传感器网络中基于簇的组密钥管理方案

针对传感器网络中无长期可信节点的特点,基于传感器网络的簇结构和门限密钥共享机制提出一种新的组密钥管理方案,使得只有组中的合法节点才能存储一个有效的组密钥分量。组密钥更新时,组密钥由节点协同产生并由簇头安全分发。理论分析和仿真实验表明,该方案具有良好的安全性,在组密钥更新时存储开销和通信开销较低。     

传感器网络中基于随机混淆的组密钥管理机制

组密钥在传感器网络安全组通信及虚假数据过滤等安全服务中起着重要作用.针对节点可能被大量俘获这一安全威胁研究组密钥管理问题,提出了一种基于随机混淆技术的组密钥管理机制GKRP(group key management scheme based on random perturbation).首先,提出了一种基站与网络协同的组密钥管理框架;然后,结合秘密共享技术和随机混淆技术构造了组密钥广播函数和局部协作等功能函数,以实现组密钥更新信息的广播传输和多个被俘获节点的撤销;最后,基于上述管理框架和函数,提出了机制GKRP,使得节点间可以协作进行组密钥更新.理论分析及仿真结果表明,GKRP在特定的参数设置下不受限于被俘获节点,且该参数易于满足.因此,GKRP有效突破了门限值问题,提高了网络的抗毁性.同时,由于采取局部广播和全网络广播方式更新组密钥,GKRP在通信上同样更为有效.GKRP的存储和计算开销略高于已有同类机制,但仍然较低,适合于传感器网络.     

WSN的一种分布式组密钥管理方案

文章利用拉格朗日插值多项式,提出一种基于簇的无线传感器网络组密钥管理方案。方案将组密钥以分量的形式存储在各合法节点中,合法节点通过和一定数目的邻居节点协作获得新的组密钥,并利用加密广播更新组密钥分量,提高了系统抗合谋攻击的能力,通信、存储开销也有所降低。     

无线传感器网络中基于IBE算法的组密钥管理方案

针对无线传感器网络无长期可信的节点、信道可靠性差及其资源十分有限等特点,基于无线传感器网络的簇结构和IBE算法提出一种新的组密钥管理方案,能够验证组密钥分量的正确性,确保组密钥的正确生成和更新,提供安全的组通信。理论分析及仿真结果表明,新方案具有很高的安全性,以及较小的存储开销与通信开销。     

基于身份的低能耗WSN组密钥管理方案

在分簇的无线传感器网络中,簇内节点经常进行组播,为保证报文和节点信息的安全性,设计一种高效的组密钥管理方案。该方案采用改进的基于身份的广播加密算法,计算初始组密钥与更新节点退出时的组密钥,减少广播报文的长度,降低传输能耗。利用能耗较小的对称加密算法,加入新节点与更新密钥生命期结束时的组密钥。该方案可以抵抗同谋攻击、仿冒攻击。安全性分析结果表明,在相同的安全标准下,与EGKAS方案相比,该方案占用存储空间更小,能耗更低,且节点存储及组密钥更新开销与群组大小无关,具有良好的扩展性。     

一种分层分簇的组密钥管理方案

为了满足无线传感器网络组通信的安全,提出一种分层分簇的组密钥管理方案。该方案采用分层的体系结构,将组中节点分为管理层和普通层。BS通过构造特殊的组密钥多项式更新普通层组密钥,而管理层则采用二元单向函数进行组密钥的协商。分析表明,该方案很好满足了无线传感器网络中组密钥管理的前向安全性,后向安全性,并且减小了存储开销、计算开销和通信开销。     

一种基于多项式的无线传感器网络密钥管理方案*

提出一种基于多项式的无线传感器网络密钥管理方案。基站通过计算节点秘密信息构成的多项式来生成网络的全局密钥,节点通过全局密钥可以认证网络中的合法节点。节点用全局密钥经过Diffie-Hellman密钥交换来生成与邻居节点之间唯一的会话密钥。该方案能够动态更新密钥,从而解决了由于节点被捕获所导致的信息泄露、密钥连通性下降和密钥更新通信开销大等问题。性能分析表明,该方案与现有的密钥预分配方案相比,具有更低的存储开销、通信开销、良好的扩展性和连通性。     

基于Hash函数的WSN密钥分配方案

针对经典随机密钥预分配方案存储和通信开销大、安全性不足的问题,提出一种基于Hash函数的无线传感器网络密钥预分配方案。采用Hash函数单向运算提高密钥安全性,通过单次广播过程分配密钥法降低通信开销。仿真结果表明,该方案可降低存储开销,提高节点抗俘获攻击能力,且通信开销从O(2N)降至O(N)。     

无线传感器网络动态密钥管理方案

传统的密钥管理技术不适合资源受限的无线传感器网络,因此在保证网络的安全性下如何降低网络的能量开销已成为无线传感器网络安全技术的重要部分。文中提出一种新的密钥管理方案——双层组密钥管理(Two-Tier Dynamic Key Management,TDKM)方案。该方案把网络拓扑分成上层簇节点之间密钥会话和下层节点之间通信,其中上层采用基于位置的密钥预分布方法来建立簇节点之间会话密钥,下层采用基于位置的组合的密钥分布来组织节点之间的通信。与SECK方案比较,TDKM方案降低了更新开销,并且提高了网络的安全性能。     

分簇无线传感器网络密钥预分配管理方案

针对无线传感器网络节点计算和存储能力有限,能量受限等特点,提出了一种新的分簇传感器网络密钥预分配管理方案KDNKPD。该方案借助于Blundo二元多项式函数和密钥分发节点建立节点与簇头间的安全通信,能够适应簇首节点的按轮选举并解决了Blundo方案的安全问题。通过安全分析与性能分析比较和仿真实验表明,该方案提高了网络的安全性,减少了传感器节点的存储开销和计算开销。     

无线传感器网络的组密钥更新算法*

提出了一种适用于无线传感器网络的基于改进密钥链接树的组密钥更新算法。通过在基于密钥链接树的组密钥管理方案中引入问题密钥路径,并延迟这些问题密钥路径上的密钥更新操作,从而减少密钥链接树中辅助节点上的重复密钥更新。实验结果表明,与现有的组密钥管理方案相比,基于改进密钥链接树的组密钥更新算法在节点添加和删除操作时产生更少的密钥更新消息和消耗更少的能量。     

Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks

Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.     

Efficient group key management for multi-privileged groups

Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.     

RiSeG: a ring based secure group communication protocol for resource-constrained wireless sensor networks

Securing group communication in wireless sensor networks has recently been extensively investigated. Many works have addressed this issue, and they have considered the grouping concept differently. In this paper, we consider a group as being a set of nodes sensing the same data type, and we alternatively propose an efficient secure group communication scheme guaranteeing secure group management and secure group key distribution. The proposed scheme (RiSeG) is based on a logical ring architecture, which permits to alleviate the group controller’s task in updating the group key. The proposed scheme also provides backward and forward secrecy, addresses the node compromise attack, and gives a solution to detect and eliminate the compromised nodes. The security analysis and performance evaluation show that the proposed scheme is secure, highly efficient, and lightweight. A comparison with the logical key hierarchy is preformed to prove the rekeying process efficiency of RiSeG. Finally, we present the implementation details of RiSeG on top of TelosB sensor nodes to demonstrate its feasibility.     

自组网中一种新的组密钥更新策略

组播是自组网应用中的一个重要组成部分,如何对组播通信中的密钥进行管理,使得密钥能够安全地分发和高效地更新是目前的一个研究热点。该文提出了一种新的组密钥更新策略。利用多个密钥池进行密钥预分发,建立对称密钥进行组密钥的更新,基于ID的密码系统,降低节点的计算量和通信量。该策略的安全模型符合主动外部攻击模型,满足强安全性。对新策略的安全和性能进行了详细的分析。     

基于时间部署的无线传感器网络密钥管理方案

提出一种基于时间部署的随机密钥管理方案.该方案采用了特殊的两级随机密钥预分配和清除机制以及按时间顺序的成组部署方法:每个传感器节点从多个密钥池中随机选择密钥并在一定条件下删除相关的密钥;所有传感器节点被组织成部署组并按时间顺序被部署到网络中.与经典的随机密钥管理方案相比,该方案在为成对密钥的生成提供了较高的节点连通度的同时,提高了节点资源利用率并且增强了网络抵抗节点受损攻击的能力.