共查询到20条相似文献,搜索用时 15 毫秒
1.
2.
《Journal of Network and Computer Applications》2010,33(1):50-62
Wireless sensor networks have recently emerged as a promising computing model for many civilian and military applications. Sensor nodes in such a network are subject to varying forms of attacks since they are left unattended after deployment. Compromised nodes can, for example, tamper with legitimate reports or inject false reports in order to either distract the user from reaching the right decision or deplete the precious energy of relay nodes. Most of the current designs take the en-network detection approach: misbehaved nodes are detected by their neighboring watchdog nodes; false reports are detected and dropped by trusted en-route relay nodes, etc. However en-network designs are insufficient to defend collaborative attacks when many compromised nodes collude with each other in the network.In this paper we propose COOL, a COmpromised nOde Locator for detecting and locating compromised nodes once they misbehave in the network. It is based on the observation that for a well-behaved sensor node, the set of outgoing messages should be equal to the set of incoming and locally generated or dropped messages. However, comparing the message sets for different nodes is not enough to identify attacks as their sanity is unknown. We exploit a proven collision-resilient hashing scheme, termed incremental hashing, to sign the incoming, outgoing and locally generated/dropped message sets. The hash values are then sent to the sink for trusted comparisons. We discuss how to securely collect these hash values and then confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation. Through identifying and excluding compromised nodes, the COOL protocol prevents further damages from these nodes and forms a reliable and energy-conserving sensor network. 相似文献
3.
《Computer Communications》2007,30(1):55-65
One of severe security threats in wireless sensor network is node compromise. A compromised node can easily inject false data reports on the events that do not occur. The existing approaches in which each forwarding sensor along a path probabilistically filters out injected false data may not be adequate because such protection may break down when more than a threshold number of nodes are compromised. To solve this problem, we present a sink filtering scheme in clusters of heterogeneous sensor networks. In addition to basic sensors, some powerful data gathering sensors termed as cluster heads (CHs) are added. Each aggregation report generated by a CH must carry multiple keyed message authentication codes (MACs); each MAC is generated by a basic sensor that senses the event. The sink node checks the validity of the carried MACs in an aggregation report and filters out the forged report. We analyze the resilience and overhead of the sink filtering scheme. Both analytical and simulation results show that the scheme is resilient to an increasing number of compromised nodes, with graceful performance degradation. Particularly, we adopt Poisson Approximation to investigate the performance tradeoff between resilience and overall cost, and give some suggestions on how to choose the parameters. The scheme is also scalable and efficient in communication, computation and storage. 相似文献
4.
基于部署前密钥分配的虚假数据过滤方案 总被引:1,自引:0,他引:1
针对传统虚假数据过滤方法无法过滤从非转发区域注入虚假数据的问题,提出了一种不依赖转发路径的过滤方案PFDF。在PFDF中,基于期望的密钥共享度灵活构建密钥池,在部署前进行密钥分发。理论分析及仿真实验表明,PFDF能有效防范非转发区域的虚假数据注入攻击,并具备较低的能量开销。 相似文献
5.
6.
In sensor networks, a compromised node can either generate fabricated reports with false votes or inject false votes into real reports, which causes severe damage such as false alarms, energy drain and information loss. An interleaved hop-by-hop authentication (IHA) scheme addresses the former attack by detecting and filtering false reports in a deterministic and hop-by-hop fashion. Unfortunately, in IHA, all en-route nodes must join to verify reports while only a few are necessary to the authentication procedure. In this paper, we propose a fuzzy-based interleaved multi-hop authentication scheme based on IHA. In our scheme, the fuzzy logic system only selects some nodes for verification based on the network characteristics. Moreover, we apply a voting method and a hash-based key assignment mechanism to improve network security. Through performance evaluation, the proposed scheme is found to save up to 13% of the energy consumption and to provide more network protection compared to IHA. 相似文献
7.
已有传感器网络中,过滤机制只能在转发过程中过滤虚假数据而无法过滤重复数据,且无法防范协同攻击.提出了一种基于单向哈希链的过滤方案HFS.在HFS中,节点在部署后将密钥和初始哈希值预分发给部分中间节点存储,每个数据包附带t个MAC和新鲜哈希值,转发节点同时对数据包中检测节点之间相对位置关系的合法性、MAC 和哈希值的正确性以及哈希值的新鲜性进行验证.理论分析及仿真实验结果表明,HFS 可同时过滤传感器网络中的虚假数据和重复数据,并能有效对抗协同攻击. 相似文献
8.
As one of the widely used applications in wireless sensor networks, target tracking has attracted considerable attention. Although many tracking techniques have been developed, it is still a challenging problem if the network is under cyber attacks. Inaccurate or false information is maliciously broadcast by the compromised nodes to their neighbors. They are likely to threaten the security of the system and result in performance deterioration. In this paper, a distributed Kalman filtering technique with trust-based dynamic combination strategy is developed to improve resilience against cyber attacks. Furthermore, it is efficient in terms of communication load, only local instantaneous estimates are exchanged with the neighboring nodes. Numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks. 相似文献
9.
可及时确定受攻击节点的无线传感器网络数据聚合方案 总被引:4,自引:0,他引:4
无线传感器网络(WSN)中,当传感器节点受到攻击导致网络数据和传输受到干扰,及时确定受攻击的传感器节点并采取相应措施以保障整个网络的安全性尤为重要。因此,提出一种可及时确定受攻击节点的无线传感器网络数据聚合方案。首先使用状态公钥加密和对称公钥加密结合伪随机函数和消息认证码对数据进行两次加密;其次,在簇头节点进行认证,将假数据过滤后,解密,并将假数据节点编号发送给基站;最后在基站进行解密认证,恢复明文数据。该方案的提出解决了由于受攻击节点导致的错误聚合值问题,而且还实现了及时过滤假数据并确认受攻击的传感器节点。理论分析表明,提出的基于安全的单向函数、消息认证码和椭圆曲线上的离散对数难问题的方案是安全的,并大大降低了网络的通信成本和计算成本。仿真实验表明,该方案的计算成本、通信成本和确认受攻击节点时间比使用状态公钥加密的无线传感器网络安全聚合方案分别降低了至少19.96% 、36.81%和28.10%。 相似文献
10.
Frequency-hopping (FH) is a well-known spread-spectrum method of transmitting radio signals by hopping frequency channels
along a predefined hopping sequence known to both transmitter and receiver. Although FH is resistant to jamming by external
malicious nodes which have no knowledge of the sequence, it is of no effect against attacks by internal compromised nodes
which know the sequence. In this article, we propose a secure scheme for creating the hopping sequence for mobile wireless
sensor networks. The proposed scheme is based on the idea of a statistical en-route filtering (SEF). SEF exploits collective
decision making by multiple detecting nodes in the dense deployment of large sensor networks. We demonstrate the effectiveness
of our scheme thorough simulations. 相似文献
11.
组密钥在传感器网络安全组通信及虚假数据过滤等安全服务中起着重要作用.针对节点可能被大量俘获这一安全威胁研究组密钥管理问题,提出了一种基于随机混淆技术的组密钥管理机制GKRP(group key management scheme based on random perturbation).首先,提出了一种基站与网络协同的组密钥管理框架;然后,结合秘密共享技术和随机混淆技术构造了组密钥广播函数和局部协作等功能函数,以实现组密钥更新信息的广播传输和多个被俘获节点的撤销;最后,基于上述管理框架和函数,提出了机制GKRP,使得节点间可以协作进行组密钥更新.理论分析及仿真结果表明,GKRP在特定的参数设置下不受限于被俘获节点,且该参数易于满足.因此,GKRP有效突破了门限值问题,提高了网络的抗毁性.同时,由于采取局部广播和全网络广播方式更新组密钥,GKRP在通信上同样更为有效.GKRP的存储和计算开销略高于已有同类机制,但仍然较低,适合于传感器网络. 相似文献
12.
《Computer Communications》2007,30(11-12):2365-2374
When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops. 相似文献
13.
传感器网络遭受外来攻击时,节点会被注入大量虚假信息,在浪费通信资源的同时也会影响用户正常决策,干扰传感器网络安全运行。提出传感器网络多路虚假数据分层过滤方法。在网络部署完成后分配全局节点对应密钥,通过密集认证构建封闭区域,随后利用密钥确定簇内节点与验证节点的对应关系,转发需检测的数据包,判断其包含的节点码、哈希值以及MAC信息数量是否准确,最后使用sink节点对数据包做校对与丢弃,完成多路虚假数据分层过滤。仿真结果表明,所提方法虚假数据过滤效率高,节点能耗少,性能和鲁棒性均具有明显优势。 相似文献
14.
稀疏无线传感器网络中各传感器节点距离较远,而传统的静态数据收集方法要求各传感器节点直接通信,导致网络延迟时间长,能耗高。针对该问题,提出一种基于移动机器人的无线传感器数据收集方法。该方法首先由静态节点选择与路径最短的移动机器人作为簇头,移动机器人比较一定周期内检测到的邻居节点的平均剩余能量与整个网络传感器节点平均剩余能量,根据比较结果决定其是否移动,若移动则采用范围可控的随机移动策略;当移动机器人移动到新位置时,传感器节点更新路由,选择新的移动机器人作为簇头。仿真结果表明,与传统的静态无线传感器网络数据收集方法相比,基于移动机器人的无线传感器网络数据收集方法大大降低了数据传输延迟和节点能量消耗。 相似文献
15.
16.
17.
Jie Wu 《Parallel and Distributed Systems, IEEE Transactions on》1998,9(4):321-334
Reliable communication in cube-based multicomputers using the safety vector concept is studied in this paper. In our approach, each node in a cube-based multicomputer of dimension n is associated with a safety vector of n bits, which is an approximated measure of the number and distribution of faults in the neighborhood. The safety vector of each node can be easily calculated through n-1 rounds of information exchange among neighboring nodes. Optimal unicasting between two nodes is guaranteed if the kth bit of the safety vector of the source node is one, where k is the Hamming distance between the source and destination nodes. The concept of dynamic adaptivity is introduced, representing the ability of a routing algorithm to dynamically adjust its routing adaptivity based on fault distribution in the neighborhood. The feasibility of the proposed unicasting can be easily determined at the source node by comparing its safety vector with the Hamming distance between the source and destination nodes. The proposed unicasting can also be used in disconnected hypercubes, where nodes in a hypercube are disjointed (into two or more parts). We then extend the safety vector concept to general cube-based multicomputers 相似文献
18.
In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is
false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node
to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how
to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and
logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire
attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with
little logging overhead. 相似文献
19.
无线传感器网络中基于簇协作的分布式组密钥管理方案 总被引:1,自引:0,他引:1
处于敌对环境的传感器网络极易遭到攻击,且不存在长期可信的节点可以担当组管。提出一种分布式组密钥管理方案,方案基于簇形结构,充分利用簇内通信及簇间通信的局部特性,对组密钥协作更新。当妥协节点总数在门限以内的某簇检测出节点妥协时,该簇的簇头发起更新,并通过簇内协作将该节点撤销;当某簇妥协节点数目在门限以上时,由该簇邻居簇的簇头发起更新,并通过簇间通信将该簇妥协节点撤销。与已有方案相比较,此方案能实时地更新组密钥,有着更好的安全性并具有较小的通信开销。 相似文献
20.
在大规模部署的无人值守的无线传感器网络中,节点很容易被俘虏,被俘虏的节点很可能伪造数据。如果不对其进行检测、过滤,伪造的数据最后就会被转发到基站。提出了一种基于地理位置的过滤伪造数据包的方案,每个节点只负责对一定区域内的节点收集的数据进行认证。最后在基于地理位置的路由协议GPSR中进行了实验,实验表明,目标和基站之间的距离在一定范围内,该方案经过2.5跳可以过滤80%的伪造数据包。 相似文献