共查询到20条相似文献,搜索用时 125 毫秒
1.
2.
3.
无线传感器网络中基于临时初始密钥的密钥管理协议 总被引:3,自引:0,他引:3
针对网络中相邻节点对通信、局部广播通信及新节点认证中的安全问题,提出无线传感器网络中基于临时初始密钥的密钥管理协议-PLA协议.该协议要求在网络部署的时候为每个节点分配唯一的标识符和一个临时初始密钥.节点基于临时初始密钥和相关信息建立用于节点对之间通信的密钥(Pairwise Key,简称点对密钥)、用于与其所有邻居节点同时通信的局部广播密钥(Local Broadcast Key,简称局部广播密钥)以及用于认证新加入节点的认证密钥(Authentication Key,简称认证密钥).与现有协议如LEAP协议和OTMK协议相比较,该协议降低了能耗,提高了安全性. 相似文献
4.
目前大多数密钥协商协议的安全性都是建立在大整数分解、离散对数问题等传统数论难解问题上,但这些问题已经 被证明不能够抵抗量子攻击,为了避免后量子时代的安全危机,利用格上坚实的安全基础和更高的计算效率,提出了一种基于格的无线传感器网络密钥协商协议。该协议采用格上无需原像抽样操作的算法,通过概率输出认证信息,使输出认证信息的分布与认证主体的私钥无关,传感器节点仅需较少的步骤,就能够以很高的概率进行密钥协商。理论分析与结果表明:传感器节点之间只在需要通信时才建立相应配对密钥,节点之间能相互验证密钥的有效性,可以抵抗假冒、重放和伪造等攻击。该方案在增强网络安全性的同时有效的减少了节点的通信能耗。 相似文献
5.
研究无线传感网络加密通信优化问题。当前无线传感网络的节点分布为随机性强,通过传感器加密和认证。节点间依靠相互通信,完成自身密钥更新。传统算法是通过逐个节点密钥更新完成加密和认证工作,如果节点间的距离较大,会导致节点密钥的更新速度很慢,如果节点密钥长期不更新,会降低网络安全性,增加节点被破译的可能。为了避免上述问题,提出了一种小区域共享密钥的无线传感网络安全通信策略。利用节点的部署和位置信息对节点进行小区域划分,利用小区域内的节点的关系建立共享密钥,单个密钥被破译也不会降低网络的安全性。仿真表明,方法提高了网络的安全性,为无线传感器网络的安全提供了有效的保证。 相似文献
6.
随机密钥种子预分配方案是实现安全的无线传感器网络应用的首选方案,该方案在无线传感器网络节点布置之前建立和分配某种密钥种子信息,在网络节点布置之后利用密钥种子信息建立或发现节点之间安全的通信链路.根据传感器网络的通信保密和节点认证需求,提出了通用密钥种子管理和分配模型(KSMA).该模型可用于预分配方案的安全分析,描述了预分配方案的5个安全属性.在KSMA模型中,基于单向累加器,定义了一类新的密钥种子结构,提出了新的密钥种子预分配方案和节点秘密共享发现协议,并在UC(universally composable)安全框架中对新的秘密共享发现协议进行了可证明安全分析.在新方案中说明了如何设定密钥池参数和节点密钥链参数的方法,该方法不仅保证了高概率的安全链路建立,而且可以通过节点身份证人确认机制实现节点之间身份认证,有效地防御传感器网络Sybil攻击.通过与其他方案的分析对比,新方案改善了网络安全弹性、综合性能良好. 相似文献
7.
基于密钥预置技术,提出了一种新的传感器网络动态对偶密钥建立算法。在该算法中,节点在部署前首先被预置一个全局初始密钥,在部署之后,邻节点之间将基于预置的全局初始密钥来动态生成一跳的对偶密钥。理论分析与实验结果表明,与已有基于随机方法的传感器网络对偶密钥建立算法相比,新算法具有更好的直接和间接对偶密钥建立概率。 相似文献
8.
9.
卓蔚 《单片机与嵌入式系统应用》2023,(2):49-52+56
为防止恶意的中间节点截获、篡改和干扰信息的传输,以及反馈延迟导致认证密钥丢失等问题的出现,提出基于MD5算法的无线传感网络用户身份分簇节点安全认证方法。预处理无线传感网络用户身份分簇节点数据,将数据加密参量转换为MD5的512位标准;根据用户分簇节点对应的MD5变换参量对其认证规则加以定义,用于MD5算法优化规则制定;通过MD5算法对请求数据进行数据融合压缩,解析交互认证过程密钥,完成对应节点数据簇头信息的安全认证。实验结果表明:该方法收发成功率均在97%以上,开销率最高在50%。该方法在多种条件环境下均有效可行,其所得各项指标数据均为最佳,能够在满足相关指标要求的基础上保持连续稳定运行,具有一定的应用推广价值。 相似文献
10.
11.
《Computer Communications》2007,30(11-12):2365-2374
When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops. 相似文献
12.
《Computer Communications》2007,30(11-12):2385-2400
Distributed wireless sensor networks have problems on detecting and preventing malicious nodes, which always bring destructive threats and compromise multiple sensor nodes. Therefore, sensor networks need to support an authentication service for sensor identity and message transmission. Furthermore, intrusion detection and prevention schemes are always integrated in sensor security appliances so that they can enhance network security by discovering malicious or compromised nodes. This study provides adaptive security modules to improve secure communication of cluster-based sensor networks. A dynamic authentication scheme in the proposed primary security module enables existing nodes to authenticate new incoming nodes, triggering the establishment of secure links and broadcast authentication between neighboring nodes. This primary security design prevents intrusion from external malicious nodes using the authentication scheme. For advanced security design, the proposed intrusion detection module can exclude internal compromised nodes, which contains alarm return, trust evaluation, and black/white lists schemes. This study adopts the two above mentioned modules to achieve secure communication in cluster-based sensor networks when the network lifetime is divided into multiple cluster rounds. Finally, the security analysis results indicate that the proposed design can prevent and detect malicious nodes with a high probability of success by cluster-based and neighbor monitor mechanisms. According to the performance evaluation results, the proposed security modules cause low storage, computation, and communication overhead to sensor nodes. 相似文献
13.
Data aggregation in wireless sensor networks is employed to reduce the communication overhead and prolong the network lifetime. However, an adversary may compromise some sensor nodes, and use them to forge false values as the aggregation result. Previous secure data aggregation schemes have tackled this problem from different angles. The goal of those algorithms is to ensure that the Base Station (BS) does not accept any forged aggregation results. But none of them have tried to detect the nodes that inject into the network bogus aggregation results. Moreover, most of them usually have a communication overhead that is (at best) logarithmic per node. In this paper, we propose a secure and energy-efficient data aggregation scheme that can detect the malicious nodes with a constant per node communication overhead. In our solution, all aggregation results are signed with the private keys of the aggregators so that they cannot be altered by others. Nodes on each link additionally use their pairwise shared key for secure communications. Each node receives the aggregation results from its parent (sent by the parent of its parent) and its siblings (via its parent node), and verifies the aggregation result of the parent node. Theoretical analysis on energy consumption and communication overhead accords with our comparison based simulation study over random data aggregation trees. 相似文献
14.
一种改进的无线传感器网络动态密钥管理方案 总被引:2,自引:0,他引:2
无线传感器网络是由大量资源有限的传感器节点组成。为了保证传感器节点间的安全通信,找到一种有效的密钥管理方式是十分重要的。针对无线传感器节点能量低,存储空间有限的特点,提出了一种改进的密钥管理方案。该方案采用或运算及异或运算生成共享密钥对,计算量小、耗能低,并且密钥可更新。最后通过对比分析,该方案比其他方案具有更强的安全性和更低的能量消耗。 相似文献
15.
一个新的基于身份的无线传感器网络密钥协商方案 总被引:1,自引:0,他引:1
无线信道具有开放性,节点间建立配对密钥是无线传感器网络安全通信的基础。在大部分基于身份加密(Identity-Based Encryption, IBE)的传感器网络密钥协商方案中,使用双线对运算建立配对密钥,能耗高且耗时长。基于BNN-IBS身份签名提出了一个新的无线传感器网络密钥协商方案,节点通过Diffie-Hellman协议建立配对密钥,所需的密钥参数通过广播获得。与基于IBE的传感器网络密钥协商方案(IBE-based Key Agreement Scheme, IBEKAS)进行量化比较,结果表明本方案不仅提供了与IBEKAS同层次的安全性与可扩展性,且在能耗与时耗方面具有较明显的优势。 相似文献
16.
Key management is an important building block for all security operations in sensor networks. Most existing key management schemes try to establish shared keys for all pairs of neighbor sensors; hence, a large number of keys need to be preloaded on each sensor, which necessitates a large key space for the nodes in the network. The recent trend in research is to mainly consider homogeneous sensor networks, and to a lesser degree heterogeneous sensor networks, for key management. In this paper, we propose a novel key agreement protocol which is based on pairing-based cryptography over an elliptic curve. Using this protocol, any two nodes that need to communicate can independently compute the same secret key by using pairing and identity-based encryption properties. The proposed protocol significantly reduces the key space of a node. Additionally, the security analysis of the proposed protocol shows that it is robust against a number of attacks including wormhole attack, masquerade attacks, reply attacks, and message manipulation attacks. 相似文献
17.
虚假数据攻击不仅误导用户做出错误的决定,同时也耗尽了宝贵的网络资源。以往的过滤机制通常依赖于对偶密钥来进行数据认证,然而当一定数量的中转节点的密钥被妥协后,这类认证机制即失去效用。提出一种新的用于过滤虚假数据的鲁棒认证机制(robust authentication scheme,RAS),每个合法事件均被分成几个较小的事件块,节点利用基于单向哈希链的动态认证令牌技术及所预置的取自新密钥池的密钥对每个小事件块进行签名。在过滤阶段,中转节点将验证接收到的数据报告的真实性,并丢弃虚假的数据报告。从而,即使妥协节点拥有所有的签名密钥也无法伪造或篡改数据。理论分析与实验结果表明,RAS具有相对更高的过滤能力和安全性。 相似文献
18.
Boqing Zhou Sujun Li Qiaoliang Li Xingming Sun Xiaoming Wang 《Computer Communications》2009,32(1):124-133
Pairwise key establishment is a fundamental security service for sensor networks. However, establishing pairwise key in sensor networks is a challenging problem, particularly due to the resource constraints on sensor nodes and the threat of node compromises. On the other hand, adding new nodes to a sensor network is a fundamental requirement for their continuous operation over time, too. We analyze the weaknesses of security due to node capture when adding sensor nodes using key pre-distribution schemes with “fixed” key pools. In this paper, we propose a new approach, which separates the nodes into groups, the nodes in a group communicate with each other using pairwise keys pre-distributed, the communications between any two neighbor groups are accomplished also through pairwise keys, which is computed based on the pre-distributed Hash chain. We show that the performance (e.g. continuous connectivity, continuous network resilience against node capture and memory usage) of sensor networks can be substantially improved by using our scheme. The scheme and its detailed performance evaluation are presented. 相似文献
19.
在无线传感器网络中,能量消耗主要集中在节点之间的通信上,节点计算所消耗的能量远小于通信所消耗的能量。由于无线传感器网络的"一对多"和"多对一"通信模式,广播是节约能量的主要通信方式。为了保证广播实体和消息的合法性和保密性,必须首先解决无线传感器网络广播密钥安全分发问题。本文在充分考虑无线传感器网络自身特点的基础上,基于Shamir的门限秘密共享方案,提出了椭圆曲线双线性对上的无线传感器网络广播密钥分发协议,并对其进行安全性和性能分析。分析发现,该协议不仅满足安全性要求,同时,能够适合无线传感器网络的特殊应用要求。 相似文献