In recent years, large networks such as smart building networks have gained importance. These networks typically consist of a large number of network nodes. In general, it is not difficult to intercept messages in a network. In wired networks, this could be done by tapping onto the wires by someone who has physical access to the network cables. In wireless networks it is even simpler, since anyone who is within range of the network can receive all messages that are sent around. So even someone outside a building can typically receive the messages sent by devices within this building.
Therefore, many networks use network encryption, such that the content of the intercepted messages cannot easily be interpreted. For example, many Wi-Fi networks are configured to use WEP or WPA encryption with pre-shared (symmetric) keys. In such a network, all messages that are sent around are encrypted using the network key. An adversary who does not have knowledge of the network key can still receive the messages, but he is not able to interpret them since they are enciphered. However, any node that has knowledge of the network key—i.e. any node that is joined into the network—can decipher such a message, whether or not this node was the intended recipient of the message. Furthermore, the probability that the shared symmetric network key is compromised (i.e. is leaked) is not negligible, since there are many places (i.e. nodes) where this key could leak. If that would happen, even an adversary who has a node which is not joined in the network but does have the network key, could intercept and decipher all messages. For some applications—most notably applications where money is involved—it is therefore very undesirable to solely rely on the network encryption.
Node-to-node (i.e. end-to-end) security—where messages are sent encrypted along a channel and only the recipient (and potentially the sender) has the key to decipher the message—can be a solution to this problem. Two common techniques that are used to achieve end-to-end encryption are symmetric and public-key cryptography.
When symmetric cryptography is used, each node has a symmetric (secret) key for every other node with which it needs to setup a secure connection. A disadvantage of using symmetric crypto for node-to-node security is that key management is difficult. First of all, each node needs to have a unique key for secure communication with every other node, which means that the total number of keys in the network will be large—assuming that any two nodes should be able to setup a secure node-to-node connection with a unique key for that connection. In a network containing n nodes, there are
      (                            n                                      2                      )    =                    n        !                              2          !                ⁢                              (                          n              -              2                        )                    !                      =                  1        2            ⁢              n        ⁡                  (                      n            -            1                    )                    possible node-to-node connections. For a network of 25 nodes, the number of node-to-node keys is 300 and for a network containing 1000 nodes, the number of keys is close to 500,000. Another reason why key management and distribution for symmetric keys is difficult is that the keys should always remain secret to adversaries, which complicates their distribution.
When public-key cryptography is used instead, each node simply publishes a public (non-secret) key. Any other node can use this key to send encrypted messages to the node who has published the public key, since only that node knows the corresponding private key that is needed to decrypt the message. So, using public-key cryptography for node-to-node encryption has two main advantages:
first, the number of keys is limited—in a network consisting of n nodes, there are only n keys—and secondly, the key distribution can be done in the plain—i.e. over an unsecure channel—because only the public (non-secret) keys need to be exchanged.
Although key distribution is a lot easier when public-key cryptography is used for node-to-node encryption, it is still not an obvious task: somehow, the recipients of these keys must also be able to trust that the public key really belongs a certain (legit) node and not to an unauthorized adversary. For example, assume that a certain node—node A—wants to send a secret message to another node—node B. If an adversary has published his own public key together with the identity, for example the Media Access Control (MAC) address, of node B, the adversary will be able to decrypt the messages sent by node A. And worse, the intended recipient—node B—will not be able to decrypt the messages. Therefore, the sending node—node A—needs to know whether the public key of node B is authentic, i.e. whether it really belongs to node B.
In existing solutions, a Public Key Infrastructure (PKI) is typically used. In such a PM, public keys are bound to respective user identities by means of certificates which are issued by certificate authorities (CAs). The CA at the top of the trust chain is called the root CA. In order to add a new node to the PKI, the following two provisioning steps must be performed: first, the new node must be registered with a certificate authority, which checks the node for (amongst others) authenticity and, if the checks are passed, binds the node's identity (e.g. MAC address) to the node's public key via a certificate (signed by the CA). Secondly, the root CA's public key must be supplied to the new node, such that the node itself can verify the certificates (containing the identity and public keys) of other nodes and CAs, in order to verify the authenticity of these certificates. The process of provisioning new nodes within a PM is in general a difficult process. In particular, the process of installing and registering new nodes is not intuitive.
In view thereof, there is a need to simplify the establishment of secure communication between network nodes of the kind set forth. In particular, there is a need to simplify the process of provisioning new nodes in a network while maintaining a high level of security. More specifically, there is a need to simplify the process of installing and registering new nodes while maintaining a high level of security.