Method for misbehaviour detection in secure wireless mesh networks

US 8,543,809 B2
Filed: 09/03/2008
Issued: 09/24/2013
Est. Priority Date: 09/06/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for secure data transmission in a wireless mesh network a sending node sends at least one packet to at least one forwarding node, the at least one forwarding node receives the at least one packet from the sending node and forwarding the at least one packet to one or more receiving nodes, and a destination node receives the at least one packet from the at least one receiving node, the method comprising the steps of:

a transmitter of the sending node, being a challenging node, transmitting a challenge to a forwarding node,the forwarding node, being a challenged node executing computer-readable instructions stored in non-transitory media to;

generate a response for each of the sending node and the at least one receiving node, wherein both the response for the sending node and the response for the at least one receiving node include transformed information about one or more of the at least one packet which have been sent form the sending node to the destination node via the at least one forwarding node and the at least one receiving node, andtransmit the respective responses to the sending node and the at least one receiving node, andat each of the sending node and the at least one receiving node, executing computer-readable instructions stored in non-transitory media to process the respective response to find out whether the forwarding node is misbehaving or not by verifying whether the same transformed information in the respective response is equal to an information which can be or has been derived from the requested packet/packets, wherein the processing is carried out both by the sending node and the at least one receiving node,wherein the transformed information is a hash sum for the requested packet/packets in the challenge, the hash sum being generated by a logic operation from hash values of respective packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for secure data transmission in a wireless mesh network, a sending node sends at least one packet to at least one forwarding node which receives the packet from the sending node and forwards the packet to one or more receiving nodes. A destination node receives the packet. A challenge is transmitted from the sending node to the forwarding node causing the forwarding node to reply both to the sending and the receiving node with a response which has transformed information about one or more of the packet/packets. The response is processed to find out whether the forwarding node is misbehaving or not by verifying whether the transformed information is equal to an information which can be or has been derived from the requested packet/packets, wherein the processing is carried out both by the sending node and the receiving node.

Citations

21 Claims

1. A method for secure data transmission in a wireless mesh network a sending node sends at least one packet to at least one forwarding node, the at least one forwarding node receives the at least one packet from the sending node and forwarding the at least one packet to one or more receiving nodes, and a destination node receives the at least one packet from the at least one receiving node, the method comprising the steps of:
- a transmitter of the sending node, being a challenging node, transmitting a challenge to a forwarding node,the forwarding node, being a challenged node executing computer-readable instructions stored in non-transitory media to;
  
  generate a response for each of the sending node and the at least one receiving node, wherein both the response for the sending node and the response for the at least one receiving node include transformed information about one or more of the at least one packet which have been sent form the sending node to the destination node via the at least one forwarding node and the at least one receiving node, andtransmit the respective responses to the sending node and the at least one receiving node, andat each of the sending node and the at least one receiving node, executing computer-readable instructions stored in non-transitory media to process the respective response to find out whether the forwarding node is misbehaving or not by verifying whether the same transformed information in the respective response is equal to an information which can be or has been derived from the requested packet/packets, wherein the processing is carried out both by the sending node and the at least one receiving node,wherein the transformed information is a hash sum for the requested packet/packets in the challenge, the hash sum being generated by a logic operation from hash values of respective packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19, 20, 21)
- - 2. The method according to claim 1, wherein at least one of the hash sum and the hash values is/are calculated by a one-way hash function.
  - 3. The method according to claim 1, wherein in the challenge, the transformed information about the last x packets is requested which packets have been sent from the sending node to the destination node via forwarding node and the at least one receiving node.
  - 4. The method according to claim 1, wherein the response further comprises an identifier of the challenging node being a previous hop of the challenged node receiving the challenge.
  - 5. The method according to claim 1, wherein the response further comprises an identifier of the next hop of the challenged node receiving the challenge of the requested and transmitted packets.
  - 6. The method according to claim 1, wherein the response further comprises the number of requested packets transmitted from the challenging node to the challenged node.
  - 7. The method according to claim 1, wherein the response to the challenging node and the receiving node will be without encryption.
  - 8. The method according to claim 1, wherein the response to the challenging node and the receiving node will be with encryption.
  - 9. The method according to claim 1, wherein the response is transmitted as a broadcast message.
  - 10. The method according to claim 1, wherein the response will be processed by nodes which are addressed in the response.
  - 11. The method according to claim 1, wherein each of the sending nodes, the forwarding node, the at least one receiving node and the destination node maintains a first list for information about packets received from a neighbour node and a second list for storing information about packets sent to a neighbour node.
  - 12. The method according to claim 11, wherein for each received packets stored in the first list one or more parameters from the group consisting of the following parameters is stored:
    - the hash value,the identifier of the previous neighbour node which transmitted the packet,the identifier of the node which transmitted the packet prior to the previous neighbour node, andan information about the next hop for the packet.
  - 13. The method according to claim 11, wherein for each transmitted packet stored in the second list one or more parameter from the group consisting of the following parameters is stored:
    - the hash value,the identifier of the next neighbour node to which the packet is forwarded, andthe identifier of the previous neighbour node which transmitted the packet.
  - 14. The method according to claim 11, wherein the first and the second list in one of the nodes are updated on receiving or transmitting a packet.
  - 15. The method according to claim 11, wherein the challenge is transmitted periodically.
  - 16. A computer program product stored in tangible, non-transitory computer-readable media of a digital computer, comprising software code portions for performing the steps of claim 1 when said product is executed by a processor.
  - 19. The method according to claim 1, wherein the transformed information is a hash sum for immutable parts of the requested packet/packets in the challenge.
  - 20. The method according to claim 1, wherein the sending node, being the challenging node, transmits a challenge to multiple forwarding nodes, such that each forwarding node, being a challenged node, generates and transmits responses for each of the sending node and the at least one receiving node.
  - 21. The method according to claim 1, wherein the non-transitory media comprises at least one of:
    - internal memory of a digital computer, a CD-ROM, and a diskette.

17. A node in a wireless mesh network comprising a sending node sending at least one packet to at least one forwarding node, the at least one forwarding node receiving the at least one packet from the sending node and forwarding the at least one packet to one or more receiving nodes, and a destination node receiving the at least one packet from the at least one receiving node,wherein the node, being a challenging node, comprises:
- a transmitter for transmitting a challenge to the at least one forwarding node causing the at least one forwarding node, being a challenged node, to reply both to the challenging node and the at least one receiving node with a response, wherein both the response for the sending node and the response for the at least one receiving node include the same transformed information about one or more of the at least one packet/packets which has/have been sent form the challenging node to the destination node via the at least one forwarding node and the at least one receiving node, anda processor for processing the response to determine whether the at least one forwarding node is misbehaving or not by verifying whether the transformed information received in the response from the at least one forwarding node is equal to an information which can be or has been derived from the requested packet/packets, wherein the same transformed information is similarly used by the at least one receiving node to determine whether the at least one forwarding node is misbehaving or not,wherein the transformed information is a hash sum for the requested packet/packets in the challenge, and wherein the node comprises further means for generating the hash sum by a logic operation from hash values of respective packets.

18. A node in a wireless mesh network comprising a sending node sending at least one packet to at least one forwarding node, the at least one forwarding node receiving the at least one packet from the sending node and forwarding the at least one packet to one or more receiving nodes, and a destination node receiving the at least one packet from the at least one receiving node,wherein the node, being a challenged node, comprises a computer program stored in non-transitory media and executable to:
- receive a challenge from the sending node, being a challenging node, andin response to receiving the challenge;
  
  generate a response for each of the sending node and the at least one receiving node, wherein both the response for the sending node and the response for the at least one receiving node include transformed information about one or more of the at least one packet which have been sent form the sending node to the destination node via the at least one forwarding node and the at least one receiving node, andtransmit the respective responses to the sending node and the at least one receiving node, such that both the sending node and the at least one receiving node are able to determine whether the node is misbehaving or not based at least on the same transformed information received from the node,wherein the transformed information is a hash sum for the requested packet/packets in the challenge, and wherein the node comprises further means for generating the hash sum by a logic operation from hash values of respective packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Graffi, Kalman, Hollick, Matthias, Mogre, Parag Sudhir, Ziller, Andreas
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US12/676,039
Publication Number

US 20100180113A1
Time in Patent Office

1,847 Days
Field of Search

713/153, 713/181, 726/22, 726/23, 726/24, 709/224, 709/238
US Class Current

713/153
CPC Class Codes

H04L 2463/143   Denial of service attacks i...

H04L 45/00   Routing or path finding of ...

H04L 45/745   Address table lookup; Addre...

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

H04W 84/18   Self-organising networks, e...

Method for misbehaviour detection in secure wireless mesh networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method for misbehaviour detection in secure wireless mesh networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links