无线传感器网络中基于EBS的高效安全的群组密钥管理方案

为了保证无线传感器网络(WSN)群组通信的安全性,设计了一种基于EBS的群组密钥管理方案.提出方案首先通过合并链状簇和星型簇简化无线传感器网络的拓扑结构,然后通过增加网络被捕获时所需入侵节点的数量来防止攻击者通过少量共谋节点得到所有管理密钥,之后利用图染色算法对分配密钥组合的节点进行排序,并依据海明距离和EBS方法对网络中的传感器节点进行管理密钥分配.在此基础上给出了对传感器节点的加入和离开事件进行处理的方法.在有效性和性能分析阶段,首先通过2个实验分别对提出方案中共谋攻击的可能性和入侵节点数量对网络抵抗共谋攻击能力的影响进行分析,实验结果表明提出方案增强了WSN抵抗共谋攻击的能力;然后对提出方案和SHELL在加入事件和离开事件时的系统代价进行比较,结果表明提出方案所需的密钥更新消息数量和传感器节点存储量均小于SHELL方案.     

一个大规模无线传感器网络的密钥动态管理策略

 为了解决大规模无线传感器网络的密钥管理问题,提出了基于EBS系统的两级密钥动态管理策略.该策略从网络部署开始,在整个生命周期内对节点内的密钥进行动态管理.针对无线传感器网络的特性,节点的密钥管理分为三个阶段:初始化阶段、稳定阶段和动态变更阶段.实验表明,TLKMS策略能够在一定程度上节省存储空间并提高网络抵御攻击的能力.     

基于最小生成树的异构传感器网络抗共谋优化方案

基于EBS (Exclusion Basis Systems)的密钥管理协议,以安全性高、动态性和扩展性好,较适用于异构传感器网络,但却存在共谋问题。该文提出了一种基于MST (Minimum Spanning Tree)的密钥共谋问题优化方案。该方案利用Prim算法对由簇内感知节点所构成的无向连通图进行最小生成树求解,并对该树进行遍历,根据所得节点遍历顺序进行密钥的指派与分配,使得相邻节点间所含的密钥重叠程度增大,发生共谋的可能性得到降低。实验结果表明:同比于密钥随机分配方案与SHELL方案,所提方案有效提高了网络的抗捕获能力。     

WSN的网络安全管理机制研究

本文提出一种基于多项式的WSN密钥管理方案.基站通过计算节点秘密信息构成的多项式来生成网络的全局密钥,节点通过全局密钥可以认证网络中的合法节点.节点用全局密钥经过对称多项式密钥交换来生成与簇头节点之间的会话密钥.该方案能够动态更新密钥,从而解决了由于节点被捕获所导致的信息泄露、密钥连通性下降和密钥更新通信开销大等问题.性能分析表明,该方案与现有的密钥预分配方案相比,具有更低的存储开销、通信开销、良好的扩展性和连通性.     

改进的无线传感器网络密钥预分发方案

针对现有的无线传感器网络密钥预分发方案密钥易泄露,不可追溯泄密传感器节点等产生的信息泄露问题,新方案改进了已有的基于多项式密钥预分发方案,将节点位置信息和身份信息引入传输信息的路径中,并经过密钥更新及管理说明,连通性和安全性分析。证明新方案提高了已有方案的抗捕获性,易于基站即时发现捕获节点,即时进行调整和明确所接收到的信息的来源。易于用在军事领域及不安全环境中进行信息监测及传输。     

一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

一种基于双密钥的无线传感网络动态密钥管理方案

针对无线传感网络节点的存储空间、能量等的限制,以及动态密钥管理的无身份认证的安全问题等,提出一种类似一次一密的双密钥管理方案.该方案增加了身份认证模块,以及新节点的认证机制.同时在更新动态密钥时引入盐值,这一特性又进一步增强了无线传感器网络的抗毁性能.最后分析了方案的存储量、连通性以及安全性：在超过6 000个节点的网络环境下,该方案单个节点的密钥存储量大幅降低,仅有E-G方案的一半左右;在连通性方面,E-G方案是基于概率的,一般为0.9,而该方案的连通率为1;在安全性方面,该方案降低了密钥环的数量,未捕获节点的密钥暴露概率比E-G方案低很多.     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

基于按对平衡设计的异构无线传感器网络密钥预分配方案

利用异构无线传感器网络中普通节点和簇头节点间的差异性,基于中心可分解型按对平衡设计构造了异构的节点密钥环,设计了2种密钥预分配方案DCPBD和VDCPBD.其中,DCPBD利用了中心可分解类型PBD,将普通区组作为普通节点的密钥环,将特殊区组作为簇头节点的密钥环.VDCPBD基于DCPBD进行了扩展,将单一核密钥替换为基于另一密钥池进行SBIBD设计出的簇间密钥环,减小了DCPBD由于单个簇头节点被俘后对整个网络抗毁性的影响.由于在设计时考虑了节点的异构特性,使用确定性方法构造了异构密钥环,使得在保持密钥连通率不变的前提下获得了更低的空间复杂度.仿真实验表明,2个方案都支持大规模网络,且单跳密钥连通率随网络规模增大而趋近于1,2跳连通率恒为1.VDCPBD还具备了更强的抗节点捕获能力和更好的网络可扩展性.     

无线传感器网络的轻量级安全体系研究

结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。     

一种基于KeyRev的无线传感器网络密钥撤销方案

KeyRev密钥撤销方案可以在一定程度上销毁无线传感网络中的受损节点,并可以生成新一轮通信中会话密钥,已生成会话密钥的节点即可生成数据加密密钥和MAC校验密钥。但因其是采用明文广播受损节点信息。使遭受攻击的节点很容易发现自己身份暴露,从而采取欺骗、篡改等手段依然参与网络通信。对此方案予以改进优化,对广播信息隐蔽处理,更加安全有效地剔除网络中的受损节点。     

Group key management scheme for large-scale sensor networks

Wireless sensor networks are inherently collaborative environments in which sensor nodes self-organize and operate in groups that typically are dynamic and mission-driven. Secure communications in wireless sensor networks under this collaborative model calls for efficient group key management. However, providing key management services in wireless sensor networks is complicated by their ad-hoc nature, intermittent connectivity, large scale, and resource limitations. To address these issues, this paper proposes a new energy-efficient key management scheme for networks consisting of a large number of commodity sensor nodes that are randomly deployed. All sensor nodes in the network are anonymous and are preloaded with identical state information. The proposed scheme leverages a location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problem. Secure and efficient group key initialization is achieved in the proposed scheme by nodes autonomously computing, without any communications, their respective initial group keys. The key server, in turn, uses a simple location-based hash function to autonomously deduce the mapping of the nodes to their group keys. The scheme enables dynamic setup and management of arbitrary secure group structures with dynamic group membership.     

Location-based compromise-tolerant security mechanisms for wireless sensor networks

Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.     

无线传感器网络中具有撤销功能的自愈组密钥管理方案

在有限域F_q上构造基于秘密共享的广播多项式,提出一种具有节点撤销功能的组密钥更新方案.同时,基于单向散列密钥链建立组密钥序列,采用组密钥预先更新机制,容忍密钥更新消息的丢失,实现自愈.分析表明,在节点俘获攻击高发的环境中,方案在计算开销和通信开销方面具有更好的性能.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

基于完全层次树的无线传感器网络密钥共享方案研究

无线传感器网络由于其自身的特性，如计算资源、能量、存储资源以及带宽的局限性从而面临巨大的安全问题，较普通网络更易受到外界的攻击。研究了一种在无线传感器网络中使用的完全层次树的节点密钥共享方案，该方案使任意两个节点之间共享若干密钥。理论和应用分析显示所提出的方案具有有效性和安全性的特点。同时，通过相关方案比较表明该方案较其它方案更适合无线传感器网络，可以有效的抵御一类Rushing引起的网络DoS攻击。     

Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks

For the energy limited wireless sensor networks, the critical problem is how to achieve the energy efficiency. Many attackers can consume the limited network energy, by the method of capturing some legal nodes then control them to start DoS and flooding attack, which is difficult to be detected by only the classic cryptography based techniques with common routing protocols in wireless sensor networks (WSNs). We argue that under the condition of attacking, existing routing schemes are low energy-efficient and vulnerable to inside attack due to their deterministic nature. To avoid the energy consumption caused by the inside attack initiated by the malicious nodes, this paper proposes a novel energy efficiency routing with node compromised resistance (EENC) based on Ant Colony Optimization. Under our design, each node computes the trust value of its 1-hop neighbors based on their multiple behavior attributes evaluation and builds a trust management by the trust value. By this way, sensor nodes act as router to achieve dynamic and adaptive routing, where the node can select much energy efficiency and faithful forwarding node from its neighbors according to their remaining energy and trust values in the next process of data collection. Simulation results indicate that the established routing can bypass most compromised nodes in the transmission path and EENC has high performance in energy efficiency, which can prolong the network lifetime.     

基于EBS和属性加密的抗共谋组密钥管理方案

The major advantages of EBS-based key management scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Cipher-text-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key management scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of communication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios .     

Compromise-resilient anti-jamming communication in wireless sensor networks

Jamming is a kind of Denial-of-Service attack in which an adversary purposefully emits radio frequency signals to corrupt the wireless transmissions among normal nodes. Although some research has been conducted on countering jamming attacks, few works consider jamming attacks launched by insiders, where an attacker first compromises some legitimate sensor nodes to acquire the common cryptographic information of the sensor network and then jams the network through those compromised nodes. In this paper, we address the insider jamming problem in wireless sensor networks. In our proposed solutions, the physical communication channel of a sensor network is determined by the group key shared by all the sensor nodes. When insider jamming happens, the network will generate a new group key to be shared only by the non-compromised nodes. After that, the insider jammers are revoked and will not be able to predict the future communication channels used by the non-compromised nodes. Specifically, we propose two compromise-resilient anti-jamming schemes: the split-pairing scheme which deals with a single insider jammer, and the key-tree-based scheme which copes with multiple colluding insider jammers. We implement and evaluate the proposed solutions using Mica2 Motes. Experimental results show that our solutions have low recovery latency and low communication overhead, and hence they are suitable for resource constrained sensor networks.