SENSOR NODE

FIELD OF INVENTION

The present invention relates generally to a method for secure direct communication between communicators and sensor nodes.

BACKGROUND ART

Current trends have directed the usage of wireless sensor network for various purposes. The application of this technology is endless from agriculture to health monitoring to military purposes. The deployment of IP based wireless sensor network is a next step to integrate this technology with the Internet devices for global connectivity to provide end to end communication.

Low power wireless sensor devices utilize an IPv6 Low Power Wireless Personal Area Network commonly referred to as 6L0WPAN (IEEE 802.15.4) and this standard is being widely deployed for various purposes and in different scenarios of wireless sensor network. A gateway is a primary component for external network IPv6 clients from the Internet to securely communicate with the above-mentioned sensor network. It also allows a web server to retrieve sensor data and publish the same on the Internet.

In view of the presence of the said gateway, only conventional security mechanisms are implemented by way of application layer encryption. Therefore direct communication between end-nodes is open to any malicious user to sniff the communication, rendering the communication unsecure. SUMMARY OF INVENTION

In one embodiment of the present invention is a method for secure direct communication between a communicator and a sensor node. The method comprises sending a request packet from the communicator to the sensor node, processing the request packet in the sensor node, sending a corresponding data packet from the sensor node to the communicator and processing the corresponding data packet in the communicator.

In a further embodiment of the present invention is the method for the communicator, setting a security mode bit in a header of the request packet to "1", encrypting a payload of the request packet for a secure request packet and thereafter, the sensor node, decrypting a payload of the request packet and identifying the corresponding data packet.

In yet another further embodiment of the present invention is the method for the sensor node, encrypting a payload of the corresponding data packet, setting a security mode bit in a header of the corresponding data packet to T for a secure data packet and thereafter, the communicator, decrypting a payload of the corresponding data packet and displaying the corresponding data packet to a user.

The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it is being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated, in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.

FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.

FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention relates to a method for secure direct communication between communicators and sensor nodes. Hereinafter, this specification will describe the present invention according to the preferred embodiments of the present invention. However, it is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.

The present invention relates to a method for a secure direct communication at a network layer for a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) communicator and a IPv6 Low Power Wireless Personal Area Network (6L0WPAN) sensor node. According to the embodiments of the present invention, a secure data communication algorithm is provided in a 6L0WPAN network that may be used for a single hop secure direct communication between the 6L0WPAN communicators and the 6L0WPAN sensor nodes. This algorithm is required to be loaded in both the communicator and sensor nodes for secure direct communication. The secure direct communication comprises transmitting and receiving request packets and response packets, without the need for packets being routed through the routers or gateways.

Reference is first being made to FIG. 1. FIG. 1 is a flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.

According to the embodiments of the present invention, the method (100) for secure direct communication between the 6L0WPAN communicator and the 6L0WPAN sensor node, comprises sending a request packet from the communicator to the sensor node (102), processing the request packet in the sensor node (104), sending a corresponding data packet from the sensor node to the communicator (106) and processing the corresponding data packet in the communicator (108).

Reference is now collectively being made to FIGs. 2 and 3. FIG. 2 is a detailed flow chart for a method for secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node. FIG. 3 is an illustration of a 6L0WPAN header for a secure direct communication between a 6L0WPAN communicator and a 6L0WPAN sensor node.

In one embodiment of the present invention, a 6LoWPAN_HC1 (Header Compression) header which is defined in the RFC 4944 is applied. The 6L0WPAN LOWPAN_HC1 header comprises 3 bytes which includes a dispatch byte and general header information with hop limit.

In the embodiment of the present invention, the sixth bit of the header is used by setting "1" or "0" for secure or unsecured communication mode with 6LoWPAN_HC1 header type mode. In FIG. 3, the 6L0WPAN HC1 header bit pattern is updated with a security mode sixth bit. The 6L0WPAN communicators and 6L0WPAN sensor nodes are required to set (to "1") the sixth bit for secure direct communication.

The step of sending the request packet from the communicator to the sensor node (102) further comprises the communicator setting a security mode bit in a header of the request packet to T (202) and encrypting a payload of the request packet (204) for a secure request packet. In the event of a non-secure request packet, the security mode bit in the header of the request packet is retained at a default value of "0" in the communicator. The request packet is now ready to be transmitted directly to the sensor node.

The step of processing the request packet in the sensor node (104) further comprises determining, in the sensor node, if the request packet received is a secure request packet (206). If the request packet received is a secure request packet, then the payload of the request packet is decrypted (210) in the sensor node and the corresponding data packet identified (212) by the sensor node. Indentifying the corresponding data packet further comprises, firstly extracting a message of the request packet received and thereafter processing the message to obtain the corresponding data packet according to the message of the request packet.

The step of sending the corresponding data packet from the sensor node to the communicator (106) further comprises the sensor node encrypting a payload of the corresponding data packet (214) and setting a security mode bit in a header of the corresponding data packet to " (216) for a secure data packet. In the event of a non-secure data packet, the security mode bit in the header of the corresponding data packet is retained at a default value of "0" in the sensor node. The corresponding data packet is now ready to be transmitted directly to the communicator.

The step of processing the corresponding data packet in the communicator (108) further comprises determining, in the communicator, if the corresponding data packet received is a secure data packet (220). If the data packet is a secure data packet, the payload of the corresponding data packet received is decrypted (222) by the communicator and the corresponding data packet is displayed to a user (224).

The decryption and encryption in the 6L0WPAN communicator and the 6L0WPAN may comprise of any type of light weight key encryption algorithm.

By introducing network layer security in the 6L0WPAN communicator and 6L0WPAN sensor network, a higher security level is provided as compared to conventional security implemented by way of application layer encryption. Network layer security provides authentication and confidentiality between end-nodes and across multiple LoWPAN-links", and subsequently prevents from network layer attacks on the 6L0WPAN network.