1. Field of the Invention
The present invention relates to low-delay multi-hop communication.
2. Description of the Related Art
Multi-hop communication is used in many communication networks, including wireless mesh networks. In a wireless mesh network, each communication device or node communicates directly with other nodes within its wireless communication range, and communicates with nodes outside that range by having communication frames or packets passed from one node to another in bucket-brigade fashion. One advantage of wireless mesh networks is that they can operate at low transmitting power levels, since the transmitted signal only has to reach the neighboring nodes. Another advantage is the robustness of the mesh network topology, in which alternate communication routes can easily be found to replace routes that become unavailable because a communication device is damaged or taken out of service. In a conventional star topology network, in contrast, a failure at the central node disables the entire network.
Wireless networks in general are susceptible to the malicious injection of external data, so authentication of the communicated data is an important issue. In a wireless multi-hop network, each of the many relay nodes is a possible point of entry of malicious data, so authentication at the relay nodes is particularly important.
Various security transform schemes are used to protect network communications. One scheme employs a network key shared by all nodes in the network but unknown to potential attackers, and uses the network key to encrypt each communication frame. Another scheme uses the network key to perform a transform on part or all of the content of the communication frame to generate a digital signature or message authentication code which is attached to the communication frame, enabling the receiving communication device and each intermediate communication device to verify the authenticity of the frame.
Even if both encryption and an authentication transform are used, however, these schemes fail to defend the network against replay attacks. In a replay attack the attacker intercepts a transmitted frame and retransmits the frame later, without alteration. A communication device that receives the replayed frame is likely to decrypt and authenticate it successfully and accept it as a legitimate communication frame. Replay attacks can be used for various surreptitious purposes, and can also be used to disable a network by forcing it to waste time and battery charge in processing large numbers of repeated frames. Preventing replay attacks is a major problem for a secure communication system using a shared network key.
One method of thwarting replay attacks is to change the security key each time a communication frame is transmitted. In multi-hop transmission, however, this requires each intermediate node, after authenticating the received communication frame, to carry out a new security transform before relaying the frame to the next node. The repeated transform processing uses up computing resources at the intermediate nodes and significantly delays the arrival of the communication frame at its final destination.
In PCT patent application WO 2006/134001 (published in Japanese as Japanese Patent Application Publication No. 2008-547257 and in English as U.S. Patent Application Publication No. 20100042831), Bahr et al. describe a scheme that addresses these problems. The communication frame or packet includes payload data and control data, e.g., header data. The payload data are encrypted at the source node and decrypted at the final destination node, using a first key shared by these two nodes. The control data are encrypted and decrypted separately on each hop of the communication route, using a second key shared by the nodes at the two ends of the hop. A non-repeating key may be used as the second key. The processing load on intermediate nodes is reduced in that they do not have to decrypt the payload data, but transmission is still delayed by the time spent re-encrypting the control data at every hop, especially if this requires generating a new second key each time a communication frame is relayed.
When the processing capability of the communication devices in the communication network is low, performing a new security transform at each intermediate node can lead to troublesome delays in multi-hop communication. There is a need for a security method that defeats replay attacks without incurring such delays.