1. Technical Field
The present disclosure relates to an unauthorized device detection method employed in a system including a plurality of devices connected to one another.
2. Description of the Related Art
In recent years, household electrical appliances and audio-visual appliances installed in a home have come to be connected to a network, and various services using various kinds of history information collected from these appliances to the cloud are expected.
In such a case, a controller is installed in the home and relays transmission of history information from each household electrical appliance to a manufacturer server. At this time, authentication is performed to enable secure communication between the controller and the household electrical appliance. This approach is an attempt to prevent information leakage during wireless communication and a spoofing connection to the home network, for example.
Given this situation, the Wi-Fi Alliance has developed a standard called “Wi-Fi Protected Setup” which makes it easier to establish a connection between devices (for example, “Wi-Fi CERTIFIED Wi-Fi Protected Setup”). However, Wi-Fi wireless connection ensures only the interconnectability between a household electrical appliance and an access point device serving as the controller and does not ensure that a connection counterpart is an authorized device. However, it is known that a public key infrastructure (PKI) is usable as a method for verifying the authenticity of devices (for example, Atsuko Miyaji and Hiroaki Kikuchi “Information Security” (2003)).
In the case where leakage of a secret key has occurred in PKI-based authentication, a public key certificate needs to be revoked in order to prevent unauthorized activity using the public key certificate. A typical method used to revoke a public key certificate is a certificate revocation list (CRL) (for example, Atsuko Miyaji and Hiroaki Kikuchi “Information Security” (2003)).
The CRL is a list of revoked public key certificates. In general, the certificate authority that has issued public key certificates distributes the CRL after attaching its signature to the IDs of the revoked public key certificates. An entity such as a household electrical appliance or a controller determines whether or not a public key certificate for a connection counterpart entity is listed in the CRL. For this reason, the latest CRL needs to be used.
In addition, in the case where there are a plurality of unauthorized devices having the same identifier as a result of copying information held by one device to another device, it is necessary to detect the plurality of unauthorized devices and cause the detection result to be reflected in the CRL. Accordingly, in order to detect a plurality of unauthorized devices having the same identifier in a case where there are such unauthorized devices, a method in which a random number used in mutual authentication is stored after the mutual authentication and the stored random number is used to check a counterpart in the following authentication (for example, Japanese Patent No. 04857123) has been proposed.
Techniques used in the related art are also described in “NSA Suite B Implementer's Guide to FIPS 186-3 (ECDSA)”, “NIST Special Publication 800-56A Revision 2”, and “RFC5191 Protocol for Carrying Authentication for Network Access (PANA)”, for example.