WO2014116152A1 - Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof - Google Patents
Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof Download PDFInfo
- Publication number
- WO2014116152A1 WO2014116152A1 PCT/SE2013/050059 SE2013050059W WO2014116152A1 WO 2014116152 A1 WO2014116152 A1 WO 2014116152A1 SE 2013050059 W SE2013050059 W SE 2013050059W WO 2014116152 A1 WO2014116152 A1 WO 2014116152A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- sensor
- communication
- communication apparatus
- relaying
- address information
- Prior art date
Links
- 238000004891 communication Methods 0.000 title claims abstract description 163
- 238000000034 method Methods 0.000 title claims description 26
- 238000004590 computer program Methods 0.000 title claims description 8
- 238000012544 monitoring process Methods 0.000 claims abstract description 36
- 238000012545 processing Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 2
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q9/00—Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/125—Protection against power exhaustion attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the present invention relates in general to provisioning an access list from a communication apparatus to a relaying apparatus, and in particular to providing an access control securely in sensor
- Wireless sensor networks are networks which allow communications among sensors functioning as wireless nodes.
- IP-based sensors in which IP addresses are embedded are emerging in IoT (Internet of Things) industries.
- IP-based sensors may be connected in sensor networks which are standardized by, for example, CoAP (Constrained Application Protocol) and Zigbee IP.
- CoAP Consstrained Application Protocol
- Zigbee IP Wireless Sensor Network
- a service provider can provide services to users based on information collected through communication with sensors.
- DoS attack Delivery of Service attack
- DoS attacks are the kind of attacks which make a target go down or make it operate incorrectly by injecting a massive amount of
- a DoS attack may cause a problem for small powered sensors which are adequate for short-range communications. This is because such sensors may consume their battery rapidly when they receive
- sensors are capable of protecting themselves against virus packets, they are not capable of protecting themselves against DoS attacks. As a result, an attacked sensor's
- the present invention is intended to address the above-described problem, and it is a feature thereof to introduce a technique for enabling a
- a communication apparatus e.g. a resource directory
- a relaying apparatus e.g. a gateway
- a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
- the communication comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
- a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
- the control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
- a computer program which causes a computer to execute a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus.
- the control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
- a relaying apparatus which is connected to a sensor and relays communications of the sensor.
- the relaying apparatus comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and an authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
- a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor.
- the control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
- a computer program which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor.
- the control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a
- a system including a communication apparatus and a relaying apparatus.
- the communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
- the relaying apparatus configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
- relaying apparatus which is connected to the sensor and relays communications of the sensor, comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and a authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
- Fig.l illustrates an environment assumed in the present invention.
- Fig.2 illustrates an exemplary system
- Fig.3 illustrates an exemplary block diagram of a resource directory according to embodiments of the present invention.
- Fig.4 illustrates an exemplary block diagram of a gateway according to embodiments of the present invention.
- Fig.5 illustrates an exemplary access list according to embodiments of the present invention.
- Fig.6 illustrates exemplary operations for provisioning an access list according to embodiments of the present invention.
- Fig.7 illustrates alternative exemplary operations for provisioning an access list according to embodiments of the present invention.
- a gateway functioning as a relaying apparatus that is connected to sensors can be arranged in sensor
- the gateway contains an access list of external apparatuses, e.g. service providers, which are allowed to access sensors connected to the gateway, and it can prevent unexpected messages from reaching sensors by blocking access of external apparatuses which are not listed in an access list.
- external apparatuses e.g. service providers
- Fig.l illustrates an exemplary environment assumed in the present invention. It is assumed that the environment may be supported by an IPv6-based network.
- the environment includes a resource directory 101, a sensor vendor 102, a service provider 103, and an IPv6 sensor 104.
- the service provider 103 may provide services to users by communicating with the IPv6 sensor 104.
- a sensor vendor 102 is a vendor which manufactured and shipped the IPv6 sensor 104 with the IPv6 address of the resource directory 101 embedded.
- the resource directory 101 has a role to provide a secure connection between the IPv6 sensor 104 and the service provider 103 as described in detail later.
- the resource directory 101 may be defined in IETF (Internet Engineering Task Force) CoRE WG
- the IPv6 sensor 104 is a sensor which has an embedded IPv6 address and low output power.
- the IPv6 sensor 104 may be powered by battery.
- the service provider 103 and the sensor vendor 102 have a business relationship.
- the service provider 103 can delegate access control management to the sensor vendor 102 or vice versa.
- the sensor vendor 102 (or the service provider 103) runs and administrates the resource directory 101, and ships the IPv6 sensor 104 with the IPv6 address or FQDN (Full Qualified Domain Name) of the resource directory 101 embedded.
- the IPv6 sensor 104 When the IPv6 sensor 104 powers on, it can send a message for requesting registration, i.e., a registration message to the resource directory 101 to the embedded IPv6 address or FQDN of the resource directory 101 in order to register address information of the sensor to the resource directory 101 for
- the service provider 103 obtains the IPv6 sensor 104 address by looking up the address in the resource directory 101, and then starts to access the IPv6 sensor 104 and provide services to users based on sensed information received from the IPv6 sensor 104.
- a gateway functioning as a relaying apparatus between the service provider 103/the resource directory 101 and the IPv6 sensor may be further considered in order to avoid attacks and ensure secure networks as described above.
- Fig.2 illustrates an exemplary system
- the resource directory 101 functions as a communication apparatus according to embodiments of the present invention.
- the resource directory 101 implements basic functions to communicate with the IPv6 sensors 104 via the gateway 105, receive a registration message from the IPv6 sensors 104, and provide an access list of external apparatuses which are allowed to access the IPv6 sensors 104 to the gateway 105 to which the IPv6 sensors 104 are connected.
- the gateway 105 functions as a relaying apparatus according to embodiments of the present invention.
- the gateway 105 implements basic functions to receive the access list from the resource directory 101.
- the gateway 105 may relay a communication to the IPv6 sensors 104 if the communication is from the service provider 103 which is included in the list sent from the resource directory 101.
- each of the sensors may send a registration message to the resource
- IPv6 sensors 104 may sense a temperature, a distance, traffic, an acceleration, and etcetera, and may capture an image.
- the IPv6 sensors 104 may be a general IPv6 sensor, but are not required to have any specific functions for the present
- Communication between the resource directory 101 and the IPv6 sensors 104 is performed via the gateway 105.
- the gateway 105 relays messages sent from the plurality of IPv6 sensors 104 to the resource directory 101.
- the gateway 105 may monitor the message so that it may perform access control between the resource directory 101 and the sensors 104.
- communication between the gateway 105 and the IPv6 sensors 104 may be over a wireless sensor network for short-range communication (e.g. IEEE 802.15.4, Zigbee etc).
- communication between the resource directory 101 and the gateway 105 may be over a wireless or a wired network for wide-area communication (e.g. Internet).
- the gateway 105 receives the registration message from the IPv6 sensors 104, and sends them to the resource directory 101. Since the gateway 105 may monitor communication between the resource directory 101 and the IPv6 sensors 104, it may extract the message and verify it.
- the resource directory 101 receives the registration message from the IPv6 sensor 104 via the gateway 105, it registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface etc. ) . Also, the resource directory 101 determines the address
- the resource directory 101 may send the access list to the gateway 105.
- the gateway 105 receives the access list from the resource directory 101, and authenticates the resource directory 101 in order to validate the access list. If the resource directory 101 is
- the gateway 105 may relay communication from the external apparatus listed in the access list to the sensors 104.
- Fig.3 illustrates an exemplary configuration of the resource directory 101 as a communication apparatus according to embodiments of the present invention.
- the resource directory 101 includes a communication unit 301, a determination unit 304 and a registration unit 305.
- the communication unit 301 includes a receiving unit 302 and a
- the transmitting unit 303 for communicating with the gateway 105 and external apparatuses such as the sensor vendor 102 and the service provider 103.
- the receiving unit 302 is a receiver for receiving information from apparatuses connected to the resource directory 101, including the registration message sent from the sensor 104 via the gateway 105.
- the transmitting unit 303 is a transmitter for transmitting information to the apparatus connected to the resource directory 101. According to embodiments of the present invention, the transmitting unit 303 may transmit an access list to the gateway 105.
- the transmitting unit 303 may transmit an electronic certificate in addition to the access list for achieving more secure connections.
- the resource directory 101 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface.
- CPU central processing unit
- ROM read only memory
- RAM random access memory
- the determination unit 304 and the registration unit 305 of the resource directory 101 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area.
- the functionality of the communication unit 301 of the resource directory 101 may be
- the registration message to be received by the receiving unit 302 may include source IPv6 address information of the sensor 104.
- the address information of the sensor 104 may contain the partial address information unique to a network
- the address information of the gateway 105 may contain a prefix part of 64 bits unique to the network
- the address information of the resource directory 101 may contain a prefix part of 64 bits unique to a network connecting the resource directory 101, and an interface ID part of 64 bits provided to the resource directory 101.
- the determination unit 304 determines the address information of the gateway 105 using the address information of the sensor 104 in order to send the access list to the gateway 105. If the resource directory 101 has no address information of the gateway 105, it may newly determine the address information of the gateway 105 using the address information of the sensor 104. According to one embodiment of the present invention, the interface ID part of the gateway 105 may be prepared in advance and shared between gateways. In other words, the interface ID part of the gateway may be standardized. The determination unit 304 may
- the determination unit 304 may generate the interface ID part by arranging the standardized address.
- the determination unit 304 may determine address information of the gateway 105 by selecting it from the stored list based on the prefix part of the address information of the sensor.
- the registration unit 305 registers
- IPv6 sensor 104 information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
- Fig.4 illustrates an exemplary configuration of the gateway 105 as a relaying apparatus according to embodiments of the present invention.
- the gateway 105 includes a communication unit 401, a monitoring unit 402, and an authentication unit 403.
- the communication unit 401 may communicate with the sensor 104 via a wireless sensor network, while it may communicate with the resource directory 101 via a wireless or wired network.
- the communication unit 401 constructs a network between the gateway 105 and the sensor 104 when the sensor 104 is powered on, where the address information of the sensor 104 is determined to include the prefix part which was assigned by the communication unit 401 and the
- the sensor 104 may send the
- the communication unit 401 will receive the registration message from the sensor 104. After receiving the registration message, the communication unit 401 provides it to the monitoring unit 402. The monitoring unit 402 may determine if the received message is the registration message by checking a message type which is included in the registration message. If the received message is the registration message, the communication unit 401 sends (relays) the registration message to the resource directory 101, and then receives an access list of external apparatuses which are allowed to access the sensor 104, from the resource directory 101.
- the monitoring unit 402 monitors information which is received by the communication unit 401 and provided to the monitoring unit 402 from the
- the monitoring unit 402 monitors for the registration message and caches and stores it when the communication unit 401 receives the registration message. This registration message will be used for authenticating the resource directory 101 later. Also, the monitoring unit 402 stores an access list which is received from the authenticated resource directory 101 by the authentication unit 403, and determines if an access request to the sensor 104 is transmitted from the external apparatus which is listed in the list. [0045] The authentication unit 403 authenticates the resource directory based on the IPv6 address
- IPv6 address of the resource directory 101 is the same as the
- the authentication may be performed using the certificate which is sent from the resource directory 101. If the resource directory 101 was successfully authenticated, the gateway 105 subsequently relays communication to the sensor 104 from the external apparatus listed in the access list.
- the gateway 105 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface.
- CPU central processing unit
- ROM read only memory
- RAM random access memory
- the functionality of the monitoring unit 402 and the authentication unit 403 of the gateway 105 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area.
- functionality of the communication unit 401 of the gateway 105 may be implemented by the interface.
- Fig. 5 illustrates an exemplary access list according to one embodiment of the present invention.
- the access list may list address information of the external apparatuses which are allowed to access the sensor 104. Such a list is generated for each sensor, because it is necessary for each sensor to have
- the list may include sensor identification information to identify the list for the specific sensor. Also, the list may include other contents, e.g., certificates and other components that indicate directly or indirectly a destination of each of the external apparatuses.
- Fig.6 illustrates an exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list in the gateway 105 according to embodiments of the present invention.
- resource directory 101 is assigned to the resource directory 101 by an external apparatus, e.g., a service provider in S601. Note that the address information of the resource directory 101 is also provided to the sensor 104 in advance by an external apparatus, e.g. a sensor vendor 102.
- the gateway 105 sets up a local sensor
- DHCPv6 DHCPv6
- the gateway 105 determines its own address information in S602.
- the gateway 105 may assign well-known interface
- the gateway 105 may
- the sensor 106 boots (powers on) for starting to set up a network.
- the prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104, is assigned to the sensor 104 in S605. The sensor 104 then
- the sensor 104 then sends a registration message using the address information of the resource directory 101 as a destination address and the address information of the sensor as a source address in S606. Note that, as described above, the address information of the resource directory 101 has already been provided to the sensor 104 by an external apparatus, e.g. the sensor vendor 102. [0054] The registration message sent from the sensor
- the communication unit 401 provides the received registration message to the monitoring unit 402 of the gateway.
- the monitoring unit 402 determines whether the provided message is the registration message from the sensor 104 with reference to the message type included in the message. If the provided message is the registration message, the monitoring unit 402 caches the message for the purpose of further processing.
- the gateway After the monitoring processing, the gateway
- the registration unit 305 registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
- the resource directory 101 determines address information of the gateway 105 in S609. This process may be
- this process may be performed by using the address information of the sensor included in the registration message sent from the sensor, if it has no address information of the gateway 105. Alternatively this process may be performed by selecting address information from the stored address information in the resource directory 101 as described before.
- the resource directory 101 After determining the address information of the gateway 105, the resource directory 101 sends a message for providing an access list of external apparatuses which are allowed to access the sensor connected to the gateway 105 in S610.
- the communication unit 401 of the gateway 105 when the communication unit 401 of the gateway 105 receives the message with the access list from the resource directory 101, it provides the message to the monitoring unit 402.
- the monitoring unit 402 determines a type of the message based on a message type, and if it is determined that the message is for provisioning the access list, the monitoring unit 402 provides the message to the authentication unit 403 with the registration message cached in S607.
- the authentication unit 403 authenticates the resource directory 101 by comparing the address information used in the message for provisioning the access list and that used in the cached registration message.
- the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, if the authentication failed, the gateway 105 discards the access list. The monitoring unit 402 may monitor communication of the communication unit 401 using the access list. If the monitoring unit 402 admits that communication is
- the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101.
- Fig.7 illustrates an alternative exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list more securely in the gateway 105 according to embodiments of the present invention.
- the signal flow shown in Fig.7 may ensure a more secure connection than that of Fig.6.
- a Cryptographically Generated Address (CGA) is assigned to the resource directory 101.
- the CGA is an IPv6 address using a 64-bit hash value calculated with an electronic certificate for the resource directory 101.
- X.509 certificate may be used.
- X.509 is standardized in ITU (International Telecommunication Union) or ISO (International Organization for Standardization).
- This CGA address of the resource directory 101 is provided to the sensor 104 in advance by an external apparatus in advance, e.g. a sensor vendor. Except for the CGA address assignment to the resource directory 101, the steps from S701 to S710 are the same as the steps S601 to S610.
- the resource directory sends the electronic certificate (X.509 certificate) in addition to the list of external apparatuses to the gateway 105.
- This transmission step may be performed in response to a request from the gateway 105 or automatically by the resource directory 101 after the provisioning of the access list in S710.
- the sensor 104 sends sensor identification information to the gateway 105, in response to a request for it from the gateway 105 to the sensor 104.
- the gateway 105 may perform the authentication using the received information from the resource directory 101 and the sensor 104.
- authentication unit 403 may perform the CGA
- the authentication unit 403 of the gateway 105 may use the sensor identification information obtained from the sensor 104, e.g. a sensor vendor name. Since a sub ect field of the X.509 certificate of the resource
- the directory may include the sensor identification
- the gateway 105 may further authenticate the resource directory 101 by comparing the sensor identification information included in the X.509 certificate sent from the resource directory 101 and the sensor identification information obtained from the sensor 104. If the both are the same, the resource directory 101 may be successfully authenticated.
- the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101.
- the gateway 105 breaks off the access list.
- the monitoring unit 402 may monitor communication of the communication unit 401 with reference to the access list. If the monitoring unit 402 admits that communication is performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101. Hence, a secure link may be established in S713, and the security between the resource directory 101 and the gateway 105 is enhanced.
- the provider may use sensors of different vendors, and multiple service providers may use sensors of a single vendor. Different service providers will use different access lists for their sensors.
- a database may be connected to the resource directory.
- the database may store access lists associating each sensor with sensor identification information, e.g., information of sensor vendors and serial numbers.
- the resource directory may obtain sensor identification information from sensors through an API (Application Programming Interface) .
- the resource directory may look up the access list related to the sensor with the sensor identification
- a secured link can be established between gateways 105 and sensors 104 in the local sensor network.
- this secure link is established with a secret key which is originally shared between the resource directory 101 and the sensor 104.
- the shared secret key may be provided to sensors 104 in advance, for example, at the
- the gateway 105 can establish a secure link with the sensor 104.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A communication apparatus (101) comprises a receiving unit (302) configured to receive a registration message transmitted from a sensor (104) via a relaying apparatus(105), and a transmitting unit (303) configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus. The relaying apparatus (105) comprises a communication unit (401) configured to relay a registration message received from the sensor to a communication apparatus and receive the list of external apparatuses, a monitoring unit (402) configured to monitor for the registration message received from the sensor, and an authentication unit (403) configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list and the communication apparatus has been successfully authenticated.
Description
DESCRIPTION
COMMUNICATION APPARATUS, CONTROL METHOD THEREOF, COMPUTER PROGRAM THEREOF, RELAYING APPARATUS, CONTROL
METHOD THEREOF, COMPUTER PROGRAM THEREOF
TECHNICAL FIELD
[0001] The present invention relates in general to provisioning an access list from a communication apparatus to a relaying apparatus, and in particular to providing an access control securely in sensor
networks .
BACKGROUND
[0002] Wireless sensor networks are networks which allow communications among sensors functioning as wireless nodes. Recently, IP-based sensors in which IP addresses are embedded are emerging in IoT (Internet of Things) industries. IP-based sensors may be connected in sensor networks which are standardized by, for example, CoAP (Constrained Application Protocol) and Zigbee IP. IP-based sensors have a benefit of allowing any node in IP networks to directly access to those sensors. This enables sensors to communicate
interactively. Also, a service provider can provide services to users based on information collected through communication with sensors.
[0003] However, it also allows attackers to access
the sensors. For energy constrained (probably battery- powered) sensors, attackers can easily consume the battery of sensors merely by sending IP packets to those sensors. Such an attack is known as a DoS attack (Denial of Service attack) . DoS attacks are the kind of attacks which make a target go down or make it operate incorrectly by injecting a massive amount of
unnecessary packets, e.g. unexpected actuation
messages, to the target. It should be noted that an example of methods which solve the problem of DoS attacks is introduced in the document, Youssou Faye, et al . , "A survey of Access Control Schemes in Wireless Sensor Networks", WASET, World Academy of Science, Engineering and Technology, 59:814-823, 2011.
[0004] A DoS attack may cause a problem for small powered sensors which are adequate for short-range communications. This is because such sensors may consume their battery rapidly when they receive
malicious messages from attackers. Although sensors are capable of protecting themselves against virus packets, they are not capable of protecting themselves against DoS attacks. As a result, an attacked sensor's
batteries will soon run out. This causes inconvenience in maintaining sensor networks since it is difficult to replace batteries on widely-dispersed sensors.
[0005] Thus, it is necessary to develop a network system in order to protect against such DoS attacks.
SUMMARY
[0006] The present invention is intended to address the above-described problem, and it is a feature thereof to introduce a technique for enabling a
communication apparatus (e.g. a resource directory) to provide an access list to a relaying apparatus (e.g. a gateway) .
[0007] According to a first aspect of the invention, a communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The communication comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
[0008] According to a second aspect of the invention, a control method of a communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the
sensor connected to the relaying apparatus.
[0009] According to a third aspect of the invention, a computer program, which causes a computer to execute a control method of a communication apparatus which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, is provided. The control method comprises a receiving step of receiving a registration message transmitted from the sensor via the relaying apparatus, and a transmitting step of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
[0010] According to a fourth aspect of the invention, a relaying apparatus, which is connected to a sensor and relays communications of the sensor, is provided. The relaying apparatus comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and an authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication
apparatus and the communication apparatus has been successfully authenticated.
[0011] According to fifth aspect of the invention, a control method of a relaying apparatus, which is connected to a sensor and relays communications of the sensor, is provided. The control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[0012] According to sixth aspect of the invention, a computer program, which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor, is provided. The control method comprises a communicating step of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are
allowed to access the sensor from the communication apparatus, a monitoring step of monitoring for the registration message received from the sensor, and an authenticating step of authenticating the communication apparatus, wherein in the communicating step, a
communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[ 0013 ] According to seventh aspect of the invention, a system including a communication apparatus and a relaying apparatus is provided. The communication apparatus, which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprises a receiving unit configured to receive a registration message transmitted from the sensor via the relaying apparatus, and a transmitting unit
configured to transmit to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus. The
relaying apparatus, which is connected to the sensor and relays communications of the sensor, comprises a communication unit configured to relay a registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the
communication apparatus, a monitoring unit configured to monitor for the registration message received from the sensor, and a authentication unit configured to authenticate the communication apparatus, wherein the communication unit only relays a communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully authenticated.
[0014] Further features of the present invention will become apparent from the following description of exemplary embodiments which references the attached drawings .
BRIEF DESCRIPTION OF DRAWINGS
[0015] Fig.l illustrates an environment assumed in the present invention.
[0016] Fig.2 illustrates an exemplary system
including the resource directory, the gateway, and the sensors according to embodiments of the present
invention.
[0017] Fig.3 illustrates an exemplary block diagram of a resource directory according to embodiments of the present invention.
[0018] Fig.4 illustrates an exemplary block diagram of a gateway according to embodiments of the present invention.
[0019] Fig.5 illustrates an exemplary access list according to embodiments of the present invention.
[0020] Fig.6 illustrates exemplary operations for provisioning an access list according to embodiments of the present invention.
[0021] Fig.7 illustrates alternative exemplary operations for provisioning an access list according to embodiments of the present invention.
DETAILED DESCRIPTION
[0022] Embodiments of the present invention will now be described with reference to the attached drawings. Each embodiment described below will be helpful in understanding a variety of concepts from the generic to the more specific. It should be noted that the
technical scope of the present invention is defined by claims, and is not limited by each embodiment described below. In addition, not all combinations of the
features described in the embodiments are always indispensable for the present invention.
[0023] According to embodiments of the present invention, in order to protect against DoS attacks, a gateway functioning as a relaying apparatus that is connected to sensors can be arranged in sensor
networks. The gateway contains an access list of external apparatuses, e.g. service providers, which are allowed to access sensors connected to the gateway, and
it can prevent unexpected messages from reaching sensors by blocking access of external apparatuses which are not listed in an access list.
[0024] Fig.l illustrates an exemplary environment assumed in the present invention. It is assumed that the environment may be supported by an IPv6-based network. The environment includes a resource directory 101, a sensor vendor 102, a service provider 103, and an IPv6 sensor 104. The service provider 103 may provide services to users by communicating with the IPv6 sensor 104. A sensor vendor 102 is a vendor which manufactured and shipped the IPv6 sensor 104 with the IPv6 address of the resource directory 101 embedded.
[0025] The resource directory 101 has a role to provide a secure connection between the IPv6 sensor 104 and the service provider 103 as described in detail later. The resource directory 101 may be defined in IETF (Internet Engineering Task Force) CoRE WG
(Constrained RESTful Environments Working Group) . The IPv6 sensor 104 is a sensor which has an embedded IPv6 address and low output power. The IPv6 sensor 104 may be powered by battery.
[0026] It is assumed that the service provider 103 and the sensor vendor 102 have a business relationship. The service provider 103 can delegate access control management to the sensor vendor 102 or vice versa. The sensor vendor 102 (or the service provider 103) runs
and administrates the resource directory 101, and ships the IPv6 sensor 104 with the IPv6 address or FQDN (Full Qualified Domain Name) of the resource directory 101 embedded.
[0027] When the IPv6 sensor 104 powers on, it can send a message for requesting registration, i.e., a registration message to the resource directory 101 to the embedded IPv6 address or FQDN of the resource directory 101 in order to register address information of the sensor to the resource directory 101 for
communications with the service provider 103. The service provider 103 obtains the IPv6 sensor 104 address by looking up the address in the resource directory 101, and then starts to access the IPv6 sensor 104 and provide services to users based on sensed information received from the IPv6 sensor 104.
[0028] In such an environment, a gateway functioning as a relaying apparatus between the service provider 103/the resource directory 101 and the IPv6 sensor may be further considered in order to avoid attacks and ensure secure networks as described above.
[0029] Fig.2 illustrates an exemplary system
including the resource directory 101, the gateway 105, and sensors 104 according to embodiments of the present invention. The resource directory 101 functions as a communication apparatus according to embodiments of the present invention. The resource directory 101
implements basic functions to communicate with the IPv6 sensors 104 via the gateway 105, receive a registration message from the IPv6 sensors 104, and provide an access list of external apparatuses which are allowed to access the IPv6 sensors 104 to the gateway 105 to which the IPv6 sensors 104 are connected.
[0030] Also, the gateway 105 functions as a relaying apparatus according to embodiments of the present invention. The gateway 105 implements basic functions to receive the access list from the resource directory 101. The gateway 105 may relay a communication to the IPv6 sensors 104 if the communication is from the service provider 103 which is included in the list sent from the resource directory 101.
[0031] There may be a plurality of sensors 104 connected to the gateway 105 and each of the sensors may send a registration message to the resource
directory 101 via the gateway 105 to register address information of the sensor to the resource directory 101 for communications with the service provider 103. It should be noted that the IPv6 sensors 104 may sense a temperature, a distance, traffic, an acceleration, and etcetera, and may capture an image. The IPv6 sensors 104 may be a general IPv6 sensor, but are not required to have any specific functions for the present
invention. Communication between the resource directory 101 and the IPv6 sensors 104 is performed via the
gateway 105. The gateway 105 relays messages sent from the plurality of IPv6 sensors 104 to the resource directory 101. The gateway 105 may monitor the message so that it may perform access control between the resource directory 101 and the sensors 104.
[0032] Note that communication between the gateway 105 and the IPv6 sensors 104 may be over a wireless sensor network for short-range communication (e.g. IEEE 802.15.4, Zigbee etc). On the other hand, communication between the resource directory 101 and the gateway 105 may be over a wireless or a wired network for wide-area communication (e.g. Internet).
[0033] In this system, the gateway 105 receives the registration message from the IPv6 sensors 104, and sends them to the resource directory 101. Since the gateway 105 may monitor communication between the resource directory 101 and the IPv6 sensors 104, it may extract the message and verify it. When the resource directory 101 receives the registration message from the IPv6 sensor 104 via the gateway 105, it registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface etc. ) . Also, the resource directory 101 determines the address
information of the gateway 105 in order to send an access list to the gateway 105. After the registration, the resource directory 101 may send the access list to
the gateway 105. The gateway 105 receives the access list from the resource directory 101, and authenticates the resource directory 101 in order to validate the access list. If the resource directory 101 is
successfully authenticated, subsequently the gateway 105 may relay communication from the external apparatus listed in the access list to the sensors 104.
[0034] Fig.3 illustrates an exemplary configuration of the resource directory 101 as a communication apparatus according to embodiments of the present invention. The resource directory 101 includes a communication unit 301, a determination unit 304 and a registration unit 305. In addition, the communication unit 301 includes a receiving unit 302 and a
transmitting unit 303 for communicating with the gateway 105 and external apparatuses such as the sensor vendor 102 and the service provider 103. The receiving unit 302 is a receiver for receiving information from apparatuses connected to the resource directory 101, including the registration message sent from the sensor 104 via the gateway 105.
[0035] The transmitting unit 303 is a transmitter for transmitting information to the apparatus connected to the resource directory 101. According to embodiments of the present invention, the transmitting unit 303 may transmit an access list to the gateway 105.
[0036] Alternatively, the transmitting unit 303 may
transmit an electronic certificate in addition to the access list for achieving more secure connections.
[0037] As a hardware construction, the resource directory 101 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface. The functionality of the
determination unit 304 and the registration unit 305 of the resource directory 101 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area. The functionality of the communication unit 301 of the resource directory 101 may be
implemented by the interface.
[0038] The registration message to be received by the receiving unit 302 may include source IPv6 address information of the sensor 104. In the embodiment, the address information of the sensor 104 may contain the partial address information unique to a network
connecting the sensor, i.e. a prefix part of 64 bits, and the partial address information provided to the sensor, i.e. an interface ID part of 64 bits. Similarly, the address information of the gateway 105 may contain a prefix part of 64 bits unique to the network
connecting the sensor 104 and the gateway 105 and an interface ID part of 64 bits provided to the gateway 105. The prefix part of the address information of the sensor 104 will be given by the gateway 105 and the interface ID part which has been provided to the sensor
104 in advance by the sensor vendor 102. Furthermore, the address information of the resource directory 101 may contain a prefix part of 64 bits unique to a network connecting the resource directory 101, and an interface ID part of 64 bits provided to the resource directory 101.
[0039] The determination unit 304 determines the address information of the gateway 105 using the address information of the sensor 104 in order to send the access list to the gateway 105. If the resource directory 101 has no address information of the gateway 105, it may newly determine the address information of the gateway 105 using the address information of the sensor 104. According to one embodiment of the present invention, the interface ID part of the gateway 105 may be prepared in advance and shared between gateways. In other words, the interface ID part of the gateway may be standardized. The determination unit 304 may
generate the prefix part by arranging the same prefix as that of the sensor 104, because the network is constructed between the gateway 105 and the sensor 104 and the prefix part is unique to the network. Also, the determination unit 304 may generate the interface ID part by arranging the standardized address.
[0040] Alternatively, according to another
embodiment of the present invention, if the resource directory 101 already has address information, because,
for example, it had communicated once before, it may already store the list of address information of the gateway 105. In this case, the determination unit 304 may determine address information of the gateway 105 by selecting it from the stored list based on the prefix part of the address information of the sensor.
[0041] The registration unit 305 registers
information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .
[0042] Fig.4 illustrates an exemplary configuration of the gateway 105 as a relaying apparatus according to embodiments of the present invention. The gateway 105 includes a communication unit 401, a monitoring unit 402, and an authentication unit 403.
[0043] The communication unit 401 may communicate with the sensor 104 via a wireless sensor network, while it may communicate with the resource directory 101 via a wireless or wired network. The communication unit 401 constructs a network between the gateway 105 and the sensor 104 when the sensor 104 is powered on, where the address information of the sensor 104 is determined to include the prefix part which was assigned by the communication unit 401 and the
interface ID part which was provided in advance by the sensor vendor 102. The sensor 104 may send the
registration message using the determined address
information. The communication unit 401 will receive the registration message from the sensor 104. After receiving the registration message, the communication unit 401 provides it to the monitoring unit 402. The monitoring unit 402 may determine if the received message is the registration message by checking a message type which is included in the registration message. If the received message is the registration message, the communication unit 401 sends (relays) the registration message to the resource directory 101, and then receives an access list of external apparatuses which are allowed to access the sensor 104, from the resource directory 101.
[ 0044 ] The monitoring unit 402 monitors information which is received by the communication unit 401 and provided to the monitoring unit 402 from the
communication unit 401. Especially, the monitoring unit 402 monitors for the registration message and caches and stores it when the communication unit 401 receives the registration message. This registration message will be used for authenticating the resource directory 101 later. Also, the monitoring unit 402 stores an access list which is received from the authenticated resource directory 101 by the authentication unit 403, and determines if an access request to the sensor 104 is transmitted from the external apparatus which is listed in the list.
[0045] The authentication unit 403 authenticates the resource directory based on the IPv6 address
information of the resource directory 101. The
authentication unit 403 checks if the IPv6 address of the resource directory 101 is the same as the
destination IPv6 address of the registration message that is cached and stored in the monitoring unit 402. Also, the authentication may be performed using the certificate which is sent from the resource directory 101. If the resource directory 101 was successfully authenticated, the gateway 105 subsequently relays communication to the sensor 104 from the external apparatus listed in the access list.
[0046] As a hardware construction, the gateway 105 comprises a central processing unit (CPU) , a read only memory (ROM) , a random access memory (RAM) , and an interface. The functionality of the monitoring unit 402 and the authentication unit 403 of the gateway 105 may be implemented by the CPU which executes software stored in the ROM using RAM as a work area. The
functionality of the communication unit 401 of the gateway 105 may be implemented by the interface.
[0047] Fig. 5 illustrates an exemplary access list according to one embodiment of the present invention. The access list may list address information of the external apparatuses which are allowed to access the sensor 104. Such a list is generated for each sensor,
because it is necessary for each sensor to have
information as to which external apparatuses are
legitimate. The list may include sensor identification information to identify the list for the specific sensor. Also, the list may include other contents, e.g., certificates and other components that indicate directly or indirectly a destination of each of the external apparatuses.
[0048] Fig.6 illustrates an exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list in the gateway 105 according to embodiments of the present invention.
[0049] Firstly the address information of the
resource directory 101 is assigned to the resource directory 101 by an external apparatus, e.g., a service provider in S601. Note that the address information of the resource directory 101 is also provided to the sensor 104 in advance by an external apparatus, e.g. a sensor vendor 102.
[0050] The gateway 105 sets up a local sensor
network (e.g. 6L0WPAN, Zigbee IP etc) and determines a prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104 (e.g. 1000: :/64) using, for example, DHCPv6
(Dynamic Host Configuration Protocol) prefix delegation, in S602. Then the communication unit 401 of the gateway
105 sends the prefix part of the address information to the sensor 104 in S603.
[0051] In addition to the process above, the gateway 105 determines its own address information in S602. The gateway 105 may assign well-known interface
identification as an interface ID part of the address information (e.g. ::C0AF). The gateway 105 may
determine its own address information (e.g. 1000::
C0AF) using the assigned prefix part (e.g. 1000: :/64) and the assigned interface ID part (e.g. ::C0AF).
[0052] In S604, the sensor 106 boots (powers on) for starting to set up a network. The prefix part of the address information unique to the local sensor network between the gateway 105 and the sensor 104, is assigned to the sensor 104 in S605. The sensor 104 then
generates its own address information by using the prefix part which has been assigned by the gateway 105 and the interface ID part provided by the external apparatus (e.g. 1000::xxxx) in S605.
[0053] The sensor 104 then sends a registration message using the address information of the resource directory 101 as a destination address and the address information of the sensor as a source address in S606. Note that, as described above, the address information of the resource directory 101 has already been provided to the sensor 104 by an external apparatus, e.g. the sensor vendor 102.
[0054] The registration message sent from the sensor
104 may be received by the communication unit 401 of the gateway 105 in S607. The communication unit 401 provides the received registration message to the monitoring unit 402 of the gateway. The monitoring unit 402 determines whether the provided message is the registration message from the sensor 104 with reference to the message type included in the message. If the provided message is the registration message, the monitoring unit 402 caches the message for the purpose of further processing.
[0055] After the monitoring processing, the gateway
105 sends (relays) the registration message to the resource directory 101 after cashing the registration message, and the resource directory 101 receives the registration message in S608. When the resource
directory 101 receives the registration message, the registration unit 305 registers information of the IPv6 sensor 104 which is included in the registration message (e.g. address information, a sensor type, a sensor interface, etc. ) .After the registration, the resource directory 101 determines address information of the gateway 105 in S609. This process may be
performed by using the address information of the sensor included in the registration message sent from the sensor, if it has no address information of the gateway 105. Alternatively this process may be
performed by selecting address information from the stored address information in the resource directory 101 as described before.
[0056] After determining the address information of the gateway 105, the resource directory 101 sends a message for providing an access list of external apparatuses which are allowed to access the sensor connected to the gateway 105 in S610.
[0057] In S611, when the communication unit 401 of the gateway 105 receives the message with the access list from the resource directory 101, it provides the message to the monitoring unit 402. The monitoring unit 402 determines a type of the message based on a message type, and if it is determined that the message is for provisioning the access list, the monitoring unit 402 provides the message to the authentication unit 403 with the registration message cached in S607. The authentication unit 403 authenticates the resource directory 101 by comparing the address information used in the message for provisioning the access list and that used in the cached registration message.
[0058] If the address information is the same, the resource directory 101 is successfully authenticated. Subsequently the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, if the authentication failed, the gateway 105 discards the access list. The
monitoring unit 402 may monitor communication of the communication unit 401 using the access list. If the monitoring unit 402 admits that communication is
performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101.
[0059] According to the embodiment of the present invention described above, it is possible to remotely configure the access list in the gateway 105 for a specific IPv6 sensor 104. However, any adversaries, if they get the address information of the gateway 105, can perform S610, can provide a malicious access list to the gateway 105, and can make the sensor's battery run out. In the following, in order to avoid such a problem, a more secure mechanism that enables gateways to authenticate strongly resource directories that will be described.
[0060] Fig.7 illustrates an alternative exemplary signal flow among the resource directory 101, the gateway 105, and the sensor 104 for configuring the access list more securely in the gateway 105 according to embodiments of the present invention.
[0061] The signal flow shown in Fig.7 may ensure a more secure connection than that of Fig.6. In S701, a Cryptographically Generated Address (CGA) is assigned
to the resource directory 101. The CGA is an IPv6 address using a 64-bit hash value calculated with an electronic certificate for the resource directory 101. For the electronic certificate for generating the CGA, X.509 certificate may be used. X.509 is standardized in ITU (International Telecommunication Union) or ISO (International Organization for Standardization).
However, because it uses only 64 bits for the hash value, CGA may not be strong enough cryptographically. So, optionally, an X.509 certificate may be used. This CGA address of the resource directory 101 is provided to the sensor 104 in advance by an external apparatus in advance, e.g. a sensor vendor. Except for the CGA address assignment to the resource directory 101, the steps from S701 to S710 are the same as the steps S601 to S610.
[ 0062 ] In S711, the resource directory sends the electronic certificate (X.509 certificate) in addition to the list of external apparatuses to the gateway 105. This transmission step may be performed in response to a request from the gateway 105 or automatically by the resource directory 101 after the provisioning of the access list in S710. In S712, the sensor 104 sends sensor identification information to the gateway 105, in response to a request for it from the gateway 105 to the sensor 104. In S713, the gateway 105 may perform the authentication using the received information from
the resource directory 101 and the sensor 104.
[0063] More specifically, in S713, in addition to the comparison process described in S611, the
authentication unit 403 may perform the CGA
verification against the CGA address of the resource directory 101.
[0064] When optionally using X.509 certificates, the authentication unit 403 of the gateway 105 may use the sensor identification information obtained from the sensor 104, e.g. a sensor vendor name. Since a sub ect field of the X.509 certificate of the resource
directory may include the sensor identification
information, the gateway 105 may further authenticate the resource directory 101 by comparing the sensor identification information included in the X.509 certificate sent from the resource directory 101 and the sensor identification information obtained from the sensor 104. If the both are the same, the resource directory 101 may be successfully authenticated.
[0065] If the resource directory 101 is successfully authenticated in S713, subsequently the monitoring unit 402 of the gateway 105 may store the access list received from the resource directory 101. On the other hand, the authentication failed, the gateway 105 breaks off the access list. The monitoring unit 402 may monitor communication of the communication unit 401 with reference to the access list. If the monitoring
unit 402 admits that communication is performed from an external apparatus which is listed in the access list, the communication unit 401 may relay communication to the sensor from the external apparatus, e.g. a service provider, which is listed in the list provided by the authenticated resource directory 101. Hence, a secure link may be established in S713, and the security between the resource directory 101 and the gateway 105 is enhanced.
[0066] In reality, there are likely to be multiple sensor vendors and service providers. A service
provider may use sensors of different vendors, and multiple service providers may use sensors of a single vendor. Different service providers will use different access lists for their sensors.
[0067] So, as another embodiment, a database may be connected to the resource directory. The database may store access lists associating each sensor with sensor identification information, e.g., information of sensor vendors and serial numbers. The resource directory may obtain sensor identification information from sensors through an API (Application Programming Interface) . The resource directory may look up the access list related to the sensor with the sensor identification
information.
[0068] As an alternative embodiment, optionally based on the embodiments disclosed above, a secured
link can be established between gateways 105 and sensors 104 in the local sensor network.
[0069] More specifically, this secure link is established with a secret key which is originally shared between the resource directory 101 and the sensor 104. The shared secret key may be provided to sensors 104 in advance, for example, at the
manufacturing time and may be shared between the sensors 104 and the gateway 105 afterwards during establishing the sensor network between the sensor 104 and the gateway 105. By using the secret key, the gateway 105 can establish a secure link with the sensor 104.
[0070] While the present invention has been
described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all modifications, equivalent structures and functions.
Claims
1. A communication apparatus (101) which
communicates with a sensor connected to a relaying apparatus via the relaying apparatus comprising:
a receiving unit (302) configured to receive a registration message transmitted from the sensor via the relaying apparatus; and
a transmitting unit (303) configured to transmit to the relaying apparatus a list of external
apparatuses which are allowed to access the sensor connected to the relaying apparatus.
2. The communication apparatus according to claim 1 further comprising a determination unit (304)
configured to determine address information of the relaying apparatus based on address information of the sensor included in the received registration message, wherein the transmitting unit transmits the list of external apparatuses to the relaying apparatus by using the determined address information of the relaying apparatus.
3. The communication apparatus according to claim 2, wherein the address information of the sensor contains partial address information unique to a network configured to connect the sensor and the relaying
apparatus, and partial address information provided in advance to the sensor, and
the determination unit determines the address information of the relaying apparatus by using the partial address information unique to the network.
4. The communication apparatus according to claim 3, wherein the address information of the relaying apparatus contains the partial address information unique to the network and partial address information provided in advance to the relaying apparatus.
5 The communication apparatus according to claim 4, wherein the partial address information provided in advance is address information common to other relaying apparatuses .
6. The communication apparatus according to claim 4, wherein the partial address information provided in advance is address information which is specified from stored address information in the communication
apparatus .
7. The communication apparatus according to any of the precedent claims, wherein the address information of the communication apparatus is generated by using an electronic certificate of the communication apparatus.
8. The communication apparatus according to claim 7, wherein the address information of the communication apparatus is a Cryptographically Generated Address (CGA) .
9. The communication apparatus according to claim 7 or 8, wherein the transmitting unit transmits the electronic certificate in addition to the list of external apparatuses to the relaying apparatus.
10. The communication apparatus according to any of claims 7-9, wherein the electronic certificate contains sensor identification information.
11. The communication apparatus according to any of the precedent claims wherein, the list of external apparatuses is specified by using the sensor
identification information from a database which stores a list for each sensor.
12. The communication apparatus according to any of the precedent claims wherein, the sensor is powered by a battery.
13. A control method of a communication apparatus (101) which communicates with a sensor connected to a
relaying apparatus via the relaying apparatus, the method comprising:
a receiving step (S608) of receiving a
registration message transmitted from the sensor via the relaying apparatus; and
a transmitting step (S610) of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
14. A computer program which causes a computer to execute a control method of a communication apparatus (101) which communicates with a sensor connected to a relaying apparatus via the relaying apparatus, the method comprising:
a receiving step (S608) of receiving a
registration message transmitted from the sensor via the relaying apparatus; and
a transmitting step (S610) of transmitting to the relaying apparatus a list of external apparatuses which are allowed to access the sensor connected to the relaying apparatus.
15. A relaying apparatus (105) which is connected to a sensor and relays communications of the sensor, the relaying apparatus comprising:
a communication unit (401) configured to relay a
registration message received from the sensor to a communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring unit ( 402 ) configured to monitor for the registration message received from the sensor; and a authentication unit (403) configured to
authenticate the communication apparatus,
wherein the communication unit only relays a
communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
16. The relaying apparatus according to claim 15, wherein the monitoring unit extracts information generated by using an electronic certificate, from the registration message.
17. The relaying apparatus according to claim 16, wherein,
the information generated by using the electronic certificate is address information of the communication apparatus,
the communication unit receives the electronic certificate in addition to the list, and
the authentication unit authenticates the
communication apparatus based on the received
electronic certificate and the address information of the communication apparatus.
18. The relaying apparatus according to claim 17, wherein the electronic certificate includes sensor identification information, and
the authentication unit further authenticates the communication apparatus by comparing the sensor
identification information included in the electronic certificate received from the communication apparatus and sensor identification information received from the sensor .
19. The relaying apparatus according to any of claims 15-18, wherein the communication unit receives from the sensor a secret key which is pre-shared between the sensor and the communication apparatus, and carries out encryption processing using the secret key in
communicating to the sensor.
20. The relaying apparatus according to any of claims 15-19, wherein, the sensor is powered by a battery.
21. A control method of a relaying apparatus which is connected to a sensor and relays communications of the
sensor, the method comprising:
a communicating step (S606, S610) of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring step (S607) of monitoring for the registration message received from the sensor; and
an authenticating step (S611) of authenticating the communication apparatus,
wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
22. A computer program which causes a computer to execute a control method of a relaying apparatus which is connected to a sensor and relays communications of the sensor, the method comprising:
a communicating step (S606, S610)of relaying a registration message received from the sensor to a communication apparatus and receiving a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring step (S607) of monitoring for the
registration message received from the sensor; and an authenticating step (S611) of authenticating the communication apparatus,
wherein in the communicating step, a communication is only relayed to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the
communication apparatus has been successfully
authenticated.
23. The system including a communication apparatus and a relaying apparatus,
the communication apparatus (101), which
communicates with a sensor connected to a relaying apparatus via the relaying apparatus, comprising:
a receiving unit (302) configured to receive a registration message transmitted from the sensor via the relaying apparatus; and
a transmitting unit (303) configured to transmit to the relaying apparatus a list of external
apparatuses which are allowed to access the sensor connected to the relaying apparatus, and
the relaying apparatus (105), which is connected to the sensor and relays communications of the sensor, comprising:
a communication unit (401) configured to relay a registration message received from the sensor to a
communication apparatus and receive a list of external apparatuses which are allowed to access the sensor from the communication apparatus;
a monitoring unit (402) configured to monitor for the registration message received from the sensor; and an authentication unit (403) configured to authenticate the communication apparatus,
wherein the communication unit only relays a
communication to the sensor if the communication is from an external apparatus which is included in the list sent from the communication apparatus and the communication apparatus has been successfully
authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SE2013/050059 WO2014116152A1 (en) | 2013-01-28 | 2013-01-28 | Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SE2013/050059 WO2014116152A1 (en) | 2013-01-28 | 2013-01-28 | Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014116152A1 true WO2014116152A1 (en) | 2014-07-31 |
Family
ID=47741233
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE2013/050059 WO2014116152A1 (en) | 2013-01-28 | 2013-01-28 | Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014116152A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2530028A (en) * | 2014-09-08 | 2016-03-16 | Advanced Risc Mach Ltd | Registry apparatus, agent device, application providing apparatus and corresponding methods |
WO2018208818A1 (en) * | 2017-05-09 | 2018-11-15 | Intel Corporation | Access control in an observe-notify network using callback |
US10637847B2 (en) | 2016-09-29 | 2020-04-28 | British Telecommunications Public Limited Company | Collection of sensor data from sensor devices |
US10885198B2 (en) | 2015-08-03 | 2021-01-05 | Arm Ltd | Bootstrapping without transferring private key |
US10911424B2 (en) | 2013-10-17 | 2021-02-02 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US10951429B2 (en) | 2015-08-03 | 2021-03-16 | Arm Ltd | Server initiated remote device registration |
US11076290B2 (en) | 2013-10-17 | 2021-07-27 | Arm Ip Limited | Assigning an agent device from a first device registry to a second device registry |
US11082421B2 (en) | 2014-09-03 | 2021-08-03 | Arm Limited | Bootstrap mechanism for endpoint devices |
US11475134B2 (en) | 2019-04-10 | 2022-10-18 | Arm Limited | Bootstrapping a device |
US12001853B2 (en) | 2018-12-03 | 2024-06-04 | Arm Limited | Device bootstrapping |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060039316A1 (en) * | 2004-08-20 | 2006-02-23 | Minoru Ogushi | Wireless communication system |
WO2007079279A2 (en) * | 2005-11-08 | 2007-07-12 | Nortel Networks Limited | Dynamic sensor network registry |
US20100122091A1 (en) * | 2008-11-07 | 2010-05-13 | Yi-Hsiung Huang | Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof |
-
2013
- 2013-01-28 WO PCT/SE2013/050059 patent/WO2014116152A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060039316A1 (en) * | 2004-08-20 | 2006-02-23 | Minoru Ogushi | Wireless communication system |
WO2007079279A2 (en) * | 2005-11-08 | 2007-07-12 | Nortel Networks Limited | Dynamic sensor network registry |
US20100122091A1 (en) * | 2008-11-07 | 2010-05-13 | Yi-Hsiung Huang | Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof |
Non-Patent Citations (1)
Title |
---|
YOUSSOU FAYE ET AL.: "A survey of Access Control Schemes in Wireless Sensor Networks", WASET, WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, vol. 59, 2011, pages 814 - 823 |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11240222B2 (en) | 2013-10-17 | 2022-02-01 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US11076290B2 (en) | 2013-10-17 | 2021-07-27 | Arm Ip Limited | Assigning an agent device from a first device registry to a second device registry |
US10911424B2 (en) | 2013-10-17 | 2021-02-02 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US11082421B2 (en) | 2014-09-03 | 2021-08-03 | Arm Limited | Bootstrap mechanism for endpoint devices |
GB2530028B (en) * | 2014-09-08 | 2021-07-21 | Advanced Risc Mach Ltd | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US10129268B2 (en) | 2014-09-08 | 2018-11-13 | Arm Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
GB2530028A (en) * | 2014-09-08 | 2016-03-16 | Advanced Risc Mach Ltd | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US10951630B2 (en) | 2014-09-08 | 2021-03-16 | Arm Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US10951429B2 (en) | 2015-08-03 | 2021-03-16 | Arm Ltd | Server initiated remote device registration |
US10885198B2 (en) | 2015-08-03 | 2021-01-05 | Arm Ltd | Bootstrapping without transferring private key |
US10637847B2 (en) | 2016-09-29 | 2020-04-28 | British Telecommunications Public Limited Company | Collection of sensor data from sensor devices |
WO2018208818A1 (en) * | 2017-05-09 | 2018-11-15 | Intel Corporation | Access control in an observe-notify network using callback |
US11546761B2 (en) * | 2017-05-09 | 2023-01-03 | Intel Corporation | Access control in an observe-notify network using callback |
US12001853B2 (en) | 2018-12-03 | 2024-06-04 | Arm Limited | Device bootstrapping |
US11475134B2 (en) | 2019-04-10 | 2022-10-18 | Arm Limited | Bootstrapping a device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Tschofenig et al. | Transport layer security (tls)/datagram transport layer security (dtls) profiles for the internet of things | |
US10601594B2 (en) | End-to-end service layer authentication | |
WO2014116152A1 (en) | Communication apparatus, control method thereof, computer program thereof, relaying apparatus, control method thereof, computer program thereof | |
KR101881844B1 (en) | Access network assisted bootstrapping | |
EP2789117B1 (en) | Secure prefix authorization with untrusted mapping services | |
CN103155512B (en) | System and method for providing secure access to service | |
CN110710171B (en) | Signal communication system | |
US20070260884A1 (en) | Method and apparatus for address creation and validation | |
JP5763849B2 (en) | Device configuration and method for realizing a data transfer network used in remote control of properties | |
WO2013176689A1 (en) | Using neighbor discovery to create trust information for other applications | |
Lopez et al. | Pceps: Usage of tls to provide a secure transport for the path computation element communication protocol (pcep) | |
Fossati | RFC 7925: Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things | |
Jara et al. | Secure and scalable mobility management scheme for the Internet of Things integration in the future internet architecture | |
CN110832806B (en) | ID-based data plane security for identity-oriented networks | |
WO2014148960A1 (en) | Communication apparatus, control method thereof, and computer program thereof | |
Goswami et al. | Securing intra-communication in 6LoWPAN: A PKI integrated scheme | |
WO2018172776A1 (en) | Secure transfer of data between internet of things devices | |
KR20180099293A (en) | Method for communicating between trust domains and gateway therefor | |
KR100953068B1 (en) | Method for secure neighbor discovery in internet environment | |
Zhang et al. | Evolving intelligent devices for the future via named data networking | |
US11632672B2 (en) | Systems and methods to support data privacy over a multi-hop network | |
Premalatha et al. | A certificate based authorization and protected application layer protocol for IoT | |
CN117242743A (en) | Method for communication of IoT nodes or IoT devices in a local network | |
JP2024515154A (en) | Secure key management device, authentication system, wide area network, and method for generating session keys - Patents.com | |
Martínez-Yelmo et al. | An API for IPv6 Multihoming |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13705272 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13705272 Country of ref document: EP Kind code of ref document: A1 |