The invention relates to a method and to a system for providing a key for encrypting messages between nodes of a mesh network.
A wireless mesh network is an intermeshed network which, for example, is implemented in a wireless local area network (WLAN). In a mesh network, a mobile node can forward to a further mobile node, or transmit to a base station, data which come from another mobile node. In a mesh network, long distances can be spanned, particularly in uneven or difficult terrain. In addition, mesh networks operate very reliably since every mobile node is connected to some other nodes. If a node fails, for example due to a hardware defect, its neighboring nodes look for an alternative data transmission route. Mesh networks can incorporate fixed or mobile devices.
FIG. 1 shows diagrammatically a mesh network of the related art. The nodes comprise dedicated mesh nodes (MN) which belong to the infrastructure of the network. These dedicated mesh nodes can be a fixed base station BS but also a mobile station MS. Apart from the dedicated mesh nodes, the mesh network also comprises mobile terminals or mobile nodes of users. The mobile nodes can communicate directly with another mobile node and/or directly or indirectly exchange via further nodes data with a base station BS which is connected to a gateway GW of a data network. In this arrangement, data packets DP are forwarded from one device or node to the next device until the destination device or the gateway GW is reached. Forwarding of the data packet DP is done by dynamic routing. In this arrangement, the routes on which the data packets DP are transmitted are calculated dynamically on the basis of the availability of the nodes and on the basis of the network usage. Generally, mesh networks are distinguished by a high network coverage, high reliability and by economic handling of available resources. In wireless mesh networks, the wireless transmission link is normally implemented by a WLAN (Wireless Local Area Network) transmission link. In contrast to a wireless personal area network (WPAN), WLAN networks have greater transmitting powers and ranges and offer higher data transmission rates.
To authenticate nodes or computers, the so-called EAP (Extensible Authentication Protocol) is used. FIG. 2 shows a signal diagram for representing an authentication process in a conventional WLAN network. The EAP protocol is used for protecting the network access in WLAN. Many types of actual authentication methods, so-called EAP methods, can be transported via the EAP protocol, e.g. EAP-TLS, EAP-AKA, PEAP-MSChapv2. During the authentication, a cryptographic key or session key MSK (Master Session Key), EMSK (Extended Master Session Key) is determined which is subsequently used for protecting the data communication, for example during the link layer encryption. A subscriber is authenticated between the subscriber (supplicant) and an authentication server (AAA server). When the authentication is successful, the authentication server sends the result of the authentication and the session key MSK coming from the authentication to the authenticator, for example a WLAN access point AP. Communication between the access node or access point AP and the authentication server usually takes place via the radius or diameter data transmission protocol. In this arrangement, the session key MSK is sent as data attribute to the access node AP as part of an EAP success message. The transmitting session key MSK is subsequently used via an 802.11 4-way handshake 4WHS between the subscriber and the access node according to the 802.11 IEEE standard.
In a conventional network, the access node AP is a trustworthy node, i.e. a node of the network infrastructure. The access node is thus not an end user node in a conventional network.
FIG. 3 shows the authentication of two nodes MPA, MPB in a conventional WLAN network. The two nodes MPA, MPB can be, for example, two mesh nodes of a mesh network. To set up a data link between the two nodes MPA, MPB, the end node MPA (as supplicant) first authenticates itself with the associated authentication server AS-B by the EAP data transmission protocol. The node MPB (authenticator) receives a session key MSK1 in an EAP success message. The node MPB subsequently carries out a 4-way handshake with the node MPA and in doing so uses the session key MSK1 received. Following this, the node MPB (now as supplicant) performs an authentication at the associated authentication server AS-A and MPA (now authenticator) receives a second session key MSK2 in an EPA success message. Following this, the node MPA performs a 4-way handshake with the node MPB by using the second session key MSK2.
During the further communication between the two nodes MPA, MPB, this can be protected by one of the two session keys MSK1, MSK2.
One disadvantage of the procedure of the related art, shown in FIG. 3, relates to the nodes MPA, MPB being mesh nodes which are not part of the network infrastructure and can thus be manipulated.
For example, during an authentication of a mesh node MPA at its authentication server, an EAP authentication message can be forwarded via another mesh node MPB which uses the received session key MSK1 for manipulation purposes. For example, the mesh node MPB can use the received session key MSK for other services and pretend to the other mesh node MPA that it is, for example, a VPN (Virtual Private Network) server. From the point of view of the mesh node MPA, the manipulated node MPB will behave like a VPN server of a company intranet.