Recently, wireless mesh networks attract more and more attention, e.g. for remote control of illumination systems, building automation, monitoring applications, sensor systems and medical applications. In particular, a remote management of outdoor luminaires, so-called telemanagement, becomes increasingly important. On the one hand, this is driven by environmental concerns, since telemanagement systems enable the use of different dimming patterns, for instance as a function of time, weather conditions or season, allowing a more energy-efficient use of the outdoor lighting system. On the other hand, this is also driven by economical reasons, since the increased energy efficiency also reduces operational costs. Moreover, the system can remotely monitor power usage and detect lamp failures, which allows for determining the best time for repairing luminaires or replacing lamps.
Current radio-frequency (RF) based wireless solutions preferably use a mesh network topology, e.g. as shown in FIG. 1. The wireless network comprises a central controller or segment controller 60 and a plurality of nodes 10 (N) being connected among each other by wireless communication paths 40 in a mesh topology. Thus, the nodes 10 and the central controller 60 may comprise a transceiver for transmitting or receiving data packets via wireless communication paths 40, e.g. via RF transmission. In the backend, a service center 80 is situated and serves for system management. This entity normally communicates with one or more central controllers 60 of a corresponding network as a commissioning tool in charge of controlling or configuring this network over a third party communication channel 70, such as the Internet or mobile communication networks or other wired or wireless data transmission systems. In case of a lighting system or any other large wireless network, a network can also be divided into segments, so that a node 10 belongs to exactly one segment having one segment controller 60. Therefore, the terms “segment controller” and “central controller” should be seen as exchangeable throughout this description.
In general, any node 10 of the mesh network can communicate with the service center 80 via the segment controller 60. However, in some situations, high security standards have to be fulfilled in order to provide basic security services. An example is protection against a man-in-the-middle attack, i.e. preventing sensitive information being provided to non-authorized nodes 10 or preventing manipulation of the information provided to the nodes 10. For instance, outdoor lighting control involves the remote management of lighting nodes requiring a communication link between the service center 80 and the nodes 10 themselves through a controlling device such as a segment controller 60. In contrast to the service center 80 and the nodes 10, the segment controller 60, which is in the middle, is often not fully trusted since it may be managed and manipulated by third parties such as installers or customers. Thus, a segment controller 60 may act as a man-in-the-middle and manipulate some messages. This makes the execution of security protocols challenging. For instance, keying material cannot be provided to the segment controller 60, since it may be misused. Therefore, it is required to find means that allow to upgrade and/or activate software functionalities of the network nodes 10 or the like without being afraid of an intruder being able to put malware on the nodes 10. For this, it is important to ensure that a protocol for performing such actions is correctly performed by the segment controller 60.
Traditional end-to-end security protocols that allow for an end-to-end authentication between two trusted entities require the interactive exchange of messages between the service center 80 and the nodes 10, e.g., based on a challenge-response authentication handshake. Although such a procedure provides high security, it poses severe requirements regarding the usage of the GPRS link 70 as shown in FIG. 1 and regarding the service center 80 in the backend, since it involves continuous connections, more bandwidth and more operations at the service center 80. Thus, an end-to-end security handshake from the service center 80 to the nodes 10 ensuring, e.g., mutual authentication, is expensive and involves a lot of data traffic, continuous connection with the backend, more bandwidth and more operations at the backend.
Hence, it is desired to find means for communicating with network nodes 10 from the backend via an intermediate controlling device, providing a reasonable trade-off between security and operational needs suitable for the respective application.