基于分簇的有效无线传感器网络密钥管理方案

针对现有无线传感器网络密钥管理中计算量过大、存储空间过多和网络安全问题,在分簇结构无线传感器网络基础上,提出一种新的密钥管理方案,它通过将已存储的密钥部分地转化为即使被攻击者截获也无影响的特殊信息,来获取更加良好的安全性,同时又不降低网络的连通性。通过仿真与其他算法进行性能对比,结果显示这种方案具有更好的性能。     

基于密钥联系表的无线传感器网络密钥管理方案

考虑到多播密钥管理必须满足前向私密性、后向私密性、抗同谋破解、可扩展性以及健壮性等安全需求,同时针对于无线传感器网络能源受限的特点,提出了一种新的基于门限机制和密钥联系表的密钥管理方案。通过把密钥映射于空间曲线和曲面上,该方案在小幅度增加计算复杂性的同时,对通信复杂性和存储复杂性进行了较大的优化。     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

An effective key management scheme for heterogeneous sensor networks

Security is critical for sensor networks used in military, homeland security and other hostile environments. Previous research on sensor network security mainly considers homogeneous sensor networks. Research has shown that homogeneous ad hoc networks have poor performance and scalability. Furthermore, many security schemes designed for homogeneous sensor networks suffer from high communication overhead, computation overhead, and/or high storage requirement. Recently deployed sensor network systems are increasingly following heterogeneous designs. Key management is an essential cryptographic primitive to provide other security operations. In this paper, we present an effective key management scheme that takes advantage of the powerful high-end sensors in heterogeneous sensor networks. The performance evaluation and security analysis show that the key management scheme provides better security with low complexity and significant reduction on storage requirement, compared with existing key management schemes.     

HIKES: Hierarchical key establishment scheme for wireless sensor networks

This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd.     

Huffman-based group key establishment scheme with Location-aware

Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address. To achieve better time efficiency in key establishment, we propose a Location-based Huffman (L-Huffman) scheme. First, users are separated into several small groups to minimize communication cost when they are distributed over large networks. Second, both user’s computation difference and message transmission delay are taken into consideration when Huffman coding is employed to forming the optimal key tree. Third, the combined weights in Huffman tree are located in a higher place of the key tree to reduce the variance of the average key generation time and minimize the longest key generation time. Simulations demonstrate that L-Huffman has much better performance in wide area networks and is a little better in local area network than Huffman scheme.     

One-way hash chain-based self-healing group key distribution scheme with collusion resistance capability in wireless sensor networks

In order to resolve the collusion resistance problem in the one-way hash chain-based self-healing group key distribution schemes and improve the performance of previous self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the revocation polynomial and a special one-way hash key chain for wireless sensor networks (WSNs) in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, a new method is addressed to provide the capability of resisting the collusion attack between revoked users and new joined users, and a special one-way hash chain utilization method and some new methods to construct the personal secret, the revocation polynomial and the key updating broadcast packet are presented. Compared with existing schemes under same conditions, our proposed scheme not only supports more revoked users and sessions, but also provides a stronger security. Moreover, our proposed scheme reduces the communication overhead, and is especially suited for a large scale WSN in bad environments where a strong collusion attack resistance capability is required and many users will be revoked.     

一种基于KeyRev的无线传感器网络密钥撤销方案

KeyRev密钥撤销方案可以在一定程度上销毁无线传感网络中的受损节点,并可以生成新一轮通信中会话密钥,已生成会话密钥的节点即可生成数据加密密钥和MAC校验密钥。但因其是采用明文广播受损节点信息。使遭受攻击的节点很容易发现自己身份暴露,从而采取欺骗、篡改等手段依然参与网络通信。对此方案予以改进优化,对广播信息隐蔽处理,更加安全有效地剔除网络中的受损节点。     

基于按对平衡设计的异构无线传感器网络密钥预分配方案

利用异构无线传感器网络中普通节点和簇头节点间的差异性,基于中心可分解型按对平衡设计构造了异构的节点密钥环,设计了2种密钥预分配方案DCPBD和VDCPBD.其中,DCPBD利用了中心可分解类型PBD,将普通区组作为普通节点的密钥环,将特殊区组作为簇头节点的密钥环.VDCPBD基于DCPBD进行了扩展,将单一核密钥替换为基于另一密钥池进行SBIBD设计出的簇间密钥环,减小了DCPBD由于单个簇头节点被俘后对整个网络抗毁性的影响.由于在设计时考虑了节点的异构特性,使用确定性方法构造了异构密钥环,使得在保持密钥连通率不变的前提下获得了更低的空间复杂度.仿真实验表明,2个方案都支持大规模网络,且单跳密钥连通率随网络规模增大而趋近于1,2跳连通率恒为1.VDCPBD还具备了更强的抗节点捕获能力和更好的网络可扩展性.     

Secure group communication in wireless mesh networks

Wireless mesh networks (WMNs) have emerged as a promising technology that offers low-cost community wireless services. The community-oriented nature of WMNs facilitates group applications, such as webcast, distance learning, online gaming, video conferencing, and multimedia broadcasting. Security is critical for the deployment of these services. Previous work focused primarily on MAC and routing protocol security, while application-level security has received relatively little attention. In this paper we focus on providing data confidentiality for group communication in WMNs. Compared to other network environments, WMNs present new challenges and opportunities in designing such protocols. We propose a new protocol framework, Secure Group Overlay Multicast (SeGrOM), that employs decentralized group membership, promotes localized communication, and leverages the wireless broadcast nature to achieve efficient and secure group communication. We analyze the performance and discuss the security properties of our protocols. We demonstrate through simulations that our protocols provide good performance and incur a significantly smaller overhead than a baseline centralized protocol optimized for WMNs.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

SKWN: Smart and dynamic key management scheme for wireless sensor networks

In the era of the Internet of Things (IoT), we are witnessing to an unprecedented data production because of the massive deployment of wireless sensor networks (WSNs). Typically, a network of several hundred sensors is created to ensure the interactions between the cyber world and the physical world. Unfortunately, the intensive use of this kind of networks has raised several security issues. Indeed, many WSN‐based applications require secure communication in order to protect collected data. This security is generally ensured by encryption of communication between sensors, which requires the establishment of many cryptographic keys. Managing these keys, within a protocol, is an important task that guarantees the effectiveness of the security mechanism. The protocol should be intelligently adaptable not only to intrusion events but also to the security level needed by some applications. An efficient protocol optimizes also sensors energy and consequently increases the network life cycle. In this paper, we propose, a smart and dynamic key management scheme for hierarchical wireless sensor networks (SKWN). Our protocol offers three subschemes to deal with key establishment, key renewal, and new node integration. Regarding existing schemes, SKWN does not only provide reliable security mechanisms, but it also optimizes energy consumption and overheads related to the communication and memory usage. Furthermore, our approach relies on a machine learning approach to monitor the state of the network and decide the appropriate security level. We provide a formal approach and its implementation, together with simulations allowing to compare resources usage with respect to existing approaches.     

传感器网络中对偶密钥的动态密钥路径建立机制及算法

对偶密钥技术的采用使无线传感器网络通信的安全性得到保障.对偶密钥中的动态密钥路径的应用又进一步提高无线传感器网络通信的可靠性.利用层次超立方体模型中节点编码的特性及其高容错性,提出了基于局部弱连通性概念的簇内动态密钥路径和基于位置信息的簇间动态密钥路径的两类算法.理论与计算机仿真数据分析表明,该算法具有良好的可靠性和高效性,是一种适合无线传感器网络安全可靠的具有实用价值的算法.     

无线传感器网络中一种基于公钥的密钥分配方案

针对基于对称密钥的密钥分配技术无法彻底解决无线传感器网络中密钥分配的安全问题,提出了一种基于公钥的密钥预分配方案,基站利用一系列原始公钥和单向散列函数产生公钥集合,并为每个节点随机分配公私钥对和公钥集合的子集。由于私钥的唯一性,采用该方案不仅能够提高网络的安全性能,而且可以改善网络的存储开销。利用随机图论的相关原理证明,该方案与传统的密钥预分配方案相比,既保证了网络的安全,又兼顾了网络和节点资源有限的实际,在连通性不变的前提下,其网络安全性和网络的扩展性大幅度提高。     

基于动态累加器的异构传感网认证组密钥管理方案

利用动态累加器的证人能够证明特定累加项是否参与累加的特性,实现了组成员身份认证,提出了一种新的支持节点动态增加和撤销的组密钥管理方案DAAG。在需要建立组密钥时,所有成员节点提供自己持有的累加项,参与累加计算。DAAG方案在保证成员节点证人机密性的基础上, 通过绑定证人与组密钥更新计算,限制了非成员节点对新密钥的计算能力。安全性和性能分析表明,DAAG方案虽比FM方案消耗更多的通信代价,但能够抵抗伪造、重放和共谋等恶意攻击,提供前后向安全性。     

An adaptable and scalable group access control scheme for managing wireless sensor networks

Access control is a prime technology to prevent unauthorized access to private information, which is one of the essential issues appearing in secure group communication (SGC) of wireless sensor networks (WSNs). Many studies have made good progress on access control; however, their methods are inadequate to cope with this new issue for SGC-based WSNs since of their inflexibility, inefficiency, insecurity, or small-scale.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

传感器网络中基于三元多项式的密钥管理方案

提出一种新的密钥管理方案KMTP(key management based on ternary polynomial)。基站为每个节点建立唯一性标识,保证节点合法性;基于三元多项式设计簇内和簇间密钥预分配算法,可以保证秘密多项式的破解门限值分别大于簇内节点和分簇总数,理论上难以破解;通过构造安全连通邻接表,设计簇间多跳路由选择算法,保证通信阶段的安全;引入更新参数和更新认证数,保证密钥更新阶段的安全。仿真表明,相比已有方案,KMTP开销较小,且能够提供更高的安全性。     

无线传感器网络中具有撤销功能的自愈组密钥管理方案

在有限域F_q上构造基于秘密共享的广播多项式,提出一种具有节点撤销功能的组密钥更新方案.同时,基于单向散列密钥链建立组密钥序列,采用组密钥预先更新机制,容忍密钥更新消息的丢失,实现自愈.分析表明,在节点俘获攻击高发的环境中,方案在计算开销和通信开销方面具有更好的性能.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.