THWARTING TRAFFIC ANALYSIS

A wireless communication device capable of operating according to a wireless communication protocol and capable of operating in a mesh network, the device being configured to: at a first time transmit data packets in accordance with a mesh network protocol; determine an activity profile that characterises the pattern of transmission of those data packets from the communication device; and subsequently transmit dummy data packets in accordance with the mesh network protocol so as to adopt an activity profile that mimics the determined activity profile.

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
TECHNICAL FIELD

This invention relates to preventing traffic analysis of a communication network.

BACKGROUND OF THE INVENTION

Increasing numbers of devices are being networked together so as to be able to transmit and receive messages between themselves. For example, in the home, it may be desirable for multiple devices to be able to communicate with each other and also potentially with the internet in order to allow for an automated control of the home. For example, a home may contain a lighting system, heating appliances and sensor devices. By allowing these devices to communicate with each other certain controls can be automated, such as turning on the lights and the heating when the sensor detects that a user has entered a room.

In general, when devices are connected in this way, one device may undertake a certain action in response to determining that another device is in a particular state. This intercommunication of diverse devices/appliances within a network forms part of what is known as the ‘internet of things’ (IoT). To enable arbitrary objects to communicate, they can be equipped with communication devices. As many of these objects may not have access to, or require, power themselves, it may be desirable for the communication equipment to be self-powered, such as by a battery. It may therefore be desirable for the communication equipment to have low power requirements. In addition, allowing the equipment to communicate wirelessly can otter several advantages over wired communications, such as increased mobility of the devices and the reduction of unsightly communication wires and cables.

It the communication equipment is low-powered, it may not have a communication range sufficient to communicate directly with other equipment located in the network. That is, devices spread across the network over a large distance compared to the communication range of the attached equipment may not all may be able to communicate directly with each other. A suitable network for such devices to adopt is a mesh network, in which one device can communicate with a remote device outside its communication range via one or more intermediary devices. In this arrangement the intermediary devices function to relay a received message.

Such a mesh network may have a traffic profile that is somewhat predictable or capable of being characterised in some way. For example in the case of a mesh network of devices within a home, the heating may be configured to come on at the same point each day, or a person may arrive home at roughly the same time each day, causing the sensor device to communicate with a lighting device in a somewhat regular pattern for example.

Unfortunately, such a profiling of the network traffic can lead to situations in which security may be compromised. For example, a third party who is aware of the average or typical network traffic profile of a mesh network within an automated home may monitor the network traffic to look for anomalies in the traffic profile and use the presence of such anomalies to conclude that the regular occupants of the home are absent. There is therefore a need to prevent the traffic analysis of a communication network.

SUMMARY OF THE INVENTION

According to a first aspect of the present disclosure there is provided a wireless communication device capable of operating according to a wireless communication protocol and capable of operating in a mesh network, the device being configured to: at a first time transmit data packets in accordance with a mesh network protocol; determine an activity profile that characterises the pattern of transmission of those data packets from the communication device; and subsequently transmit dummy data packets in accordance with the mesh network protocol so as to adopt an activity profile that mimics the determined activity profile.

The determined activity profile may specify a number of data packets to be transmitted over a time period according to the characterisation.

The activity profile mat delineate the transmission of data packets over a period of time according to the characterisation.

The device may be configured to characterise the transmission of data packets as an average such that the determined activity profile is an average transmission profile.

The device may be configured to determine the average transmission profile from a plurality of transmission profiles each delineating the transmission of data packets over a period of time.

Each of the said plurality of transmission profiles may delineate the transmission of data packets over a period of twenty-four hours.

The device could be configured to characterise the transmission of the data packets as a mode such that the determined activity profile is a modal transmission profile.

The device could foe configured to determine the modal transmission profile from a plurality of transmission profiles each delineating the transmission of data packets over a period of time.

Each of the said plurality of transmission profiles could delineate the transmission of data packets over a period of 24 hours.

The activity profile could delineate the transmission of data packets in time bins.

The device may be configured to operate according to the Bluetooth Low Energy protocol. The mesh network may be an ad-hoc network.

The device may be configured to transmit dummy packets in a form indicative of a request for an acknowledgement.

The device could be configured to transmit an acknowledgement in response to receiving a data packet similar to said dummy packets indicative of a request for acknowledgement.

The device may be configured to transmit at least some data packets configured to control and/or monitor the state of remote objects within the mesh network during the first time.

The device may be configured to exclusively transmit data packets configured to control and/or monitor the state of remote objects within the mesh network during the first time.

According to a second aspect of the present disclosure there is provided a wireless communication device capable of operating according to a wireless communication protocol and capable of operating in a mesh network, the device being configured to: at a first time transmit data packets of a first type in accordance with a mesh network protocol to control and/or monitor the state of remote devices within the mesh network, and transmit, independently of the transmission of the first type of data packets, dummy data packets in accordance with the mesh network protocol so as to obscure a variation in transmission of the first type of data packets from the first time.

The device may be configured to transmit the dummy data packets according to a desired transmission profile.

The desired transmission profile may delineate the desired transmission of data packets from the wireless communication device over a period of time.

The device may be configured to determine an activity profile that characterises the transmission of the first type of data packets during the first time.

The device may be configured to characterise the transmission of the first type of data packets as an average such that the activity profile is an average transmission profile.

The device may be configured to determine the average transmission profile from a plurality of transmission profiles each delineating the transmission of the first types of data packet over a period of time.

The device may be configured to characterise the transmission of the first type of data packets as a mode such that the activity profile is a modal transmission profile.

The determined activity profile may have an associated average transmission rate.

The desired transmission profile may have an associated average transmission rate that is substantially higher than the average transmission rate of the activity profile.

The device may be configured to transmit the dummy data packets according to the desired transmission profile at an average transmission rate that is high enough so as to obscure a variation in transmission of the first type of data packets from the first time.

The device may be configured to transmit the dummy data packets in a pseudo-random manner.

The device may be configured to transmit the dummy data packets at an average rate high enough so as to obscure a variation in transmission of the first type of data packets from the first time.

The device may operate according to the Bluetooth Low Energy protocol.

The mesh network may be an ad-hoc network.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure will now be described by way of example with reference to

the accompanying drawings. In the drawings:

FIG. 1 shows a schematic diagram of a mesh network;

FIG. 2 shows a schematic diagram of a wireless communication device for communicating in the mesh network;

FIG. 3 shows a schematic illustration of the architecture of a mesh network; and

FIG. 4 shows a schematic illustration of a mesh transport packet.

 DETAILED DESCRIPTION

Embodiments of the present disclosure are directed to wireless communication devices operating within a mesh network that can operate so as to obscure changes to the network traffic. By making it more difficult to identify changes to network traffic, the security of the environment within the coverage area of the network can be increased.

Embodiments of the present disclosure relate to a wireless communication device that can operate according to a wireless communication protocol. The wireless communication device is part of a mesh network comprising a plurality of other remote devices. The wireless communication device can communicate as part of the mesh network by transmitting data packets to, and receiving data packets from, other devices that are part of the mesh network. Within the mesh network, a device may operate as a relay device by re-transmitting received data packets.

The wireless communication device can process data packets to execute instructions contained in that packet that are addressed to that device. In addition, the communication device may transmit data packets that contain instructions for other remote devices operating within the mesh network. The wireless communication device may be attached to an appliance that can perform a certain function. The appliance could be, for example, a household appliance such as a light switch, light bulb, heating element or security sensor. The other remote devices can also be attached or associated with an appliance so that the appliances can communicate with each other (via their respective communication devices) over the mesh network.

Data packets transmitted from the communication device can be provided with an authentication field that permits them to be authenticated as pertaining to the mesh network. The content of the field may originally be generated by applying an authentication algorithm such as HMAC-SHA-256 to at least some of the packet content and to an authentication key that is unique to the mesh network in question. The packets may subsequently be authenticated by applying the inverse of that algorithm to the same predetermined part of the packet content and the authentication key, to generate an authentication result, and comparing the authentication result to the authentication field of the packet. If the two match then the packet can be considered to be authenticated to the mesh network in question, and otherwise not. Alternatively the payload of a packet may be encrypted with a network key which is unique to all packets pertaining to that mesh network. In this case the network key prevents a third party that is not part of the mesh network from deciphering the content of the data packets and from transmitting data packets of its own as part of the network.

Communication devices that are part of the mesh network can transmit and receive data packets in some characteristic fashion. For example, a device may transmit a data packet at roughly the same point each day, transmit a certain number of packets each day or may have a higher level of average activity at certain points of time compared to other points of time. Some devices may also transmit data packets that require an acknowledgement message to be sent in return to ensure a safe receipt of the transmitted data packet. This means that the network traffic of the mesh network as a whole may have certain characteristic features. For example, a user may wake up at a characteristic time of day and turn on a light by means of a light switch that is in wireless communication with the light. This activity could agnate a characteristic pattern of communication when the user wakes up.

A third party to the mesh network can listen to this network traffic, though they would not be able to determine the content of any particular data packet without knowledge of the network key. If the third party analyses the network traffic profile and detects that the current network traffic profile differs substantially from the regular (or average, or characteristic) traffic profile, for example because the level of network traffic is substantially lower than normal, they may conclude that there are a reduced number of users operating appliances within the mesh network.

The communication device according to embodiments of the present disclosure can operate so as to prevent such an analysis of the traffic profile. It may do this by operating in various modes.

In a first mode, the communication device transmits data packets comprising a dummy payload in lieu of its regular transmission of data packets. The regular data packets can be data packets transmitted to either monitor or control the state of other devices in the mesh network. The communication device may have knowledge of its regular or characteristic transmission activity, for example the device may store in its memory a log of its transmission activity over a previous time period, or the device may be configured to transmit a message at a particular time of day in accordance with a user setting. The device can then transmit dummy data packets so as to mimic its characteristic transmissions. The dummy data packets are transmitted in accordance with the wireless communication protocol and so to a third party without knowledge of the network key, are indiscernible from the regular data packets.

In a second mode, the wireless communication device transmits dummy data packets at a rate so as to mask the transmission of the regular data packets. That is, independently of the transmission of the regular data packets, the device also transmits dummy data packets. The device can transmit the dummy packets at a much higher average rate than it transmits regular packets. This means that, should the communication device reduce its transmission rate of regular data packets over a time period (e.g., because a user of appliances in the mesh network is away), a third party listening to the network traffic will not be able to identify the reduction in regular data packet traffic due to the continuous transmission of the dummy packets, i.e. the dummy packets obscure any variation in the transmission of the regular data packets.

A communication device operating according to these modes can therefore prevent analysis of the mesh network traffic by a third party, advantageously leading to increased security of the environment within the coverage area of the mesh network.

FIG. 1 shows a schematic diagram of a mesh network 100.

Network 100 comprises a number of communication devices 101. Each communication device is attached to or associated with an object so as to enable the objects to communicate with each other. Network 100 comprises lights 103B and 103C, a light switch 104A, a fan 105D, a sensor 106E and a temperature sensor 107D. These objects are given for the purposes of illustration only, and it will be readily appreciated that the object could be any suitable appliance, device, widget etc.

The communication devices communicate according to a wireless communication protocol, such as the Bluetooth Low Energy protocol (now marketed as Bluetooth SMART) for example. Such low power communication protocols are particularly suitable for implementation in a network in which the appliances or objects do not have their own power source.

Each communication device has associated with it a coverage area 102 which defines the communication range for the device. A communication device can communicate directly with other devices that are within its coverage area, but cannot communicate directly with devices outside its coverage area. For the purposes of clarity, only the coverage areas for communication devices 101A, 101D and 101E are shown. For example, coverage area 102A may include communication devices 101A, 101B and 101C; coverage area 102D may include communication devices 101B and 101D; and coverage area 102E may include communication devices 101D and 101E.

Because the communication devices are low powered devices, the coverage area for a device may be insufficient to cover the whole network. For example, communication device 101A is outside the coverage area of device 101D. In order for device 101A to communicate with device 101D, a message is sent to device 101B, which then relays the message to device 101D. Thus, the devices can not only receive and act upon messages, but can also repeat those messages for transmission to surrounding devices to form a mesh network. Each message transmitted by a communication device in accordance with the communication protocol can be encrypted with a network key. The network key is common to the mesh network so that 100 so that each message transmitted by the devices over the network is encrypted with the same key.

The appliances may be housed in or be part of a building, for example a home or an office. The communication devices may then communicate with each other over the mesh network to control or monitor the appliances in accordance with a user's settings or in response to a user action. For example, if sensor device 106E detects that a user has entered the building, communication device 101E can communicate over the mesh network to devices 101B and 101C so as to turn on lights 103B and 103C. In an alternative example, a user may turn on the fights using switch 104A. In response, device 101A communicates with device 101D, which causes the temperature sensor 107D to measure the ambient temperature and controls the operation of the fan 105D accordingly. The fan and temperature sensor may operate to maintain the temperature at a value set by a user, however they may only do so when they have determined that the lights are on so as to save power. These examples are given merely to illustrate how the communication devices can communicate over a mesh network in a practical implementation, and it will be appreciated that other implementations are equally possible.

FIG. 2 shows the architecture of a communication device 101.

The communication device comprises an antenna 201 connected to a transceiver 202. The communication device can use the transceiver to communicate with at least one other communication device in the network according to the communications protocol. The communication device 101 also comprises a processor 203 that is capable of executing a set of program instructions that are stored in non-transitory form in a memory 204. The memory 204 can be a non-volatile memory that stores in non-transitory form program code that is executable by the processor 203 to cause the communication device to communicate according to the communications protocol. The processor 203 can be a microprocessor. The memory 204 may be part of processor 203 or connected to processor 203 via a bus. Whilst the processor 203 and transceiver 202 are shown in FIG. 2 as separate elements, it will be appreciated that at least processor 203 and transceiver 202 could be incorporated in to one element, for example, being incorporated on a single chip.

The communication device 101 may also comprise a power source 205. This power source may be a battery. Alternatively, the communication device may not comprise a power source and be connected to an external power source such as art electrical outlet.

The communication device also comprises an interface 206 for sending and receiving data that is to be sent over the network using the communications protocol. This interface 208 may be a wired link to sensors for sensing external events, such as the operation of a light switch in the building environment described above, or a link to appliances for issuing control signals to those appliances, such as the light or fan in the building environment described above.

FIG. 3 is a schematic diagram of the architecture of a mesh network. The architecture comprises three layers: the bearer layer, the transport layer and the protocol layer. The bearer layer defines how transport layer messages can be transmitted to one or more devices within the network. Examples of suitable bearers for a mesh network are Bluetooth Low Energy (Bluetooth SMART) 301, UDP IPv4 302 and UDP IPv6 303.

The mesh transport layer 304 provides a service to transmit messages across devices 101 in the network. The Transport Layer is responsible for the transmission of a message throughout the mesh network. Each device within the mesh network is a peer. Some of the devices within the mesh network, in addition to transmitting or receiving messages their own messages, can retransmit received messages from other devices within the network. A device that provides this retransmitting functionality is known as a relay capable device.

In an example protocol stack for implementing the mesh network a protocol layer may define multiple protocols which each have a specific purpose for the devices 101. Examples of protocols at this layer can include an association protocol 305 that is used to associate devices to a specific network, a control protocol 306 that enables the control and monitoring of devices within a specific network, and an update protocol 307 that is used to update the firmware of devices over the mesh network. In the example of the mesh network described above with reference to FIG. 1, the messages transmitted to communication devices to control a functionality of an associated appliance (e.g., turning on a light) could he transmitted according to the control protocol.

FIG. 4 shows an example of the packet format for a mesh transport message. The packet 400 comprises three fields: a higher layer payload 401: a message authentication code (MAC) 402, and a time-to-live (TTL) code 403. The MAC is calculated from the network key and the higher layer payload, and is used to verify the authenticity of the message and network identification. The time-to-live code operates as a counter, and is either incremented or decremented each time a message is re-transmitted by relay. The mesh devices are configured not to retransmit messages whose TTL values are at or beyond a predefined threshold value, e.g. zero.

An example of the payload structure for a transport packet transmitted in accordance with the mesh control protocol is shown at 404. The control protocol message comprises a sequence number, a source address, a destination address, an opcode and parameters.

The sequence number 405 is a value unique for each new message sent by the source device. The address of the source device (or sending device) is contained in the source address field (SRC) 406. The destination address field (DST) 407 contains the device address of the target device or group address of a set of target devices. The opcode field 408 is used to determine the format of the operation parameters. The parameter field 409 contains the information relating to the monitoring or control of the objects within the network, for example lighting equipment, fans, sensors etc. For example, the parameter field can contain information to control the brightness of a light, or to turn on the fan etc.

Operational modes of the communication device to aid the prevention of network traffic analysis by a third party will now be described.

First Mode

In this mode, the communication device can transmit data packets with a dummy payload so as to maintain a characteristic transmission profile.

A communication device 101 may transmit data packets to other devices within the mesh network to control and/or monitor the state of remote objects within the network. For example, in the building environment illustrated in FIG. 1 communication device 101E can communicate with devices 101B and 101C so as to turn on lights 103 in response to sensor 108E detecting the presence of a person. Alternatively, communication device 101A can communicate with devices 101B and 101C to turn on lights 103 in response to a user switching light the switch 104A. Data packets comprising a payload containing instructions relating to the state of an object, such as instructions for controlling, monitoring or configuring an object, will be referred to hereafter as ‘active packets’. The payload could correspond to payload 401, for example, with a suitable parameter field 409.

The state of the remote objects may be configured by a user of the mesh network, and may be configured in real-time or in a predetermined fashion. An example of a real-time configuration would be the user turning on the light switch 104A, whereas an example of a predetermined configuration would be configuring the lights to turn on upon detection of a person by sensor 106E.

The pattern of transmission of active data packets from the communication device can be characterised by an activity profile. The activity profile may contain information relating to the transmission of active packets from the communication device in various degrees of detail. For example, the activity profile may simply list the number of activity data packets transmitted from the communication device over a suitable time period, e.g. twenty-four hours. Alternatively, the activity profile may delineate the transmission of activity data packets over a period of time. In particular, the activity profile may list the number of data packets transmitted over discrete time bins that cover the time period.

The communication device may characterise its pattern of transmission in a number of different ways. In one example, the device may log its transmissions over a suitable time period and store this log in memory 204. The device could log its transmissions over multiple time periods so as to produce multiple logs of data. For example, the device could log its transmissions over a twenty-four hour period and then repeat the logging process over separate twenty-four periods to produce several logs. The device could then average these logs to generate the activity profile, which in this example would characterise the pattern of transmission of activity packets as an average transmission profile. The logged data may be stored in tabular form, for example.

Alternatively, the device could use the multiple logs of data to determine an activity profile that characterises the pattern of transmission of activity packets as a modal transmission profile. The modal transmission profile could be produced by determining the modal number of data packets transmitted for each time bin across each of the data logs, and assembling the time bins to produce the activity profile, which would be representative of the most common, or most likely transmission profile.

By characterising its transmission activity in some way, the communication device can determine what its average, or general, or typical, or most likely transmission profile for activity packets is.

Once the device has determined an activity profile, it can transmit data packets comprising a dummy payload (referred to hereafter as ‘dummy packets’) in order to adopt a transmission profile that mimics the activity profile. A dummy packet could be transmitted in a suitable format for the communications protocol, for example a mesh transport packet. However, the dummy packet may contain a payload that does not correspond to a higher layer protocol. For example, a dummy payload may not contain a control parameter field for monitoring or controlling devices within the network.

As an example, communication device 101E may determine that it transmits an average of four active data packets between the hours of 5 pm and 7 pm, corresponding to people entering a house having come home from work. If some or all of these people are away for some reason, the device 101E would transmit less, or no active packets during this same time period. The device could then transmit a number of dummy packets so that the total number of data packets transmitted during this time period was equal to, or approximately equal to, the number of packets according to the determined activity profile.

The device may be configured to transmit data packets so as to mimic the activity profile when in a certain operational mode. The device may be placed into such a mode by a user. For example, if the user determines that they are going to be absent from the house or building for a period of time, they may place the device into an operational mode so that the device transmits data packets to mimic the determined activity profile. The device may be configured directly by the user, or may be configured wirelessly. For example, the device may be configured by a data packet received over the mesh network, or may be configurable via some other wireless communications protocol, such as the internet. This could allow the user to place the device into the mimicking operational mode remotely.

The communication device may transmit data packets to other devices in the mesh network that require an acknowledgement to be sent in return, referred to hereafter as reliable data packets. The communication device may also receive such a data packet and in response transmit an acknowledgement message to another device in the network. The transmission and receipt of reliable data packets and associated acknowledgements may have a characterising pattern. For example, device 101D may transmit a reliable data packet to device 101E at one or more certain points each day. In response, device 101E may transmit an acknowledgement to device 101D to confirm receipt of the reliable data packet.

To a third party monitoring the network traffic, such transmission of messages may be characterised by or identifiable by messages transmitted across the network in short succession (i.e. the reliable data packet and its associated acknowledgement). Therefore, to better mimic the determined activity profile, the communication device may be configured to transmit dummy packets that require an acknowledgement to be sent if it regularly transmits activity packets that require an acknowledgement. Such data packets are still dummy packets in the sense that their payload may not contain information relating to a higher layer of the protocol stack, however they are configured to require an acknowledgement to be sent to the communication device in return and so are in a form indicative of a request for an acknowledgement.

The communication device may also be configured to transmit an acknowledgement message via the mesh network in response to receiving a data packet similar to the data packets indicative of a request for acknowledgement. In this way, the communication device may be configured to better mimic its determined activity profile by mimicking the transmission behaviour associated with reliable data packets using dummy packets.

A third party without the mesh network key cannot determine the difference between an active packet and a dummy packet because the payload of these packets is encrypted by the network key. Therefore, to such a third party analysing the network traffic there would be no discernible difference to the network activity despite the fact a reduced number of people have entered the house. The third party would therefore not be able to determine from an analysis of the network traffic that a reduced number of people have entered the house, leading to increased security.

Although the above example has been describe with reference to communication devices 101D and 101E and with respect to a particular scenario, it will be appreciated that this was merely for the purposes of illustration and the communication device can transmit dummy packets to mimic any suitable activity profile.

Second Mode

As described above, the communication device can be configured to transmit active

data packets to other devices within the mesh network to control and/or monitor those devices. For example, at times when users are occupying a building or a house, a device may transmit active data packets to other devices within the mesh network to monitor or control the behaviour of appliances within the building/home in accordance with configurations set by one or more of those users, such as turning on a fan within a room when the light is switched on so as to keep the temperature of the room within a desired range. As discussed above, if users of the building are absent, then the transmission of active packets from a communication device may decrease as compared to when users are present.

In this mode, rather than sending dummy packets to mimic a characteristic transmission profile, the communication device instead transmits dummy packets independently of the transmission of activity packets so as to obscure any variation in tire transmission of the activity packets, for example a variation from a ‘normal’ or ‘typical’ transmission pattern associated with user's being present within the home or building.

The device could transmit the dummy packets according to a desired transmission profile. The desired transmission profile may contain information relating to the transmission of dummy packets from the communication device in various degrees of detail. For example, the desired transmission profile may simply list the number of dummy data packets to be sent over a particular time period. The communication device could then simply make sure it transmits the required number of dummy packets over the given period. Alternatively, the desired transmission profile may delineate the transmission of dummy packets over a period of time, for example through the use of discrete time bins.

The desired transmission profile could be preconfigured and stored in memory 204 in the device. This has the advantage of requiring minimal processing power and power consumption to implement at the communication device. Alternatively, the desired transmission profile may be adaptable based upon the transmission behaviour of active packets from the device. Determining the desired transmission profile upon the transmission behaviour of active packets can have the advantage of ensuring the dummy packets are transmitted at a rate that is sufficient to mask the transmission of active packets. One way of determining the desired transmission profile based on the transmission of active packets is to determine an activity profile that characterises the transmission of the active packets, for example using one of the methods described above.

The communication device can use the determined activity profile to generate a desired transmission profile that transmits dummy packets at a rate sufficient to mask the transmission of active packets. For example, if the activity profile delineates some characteristic transmission of activity packets over discrete time bins, a desired transmission profile can be generated that delineates transmission of dummy packets over corresponding time bins where the transmission rate of the dummy packets within each time bin is sufficient to mask the transmission of activity packets within that bin. If the transmission rate of the dummy packets is sufficient to mask the transmission of activity packets, then any variation in the transmission rate of the activity packets will be obscured by the dummy packets.

In yet another alternative embodiment, the desired transmission profile can be relatively uniform over time. That is, the desired transmission profile could have an average transmission rate that it consistently maintains over time, independently of the transmission of activity packets. Alternatively the communication device could be configured to transmit the dummy data packets in a pseudo-random fashion. That is, the transmission of the dummy packets would not be in accordance with a profile, but instead would be pseudo-random. The term ‘pseudo-random’ is being used because the transmission of such packets would need to have a suitably high average transmission rate so as to mask the transmission of the active packets, and so cannot be truly random. However, neither would the dummy packets appear to be transmitted with any real pattern or characteristic profile, and would appear to a third party observing the network traffic to be random. The pseudo-random transmission of the data packets could be controlled by a suitably implemented algorithm at the communication device.

In contrast to the first mode of operation, in this mode the communication device transmits the dummy packets (either pseudo-randomly or according to some desired profile) independently of the transmission of the active data packets. That is, regardless of whether the transmission of active packets is following a ‘normal’ profile or not, the communication device will transmit the dummy packets: no attempt is made to mimic the device's normal transmission profile.

In any event, the communication device will transmit the dummy packets (either pseudo-randomly or according to some desired profile) at an average transmission rate that is suitably high so as to obscure any variation in the transmission rate of the activity packets. If the average transmission rate of the dummy packets is suitably high enough, then a third party observing the network traffic of the mesh network will not be able to determine any discernible difference to the traffic profile should the transmission of active packets be lower than normal, for example because the users of the home or building are away. In one example, the dummy packets may be transmitted at an average rate that is a certain number of times higher than the average transmission rate of the active packets, e.g. at least five times higher.

Thus, in this embodiment the communication device can operate to prevent network traffic analysis by masking or drowning the transmission of the active packets, which can vary depending on the presence of users operating or controlling objects throughout the mesh network, with dummy packets.

The applicant hereby discloses in isolation each individual feature described herein and any combination of two or more such features, to the extent that such features or combinations are capable of being earned out based on the present specification as a whole in the light of the common general knowledge of a person skilled in the art, irrespective of whether such features or combinations of features solve any problems disclosed herein, and without limitation to the scope of the claims. The applicant indicates that aspects of the present invention may consist of any such individual feature or combination of features. In view of the foregoing description it will be evident to a person skilled in the art that various modifications may be made within the scope of the invention.

Claims

1. A wireless communication device capable of operating according to a wireless communication protocol and capable of operating in a mesh network, the device being configured to:

at a first time transmit data packets in accordance with a mesh network protocol;
determine an activity profile that characterises the pattern of transmission of those data packets from the communication device; and
subsequently transmit dummy data packets in accordance with the mesh network protocol so as to adopt an activity profile that mimics the determined activity profile.

2. A wireless communication device as claimed in claim 1, wherein the determined activity profile specifies a number of data packets to be transmitted over a time period according to the characterisation.

3. A wireless communication device as claimed in claim 2, wherein the activity profile delineates the transmission of data packets over a period of time according to the characterisation.

4. A wireless communication device as claimed in claim 3, wherein the device is configured to characterise the transmission of data packets as an average such that the determined activity profile is an average transmission profile.

5. A wireless communication device as claimed in claim 4, wherein the device is configured to determine the average transmission profile from a plurality of transmission profiles each delineating the transmission of data packets over a period of time.

6. A wireless communication device as claimed in claim 3, wherein the device is configured to characterise the transmission of the data packets as a mode such that the determined activity profile is a modal transmission profile.

7. A wireless communication device as claimed in claim 6, wherein the device is configured to determine the modal transmission profile from a plurality of transmission profiles each delineating the transmission of data packets over a period of time.

8. A wireless communication device as claimed in claim 1, wherein the device is configured to operate according to the Bluetooth Low Energy protocol and wherein the mesh network is an ad-hoc network.

9. A wireless communication device as claimed in claim 1, wherein the device is configured to transmit dummy packets in a form indicative of a request for an acknowledgement.

10. A wireless communication device as claimed in claim 9, wherein the device is configured to transmit an acknowledgement in response to receiving a data packet similar to said dummy packets indicative of a request for acknowledgement.

11. A wireless communication device as claimed in claim 1, wherein the device is configured to transmit at least some data packets configured to control and/or monitor the state of remote objects within the mesh network during the first time.

12. A wireless communication device as claimed in claim 1, wherein the device is configured to exclusively transmit data packets configured to control and/or monitor the state of remote objects within the mesh network during the first time.

13. A wireless communication device capable of operating according to a wireless communication protocol and capable of operating in a mesh network, the device being configured to:

at a first time transmit data packets of a first type in accordance with a mesh network protocol to control and/or monitor the state of remote devices within the mesh network; and
transmit, independently of the transmission of the first type of data packets, dummy data packets in accordance with the mesh network protocol so as to obscure a variation in transmission of the first type of data packets from the first time.

14. A wireless communication device as claimed in claim 13, wherein the device is configured to transmit the dummy data packets according to a desired transmission profile, wherein the desired transmission profile delineates the desired transmission of data packets from the wireless communication device over a period of time.

15. A wireless communication device as claimed in claim 14, wherein the device is configured to determine an activity profile that characterises the transmission of the first type of data packets during the first time.

16. A wireless communication device as claimed in claim 15, wherein the device is configured to characterise the transmission of the first type of data packets as one of: (i) an average such that the activity profile Is an average transmission profile or (ii) a mode such that the activity profile is a modal transmission profile.

17. A wireless communication device as claimed in claim 15, wherein the determined activity profile has an associated average transmission rate and wherein the desired transmission profile has an associated average transmission rate that is substantially higher than the average transmission rate of the activity profile.

18. A wireless communication device as claimed in claim 14, wherein the device is configured to transmit the dummy data packets according to the desired transmission profile at an average transmission rate that is high enough so as to obscure a variation in transmission of the first type of data packets from the first time.

19. A wireless communication device as claimed in claim 13, wherein the device is configured to transmit the dummy data packets in a pseudo-random manner at an average rate high enough so as to obscure a variation in transmission of the first type of data packets from the first time.

20. A wireless communication device as claimed in claim 13, wherein the device operates according to the Bluetooth Low Energy protocol and wherein the mesh network is an ad-hoc network.

Patent History
Publication number: 20150244828
Type: Application
Filed: Jun 26, 2014
Publication Date: Aug 27, 2015
Applicant: Cambridge Silicon Radio Limited (Cambridge)
Inventor: Robin Heydon (Cottenham)
Application Number: 14/316,529
Classifications
International Classification: H04L 29/08 (20060101);