Sensor nodes of an in particular wireless sensor may network provide measurement data and status messages via a wireless interface. A typical structure of a conventional sensor node of a wireless sensor network is shown by way of example in FIG. 1. The sensor node S has a control processor CPU, a program memory F1 and a main memory RAM. Furthermore, an input/output unit I/O is also provided, to which two sensors S1, S2 are connected by way of example. The sensors S1, S2 can be temperature and pressure sensors for instance. Status messages are sent to a central processor GW by means of a radio module FM, which is embodied for instance in accordance with the IEEE 802.15.4 standard, Zigbee, GSM or UMTS. Furthermore, the sensor node has a battery-operated power supply SV, provided the sensor node is a node of a wireless sensor network.
FIG. 2 shows a schematic representation of an exemplary conventional sensor network NET, which has several wirelessly communicating sensor nodes S and a central processor GW, typically a gateway. The central processor GW is connected to an infrastructure network, for instance the Internet. Such a sensor network NET is used for instance to monitor a large area, e.g. to monitor the air contamination in a town or to monitor the soil moisture in an agricultural cultivated area. Several sensors can also be used in a building for climate control or as a fire alarm or for burglary protection. The transmission of measurement and/or status data to the central processor GW can take place, depending on the topology of the sensor network, directly or through the medium of one or several sensor nodes, which forward a data packet from a sending node in the direction of the central processor.
A sensor network within the meaning of the disclosure may also be formed by vehicles within the scope of a car-2-car communication. With this, the vehicles may exchange messages with one another. In these messages they inform one another of their actual location, their speed and direction of travel so that congestion or an imminent collision can be identified. Similarly, information relating to the state of the road surface, such as for instance slippery conditions, can be identified and communicated to other vehicles. Fixed stations, so-called Road Side Units, can be included in vehicle communication. A status message within the scope of a car-2-car communication contains an identity of the vehicle sending the status message (e.g. a pseudonym assigned to the vehicle), a sending point in time, data relating to the sender (location, speed, direction, acceleration) and the data value. The data value is represented for instance by an item of information relating to the state of the road surface. Basically, the data value can be represented by a placeholder if only status relating to the current location and journey data is to be transmitted to the central processor. The status message is protected by a cryptographic check sum, e.g. a digital signature. The certificate and/or certificate chain needed to check the signature can likewise be contained in the status message.
Irrespective of the type of data transmitted from the sensor node to the central processor GW, such as measurement data and/or status messages, the messages transmitted by the sensor nodes are subsequently referred to as status messages in this description.
Transmitted status messages in a sensor network can be easily manipulated by an attacker. For instance an attacker can transmit manipulated data into the sensor network. Cryptographic protection methods are therefore used in order to identify manipulated data and thus be able to prevent its use. In this context, it is known to protect individual status messages, which contain measured values for instance, against manipulation by means of a cryptographic check sum in each instance.
A conventional status message transmitted from the sensor node S to the central processor GW takes the form shown in FIG. 3 for instance. The status message M includes a unique identifier C-ID, which reproduces the identity of the transmitting node. For instance, the unique identifier can represent a MAC address. Furthermore, the status message M includes a data value Mess, which can contain measurement data and/or status information. Measurement data may be for instance temperature, air pressure, air humidity and suchlike. In order to protect the status message, a check sum Sig is also contained here, which can be formed for instance by a digital signature or a message authentication code. The determination of the check sum Sig is needed for each status message M. The determination of the check sum Sig may be relatively complicated depending on the cryptographic methods used and may require a large amount of energy, which is particularly significant in the case of battery-operated sensor nodes.
FIG. 4 shows a conventional process flow to create and transmit the status message M to the central processor GW. In a first step S1, the data value is determined. In a step S2, the check sum Sig is determined. In the third step S3, the status message, including the data value Mess and the check sum Sig, is transmitted from the sensor node S to the central processor GW. The transmission can herewith also take place through the medium of or interconnection of several other sensor nodes, as is understandable for a person skilled in the art.
FIG. 5 shows a conventional process flow on receipt of the status message by the central processor GW. In a first step S1, the status message M is received by the central processor from the sensor node which has created this, or a communicating sensor node. In a second step S2, the check sum Sig, which is contained in the status message, is checked. In step S3, a check is carried out to determine whether the check sum Sig, which is contained in the data message M, is correct. If this is the case (“j”), then the data is processed in step S4 by the central processor. If in step 3 the check of the check sum takes place determining that this is not correct (“n”), then the data value Mess is rejected and not processed by the central processor GW. A non-compliance of the check sum in the status message M and the determined check sum by the central processor GW indicates a manipulation of the status message M.
Aside from the protection of transmitted status messages from manipulation, a mode of operation of the sensor node, which is efficient in terms of energy consumption, is indispensable in sensor networks on account of their long periods of operation, since these are typically supplied with energy by a battery.
In this context it is known to estimate expected measured values by means of prediction in order to reduce the data traffic in sensor networks and to transmit the deviation from the estimated value. The quantity of data to be transmitted can herewith be reduced. In order to reduce the quantity of data, it is also known to only then transmit a measured value if it fulfils a specific criterion, e.g. exceeds or fails to meet a threshold value.
The use of cryptographic hash chains and their use for validity checks of digital certificates have also already been proposed.