An ad-hoc network is a kind of a self-configuring network linked through wireless communication. The ad-hoc network is made up of multiple nodes. The nodes in the ad-hoc network transmit and receive packets through multi-hop communication. The multi-hop communication is a technique of allowing nodes not present in each other's communication ranges to communicate via other nodes present in the communication ranges of the nodes.
If the ad-hoc network is connected to another network such as the Internet, a local area network (LAN), and a wide area network (WAN), a relay device called gateway is used to transfer communication between networks.
If the number of nodes belonging to the ad-hoc network exceeds a certain level, processing becomes difficult for one gateway. In such a case, multiple gateways are disposed to distribute the processing.
As described above, with the multi-hop communication in the ad-hoc network, communication between nodes is autonomously performed through a path selected by a relay node and therefore, the path is momentarily changed depending on the state of each node and the communication environment. This is true in the ad-hoc network with multiple gateways as well and, when a given node communicates with another network, the gateway that relays the communication generally changes depending on the state of the network. The ad-hoc network is characterized by having autonomy and robustness from such free path selection.
On the other hand, a technique that utilizes the ad-hoc network includes a system in which nodes capable of wireless communication are incorporated into electricity meters of households so that operations such as checking of the meters are performed through the ad-hoc network without an operator physically going to the actual sites. The ad-hoc network further handles personal information such as electricity usage of households is required to perform secure communication in terms of ensuring confidentiality and preventing tampering.
Therefore, packets transmitted and received between nodes in the ad-hoc network are conventionally encrypted to ensure secure communication. In general, one key for encryption is used in the system and the nodes and the gateways retain this key to perform secure communication.
However, if all the nodes in the system use a common encryption key and one node is analyzed, whereby the key is leaked, the contents of communications on the entire system are at risk of being leaked. Therefore, multiple keys have to be used in the system to reduce risk in the event of key leakage.
At the time of initial introduction, etc. of a new node into a system, the new node cannot perform secure communication with other nodes in an ad-hoc network until an encryption key is set. Therefore, since it is difficult to automatically set an encryption key for the new node through the ad-hoc network, an operator has to physically go to the actual site to set the encryption key.
Prior arts related to secure communication include, for example, a technique of managing an encryption key of a network in which communication is performed by broadcasting (see, e.g., Japanese Laid-Open Patent Publication No. 2003-348072) as well as a technique for stably executing key exchange at the start of communication in an ad-hoc network (see, e.g., Japanese Laid-Open Patent Publication No. 2007-88799). A further related technique is for allowing each node in an ad-hoc network to select an adaptive gateway (see, e.g., Japanese Laid-Open Patent Publication No. 2009-81854).
Prior arts related to secure communication include, for example, a technique in which a terminal utilizes another communication device different from the terminal to acquire various types of communication control information required for providing communication control from an authentication server (see, e.g., Japanese Laid-Open Patent Publication No. 2006-135874). A further technique is related to an ad-hoc network in which each communication terminal performs mutual authentication with a nearby communication terminal by using a public key (see, e.g., Japanese Laid-Open Patent Publication No. 2007-13386).
However, if an encryption key set in nodes in an ad-hoc network is changed for each gateway, it is problematically difficult to identify a gateway to which a new node belongs at the time of initial introduction, etc. of the new node. For example, even if candidate gateways can be narrowed down by an address of the installation location of a new node, a communication state changes due to factors such as weather and a positional relationship with nearby buildings. This causes a problem in that an operator must go to the actual site and confirm which gateway is actually communicable, resulting in increases in working hours and workload required for the encryption key setting operation performed by the operator.
It is further problematic that setting only a portion of keys in an introduced new node disables autonomous gateway selection, which is one of the features of the ad-hoc network, and reduces robustness, potentially resulting in a reduction in communication efficiency.
In the case of using a common encryption key in a system, if the encryption key is leaked for some reason (e.g., physical analysis of a node), the entire system is affected. Therefore, all the contents of communications in the system are problematically at risk of being leaked. Thus, multiple keys have to be used in the system to reduce risk in the event of key leakage.
On the other hand, if multiple keys are set in all the nodes in a system, encryption and decryption processes are executed for respective keys and packets encrypted by respective keys are distributed in the ad-hoc network, which may cause breakdown of the ad-hoc network.