WO2014116152A1 - Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof - Google Patents

Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof Download PDF

Info

Publication number
WO2014116152A1
WO2014116152A1 PCT/SE2013/050059 SE2013050059W WO2014116152A1 WO 2014116152 A1 WO2014116152 A1 WO 2014116152A1 SE 2013050059 W SE2013050059 W SE 2013050059W WO 2014116152 A1 WO2014116152 A1 WO 2014116152A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor
communication
communication apparatus
relaying
address information
Prior art date
Application number
PCT/SE2013/050059
Other languages
French (fr)
Inventor
Ryoji Kato
Vlasios Tsiatsis
Sébastien PIERREL
Jakob Saros
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to PCT/SE2013/050059 priority Critical patent/WO2014116152A1/en
Publication of WO2014116152A1 publication Critical patent/WO2014116152A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/125Protection against power exhaustion attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates in general to provisioning an access list from a communication apparatus to a relaying apparatus, and in particular to providing an access control securely in sensor
  • Wireless sensor networks are networks which allow communications among sensors functioning as wireless nodes.
  • IP-based sensors in which IP addresses are embedded are emerging in IoT (Internet of Things) industries.
  • IP-based sensors may be connected in sensor networks which are standardized by, for example, CoAP (Constrained Application Protocol) and Zigbee IP.
  • CoAP Consstrained Application Protocol
  • Zigbee IP Wireless Sensor Network
  • a service provider can provide services to users based on information collected through communication with sensors.
  • DoS attack Delivery of Service attack
  • DoS attacks are the kind of attacks which make a target go down or make it operate incorrectly by injecting a massive amount of
  • a DoS attack may cause a problem for small powered sensors which are adequate for short-range communications. This is because such sensors may consume their battery rapidly when they receive
  • sensors are capable of protecting themselves against virus packets, they are not capable of protecting themselves against DoS attacks. As a result, an attacked sensor's
  • the present invention is intended to address the above-described problem, and it is a feature thereof to introduce a technique for enabling a
  • a communication apparatus e.g. a resource directory
  • a relaying apparatus e.g. a gateway
  • a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
  • the communication comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
  • a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
  • the control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
  • a computer program which causes a computer to execute a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
  • the control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
  • a relaying apparatus which is connected to a sensor and relays communications of the sensor.
  • the relaying apparatus comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and an authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
  • a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor.
  • the control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
  • a computer program which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor.
  • the control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a
  • a system including a communication apparatus and a relaying apparatus.
  • the communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
  • the relaying apparatus configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
  • relaying apparatus which is connected to the sensor and relays communications of the sensor, comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and a authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
  • Fig.l illustrates an environment assumed in the present invention.
  • Fig.2 illustrates an exemplary system
  • Fig.3 illustrates an exemplary block diagram of a resource directory according to embodiments of the present invention.
  • Fig.4 illustrates an exemplary block diagram of a gateway according to embodiments of the present invention.
  • Fig.5 illustrates an exemplary access list according to embodiments of the present invention.
  • Fig.6 illustrates exemplary operations for provisioning an access list according to embodiments of the present invention.
  • Fig.7 illustrates alternative exemplary operations for provisioning an access list according to embodiments of the present invention.
  • a gateway functioning as a relaying apparatus that is connected to sensors can be arranged in sensor
  • the gateway contains an access list of external apparatuses, e.g. service providers, which are allowed to access sensors connected to the gateway, and it can prevent unexpected messages from reaching sensors by blocking access of external apparatuses which are not listed in an access list.
  • external apparatuses e.g. service providers
  • Fig.l illustrates an exemplary environment assumed in the present invention. It is assumed that the environment may be supported by an IPv6-based network.
  • the environment includes a resource directory 101, a sensor vendor 102, a service provider 103, and an IPv6 sensor 104.
  • the service provider 103 may provide services to users by communicating with the IPv6 sensor 104.
  • a sensor vendor 102 is a vendor which manufactured and shipped the IPv6 sensor 104 with the IPv6 address of the resource directory 101 embedded.
  • the resource directory 101 has a role to provide a secure connection between the IPv6 sensor 104 and the service provider 103 as described in detail later.
  • the resource directory 101 may be defined in IETF (Internet Engineering Task Force) CoRE WG
  • the IPv6 sensor 104 is a sensor which has an embedded IPv6 address and low output power.
  • the IPv6 sensor 104 may be powered by battery.
  • the service provider 103 and the sensor vendor 102 have a business relationship.
  • the service provider 103 can delegate access control management to the sensor vendor 102 or vice versa.
  • the sensor vendor 102 (or the service provider 103) runs and administrates the resource directory 101, and ships the IPv6 sensor 104 with the IPv6 address or FQDN (Full Qualified Domain Name) of the resource directory 101 embedded.
  • the IPv6 sensor 104 When the IPv6 sensor 104 powers on, it can send a message for requesting registration, i.e., a registration message to the resource directory 101 to the embedded IPv6 address or FQDN of the resource directory 101 in order to register address information of the sensor to the resource directory 101 for
  • the service provider 103 obtains the IPv6 sensor 104 address by looking up the address in the resource directory 101, and then starts to access the IPv6 sensor 104 and provide services to users based on sensed information received from the IPv6 sensor 104.
  • a gateway functioning as a relaying apparatus between the service provider 103/the resource directory 101 and the IPv6 sensor may be further considered in order to avoid attacks and ensure secure networks as described above.
  • Fig.2 illustrates an exemplary system
  • the resource directory 101 functions as a communication apparatus according to embodiments of the present invention.
  • the resource directory 101 implements basic functions to communicate with the IPv6 sensors 104 via the gateway 105, receive a registration message from the IPv6 sensors 104, and provide an access list of external apparatuses which are allowed to access the IPv6 sensors 104 to the gateway 105 to which the IPv6 sensors 104 are connected.
  • the gateway 105 functions as a relaying apparatus according to embodiments of the present invention.
  • the gateway 105 implements basic functions to receive the access list from the resource directory 101.
  • the gateway 105 may relay a communication to the IPv6 sensors 104 if the communication is from the service provider 103 which is included in the list sent from the resource directory 101.
  • each of the sensors may send a registration message to the resource
  • IPv6 sensors 104 may sense a temperature, a distance, traffic, an acceleration, and etcetera, and may capture an image.
  • the IPv6 sensors 104 may be a general IPv6 sensor, but are not required to have any specific functions for the present
  • Communication between the resource directory 101 and the IPv6 sensors 104 is performed via the gateway 105.
  • the gateway 105 relays messages sent from the plurality of IPv6 sensors 104 to the resource directory 101.
  • the gateway 105 may monitor the message so that it may perform access control between the resource directory 101 and the sensors 104.
  • communication between the gateway 105 and the IPv6 sensors 104 may be over a wireless sensor network for short-range communication (e.g. IEEE 802.15.4, Zigbee etc).
  • communication between the resource directory 101 and the gateway 105 may be over a wireless or a wired network for wide-area communication (e.g. Internet).
  • the gateway 105 receives the registration message from the IPv6 sensors 104, and sends them to the resource directory 101. Since the gateway 105 may monitor communication between the resource directory 101 and the IPv6 sensors 104, it may extract the message and verify it.
  • the resource directory 101 receives the registration message from the IPv6 sensor 104 via the gateway 105, it registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface etc. ) . Also, the resource directory 101 determines the address
  • the resource directory 101 may send the access list to the gateway 105.
  • the gateway 105 receives the access list from the resource directory 101, and authenticates the resource directory 101 in order to validate the access list. If the resource directory 101 is
  • the gateway 105 may relay communication from the external apparatus listed in the access list to the sensors 104.
  • Fig.3 illustrates an exemplary configuration of the resource directory 101 as a communication apparatus according to embodiments of the present invention.
  • the resource directory 101 includes a communication unit 301, a determination unit 304 and a registration unit 305.
  • the communication unit 301 includes a receiving unit 302 and a
  • the transmitting unit 303 for communicating with the gateway 105 and external apparatuses such as the sensor vendor 102 and the service provider 103.
  • the receiving unit 302 is a receiver for receiving information from apparatuses connected to the resource directory 101, including the registration message sent from the sensor 104 via the gateway 105.
  • the transmitting unit 303 is a transmitter for transmitting information to the apparatus connected to the resource directory 101. According to embodiments of the present invention, the transmitting unit 303 may transmit an access list to the gateway 105.
  • the transmitting unit 303 may transmit an electronic certificate in addition to the access list for achieving more secure connections.
  • the resource directory 101 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface.
  • CPU central processing unit
  • ROM read only memory
  • RAM random access memory
  • the determination unit 304 and the registration unit 305 of the resource directory 101 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area.
  • the functionality of the communication unit 301 of the resource directory 101 may be
  • the registration message to be received by the receiving unit 302 may include source IPv6 address information of the sensor 104.
  • the address information of the sensor 104 may contain the partial address information unique to a network
  • the address information of the gateway 105 may contain a prefix part of 64 bits unique to the network
  • the address information of the resource directory 101 may contain a prefix part of 64 bits unique to a network connecting the resource directory 101, and an interface ID part of 64 bits provided to the resource directory 101.
  • the determination unit 304 determines the address information of the gateway 105 using the address information of the sensor 104 in order to send the access list to the gateway 105. If the resource directory 101 has no address information of the gateway 105, it may newly determine the address information of the gateway 105 using the address information of the sensor 104. According to one embodiment of the present invention, the interface ID part of the gateway 105 may be prepared in advance and shared between gateways. In other words, the interface ID part of the gateway may be standardized. The determination unit 304 may
  • the determination unit 304 may generate the interface ID part by arranging the standardized address.
  • the determination unit 304 may determine address information of the gateway 105 by selecting it from the stored list based on the prefix part of the address information of the sensor.
  • the registration unit 305 registers
  • IPv6 sensor 104 information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
  • Fig.4 illustrates an exemplary configuration of the gateway 105 as a relaying apparatus according to embodiments of the present invention.
  • the gateway 105 includes a communication unit 401, a monitoring unit 402, and an authentication unit 403.
  • the communication unit 401 may communicate with the sensor 104 via a wireless sensor network, while it may communicate with the resource directory 101 via a wireless or wired network.
  • the communication unit 401 constructs a network between the gateway 105 and the sensor 104 when the sensor 104 is powered on, where the address information of the sensor 104 is determined to include the prefix part which was assigned by the communication unit 401 and the
  • the sensor 104 may send the
  • the communication unit 401 will receive the registration message from the sensor 104. After receiving the registration message, the communication unit 401 provides it to the monitoring unit 402. The monitoring unit 402 may determine if the received message is the registration message by checking a message type which is included in the registration message. If the received message is the registration message, the communication unit 401 sends (relays) the registration message to the resource directory 101, and then receives an access list of external apparatuses which are allowed to access the sensor 104, from the resource directory 101.
  • the monitoring unit 402 monitors information which is received by the communication unit 401 and provided to the monitoring unit 402 from the
  • the monitoring unit 402 monitors for the registration message and caches and stores it when the communication unit 401 receives the registration message. This registration message will be used for authenticating the resource directory 101 later. Also, the monitoring unit 402 stores an access list which is received from the authenticated resource directory 101 by the authentication unit 403, and determines if an access request to the sensor 104 is transmitted from the external apparatus which is listed in the list. [0045] The authentication unit 403 authenticates the resource directory based on the IPv6 address
  • IPv6 address of the resource directory 101 is the same as the
  • the authentication may be performed using the certificate which is sent from the resource directory 101. If the resource directory 101 was successfully authenticated, the gateway 105 subsequently relays communication to the sensor 104 from the external apparatus listed in the access list.
  • the gateway 105 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface.
  • CPU central processing unit
  • ROM read only memory
  • RAM random access memory
  • the functionality of the monitoring unit 402 and the authentication unit 403 of the gateway 105 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area.
  • functionality of the communication unit 401 of the gateway 105 may be implemented by the interface.
  • Fig. 5 illustrates an exemplary access list according to one embodiment of the present invention.
  • the access list may list address information of the external apparatuses which are allowed to access the sensor 104. Such a list is generated for each sensor, because it is necessary for each sensor to have
  • the list may include sensor identification information to identify the list for the specific sensor. Also, the list may include other contents, e.g., certificates and other components that indicate directly or indirectly a destination of each of the external apparatuses.
  • Fig.6 illustrates an exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list in the gateway 105 according to embodiments of the present invention.
  • resource directory 101 is assigned to the resource directory 101 by an external apparatus, e.g., a service provider in S601. Note that the address information of the resource directory 101 is also provided to the sensor 104 in advance by an external apparatus, e.g. a sensor vendor 102.
  • the gateway 105 sets up a local sensor
  • DHCPv6 DHCPv6
  • the gateway 105 determines its own address information in S602.
  • the gateway 105 may assign well-known interface
  • the gateway 105 may
  • the sensor 106 boots (powers on) for starting to set up a network.
  • the prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104, is assigned to the sensor 104 in S605. The sensor 104 then
  • the sensor 104 then sends a registration message using the address information of the resource directory 101 as a destination address and the address information of the sensor as a source address in S606. Note that, as described above, the address information of the resource directory 101 has already been provided to the sensor 104 by an external apparatus, e.g. the sensor vendor 102. [0054] The registration message sent from the sensor
  • the communication unit 401 provides the received registration message to the monitoring unit 402 of the gateway.
  • the monitoring unit 402 determines whether the provided message is the registration message from the sensor 104 with reference to the message type included in the message. If the provided message is the registration message, the monitoring unit 402 caches the message for the purpose of further processing.
  • the gateway After the monitoring processing, the gateway
  • the registration unit 305 registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
  • the resource directory 101 determines address information of the gateway 105 in S609. This process may be
  • this process may be performed by using the address information of the sensor included in the registration message sent from the sensor, if it has no address information of the gateway 105. Alternatively this process may be performed by selecting address information from the stored address information in the resource directory 101 as described before.
  • the resource directory 101 After determining the address information of the gateway 105, the resource directory 101 sends a message for providing an access list of external apparatuses which are allowed to access the sensor connected to the gateway 105 in S610.
  • the communication unit 401 of the gateway 105 when the communication unit 401 of the gateway 105 receives the message with the access list from the resource directory 101, it provides the message to the monitoring unit 402.
  • the monitoring unit 402 determines a type of the message based on a message type, and if it is determined that the message is for provisioning the access list, the monitoring unit 402 provides the message to the authentication unit 403 with the registration message cached in S607.
  • the authentication unit 403 authenticates the resource directory 101 by comparing the address information used in the message for provisioning the access list and that used in the cached registration message.
  • the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, if the authentication failed, the gateway 105 discards the access list. The monitoring unit 402 may monitor communication of the communication unit 401 using the access list. If the monitoring unit 402 admits that communication is
  • the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101.
  • Fig.7 illustrates an alternative exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list more securely in the gateway 105 according to embodiments of the present invention.
  • the signal flow shown in Fig.7 may ensure a more secure connection than that of Fig.6.
  • a Cryptographically Generated Address (CGA) is assigned to the resource directory 101.
  • the CGA is an IPv6 address using a 64-bit hash value calculated with an electronic certificate for the resource directory 101.
  • X.509 certificate may be used.
  • X.509 is standardized in ITU (International Telecommunication Union) or ISO (International Organization for Standardization).
  • This CGA address of the resource directory 101 is provided to the sensor 104 in advance by an external apparatus in advance, e.g. a sensor vendor. Except for the CGA address assignment to the resource directory 101, the steps from S701 to S710 are the same as the steps S601 to S610.
  • the resource directory sends the electronic certificate (X.509 certificate) in addition to the list of external apparatuses to the gateway 105.
  • This transmission step may be performed in response to a request from the gateway 105 or automatically by the resource directory 101 after the provisioning of the access list in S710.
  • the sensor 104 sends sensor identification information to the gateway 105, in response to a request for it from the gateway 105 to the sensor 104.
  • the gateway 105 may perform the authentication using the received information from the resource directory 101 and the sensor 104.
  • authentication unit 403 may perform the CGA
  • the authentication unit 403 of the gateway 105 may use the sensor identification information obtained from the sensor 104, e.g. a sensor vendor name. Since a sub ect field of the X.509 certificate of the resource
  • the directory may include the sensor identification
  • the gateway 105 may further authenticate the resource directory 101 by comparing the sensor identification information included in the X.509 certificate sent from the resource directory 101 and the sensor identification information obtained from the sensor 104. If the both are the same, the resource directory 101 may be successfully authenticated.
  • the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101.
  • the gateway 105 breaks off the access list.
  • the monitoring unit 402 may monitor communication of the communication unit 401 with reference to the access list. If the monitoring unit 402 admits that communication is performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101. Hence, a secure link may be established in S713, and the security between the resource directory 101 and the gateway 105 is enhanced.
  • the provider may use sensors of different vendors, and multiple service providers may use sensors of a single vendor. Different service providers will use different access lists for their sensors.
  • a database may be connected to the resource directory.
  • the database may store access lists associating each sensor with sensor identification information, e.g., information of sensor vendors and serial numbers.
  • the resource directory may obtain sensor identification information from sensors through an API (Application Programming Interface) .
  • the resource directory may look up the access list related to the sensor with the sensor identification
  • a secured link can be established between gateways 105 and sensors 104 in the local sensor network.
  • this secure link is established with a secret key which is originally shared between the resource directory 101 and the sensor 104.
  • the shared secret key may be provided to sensors 104 in advance, for example, at the
  • the gateway 105 can establish a secure link with the sensor 104.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A communication apparatus (101) comprises a receiving unit (302) configured to receive a registration message transmitted from a sensor (104) via a relaying apparatus(105), and a transmitting unit (303) configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus. The relaying apparatus (105) comprises a communication unit (401) configured to relay a registration message received from the sensor to a communication apparatus and receive the list of external apparatuses, a monitoring unit (402) configured to monitor for the registration message received from the sensor, and an authentication unit (403) configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list and the communication apparatus has been successfully authenticated.

Description

DESCRIPTION
COMMUNICATION APPARATUS, CONTROL METHOD THEREOF, COMPUTER PROGRAM THEREOF, RELAYING APPARATUS, CONTROL
METHOD THEREOF, COMPUTER PROGRAM THEREOF
TECHNICAL FIELD
[0001] The present invention relates in general to provisioning an access list from a communication apparatus to a relaying apparatus, and in particular to providing an access control securely in sensor
networks .
BACKGROUND
[0002] Wireless sensor networks are networks which allow communications among sensors functioning as wireless nodes. Recently, IP-based sensors in which IP addresses are embedded are emerging in IoT (Internet of Things) industries. IP-based sensors may be connected in sensor networks which are standardized by, for example, CoAP (Constrained Application Protocol) and Zigbee IP. IP-based sensors have a benefit of allowing any node in IP networks to directly access to those sensors. This enables sensors to communicate
interactively. Also, a service provider can provide services to users based on information collected through communication with sensors.
[0003] However, it also allows attackers to access the sensors. For energy constrained (probably battery- powered) sensors, attackers can easily consume the battery of sensors merely by sending IP packets to those sensors. Such an attack is known as a DoS attack (Denial of Service attack) . DoS attacks are the kind of attacks which make a target go down or make it operate incorrectly by injecting a massive amount of
unnecessary packets, e.g. unexpected actuation
messages, to the target. It should be noted that an example of methods which solve the problem of DoS attacks is introduced in the document, Youssou Faye, et al . , "A survey of Access Control Schemes in Wireless Sensor Networks", WASET, World Academy of Science, Engineering and Technology, 59:814-823, 2011.
[0004] A DoS attack may cause a problem for small powered sensors which are adequate for short-range communications. This is because such sensors may consume their battery rapidly when they receive
malicious messages from attackers. Although sensors are capable of protecting themselves against virus packets, they are not capable of protecting themselves against DoS attacks. As a result, an attacked sensor's
batteries will soon run out. This causes inconvenience in maintaining sensor networks since it is difficult to replace batteries on widely-dispersed sensors.
[0005] Thus, it is necessary to develop a network system in order to protect against such DoS attacks. SUMMARY
[0006] The present invention is intended to address the above-described problem, and it is a feature thereof to introduce a technique for enabling a
communication apparatus (e.g. a resource directory) to provide an access list to a relaying apparatus (e.g. a gateway) .
[0007] According to a first aspect of the invention, a communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The communication comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
[0008] According to a second aspect of the invention, a control method of a communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
[0009] According to a third aspect of the invention, a computer program, which causes a computer to execute a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
[0010] According to a fourth aspect of the invention, a relaying apparatus, which is connected to a sensor and relays communications of the sensor, is provided. The relaying apparatus comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and an authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[0011] According to fifth aspect of the invention, a control method of a relaying apparatus, which is connected to a sensor and relays communications of the sensor, is provided. The control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[0012] According to sixth aspect of the invention, a computer program, which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor, is provided. The control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a
communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[ 0013 ] According to seventh aspect of the invention, a system including a communication apparatus and a relaying apparatus is provided. The communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus. The
relaying apparatus, which is connected to the sensor and relays communications of the sensor, comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and a authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[0014] Further features of the present invention will become apparent from the following description of exemplary embodiments which references the attached drawings .
BRIEF DESCRIPTION OF DRAWINGS
[0015] Fig.l illustrates an environment assumed in the present invention.
[0016] Fig.2 illustrates an exemplary system
including the resource directory, the gateway, and the sensors according to embodiments of the present
invention.
[0017] Fig.3 illustrates an exemplary block diagram of a resource directory according to embodiments of the present invention.
[0018] Fig.4 illustrates an exemplary block diagram of a gateway according to embodiments of the present invention. [0019] Fig.5 illustrates an exemplary access list according to embodiments of the present invention.
[0020] Fig.6 illustrates exemplary operations for provisioning an access list according to embodiments of the present invention.
[0021] Fig.7 illustrates alternative exemplary operations for provisioning an access list according to embodiments of the present invention.
DETAILED DESCRIPTION
[0022] Embodiments of the present invention will now be described with reference to the attached drawings. Each embodiment described below will be helpful in understanding a variety of concepts from the generic to the more specific. It should be noted that the
technical scope of the present invention is defined by claims, and is not limited by each embodiment described below. In addition, not all combinations of the
features described in the embodiments are always indispensable for the present invention.
[0023] According to embodiments of the present invention, in order to protect against DoS attacks, a gateway functioning as a relaying apparatus that is connected to sensors can be arranged in sensor
networks. The gateway contains an access list of external apparatuses, e.g. service providers, which are allowed to access sensors connected to the gateway, and it can prevent unexpected messages from reaching sensors by blocking access of external apparatuses which are not listed in an access list.
[0024] Fig.l illustrates an exemplary environment assumed in the present invention. It is assumed that the environment may be supported by an IPv6-based network. The environment includes a resource directory 101, a sensor vendor 102, a service provider 103, and an IPv6 sensor 104. The service provider 103 may provide services to users by communicating with the IPv6 sensor 104. A sensor vendor 102 is a vendor which manufactured and shipped the IPv6 sensor 104 with the IPv6 address of the resource directory 101 embedded.
[0025] The resource directory 101 has a role to provide a secure connection between the IPv6 sensor 104 and the service provider 103 as described in detail later. The resource directory 101 may be defined in IETF (Internet Engineering Task Force) CoRE WG
(Constrained RESTful Environments Working Group) . The IPv6 sensor 104 is a sensor which has an embedded IPv6 address and low output power. The IPv6 sensor 104 may be powered by battery.
[0026] It is assumed that the service provider 103 and the sensor vendor 102 have a business relationship. The service provider 103 can delegate access control management to the sensor vendor 102 or vice versa. The sensor vendor 102 (or the service provider 103) runs and administrates the resource directory 101, and ships the IPv6 sensor 104 with the IPv6 address or FQDN (Full Qualified Domain Name) of the resource directory 101 embedded.
[0027] When the IPv6 sensor 104 powers on, it can send a message for requesting registration, i.e., a registration message to the resource directory 101 to the embedded IPv6 address or FQDN of the resource directory 101 in order to register address information of the sensor to the resource directory 101 for
communications with the service provider 103. The service provider 103 obtains the IPv6 sensor 104 address by looking up the address in the resource directory 101, and then starts to access the IPv6 sensor 104 and provide services to users based on sensed information received from the IPv6 sensor 104.
[0028] In such an environment, a gateway functioning as a relaying apparatus between the service provider 103/the resource directory 101 and the IPv6 sensor may be further considered in order to avoid attacks and ensure secure networks as described above.
[0029] Fig.2 illustrates an exemplary system
including the resource directory 101, the gateway 105, and sensors 104 according to embodiments of the present invention. The resource directory 101 functions as a communication apparatus according to embodiments of the present invention. The resource directory 101 implements basic functions to communicate with the IPv6 sensors 104 via the gateway 105, receive a registration message from the IPv6 sensors 104, and provide an access list of external apparatuses which are allowed to access the IPv6 sensors 104 to the gateway 105 to which the IPv6 sensors 104 are connected.
[0030] Also, the gateway 105 functions as a relaying apparatus according to embodiments of the present invention. The gateway 105 implements basic functions to receive the access list from the resource directory 101. The gateway 105 may relay a communication to the IPv6 sensors 104 if the communication is from the service provider 103 which is included in the list sent from the resource directory 101.
[0031] There may be a plurality of sensors 104 connected to the gateway 105 and each of the sensors may send a registration message to the resource
directory 101 via the gateway 105 to register address information of the sensor to the resource directory 101 for communications with the service provider 103. It should be noted that the IPv6 sensors 104 may sense a temperature, a distance, traffic, an acceleration, and etcetera, and may capture an image. The IPv6 sensors 104 may be a general IPv6 sensor, but are not required to have any specific functions for the present
invention. Communication between the resource directory 101 and the IPv6 sensors 104 is performed via the gateway 105. The gateway 105 relays messages sent from the plurality of IPv6 sensors 104 to the resource directory 101. The gateway 105 may monitor the message so that it may perform access control between the resource directory 101 and the sensors 104.
[0032] Note that communication between the gateway 105 and the IPv6 sensors 104 may be over a wireless sensor network for short-range communication (e.g. IEEE 802.15.4, Zigbee etc). On the other hand, communication between the resource directory 101 and the gateway 105 may be over a wireless or a wired network for wide-area communication (e.g. Internet).
[0033] In this system, the gateway 105 receives the registration message from the IPv6 sensors 104, and sends them to the resource directory 101. Since the gateway 105 may monitor communication between the resource directory 101 and the IPv6 sensors 104, it may extract the message and verify it. When the resource directory 101 receives the registration message from the IPv6 sensor 104 via the gateway 105, it registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface etc. ) . Also, the resource directory 101 determines the address
information of the gateway 105 in order to send an access list to the gateway 105. After the registration, the resource directory 101 may send the access list to the gateway 105. The gateway 105 receives the access list from the resource directory 101, and authenticates the resource directory 101 in order to validate the access list. If the resource directory 101 is
successfully authenticated, subsequently the gateway 105 may relay communication from the external apparatus listed in the access list to the sensors 104.
[0034] Fig.3 illustrates an exemplary configuration of the resource directory 101 as a communication apparatus according to embodiments of the present invention. The resource directory 101 includes a communication unit 301, a determination unit 304 and a registration unit 305. In addition, the communication unit 301 includes a receiving unit 302 and a
transmitting unit 303 for communicating with the gateway 105 and external apparatuses such as the sensor vendor 102 and the service provider 103. The receiving unit 302 is a receiver for receiving information from apparatuses connected to the resource directory 101, including the registration message sent from the sensor 104 via the gateway 105.
[0035] The transmitting unit 303 is a transmitter for transmitting information to the apparatus connected to the resource directory 101. According to embodiments of the present invention, the transmitting unit 303 may transmit an access list to the gateway 105.
[0036] Alternatively, the transmitting unit 303 may transmit an electronic certificate in addition to the access list for achieving more secure connections.
[0037] As a hardware construction, the resource directory 101 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface. The functionality of the
determination unit 304 and the registration unit 305 of the resource directory 101 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area. The functionality of the communication unit 301 of the resource directory 101 may be
implemented by the interface.
[0038] The registration message to be received by the receiving unit 302 may include source IPv6 address information of the sensor 104. In the embodiment, the address information of the sensor 104 may contain the partial address information unique to a network
connecting the sensor, i.e. a prefix part of 64 bits, and the partial address information provided to the sensor, i.e. an interface ID part of 64 bits. Similarly, the address information of the gateway 105 may contain a prefix part of 64 bits unique to the network
connecting the sensor 104 and the gateway 105 and an interface ID part of 64 bits provided to the gateway 105. The prefix part of the address information of the sensor 104 will be given by the gateway 105 and the interface ID part which has been provided to the sensor 104 in advance by the sensor vendor 102. Furthermore, the address information of the resource directory 101 may contain a prefix part of 64 bits unique to a network connecting the resource directory 101, and an interface ID part of 64 bits provided to the resource directory 101.
[0039] The determination unit 304 determines the address information of the gateway 105 using the address information of the sensor 104 in order to send the access list to the gateway 105. If the resource directory 101 has no address information of the gateway 105, it may newly determine the address information of the gateway 105 using the address information of the sensor 104. According to one embodiment of the present invention, the interface ID part of the gateway 105 may be prepared in advance and shared between gateways. In other words, the interface ID part of the gateway may be standardized. The determination unit 304 may
generate the prefix part by arranging the same prefix as that of the sensor 104, because the network is constructed between the gateway 105 and the sensor 104 and the prefix part is unique to the network. Also, the determination unit 304 may generate the interface ID part by arranging the standardized address.
[0040] Alternatively, according to another
embodiment of the present invention, if the resource directory 101 already has address information, because, for example, it had communicated once before, it may already store the list of address information of the gateway 105. In this case, the determination unit 304 may determine address information of the gateway 105 by selecting it from the stored list based on the prefix part of the address information of the sensor.
[0041] The registration unit 305 registers
information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
[0042] Fig.4 illustrates an exemplary configuration of the gateway 105 as a relaying apparatus according to embodiments of the present invention. The gateway 105 includes a communication unit 401, a monitoring unit 402, and an authentication unit 403.
[0043] The communication unit 401 may communicate with the sensor 104 via a wireless sensor network, while it may communicate with the resource directory 101 via a wireless or wired network. The communication unit 401 constructs a network between the gateway 105 and the sensor 104 when the sensor 104 is powered on, where the address information of the sensor 104 is determined to include the prefix part which was assigned by the communication unit 401 and the
interface ID part which was provided in advance by the sensor vendor 102. The sensor 104 may send the
registration message using the determined address information. The communication unit 401 will receive the registration message from the sensor 104. After receiving the registration message, the communication unit 401 provides it to the monitoring unit 402. The monitoring unit 402 may determine if the received message is the registration message by checking a message type which is included in the registration message. If the received message is the registration message, the communication unit 401 sends (relays) the registration message to the resource directory 101, and then receives an access list of external apparatuses which are allowed to access the sensor 104, from the resource directory 101.
[ 0044 ] The monitoring unit 402 monitors information which is received by the communication unit 401 and provided to the monitoring unit 402 from the
communication unit 401. Especially, the monitoring unit 402 monitors for the registration message and caches and stores it when the communication unit 401 receives the registration message. This registration message will be used for authenticating the resource directory 101 later. Also, the monitoring unit 402 stores an access list which is received from the authenticated resource directory 101 by the authentication unit 403, and determines if an access request to the sensor 104 is transmitted from the external apparatus which is listed in the list. [0045] The authentication unit 403 authenticates the resource directory based on the IPv6 address
information of the resource directory 101. The
authentication unit 403 checks if the IPv6 address of the resource directory 101 is the same as the
destination IPv6 address of the registration message that is cached and stored in the monitoring unit 402. Also, the authentication may be performed using the certificate which is sent from the resource directory 101. If the resource directory 101 was successfully authenticated, the gateway 105 subsequently relays communication to the sensor 104 from the external apparatus listed in the access list.
[0046] As a hardware construction, the gateway 105 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface. The functionality of the monitoring unit 402 and the authentication unit 403 of the gateway 105 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area. The
functionality of the communication unit 401 of the gateway 105 may be implemented by the interface.
[0047] Fig. 5 illustrates an exemplary access list according to one embodiment of the present invention. The access list may list address information of the external apparatuses which are allowed to access the sensor 104. Such a list is generated for each sensor, because it is necessary for each sensor to have
information as to which external apparatuses are
legitimate. The list may include sensor identification information to identify the list for the specific sensor. Also, the list may include other contents, e.g., certificates and other components that indicate directly or indirectly a destination of each of the external apparatuses.
[0048] Fig.6 illustrates an exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list in the gateway 105 according to embodiments of the present invention.
[0049] Firstly the address information of the
resource directory 101 is assigned to the resource directory 101 by an external apparatus, e.g., a service provider in S601. Note that the address information of the resource directory 101 is also provided to the sensor 104 in advance by an external apparatus, e.g. a sensor vendor 102.
[0050] The gateway 105 sets up a local sensor
network (e.g. 6L0WPAN, Zigbee IP etc) and determines a prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104 (e.g. 1000: :/64) using, for example, DHCPv6
(Dynamic Host Configuration Protocol) prefix delegation, in S602. Then the communication unit 401 of the gateway 105 sends the prefix part of the address information to the sensor 104 in S603.
[0051] In addition to the process above, the gateway 105 determines its own address information in S602. The gateway 105 may assign well-known interface
identification as an interface ID part of the address information (e.g. ::C0AF). The gateway 105 may
determine its own address information (e.g. 1000::
C0AF) using the assigned prefix part (e.g. 1000: :/64) and the assigned interface ID part (e.g. ::C0AF).
[0052] In S604, the sensor 106 boots (powers on) for starting to set up a network. The prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104, is assigned to the sensor 104 in S605. The sensor 104 then
generates its own address information by using the prefix part which has been assigned by the gateway 105 and the interface ID part provided by the external apparatus (e.g. 1000::xxxx) in S605.
[0053] The sensor 104 then sends a registration message using the address information of the resource directory 101 as a destination address and the address information of the sensor as a source address in S606. Note that, as described above, the address information of the resource directory 101 has already been provided to the sensor 104 by an external apparatus, e.g. the sensor vendor 102. [0054] The registration message sent from the sensor
104 may be received by the communication unit 401 of the gateway 105 in S607. The communication unit 401 provides the received registration message to the monitoring unit 402 of the gateway. The monitoring unit 402 determines whether the provided message is the registration message from the sensor 104 with reference to the message type included in the message. If the provided message is the registration message, the monitoring unit 402 caches the message for the purpose of further processing.
[0055] After the monitoring processing, the gateway
105 sends (relays) the registration message to the resource directory 101 after cashing the registration message, and the resource directory 101 receives the registration message in S608. When the resource
directory 101 receives the registration message, the registration unit 305 registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .After the registration, the resource directory 101 determines address information of the gateway 105 in S609. This process may be
performed by using the address information of the sensor included in the registration message sent from the sensor, if it has no address information of the gateway 105. Alternatively this process may be performed by selecting address information from the stored address information in the resource directory 101 as described before.
[0056] After determining the address information of the gateway 105, the resource directory 101 sends a message for providing an access list of external apparatuses which are allowed to access the sensor connected to the gateway 105 in S610.
[0057] In S611, when the communication unit 401 of the gateway 105 receives the message with the access list from the resource directory 101, it provides the message to the monitoring unit 402. The monitoring unit 402 determines a type of the message based on a message type, and if it is determined that the message is for provisioning the access list, the monitoring unit 402 provides the message to the authentication unit 403 with the registration message cached in S607. The authentication unit 403 authenticates the resource directory 101 by comparing the address information used in the message for provisioning the access list and that used in the cached registration message.
[0058] If the address information is the same, the resource directory 101 is successfully authenticated. Subsequently the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, if the authentication failed, the gateway 105 discards the access list. The monitoring unit 402 may monitor communication of the communication unit 401 using the access list. If the monitoring unit 402 admits that communication is
performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101.
[0059] According to the embodiment of the present invention described above, it is possible to remotely configure the access list in the gateway 105 for a specific IPv6 sensor 104. However, any adversaries, if they get the address information of the gateway 105, can perform S610, can provide a malicious access list to the gateway 105, and can make the sensor's battery run out. In the following, in order to avoid such a problem, a more secure mechanism that enables gateways to authenticate strongly resource directories that will be described.
[0060] Fig.7 illustrates an alternative exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list more securely in the gateway 105 according to embodiments of the present invention.
[0061] The signal flow shown in Fig.7 may ensure a more secure connection than that of Fig.6. In S701, a Cryptographically Generated Address (CGA) is assigned to the resource directory 101. The CGA is an IPv6 address using a 64-bit hash value calculated with an electronic certificate for the resource directory 101. For the electronic certificate for generating the CGA, X.509 certificate may be used. X.509 is standardized in ITU (International Telecommunication Union) or ISO (International Organization for Standardization).
However, because it uses only 64 bits for the hash value, CGA may not be strong enough cryptographically. So, optionally, an X.509 certificate may be used. This CGA address of the resource directory 101 is provided to the sensor 104 in advance by an external apparatus in advance, e.g. a sensor vendor. Except for the CGA address assignment to the resource directory 101, the steps from S701 to S710 are the same as the steps S601 to S610.
[ 0062 ] In S711, the resource directory sends the electronic certificate (X.509 certificate) in addition to the list of external apparatuses to the gateway 105. This transmission step may be performed in response to a request from the gateway 105 or automatically by the resource directory 101 after the provisioning of the access list in S710. In S712, the sensor 104 sends sensor identification information to the gateway 105, in response to a request for it from the gateway 105 to the sensor 104. In S713, the gateway 105 may perform the authentication using the received information from the resource directory 101 and the sensor 104.
[0063] More specifically, in S713, in addition to the comparison process described in S611, the
authentication unit 403 may perform the CGA
verification against the CGA address of the resource directory 101.
[0064] When optionally using X.509 certificates, the authentication unit 403 of the gateway 105 may use the sensor identification information obtained from the sensor 104, e.g. a sensor vendor name. Since a sub ect field of the X.509 certificate of the resource
directory may include the sensor identification
information, the gateway 105 may further authenticate the resource directory 101 by comparing the sensor identification information included in the X.509 certificate sent from the resource directory 101 and the sensor identification information obtained from the sensor 104. If the both are the same, the resource directory 101 may be successfully authenticated.
[0065] If the resource directory 101 is successfully authenticated in S713, subsequently the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, the authentication failed, the gateway 105 breaks off the access list. The monitoring unit 402 may monitor communication of the communication unit 401 with reference to the access list. If the monitoring unit 402 admits that communication is performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101. Hence, a secure link may be established in S713, and the security between the resource directory 101 and the gateway 105 is enhanced.
[0066] In reality, there are likely to be multiple sensor vendors and service providers. A service
provider may use sensors of different vendors, and multiple service providers may use sensors of a single vendor. Different service providers will use different access lists for their sensors.
[0067] So, as another embodiment, a database may be connected to the resource directory. The database may store access lists associating each sensor with sensor identification information, e.g., information of sensor vendors and serial numbers. The resource directory may obtain sensor identification information from sensors through an API (Application Programming Interface) . The resource directory may look up the access list related to the sensor with the sensor identification
information.
[0068] As an alternative embodiment, optionally based on the embodiments disclosed above, a secured link can be established between gateways 105 and sensors 104 in the local sensor network.
[0069] More specifically, this secure link is established with a secret key which is originally shared between the resource directory 101 and the sensor 104. The shared secret key may be provided to sensors 104 in advance, for example, at the
manufacturing time and may be shared between the sensors 104 and the gateway 105 afterwards during establishing the sensor network between the sensor 104 and the gateway 105. By using the secret key, the gateway 105 can establish a secure link with the sensor 104.
[0070] While the present invention has been
described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all modifications, equivalent structures and functions.

Claims

1. A communication apparatus (101) which
communicates with a sensor connected to a relaying apparatus via the relaying apparatus comprising:
a receiving unit (302) configured to receive a registration message transmitted from the sensor via the relaying apparatus; and
a transmitting unit (303) configured to transmit to the relaying apparatus a list of external
apparatuses which are allowed to access the sensor connected to the relaying apparatus.
2. The communication apparatus according to claim 1 further comprising a determination unit (304)
configured to determine address information of the relaying apparatus based on address information of the sensor included in the received registration message, wherein the transmitting unit transmits the list of external apparatuses to the relaying apparatus by using the determined address information of the relaying apparatus.
3. The communication apparatus according to claim 2, wherein the address information of the sensor contains partial address information unique to a network configured to connect the sensor and the relaying apparatus, and partial address information provided in advance to the sensor, and
the determination unit determines the address information of the relaying apparatus by using the partial address information unique to the network.
4. The communication apparatus according to claim 3, wherein the address information of the relaying apparatus contains the partial address information unique to the network and partial address information provided in advance to the relaying apparatus.
5 The communication apparatus according to claim 4, wherein the partial address information provided in advance is address information common to other relaying apparatuses .
6. The communication apparatus according to claim 4, wherein the partial address information provided in advance is address information which is specified from stored address information in the communication
apparatus .
7. The communication apparatus according to any of the precedent claims, wherein the address information of the communication apparatus is generated by using an electronic certificate of the communication apparatus.
8. The communication apparatus according to claim 7, wherein the address information of the communication apparatus is a Cryptographically Generated Address (CGA) .
9. The communication apparatus according to claim 7 or 8, wherein the transmitting unit transmits the electronic certificate in addition to the list of external apparatuses to the relaying apparatus.
10. The communication apparatus according to any of claims 7-9, wherein the electronic certificate contains sensor identification information.
11. The communication apparatus according to any of the precedent claims wherein, the list of external apparatuses is specified by using the sensor
identification information from a database which stores a list for each sensor.
12. The communication apparatus according to any of the precedent claims wherein, the sensor is powered by a battery.
13. A control method of a communication apparatus (101) which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, the method comprising:
a receiving step (S608) of receiving a
registration message transmitted from the sensor via the relaying apparatus; and
a transmitting step (S610) of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
14. A computer program which causes a computer to execute a control method of a communication apparatus (101) which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, the method comprising:
a receiving step (S608) of receiving a
registration message transmitted from the sensor via the relaying apparatus; and
a transmitting step (S610) of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
15. A relaying apparatus (105) which is connected to a sensor and relays communications of the sensor, the relaying apparatus comprising:
a communication unit (401) configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring unit ( 402 ) configured to monitor for the registration message received from the sensor; and a authentication unit (403) configured to
authenticate the communication apparatus,
wherein the communication unit only relays a
communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
16. The relaying apparatus according to claim 15, wherein the monitoring unit extracts information generated by using an electronic certificate, from the registration message.
17. The relaying apparatus according to claim 16, wherein,
the information generated by using the electronic certificate is address information of the communication apparatus,
the communication unit receives the electronic certificate in addition to the list, and the authentication unit authenticates the
communication apparatus based on the received
electronic certificate and the address information of the communication apparatus.
18. The relaying apparatus according to claim 17, wherein the electronic certificate includes sensor identification information, and
the authentication unit further authenticates the communication apparatus by comparing the sensor
identification information included in the electronic certificate received from the communication apparatus and sensor identification information received from the sensor .
19. The relaying apparatus according to any of claims 15-18, wherein the communication unit receives from the sensor a secret key which is pre-shared between the sensor and the communication apparatus, and carries out encryption processing using the secret key in
communicating to the sensor.
20. The relaying apparatus according to any of claims 15-19, wherein, the sensor is powered by a battery.
21. A control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor, the method comprising:
a communicating step (S606, S610) of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring step (S607) of monitoring for the registration message received from the sensor; and
an authenticating step (S611) of authenticating the communication apparatus,
wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
22. A computer program which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor, the method comprising:
a communicating step (S606, S610)of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring step (S607) of monitoring for the registration message received from the sensor; and an authenticating step (S611) of authenticating the communication apparatus,
wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the
communication apparatus has been successfully
authenticated.
23. The system including a communication apparatus and a relaying apparatus,
the communication apparatus (101), which
communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprising:
a receiving unit (302) configured to receive a registration message transmitted from the sensor via the relaying apparatus; and
a transmitting unit (303) configured to transmit to the relaying apparatus a list of external
apparatuses which are allowed to access the sensor connected to the relaying apparatus, and
the relaying apparatus (105), which is connected to the sensor and relays communications of the sensor, comprising:
a communication unit (401) configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring unit (402) configured to monitor for the registration message received from the sensor; and an authentication unit (403) configured to authenticate the communication apparatus,
wherein the communication unit only relays a
communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
PCT/SE2013/050059 2013-01-28 2013-01-28 Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof WO2014116152A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2013/050059 WO2014116152A1 (en) 2013-01-28 2013-01-28 Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2013/050059 WO2014116152A1 (en) 2013-01-28 2013-01-28 Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof

Publications (1)

Publication Number Publication Date
WO2014116152A1 true WO2014116152A1 (en) 2014-07-31

Family

ID=47741233

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2013/050059 WO2014116152A1 (en) 2013-01-28 2013-01-28 Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof

Country Status (1)

Country Link
WO (1) WO2014116152A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2530028A (en) * 2014-09-08 2016-03-16 Advanced Risc Mach Ltd Registry apparatus, agent device, application providing apparatus and corresponding methods
WO2018208818A1 (en) * 2017-05-09 2018-11-15 Intel Corporation Access control in an observe-notify network using callback
US10637847B2 (en) 2016-09-29 2020-04-28 British Telecommunications Public Limited Company Collection of sensor data from sensor devices
US10885198B2 (en) 2015-08-03 2021-01-05 Arm Ltd Bootstrapping without transferring private key
US10911424B2 (en) 2013-10-17 2021-02-02 Arm Ip Limited Registry apparatus, agent device, application providing apparatus and corresponding methods
US10951429B2 (en) 2015-08-03 2021-03-16 Arm Ltd Server initiated remote device registration
US11076290B2 (en) 2013-10-17 2021-07-27 Arm Ip Limited Assigning an agent device from a first device registry to a second device registry
US11082421B2 (en) 2014-09-03 2021-08-03 Arm Limited Bootstrap mechanism for endpoint devices
US11475134B2 (en) 2019-04-10 2022-10-18 Arm Limited Bootstrapping a device
US12001853B2 (en) 2018-12-03 2024-06-04 Arm Limited Device bootstrapping

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060039316A1 (en) * 2004-08-20 2006-02-23 Minoru Ogushi Wireless communication system
WO2007079279A2 (en) * 2005-11-08 2007-07-12 Nortel Networks Limited Dynamic sensor network registry
US20100122091A1 (en) * 2008-11-07 2010-05-13 Yi-Hsiung Huang Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060039316A1 (en) * 2004-08-20 2006-02-23 Minoru Ogushi Wireless communication system
WO2007079279A2 (en) * 2005-11-08 2007-07-12 Nortel Networks Limited Dynamic sensor network registry
US20100122091A1 (en) * 2008-11-07 2010-05-13 Yi-Hsiung Huang Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YOUSSOU FAYE ET AL.: "A survey of Access Control Schemes in Wireless Sensor Networks", WASET, WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, vol. 59, 2011, pages 814 - 823

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11240222B2 (en) 2013-10-17 2022-02-01 Arm Ip Limited Registry apparatus, agent device, application providing apparatus and corresponding methods
US11076290B2 (en) 2013-10-17 2021-07-27 Arm Ip Limited Assigning an agent device from a first device registry to a second device registry
US10911424B2 (en) 2013-10-17 2021-02-02 Arm Ip Limited Registry apparatus, agent device, application providing apparatus and corresponding methods
US11082421B2 (en) 2014-09-03 2021-08-03 Arm Limited Bootstrap mechanism for endpoint devices
GB2530028B (en) * 2014-09-08 2021-07-21 Advanced Risc Mach Ltd Registry apparatus, agent device, application providing apparatus and corresponding methods
US10129268B2 (en) 2014-09-08 2018-11-13 Arm Limited Registry apparatus, agent device, application providing apparatus and corresponding methods
GB2530028A (en) * 2014-09-08 2016-03-16 Advanced Risc Mach Ltd Registry apparatus, agent device, application providing apparatus and corresponding methods
US10951630B2 (en) 2014-09-08 2021-03-16 Arm Limited Registry apparatus, agent device, application providing apparatus and corresponding methods
US10951429B2 (en) 2015-08-03 2021-03-16 Arm Ltd Server initiated remote device registration
US10885198B2 (en) 2015-08-03 2021-01-05 Arm Ltd Bootstrapping without transferring private key
US10637847B2 (en) 2016-09-29 2020-04-28 British Telecommunications Public Limited Company Collection of sensor data from sensor devices
WO2018208818A1 (en) * 2017-05-09 2018-11-15 Intel Corporation Access control in an observe-notify network using callback
US11546761B2 (en) * 2017-05-09 2023-01-03 Intel Corporation Access control in an observe-notify network using callback
US12001853B2 (en) 2018-12-03 2024-06-04 Arm Limited Device bootstrapping
US11475134B2 (en) 2019-04-10 2022-10-18 Arm Limited Bootstrapping a device

Similar Documents

Publication Publication Date Title
Tschofenig et al. Transport layer security (tls)/datagram transport layer security (dtls) profiles for the internet of things
US10601594B2 (en) End-to-end service layer authentication
WO2014116152A1 (en) Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof
KR101881844B1 (en) Access network assisted bootstrapping
EP2789117B1 (en) Secure prefix authorization with untrusted mapping services
CN103155512B (en) System and method for providing secure access to service
CN110710171B (en) Signal communication system
US20070260884A1 (en) Method and apparatus for address creation and validation
JP5763849B2 (en) Device configuration and method for realizing a data transfer network used in remote control of properties
WO2013176689A1 (en) Using neighbor discovery to create trust information for other applications
Lopez et al. Pceps: Usage of tls to provide a secure transport for the path computation element communication protocol (pcep)
Fossati RFC 7925: Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
Jara et al. Secure and scalable mobility management scheme for the Internet of Things integration in the future internet architecture
CN110832806B (en) ID-based data plane security for identity-oriented networks
WO2014148960A1 (en) Communication apparatus, control method thereof, and computer program thereof
Goswami et al. Securing intra-communication in 6LoWPAN: A PKI integrated scheme
WO2018172776A1 (en) Secure transfer of data between internet of things devices
KR20180099293A (en) Method for communicating between trust domains and gateway therefor
KR100953068B1 (en) Method for secure neighbor discovery in internet environment
Zhang et al. Evolving intelligent devices for the future via named data networking
US11632672B2 (en) Systems and methods to support data privacy over a multi-hop network
Premalatha et al. A certificate based authorization and protected application layer protocol for IoT
CN117242743A (en) Method for communication of IoT nodes or IoT devices in a local network
JP2024515154A (en) Secure key management device, authentication system, wide area network, and method for generating session keys - Patents.com
Martínez-Yelmo et al. An API for IPv6 Multihoming

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13705272

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13705272

Country of ref document: EP

Kind code of ref document: A1