基于生物特征标识的无线传感器网络三因素用户认证协议

为满足高安全级别场景（如军事、国家安全、银行等）的应用需求,进一步提高无线传感器网络用户认证协议的安全性,提出了基于生物特征识别的三因素用户认证协议.针对Althobaiti协议无法防御节点妥协攻击、模拟攻击、中间人攻击和内部特权攻击的安全缺陷,增加智能卡和密码作为协议基本安全因素,并利用生物特征标识信息生成函数与回复函数处理的生物特征标识作为附加安全因素;在密钥管理中,为每个节点配置了与网关节点共享唯一密钥,保证认证过程的独立性与安全性;实现用户自主选择与网关节点的共享密钥,提高公共信道通信的安全性;在网关节点不参与的情况下,设计密码和生物特征标识更新机制,保证二者的新鲜性.通过Dolev-Yao拓展威胁模型的分析与AVISPA的OFMC分析终端的仿真,结果证明该认证协议克服了Althobaiti协议安全缺陷,且对计算能力的需求小于公钥加密.权衡安全性与计算成本,该协议适用于资源受限且安全需求高的无线传感器网络应用.     

密钥传播在传感器网络中的应用

由于传感器节点资源有限,传感器网络密钥管理极具挑战性.建立用于分析密钥传播协议安全性的概率模型,提出基于组的密钥传播协议,增强密钥传播的安全性能;结合密钥传播与密钥预分配协议,提出基于组和预分配的传感器网络密钥建立协议.分析结果表明,密钥传播及其增强协议寻求有限资源与安全性能的折中,适用于大规模微型传感器网络.     

A Distributed Secure Data Collection Scheme via Chaotic Compressed Sensing in Wireless Sensor Networks

Motivated by chaos technology and compressed sensing, we propose a distributed secure data collection scheme via chaotic compressed sensing in wireless sensor networks. The chaotic compressed sensing is applied to the encrypted compression of sensory data for sensor node and the data acquisition for whole sensory in wireless sensor networks. The proposed scheme is suitable for long-term and large scale wireless sensor networks with energy efficiency, network lifetime and security. A sensing matrix generation algorithm and active node matrix algorithm based on chaos sequence are proposed to ensure the secure and efficient transmission of sensor packets. The secret key crack, forgery, hijack jamming and replay attacks on the proposed algorithm are evaluated to show the robustness of this scheme. Simulations and real data examples are also given to show that the proposed scheme can ensure the secure data acquisition in wireless sensor networks efficiently.     

A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks

Wireless sensor networks (WSNs) are used for many real‐time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security‐performance‐balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end‐party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real‐world WSNs applications.     

传感器网络中基于三元多项式的密钥管理方案

提出一种新的密钥管理方案KMTP(key management based on ternary polynomial)。基站为每个节点建立唯一性标识,保证节点合法性;基于三元多项式设计簇内和簇间密钥预分配算法,可以保证秘密多项式的破解门限值分别大于簇内节点和分簇总数,理论上难以破解;通过构造安全连通邻接表,设计簇间多跳路由选择算法,保证通信阶段的安全;引入更新参数和更新认证数,保证密钥更新阶段的安全。仿真表明,相比已有方案,KMTP开销较小,且能够提供更高的安全性。     

A Secure Key Predistribution Scheme for WSN Using Elliptic Curve Cryptography

Security in wireless sensor networks (WSNs) is an upcoming research field which is quite different from traditional network security mechanisms. Many applications are dependent on the secure operation of a WSN, and have serious effects if the network is disrupted. Therefore, it is necessary to protect communication between sensor nodes. Key management plays an essential role in achieving security in WSNs. To achieve security, various key predistribution schemes have been proposed in the literature. A secure key management technique in WSN is a real challenging task. In this paper, a novel approach to the above problem by making use of elliptic curve cryptography (ECC) is presented. In the proposed scheme, a seed key, which is a distinct point in an elliptic curve, is assigned to each sensor node prior to its deployment. The private key ring for each sensor node is generated using the point doubling mathematical operation over the seed key. When two nodes share a common private key, then a link is established between these two nodes. By suitably choosing the value of the prime field and key ring size, the probability of two nodes sharing the same private key could be increased. The performance is evaluated in terms of connectivity and resilience against node capture. The results show that the performance is better for the proposed scheme with ECC compared to the other basic schemes.     

WSN key recovery attack based on symmetric matrix decomposition

The key protocol is one of the crucial technologies to ensure the security for wireless sensor network（WSN）.Parakh,et al.proposed a key agreement for WSN based on matrix decomposition.However,the study revealed that the protocol had security risks.A key recovery attack scheme against this protocol was proposed by using the properties of symmetric matrix and permutation matrix.Based on intercepting the row and column vector of the node,elementary transformation was performed to construct a linear algebraic attack algorithm and the equivalent key was obtained.The computational complexity is O(N⁶).Experimental results show that the method can recover the equivalent key of the above protocol within the polynomial computational complexity and the memory consumption is within an acceptable range.In addition,an improved scheme for key agreement was proposed to resist the linear algebraic attack by using a random disturbance matrix,and the correctness and security analysis were also carried out.     

pDCS: Security and Privacy Support for Data-Centric Sensor Networks

The demand for efficient data dissemination/access techniques to find relevant data from within a sensor network has led to the development of Data-Centric Sensor (DCS) networks, where the sensor data instead of sensor nodes are named based on attributes such as event type or geographic location. However, saving data inside a network also creates security problems due to the lack of tamper resistance of the sensor nodes and the unattended nature of the sensor network. For example, an attacker may simply locate and compromise the node storing the event of his interest. To address these security problems, we present pDCS, a privacy-enhanced DCS network which offers different levels of data privacy based on different cryptographic keys. pDCS also includes an efficient key management scheme to facilitate the management of multiple types of keys used in the system. In addition, we propose several query optimization techniques based on euclidean Steiner Tree and keyed Bloom Filter (KBF) to minimize the query overhead while preserving query privacy. Finally, detailed analysis and simulations show that the KBF scheme can significantly reduce the message overhead with the same level of query delay and maintain a very high level of query privacy.     

An authenticated group key distribution mechanism using theory of numbers

A group key distribution protocol can enable members of a group to share a secret group key and use it for secret communications. In 2010, Harn and Lin proposed an authenticated group key distribution protocol using polynomial‐based secret sharing scheme. Recently, Guo and Chang proposed a similar protocol based on the generalized Chinese remainder theorem. In this paper, we point out that there are some security problems of Guo and Chang's protocol and propose a simpler authenticated group key distribution protocol based on the Chinese remainder theorem. The confidentiality of our proposed protocol is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.     

无线传感器网络的轻量级安全体系研究

结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

H-SPREAD: a hybrid multipath scheme for secure and reliable data collection in wireless sensor networks

Communication security and reliability are two important issues in any network. A typical communication task in a wireless sensor network is for every sensor node to sense its local environment, and upon request, send data of interest back to a base station (BS). In this paper, a hybrid multipath scheme (H-SPREAD) to improve both the security and reliability of this task in a potentially hostile and unreliable wireless sensor network is proposed. The new scheme is based on a distributed N-to-1 multipath discovery protocol, which is able to find multiple node-disjoint paths from every sensor node to the BS simultaneously in one route discovery process. Then, a hybrid multipath data collection scheme is proposed. On the one hand, end-to-end multipath data dispersion, combined with secret sharing, enhances the security of the end-to-end data delivery in the sense that the compromise of a small number of paths will not result in the compromise of a data message in the face of adversarial nodes. On the other hand, in the face of unreliable wireless links and/or sensor nodes, alternate path routing available at each sensor node improves the reliability of each packet transmission significantly. The extensive simulation results show that the hybrid multipath scheme is very efficient in improving both the security and reliability of the data collection service seamlessly.     

基于分布式密钥共享的UWSN安全分簇方案

针对无照料的无线传感网（UWSN, unattended wireless sensor network）收集效率和安全问题,提出一种安全的UWSN分簇方案,实现了一种三角形网格图的网络拓扑分簇算法,并可完成簇头对移动节点的认证。该方案利用三角形的性质提高了网络的连通度,折中数据收集效率与能耗;将分布式密钥共享方案与分簇算法无缝结合,在网络中高效地搜索移动节点公钥信息,从而在本地不存有对应公钥信息的情况下验证签名信息。实验结果表明,该算法在节点密度越大的情况下分簇越趋近于正三角形网格图,且分簇后的网络对于低于20%节点变节有95%以上概率抵御攻击。     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

无线传感器网络中一种基于公钥的密钥分配方案

针对基于对称密钥的密钥分配技术无法彻底解决无线传感器网络中密钥分配的安全问题,提出了一种基于公钥的密钥预分配方案,基站利用一系列原始公钥和单向散列函数产生公钥集合,并为每个节点随机分配公私钥对和公钥集合的子集。由于私钥的唯一性,采用该方案不仅能够提高网络的安全性能,而且可以改善网络的存储开销。利用随机图论的相关原理证明,该方案与传统的密钥预分配方案相比,既保证了网络的安全,又兼顾了网络和节点资源有限的实际,在连通性不变的前提下,其网络安全性和网络的扩展性大幅度提高。     

WSN中一种改进的密钥管理方案研究

密钥管理作为传感器网络安全中最为基本的环节,在认证和加密过程中起着重要作用。针对无线传感器网络(Wireless Sensor Network,WSN)的通信密钥易被破解的缺点以及为建立安全信道而增加密钥会造成网络的连通率低的问题,提出了一种改进的无线传感器网络密钥管理方案,通过定位算法得到网络中的坐标,利用所得到的位置信息对所存储的密钥空间进行优化,可以增大2个邻居节点拥有相同密钥空间的概率。实验结果表明:该方法占用较小密钥存储空间,能明显改善网络连通性和网络的安全性等性能,提高安全性。     

基于CPK和能量的安全路由算法

无线传感网是由大量传感器节点组成的网络,具有无线通信、自组织、无中心的组网特性。针对无线传感器网络面临的众多安全问题,从组合公钥和节点能量入手,对LEACH进行改进,提出了一种基于CPK和能量的安全有效路由算法。通过仿真实验,改进的路由协议比LEACH具有更长的寿命,而且在安全性方面也进一步加强了。     

一种新型稀疏Ad Hoc网络消息签名方案

针对稀疏Ad Hoc网络的易断易延时特性,采用基于身份的密码体制和椭圆曲线双线性对,提出一种新的稀疏Ad Hoc网络消息签名方案,并对方案的安全性和性能进行了分析。该方案可以解决第三方密钥托管带来的签名伪造问题,限制稀疏Ad Hoc网络中节点私钥泄密带来的伪造消息签名的影响,在保证安全性的前提下,有效减少密钥长度、签名长度与签名的计算量,降低了对网络通信带宽和节点存储、计算能力的要求,符合稀疏Ad Hoc网络的签名需求。     

Location dependent key management in sensor networks without using deployment knowledge

In this paper we propose an approach for key management in sensor networks which takes the location of sensor nodes into consideration while deciding the keys to be deployed on each node. As a result, this approach not only reduces the number of keys that have to be stored on each sensor node but also provides for the containment of node compromise. Thus compromise of a node in a location affects the communications only around that location. This approach which we call as location dependent key management does not require any knowledge about the deployment of sensor nodes. The proposed scheme starts off with loading a single key on each sensor node prior to deployment. The actual keys are then derived from this single key once the sensor nodes are deployed. The proposed scheme allows for additions of sensor nodes to the network at any point in time. We study the proposed scheme using both analysis and simulations and point out the advantages.