一类新的分布式随机验证无线传感网络节点克隆攻击检测

由于无线传感器网络节点的无人值守性,攻击者很容易捕获并复制节点,利用节点的安全证书把复制节点发布到无线传感器网络的各个角落,进而秘密发动各种攻击。提出一类新的分布式节点复制攻击检测协议,协议采用随机区域单元映射和域内随机线选验证相结合的方法进行攻击检测。仿真结果显示,协议的随机验证特性使网络能量消耗均匀,延长网络的生存周期。域内线选验证使协议的通信开销和储存开销较低并具有较高的检测率。     

Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks

Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.     

Private key agreement and secure communication for heterogeneous sensor networks

Key management is an important building block for all security operations in sensor networks. Most existing key management schemes try to establish shared keys for all pairs of neighbor sensors; hence, a large number of keys need to be preloaded on each sensor, which necessitates a large key space for the nodes in the network. The recent trend in research is to mainly consider homogeneous sensor networks, and to a lesser degree heterogeneous sensor networks, for key management. In this paper, we propose a novel key agreement protocol which is based on pairing-based cryptography over an elliptic curve. Using this protocol, any two nodes that need to communicate can independently compute the same secret key by using pairing and identity-based encryption properties. The proposed protocol significantly reduces the key space of a node. Additionally, the security analysis of the proposed protocol shows that it is robust against a number of attacks including wormhole attack, masquerade attacks, reply attacks, and message manipulation attacks.     

Detecting node replication attacks in wireless sensor networks: A survey

A wireless sensor network (WSN) consists of a number of tiny, low-cost, and resource-constrained sensor nodes, but is often deployed in unattended and harsh environments to perform various monitoring tasks. As a result, WSNs are susceptible to many application-dependent and application-independent attacks. In this paper we consider a typical threat in the latter category known as the node replication attack, where an adversary prepares her own low-cost sensor nodes and deceives the network into accepting them as legitimate ones. To do so, the adversary only needs to physically capture one node, extract its secret credentials, reproduce the node in large quantity, and then deploy the replicas under her control into the network, possibly at strategic positions, to cripple various WSN applications with little effort. Defending against such node replication attacks has recently become an imperative research topic in sensor network security, and the design issues may involve different and more threatening challenges than detecting typical application-dependent attacks. In this survey, we classify existent detections in the literature, and explore the various proposals in each category. We look into necessary technical details and make certain comparisons, so as to demonstrate their respective contributions as well as limitations. We also present the technical challenges and indicate some possible directions for future research.     

一类新的基于移动序贯测试的无线传感网络节点克隆攻击检测

无线传感器网络经常被部署在无人值守且严酷的环境中,攻击者能通过克隆节点来发起各种的内部攻击.本文提出一种新的分布式移动节点克隆攻击检测方法.仅当证人节点和被检测节点相遇或相关证人节点相遇时,检测信息被转发到证人节点进行检测.同时,利用序贯概率比检测技术,避免单一样本产生的高错误率.移动辅助的随机验证和序贯测试技术相结合,降低传统路由寻径开销和误警率/虚警率.仿真结果表明,协议具有较高检测效率和合理的开销.     

基于分簇的节点复制攻击入侵检测方法

部署于敌对环境的传感器网络,其节点可能被敌方俘获解析并构成恶意节点。再重新布放于网络,对网络进行攻击。针对上述问题,提出一种新的无线传感器网络节点复制攻击检测方法。这种方法将集中检测和分布检测相结合,在分簇传感器网络中分别利用簇头和基站进行复制攻击检测。仿真结果表明:该法克服了单独采用分布检测或集中检测的缺点,其检测率和通信成本均优于分布式方法,其网络生命周期优于集中式方法。     

A synopsis on node compromise detection in wireless sensor networks using sequential analysis (Invited Review Article)

By exploiting the unattended nature of the wireless sensor networks, an attacker can physically capture and compromise sensor nodes and then launch a variety of attacks. He can additionally create many replicas of a few compromised nodes and spread these replicas over the network, thus launching further attacks with their help. In order to minimize the damage incurred by compromised and replicated nodes, it is very important to detect such malicious nodes as quickly as possible. In this review article, we synthesize our previous works on node compromise detection in sensor networks while providing the extended analysis in terms of performance comparison to the related work. More specifically, we use the methodology of the sequential analysis to detect static and mobile compromised nodes, as well as mobile replicated nodes in sensor networks. With the help of analytical and simulation results, we also demonstrate that our schemes provide robust and efficient node compromise detection capability.     

基于口令应答的协作式WSNs移动复制节点检测方法研究

目前,针对无线传感器网络复制节点攻击研究主要集中在对静态网络中复制节点的检测。WSNs的应用中,节点部署在一定区域形成静态网络并采集信息,为了减少节点间通信量、降低能耗,若干个节点形成一个簇,簇内选举簇头节点作为簇间通信人。静态网络采集的信息通常由汇聚节点回收,为了方便,汇聚节点通常采用移动形式加入网络,收集完后离开。如果这类在移动中收集信息的节点是复制节点,对整个WSNs的威胁比静态网络中的复制节点威胁更大。在借鉴已有的移动网络检测方案的基础上,针对静态网络分簇和移动节点位置经常变换的特点,提出了基于口令应答的协作式WSN移动复制节点检测方法CRCDS（Challenge/Response and Collaborative Detection Scheme）,有效利用静态网络的存储空间,采取静态网络和移动节点相互协作的方式,规避因移动节点位置变化对检测结果的影响,并从理论和实验上分析了该检测方法的安全性和可行性。     

基于中国剩余定理的传感器网络密钥管理协议

无线传感器网络的安全性是目前研究的热点。传统基于临时初始密钥和基于密钥池预分配的方案难以在网络连通性和节点存储计算消耗之间有效平衡,网络生命期内使用固定不变的初始密钥/密钥池难以抵抗节点捕获攻击。本文基于中国剩余定理提出了传感器网络密钥管理协议,每个节点携带较少的密钥素材,能够实现网络最大连通,并具有较少的存储空间和计算与通信能耗;基于时间概念分多个阶段部署传感器节点时,发布的密钥素材在不同的节点部署阶段相应变化,使得网络具有自愈合功能,从而具有较强的抗节点捕获攻击。     

一种新的基于部署知识的WSN密钥分配方案

在正六边形模型的基础上,利用素域中Blom矩阵和对称多项式的阈值及哈希密钥链的不可逆特性提出了一种新的密钥分配方案.该方案在网络部署之初建立对密钥时,同一区域中节点利用分配的哈希链中的值构造一系列Blom矩阵来建立对密钥并保证相同矩阵的个数不超过各自的阈值,不同区域中相邻节点利用随机分配的密钥构造出的多项式建立对密钥,...     

基于矩阵的无线传感器网络密钥预分配

为了提高邻居节点建立共享密钥的概率, 减少无线传感器网络资源的消耗, 从而进一步提高无线传感器网络中的连通性, 提出了一种基于矩阵的无线传感器网络的随机密钥部署方案。该方案在无线传感器的目标划分区域中采用3×3矩阵的方式进行密钥预分配, 使邻居节点共享直接密钥的个数为q, 提高了节点间共享密钥的阈值, 减少了节点存储冗余密钥的数量。数据分析和仿真结果表明, 该方案不但在存储密钥数量和安全性方面有较好的性能, 而且连通率为100%。     

Pair-wise path key establishment in wireless sensor networks

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.     

A-CACHE: An anchor-based public key caching scheme in large wireless networks

When asymmetric cryptography is used in wireless networks, public keys of the nodes need to be made available securely. In other networks, these public keys would have been certified by a certificate authority (CA). However, the existence of a single CA in large wireless networks such as mobile ad hoc networks and wireless sensor networks can lead to a communication hotspot problem and become an easy target for attacks. In this work, we propose a distributed technique, termed A-CACHE, to cache the public keys on regular nodes. One salient feature of our scheme is that some anchor nodes with larger cache memories are exploited. Due to the limited memory size that each node is allowed to dedicate for key caching, only a limited number of keys will be cached. Access to the public keys of other nodes is possible based on a chain of trust. In addition, multiple copies of public keys from different chains of trusted nodes provide fault-tolerant protections and guard against malicious attacks. We explain our technique in detail and investigate its prominent features in this work. Through analysis and evaluations, we observe the existence of an optimum ratio to cache the keys of local nodes.     

A color-theory-based energy efficient routing algorithm for mobile wireless sensor networks

Wireless sensor networks (WSNs) with nodes spreading in a target area have abilities of sensing, computing, and communication. Since the GPS device is expensive, we used a small number of fixed anchor nodes that are aware of their locations to help estimate the locations of sensor nodes in WSNs. To efficiently route sensed data to the destination (the server), identifying the location of each sensor node can be of great help. We adopted a range-free color-theory based dynamic localization (CDL) [Shen-Hai Shee, Kuochen Wang, I.L. Hsieh, Color-theory-based dynamic localization in mobile wireless sensor networks, in: Proceedings of Workshop on Wireless, Ad Hoc, Sensor Networks, August 2005] approach, to help identify the location of each sensor node. Since sensor nodes are battery-powered, we propose an efficient color-theory-based energy efficient routing (CEER) algorithm to prolong the life time of each sensor node. The uniqueness of our approach is that by comparing the associated RGB values among neighboring nodes, we can efficiently choose a better routing path with energy awareness. Besides, the CEER has no topology hole problem. Simulation results have shown that our CEER algorithm can save up to 50–60% energy than ESDSR [Mohammed Tarique, Kemal E. Tepe, Mohammad Naserian, Energy saving dynamic source routing for ad hoc wireless networks, in: Proceedings of Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, April 2005, pp. 305–310] in mobile wireless sensor networks. In addition, the latency per packet of CEER is 50% less than that of ESDSR.     

移动无线传感器网络采样区域自调整的MCL定位算法

定位技术是无线传感器网络中关键的支撑技术之一。现有的无线传感器网络定位算法大多是针对静态场景的,不能直接应用于移动无线传感器网络。针对移动无线传感器网络的特点,在深入分析现有蒙特卡洛算法的基础上,提出一种改进机制,即采样区域自调整的蒙特卡洛节点定位(SA_MCL)算法。该算法通过对节点历史位置信息插值模拟获得节点的运动速度和方向,目的是为了自动调整采样区域,从而提高定位精度。仿真结果表明,采用SA_MCL算法,节点的定位精度有较大提高。     

基于二项分布的无线传感器网络信任管理系统

由于无线传感器网络不同于传统网络的特点,导致其很容易受到来自妥协节点的内部攻击。信任管理系统是防御无线传感器网络内部攻击的最有效方法。针对无线传感器网络节点信誉和信任的评估,我们改进了用于无线传感器网络的基于贝塔的信誉系统BRSN( Beta Reputation System for Sensor Networks),提出了基于二项分布的无线传感器网络信任评估系统BTMS( Binomial-based Trust Management System)。 BTMS基于对节点行为的监控,利用二项分布来描述节点信誉的分布,并进一步得到节点信任值,从而指导中继节点的选择,降低内部攻击的危害。实验结果表明,利用BTMS可以有效的防御来自妥协节点的内部攻击,提高网络安全性。     

A comprehensive security analysis of LEACH++ clustering protocol for wireless sensor networks

Wireless sensor networks (WSNs) will play a major role in future technologies in the development of the cyber-physical society. Studies show that WSNs are vulnerable to various insider attacks that may degrade its performance and affect the application services. Various intrusion detection system-based solutions have been proposed for WSNs to secure them from such attacks; however, these solutions have certain limitations with respect to completeness and evaluation. Recently, we proposed an intrusion detection framework to secure WSNs from insider attacks and proposed a protocol called LEACH++. In this paper, we perform a detailed security analysis of LEACH++ against black-hole, sink-hole and selective forwarding attacks by launching a number of attacks with different patterns. The results of our experiments performed in network simulator-2 show that the proposed scheme is highly efficient and achieves higher accuracy and detection rates with very low false-positive rate when compared to an anomaly based detection scheme.

     

基于时间部署的无线传感器网络密钥管理方案

提出一种基于时间部署的随机密钥管理方案.该方案采用了特殊的两级随机密钥预分配和清除机制以及按时间顺序的成组部署方法:每个传感器节点从多个密钥池中随机选择密钥并在一定条件下删除相关的密钥;所有传感器节点被组织成部署组并按时间顺序被部署到网络中.与经典的随机密钥管理方案相比,该方案在为成对密钥的生成提供了较高的节点连通度的同时,提高了节点资源利用率并且增强了网络抵抗节点受损攻击的能力.     

Mobility-assisted minimum connected cover in a wireless sensor network

All properties of mobile wireless sensor networks (MWSNs) are inherited from static wireless sensor networks (WSNs) and meanwhile have their own uniqueness and node mobility. Sensor nodes in these networks monitor different regions of an area of interest and collectively present a global overview of monitored activities. Since failure of a sensor node leads to loss of connectivity, it may cause a partitioning of the network. Adding mobility to WSNs can significantly increase the capability of the WSN by making it resilient to failures, reactive to events, and able to support disparate missions with a common set of sensor nodes. In this paper, we propose a new algorithm based on the divide-and-conquer approach, in which the whole region is divided into sub-regions and in each sub-region the minimum connected sensor cover set is selected through energy-aware selection method. Also, we propose a new technique for mobility assisted minimum connected sensor cover considering the network energy. We provide performance metrics to analyze the performance of our approach and the simulation results clearly indicate the benefits of our new approach in terms of energy consumption, communication complexity, and number of active nodes over existing algorithms.     

一种分层式无线传感器网络密钥分配管理方案

当传感器节点部署在开放的、无人照看、无物理保护的环境下,安全问题变得非常重要,即它们极易受到不同类型的恶意攻击.论文针对分层组织的无线传感器网络提出了一种安全的密钥管理方案,这种方案在一个簇中高效地分配密钥并更新预先部署的密钥以减轻对节点的有害攻击.