WO2012168898A1 - Avoidance of hostile attacks in a network - Google Patents
Avoidance of hostile attacks in a network Download PDFInfo
- Publication number
- WO2012168898A1 WO2012168898A1 PCT/IB2012/052883 IB2012052883W WO2012168898A1 WO 2012168898 A1 WO2012168898 A1 WO 2012168898A1 IB 2012052883 W IB2012052883 W IB 2012052883W WO 2012168898 A1 WO2012168898 A1 WO 2012168898A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- phase
- node
- nodes
- control unit
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the invention relates to a control unit, a system and a method for controlling a network.
- wireless mesh networks attract more and more attention, e.g. for remote control of illumination systems, building automation, monitoring applications, sensor systems and medical applications.
- a remote management of outdoor luminaires so-called telemanagement
- this is driven by environmental concerns, since telemanagement systems enable the use of different dimming patterns, for instance as a function of time, weather conditions or season, allowing a more energy-efficient use of the outdoor lighting system.
- this is also driven by economical reasons, since the increased energy efficiency also reduces operational costs.
- the system can remotely monitor power usage and detect lamp failures, which allows for determining the best time for repairing luminaires or replacing lamps.
- RF radio-frequency
- a central controller In a star network, a central controller has a direct wireless communication path to every node in the network. However, this typically requires a high-power/high- sensitivity base-station-like central controller to be placed at a high location (e.g. on top of a building), which makes the solution cumbersome to deploy and expensive.
- a mesh network the plurality of nodes does in general not communicate directly with the central controller, but via so-called multi-hop communications. In a multi- hop communication, a data packet is transmitted from a sender node to a destination node via one or more intermediate nodes.
- Nodes act as routers to transmit data packets from neighboring nodes to nodes that are too far away to reach in a single hop, resulting in a network that can span larger distances. By breaking long distances in a series of shorter hops, signal strength is sustained. Consequently, routing is performed by all nodes of a mesh network deciding, to which neighboring node the data packet is to be sent.
- a mesh network is a very robust and stable network with high connectivity and thus high redundancy and reliability.
- FIG 1 a typical wireless network with mesh topology is shown.
- the wireless network comprises of a central controller 60 and a plurality of nodes 10 (N) being connected among each other by wireless communication paths 40 in a mesh topology.
- the wireless communication paths 40 between the nodes 10 can be constituted by RF
- the nodes 10 and the central controller 60 can comprise a transceiver for transmitting or receiving data packets via wireless communication paths 40, e.g. via RF transmission.
- a service center 80 is situated and serves for system
- This entity normally communicates with one or more wireless networks over a third party communication channel, such as the Internet or mobile communication networks or other wired or wireless data transmission systems.
- the service center 80 communicates with a central controller 60 of a corresponding network as a commissioning tool in charge of controlling or configuring this network.
- a network can also be divided into segments, so that a node 10 belongs to exactly one segment having one segment controller 60. Therefore, the terms "segment controller” and "central controller” should be seen as exchangeable throughout this description.
- any pair of nodes 10 can communicate with each other over several hops by means of a routing protocol.
- all nodes 10 of the network may share a common key K for authentication that is used to verify hop-by-hop, whether the data packet originates from a network node 10 or from an interfering node.
- a sender node 10 sends a message to a destination node 10 via an intermediate node 10
- the sender node 10 can protect the message at MAC (Media Access Control) layer.
- protection refers to the provision of basis security services such as authentication, integrity, freshness or even confidentiality by means of a standard block cipher mode such as AES-CCM (Advance Encryptions Standard in CCM mode).
- AES-CCM Advanced Encryptions Standard in CCM mode
- the sender node 10 can for instance take the message and attach it to at least one a MIC (Message Integrity Code) generated with the AES-CCM, the common key K, and a counter C associated to the sender node and used to ensure message freshness.
- MIC Message Integrity Code
- the intermediate node 10 Upon reception of this message, the intermediate node 10 will proceed to decode the message using the key K and verify message integrity using the MIC and message freshness based on the counter C. If all verifications are successful, the intermediate node 10 will protect the message again as done by the sender node 10 and forward it to the destination node 10.
- each node 10 in the mesh network verifies the authenticity using the key K and the freshness based on the counter C of a forwarded message, a basic network protection can be provided.
- DoS attack denial of service attack
- the first problem is related to a commissioning phase of the network, wherein not all nodes 10 of the network have been successfully commissioned yet. Therefore, not all nodes 10 have the key K used to realize hop-by- hop security. Yet, during commissioning, a plurality of messages has to be exchanged with the segment controller 60 or even with the service center 80, so that the problem of security arises. Thus, an attacker might send fake commissioning messages overloading the network.
- nodes A and B have already joined the network and thus know about the common key K, while nodes C and D still have to join the network and are not yet successfully commissioned (not knowing about K).
- nodes A and B cannot check, whether these commissioning messages are authentic and fresh, since nodes C and D did not use the key K. Therefore, in this situation, an attacker might send lots of commissioning messages breaking the network and leading to denial of service. It should be noted that this problem does not only arise in the very beginning of the network set-up, but e.g. also when adding new nodes 10 to a network. Thus, nodes 10 being in different operating states or phases, represent a serious security problem to the network.
- the second security problem arises due to limited regional knowledge of the single nodes 10.
- a node 10 cannot store all counters C or the like for all other nodes 10 of the network. Therefore, an attacker might for instance eavesdrop on a communication link on one side of the network and replay those messages in other parts of the network. This is called "wormhole attack" and illustrated in fig. 2.
- a node A eavesdrops on a communication in network part 1 and sends it through a wormhole link (arrow) to node B in network part 2 for replaying the message in network part 2 or vice versa.
- WO 2009/031112 A2 relates to a node and a method for establishing distributed security architecture for a wireless network.
- the invention is based on the idea to consider differences between various network phases to define a phase-aware system. For instance, the characteristics of commissioning, learning and operating phases can be easily distinguished, in particular regarding a vulnerability to hostile attacks. Hence, a commissioning phase may in general be less secure, since neighbor nodes, network parameters and security keys may generally be unknown to a node when joining the network. Therefore, it is suggested that a node may operate in a phase-aware manner and handle at least one of node parameters, neighborhood parameters or other network parameters according to a current network phase. This may particularly relate to handling incoming messages, connections to new or unknown nodes, requests for updating routing tables etc. depending on a current network phase. By these means, security holes, which are necessary or unavoidable for a certain network phase, may be limited in time to the respective phase, thus reducing the network vulnerability to a minimum.
- a control unit for a node of a wireless network which is capable of adjusting at least one operation parameter of the node based on a current network phase and of processing a received data packet based on the adjusted operation parameter.
- the control unit may comprise a phase- adaptation module for setting operation parameters of the node corresponding to the current network phase and a phase-aware module for operating the node accordingly.
- the node behavior may be tailored to the different network phases.
- a network phase may for instance relate to a commissioning phase, during which a node joins the network and is commissioned to be a member of the same, a learning phase, during which a node learns about its neighbors, or a working or operating phase, wherein a node operates within the network.
- a commissioning phase during which a node joins the network and is commissioned to be a member of the same
- a learning phase during which a node learns about its neighbors
- a working or operating phase wherein a node operates within the network.
- any number N of network phases can be defined.
- the current network phase may be determined by predefined phase
- phase characteristics such as a number, rate or frequency of messages (e.g. differentiated for messages having a certain message type, a certain sender) or any other feature, which is characteristic for a certain network phase.
- the phase characteristics can be determined based on common network behavior during this phase.
- the current network phase may be determined locally by the node itself and/or centrally by a central/segment controller or a service center.
- a node may be adapted to determine a current network phase based on data traffic, e.g. by monitoring the network traffic either
- the central/segment controller and/or service center may provide corresponding information to the nodes using secure broadcasting or unicasting or any other kind of transmission.
- the central/segment controller and/or service center provides also further information together with information about the current network phase, e.g. for indicating corresponding values of one or more operation parameters and/or for setting a time period for this network phase, after which the network automatically returns to a previous network phase or to another predefined network phase.
- values of operation parameters may be set centrally for this network phase.
- at least one operation parameter or a set of operation parameters is predefined for at least one network phase, i.e. these operation parameters may be locally defined and stored in the single nodes. In this case, these operation parameters may nevertheless be adjustable for a central/segment controller or service center.
- a central/segment controller and/or service center may announce a certain network phase, i.e. independent of any determination process of the current network situation.
- a certain network phase i.e. independent of any determination process of the current network situation.
- the control unit or the phase-adaptation module of the node may be adapted to switch the node to any one of the network phases by adjusting the operation parameter(s) accordingly.
- At least one network phase is limited to a time interval or operational area.
- the time interval may be predefined or adjustable, e.g. by a central/segment controller or a service center.
- the operational area might represent the whole or a part of the network. This may allow for increased security, since a vulnerable phase, such as a learning or commissioning phase, may automatically be stopped and the network may return to a more secure network phase.
- the network or the nodes are switchable to any intermediate network phase, which is time or area limited. Thus, the network or the nodes stop this intermediate network phase automatically, after the time has passed. Then, they may return to another predefined network phase or to the previous network phase, from which the intermediate network phase was initiated.
- operation parameters of a node include at least one of a maximum or minimum number of messages or a maximum or minimum frequency or rate of messages or an area threshold or a maximum time threshold.
- the messages may be recognized by their type, by their sender node, by their destination, or by any other feature. For instance, during a commissioning phase, a large number of commissioning messages may be allowed or even required, while during an operating phase of the network, it may be not allowed to process any commissioning message. Similarly, only a certain number of messages may be allowed from a certain sender and/or to a certain destination. This is to avoid multiplying and replaying an overheard message in a denial of service attack.
- the operation parameters may include at least one of a routing-update-index indicating whether an update of a routing table is allowed, a setting-update-index indicating whether an update of a node setting is allowed, a commissioning index indicating whether
- commissioning messages are allowed, and a stranger-acceptance-index indicating whether messages from unknown nodes are allowed.
- a node does not know about its neighbor nodes, while during an operating phase, the node may consider the network as being static.
- the at least one operation parameter of the node may be set such that the node is not allowed to update (completely) its routing table and/or to accept or forward messages from stranger nodes.
- the operation parameters may be locally defined for one or more network phases, so that the phase-adaptation module looks up the corresponding values of the operation parameters according to the current network phase.
- the control unit or the phase-aware module of a node is adapted to analyze a received data packet for determining whether the network behavior and/or the data traffic is normal for the current network phase. For instance, a network behavior may be determined based on data traffic. However, the network behavior may also depend on other parameters such as daytime, power supply state and the like. Hence, these parameters may be taken into account for observing network behavior. The observed network behavior may then be compared to predefined phase characteristics. For this, a data packet may be analyzed with respect to its type, its sender, its destination or a last forwarding node. Alternatively or additionally, the frequency or number of received and/or forwarded data packets may be determined. As mentioned before, during a particular network phase, only a certain number of data packets, e.g. of a certain type, may be forwarded. Another example is the processing behavior of the node regarding data packets, whose sender or destination is unknown.
- the control unit or the phase-aware module may determine an attack state.
- the node behavior may be adapted accordingly.
- the control unit of the node may apply counter measures in order to block the attack, e.g. messages to be forwarded may be dropped, processing of data packets may be refused and/or a guilty device may be identified and marked as not trustworthy.
- the control unit of the node may apply counter measures in order to block the attack, e.g. messages to be forwarded may be dropped, processing of data packets may be refused and/or a guilty device may be identified and marked as not trustworthy.
- the control unit may be adapted to trigger an attack alarm. This may relate to transmitting, flooding or broadcasting an alarm message to neighboring nodes or to the central/segment controller or service center.
- the surrounding nodes and/or the responsible controller may be informed about a possible attack and set in the attack state, so that they may react accordingly.
- a central/segment controller or service center may take appropriate countermeasures.
- the attack state may also be determined and/or an attack alarm may be triggered, if the control unit refuses processing of a received data packet based on the adjusted operation parameters of the node. By these means, a denial of service attack can be avoided.
- processing a received data packet includes at least one of forwarding the data packet towards its destination, accepting the data packet as its destination and updating node settings or routing information based on information included in the data packet.
- the node is a luminaire node of a lighting system, such as a street lighting system, a lighting system of a public area or any other large-scale lighting system.
- a system for a wireless network comprises a plurality of nodes, whereof at least some include a control unit according to one of the preceding embodiments, and a central controller or segment controller, wherein the plurality of nodes and the central controller comprise means for wireless communication.
- the wireless network is a radio frequency network, e.g. a network for remote control or telemanagement of a lighting system.
- the central controller may be adapted to determine a current network phase by monitoring the status of one or more nodes.
- the central controller may determine whether one or more nodes have been successfully commissioned or whether a predefined percentage of nodes has been successfully commissioned.
- the status of a plurality of nodes may be determined by an average or mean status of the nodes.
- the central controller may be adapted to inform the nodes about the determined current network phase. This may be realized by broadcasting, unicasting, multicasting or flooding a corresponding message in the network. Alternatively or additionally, the central controller may also inform the network nodes about one or more values of one or more operation parameters according to the current network phase.
- a method for operating a wireless network with a plurality of nodes comprising the steps of adjusting at least one operation parameter of a node based on a current network phase and processing a data packet received by the node based on the adjusted operation parameter.
- the method according to the present invention may be adapted to be performed by a control unit or system according to one of the above-described embodiments of the present invention.
- Fig. 1 illustrates an example of a wireless mesh network
- Fig. 2 illustrates a so-called wormhole attack
- Fig. 3 shows a control unit according to an embodiment of the present
- FIG. 4 shows an example for determining a network phase according to an embodiment of the present invention
- Fig 5 shows a flow diagram for illustrating phase-aware behavior of a node according to an embodiment of the present invention.
- Fig 6 shows a flow diagram for a process of monitoring network behavior according to an embodiment of the present invention.
- Preferred applications of the present invention are actuator networks or sensor networks for different applications such as healthcare, energy management or lighting systems, such as outdoor lighting systems (e.g. for streets, parking and public areas) and indoor lighting systems for general area lighting (e.g. for malls, arenas, parking, stations, tunnels etc.).
- outdoor lighting systems e.g. for streets, parking and public areas
- indoor lighting systems for general area lighting e.g. for malls, arenas, parking, stations, tunnels etc.
- the present invention will be explained further using the example of an outdoor lighting system for street illumination, however, without being limited to this application.
- the telemanagement of outdoor luminaires via radio -frequency network technologies is receiving increasing interest, in particular solutions with applicability for large-scale installations with segments of above 200 luminaire nodes. Since radio frequency (RF) transmissions do not require high transmission power and are easy to implement and deploy, costs for setting up and operating a network can be reduced.
- the data packet transmission may alternatively use infrared
- the number of luminaire nodes 10 is extremely high. Hence, the size of the network is very large, especially when compared to common wireless mesh networks, which typically contain less than 200 nodes. In addition, the nodes 10 typically have limited processing capabilities due to cost
- the telemanagement system for an outdoor lighting control network is stationary, i.e. the luminaire nodes 10 do not move. Since the luminaire nodes 10 (e.g. the lamp poles) are stationary, node positions will not change over time. Thus, the physical positions of the nodes 10, for instance GPS-coordinates or other position data, may be known in the system, enabling geographic or position-based routing using pre-programmed or predefined positions, so that no GPS receiver is required in the single nodes 10. In addition, the nodes 10 do not need to send position information updates to other nodes 10.
- control unit 100 In Fig. 3, an exemplary embodiment of a control unit 100 according to the present invention is shown.
- This control unit can be configured to be insertable in an already existing luminaire node 10 for upgrading the same, maybe as update software or the like.
- the control unit 100 comprises a phase-adaptation module 110 and a phase-aware module 120 for adapting the operational behavior of the node 10 to a current network phase.
- the phase-adaptation module 110 and the phase-aware module 120 can also be realized as a combined module.
- the control unit 100 may further comprise a memory 130 for storing operation parameters, routing tables, network phases and other settings of the node.
- a transmission unit may be included for wireless communication, such as radio frequency based communication (GPRS) and the like.
- GPRS radio frequency based communication
- the phase-adaptation module 110 adjusts operation parameters of the node 10 according to the current network phase. For instance, when it is determined that the network phase has changed, the phase-adaptation module 110 of the control unit 100 adjusts the one or more of the operation parameters accordingly.
- the values of the operation parameters can be predefined for the different network phases and stored locally at the nodes 10. Alternatively, the operation parameters can be communicated to the nodes 10 by the service center 80 or the segment controller 60.
- the phase-aware module 120 of the control unit 100 handles the received data packet according to the settings of the operation parameters. Therefore, the nodes 10 of the network are aware of the current network phase and its associated operation parameters.
- operation parameters can relate to forwarding, accepting or processing a data packet, updating the routing tables or accepting configuration or commissioning messages.
- the operation parameter of the node 10 relating to acceptance of commissioning messages will be set such that the node 10 accepts commissioning messages and processes them appropriately.
- no commissioning messages may be accepted.
- it can be determined by an operation parameter, e.g. by a stranger-acceptance-index, that messages received from unknown sender nodes or from unknown intermediate nodes are admissible during the commissioning phase or learning phase, but not during the operating phase.
- a number of messages per unit time may be defined, which may be set for a certain message type. For instance, during the commissioning phase, any node 10 is allowed to forward a predefined number nl of commissioning messages per unit time, but during the operating phase, a node 10 is only allowed to forward up to n2 commissioning messages per unit time, e.g., with nl>n2.
- the phase-aware module 120 can be adapted to keep track of the number n of forwarded commissioning messages during the last unit of time At. When this number n exceeds a given threshold (e.g., n>n p aS e), which can be set differently for each network phase, e.g.
- nl for the commissioning phase and n2 for the operating phase the node 10 drops all these commissioning messages in order to avoid flooding of the network by fake commissioning messages.
- the number of messages might have to be in a specific range.
- a frequency can be defined as operation parameter.
- a further example for an operation parameter is a routing-update-index indicating, whether the update of routing tables is allowed. For instance, a node 10 learns, which nodes 10 are its neighbors or close-by. This information can be used in routing protocols, e.g. a node 10 only forwards messages from/to those nodes listed in its routing table. For instance, the creation of routing tables can be limited to a certain time period, e.g.
- the phase-adaptation module 110 can set the routing-update-index from "update allowed" to "update prohibited". Thus, during the operating phase, routing information is locked, so that the routing table cannot be changed.
- the phase-aware module 120 can check the operation parameter of the routing-update-index in order to determine whether the update of the routing table is admitted. In general, only minimal changes should be allowed during the operating phase. Therefore, after the learning phase, a node 10 of the network considers the network to be substantially static and may not allow an update of the routing table. By these means, it can be avoided that far away attacker nodes, e.g. wormhole nodes A or B, are integrated in the routing tables of the nodes 10 as neighbor nodes at a later time, thereby causing network disruption or denial of service.
- far away attacker nodes e.g. wormhole nodes A or B
- the current network phase can either be locally determined at the individual nodes 10 or centrally by the service center 80 or by the segment controller 60.
- the segment controller 60 or the service center 80 can be adapted to monitor the status of the nodes 10 in order to determine the current network phase.
- the network phase may be defined in terms of time.
- the segment controller 60 or the service center 80 can securely broadcast to the network or unicast to each node 10 information about the current network phase.
- the segment controller 60 may also broadcast or unicast operation parameters associated to the respective network phase.
- the segment controller 60 or the service center 80 can, e.g., monitor the nodes 10 of the network and the network traffic. For instance, when a node 10 joins the network, it is in commissioning mode. This state can be pre-configured, e.g. in the factory. The percentage of nodes 10 having already joined the network can then be centrally observed, e.g. by the segment controller 60 or by the service center 80, in order to determine the current network phase. By way of example, if the percentage of the successfully commissioned nodes 10 exceeds a predetermined threshold, usually close to 100, the segment controller 60 or service center 80 can inform the network that the commissioning phase is completed and that the network phase has changed to the learning phase.
- a predetermined threshold usually close to 100
- the phase-adaptation modules 110 of the nodes 10 adjust the operation parameters accordingly. If values of the operation parameters associated to the new network phase are also communicated by the segment controller 60 or the service center 80, the phase-adaptation modules 110 set the operation parameters of the nodes 10 correspondingly. After a given period of time, which can be fixed dependent on the network size or on the feedback collected from the nodes 10 of the network, the service center 80 or segment controller 60 can determine to change the current network phase from the learning phase to the operating phase. Again, the nodes 10 of the network are informed about the new network phase.
- a distributed management of the network phases is suggested.
- the current network phase is determined locally at the node 10, e.g. based on received messages or by observing the network traffic.
- each node 10 knows that it will go through at least three network phases, i.e. a
- the node 10 When a node 10 is installed in the network, it will join the network to be commissioned. During this period of time, the node 10 will observe new nodes 10 appearing and the node 10 will have to forward commissioning messages from other nodes 10. Therefore, the node 10 can keep track of the number of forwarded commissioning messages per unit time, as illustrated in the upper graph of fig. 4. After some time, i.e. towards the end of the network commissioning, the node 10 will observe a drop in the number of commissioning messages at some time ti.
- the node 10 will determine that the commissioning phase is completed and that the current network phase has changed, e.g. to the operating phase, as depicted on the lower graph of fig. 4. Thus, the node 10 can rely on own information to gain information about the current network phase without requiring intervention of the segment controller 60 or the service center 80.
- the network nodes 10 are switchable to any of the network phases, regardless of whether they have been in this phase before. For instance, a RF lighting system, which is already in the operating phase, may have occasionally to be extended by additional luminaire nodes 10. In this case, it may be advantageous to switch the network to an intermediate network phase, e.g. to one of the initial network phases such as the commissioning or learning phase, depending on the circumstances.
- the segment controller 60 is in charge of the management of the network. Before the network is extended for adding new luminaire nodes 10, the segment controller 60 informs the network about the situation, e.g. by means of securely broadcast or unicast.
- the network can be informed that new luminaire nodes 10 will be included and that non- verifiable messages such as commissioning messages are allowed to be forwarded.
- the network nodes 10 can be informed that it is allowed to update routing tables or general parameters or settings of the node 10.
- the phase-adaptation modules 110 of the single nodes 10 can set operating parameters, e.g. the routing-update- index or setting-update-index, correspondingly for indicating the new processing rules to the phase-aware module 120.
- an appropriate combination of operation parameters can be set by the segment controller 60 including e.g. at least one of the commissioning index, the stranger-acceptance-index, the threshold number of messages, the routing-update-index, an area threshold, a maximum time threshold and the setting-update-index.
- the security of the network is weakened. Therefore, one or more of these operation parameter settings may be limited to a certain time window.
- the segment controller 60 informs the network nodes 10, when the intermediate network phase is completed. Then, the phase- adaptation modules 110 of the nodes 10 will reset the temporarily changed operation parameters to the values of the operation parameters corresponding to the network phase, from which the temporal phase has been initiated. By these means, the network remains flexible for changes.
- FIG. 5 an example for processing a received data packet corresponding to the current network phase is shown.
- the current network phase is determined either centrally or locally (S500).
- a node 10 knows about the current network phase and its operation parameters are set accordingly by the phase-adaptation module 110 (S510). If the node 10 receives a data packet (S520), the data packet is analyzed (S510). This analysis may only relate to checking whether the data packet is complying with the set operation parameters of the node 10, i.e. whether processing of the data packet is admitted according to the operation parameters.
- step S530 may additionally include further analysis, e.g. with respect to at least one of the sender node, the forwarding node, from which the data packet is received, the destination node, or security parameters included in the data packet such as a counter C associated to the forwarding node, a message integrity code MIC or the like. Based on the result of the analysis, it is decided whether to accept the data packet or not (S540).
- the data packet is dropped (S540). However, if the data packet complies with the conditions of the operation parameters and if all additional analysis has been positive, the data packet is accepted in step (S550) and the phase-aware module 120 proceeds to process the data packet based on the current operation parameters. For instance, depending on the situation, the data packet can be forwarded to its next-hop node towards its final destination or it can be decoded, if the receiving node 10 is the final destination. Also, processing may comprise using information included in the data packet for updating routing tables or settings of the node 10, if this is allowed according to the operation parameters of the node 10.
- the operation parameters of the node 10 are set corresponding to the current network phase and received data packets are processed correspondingly, the behavior of the network nodes 10 can be adapted to the current network phase. By these means, the vulnerability of the network can be reduced to the minimum.
- a detection of an attack is illustrated according to an embodiment of the present invention.
- the node 10 is aware of the current network phase and its operation parameters are set accordingly.
- the node 10 observes the network behavior either continuously or in predetermined time intervals (S600).
- the node 10 monitors the data traffic, e.g. by means of received data packets, data packets to be forwarded and the like.
- the network behavior is analyzed in order to determine, whether the network behavior is allowed. This can be performed by the phase- aware module 120 of the node 10 based on the current operation parameters.
- this determination process of step S 610 corresponds to the analysis of single data packets, e.g. as described with respect to fig.
- step S530 When the network behavior was found to be unusual or not allowed for the current network phase, the node 10 is set into an attack state (S620). In particular, if a node 10 notices that processing of a data packet is refused, e.g. due to the analysis result in step S530 or that it is not allowed to perform a requested action on the data packet, such as to forward a received data packet, the node 10 can determine an attack state (S620). Preferably, the attack state is not activated by a single incident, but after a certain number of such incidents. A corresponding threshold may be predefined at the node 10. After the attack state is activated, the node 10 can act accordingly.
- the node 10 can transmit an attack alarm to the network or the segment controller 60 or to the service center 80, using broadcast, unicast, flooding or the like, in order to activate the attack state at other nodes 10 or to inform the segment controller 60 or the service center 80.
- the operation parameters of the node 10 in the attack state can be set to the most restrictive and secure settings.
- all received messages, which have to be forwarded, are dropped. By these means, an attack can be warded off, before it can do any harm to the network.
- the initiation of hostile attacks can be impeded and ongoing hostile attacks can be blocked by means of a phase-aware node behavior.
- the vulnerability of the network is minimized.
- the ability to switch the network into any of the network phases the network remains flexible for upgrades, changes or extension. This can be all achieved according to the present invention, without complicating the single node operation or degrading the communication efficiency.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Selective Calling Equipment (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2014100165A RU2617931C2 (en) | 2011-06-10 | 2012-06-07 | Prevention of hostile network attacks |
JP2014514208A JP5911569B2 (en) | 2011-06-10 | 2012-06-07 | Avoiding hostile attacks in the network |
US14/122,050 US10178123B2 (en) | 2011-06-10 | 2012-06-07 | Avoidance of hostile attacks in a network |
EP19216372.3A EP3661245B1 (en) | 2011-06-10 | 2012-06-07 | Avoidance of hostile attacks in a network |
EP12730655.3A EP2719212B1 (en) | 2011-06-10 | 2012-06-07 | Avoidance of hostile attacks in a network |
CN201280028391.7A CN103583061B (en) | 2011-06-10 | 2012-06-07 | Malicious attack in network avoids |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11169392 | 2011-06-10 | ||
EP11169392.5 | 2011-06-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012168898A1 true WO2012168898A1 (en) | 2012-12-13 |
Family
ID=46397348
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2012/052883 WO2012168898A1 (en) | 2011-06-10 | 2012-06-07 | Avoidance of hostile attacks in a network |
Country Status (9)
Country | Link |
---|---|
US (1) | US10178123B2 (en) |
EP (2) | EP3661245B1 (en) |
JP (1) | JP5911569B2 (en) |
CN (1) | CN103583061B (en) |
DK (1) | DK3661245T3 (en) |
ES (1) | ES2959495T3 (en) |
FI (1) | FI3661245T3 (en) |
RU (1) | RU2617931C2 (en) |
WO (1) | WO2012168898A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014156177A1 (en) * | 2013-03-27 | 2014-10-02 | Nec Corporation | A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system |
EP2890079A1 (en) * | 2013-12-31 | 2015-07-01 | Cisco Technology, Inc. | Attack mitigation using learning machines |
CN104994506A (en) * | 2015-07-20 | 2015-10-21 | 大连海事大学 | Mobile base station position protection method and system based on attacker detection |
US11303653B2 (en) | 2019-08-12 | 2022-04-12 | Bank Of America Corporation | Network threat detection and information security using machine learning |
US11323473B2 (en) | 2020-01-31 | 2022-05-03 | Bank Of America Corporation | Network threat prevention and information security using machine learning |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5940910B2 (en) * | 2012-06-25 | 2016-06-29 | 株式会社メガチップス | Communication network and wide area communication network |
CN104854891A (en) * | 2012-12-06 | 2015-08-19 | 日本电气株式会社 | Mtc key management for sending key from network to ue |
CN103957526B (en) * | 2014-05-20 | 2017-08-08 | 电子科技大学 | Worm-hole attack localization method |
US10721267B1 (en) * | 2014-07-18 | 2020-07-21 | NortonLifeLock Inc. | Systems and methods for detecting system attacks |
US11265154B2 (en) * | 2017-01-05 | 2022-03-01 | Koninklijke Philips N.V. | Network device and trusted third party device |
JP7433323B2 (en) | 2019-01-10 | 2024-02-19 | シグニファイ ホールディング ビー ヴィ | How to provide secure operation of lighting networks |
US11263308B2 (en) | 2019-03-25 | 2022-03-01 | Micron Technology, Inc. | Run-time code execution validation |
ES2945643T3 (en) | 2019-07-18 | 2023-07-05 | Signify Holding Bv | lighting device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009031112A2 (en) | 2007-09-07 | 2009-03-12 | Philips Intellectual Property & Standards Gmbh | Node for a network and method for establishing a distributed security architecture for a network |
EP2120181A1 (en) * | 2008-05-15 | 2009-11-18 | Deutsche Telekom AG | A sensor node, a sensor network and a method for autonomous decision-making in sensor networks |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7836503B2 (en) * | 2001-10-31 | 2010-11-16 | Hewlett-Packard Development Company, L.P. | Node, method and computer readable medium for optimizing performance of signature rule matching in a network |
CA2363795A1 (en) * | 2001-11-26 | 2003-05-26 | Cloakware Corporation | Computer system protection by communication diversity |
GB0317308D0 (en) * | 2003-07-24 | 2003-08-27 | Koninkl Philips Electronics Nv | Wireless network security |
JP4636864B2 (en) * | 2004-11-30 | 2011-02-23 | 株式会社エヌ・ティ・ティ・ドコモ | Relay equipment |
CN1333553C (en) * | 2005-03-23 | 2007-08-22 | 北京首信科技有限公司 | Program grade invasion detecting system and method based on sequency mode evacuation |
US20070066297A1 (en) * | 2005-09-20 | 2007-03-22 | Ghobad Heidari-Bateni | Network monitoring system and method |
JP4752607B2 (en) * | 2006-05-16 | 2011-08-17 | ソニー株式会社 | Wireless communication system, wireless communication device, wireless communication method, and computer program |
DE102006027462B4 (en) * | 2006-06-12 | 2009-06-18 | Nec Europe Ltd. | Method for operating a wireless sensor network |
US8264168B2 (en) | 2007-05-09 | 2012-09-11 | Koninklijke Philips Electronics N.V. | Method and a system for controlling a lighting system |
US8594976B2 (en) | 2008-02-27 | 2013-11-26 | Abl Ip Holding Llc | System and method for streetlight monitoring diagnostics |
KR101569928B1 (en) * | 2008-06-04 | 2015-11-17 | 코닌클리케 필립스 엔.브이. | Method of establishing a wireless multi-hop network |
CN101883017B (en) | 2009-05-04 | 2012-02-01 | 北京启明星辰信息技术股份有限公司 | System and method for evaluating network safe state |
KR101048510B1 (en) * | 2009-05-06 | 2011-07-11 | 부산대학교 산학협력단 | Method and apparatus for enhancing security in Zigbee wireless communication protocol |
CN102893666A (en) | 2010-05-21 | 2013-01-23 | 皇家飞利浦电子股份有限公司 | Method and device for forwarding data packets |
KR101414176B1 (en) * | 2013-06-07 | 2014-07-02 | 한국전자통신연구원 | Apparatus and method for analyzing vulnerability of zigbee network |
-
2012
- 2012-06-07 US US14/122,050 patent/US10178123B2/en active Active
- 2012-06-07 EP EP19216372.3A patent/EP3661245B1/en active Active
- 2012-06-07 WO PCT/IB2012/052883 patent/WO2012168898A1/en active Application Filing
- 2012-06-07 EP EP12730655.3A patent/EP2719212B1/en active Active
- 2012-06-07 FI FIEP19216372.3T patent/FI3661245T3/en active
- 2012-06-07 CN CN201280028391.7A patent/CN103583061B/en active Active
- 2012-06-07 ES ES19216372T patent/ES2959495T3/en active Active
- 2012-06-07 DK DK19216372.3T patent/DK3661245T3/en active
- 2012-06-07 JP JP2014514208A patent/JP5911569B2/en active Active
- 2012-06-07 RU RU2014100165A patent/RU2617931C2/en active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009031112A2 (en) | 2007-09-07 | 2009-03-12 | Philips Intellectual Property & Standards Gmbh | Node for a network and method for establishing a distributed security architecture for a network |
EP2120181A1 (en) * | 2008-05-15 | 2009-11-18 | Deutsche Telekom AG | A sensor node, a sensor network and a method for autonomous decision-making in sensor networks |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014156177A1 (en) * | 2013-03-27 | 2014-10-02 | Nec Corporation | A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system |
EP2890079A1 (en) * | 2013-12-31 | 2015-07-01 | Cisco Technology, Inc. | Attack mitigation using learning machines |
US9398035B2 (en) | 2013-12-31 | 2016-07-19 | Cisco Technology, Inc. | Attack mitigation using learning machines |
CN104994506A (en) * | 2015-07-20 | 2015-10-21 | 大连海事大学 | Mobile base station position protection method and system based on attacker detection |
CN104994506B (en) * | 2015-07-20 | 2018-06-19 | 大连海事大学 | A kind of mobile base station guarded by location method and system based on attacker's detection |
US11303653B2 (en) | 2019-08-12 | 2022-04-12 | Bank Of America Corporation | Network threat detection and information security using machine learning |
US11323473B2 (en) | 2020-01-31 | 2022-05-03 | Bank Of America Corporation | Network threat prevention and information security using machine learning |
Also Published As
Publication number | Publication date |
---|---|
JP5911569B2 (en) | 2016-04-27 |
FI3661245T3 (en) | 2023-10-09 |
EP2719212A1 (en) | 2014-04-16 |
DK3661245T3 (en) | 2023-10-16 |
JP2014523668A (en) | 2014-09-11 |
CN103583061A (en) | 2014-02-12 |
EP3661245A1 (en) | 2020-06-03 |
EP3661245B1 (en) | 2023-08-09 |
RU2617931C2 (en) | 2017-04-28 |
EP2719212B1 (en) | 2020-04-08 |
RU2014100165A (en) | 2015-07-20 |
US20140096253A1 (en) | 2014-04-03 |
ES2959495T3 (en) | 2024-02-26 |
US10178123B2 (en) | 2019-01-08 |
CN103583061B (en) | 2018-06-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3661245B1 (en) | Avoidance of hostile attacks in a network | |
US11432147B2 (en) | Untethered access point mesh system and method | |
JP4473129B2 (en) | Wireless communication method and system with controlled WTRU peer-to-peer communication | |
WO2006078407A2 (en) | Method and apparatus for responding to node abnormalities within an ad-hoc network | |
EP1264449B1 (en) | A method for data communication in a self-organising network with decision engine | |
EP2826304B1 (en) | Method and system for preventing the propagation of ad -hoc networks | |
CN105359627A (en) | A method for operating a communication device in a communication network, a communication device, a luminaire equipped with such communication device | |
US20150173154A1 (en) | Commissioning method and apparatus | |
Heo et al. | Mitigating stealthy jamming attacks in low-power and lossy wireless networks | |
Zhang et al. | Enhanced OLSR routing for airborne networks with multi-beam directional antennas | |
EP1871045B1 (en) | Detecting and bypassing misbehaving nodes in distrusted ad hoc networks | |
Kim et al. | Power-efficient MAC scheme using channel probing in multirate wireless ad hoc networks | |
Janani et al. | Survey of Packet Dropping attack in MANET | |
Hamad et al. | Comprehensive Overview of Security and Privacy of Data Transfer in Wireless ad Hock Network | |
Bharathi et al. | High throughput analysis using topological control & authentication scheme in MANET | |
Ghosh et al. | Security challenges in reactive mobile ad hoc network | |
Papadimitratos | Secure ad hoc networking | |
Malarvizhi et al. | Malicious node detection scheme for upgraded femtocell architecture in wireless mesh networks | |
Mahajan et al. | A Review of ‘MANET’s Security Aspect and Challenges with Comprehensive Study of SIDS for Discovering Malicious Nodes | |
Medidi et al. | A lightweight key distribution mechanism for wireless sensor networks | |
Lykouropoulos et al. | Connect street light control devices in a secure network | |
Pirzada et al. | Performance Comparison of Reactive Routing Protocols Under Attack Conditions | |
Rani et al. | Evaluation and Analysis of Wireless Networks & MANETS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12730655 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012730655 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14122050 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2014514208 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2014100165 Country of ref document: RU Kind code of ref document: A |