一种基于AOA信任评估的无线传感器网络Sybil攻击检测新方法*

随着无线传感器网络(WSN)技术广泛应用在数字家庭网络及其他领域,其安全问题日益突出。针对无线传感器网络中典型的Sybil攻击,提出了一种基于信号到达角信任评估检测新方法TEBA。信标节点基于Sybil节点创建多个虚拟身份。但其物理位置相同的思想,利用信号到达角相位差对邻居节点身份作出信任评估,将低于某一信任阈值的节点身份归为Sybil攻击。方案引入多节点协作思想,摒弃了复杂的质心计算,实现了低时延高效性检测。仿真结果表明,该方法能防御及检测Sybil攻击, 有效保护系统性能。     

基于信任贴近度的无线传感器网络信誉模型

信誉评估模型作为传统密钥安全机制的有效补充,对无线传感器网络的可靠运行和安全保障具有重要意义.文中提出了一种基于信任贴近度的无线传感器网络信誉模型 RMSMTV.本模型建立在簇型网络拓扑结构上,利用模糊贴近度理论衡量邻居节点推荐的信任值的可信度,并运用矩阵论方法实现了信任值整合过程中自适应分配权重,最终得到了节点综合信任值.考虑到无线传感器网络节点能量有限的特性,还对簇头节点轮换策略进行了讨论.最后通过实验验证了 RMSMTV 具有良好的容错性和鲁棒性,能实时、准确地发现恶意节点的攻击,有效提高了无线传感器网络的安全性.     

基于无线传感器网络的信誉形式化模型

无线传感器网络的安全威胁不仅发生在节点之间传递信息的时候,还发生在节点产生信息的时候,因此,单靠密码学和认证无法阻止传感器网络内部的攻击以及节点的异常行为.本文提出了一种基于无线传感器网络的信誉形式化模型,该模型形式化地描述了传感器节点信誉的表示、更新和整合.同时,通过对信誉分布和β分布的拟合分析与推理,发现β分布可以很好地描述与实现上述方案,由此设计了一个基于β分布的无线传感器网络信誉系统实例.实验表明,本信誉方案有较好的稳定性,能够抵抗诽谤攻击和信誉欺骗攻击,很好地解决无线传感器网络对数据认证的需求.     

面向无线传感器网络的分层路由信任模型

针对无线传感器网络内部不能有效地检测出恶意节点攻击所引发的安全问题,提出一种面向无线传感器网络分层路由的信任模型。该模型能发现来自网络内部攻击的恶意节点并将其排除,提高了无线传感器网络的安全性能。实验结果表明,与TLEACH协议相比,在恶意节点攻击时,该模型的敏感性提高了5%,信任值幅度增加了10%。     

一种基于Bayes估计的WSN节点信任度计算模型

鉴于传统网络安全策略无法阻止或识别传感器网络内部节点的攻击或异常行为,结合节点资源受限的特点,提出了一种无线传感器网络节点信任度计算模型.该模型采用Bayes估计方法,通过求解基于Beta分布的节点行为信誉函数的期望值得到直接信任并将其作为Bayes估计的先验信息,将来自邻居节点的推荐信息作为其样本信息.仿真实验表明,本方案有较好的稳定性,能够有效识别异常节点,从而阻止内部节点对网络的攻击,与RFSN相比,不仅节约了存储空间、运算时间与通信量,而且能够避免恶评现象对节点信任度计算的影响.     

基于拍卖针对DoS攻击的WSN安全路由协议

节点密度大、数量规模大以及资源有限是无线传感器网络的特点,而又使得它难以防御恶意节点发起的拒绝服务攻击。针对无线传感器网络的以上特点,基于博弈论观点和方法,通过建立传感器网络节点博弈框架,采用一级封闭价格拍卖实现路由发现,利用声誉机制检测和惩罚恶意节点,并在SAR协议基础上增加了对黑洞攻击和重放攻击的防御,加快了对恶意攻击节点的检测收敛。仿真结果表明,改进后的SAR协议能有效防御无线传感器网络中的拒绝服务攻击。     

基于β分布的无线传感器网络信誉系统

无线传感器网络有其资源受限的特点，单靠密码学和认证无法阻止网络内部的恶意或非恶意攻击以及节点的异常行为。融合了密码学、经济学、统计学、数据分析等相关领域的工具来建立可信的无线传感器网络，提出了一种无线传感器网络的信誉模型。其基本思想是网络中的各节点保存其他节点的信誉，并以此来计算其他节点的可信度。模型中引用了贝叶斯公式来表示、更新和整合信誉，设计了一个基于β分布的无线传感器网络信誉系统。     

基于无线传感器网络相关性的信息安全防御机制

当无线传感器网络中的传感节点被俘获时,可能发生内部攻击,从而致使系统信息安全缺失。针对这一情况,提出一种基于环状空间相关性模型的安全防御机制。基于环状空间相关性的模型,节点与节点之间进行信任值结合计算,相邻节点再对其进行信任评估,根据信任评估识别被俘获节点,间接去除被俘获节点信息,以达到信息的安全防御。仿真实验表明,经过机制改进后的各数据失真度有明显提高。该机制能有效识别并剔除虚假、恶意信息,提高系统的信息安全性。     

一种能量有效的平面式无线传感器网络的信任管理模型

信任管理机制解决了来自无线传感器网络的内部攻击问题,但同时产生由信任评价带来的额外开销。现有的信任管理模型对节点信任度的评价缺乏公平性,导致节点使用率的降低。为了解决信任机制在无线传感器网络的耗能问题,提出了一种能量有效的平面式无线传感器网络信任模型。通过节点的自身性能与任务难度的关系定义节点的执行度,在确保信任管理有效性的同时,增强节点信任度评价的公平性,从而提高传感器节点的使用率,降低了能量消耗。最后通过模拟实验,证明该信任模型与传统信任模型相比,能够有效检测恶意节点,同时大大降低了节点的能量消耗,提高了网络生存周期。     

MWNs中基于跨层动态信誉机制的安全路由协议

无线多跳网络(multi-hop wireless networks,MWNs)面临着各种攻击的威胁,尤其是针对路由安全的内部多层攻击和诽谤攻击.信誉机制作为评估节点间信任关系和抵御内部攻击的有效方法,已经被引入MWNs用于保护路由安全.然而,现有成果主要采用分层设计,只考虑单一层次上的攻击,忽略了多层攻击;同时,现有成果还忽略了诽谤攻击和推荐节点的可信性,降低了信誉度评估结果的可靠性.针对上述问题,首先提出基于可靠推荐的跨层动态信誉机制(cross-layer dynamic reputation mechanism,CRM).然后,基于CRM提出了基于推荐保护和跨层信誉机制的安全路由协议(recommendation protection and cross-layer reputation mechanism based secure routing protocol,RPCSR).仿真结果和性能分析表明,RPCSR能够有效抵御内部多层攻击及诽谤攻击,保障路由安全.     

基于能量预测的传感器网络信任机制研究

信任机制最近已建议作为一个无线传感器网络(WSNs)有效的安全机制.文中提出了一种信任机制(EPTM),该机制不仅可以防止被入侵的节点或者恶意节点选举为簇头,而且还设计出一种新型副簇头节点来监察簇头以防止他们的恶意行为.特别介绍了一种基于能量预测的方法来检测拒绝服务攻击(DoS)的节点,选出值得信赖的簇.最后通过仿真验证了机制的可行性,结果表明:EPTM可以有效防御拒绝服务(DoS)攻击.     

Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks

Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.     

一种WSNs中的强实体认证协议

无线传感器网络(WSNs)由于其部署环境的开放性、资源的有限性等特点,比传统网络更易受到安全方面的威胁,其安全问题变得极为重要。针对WSNs中的认证机制的效率和安全问题,提出了一种有效的强实体认证协议。通过采用秘密共享方案,通过多个节点对用户进行认证,能够有效地防止非法用户加入网络。通过实验分析和对比表明:协议既能满足网络对安全的需求,又能最大程度地节约传感器节点的能量。     

Secure localization and location verification in wireless sensor networks: a survey

The locations of sensor nodes are very important to many wireless sensor networks (WSNs). When WSNs are deployed in hostile environments, two issues about sensors’ locations need to be considered. First, attackers may attack the localization process to make estimated locations incorrect. Second, since sensor nodes may be compromised, the base station (BS) may not trust the locations reported by sensor nodes. Researchers have proposed two techniques, secure localization and location verification, to solve these two issues, respectively. In this paper, we present a survey of current work on both secure localization and location verification. We first describe the attacks against localization and location verification, and then we classify and describe existing solutions. We also implement typical secure localization algorithms of one popular category and study their performance by simulations.     

Dynamic key management in wireless sensor networks: A survey

Wireless sensor networks (WSNs) have a vast field of applications, including environment monitoring, battlefield surveillance and target tracking systems. As WSNs are usually deployed in remote or even hostile environments and sensor nodes are prone to node compromise attacks, the adoption of dynamic key management is extremely important. However, the resource-constrained nature of sensor nodes hinders the use of dynamic key management solutions designed for wired and ad hoc networks. Hence, many dynamic key management schemes have been proposed for WSNs recently. This paper investigates the special requirements of dynamic key management in sensor network environments, and introduces several basic evaluation metrics. In this work, the state of the art dynamic key management schemes are classified into different groups and summarized based on the evaluation metrics. Finally, several possible future research directions for dynamic key management are provided.     

A dynamic trust model exploiting the time slice in WSNs

Wireless sensor networks (WSNs) are composed of a large number of tiny sensor nodes that are self-organized through wireless communication. It aims to perceive, collect, and process information from network coverage areas. The open nature of WSNs makes them easily exposed to a variety of attacks and brings many security challenges. Furthermore, because of the limited resources, some nodes may refuse to forward packets by dropping them to save their resources such as battery, cache, and bandwidth. To resist the attacks from these selfish nodes and to punish them, we propose a fuzzy-based dynamic trust model in this paper. The model uses fuzzy sets combining with grey theory to evaluate every node’s trust credibility based on direct trust and indirect trust relationship. Only those with higher trust values can be chosen to forward packets. Those untrustworthy nodes with lower trust values will be detected and excluded from the trust list. Thus, our proposal also produces an incentive to compel the selfish nodes to wellbehave again to participate in the WSN again. Additionally, we introduce the time slice scheme to guarantee a reliable node possess enough time to enjoy its services, which can solve the problem that a suddenly interrupted link causes a significant decrease of the trust value. Simulation results show that our dynamic trust model can not only demonstrate the effectiveness in detecting selfish nodes, but also possess better performance even if the bursty traffic exists.     

一种分层式无线传感器网络密钥分配管理方案

当传感器节点部署在开放的、无人照看、无物理保护的环境下,安全问题变得非常重要,即它们极易受到不同类型的恶意攻击.论文针对分层组织的无线传感器网络提出了一种安全的密钥管理方案,这种方案在一个簇中高效地分配密钥并更新预先部署的密钥以减轻对节点的有害攻击.     

A novel intrusion detection framework for wireless sensor networks

Vehicle cloud is a new idea that uses the benefits of wireless sensor networks (WSNs) and the concept of cloud computing to provide better services to the community. It is important to secure a sensor network to achieve better performance of the vehicle cloud. Wireless sensor networks are a soft target for intruders or adversaries to launch lethal attacks in its present configuration. In this paper, a novel intrusion detection framework is proposed for securing wireless sensor networks from routing attacks. The proposed system works in a distributed environment to detect intrusions by collaborating with the neighboring nodes. It works in two modes: online prevention allows safeguarding from those abnormal nodes that are already declared as malicious while offline detection finds those nodes that are being compromised by an adversary during the next epoch of time. Simulation results show that the proposed specification-based detection scheme performs extremely well and achieves high intrusion detection rate and low false positive rate.     

基于模糊信任的无线传感器网络可信路由

由于无线传感器网络（WSNs）经常部署在苛刻环境下,节点易被物理俘获或损坏,无线多跳通信的方式也使得网络容易遭受各种信号干扰和攻击,路由安全显得尤为重要。在分簇路由协议的基础上,引入了节点可信度作为路由选择的度量,提出了基于模糊信任的无线传感器网络可信路由模型。该模型中,每个节点的信任值由剩余能量、包转发率、路由信息篡改以及声明诚实度等4个属性采用变权模糊综合评判算法得到。仿真结果表明：在变权模糊综合评判算法中,通过提高具有过低值的属性的权值,可以突出节点的缺陷,使得具备过低剩余能量或是过低包转发率,路由信息篡改信任,或过低诚实度任意一个缺陷的节点都不能够得到较高的信任值从而被选为簇头节点,避免行为恶意的节点破坏网络路由。