一种基于双密钥的无线传感网络动态密钥管理方案

针对无线传感网络节点的存储空间、能量等的限制,以及动态密钥管理的无身份认证的安全问题等,提出一种类似一次一密的双密钥管理方案.该方案增加了身份认证模块,以及新节点的认证机制.同时在更新动态密钥时引入盐值,这一特性又进一步增强了无线传感器网络的抗毁性能.最后分析了方案的存储量、连通性以及安全性：在超过6 000个节点的网络环境下,该方案单个节点的密钥存储量大幅降低,仅有E-G方案的一半左右;在连通性方面,E-G方案是基于概率的,一般为0.9,而该方案的连通率为1;在安全性方面,该方案降低了密钥环的数量,未捕获节点的密钥暴露概率比E-G方案低很多.     

WSN的网络安全管理机制研究

本文提出一种基于多项式的WSN密钥管理方案.基站通过计算节点秘密信息构成的多项式来生成网络的全局密钥,节点通过全局密钥可以认证网络中的合法节点.节点用全局密钥经过对称多项式密钥交换来生成与簇头节点之间的会话密钥.该方案能够动态更新密钥,从而解决了由于节点被捕获所导致的信息泄露、密钥连通性下降和密钥更新通信开销大等问题.性能分析表明,该方案与现有的密钥预分配方案相比,具有更低的存储开销、通信开销、良好的扩展性和连通性.     

一种基于冗余路径的自组网密钥管理方案研究

基于部分分布式门限机制的密钥管理方案能提供高的安全性,但认证成功率较低,可扩展性差;基于证书链的密钥管理方案适合自组网的特点,但不能满足高安全要求的应用环境.在Hubaux证书链方案的基础上,文中提出了基于冗余路径的自组网密钥管理方案,该方案提高了系统的安全性,防止了不诚实节点的欺骗攻击;仿真结果表明,通过增加本地节点存储的证书数量,可以达到较高的认证成功率,满足自组网应用的高安全要求.     

面向WSN的双向认证与密钥协商方案设计

由于无线传感器网络（Wireless Sensor Network,WSN）节点计算能力等资源受限，如何使用较少的计算量实现节点间的认证与密钥协商以保证通信安全一直是研究的热点。针对基于对称密码的认证方案网络扩展性较差、密钥更新困难的问题，以及基于非对称密码的认证方案计算资源开销大的问题，面向WSN安全需求，提出了一种基于身份的非双线性节点认证与密钥协商方案，以椭圆曲线密码算法（Elliptic Curve Cryptography,ECC）为基础，实现了通信节点之间的双向认证、会话密钥协商、确认和更新。分析表明，方案可以满足无线传感器网络节点密钥协商过程所需的几种典型的安全属性，且在资源消耗上有所优化。     

带认证的ZigBee密钥分配方案

针对ZigBee节点组网时缺乏身份认证,密钥分配安全性不足的问题,该文提出一种基于身份的无双线性对运算的ZigBee节点身份认证及密钥分配方案。该方案继承了基于身份的认证方案的优点,在实现身份认证的同时完成了ZigBee密钥分配过程,具有较高的安全性和可扩展性。实验结果表明,该文方案具有存储开销小、能耗低等优势。     

一种基于二次型的无线传感器网络密钥管理方案

针对现有的基于多项式的密钥预分配管理方案受限于节点间密钥共享率和网络连通率等问题,文中提出了一种基于二次型的无线传感器密钥管理方案.该方案突破现有二元t次对称多项式建立共享密钥的思路,引入多元非对称二次型多项式,利用二次型特征值与特征向量之间的关系,分析证明二次型正交对角化的特性,生成密钥信息,节点则通过交换密钥信息实现身份认证,生成与邻居节点之间独立唯一的会话密钥.性能分析表明,与现有的密钥管理方案相比,方案在抗俘获性、连通性、可扩展性、通信开销和存储开销上有较大的改进.     

在椭圆曲线域中基于身份认证的移动ad hoc密钥管理框架

提出一种建立在椭圆曲线域上的基于双向身份认证的移动adhoc密钥管理框架。框架中的门限方案增强了系统的健壮性，基于身份的双向认证方案确保了交互节点身份的真实性，从而能将恶意仿冒节点和恶意发送虚假信息节点快速从系统中分离出来。     

机会网络中基于社会属性的按需密钥管理方案

针对机会网络的间歇性连通、快速移动、自组织管理等特征,提出了基于社会属性的按需密钥管理方案。首先利用基于身份的门限签名方案,实现了节点社会属性的自认证。随后结合机会网络的路由特性,节点之间根据社会属性匹配度有选择地颁发身份证书,并建立可度量的信任网。算法在优化证书图的同时,避免了恶意节点可能导致的无效证书链路的生成。实验仿真表明,该方案可提供较高的证书链重构成功率与节点认证可达率,并有效地降低了密钥管理所需的网络开销。     

移动Ad Hoc网络分布式多跳认证授权方案

提出一个分布式的具有多跳认证授权支持的移动Ad Hoc网络方案。该方案利用门限密钥分享技术把认证授权功能完全分散化,每个节点持有一个密钥份额,只有达到门限值规定数量的节点联合起来才能提供认证服务,而认证服务将不仅仅局限于本地节点,多跳范围内的节点也可以参与这项工作。此外,本文还采用多播来取代广播以减少杂项开销。本文解决了多跳认证授权所遇到的技术难题,并通过仿真验证了方案的可行性和有效性。     

移动ad hoc网络预分配非对称密钥管理方案

为了降低移动ad hoc网络非对称密钥管理中的通信开销,基于组合公钥思想,将ElGamal方案与预分配密钥方式相结合,提出一种基于身份的预分配非对称密钥管理方案(PAKMS)。该方案通过私钥生成中心为节点预分配主密钥子集及基于时间获得节点密钥更新的方式,从方法上降低了移动ad hoc网络非对称密钥管理中的通信开销;私钥生成中心为节点预分配主密钥子集的方式也使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥。由此,弱化了基于身份密钥管理中存在的私钥托管问题对网络安全的影响。与典型方案对比分析表明,该方案在提供节点密钥更新服务的情况下能够有效降低网络通信开销。此外,对方案的安全性进行了详细证明。     

Group key management scheme for large-scale sensor networks

Wireless sensor networks are inherently collaborative environments in which sensor nodes self-organize and operate in groups that typically are dynamic and mission-driven. Secure communications in wireless sensor networks under this collaborative model calls for efficient group key management. However, providing key management services in wireless sensor networks is complicated by their ad-hoc nature, intermittent connectivity, large scale, and resource limitations. To address these issues, this paper proposes a new energy-efficient key management scheme for networks consisting of a large number of commodity sensor nodes that are randomly deployed. All sensor nodes in the network are anonymous and are preloaded with identical state information. The proposed scheme leverages a location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problem. Secure and efficient group key initialization is achieved in the proposed scheme by nodes autonomously computing, without any communications, their respective initial group keys. The key server, in turn, uses a simple location-based hash function to autonomously deduce the mapping of the nodes to their group keys. The scheme enables dynamic setup and management of arbitrary secure group structures with dynamic group membership.     

分簇无线传感器网络中基于横截设计的对密钥建立方案

由于节点能量有限、存贮空间小等特点,使传统的网络密钥管理方案受到挑战。该文基于横截设计、双变量多项式和门限机制,提出了适用于分簇结构传感器网络的对密钥建立方案和多路径密钥建立策略。该方案采用横截设计保证同簇内节点可以直接建立对密钥,而不同簇的节点可以基于门限机制构建多路径密钥。理论和实验分析表明,新方案在增强安全性、连通性和抗毁性的同时,有效地降低了通信量及密钥存储量等代价,并且具有良好的可扩展性。     

一种基于EBS的无线传感器网络动态密钥管理方法

设计安全合理的密钥管理方法是解决无线传感器网络安全性问题的核心内容。基于Exclusion Basis System (EBS)的动态密钥管理方法由于安全性高,动态性能好,节约存储资源,受到了广泛关注。但同时存在共谋问题,即对于被捕获节点通过共享各自信息实施的联合攻击抵抗性较差。针对这一问题,该文利用一种特殊形式的三元多项式(同化三元多项式)密钥取代EBS系统中的普通密钥,并在分簇式的网络拓扑结构基础上,设计了一种基于EBS的无线传感器网络动态密钥管理方法。仿真与分析结果表明,相比于采用普通密钥或是二元多项式密钥的方法,该文方法不仅可以有效地解决共谋问题,提高网络对被捕获节点的抵抗性,而且显著减低了更新密钥过程中的能量消耗。     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

WSN中一种改进的密钥管理方案研究

密钥管理作为传感器网络安全中最为基本的环节,在认证和加密过程中起着重要作用。针对无线传感器网络(Wireless Sensor Network,WSN)的通信密钥易被破解的缺点以及为建立安全信道而增加密钥会造成网络的连通率低的问题,提出了一种改进的无线传感器网络密钥管理方案,通过定位算法得到网络中的坐标,利用所得到的位置信息对所存储的密钥空间进行优化,可以增大2个邻居节点拥有相同密钥空间的概率。实验结果表明:该方法占用较小密钥存储空间,能明显改善网络连通性和网络的安全性等性能,提高安全性。     

无线传感网络中的动态集群密钥管理方案

Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.     

MUQAMI+: a scalable and locally distributed key management scheme for clustered sensor networks

Wireless sensor networks (WSN) are susceptible to node capture and many network levels attacks. In order to provide protection against such threats, WSNs require lightweight and scalable key management schemes because the nodes are resource-constrained and high in number. Also, the effect of node compromise should be minimized and node capture should not hamper the normal working of a network. In this paper, we present an exclusion basis system-based key management scheme called MUQAMI+ for large-scale clustered sensor networks. We have distributed the responsibility of key management to multiple nodes within clusters, avoiding single points of failure and getting rid of costly inter-cluster communication. Our scheme is scalable and highly efficient in terms of re-keying and compromised node revocation.     

Location dependent key management in sensor networks without using deployment knowledge

In this paper we propose an approach for key management in sensor networks which takes the location of sensor nodes into consideration while deciding the keys to be deployed on each node. As a result, this approach not only reduces the number of keys that have to be stored on each sensor node but also provides for the containment of node compromise. Thus compromise of a node in a location affects the communications only around that location. This approach which we call as location dependent key management does not require any knowledge about the deployment of sensor nodes. The proposed scheme starts off with loading a single key on each sensor node prior to deployment. The actual keys are then derived from this single key once the sensor nodes are deployed. The proposed scheme allows for additions of sensor nodes to the network at any point in time. We study the proposed scheme using both analysis and simulations and point out the advantages.     

Self-Organized Monitoring in Ad-Hoc Networks

We propose in this paper a self-organized monitoring architecture for mobile ad-hoc networks based on a selective scheme where subsets of nodes are managed. These nodes are determined based on their network behavior in order to favor subsets of well-connected nodes. The key idea is to relax the requirements of the management plane, and to use these manageable subsets to monitor the performance of the overall network. We therefore propose a new performance metric to be monitored, in order to estimate the capability of ad-hoc nodes to communicate end-to-end in the network. Extensive simulations show how different parameters affect this metric.