JP2007074391A - Device, authentication method, and authentication program constituting secure ad hoc network - Google Patents

Abstract

An object of the present invention is to provide a device and an authentication method capable of easily realizing certificate management to distributed devices without connecting to a certificate authority.
A device stores a network identifier for specifying an ad hoc network, a network certificate corresponding to the network identifier, an owner registration key corresponding to the network identifier, and a device certificate generated in a certificate authority. Based on the owner registration key and the network certificate, the ad hoc network to participate in is determined, and the device certificate is exchanged with other devices constituting the ad hoc network for mutual authentication. This is achieved by providing the authentication means.
[Selection] Figure 3

Description

  The present invention relates to a device that constitutes a secure ad hoc network, an authentication method, and an authentication program.

  In an ad hoc network, one or more relay nodes are interposed between a source node that is a source of information and a target node that is a final destination, and signals are transmitted. An ad hoc network may be referred to as a multi-hop network or a mesh network. In this system, a central control station such as a fixed base station or a certification authority (CA) is not required, and each node expands coverage while transmitting signals to each other. Therefore, the ad hoc network has the advantages that the area where communication is possible is theoretically not limited at all, and that the communication network can be quickly and flexibly constructed anywhere.

  By the way, in an environment where there is no central control station or an environment in which devices participating in the network are dynamically changed, it is difficult to maintain network security.

  For example, in Securing Ad Hoc Networks, a plurality of certificate authorities (CA) are prepared for an ad hoc network, and these certificate authorities are distributed on the ad hoc network. The device connects to one of the certificate authorities (see, for example, Non-Patent Document 1).

Further, for example, in Self-Securing Ad Hoc Wireless Networks, a virtual certificate authority is constructed in each node by integrating information distributed on a network. In this case, each device is not required to connect to the certificate authority (see, for example, Non-Patent Document 2).
L. Zhou and ZJHaas, “Securing Ad Hoc Networks”, IEEE Networks, Volume 13, Issue 6 1999. H.Luo, P.Zerfos, J.Kong, S.Lu and L.Zhang, “Self-securing Ad Hoc Wireless Networks”, IEEE ISCC 2002.

  However, the background art described above has the following problems.

  In Securing Ad Hoc Networks, there is a problem that each device cannot connect to another device without connecting to a certificate authority (CA).

  In addition, in Self-Securing Ad Hoc Wireless Networks, there is a problem that the processing to be executed in each node is complicated and the control load is heavy.

  Therefore, an object of the present invention is to provide a device, an authentication method, and an authentication program that can easily manage certificates to distributed devices without connecting to a certificate authority.

  In order to solve the above problems, a device of the present invention is generated in a certificate authority, a network identifier that identifies an ad hoc network, a network certificate corresponding to the network identifier, an owner registration key corresponding to the network identifier, and Based on the storage means for storing the device certificate, the owner registration key and the network certificate, an ad hoc network to participate in is determined, and the device certificate is exchanged with other devices constituting the ad hoc network. One feature is that it comprises an authentication means for performing mutual authentication.

  With this configuration, authentication processing can be performed between distributed devices without connecting to a certificate authority.

  Further, the authentication method of the present invention includes a determination step of determining an ad hoc network to participate based on an owner registration key corresponding to a network identifier for specifying an ad hoc network and a network certificate corresponding to the network identifier. One of the features is that it has an authentication step of performing mutual authentication by exchanging the device certificate generated in the certificate authority with another device constituting the ad hoc network.

  In this way, authentication processing can be performed between distributed devices without connecting to a certificate authority.

  The authentication program of the present invention determines an ad hoc network to participate on the basis of an owner registration key corresponding to a network identifier for specifying an ad hoc network and a network certificate corresponding to the network identifier, and configures the ad hoc network. The computer is caused to function as an authentication unit that performs mutual authentication by exchanging the device certificate with another device.

  In this way, authentication processing can be performed between distributed devices without connecting to a certificate authority.

  According to the embodiments of the present invention, it is possible to realize a device, an authentication method, and an authentication program that can easily realize certificate management to distributed devices without being connected to a certificate authority.

Next, embodiments of the present invention will be described with reference to the drawings.
In all the drawings for explaining the embodiments, the same reference numerals are used for those having the same function, and repeated explanation is omitted.

  First, a radio communication system using an ad hoc network according to an embodiment of the present invention will be described with reference to FIG.

Wireless communication system according to this embodiment, for example, the certification authority (CA: certificate authority) 100 ₁ and a management network comprising an authentication server 100 _2, the management network and the communication network, for example, mobile station connected via the Internet 300 and an ad hoc network 200 connected to the mobile station 300. The ad hoc network 200 includes a plurality of devices or mesh network access points (MAPs). For example, the ad hoc network 200 includes a _{MAP (# 1) 200 1 ~MAP} (# 5) 200 5. Further, a communication device called a station may be connected under the device. For example, MAP (# 1) station (# 1) is connected to the 200 _1, MAP (# 2) 200 ₂ station (# 2) is connected, MAP (# 4) 200 ₄ to the station (# 3) and the station (# 4) are connected.

Authentication station 100 ₁ performs the creation of a secure group. For example, the certificate authority 100 _1, the network certificate, which will be described later, the certificate authority network ID (CA-NW-ID) , the certificate authority device ID (CA-Device-ID) , registration key (imprinting key), a network certificate A public key and a private key (Private / Public key) and a device revocation list (DRL) are generated.

Authentication server 100 ₂ performs the management of the secure group. For example, the authentication server 100 _2, the network certificate, registration key, the certificate authority network ID, and the authentication station device ID, and the management of the DRL performed.

Here, it is also possible to implement the authentication station 100 ₁ and the authentication server 100 ₂ in the same device. Hereinafter, the same apparatus and an authentication station 100 ₁ and the server 100 _2, for example, will be described implemented as DRL / CA server 100.

  The mobile station 300 constructs a secure network. For example, the mobile station 300 includes a proximity communication means, for example, a communication means using a non-contact type IC card, IrDA, etc., and inputs indispensable information to the MAP 200 configuring the ad hoc network 200 for information that is safe and easy to communicate. To do. By doing so, information leakage can be prevented and information can be prevented from being transmitted to an unintended apparatus.

  Further, the mobile station 300 communicates with the DRL / CA server 100 by a protocol that can transmit and receive information encrypted on the Internet, for example, a secure socket layer (SSL) method.

  The MAP 200 is configured by a device, for example, and generates a secure link with another MAP (device) to form an ad hoc network. In this case, mutual authentication is performed between adjacent devices by, for example, the 802.11i IBSS mode. After mutual authentication is performed with an adjacent device, the device distributes the DRL using, for example, an Uncontrolled Port. In this case, the device that has not been removed becomes a device that forms the ad hoc network, and the Controlled Port is opened to start communication.

  Next, the configuration of the DRL / CA server 100 according to the present embodiment will be described with reference to FIG.

  The DRL / CA server 100 according to the present embodiment includes a communication interface 102, a control unit 104 connected to the communication interface 102, a certificate issuing unit 106 connected to the control unit 104, a certificate creation unit 108, and an ad hoc network. An information management unit 112 and a key pair generation unit 110 connected to the certificate creation unit 108 are provided. The ad hoc network information management unit 112 includes a device ID management unit 114, a network ID management unit 116, a network member management unit 118, a device certificate management unit 120, a network certificate management unit 122, a network administrator management unit 124, and a registration. A key management unit 126 and a DRL management unit 128 are provided.

  The communication interface 102 is a communication interface with the mobile station 300. This communication is performed by a highly secure communication, for example, a protocol capable of encrypting and transmitting / receiving information on the Internet, for example, a secure socket layer method.

  The device ID management unit 114 stores and manages the device ID. For example, the device ID management unit 114 manages a device identifier (device ID) that identifies a MAP in the ad hoc network. For example, the device ID management unit 114 manages the device ID by associating a certificate authority device ID (CA device ID) unique within the entire system with a user device ID unique to a specific user. Also good. For example, the device ID management unit 114 includes a user device ID such as “TV (TV)” and a certificate authority ID, for example, TV. Manage aaa.

  The device certificate management unit 120 stores and manages device certificates. For example, the device certificate management unit 120 manages a MAP-specific certificate signed in the network certificate. This device certificate indicates that such a MAP exists in the network. The device certificate includes, for example, information such as a serial number given for each device certificate, a certificate validity period, for example, a start time and an end time, and an algorithm used for authentication.

  The network ID management unit 116 stores and manages the network ID. For example, the network ID management unit 116 manages a network identifier (NW-ID) that identifies an ad hoc network. The NW-ID specifies an ad hoc network formed by a MAP operated by a network member. For example, the network ID management unit 116 assigns an NW-ID to a certificate authority ID (CA-NW-ID) that is unique within the entire system and a user ID (USER-NW-ID) that is unique to a specific user. You may make it manage, correlating with each other. For example, the network ID management unit 116 manages a user ID such as “Home” and a certificate authority ID with a group account ID added thereto, for example, “Home.aaa”.

  The network certificate management unit 122 stores and manages network certificates. For example, the network certificate management unit 122 manages a network certificate (Network Root Certification) generated when creating a network identifier (NW-ID). This certificate indicates that the network exists effectively. This network certificate includes, for example, information such as a serial number assigned to each network certificate, a valid period of the network certificate, for example, a start time and an end time, and an algorithm used for authentication.

  The network member management unit 118 stores and manages information indicating network members. For example, the network member management unit 118 holds customer information as a database.

  The network administrator management unit 124 stores and manages information indicating the network administrator. For example, it manages a person (management group) who has the authority to join or leave a network device in an ad hoc network. This management group may be composed of any network member. For example, the management group may be configured by a unit such as a family, or the management group may be configured by members of an organization of a company.

  A mobile station of a person belonging to the same management group (for example, a mobile phone) has the same authority and may control any MAP in the ad hoc network related to the management group. Moreover, a specific member is managed as a network administrator among network members. The network administrator may be given authority to change or add members. The management group is distinguished from other management groups, for example, by setting a group account ID.

  The registration key management unit 126 stores and manages the registration key. For example, the registration key management unit 126 manages a registration key or an imprinting key (Imprinting key) created for each network. The registration key is downloaded to the mobile station 300 as necessary, and is verified when an operation is performed on the MAP. A registration key can be registered only once with a MAP for which the registration key is unregistered. After registration, only the mobile station that presents the registration key can change the MAP setting.

  The DRL management unit 128 stores and manages the DRL. For example, the DRL management unit 128 manages a device exclusion list (DRL: Device Revocation List) that specifies a MAP that should not communicate within an ad hoc network. By exchanging this DRL, MAPs in the ad hoc network can avoid performing unnecessary communication with MAPs that should not communicate with each other. The DRL is updated by a request from a mobile station that can download a registration key.

  The control unit 104 performs various controls in the DRL / CA server 100. For example, the control unit 104 performs user authentication of the mobile station 300 using the ID of the mobile station 300 exchanged on SSL. In addition, the control unit 104 verifies whether or not the access user (mobile station 300) is a regular user.

  Further, the control unit 104 generates a network in accordance with a network creation request from the mobile station 300. For example, when a network identifier (NW-ID) is transmitted from the mobile station 300, the control unit 104 confirms the uniqueness within the management group from the group account ID and the network identifier, and makes the authentication unique within the system. A station network ID (CA-NW-ID) is generated. In addition, an imprinting key, a registration key, a network certificate, and a DRL corresponding to the CA-NW-ID are generated.

  In addition, the control unit 104 transmits an imprinting key, a network identifier, and a certificate authority network ID to the mobile station 300. DRL is a list of MAPs that are removed from the network. At the time of network generation, the control unit 104 generates a DRL with no MAP to be excluded.

  Here, the DRL will be described in detail. The DRL stores a hash value of a device certificate of a MAP (device) that refuses connection.

  For example, the DRL describes a sequence number of the DRL itself, a valid period of the DRL, for example, a start time and an end time, a network identifier, a list of MAPs that are not permitted to connect to the network, and a signature. For example, as a list of MAPs that are not permitted to be connected to the network, hash values of device certificates are described.

  The imprinting key is generated for each network, and is generated when the user generates a network. With this imprinting key, the MAP authenticates the mobile station 300. When a network identifier and a device identifier are transmitted from the mobile station 300, the control unit 104 checks whether a network corresponding to the network identifier has been generated. For example, the control unit 104 refers to the network ID management unit 116 and confirms whether a network corresponding to the input network identifier has been generated. If the network is not registered, for example, a message is transmitted to the mobile station 300 to notify that the network is not registered.

  In addition, the control unit 104 checks for duplication of device identifiers, and if there is no duplication, generates a certificate authority device ID (CA-Device-ID) that is unique within the system. For example, the control unit 104 refers to the device ID management unit 114 and checks for duplicate device identifiers.

  The certificate creation unit 108 creates a certificate. For example, when a certificate issuance request is received from the mobile station 300, a device certificate corresponding to the certificate issuance request is generated and input to the control unit 104. The control unit 104 transmits the input device certificate to the mobile station 300 together with the network certificate and DRL of the ad hoc network to which the MAP that issued the certificate issuing request belongs.

  The key pair generation unit 110 generates a key. The certificate issuing unit 106 issues a certificate. For example, a device certificate that is a MAP certificate in the network and a network certificate that is a network certificate are issued.

  Next, a MAP (device) 200 according to the present embodiment will be described with reference to FIG.

  The device 200 according to the present embodiment is connected to a first communication interface 202 as a reception unit, a control unit 206 as a certificate issuance request generation unit connected to the first communication interface 202, and a control unit 206. A key pair generation unit 208, a profile management unit 210 as a storage unit, a connection authentication management unit 216 connected to the profile management unit 210, and a second communication interface 204 connected to the connection authentication management unit 216. . The profile management unit 210 includes profile storage units 212 and 214. The connection authentication management unit 216 includes a DRL distribution unit 218 and an authentication unit 220 as an exclusion list exchange unit and an exclusion list update unit.

  The first communication interface 202 is an interface for communicating with the mobile station 300. The first communication interface 202 is performed in such a manner that the transmission side can specify the receiving party, such as short-range infrared communication, non-contact type IC card communication, or wired communication. By doing so, information leakage can be prevented and information from the mobile station can be prevented from being received by an unintended device.

  The key pair generation unit 208 generates a secret key and a public key. For example, the key pair generation unit 208 creates a public / private key pair by using the function of the secure IC card at the time of imprinting. The private key is used, for example, when signing a certificate issuance request (CSR: Certification Signature Request). When the registration key is deleted, the key pair held in the secure IC card is discarded. The corresponding key pair is also discarded when the validity period of the device certificate expires or when it expires for other reasons.

  The profile management unit 210 stores profile information. For example, the profile management unit 210 manages setting information or configuration information. The profile information management unit 210 includes, as setting items, a registration key (imprinting key), a network certificate, a device certificate, a network identifier and a certificate authority network ID related to a network, a device identifier and a certificate authority device ID related to a MAP, and a device exclusion list. (DRL) is managed.

  The above setting information is set for each ad hoc network. Therefore, when a plurality of ad hoc networks are set in one MAP, a plurality of setting information is managed separately. For example, two pieces of setting information are respectively managed by profile storage units # 1 and # 2. For example, the setting information may be stored in a secure IC card.

  The control unit 206 installs the imprinting key and the certificate authority network ID. In addition, the control unit 206 generates a certificate issuance request signed with a private key, and transmits the certificate issuance request to the mobile station 300. The control unit 206 performs authentication when installing a certificate from the mobile station 300. For example, the control unit 206 performs authentication by a challenge response.

  In this case, the control unit 206 notifies that the network identifier is different when the imprinting key is different and authentication cannot be performed. When authentication is performed, a network certificate, a device certificate, and a DRL corresponding to the certificate issuance request are installed, and the network certificate, the device certificate, and the DRL are stored in the profile management unit 210. In this case, the control unit 206 notifies the mobile station 300 that the device certificate corresponding to the certificate issuance request has been received.

  The second communication interface 204 is an interface for communicating with other MAPs in the ad hoc network.

  The connection authentication management unit 216 determines whether or not communication with another MAP in the ad hoc network may be performed. Mutual authentication is performed between MAPs, and mutual authentication is performed by, for example, IEEE 802.1X EAP-TLS. Further, the device exclusion list DRL exchanged between the MAPs is referred to and the MAP that should not communicate is confirmed. In this case, if the received DRL is newer, it updates its own DRL. If the received DRL is not newer, its own DRL is maintained as it is. Whether the DRL is new or old is determined, for example, by comparing the serial numbers associated with the DRL.

  Next, the operation of the ad hoc network system according to the present embodiment will be described.

  First, device owner registration will be described with reference to FIG.

  First, a network identifier such as “Home” and a group account ID are input to the mobile station 300 and notified to the DRL / CA server 100 (step S402).

  In the DRL / CA server 100, the uniqueness within the management group is confirmed from the network identifier and the group account ID. When the uniqueness is confirmed, for example, Home. A unique certificate authority network ID (CA-NW-ID) is generated in a system such as aaa. The DRL / CA server 100 also includes a registration key (imprinting key) corresponding to the certificate authority network ID, a public key and a private key (private / public key) for the network certificate, and a network certificate (NW Root Certificate). ) And a device exclusion list DRL are generated (step S404). The DRL at this point is a list in which no MAP to be excluded is specified. The DRL / CA server 100 transmits these pieces of information to the mobile station 300.

  Upon receiving these pieces of information, the mobile station 300 displays and stores it as necessary (step S406).

  Next, the mobile station 300 performs an imprinting key acquisition operation on the DRL / CA server 100 (step S408).

  The DRL / CA server 100 displays a list of network identifiers (NW IDs) that can be controlled (step S410). The mobile station 300 selects the NW ID from the displayed NW ID and downloads the imprinting key.

  Next, in the mobile station 300, when the installation button for the imprinting key is pressed, an installation operation for the imprinting key is performed, and the mobile station 300 approaches the MAP (step S412). In the present embodiment, communication using a non-contact IC card is performed between the mobile station 300 and the MAP. As a result, information regarding the registration key (imprinting key) held in the mobile station 300 is transmitted to the MAP.

  If the registration key has not been set, the MAP 200 installs the received registration key and certificate authority network ID in itself (step S414). If the installation is normally performed, the MAP 200 displays a normal end message on the mobile station 300 (step S416).

  Next, an operation for causing the MAP 200 to participate in the ad hoc network will be described with reference to FIG.

  First, in the mobile station 300, a network identifier (USER NW ID) such as “Home” and a device identifier (USER Device ID) such as “PC” are input and transmitted to the DRL / CA server 100 (step S502). ).

  The DRL / CA server 100 confirms that the network identifier received from the mobile station 300 has been created. If the received network identifier has not been created, the processes of steps S402 and S404 described with reference to FIG. 4 are performed. The DRL / CA server 100 confirms that the received device identifier does not overlap with an existing one. In the case of duplication, the device identifier is changed so as to avoid duplication.

  When the network identifier and the device identifier are confirmed, a certificate authority device ID (CA Device ID) corresponding to the device identifier is generated. The certification authority network ID, device identifier, certification authority device ID, and registration key for the certification authority network ID are transmitted to the mobile station 300 (step S504), and the mobile station 300 displays them as necessary (step S506). .

  In the mobile station 300, the “CSR (certificate issuance request) generation button” is pressed, the mobile station 300 is brought close to the MAP 200, and short-range infrared communication or the like is performed. Authentication by challenge / response is performed between the mobile station 300 and the MAP 200 (step S508). In this case, if the imprinting key is different and authentication cannot be performed, a notification that the network identifier is different is sent. When the authentication is performed, the mobile station 300 transmits the certificate authority network ID and the certificate authority device ID to the MAP 200.

  The MAP 200 creates a public key and a secret key, and generates a CSR signed with the secret key (step S510). The MAP 200 transmits the generated CSR to the mobile station 300. As a result, the mobile station performs CSR acquisition display (step S512).

  In the mobile station 300, the “device certificate issuance request (CSR) button” is pressed and notified to the DRL / CA server 100 (step S514).

  The DRL / CA server 100 generates a device certificate for the received device certificate issuance request. Further, the DRL / CA server 100 transmits the device certificate, the network certificate of the network to which the MAP that issued the CSR belongs, and the device exclusion list DRL to the mobile station 300 (step S516).

  The mobile station 300 displays the reception of the device certificate (step S518).

  Further, in the mobile station 300, the “certificate install button” is pressed, and the mobile station 300 is brought close to the MAP 200 (step S520).

  The MAP 200 authenticates the mobile station 300 using a challenge response. In this case, if the imprinting key is different and authentication cannot be performed, a notification that the network identifier is different is sent. When the authentication is performed, the mobile station 300 installs the network certificate, the device certificate, and the DRL in the MAP 200 (Step S522).

  The MAP 200 confirms that the device certificate corresponding to the certificate issuance request has been received, and displays a normal completion display on the mobile station 300 (step S524).

  Thereafter, the MAP 200 can mutually participate in a secure ad hoc network by performing authentication with an adjacent MAP and exchanging a network certificate, a device certificate, and a device exclusion list DRL with each other. Also, the MAP 200 refers to the device exclusion list DRL and confirms the MAP that should not communicate. In this case, if the received DRL is newer, it updates its own DRL. If the received DRL is not newer, its own DRL is maintained as it is.

  Note that, from the viewpoint of maintaining network security, it is desirable that the registration key is updated regularly or irregularly. For example, after setting the registration key, the mobile station 300 may prompt the user to update the registration key after a certain period of time has elapsed. Since there is a correspondence between the registration key and the network ID, it is desirable that the registration key and the network identifier be updated at the same time.

  Next, update of the device exclusion list DRL will be described with reference to FIG.

  By a button operation on the mobile station 300 by a network administrator or another network member (step S602), the DRL / CA server 100 transmits a list of MAPs included in the network to the mobile station 300 (step S604). A list is displayed on the mobile station 300 (step S606).

  The network member designates the MAP to be excluded from the network, and notifies the DRL / CA server 100 (step S608).

  The DRL / CA server 100 updates the DRL by creating a DRL in which the MAP is registered so that the designated MAP is excluded, and transmits the DRL to the mobile station 300 (step S610).

  The mobile station 300 displays the updated DRL as necessary (step S612).

  In addition, the mobile station 300 performs a button operation for installing the latest DRL (step S614). Then, the mobile station 300 is brought close to the MAP. The MAP performs the authentication process described above.

  Next, the MAP 200 installs the latest DRL (step S616). Thereafter, the MAP 200 sends the latest DRL to MAPs not designated by the DRL among neighboring MAPs. By doing so, the latest DRL is sent to all MAPs not designated in the latest DRL, and the designated MAP is excluded from the network.

  Next, authentication processing performed between MAPs will be described with reference to FIG.

  Various keys and certificates are installed in the MAP 200 configuring the ad hoc network, and the MAP 200 is operable in the ad hoc network.

  The MAP 200 takes an initialization state, a network generation state, a standby state, and a termination state.

  The initialized state is an initial state of the MAP and is a state in which various configurations are not completed. In this state, communication with the mobile station 300 using proximity communication means such as Felica / IrDA is possible, but an ad hoc network cannot be configured. The management station that manages the MAP can be managed by a wired connection.

  Here, the configuration of keys and certificates that must be set / generated includes SSID, for example, device identifier, device private key / public key, imprinting key, network ID, device ID, network certificate, and device certificate. And DRL. The connection / authentication process for configuring the specified ad hoc network is started with the active imprinting key. In this case, even if the configuration related to the active imprinting key is insufficient, and the configuration related to the imprinting key that is not another guest is completed, the ad hoc network to be started up is active. It is specified by the printing key. In this case, the system waits for configuration and remains in the initialized state.

  The network generation state is classified into an authentication state and a routing state.

  The authentication state is a state in which the MAP is executing authentication processing with another adjacent MAP in the ad hoc network designated by the active imprinting key. In this state, communication with a mobile station using proximity communication means such as FeliCa / IrDA is possible, but various settings cannot be made to avoid inconsistencies in the internal state. A management station that manages the MAP can be managed by preferential connection.

  In this state, the device performs mutual authentication and key exchange with an adjacent connectable device. In the mutual authentication, for example, authentication processing and key exchange by EAP-TLS or WPA-PSK equivalent to IEEE802i RSNA IBSS mode are performed.

  When there are a plurality of adjacent connectable MAPs, mutual authentication and key exchange are performed for each, but user frames are also routed between the already authenticated MAPs.

  If another adjacent MAP cannot be detected at the stage where the MAP is activated, the state remains in this state, waits for the authentication processing activation from the other adjacent MAP, and itself also periodically searches for an adjacent MAP.

  The routing state is a state in which a user frame that has been authenticated with an adjacent MAP can be routed in an ad hoc network designated by an active imprinting key.

  In this state, communication with a mobile station using proximity communication means such as FeliCa / IrDA is possible, and various settings are possible. In addition, the management terminal that manages the MAP can be preferentially connected and wirelessly connected.

  For frame transfer with an adjacent MAP, encryption is performed using a key for each opposing MAP.

  Further, in this state, as a steady state, the device public key / private key, network certificate, device certificate, DRL and encryption keys such as MK, PMK, PTK, and GTK are periodically inspected.

  When a new signed DRL is received from the mobile station, the DRL stored by itself is updated. Further, the contents of the new DRL are inspected, and if the currently connected MAP exists in the DRL, the communication with the MAP is stopped and an unauthenticated state is set.

  When a new DRL signed from an adjacent MAP is transferred, the DRL owned by the DRL is updated / inspected. When the MAP currently used exists in the DRL, the communication with the MAP is stopped. Unauthenticated state. Furthermore, it transfers to adjacent MAP.

  The standby state is a state in which the MAP cannot be used due to a power-off / sleep state of the MAP.

  At this time, various types of security-related information are held in a nonvolatile storage medium or secure IC card in the MAP. For example, as various kinds of information, an SSID, for example, a device identifier, a device secret key / public key, an imprinting key, a network ID, a device ID, a network certificate, a device certificate, and a DRL are held. Here, since PTK is regenerated by EAP-TLS at the time of start-up by power-on again, it is not held in the standby state.

  The terminal state is a state where the use of the MAP is finished. After the transition to this state, all security related information is discarded. For example, SSIDs such as device identifiers, device private keys / public keys, imprinting keys, network IDs, device IDs, network certificates, device certificates, and DRLs are discarded.

  Next, an authentication sequence between MAPs will be described with reference to FIG.

  As an example, an authentication sequence performed between MAP-1 as a supplicant and MAP-2 as an authenticator (Authenticator / AS) will be described. In the present embodiment, authentication processing is performed between MAP-1 and MAP-2 by association, EAP-TLS, and 4-way Handshake.

  First, the association sequence will be described.

  MAP-1 transmits a probe request in IEEE 802.11 to MAP-2 (step S702).

  MAP-2 transmits a probe response in IEEE 802.11 to MAP-1 (step S704).

  The MAP-1 transmits an open system authentication request (Open System Authentication Request) in IEEE 802.11 to the MAP-2 (step S706).

  MAP-2 transmits an open system authentication response (Open System Authentication Response) in IEEE802.11 to MAP-1 (step S708).

  MAP-1 transmits an association request (Association Request) in IEEE802.11 to MAP-2 (step S710).

  MAP-2 transmits an association response (Association Response) in IEEE802.11 to MAP-1 (step S712).

  At this point, the IEEE 802.1X control ports of MAP-1 and MAP-2 are blocked.

  Next, EAP-TLS will be described.

  MAP-1 transmits EAPOL (Start) in IEEE 802.1X to MAP-2 (step S714).

  MAP-2 transmits an EAP request (Identity) in IEEE802.1X to MAP-1 (step S716).

MAP-1 uses EAP in IEEE 802.1X as compared to MAP-2.
A response (Identity) is transmitted (step S718).

  MAP-2 transmits an EAP request (TLS) in IEEE802.1X to MAP-1 (step S720).

MAP-1 uses EAP in IEEE 802.1X as compared to MAP-2.
A response (Client Hello) is transmitted (step S722).

  MAP-2 transmits an EAP request (Server Hello, Certificate, Certificate Request, server_key_exchange, server_done) in IEEE802.1X to MAP-1 (step S724). That is, a certificate held by MAP-2, for example, a network certificate, a device certificate, and the public key are transmitted.

  MAP-1 determines whether the received certificate and public key are valid. That is, MAP-2 authentication is performed. For example, it is confirmed that the certificate does not correspond to a certificate revocation list (CRL). If it is not valid, for example, the user is notified by an alarm and returns to the initial state.

  MAP-1 derives PMK (Pairwise Master Key). In addition, MAP-1 transmits an EAP response (client_key_exchange, Certificate, Certificate Verify, change_cipher_suite, finished) in IEEE802.1X to MAP-2 (step S726). That is, a certificate held by MAP-1, for example, a network certificate, a device certificate, and a public key are encrypted with PMK and transmitted.

  MAP-2 determines whether the received certificate is valid. That is, MAP-1 authentication is performed. For example, it is confirmed that the certificate does not correspond to a certificate revocation list (CRL). If it is not valid, for example, the user is notified by an alarm and returns to the initial state.

  MAP-2 derives PMK (Pairwise Master Key). In addition, MAP-2 encrypts an EAP request (Change_cipher_suite, finished) in IEEE802.1X with PMK and transmits it to MAP-2 (step S728).

  MAP-1 transmits an EAP response in IEEE802.1X to MAP-2 (step S730).

  MAP-2 transmits an EAP success in IEEE 802.1X to MAP-1 (step S732). That is, MAP-2 sends a “success” packet to MAP-1.

  Next, 4-way Handshake will be described.

  MAP-2 transmits EAPOL-Key (ANonce, Unicast) in IEEE802.1X to MAP-1 (step S734).

  MAP-1 generates PTK (Pairwise Transient Key). Further, MAP-1 transmits EAPOL-Key (SNonce, Unicast, MIC) in IEEE 802.1X to MAP-2 (step S736).

  MAP-2 derives PTK (Pairwise Transient Key) and generates GTK (Group Transient Key). Further, MAP-2 transmits EAPOL-Key (Install PTK, Unicast, MIC, Encrypted GTK) in IEEE 802.1X to MAP-2 (step S738).

  MAP-1 transmits EAPOL-Key (Unicast, MIC) in IEEE802.1X to MAP-2 (step S740).

  MAP-1 installs PTK and GPK, and MAP-2 installs PTK.

  At this point, the IEEE 802.1X control ports of MAP-1 and MAP-2 are opened.

  After the above authentication process is completed, DRL exchange is performed between MAP-1 and MAP-2. MAP-1 and MAP-2 check the signature of the received DRL and, if it is a newer DRL, update the DRL held by itself.

  After MAP-1 and MAP-2 update the DRL, if an adjacent MAP is registered in the DRL, the MAP-1 and MAP-2 set the authentication with the MAP to an unauthenticated state.

  Next, a mutual authentication sequence between MAPs will be described with reference to FIG.

  Mutual authentication / key distribution between MAPs is performed by IEEE 802.1X EAP-TLS in, for example, IEEE 802.11i RSNA IBSS mode. At this time, both MAPs have the supplicant / authenticator function described with reference to FIG. The authentication sequence has been described with reference to FIG. The MAP supplicant function and the authenticator function function independently.

  Handshaking using an IEEE 802.1X EAPOL-Key frame is performed between adjacent MAPs, and PTK and GTK are generated. Two PTKs are generated by EAP-TLS activated from both directions, and the other party's own MAC address is compared with the PTK of the MAP having the larger value.

  The authenticator function of the MAP can execute an authentication sequence between adjacent MAPs in parallel.

  Further, the MAP supplicant function sequentially executes an authentication sequence with adjacent MAPs.

  Next, a mutual authentication sequence between MAPs will be described with reference to FIG.

  Here, a case where authentication processing is performed between MAP-1 and MAP-3 as supplicants and MAP-2 as an authenticator will be described.

  MAP-2 functions as an authenticator (Authenticator / AS) described in FIG. 7 with respect to MAP-1 and MAP-2. The authentication sequence has been described with reference to FIG.

  Next, a mutual authentication sequence between MAPs will be described with reference to FIG.

  Here, a case where authentication processing is performed between MAP-1 as a supplicant and MAP-2 and MAP-3 as authenticators will be described.

  MAP-1 functions as a supplicant described in FIG. 7 with respect to MAP-2 and MAP-3. The authentication sequence has been described with reference to FIG.

  The device, authentication method, and authentication program according to the present invention can be applied to an ad hoc network.

It is explanatory drawing which shows the system which builds the ad hoc network concerning one Example of this invention. It is a block diagram which shows the DRL / CA server concerning one Example of this invention. It is a block diagram which shows the device concerning one Example of this invention. It is a flowchart which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a flowchart which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a flowchart which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a sequence diagram which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a sequence diagram which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a sequence diagram which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention. It is a sequence diagram which shows operation | movement of the system which builds the ad hoc network concerning one Example of this invention.

Explanation of symbols

100 DRL / CA server 100 ₁ Certificate Authority (CA)
100 ₂ authentication server 200, 200 _{1, 200 2,} 200 _3, 200 4, 200 ₅ device 300 the mobile station

Claims (10)

Storage means for storing a network identifier for specifying an ad hoc network, a network certificate corresponding to the network identifier, an owner registration key corresponding to the network identifier, and a device certificate generated in a certificate authority;
Authentication means for determining a participating ad hoc network based on the owner registration key and the network certificate and exchanging the device certificate with another device constituting the ad hoc network for mutual authentication;
A device comprising: In the device of claim 1:
The storage means stores an exclusion list designating a specific device excluded from the ad hoc network specified by the network identifier;
The device characterized in that the authentication means performs an authentication process according to the exclusion list. In the device of claim 2:
Exclusion list exchange means for exchanging the exclusion list with other authenticated devices;
An exclusion list updating means for updating a stored exclusion list based on the received exclusion list;
A device comprising: The device according to any one of claims 1 to 3,
Certificate issuance request generation means for generating a certificate issuance request for requesting the device certificate;
A device comprising: 5. A device according to any one of claims 1 to 4, wherein:
The storage means stores a network identifier for identifying a plurality of ad hoc networks, a network certificate corresponding to the network identifier, an owner registration key corresponding to the network identifier, and a device certificate generated in a certificate authority. A device characterized by that. 6. A device according to any one of claims 1 to 5:
Receiving means for receiving at least one of the network identifier, the network certificate, the owner registration key, and the device certificate from a mobile station;
A device comprising: Determining a participating ad hoc network based on an owner registration key corresponding to a network identifier identifying the ad hoc network and a network certificate corresponding to the network identifier;
An authentication step of performing mutual authentication by exchanging the device certificate generated in the certificate authority with another device constituting the determined ad hoc network;
An authentication method characterized by comprising: In the authentication method according to claim 7:
The authentication step includes
An authentication method comprising a step of performing an authentication process according to the exclusion list designating a specific device excluded from an ad hoc network specified by the network identifier. In the authentication method according to claim 8:
Exclusion list exchange step of exchanging the exclusion list with other authorized devices;
An exclusion list update step of updating a stored exclusion list based on the received exclusion list;
An authentication method characterized by comprising: The computer determines an ad hoc network to join based on an owner registration key corresponding to a network identifier for identifying an ad hoc network and a network certificate corresponding to the network identifier, and other devices constituting the ad hoc network; Authentication means for exchanging device certificates and performing mutual authentication;
Authentication program to function as.

Images