 (en) Multi-broadcast beacon signals
CN106664561B (en) System and method for securing pre-association service discovery
Shao et al. pDCS: Security and privacy support for data-centric sensor networks
CN104584602B (en) Encrypting a service announcement message in a discovery packet
Li et al. Energy-efficient and high-accuracy secure data aggregation in wireless sensor networks
Tague et al. Mitigation of control channel jamming under node capture attacks
Wolinsky et al. Dissent in numbers: Making strong anonymity scale
KR101424411B1 (en) Dummy information for location privacy in location based services
Chan et al. PIKE: Peer intermediaries for key establishment in sensor networks
Gerhards-Padilla et al. Detecting black hole attacks in tactical MANETs using topology graphs
Mick et al. LASeR: Lightweight authentication and secured routing for NDN IoT in smart cities
Liu et al. Establishing pairwise keys in distributed sensor networks
Deng et al. INSENS: Intrusion-tolerant routing for wireless sensor networks
Mazhar et al. BeeAIS: Artificial immune system security for nature inspired, MANET routing protocol, BeeAdHoc
EP3340569B1 (en) Generating and using ephemeral identifiers and message integrity codes
Bouassida et al. Group Key Management in MANETs.
CN104604206B (en) Found and the system of beep-page message, method and apparatus for safely transmitting and receiving
Marimuthu et al. Enhanced OLSR for defense against DOS attack in ad hoc networks
EP2137929B1 (en) Method for aggregating data in a network
Nordström et al. A search-based network architecture for mobile devices
Ozdemir et al. Secure data aggregation in wireless sensor networks: A comprehensive overview
Jain Wireless sensor networks: Security issues and challenges

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07823107

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07823107

Country of ref document: EP

Kind code of ref document: A1