METHOD FOR THE SECURE EXCHANGE OF DATA OVER AN AD-HOC NETWORK IMPLEMENTING AN XCAST BROADCASTING SERVICE AND ASSOCIATED NODE

US 20150033010A1
Filed: 07/24/2014
Published: 01/29/2015
Est. Priority Date: 07/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method, implemented in an ad-hoc network implementing an Xcast broadcasting service for a secure exchange of a data from a sender node, sending the data, to a list of receiver nodes, receiving the data, a communication topology of the network being defined by a communication graph, wherein the method comprises:

providing a security graph of the network, that defines a security topology for the network;

routing, on the basis of the security graph, the data between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph;

generating, between a relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the said relay node and the subsequent relay node; and

routing, on the basis of the communication graph, the message from the relay node to the subsequent relay node along a communication route on the communication graph.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and an associated node are disclosed. The method includes providing a security graph for the network and a communication graph for the network, routing a data item between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph. The method also includes generating, between one relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the relay node and the subsequent relay node. The method further includes routing the message from the relay node to the subsequent relay node along a communication route on the communication graph.

34 Citations

View as Search Results

12 Claims

1. A method, implemented in an ad-hoc network implementing an Xcast broadcasting service for a secure exchange of a data from a sender node, sending the data, to a list of receiver nodes, receiving the data, a communication topology of the network being defined by a communication graph, wherein the method comprises:
- providing a security graph of the network, that defines a security topology for the network;
  
  routing, on the basis of the security graph, the data between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph;
  
  generating, between a relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the said relay node and the subsequent relay node; and
  
  routing, on the basis of the communication graph, the message from the relay node to the subsequent relay node along a communication route on the communication graph.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the security graph comprises:
    - a plurality of nodes, each node of the security graph corresponding to a single node of the communication graph;
      
      a plurality of security associations, each security association of the plurality of security associations grouping together a plurality of nodes sharing a same given set of keys and encryption algorithms; and
      
      a plurality of trusted nodes, each trusted node of the plurality of trusted nodes sharing at least one upstream security association with at least one upstream node and at least one downstream security association with at least one downstream node, and performing an operation of trans-encryption of a data protected in accordance with the upstream security association into a data protected in accordance with the downstream security association.
  - 3. The method of claim 2, wherein the data is relayed along the secure route by a trusted node.
  - 4. The method of claim 1, wherein, in the step of generating an appropriate message, said message complies with the following protocol:
    - a header portion of the message contains;
      
      an identifier of the sender node of the message;
      
      an identifier of the sender node of the data;
      
      an identifier of each receiver node of the message; and
      
      , for each identifier of the receiver node of the message, a list of receiver nodes of the data that are accessible via the receiver node of the message;
      
      a payload portion of the message containing the data protected in accordance with a security association shared between the sender node of the message and the or each receiver node of the message.
  - 5. The method of claim 2, including an initial configuration step for configuring the plurality of trusted nodes, intended to define the or each trans-encryption between an upstream security association and a downstream security association that each trusted node of the plurality of trusted nodes is authorized to perform.
  - 6. The method according to claim 2, wherein, in the step of routing on the basis of the security graph, for each receiver node of the data, a best secure route is selected based on one or more of the following criteria:
    - minimization of the number of trans-encryptions performed by the trusted nodes;
      
      minimization of the number of hops on the communication graph; and
      
      /ormaximization of a variable value corresponding to the quality of service associated with the route followed on the communication graph.
  - 7. The method according to claim 2, wherein the relay node and the subsequent relay node are trusted nodes.
  - 8. The method according to claim 7, wherein the generating comprises trans-encrypting the data protected in accordance with the upstream security association of the relay node to the downstream security association of the relay node.
  - 9. The method according to claim 1, wherein the communication of a data to a receiver node is blocked when there is no secure route available to enable the sender node of the data to connect with the receiver node of the data on the security graph.
  - 10. A node of an ad-hoc network, implementing an Xcast broadcasting service, comprising a communication topology for the network defined by a communication graph, wherein the node includes, in addition, a security graph of the network defining a security topology for the network, and in that the node implements a method according to claim 1 for the secure broadcasting of a data generated by a sender node of the data, to one or more receiver nodes of the data.
  - 11. An ad hoc network, implementing an Xcast broadcasting service, comprising a plurality of nodes, each node of the plurality of nodes being a node according to claim 8.
  - 12. The ad hoc network of claim 9, including at least one cluster of nodes, each node of the cluster of nodes being provided with a radio communication unit, in a manner so as to form there between a radio transmission network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales SA
Original Assignee
Thales SA
Inventors
Duputz, Patrick, FOULADGAR, Sepideh

Granted Patent

US 9,369,490 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 12/18   for broadcast or conference...

H04L 2209/601   Broadcast encryption

H04L 45/124   using a combination of metrics

H04L 45/16   Multipoint routing

H04L 63/0464   using hop-by-hop encryption...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 9/14   using a plurality of keys o...

H04W 40/02   Communication route or path...

H04W 40/12   based on transmission quali...

H04W 40/32   for defining a routing clus...

H04W 84/18   Self-organising networks, e...

METHOD FOR THE SECURE EXCHANGE OF DATA OVER AN AD-HOC NETWORK IMPLEMENTING AN XCAST BROADCASTING SERVICE AND ASSOCIATED NODE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR THE SECURE EXCHANGE OF DATA OVER AN AD-HOC NETWORK IMPLEMENTING AN XCAST BROADCASTING SERVICE AND ASSOCIATED NODE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links