WO2015080552A1 - Mutual authentication method for use in a wireless sensor network - Google Patents

Mutual authentication method for use in a wireless sensor network Download PDF

Info

Publication number
WO2015080552A1
WO2015080552A1 PCT/MY2014/000131 MY2014000131W WO2015080552A1 WO 2015080552 A1 WO2015080552 A1 WO 2015080552A1 MY 2014000131 W MY2014000131 W MY 2014000131W WO 2015080552 A1 WO2015080552 A1 WO 2015080552A1
Authority
WO
WIPO (PCT)
Prior art keywords
authenticating
node
new node
nodes
wireless sensor
Prior art date
Application number
PCT/MY2014/000131
Other languages
French (fr)
Inventor
Usman Sarwar
Zeldi Suryady KAMALURRADAT
Gopinath Rao Sinniah
Reza Khoshdelniat
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2015080552A1 publication Critical patent/WO2015080552A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to an authentication method, and particularly to a mutual authentication method for use in wireless sensor network.
  • a malicious node that joins a deployed wireless sensor network can cause major security threats to the said network. These threats, such as node replication attack, selective forwarding attack, and sink-hole attack, can adversely affect the said network in many ways. Therefore, in order to prevent the aforesaid scenarios from taking place, authentication process is introduced, which basically is a process that is performed on a new node that wishes to join a deployed wireless sensor network, before the said new node is allowed to join the said network.
  • authentication approach used for authentication in wireless sensor network, namely a central authentication approach and a distributed authentication approach.
  • ACL access control list
  • a malicious node is able to join a deployed wireless sensor network when the authentication method used in the said network for authenticating a new joining node is not adequate in the sense of security.
  • the best way to prevent such circumstances from happening is by implementing strong authentication method that involves highly complicated encryption mechanism. Although the method does solve the problem in a way, it affects the lifetime of nodes due to cryptography complexity.
  • strong authentication method involving highly complicated encryption mechanism normally requires and consumes resources, such as processing power, memory, and energy, in an intensive manner.
  • the main technical aspect of the present invention is directed to an authentication method for allowing a new node to join a wireless sensor network having a topology of multi-hop wireless mesh network comprising at least one gateway, a plurality of authenticating nodes that previously has joined the wireless sensor network in a proper network configured security setup, and at least one evaluator node that is selected from the plurality of authenticating nodes
  • the authentication method comprises a first step of authenticating the new node by at least two authenticating nodes that are nearby to the new node in a separate and sequential manner; and a second step of authenticating the at least two authenticating nodes, which have just authenticated the new node, by the new node in a separate and sequential manner; wherein the new node is allowed to join the wireless sensor network when the new node and each authenticating node have succeeded in bi-directionally authenticating each other.
  • the new node is allowed to join the wireless sensor network when there are a series of successful authentications of the new node by the at least two nearby authenticating nodes, and a series of successful authentications of the at least two nearby authenticating nodes by the new node.
  • the new node is not allowed to join the wireless sensor network when the new node and at least one of the authenticating nodes have not succeeded in mutually authenticating each other. Therefore, the method works by having the new node that wishes to join the wireless sensor network and each of the authenticating nodes that is nearby to that particular new node to mutually authenticate each other.
  • the new node requests to join the wireless sensor network, and thereby instigating each authenticating node that is nearby to the new node to authenticate the new node.
  • those particular authenticating nodes are then being authenticated by the new node in return.
  • the process of authenticating the new node by each of the said authenticating nodes is reiterated for a finite time. Upon confirmation that each of the said authenticating nodes is being successfully authenticated by the new node, the new node is then allowed to join the wireless sensor network.
  • the new node is then not allowed to join the wireless sensor network, and the process of authenticating each of the said authenticating nodes by the new node is reiterated for a finite time. Once the authentication process is completed, the gateway will be informed by the evaluator node about whether the new node is allowed to join the wireless sensor network.
  • the process of authenticating the new node by each authenticating node that is nearby to the new node comprises a first step of having each authenticating node to request at least one authentication information from the new node.
  • each of the said authenticating nodes informs each other about the authentication process, and the authenticating nodes that are involved in the authentication process.
  • each authenticating node will request the new node to send at least one authentication information.
  • the new node indexes each of the said authenticating nodes in a sequential manner, and sends the at least one authentication information to each of the said authenticating nodes for validation.
  • the validating results are sent by each authenticating node to the evaluator node for evaluation.
  • the evaluator node Upon completion of evaluating the validating results, the evaluator node transmits the evaluating results to the new node and each of the said authenticating nodes to inform on the outcome of the evaluation, i.e. whether the new node has been successfully authenticated by each of the said authenticating nodes, wherein the new node is successfully authenticated by each authenticating node upon positive evaluating results, and wherein the new node is not successfully authenticated by at least one of the said authenticating nodes upon negative evaluating results.
  • this particular whole process is reiterated for a finite time.
  • the process of authenticating each authenticating node, which has just authenticated the new node, by the new node comprises a first step of having the new node to request at least one authentication information from each of the said authenticating node.
  • each authenticating node sends the at least one authentication information to the new node for validation. Consequently, the new node validates the received authentication information of each authenticating node, and sends the validating results to each authenticating node to inform on the outcome of the validation, i.e.
  • each authenticating node has been successfully authenticated by the new node, wherein each authenticating node is successfully authenticated by the new node upon positive validating results, and wherein at least one of the authenticating nodes is not successfully authenticated by the new node upon negative validating results.
  • this particular whole process is reiterated for a finite time.
  • the aforementioned authenticating nodes include the at least one evaluator node, and the at least one gateway.
  • the evaluator node and the gateway are able to take part in the authentication process of authenticating the new node and being authenticated by the new node.
  • Figure 1 is a diagram depicting an initial setup of wireless sensor network
  • FIG. 2 is a diagram depicting the elements involved in the authentication method of the present invention.
  • Figure 3 is a diagram depicting the elements involved in the authentication method of the present invention in a wider scale wireless sensor network.
  • each authenticating node used herein may mean each of the two or more authenticating nodes.
  • the chief aspect of the present invention relates to an authentication method. Specifically, it is a mutual authentication method that allows a new node (400), which is interested to join a wireless sensor network, and each of the authenticating nodes (200) that exists in the said wireless sensor network and nearby to the new node (400) to mutually authenticate each other before the new node (400) is permitted to join the wireless sensor network.
  • the authentication method of the present invention comprises a first step of authenticating the new node (400) by at least two authenticating nodes (200) that are nearby to the new node (400) in a separate and sequential manner, and a second step of authenticating the at least two authenticating nodes (200), which have just authenticated the new node (400), by the new node (400) in a separate and sequential manner. Thereafter, the new node (400) is allowed to join the wireless sensor network when the new node (400) and each authenticating node (200) have succeeded in bi-directionally authenticating each other.
  • the new node (400) is allowed to join the wireless sensor network when there are a series of successful authentications of the new node (400) by the at least two nearby authenticating nodes (200), and a series of successful authentications of the at least two nearby authenticating nodes (20)) by the new node (400).
  • the new node (400) and at least one of the authenticating nodes (200) have not succeeded in mutually authenticating each other, the new node (400) is then not allowed to join the wireless sensor network.
  • the aforesaid wireless sensor network has a topology of multi-hop wireless sensor network, and comprises at least one gateway (100), a plurality of authenticating nodes (200) that previously has joined the wireless sensor network in a proper network configured security setup, and at least one evaluator node (300) that is selected from the said plurality of authenticating nodes (200).
  • the initial wireless sensor network comprises a gateway (100), a first authenticating node i.e. authenticating node A (200a), a second authenticating node i.e. authenticating node B (200b), and a third authenticating node i.e. authenticating node C (200c).
  • the initial setup of the aforesaid wireless network can comprise any amount of initial authenticating node, but in this instance we are describing three initial authenticating nodes for ease of understanding.
  • the gateway (100) will proceed to authenticate authenticating node A (200a), wherein the authentication process is a bidirectional authentication procedure.
  • the gateway (100) can send an authentication request from gateway (Auth-Req-Gw) message containing authentication procedure to authenticating node A (200a), and by having authenticating node A (200a) to send an authentication information from node to gateway (Auth-lnfo-Nd) message containing an authentication information to the gateway (100) in response to the Auth-Req-Gw message.
  • the authentication information which is identified above and used throughout this particular document, is a secure information that needs to be evaluated by network entities such as the new node and the authenticating node before the new node is allowed to join the wireless sensor network.
  • the gateway (100) After authenticating node A (200a) has been successfully authenticated by the gateway (100), the gateway (100) will proceed to authenticate authenticating node B (200b) and authenticating node C (200c) in the manner as described above for authenticating node A (200a). The only difference is that, in the case of authenticating node B (200b), authenticating node A (200a) will participate in authenticating node B (200b) in addition to the gateway (100). As for the case of authenticating node C (200c), it will be authenticated by authenticating node B (200b) in addition to the gateway (100). Collectively, authenticating node A (200a), authenticating node B (200b), and authenticating node C (200c) are known as the plurality of authenticating nodes (200).
  • the gateway (100) will now proceed to select the at least one evaluator node (300) from the plurality of authenticating nodes (200). The said selection is going to be made based on the network traffic, the network volume, and the operating parameters of the plurality of authenticating nodes (200).
  • the operating parameters described herein refer to battery level, signal level, and the like.
  • authenticating node B (200b) has prevailed over authenticating node A (200a) and authenticating node C (200c) in terms of the aforesaid network traffic, network volume, and operating parameters, and therefore has been selected and converted to become the at least one evaluator node (300).
  • the gateway (100) accomplishes the selection by sending a selection of evaluator node (Auth-Sel-Eval) message to the network, and the selected authenticating node, which in this case is the authenticating node B (200b), becomes the evaluator node (300).
  • the wireless sensor network comprises the gateway (100), two authenticating nodes (200) namely node A (200a) and node C (200c), the evaluator node (300), and a new node (400) that wishes to join the wireless sensor network.
  • the new node (400) Before the new node (400) is allowed to join the wireless sensor network, it (400) first has to go through the aforementioned step of being authenticated by each authenticating node (200) that is nearby to the new node (400), which in this instance are authenticating node A (200a) and authenticating node C (200c).
  • the new node (400) is required to request to join the wireless sensor network, which can be accomplished by having the new node (400) to send or broadcast an authentication request from node (Auth- Req-Nd) message.
  • each of the authenticating nodes (200) informs each other about the authentication process, and the authenticating nodes (200) that are involved in the authentication process.
  • authenticating node A (200a) will inform authenticating node C (200c) about the authentication process, and that authenticating node A (200a) is involved in the authentication process.
  • This step is achieved by having each authenticating node (200) to send an authentication procedure notification (Auth- Proc-Notif) message to each other.
  • each authenticating node (200) requests at least one authentication information from the new node (400) by having each authenticating node (200) to send an authentication response to node ⁇ Auth-Resp-Nd) message to the new node (400).
  • the new node (400) and each authenticating node (200) have multiple sets of authentication information depending on security setup.
  • the wireless sensor network comprises two authenticating nodes (200) (i.e. authenticating node A (200a) and authenticating node B (200b)), then the new node (400) will provide two authentication information to the said authenticating nodes (200).
  • the new node (400) indexes each authenticating node (200) in a sequential manner, and proceed to send the requested at least one authentication information to each of the authenticating nodes (200).
  • the authentication information is packaged in an authentication information from node (Auth-lnfo-AII-Nds) message before it is being sent out to each authenticating node (200).
  • each authentication node (200) starts to validate the authentication information of the new node (400), and subsequently transmits the validating results to the evaluator node (300) for evaluation in a message form called evaluation result to evaluator node (Auth-Resp-Eval) message.
  • the evaluator node (300) transmits the evaluating results to the new node (400) and each authenticating node (200) in the form of message.
  • the first one being an authentication response success (Auth-Resp-Success) message and the second one being an authentication response failure (Auth-Resp-Fail) message.
  • the Auth-Resp-Success message will be sent out to indicate that the new node (400) is being successfully authenticated by each authenticating node (200).
  • the Auth-Resp-Fail message will be sent out to indicate that the new node (400) is not being successfully authenticated by at least one of the authenticating nodes (200), and the whole process of authenticating the new node (400) by each authenticating node (200) that is nearby to the new node (400) is reiterated for a finite time. Soon after the above, each of the authenticating nodes (200), which has just authenticated the new node (400), is now being authenticated by the new node (400) in return.
  • the new node (400) will request at least one authentication information from each authenticating node (200) by sending an authentication information request to authenticating node (Auth-Req-Nodes) message to each authenticating node (200).
  • each authenticating node (200) sends the at least one authentication information, which is packaged in an authentication information to new node (Auth-lnfo-Nodes) message, to the new node (400) for validation.
  • the new node (400) transmits the validating results to each authenticating node (200) in the form of message.
  • Auth-Resp- Nodes-Success an authentication response success to nodes
  • Auth-Resp-Nodes-Fail an authentication response failure to nodes
  • the Auth-Resp-Nodes-Fail message will be sent out to indicate that at least one of the authenticating nodes (200) is not being successfully authenticated by the new node (400), the new node (400) is not allowed to join the wireless sensor network, and the whole process of authenticating each authenticating node (200), which has just authenticated the new node (400), by the new node (400) is reiterated for a finite time.
  • the evaluator node (300) will proceed to inform the gateway (100) the outcome of the authentication process, i.e. whether the new node (400) is allowed to join the wireless sensor network. This is achieved by having the evaluator node (300) to send an authentication acknowledgement notification (Auth-Proc-Result) message to the gateway (100).
  • the aforementioned authenticating nodes (200) include the at least one evaluator node (300), and the at least one gateway (100). In other words, the evaluator node (300) and the gateway (100) are able to take part in the authentication process of authenticating the new node (400) and being authenticated by the new node (400).
  • the wireless sensor network as shown comprises a gateway (100), a plurality of authenticating nodes (200) that previously has joined the wireless sensor network in a proper network configured security setup, three evaluator nodes (300), namely evaluator node B (300b), evaluator node G (300g), and evaluator node I (300i), which are selected from the plurality of authenticating nodes (200) according to the method described above, and a new node (400) that wishes to join the wireless network.
  • the aforesaid authentication method applies in this scenario, except that the authenticating nodes (200) and the evaluator node (300) that are involved in the authentication process are different. Specifically, the authenticating node J (200j), the authenticating node N (200n), and the evaluator node I (300i) will be involved in the authentication process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Described herein is an authentication method that enables a new node (400) to join a wireless sensor network, which comprises a plurality of authenticating nodes (200) that previously has joined the wireless sensor network in a proper network configured security setup, by having the new node (400) and each authenticating node (200) to mutually authenticate each other. In general, the new node (400) requests to join the wireless sensor network and thereby instigating each authenticating node (200) that is nearby to the new node (400) to authenticate the new node (400). Once the new node (400) has been successfully authenticated, the new node (400) will proceed to authenticate each authenticating node (200) that is involved in the authentication process. Thereafter, the new node (400) is allowed to join the wireless sensor network, provided that each authenticating node (200) has also been successfully authenticated by the new node (400).

Description

MUTUAL AUTHENTICATION METHOD FOR USE
IN A WIRELESS SENSOR NETWORK
TECHNICAL FIELD OF THE INVENTION
In general, the present invention relates to an authentication method, and particularly to a mutual authentication method for use in wireless sensor network.
BACKGROUND OF THE INVENTION
A malicious node that joins a deployed wireless sensor network can cause major security threats to the said network. These threats, such as node replication attack, selective forwarding attack, and sink-hole attack, can adversely affect the said network in many ways. Therefore, in order to prevent the aforesaid scenarios from taking place, authentication process is introduced, which basically is a process that is performed on a new node that wishes to join a deployed wireless sensor network, before the said new node is allowed to join the said network. In general, there are two types of authentication approach used for authentication in wireless sensor network, namely a central authentication approach and a distributed authentication approach.
Relating to the central authentication approach, it validates each node at various hops (1 hop to n hops) by a central entity. While this approach has been proven to be strict and effective, it nonetheless introduces hefty traffic load on network, particularly on low power network.
Relating to the distributed authentication approach, it divides the authentication task to different entities that are present in wireless sensor network, therefore improving network utilization by dividing and confining traffic load within segments of wireless sensor network. Hence, it can be said that it is a better approach than the aforesaid central authentication method as it does not cause any unnecessary burden to the traffic load. Another commonly known authentication method is access control list (ACL), which is implemented in each node (e.g. wireless node, wireless device) of a wireless sensor network for providing a secure environment. This approach may be effective, but it has been shown to have several issues and limitations, especially when it comes to wireless sensor network deployment, such as network scalability and limited ACL size.
Regardless of the types of authentication approach, often, a malicious node is able to join a deployed wireless sensor network when the authentication method used in the said network for authenticating a new joining node is not adequate in the sense of security. The best way to prevent such circumstances from happening is by implementing strong authentication method that involves highly complicated encryption mechanism. Although the method does solve the problem in a way, it affects the lifetime of nodes due to cryptography complexity. Moreover, strong authentication method involving highly complicated encryption mechanism normally requires and consumes resources, such as processing power, memory, and energy, in an intensive manner. In view of the above, it therefore has become the aim of the present invention to solve all the aforementioned technical issues by providing a stronger and stricter authentication method having elevated security without involving heavy resources consumption and highly complicated encryption mechanism, which can be used to validate the authenticity of a new node that desires to join a deployed wireless sensor network before the new node is allowed to do so.
SUMMARY OF THE INVENTION
The main technical aspect of the present invention is directed to an authentication method for allowing a new node to join a wireless sensor network having a topology of multi-hop wireless mesh network comprising at least one gateway, a plurality of authenticating nodes that previously has joined the wireless sensor network in a proper network configured security setup, and at least one evaluator node that is selected from the plurality of authenticating nodes, the authentication method comprises a first step of authenticating the new node by at least two authenticating nodes that are nearby to the new node in a separate and sequential manner; and a second step of authenticating the at least two authenticating nodes, which have just authenticated the new node, by the new node in a separate and sequential manner; wherein the new node is allowed to join the wireless sensor network when the new node and each authenticating node have succeeded in bi-directionally authenticating each other. In other words, the new node is allowed to join the wireless sensor network when there are a series of successful authentications of the new node by the at least two nearby authenticating nodes, and a series of successful authentications of the at least two nearby authenticating nodes by the new node. The new node is not allowed to join the wireless sensor network when the new node and at least one of the authenticating nodes have not succeeded in mutually authenticating each other. Therefore, the method works by having the new node that wishes to join the wireless sensor network and each of the authenticating nodes that is nearby to that particular new node to mutually authenticate each other.
Generally, the new node requests to join the wireless sensor network, and thereby instigating each authenticating node that is nearby to the new node to authenticate the new node. When it is confirmed that the new node is successfully authenticated by each of the nearby authenticating nodes that has just authenticated the new node, those particular authenticating nodes are then being authenticated by the new node in return. In the event that the new node is not being successfully authenticated by at least one of the said authenticating nodes, then the process of authenticating the new node by each of the said authenticating nodes is reiterated for a finite time. Upon confirmation that each of the said authenticating nodes is being successfully authenticated by the new node, the new node is then allowed to join the wireless sensor network. If in the event that at least one of the said authenticating nodes is not being successfully authenticated by the new node, the new node is then not allowed to join the wireless sensor network, and the process of authenticating each of the said authenticating nodes by the new node is reiterated for a finite time. Once the authentication process is completed, the gateway will be informed by the evaluator node about whether the new node is allowed to join the wireless sensor network. In more specific details, the process of authenticating the new node by each authenticating node that is nearby to the new node comprises a first step of having each authenticating node to request at least one authentication information from the new node. Prior to this, optionally, each of the said authenticating nodes informs each other about the authentication process, and the authenticating nodes that are involved in the authentication process. In response to the said request of the new node to join the wireless sensor network, each authenticating node will request the new node to send at least one authentication information. When the new node receives that particular request, the new node indexes each of the said authenticating nodes in a sequential manner, and sends the at least one authentication information to each of the said authenticating nodes for validation. Subsequently, the validating results are sent by each authenticating node to the evaluator node for evaluation. Upon completion of evaluating the validating results, the evaluator node transmits the evaluating results to the new node and each of the said authenticating nodes to inform on the outcome of the evaluation, i.e. whether the new node has been successfully authenticated by each of the said authenticating nodes, wherein the new node is successfully authenticated by each authenticating node upon positive evaluating results, and wherein the new node is not successfully authenticated by at least one of the said authenticating nodes upon negative evaluating results. In the circumstance that the new node is not successfully authenticated by at least one of the said authenticating nodes, this particular whole process is reiterated for a finite time.
In more specific details, the process of authenticating each authenticating node, which has just authenticated the new node, by the new node comprises a first step of having the new node to request at least one authentication information from each of the said authenticating node. In response to the said request, each authenticating node sends the at least one authentication information to the new node for validation. Consequently, the new node validates the received authentication information of each authenticating node, and sends the validating results to each authenticating node to inform on the outcome of the validation, i.e. whether each authenticating node has been successfully authenticated by the new node, wherein each authenticating node is successfully authenticated by the new node upon positive validating results, and wherein at least one of the authenticating nodes is not successfully authenticated by the new node upon negative validating results. In the circumstance that at least one of the authenticating nodes is not successfully authenticated by the new node, this particular whole process is reiterated for a finite time.
The aforementioned authenticating nodes include the at least one evaluator node, and the at least one gateway. In other words, the evaluator node and the gateway are able to take part in the authentication process of authenticating the new node and being authenticated by the new node.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a diagram depicting an initial setup of wireless sensor network;
Figure 2 is a diagram depicting the elements involved in the authentication method of the present invention; and
Figure 3 is a diagram depicting the elements involved in the authentication method of the present invention in a wider scale wireless sensor network.
DETAILED DESCRIPTION OF THE INVENTION
The above mentioned and other features and objects of this invention will become more apparent and better understood by reference to the following detailed description. It should be understood that the detailed description made known below is not intended to be exhaustive or limit the invention to the precise disclosed form as the invention may assume various alternative forms. On the contrary, the detailed description covers all the relevant modifications and alterations made to the present invention, unless the claims expressly state otherwise. The term "at least two authenticating nodes" used herein may mean two or more authenticating nodes.
The term "each authenticating node" used herein may mean each of the two or more authenticating nodes.
The chief aspect of the present invention relates to an authentication method. Specifically, it is a mutual authentication method that allows a new node (400), which is interested to join a wireless sensor network, and each of the authenticating nodes (200) that exists in the said wireless sensor network and nearby to the new node (400) to mutually authenticate each other before the new node (400) is permitted to join the wireless sensor network. More specifically, the authentication method of the present invention comprises a first step of authenticating the new node (400) by at least two authenticating nodes (200) that are nearby to the new node (400) in a separate and sequential manner, and a second step of authenticating the at least two authenticating nodes (200), which have just authenticated the new node (400), by the new node (400) in a separate and sequential manner. Thereafter, the new node (400) is allowed to join the wireless sensor network when the new node (400) and each authenticating node (200) have succeeded in bi-directionally authenticating each other. In other words, the new node (400) is allowed to join the wireless sensor network when there are a series of successful authentications of the new node (400) by the at least two nearby authenticating nodes (200), and a series of successful authentications of the at least two nearby authenticating nodes (20)) by the new node (400). In the case that the new node (400) and at least one of the authenticating nodes (200) have not succeeded in mutually authenticating each other, the new node (400) is then not allowed to join the wireless sensor network. In accordance with the present invention, the aforesaid wireless sensor network has a topology of multi-hop wireless sensor network, and comprises at least one gateway (100), a plurality of authenticating nodes (200) that previously has joined the wireless sensor network in a proper network configured security setup, and at least one evaluator node (300) that is selected from the said plurality of authenticating nodes (200).
We now refer to Figure 1 , which depicts an initial setup of the aforesaid wireless sensor network. As shown, the initial wireless sensor network comprises a gateway (100), a first authenticating node i.e. authenticating node A (200a), a second authenticating node i.e. authenticating node B (200b), and a third authenticating node i.e. authenticating node C (200c). The initial setup of the aforesaid wireless network can comprise any amount of initial authenticating node, but in this instance we are describing three initial authenticating nodes for ease of understanding. Firstly, the gateway (100) will proceed to authenticate authenticating node A (200a), wherein the authentication process is a bidirectional authentication procedure. This can be done by having the gateway (100) to send an authentication request from gateway (Auth-Req-Gw) message containing authentication procedure to authenticating node A (200a), and by having authenticating node A (200a) to send an authentication information from node to gateway (Auth-lnfo-Nd) message containing an authentication information to the gateway (100) in response to the Auth-Req-Gw message. In accordance with the present invention, the authentication information, which is identified above and used throughout this particular document, is a secure information that needs to be evaluated by network entities such as the new node and the authenticating node before the new node is allowed to join the wireless sensor network. After authenticating node A (200a) has been successfully authenticated by the gateway (100), the gateway (100) will proceed to authenticate authenticating node B (200b) and authenticating node C (200c) in the manner as described above for authenticating node A (200a). The only difference is that, in the case of authenticating node B (200b), authenticating node A (200a) will participate in authenticating node B (200b) in addition to the gateway (100). As for the case of authenticating node C (200c), it will be authenticated by authenticating node B (200b) in addition to the gateway (100). Collectively, authenticating node A (200a), authenticating node B (200b), and authenticating node C (200c) are known as the plurality of authenticating nodes (200).
Now that the wireless sensor network has been properly set up, i.e. the plurality of authenticating nodes (200) has joined the wireless sensor network and is connected to the gateway (100) in a proper network configured security setup as discussed above, the gateway (100) will now proceed to select the at least one evaluator node (300) from the plurality of authenticating nodes (200). The said selection is going to be made based on the network traffic, the network volume, and the operating parameters of the plurality of authenticating nodes (200). The operating parameters described herein refer to battery level, signal level, and the like. We now refer to Figure 2. As an example, authenticating node B (200b) has prevailed over authenticating node A (200a) and authenticating node C (200c) in terms of the aforesaid network traffic, network volume, and operating parameters, and therefore has been selected and converted to become the at least one evaluator node (300). The gateway (100) accomplishes the selection by sending a selection of evaluator node (Auth-Sel-Eval) message to the network, and the selected authenticating node, which in this case is the authenticating node B (200b), becomes the evaluator node (300).
Still referring to Figure 2, it is shown that the wireless sensor network comprises the gateway (100), two authenticating nodes (200) namely node A (200a) and node C (200c), the evaluator node (300), and a new node (400) that wishes to join the wireless sensor network. Before the new node (400) is allowed to join the wireless sensor network, it (400) first has to go through the aforementioned step of being authenticated by each authenticating node (200) that is nearby to the new node (400), which in this instance are authenticating node A (200a) and authenticating node C (200c). Firstly, the new node (400) is required to request to join the wireless sensor network, which can be accomplished by having the new node (400) to send or broadcast an authentication request from node (Auth- Req-Nd) message. Optionally, at this point, each of the authenticating nodes (200) informs each other about the authentication process, and the authenticating nodes (200) that are involved in the authentication process. For example, authenticating node A (200a) will inform authenticating node C (200c) about the authentication process, and that authenticating node A (200a) is involved in the authentication process. This step is achieved by having each authenticating node (200) to send an authentication procedure notification (Auth- Proc-Notif) message to each other. Subsequently, in response to the join request (i.e. Auth-Req-Nd message) sent by the new node (400), each authenticating node (200) requests at least one authentication information from the new node (400) by having each authenticating node (200) to send an authentication response to node {Auth-Resp-Nd) message to the new node (400). Note that the new node (400) and each authenticating node (200) have multiple sets of authentication information depending on security setup. In this instance for example, the wireless sensor network comprises two authenticating nodes (200) (i.e. authenticating node A (200a) and authenticating node B (200b)), then the new node (400) will provide two authentication information to the said authenticating nodes (200). Once the new node (400) is in receipt of the Auth- Resp-Nd message, the new node (400) then indexes each authenticating node (200) in a sequential manner, and proceed to send the requested at least one authentication information to each of the authenticating nodes (200). The authentication information is packaged in an authentication information from node (Auth-lnfo-AII-Nds) message before it is being sent out to each authenticating node (200). Upon receiving the authentication information, each authentication node (200) starts to validate the authentication information of the new node (400), and subsequently transmits the validating results to the evaluator node (300) for evaluation in a message form called evaluation result to evaluator node (Auth-Resp-Eval) message. Soon after evaluation by the evaluator node (300), the evaluator node (300) transmits the evaluating results to the new node (400) and each authenticating node (200) in the form of message. At this point, there are two types of messages, where the first one being an authentication response success (Auth-Resp-Success) message and the second one being an authentication response failure (Auth-Resp-Fail) message. In the event that the evaluator node (300) provides positive evaluating results, the Auth-Resp-Success message will be sent out to indicate that the new node (400) is being successfully authenticated by each authenticating node (200). In the event that the evaluator node (300) provides negative evaluating results, the Auth-Resp-Fail message will be sent out to indicate that the new node (400) is not being successfully authenticated by at least one of the authenticating nodes (200), and the whole process of authenticating the new node (400) by each authenticating node (200) that is nearby to the new node (400) is reiterated for a finite time. Soon after the above, each of the authenticating nodes (200), which has just authenticated the new node (400), is now being authenticated by the new node (400) in return. Firstly, the new node (400) will request at least one authentication information from each authenticating node (200) by sending an authentication information request to authenticating node (Auth-Req-Nodes) message to each authenticating node (200). In response to the Auth-Req-Nodes message, each authenticating node (200) sends the at least one authentication information, which is packaged in an authentication information to new node (Auth-lnfo-Nodes) message, to the new node (400) for validation. Thereafter, the new node (400) transmits the validating results to each authenticating node (200) in the form of message. At this point, there are two types of messages, where the first one being an authentication response success to nodes (Auth-Resp- Nodes-Success) message, and the second one being an authentication response failure to nodes (Auth-Resp-Nodes-Fail) message. In the event that the new node (400) provides positive validating results, the Auth-Resp-Nodes- Success message will be sent out to indicate that each authenticating node (200) is being successfully authenticated by the new node (400), and the new node (400) is allowed to join the wireless sensor network. In the event that the new node (400) provides negative validating results, the Auth-Resp-Nodes-Fail message will be sent out to indicate that at least one of the authenticating nodes (200) is not being successfully authenticated by the new node (400), the new node (400) is not allowed to join the wireless sensor network, and the whole process of authenticating each authenticating node (200), which has just authenticated the new node (400), by the new node (400) is reiterated for a finite time.
Now that the above is completed, the evaluator node (300) will proceed to inform the gateway (100) the outcome of the authentication process, i.e. whether the new node (400) is allowed to join the wireless sensor network. This is achieved by having the evaluator node (300) to send an authentication acknowledgement notification (Auth-Proc-Result) message to the gateway (100). The aforementioned authenticating nodes (200) include the at least one evaluator node (300), and the at least one gateway (100). In other words, the evaluator node (300) and the gateway (100) are able to take part in the authentication process of authenticating the new node (400) and being authenticated by the new node (400).
We now refer to Figure 3. The wireless sensor network as shown comprises a gateway (100), a plurality of authenticating nodes (200) that previously has joined the wireless sensor network in a proper network configured security setup, three evaluator nodes (300), namely evaluator node B (300b), evaluator node G (300g), and evaluator node I (300i), which are selected from the plurality of authenticating nodes (200) according to the method described above, and a new node (400) that wishes to join the wireless network. The aforesaid authentication method applies in this scenario, except that the authenticating nodes (200) and the evaluator node (300) that are involved in the authentication process are different. Specifically, the authenticating node J (200j), the authenticating node N (200n), and the evaluator node I (300i) will be involved in the authentication process.

Claims

1) An authentication method for allowing a new node (400) to join a wireless sensor network, the method comprises:
i) having at least two nearby authenticating nodes (200) to perform a bi-directional authentication with a gateway (100) of the wireless sensor network in a separate manner in order to join the wireless sensor network;
ii) selecting an evaluator node (300) by the gateway (100) of the wireless sensor network from one of the at least two nearby authenticating nodes (200);
iii) authenticating the new node (400) by the at least two nearby authenticating nodes (200) in a separate and sequential manner; and
iv) authenticating the at least two nearby authenticating nodes (200) by the new node (400) in a separate and sequential manner;
wherein the new node (400) is allowed to join the wireless sensor network when there is a series of successful bi-directional authentications between the new node (400) and the at least two nearby authenticating nodes (200).
2) An authentication method in accordance with claim 1 , wherein the step of authenticating the new node (400) by at least two nearby authenticating nodes (200) in a separate and sequential manner further comprises:
i) validating an authentication information of the new node (400) by the at least two nearby authenticating nodes (200) in a separate and sequential manner; and
ii) evaluating the validating results by the evaluator node (300);
wherein the new node (400) is successfully authenticated by the at least two nearby authenticating nodes (200) in a separate and sequential manner when the evaluating results are positive; and
wherein the new node (400) is not successfully authenticated by the at least two nearby authenticating nodes (200) in a separate and sequential manner when the evaluating results are negative, and steps (i) and (ii) are reiterated for a finite time.
An authentication method in accordance with claim 1 , wherein the step of selecting an evaluator node (300) by a gateway (100) of the wireless sensor network from one of the at least two nearby authenticating nodes (200) is done based on the network traffic, network volume, and operating parameters of the at least two nearby authenticating node (200).
An authentication method in accordance with claim 1 , wherein the step of authenticating the at least two nearby authenticating nodes (200) by the new node (400) in a separate and sequential manner further comprises: i) validating an authentication information of each of the at least two nearby authentication nodes (200) by the new node (400) in a separate and sequential manner;
wherein the at least two nearby authenticating nodes (200) are successfully authenticated by the new node (400) in a separate and sequential manner when the validating results are positive; and wherein the at least two nearby authenticating nodes (200) are not successfully authenticated by the new node (400) in a separate and sequential manner when the validating results are negative, and step (i) is reiterated for a finite time.
An authentication method in accordance with claim 1 further comprises the step of having the new node (400) to request to join the wireless sensor network.
An authentication method in accordance with claim 1 further comprises the step of having the at least two nearby authenticating nodes (200) to notify each other about the authentication process, and that they are involved in the authentication process.
An authentication method in accordance with claim 1 further comprises the step of informing a gateway (100) of the wireless sensor network whether the new node (400) is allowed to join the wireless sensor network by an evaluator node (300).
An authentication method in accordance with claim 1 , wherein the at least two nearby authenticating nodes (200) include an evaluator node (300).
9) An authentication method in accordance with claim 1 , wherein the at least two nearby authenticating nodes (200) include a gateway (100) of the wireless sensor network.
PCT/MY2014/000131 2013-11-27 2014-05-29 Mutual authentication method for use in a wireless sensor network WO2015080552A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2013702272 2013-11-27
MYPI2013702272A MY178103A (en) 2013-11-27 2013-11-27 An authentication method

Publications (1)

Publication Number Publication Date
WO2015080552A1 true WO2015080552A1 (en) 2015-06-04

Family

ID=51589481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2014/000131 WO2015080552A1 (en) 2013-11-27 2014-05-29 Mutual authentication method for use in a wireless sensor network

Country Status (2)

Country Link
MY (1) MY178103A (en)
WO (1) WO2015080552A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577699B (en) * 2016-03-03 2018-08-24 山东航天电子技术研究所 A kind of secure access authentication method of two-way dynamic non-stop layer authentication
DE102018127152A1 (en) * 2018-10-31 2020-04-30 Bayerische Motoren Werke Aktiengesellschaft Transmission of messages on board a motor vehicle

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080162939A1 (en) * 2006-12-28 2008-07-03 Yong Lee Multi-hop wireless network system and authentication method thereof
US20100191968A1 (en) * 2009-01-27 2010-07-29 Sony Corporation Authentication for a multi-tier wireless home mesh network
US20100202345A1 (en) * 2009-02-06 2010-08-12 Sony Corporation Wireless home mesh network bridging adaptor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080162939A1 (en) * 2006-12-28 2008-07-03 Yong Lee Multi-hop wireless network system and authentication method thereof
US20100191968A1 (en) * 2009-01-27 2010-07-29 Sony Corporation Authentication for a multi-tier wireless home mesh network
US20100202345A1 (en) * 2009-02-06 2010-08-12 Sony Corporation Wireless home mesh network bridging adaptor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577699B (en) * 2016-03-03 2018-08-24 山东航天电子技术研究所 A kind of secure access authentication method of two-way dynamic non-stop layer authentication
DE102018127152A1 (en) * 2018-10-31 2020-04-30 Bayerische Motoren Werke Aktiengesellschaft Transmission of messages on board a motor vehicle

Also Published As

Publication number Publication date
MY178103A (en) 2020-10-02

Similar Documents

Publication Publication Date Title
EP3396928B1 (en) Method for managing network access rights and related device
KR101256887B1 (en) Ticket-based configuration parameters validation
CN106134232B (en) Certification in device-to-device discovery
US10693853B2 (en) Method and system for policy enforcement in trusted ad hoc networks
US20160135045A1 (en) Method to authenticate peers in an infrastructure-less peer-to-peer network
KR101234118B1 (en) Methods and apparatus for reducing the effectiveness of chosen location attacks in a peer-to-peer overlay network
Vanhoef et al. Operating channel validation: Preventing multi-channel man-in-the-middle attacks against protected Wi-Fi networks
US20160234678A1 (en) Configuration of wireless devices
Zhu Node replication attacks in wireless sensor networks: bypassing the neighbor-based detection scheme
CN104604290B (en) Mobile terminal for executing the method and system of the switching of mobile terminal and being intended for use in wireless cellular communication network
CN105897715A (en) Method of intelligently processing Internet of Vehicles data
Sandhya Venu et al. Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks
EP3039896A1 (en) Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network
JP2019533917A (en) Reestablish radio resource control connection
Wang et al. Efficient hybrid detection of node replication attacks in mobile sensor networks
CN101834855A (en) Method and equipment for preventing serial number from being attacked
JP6148458B2 (en) Authentication apparatus and method, and computer program
US20160212010A1 (en) Node device, network system, and connection method for node devices
KR102130950B1 (en) System and method for secure appliance operation
WO2015080552A1 (en) Mutual authentication method for use in a wireless sensor network
KR102121658B1 (en) Block chain system in d2d communication environments and constructing method thereof
Lalar et al. An efficient tree-based clone detection scheme in wireless sensor network
Nabizadeh et al. IFRP: an intrusion/fault tolerant routing protocol for increasing resiliency and reliability in wireless sensor networks
CN102711103B (en) A kind of wireless sensor network interior joint goes offline the safety routing method reconnected
CN108881285B (en) Big data implementation control system based on internet network security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14771967

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14771967

Country of ref document: EP

Kind code of ref document: A1