WO2014154813A1 - Procede et dispositif pour former un reseau sans fil securise a faibles ressources - Google Patents
Procede et dispositif pour former un reseau sans fil securise a faibles ressources Download PDFInfo
- Publication number
- WO2014154813A1 WO2014154813A1 PCT/EP2014/056174 EP2014056174W WO2014154813A1 WO 2014154813 A1 WO2014154813 A1 WO 2014154813A1 EP 2014056174 W EP2014056174 W EP 2014056174W WO 2014154813 A1 WO2014154813 A1 WO 2014154813A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- nodes
- node
- neighboring
- network
- list
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004891 communication Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 8
- 238000013459 approach Methods 0.000 description 7
- 230000001413 cellular effect Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 230000015572 biosynthetic process Effects 0.000 description 3
- 238000009795 derivation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000012913 prioritisation Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the invention relates to the field of security in communication networks and in particular that of securing low-resource networks.
- Low-resource networks consist of devices or nodes with low computing, memory and power capabilities, such as for example emerging networks with machine-to-machine communications, wireless sensor networks, and vehicular networks.
- an initial node needs to communicate with a target node with which it does not previously share keys, it must look for a trusted path by collaborating network nodes that can share keys with the target node.
- the initial node may also send a request to a local or remote server to have a common key with the target node.
- KEMP Lightweight Key Establishment and Management Protocol in Dynamic Sensor Networks
- the shared key is generated locally, while at the router, the key is transmitted by the server on a secure channel.
- the initial node must re-execute a protocol (KEMP) for each neighboring node as if it were a new neighbor router.
- KEMP a protocol
- Known approaches while offering alternative solutions, are not a fast enough and efficient solution in terms of resources, node-level or bandwidth energy consumption, for the establishment of shared keys between several neighboring nodes in a low-resource network.
- the solution of the present invention facilitates dynamic formation of a network of nodes with low resources while overcoming the drawbacks of a conventional approach.
- An object of the present invention is to provide a method for forming a secure network for low resource nodes that do not have a prior trusted relationship with each other.
- the formation of the network does not require a dedicated local security infrastructure and relies on a remote trusted entity.
- Another object of the present invention is to enable authentication of a node and securing its access to a low-resource network by providing it, in a secure manner, all the necessary cryptographic material, in particular by providing it shared keys with neighboring nodes.
- the present invention does not require the existence of a trust relationship between the administrative domain of the access network and that of the low-resource network.
- the remote infrastructure access network may belong to a different administrative domain with no trusted relationship to the administrative domain to which the nodes forming the secure network belong.
- the present invention allows the gradual addition of nodes by securing their access to the secured network formed.
- the present invention makes it possible to reduce the number of messages exchanged for the establishment of security associations between neighboring nodes in a network with low resources.
- the cryptographic material established between nodes belonging to the secure network is not disclosed to entities other than these, except the remote trusted entity that provides them. In particular, the entities of the remote infrastructure access network do not become aware of this cryptographic material.
- the present invention allows a node to authenticate at once to the security infrastructure and simultaneously acquire shared keys with its neighboring nodes.
- the present invention will be implemented in situations where devices of low resources need to create a secure network in a hostile environment or difficult to access.
- the invention will find application for emergency services such as ambulance services, fire, police, civil security or humanitarian aid.
- emergency services such as ambulance services, fire, police, civil security or humanitarian aid.
- interventions in crisis contexts such as serious incidents, fires, acts of terrorism, which require the communication of intervention services to coordinate their actions and improve crisis management.
- a secure network established between different services facilitates needs and impact assessments and provides information on access to goods, infrastructure, or populations. Communications between the various emergency services thus make it possible to optimize the allocation of financial, material and human resources and to increase the rapid response capabilities.
- Network security is needed and can rely on a remote security infrastructure that emergency services access through a third-party access network, such as a cellular network.
- a third-party access network such as a cellular network.
- Another context where the present invention will advantageously find application is that of sensors / actuators deployed in a hostile environment. Actually, sensors or actuators can be deployed in hostile or difficult-to-access environments - battlefields, disaster or disaster support - to obtain vital information or control the environment. These devices must operate without human intervention.
- the infrastructure of Dedicated security may not be integrated into their environment, and therefore these devices must rely on unreliable third-party infrastructures - cellular network, satellite network, foreign communication facilities - for the management of their security.
- the invention allows such devices to self-organize to form a secure network.
- the invention makes it possible to create security associations in a dynamic, fast and efficient manner between the devices forming the network and as nodes join the network.
- a method for forming a secure wireless network between low resource nodes of the communication network comprises the steps of:
- nKGS shared key generation key
- the step of generating a list of neighboring nodes comprises the steps of:
- the step of discovering neighboring nodes implements a node discovery protocol located at a jump on the same link.
- the step of selecting neighboring nodes of interest consists in selecting neighboring nodes belonging to the same security authority.
- the step of selecting neighboring nodes of interest consists in selecting neighboring nodes belonging to the same administrative domain.
- the step of establishing a secure channel includes the steps of:
- the authentication step implements an "Extensible Authentication Protocol" (EAP) authentication tocole.
- the method comprises, before the step of receiving master session keys, a step for generating by the authentication entity a plurality of master session keys for each node of the list LV having itself the requesting node in its own LV list.
- the key generation steps use a hash function to derive the keys.
- the network of nodes is a "mobile ad hoc network" type network and is based on level 2 and / or level 3 communications.
- the invention is implemented as a system for forming a secure wireless network between low-resource nodes of a communication network, and comprises means for implementing the steps of the described method.
- a computer program product including code instructions performs the steps of the method described when the program is run on a computer.
- FIG. 1 is a topological representation of an infrastructure of communication in which to advantageously implement the invention
- Figure 2 shows the steps performed for authentication and access control of a node to the low resource network according to the method of the present invention
- Figure 3 illustrates the prioritization of the keys of the requesting node and its neighbor nodes in an embodiment based on the EAP protocol
- FIG. 4 shows the exchanges made between the nodes of a network and the authentication server in a preferential implementation of the invention
- FIG. 5 illustrates the steps performed by the method of the present invention for successive arrivals of nodes to the secure network.
- FIG. 1 illustrates an example of a communication infrastructure 100 in which to advantageously implement the invention.
- a network 102 includes a plurality of nodes (104, 106) having low resources.
- a node is a low-resource static or mobile communicating device that joins the low-resource network.
- the network is a "mobile ad hoc network" or MANET network which is a wireless network able to organize without infrastructure defined beforehand.
- Examples of low resource networks are sensors networks deployed in the industrial field or vehicular networks.
- a number of nodes (106) wish to access a resource or service associated with a remote infrastructure.
- the invention applies to the general context in which a group of nodes (106), mobile or static, want to form a secure wireless network.
- the concerned nodes (106) connect to a network access infrastructure (108) via an access point (110) which may be a wifi terminal or a cellular antenna to communicate with a remote security entity ( 112).
- the remote security entity (112) comprises at least one authentication server.
- the authentication server (112) responsible for the authentication of the nodes, stores cryptographic data necessary for the authentication of each of the nodes of the group (106). As will be detailed later, each node, after its authentication, receives shared keys with its neighboring nodes that have authenticated. These keys are used to establish secure communications in the network thus formed.
- the nodes of the low resource network access the remote security entity through a third party communication network (108) which may be a cellular network or the Internet.
- the network access infrastructure (108) may contain intermediate entities such as routers (114) and / or intermediate servers (116).
- FIG. 1 only shows a finite number of entities and connections, but the person skilled in the art will extend the principles described for the present invention.
- the node network (102) may be based on level 2 (e.g., 802.15.4 or 802.11) and / or level 3 (e.g., IP) communications.
- level 2 e.g., 802.15.4 or 802.11
- level 3 e.g., IP
- multicast or broadcast communication schemes can be used.
- Figure 2 shows the steps performed for authentication and access control of a node arriving at the low resource network according to the method of the present invention.
- the method begins (200) when an arriving node requests to join a low resource network.
- a first step (202) is the discovery of neighboring nodes. This step allows a requesting node that joins the low-resource network to discover its neighbor nodes.
- a protocol for discovering nodes on the same link at a hop is used.
- Such a protocol is for example that described by T. Narten et al., In “Neighbor Discovery for IP Version 6 (IPv6)", IETF RFC 4861, September 2007.
- a node can also discover its neighbors by relying for example on the receipt of announcement messages - for example a "Hello" message - sent periodically by them.
- the discovery phase ends with the end of the neighbor node discovery protocol. Depending on the protocol used, the discovery phase may end, for example on the expiration of a timeout period (timeout).
- timeout a timeout period
- Step 202 allows selection by the requesting node of neighbor nodes of interest.
- the requesting node possesses a list " ⁇ _ ⁇ " of the identities of the selected neighboring nodes.
- the requesting node may choose as the selection criterion the membership of neighboring nodes to the same security authority. In another implementation variant, it can be based on the membership of the same administrative domain to select neighboring nodes of interest.
- the selected identities may take the syntax of Network Access Identifier (NAI) in English as described in B. Aboba and M. Beadles, "The Network”. Access Identifier ", IETF RFC 2486, January, 1999.
- NAI Network Access Identifier
- the selection can be based on the" realm "domain part of the identities where the requesting node chooses neighboring nodes belonging to the same domain as its own.
- the method proceeds to step 204 by end-to-end authentication.
- This step allows the requesting node to authenticate to the remote entity to gain access to the low-resource network.
- an "Extended Authentication Protocol” type protocol as described in the document by B. Aboba et al. "Extensible Authentication Protocol (EAP)", IETF RFC 3748, June 2004 is used.
- Another example of an authentication protocol is the Authentication and Key Agreement (AKA) protocol used in 3GPP UMTS and LTE communications.
- AKA Authentication and Key Agreement
- nMSK Neighbor Key Generation Seed
- the key nKGS is derived from the key known in English as "Extended Master Session Key” (EMSK) that is generated during authentication with the EAP protocol and shared only between the node and the authentication entity.
- EMSK Extended Master Session Key
- the requesting node sends to the remote entity the list of identities of the selected neighboring nodes through the secure end-to-end channel. It can also send additional information about its neighborhood, for example on the density or the quality of the transmission channel.
- the remote entity Upon receipt of this list, the remote entity derives from the master key (nKGS) of each neighbor node that has added the requesting node to its own list "L v ", a master session key (nMSK) or "Neighbor” Master Session Key "in English.
- nMSK session master key set is generated for all neighboring nodes having the requesting node in their Lv list.
- the remote entity then sends the set of derived (nMSK) keys through the secure channel to the requesting node.
- Each derived key will then be shared between the requesting node and the corresponding neighbor node.
- the response message of the remote entity may also contain other keys, for example a group key and / or other information such as local network server identities.
- the derived keys will be used in a next step 208 to establish security associations between the requesting node and the corresponding neighbor nodes based on the received keys (nMSK).
- Figure 3 illustrates the prioritization of the keys of the requesting node and its neighbor nodes in an embodiment based on the EAP protocol.
- an nKGS master key (306) is derived from the key EMSK (304) generated itself during authentication.
- the master session keys (308-1, 308-2, ...) are then derived for each neighbor node identified in the "l_v" list of the requesting node and having itself accepted the requesting node in its own list.
- FIG. 4 shows the exchanges made between the nodes of a network and the authentication server in a preferential implementation of the invention based on the EAP protocol.
- the requesting node During the discovery phase of neighbor nodes (402), the requesting node generates (404) a list "L v >" containing the identities of the selected neighboring nodes. It then establishes an authentication process (406) with the remote authentication entity using the EAP authentication protocol. During authentication, an EMSK key is deduced according to the EAP protocol. On the basis of this EMSK key, an nKGS key generation key shared with neighboring nodes is derived (408).
- a hash cryptographic function (H) is used to derive the master key according to the following function:
- nKGSnode H (EMSK, "nMSK Generation Seed”)
- the requesting node During its authentication, the requesting node establishes a secure channel (410) in confidentiality and integrity with the remote authentication entity. This channel is used to send the list L v of the identities of the selected neighboring nodes to the authentication server. Upon reception by the server of the list L v of the identities of the selected nodes, a plurality of session master keys is generated (412). The remote entity derives an nMSK master session key for each node in the list that has itself selected the requesting node in its own L v list. Each master session key is generated using the master key of generation of shared keys nKGS VO isin associated with this neighbor node (414).
- a hash cryptographic function (H) and the Network Access Identifier (NAI) of the node are used according to the following function:
- nMSK NA i H (nKGSvoisin, NAI) where the NAI identity of the node is the network access identifier of the node that authenticates to the network.
- nKGS shared key generation key and nMSK session master key s using a hash function is provided as an example.
- HKDF HMAC-based Extract-and-Expand Function Key Derivation
- the resulting master session keys ⁇ nMSK s ⁇ are sent by the remote entity to the requesting node through the secure channel.
- the requesting node uses the keys ⁇ nMSK s ⁇ received to establish security associations (416) with its neighbor nodes.
- FIG. 5 illustrates on an example of three nodes (node 1, node 2, node 3) the steps performed by the method of the present invention for successive arrivals of the nodes to the secure network.
- the invention allows a progressive formation of a secure network for neighboring nodes.
- a first requesting node (node 1) initiates the process of discovering neighbor and authentication nodes with the remote entity by performing steps 202 to 208 as described with reference in Figure 2.
- a node within range of the access point (110) authenticates first to the remote entity (112). After successful authentication, the requesting node responds (502) to discovery queries of neighboring nodes. The requesting node then relays the authentication requests received from the neighboring nodes and establishes (504) security associations with them. The neighboring nodes thus authenticated, perform the same operations as the first authenticated nodes, respectively the steps (506, 508) for the node 2, and (510, 512) for the node 3.
- a requesting node receives a set of master session keys ⁇ nMSK s ⁇ from the remote entity during its authentication, and the neighboring nodes will locally derive their key (nMSK 2 , nMSK 3 , ...) based on each on their own master keys (nKGS- ⁇ , nKGS 2 , ).
- the remote server may establish a priority protocol to choose to authenticate a node before its neighbor node or neighboring nodes.
- a priority protocol to choose to authenticate a node before its neighbor node or neighboring nodes.
- the present invention can be implemented from hardware and / or software elements. It may be available as a computer program product on a computer readable medium.
- the support can be electronic, magnetic, optical, electromagnetic or be an infrared type of diffusion medium. Such media are for example, Random Access Memory RAMs, Read-Only Memory ROMs, tapes, floppies or disks. Magnetic or optical (Compact Disk - Read Only Memory (CD-ROM), Compact Disk - Read / Write (CD-R / W) and DVD).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/778,025 US9774585B2 (en) | 2013-03-28 | 2014-03-27 | Method and device for forming a secure wireless network with limited resources |
EP14713118.9A EP2979391A1 (fr) | 2013-03-28 | 2014-03-27 | Procede et dispositif pour former un reseau sans fil securise a faibles ressources |
CN201480018162.6A CN105103489A (zh) | 2013-03-28 | 2014-03-27 | 用于形成具有有限资源的安全无线网络的方法和设备 |
JP2016504678A JP2016521030A (ja) | 2013-03-28 | 2014-03-27 | リソースに制約がある安全な無線ネットワークを形成する方法および装置 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1352815 | 2013-03-28 | ||
FR1352815A FR3004046B1 (fr) | 2013-03-28 | 2013-03-28 | Procede et dispositif pour former un reseau sans fil securise a faibles ressources |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014154813A1 true WO2014154813A1 (fr) | 2014-10-02 |
Family
ID=49111308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2014/056174 WO2014154813A1 (fr) | 2013-03-28 | 2014-03-27 | Procede et dispositif pour former un reseau sans fil securise a faibles ressources |
Country Status (6)
Country | Link |
---|---|
US (1) | US9774585B2 (fr) |
EP (1) | EP2979391A1 (fr) |
JP (1) | JP2016521030A (fr) |
CN (1) | CN105103489A (fr) |
FR (1) | FR3004046B1 (fr) |
WO (1) | WO2014154813A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105007164A (zh) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | 一种集中式安全控制方法及装置 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8345695B1 (en) * | 2008-06-17 | 2013-01-01 | United Services Automobile Association (Usaa) | Systems and methods for implementing network gateway in catastrophe context or the like |
US10129031B2 (en) * | 2014-10-31 | 2018-11-13 | Convida Wireless, Llc | End-to-end service layer authentication |
EP3272094B1 (fr) | 2015-03-16 | 2021-06-23 | Convida Wireless, LLC | Authentification de bout en bout au niveau d'une couche de service à l'aide de mécanismes de chargement de clé publique |
MX2018003708A (es) * | 2015-09-25 | 2018-09-21 | Genetec Inc | Registro seguro de dispositivo de seguridad para la comunicacion con servidor de seguridad. |
GB2550905A (en) | 2016-05-27 | 2017-12-06 | Airbus Operations Ltd | Secure communications |
WO2018201367A1 (fr) * | 2017-05-04 | 2018-11-08 | 深圳前海达闼云端智能科技有限公司 | Procédé d'authentification de nœuds et système d'authentification de nœuds |
CN108881285B (zh) * | 2018-07-17 | 2021-04-02 | 湖北理工学院 | 一种基于互联网网络安全的大数据实施控制系统 |
US20200029209A1 (en) * | 2018-07-23 | 2020-01-23 | Henrik Ferdinand Nölscher | Systems and methods for managing wireless communications by a vehicle |
CN110035429B (zh) * | 2019-04-09 | 2021-11-09 | 重庆邮电大学 | WiFi与ZigBee共存模式下抗干扰最小冗余方法 |
CN110933615B (zh) * | 2019-11-12 | 2021-11-02 | 恒宝股份有限公司 | 一种车载终端数据传输方法 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030151513A1 (en) * | 2002-01-10 | 2003-08-14 | Falk Herrmann | Self-organizing hierarchical wireless network for surveillance and control |
JP4286707B2 (ja) * | 2004-04-19 | 2009-07-01 | 株式会社日立製作所 | グループ通信システム、グループ通信システムの制御方法、情報処理装置、及びプログラム |
US7236477B2 (en) * | 2004-10-15 | 2007-06-26 | Motorola, Inc. | Method for performing authenticated handover in a wireless local area network |
US7804807B2 (en) * | 2006-08-02 | 2010-09-28 | Motorola, Inc. | Managing establishment and removal of security associations in a wireless mesh network |
FR2910775B1 (fr) * | 2006-12-22 | 2009-01-23 | Alcatel Lucent Sa | Reseau radio flexible |
JP4881813B2 (ja) * | 2007-08-10 | 2012-02-22 | キヤノン株式会社 | 通信装置、通信装置の通信方法、プログラム、記憶媒体 |
CN101159748B (zh) * | 2007-11-14 | 2010-10-06 | 北京科技大学 | 一种无线传感器网络中的实体认证方法 |
JP2010166543A (ja) * | 2008-12-18 | 2010-07-29 | Japan Radio Co Ltd | 無線ノード装置 |
CN101494861A (zh) * | 2009-03-03 | 2009-07-29 | 东南大学 | 无线传感器网络密钥预分配方法 |
JP2013509014A (ja) * | 2009-10-14 | 2013-03-07 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 無線センサネットワークにおけるノード動作方法 |
-
2013
- 2013-03-28 FR FR1352815A patent/FR3004046B1/fr not_active Expired - Fee Related
-
2014
- 2014-03-27 EP EP14713118.9A patent/EP2979391A1/fr not_active Withdrawn
- 2014-03-27 JP JP2016504678A patent/JP2016521030A/ja active Pending
- 2014-03-27 US US14/778,025 patent/US9774585B2/en not_active Expired - Fee Related
- 2014-03-27 CN CN201480018162.6A patent/CN105103489A/zh active Pending
- 2014-03-27 WO PCT/EP2014/056174 patent/WO2014154813A1/fr active Application Filing
Non-Patent Citations (11)
Title |
---|
A. GUPTA; J. KURI: "Proceedings of the Third International Conference on Communication Systems Software and Middleware and Workshops", 2008, IEEE COMPUTER SOCIETY, article "Deterministic schemes for key distribution in wireless sensor networks" |
B. ABOBA ET AL.: "Extensible Authentication Protocol (EAP", IETF RFC 3748, June 2004 (2004-06-01) |
B. ABOBA; M. BEADLES: "The Network Access Identifier", IETF RFC 2486, January 1999 (1999-01-01) |
B. LAI ET AL.: "Scalable session key construction protocol for wireless sensor networks", IEEE WORKSHOP ON LARGE SCALE REAL-TIME AND EMBEDDED SYSTEMS, 2002 |
D. W. CARMAN: "New Directions in Sensor Network Key Management", INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS, vol. 1, no. 1, 15 March 2005 (2005-03-15) |
E. YÜKSEL ET AL.: "ZigBee-2007 Security Essentials", PROCEEDINGS OF THE 13RD NORDIC WORKSHOP ON SECURE IT-SYSTEMS (NORDSEC 2008, 2008, pages 65 - 82 |
F. DELGOSHA ET AL.: "MKPS: a multivariate polynomial scheme for symmetric key-establishment in distributed sensor networks", THE ACM INT'L WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE, 2007 |
SURAJ KUMAR ET AL: "SCMRP: Secure cluster based multipath routing protocol for wireless sensor networks", WIRELESS COMMUNICATION AND SENSOR NETWORKS (WCSN), 2010 SIXTH INTERNATIONAL CONFERENCE ON, IEEE, 15 December 2010 (2010-12-15), pages 1 - 6, XP031913870, ISBN: 978-1-4244-9731-7, DOI: 10.1109/WCSN.2010.5712294 * |
T. NARTEN ET AL.: "Neighbor Discovery for IP version 6 (IPv6", IETF RFC 4861, September 2007 (2007-09-01) |
VAN DER MERWE J; DAWOUD D; MCDONALD S: "A survey on peer-to-peer key management for mobile ad hoc networks", ACM COMPUTING SURVEYS, vol. 39, no. 1, 1, April 2007 (2007-04-01), USA, pages 1 - 45, XP002722092, ISSN: 0360-0300 * |
Y.QIU ET AL.: "Lightweight Key Establishment and Management Protocol in Dynamic Sensor Networks (KEMP", 12 March 2012, IETF |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105007164A (zh) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | 一种集中式安全控制方法及装置 |
CN105007164B (zh) * | 2015-07-30 | 2021-07-06 | 青岛海尔智能家电科技有限公司 | 一种集中式安全控制方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN105103489A (zh) | 2015-11-25 |
EP2979391A1 (fr) | 2016-02-03 |
JP2016521030A (ja) | 2016-07-14 |
US9774585B2 (en) | 2017-09-26 |
FR3004046A1 (fr) | 2014-10-03 |
FR3004046B1 (fr) | 2015-04-17 |
US20160285844A1 (en) | 2016-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014154813A1 (fr) | Procede et dispositif pour former un reseau sans fil securise a faibles ressources | |
Tournier et al. | A survey of IoT protocols and their security issues through the lens of a generic IoT stack | |
Mafakheri et al. | Blockchain-based infrastructure sharing in 5G small cell networks | |
CN109769227B (zh) | 端到端m2m服务层会话 | |
KR101123610B1 (ko) | 무선 네트워크에서 노드들을 인증하기 위한 방법 및 장치 | |
Sk et al. | Novel and Secure Protocol for Trusted Wireless Ad-hoc Network Creation | |
EP3530034B1 (fr) | Contrôle d'affiliation pour noeuds de réseau | |
Basu et al. | Design challenges and security issues in the Internet of Things | |
EP2832034A1 (fr) | Methode et systeme d'etablissement d'une cle de session | |
EP2850774A1 (fr) | Methode et systeme d' authentification des noeuds d'un reseau | |
EP3386162A1 (fr) | Communication sécurisée de bout en bout pour capteur mobile dans un réseau iot | |
Ometov et al. | A novel security-centric framework for D2D connectivity based on spatial and social proximity | |
EP2186252B1 (fr) | Procede de distribution de cles cryptographiques dans un reseau de communication | |
WO2014088675A2 (fr) | Recouvrement de service distribué à auto-organisation pour réseaux ad hoc sans fil | |
Chen et al. | A Bilinear Pairing‐Based Dynamic Key Management and Authentication for Wireless Sensor Networks | |
Singh et al. | An Overview and Study of Security Issues & Challenges in Mobile Ad-hoc Networks(MANET) | |
Abraham et al. | An efficient protocol for authentication and initial shared key establishment in clustered wireless sensor networks | |
Chinchawade et al. | Authentication schemes and security issues in internet of everything (ioe) systems | |
Saddiki | Denial of services attack in wireless networks | |
Verma et al. | Elliptic curve cryptography based centralized authentication protocol for fog enabled internet of things | |
Tuteja et al. | Enhancement of Adhoc Wireless network Security by Customized Encryption Technology & using Multilayer of Security | |
Wang et al. | Compromise‐Resistant Pairwise Key Establishments for Mobile Ad hoc Networks | |
Draishpits | Peer-to-peer communication in wireless networks as an alternative to internet access | |
Pawlowski et al. | Compact extensible authentication protocol for the Internet of Things: enabling scalable and efficient security commissioning | |
Gaur et al. | Polynomial based scheme (pbs) for establishing authentic associations in wireless mesh networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201480018162.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14713118 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014713118 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14778025 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2016504678 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |