移动ad hoc网络预分配非对称密钥管理方案

为了降低移动ad hoc网络非对称密钥管理中的通信开销,基于组合公钥思想,将ElGamal方案与预分配密钥方式相结合,提出一种基于身份的预分配非对称密钥管理方案(PAKMS)。该方案通过私钥生成中心为节点预分配主密钥子集及基于时间获得节点密钥更新的方式,从方法上降低了移动ad hoc网络非对称密钥管理中的通信开销;私钥生成中心为节点预分配主密钥子集的方式也使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥。由此,弱化了基于身份密钥管理中存在的私钥托管问题对网络安全的影响。与典型方案对比分析表明,该方案在提供节点密钥更新服务的情况下能够有效降低网络通信开销。此外,对方案的安全性进行了详细证明。     

无线Ad hoc网动态密钥管理问题的研究

作为一类自组织动态网络,无线Ad hoc网面临着严重的安全威胁。该文在分析Ad hoc网络特点的基础上,提出一种基于扩展Diffie-Hellman交换的分级组密钥管理方案(HGKM)。HGKM协议采用分级架构,利用成员过滤函数维护统一的组密钥,有效减少密钥更新对Ad hoc网性能的影响。     

一种新的基于椭圆曲线密码体制的 Ad hoc组密钥管理方案

在安全的组通信中,组密钥管理是最关键的问题.论文首先分析了组密钥管理的现状和存在的问题,然后基于椭圆曲线密码体制,针对Ad hoc网络提出了一种安全有效的分布式组密钥管理方案,并对其正确性和安全性进行了证明,由椭圆曲线离散对数困难问题保证协议的安全.针对Ad hoc网络节点随时加入或退出组的特点,提出了有效的组密钥更新方案,实现了组密钥的前向保密与后向保密.与其他组密钥管理方案相比,本方案更加注重组成员的公平性,没有固定的成员结构,并且还具有轮数少、存储开销、通信开销小等特点,适合于在Ad hoc网络环境中使用.     

基于椭圆曲线的Ad hoc网络门限身份认证研究

移动Ad hoc网络是一种拥有自组织、自愈能力而且复杂分布式的网络,Ad hoc网络由能够移动无线节点构成,具有网络拓扑动态变化特性。根据这些特点,安全隐患是Ad hoc网络最主要的缺陷,尤其身份认证作为整个Ad hoc网络达到安全稳定的前提,不言而喻在移动Ad hoc网络中至关重要。提出基于椭圆曲线的Ad hoc网络门限身份认证思想,利用椭圆曲线数字签名算法建立子密钥和群密钥,通过子证书的合成并且进行身份验证,使算法具有极强的安全性、高效率,而且降低了计算难度,满足自组移动的Ad hoc网络特性。     

认知Ad hoc网络中基于市场的三级频谱分配方案

分簇是Ad hoc网络规模较大时采用的主要结构,而频谱分配是Ad hoc网络的关键技术之一。该文针对认知无线电环境的分簇Ad hoc网络,提出了一种新的基于市场的频谱分配方案,该方案中簇首节点依据业务比例从频谱管理中心购买频谱,簇内采用基于供需市场理论的频谱分配算法。分析了簇内频谱市场的两种迭代定价算法额外需求迭代算法和连续松弛迭代算法以及簇首需求订购的过程。该方案能实现各簇收益的最大化,簇首基于需求的频谱购买相对于等量购买进一步提高了频谱效用。仿真结果表明这种频谱分配方案能有效提高系统频谱效用,额外需求迭代算法和连续松弛迭代算法均表现出良好的收敛性能。     

无线传感器网络中一种基于公钥的密钥分配方案

针对基于对称密钥的密钥分配技术无法彻底解决无线传感器网络中密钥分配的安全问题,提出了一种基于公钥的密钥预分配方案,基站利用一系列原始公钥和单向散列函数产生公钥集合,并为每个节点随机分配公私钥对和公钥集合的子集。由于私钥的唯一性,采用该方案不仅能够提高网络的安全性能,而且可以改善网络的存储开销。利用随机图论的相关原理证明,该方案与传统的密钥预分配方案相比,既保证了网络的安全,又兼顾了网络和节点资源有限的实际,在连通性不变的前提下,其网络安全性和网络的扩展性大幅度提高。     

基于区域的异构无线传感器网络密钥管理

密钥管理是无线传感器网络中极具挑战性的安全问题之一.在随机密钥预分配方案的基础上,提出一种利用节点部署知识和已知区域信息的异构无线传感器网络密钥预分配方案,并分别从网络连通性、节点内存需求和安全性等方面对方案进行性能评价和模拟仿真.结果表明,相比现有密钥管理方案,本方案能提高网络的连通性,减小节点所需存储空间,并增强网络抗攻击能力.     

一种基于ID的传感器网络密钥管理方案

对偶密钥的建立是无线传感器网络的安全基础,它使得节点之间能够进行安全通信。但是由于节点资源的限制,传统的密钥管理方法在传感器网络中并不适用。在分析了现有密钥预分配协议的前提下,该文提出一种新的基于ID的密钥预分配协议。此协议用计算和比较散列值的方式替代广播方式协商密钥,减少了传感器节点大量的通信消耗。然后,分析了所提出方案的安全性、通信量和计算量,并和已有协议进行了比较。结果表明本文的方法不仅能保证安全性,而且节约了大量通信资源。     

无线传感器网络的多空间密钥预分配方案

针对无线传感器网络的安全性要求,分析R.Blom的密钥预分配方案,并在此基础上做出改进,提出了多空间密钥预分配方案:为无线传感器网络中的每一个传感器节点构建多个密钥空间,并通过节点间的共同密钥空间使每个节点对之间都形成一个成对密钥。通过仿真实验测试该方案的安全性,实验结果认为该方案对于该方案对节点捕获攻击具有较高的弹性。     

Ad hoc网络安全性分析

Ad hoc网络是一种特殊的多跳移动无线网络，具有广泛的应用场合。介绍了Ad hoc网络的脆弱性和安全威胁，然后在探讨Ad hoc网络安全目标的基础上。集中讨论了移动Ad hoc网络的路由安全、密钥管理等关键问题。     

Compromise‐Resistant Pairwise Key Establishments for Mobile Ad hoc Networks

This letter presents a pairwise key establishment scheme that is robust against the compromise of nodes in mobile ad hoc networks. Each node establishes local keys with its neighbor nodes that are at most three hops away at network boot‐up time. When any two nodes establish a pairwise key, they receive the secret information from the nodes on the route between them, and construct the pairwise key using the secret information. Here, the local keys are utilized by the nodes on the route to send the secret information securely. The simulation results have proven that the proposed scheme provides better security than the key pre‐distribution‐based scheme.     

自组网中一种基于填充设计的组密钥更新策略

保证密钥安全分发和高效更新是目前自组网安全领域的一个研究热点。该文采用拉丁方构造正交阵列,快速实现t填充设计,在此基础上,将t填充设计的无覆盖集的族性质应用于密钥预分发,提高了自组网抵抗节点合谋的能力,增强了节点的共享密钥连接度,使得密钥的管理更加高效。该文对策略的安全性和有效性进行了详细的理论分析和数据分析。     

一种新的基于辛空间的密钥预分配方案

密钥预分配是无线传感器网络中最具挑战的安全问题之一。 该文基于有限域上辛空间中子空间之间的正交关系构造了一个新的组合设计,并基于该设计构造了一个密钥预分配方案。令V 是有限域上8维辛空间中的一个(4,2)型子空间,V 中每一个(1,0)型子空间看作密钥预分配方案中的一个节点,所有的(2,1)型子空间看作该方案的一个密钥池。将整个目标区域划分为若干个大小相同的小区,每个小区有普通节点和簇头两种类型的传感器节点。小区内的普通节点采用基于辛空间的密钥预分配方案分发密钥,不同小区内节点所用密钥池互不相同,因此不同小区内的节点需通过簇头建立间接通信,不同小区内簇头采用完全密钥预分配方式分发密钥。与其他方案相比,该方案的最大优势是网络中节点的抗捕获能力较强,且随着网络规模的不断扩大,网络的连通概率逐渐趋于1。     

A new hybrid key pre-distribution scheme for wireless sensor networks

This article presents a novel hybrid key pre-distribution scheme based on combinatorial design keys and pair-wise keys. For the presented scheme, the deployment zone is cleft into equal-sized cells. We use the combinatorial design based keys to secure intra-cell communication, which helps to maintain low key storage overhead in the network. For inter-cell communication, each cell maintain multiple associations with all the other cells within communication range and these associations are secured with pair-wise keys. This helps to ensure high resiliency against compromised sensor nodes in the network. We provide in-depth analysis for the presented scheme. We measure the resiliency of the presented scheme by calculating fraction of links effected and fraction of nodes disconnected when adversary compromises some sensor nodes in the network. We find that the presented scheme has high resiliency than majority of existing schemes. Our presented scheme also has low storage overhead than existing schemes.

     

双向中继稀疏多径信道密钥生成与分发

本文利用时分系统无线多径信道的互易性,提取信道相位信息作为密钥,实现双向中继信道的密钥生成与分发。由于信道的稀疏多径特性,采用基于压缩感知的重构算法对信道状态信息进行估计。端节点采用正交导频设计,将双向中继信道分解为两个点对点的信道;而中继采用物理层网络编码的思想,广播导频和密钥比特的异或。这样,仅用2个时隙就实现了密钥生成与分发,还保证了密钥的安全,且无需预先进行密钥的分配。仿真结果表明,本文所提方案可以有效的实现双向中继信道的密钥生成与分发,保证了物理层的安全通信。      

A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks

In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

SBK: A Self-Configuring Framework for Bootstrapping Keys in Sensor Networks

Key pre-distribution has been claimed to be the only viable approach for establishing shared keys between neighboring sensors after deployment for a typical sensor network. However, none of the proposed key pre-distribution schemes simultaneously achieves good performance in terms of scalability in network size, key-sharing probability between neighboring sensors, memory overhead for keying information storage, and resilience against node capture attacks. In this paper, we propose SBK, an in-situ self-configuring framework to bootstrap keys in large-scale sensor networks. SBK is fundamentally different compared to all key pre-distribution schemes. It requires no keying information pre-deployment. In SBK, sensors differentiate their roles as either service nodes or worker nodes after deployment. Service sensors construct key spaces, and distribute keying information in order for worker sensors to bootstrap pairwise keys. An improved scheme, iSBK, is also proposed to speed up the bootstrapping procedure. We conduct both theoretical analysis and simulation study to evaluate the performances of SBK and iSBK. To the best of our knowledge, SBK and iSBK are the only key establishment protocols that simultaneously achieve good performance in scalability, key-sharing probability, storage overhead, and resilience against node capture attacks.