双向中继稀疏多径信道密钥生成与分发

本文利用时分系统无线多径信道的互易性,提取信道相位信息作为密钥,实现双向中继信道的密钥生成与分发。由于信道的稀疏多径特性,采用基于压缩感知的重构算法对信道状态信息进行估计。端节点采用正交导频设计,将双向中继信道分解为两个点对点的信道;而中继采用物理层网络编码的思想,广播导频和密钥比特的异或。这样,仅用2个时隙就实现了密钥生成与分发,还保证了密钥的安全,且无需预先进行密钥的分配。仿真结果表明,本文所提方案可以有效的实现双向中继信道的密钥生成与分发,保证了物理层的安全通信。      

Ad hoc网中基于哈希的对偶密钥预分配方案

随机密钥预分配是无线Ad hoc网络中最有效的密钥管理机制。提出了一个适用于Ad hoc网络的基于哈希函数的对偶密钥预分配方案。方案利用哈希函数的单向性,由哈希链形成密钥池,节点仅需预分发数量较少的密钥,就能与邻近节点有效建立对偶密钥。方案具有较低的存储成本与计算开销,同时能达到完全连通性,并能动态管理节点与密钥。分析表明,方案具有较好的有效性和安全性,更适合Ad hoc网络。     

一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

基于信道特征量化的自适应密钥生成方案设计简

针对现有基于信道特征量化的密钥生成方法无法同时保证生成密钥的强度与系统的有效性,表现为密钥熵率低或不一致率高的问题,提出了一种基于信道特征量化的自适应密钥生成方案,利用密钥速率的上界函数曲线近似实际曲线,在保证一致率的前提下提高信道特征的量化精度,增加生成密钥的熵率;在此基础上依据接收导频信号的信噪比选择生成密钥熵率较大的协商方案。仿真结果表明,利用所提方案生成密钥可以保证密钥强度与系统的有效性。     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

一种基于Savitzky-olay滤波的物理层密钥生成方法

物理层密钥生成技术使得节点能够利用无线信道的物理特性直接生成共享密钥,从而保证无线通信过程的安全性。针对当前物理层密钥生成方案普遍存在实际场景下密钥生成率低的问题,提出了一个基于Savitzky-olay滤波的物理层密钥生成机制优化方案。该方案中,合法通信节点首先探测信道并通过Savitzky-olay滤波消除部分由信道干扰造成的信道状态差异,然后,利用多级量化以及格雷码将信道状态转为比特序列,最终通过Cascade交互式信息协调协议以及基于2阶全域哈希函数的保密增强生成合法节点之间的共享密钥。实验结果表明,基于Savitzky-olay滤波的优化方案能够有效提高物理层密钥生成过程的效率,提高了此类安全机制的实际可用性。     

面向物联网准静态信道的中继协作密钥生成方法

针对物联网准静态信道下密钥生成速率低的问题,该文提出一种基于中继节点协作的密钥生成方法。首先,通信双方通过信道估计获得直达信道和部分中继信道信息;然后,中继节点采用网络编码技术参与协作,使得通信双方获取全部中继信道信息;最后,通信双方在直达信道上进行密钥协商,利用直达信道信息、中继信道信息与协商信息共同生成相同的密钥。安全性分析表明该方法能够提高可达密钥速率,并且随着信噪比的提高,可达密钥速率呈线性增长,趋于最优值。蒙特卡洛仿真验证了理论分析的结果,并得出了增加中继节点数量、选取信道变化幅度大的中继节点,可以进一步提高可达密钥速率。     

Non-interactive key establishment in mobile ad hoc networks

We present a new non-interactive key agreement and progression (NIKAP) scheme for mobile ad hoc networks (MANETs), which does not require an on-line centralized authority, can non-interactively establish and update pairwise keys between nodes, is configurable to operate synchronously or asynchronously, and supports differentiated security services w.r.t. the given security policies. NIKAP is valuable to scenarios where pairwise keys are desired to be established without explicit negotiation over insecure channels, and also need to be updated frequently.     

单载波频域均衡系统中基于信道频域响应的密钥生成机制研究

单载波频域均衡(SC-FDE)系统中,信道的频域响应可以作为随机源来生成密钥。为了提高密钥容量,该文提出一种利用多径瑞利信道的频域响应来生成密钥的机制(CFR-Key)。首先研究了CFR-Key机制的原理和密钥生成速率,通过互信息理论推导出了CFR-Key的密钥容量;进而研究了CFR-Key机制中算法的量化等级的影响因素,推导验证了量化等级的选择只与信噪比有关,当信噪比确定的情况下通过选择最优的量化等级可以得到最大的密钥生成速率;与基于信道冲激响应生成密钥机制(CIR-Key)对比,证实了CFR-Key机制可大幅提高密钥容量。     

无可信中心的可变门限签名方案

分析了Lee的多策略门限签名方案,发现其不能抗合谋攻击.基于Agnew等人改进的E1Gamal签名方案,提出了一个无可信中心的可变门限签名方案.该方案允许在群体中共享具有不同门限值的多个组密钥,每个签名者仅需保护一个签名密钥和一个秘密值;可以根据文件的重要性灵活地选取不同的门限值进行门限签名.分析表明,提出的方案防止了现有方案中存在的合谋攻击,而且无需可信中心来管理签名者的密钥,密钥管理简单,更具安全性和实用性.     

HIKES: Hierarchical key establishment scheme for wireless sensor networks

This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd.     

Homomorphic Subspace MAC Scheme for Secure Network Coding

Existing symmetric cryptography‐based solutions against pollution attacks for network coding systems suffer various drawbacks, such as highly complicated key distribution and vulnerable security against collusion. This letter presents a novel homomorphic subspace message authentication code (MAC) scheme that can thwart pollution attacks in an efficient way. The basic idea is to exploit the combination of the symmetric cryptography and linear subspace properties of network coding. The proposed scheme can tolerate the compromise of up to r?1 intermediate nodes when r source keys are used. Compared to previous MAC solutions, less secret keys are needed for the source and only one secret key is distributed to each intermediate node.     

High-Rate Uncorrelated Bit Extraction for Shared Secret Key Generation from Channel Measurements

Secret keys can be generated and shared between two wireless nodes by measuring and encoding radio channel characteristics without ever revealing the secret key to an eavesdropper at a third location. This paper addresses bit extraction, i.e., the extraction of secret key bits from noisy radio channel measurements at two nodes such that the two secret keys reliably agree. Problems include 1) nonsimultaneous directional measurements, 2) correlated bit streams, and 3) low bit rate of secret key generation. This paper introduces high-rate uncorrelated bit extraction (HRUBE), a framework for interpolating, transforming for decorrelation, and encoding channel measurements using a multibit adaptive quantization scheme which allows multiple bits per component. We present an analysis of the probability of bit disagreement in generated secret keys, and we use experimental data to demonstrate the HRUBE scheme and to quantify its experimental performance. As two examples, the implemented HRUBE system can achieve 22 bits per second at a bit disagreement rate of 2.2 percent, or 10 bits per second at a bit disagreement rate of 0.54 percent.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

改进的无线传感器网络密钥预分发方案

针对现有的无线传感器网络密钥预分发方案密钥易泄露,不可追溯泄密传感器节点等产生的信息泄露问题,新方案改进了已有的基于多项式密钥预分发方案,将节点位置信息和身份信息引入传输信息的路径中,并经过密钥更新及管理说明,连通性和安全性分析。证明新方案提高了已有方案的抗捕获性,易于基站即时发现捕获节点,即时进行调整和明确所接收到的信息的来源。易于用在军事领域及不安全环境中进行信息监测及传输。     

一种基于KeyRev的无线传感器网络密钥撤销方案

KeyRev密钥撤销方案可以在一定程度上销毁无线传感网络中的受损节点,并可以生成新一轮通信中会话密钥,已生成会话密钥的节点即可生成数据加密密钥和MAC校验密钥。但因其是采用明文广播受损节点信息。使遭受攻击的节点很容易发现自己身份暴露,从而采取欺骗、篡改等手段依然参与网络通信。对此方案予以改进优化,对广播信息隐蔽处理,更加安全有效地剔除网络中的受损节点。     

一种基于ID的传感器网络密钥管理方案

对偶密钥的建立是无线传感器网络的安全基础,它使得节点之间能够进行安全通信。但是由于节点资源的限制,传统的密钥管理方法在传感器网络中并不适用。在分析了现有密钥预分配协议的前提下,该文提出一种新的基于ID的密钥预分配协议。此协议用计算和比较散列值的方式替代广播方式协商密钥,减少了传感器节点大量的通信消耗。然后,分析了所提出方案的安全性、通信量和计算量,并和已有协议进行了比较。结果表明本文的方法不仅能保证安全性,而且节约了大量通信资源。     

传感器网络中基于DNA模型的对偶密钥建立算法研究

在KDC(Key Distribution Center)和DNA多样性的基础上,提出了一种用于密钥预置的DNA模型及其密钥预置(Key Predistribution)机制,然后,在结合密钥池(Key Pool)加密技术优点的基础上,提出了一种传感器网络中基于DNA模型的新对偶密钥建立算法.新算法利用DNA链中寡聚核苷酸编码特性进行密钥预置,任意节点对之间以DNA链进行信息交换,而以DNA链中包含的某段寡聚核苷酸对应的编码作为实际对偶密钥.理论与实验分析表明,与基于多项式、多项式池的密钥预置模型的对偶密钥建立算法相比,新算法具有更好的安全性能,更低的通信开销、以及更高的直接对偶密钥建立概率.因此,是一种更适合传感器网络特点的新型高效对偶密钥建立算法.     

A function node-based Multiple Pairwise Keys Management protocol for Wireless Sensor Networks and energy consumption analysis

In this letter, a Function node-based Multiple Pairwise Keys Management (MPKMF)protocol for Wireless Sensor Networks (WSNs) is firstly designed, in which ordinary nodes and cluster head nodes are responsible for data collection and transmission, and function nodes are responsible for key management. There are more than one function nodes in the cluster consulting the key generation and other security decision-making. The function nodes are the second-class security center because of the characteristics of the distributed WSNs. Secondly, It is also described that the formation of function nodes and cluster heads under the control of the former, and five kinds of keys, I.e., individual key,pairwise keys, cluster key, management key, and group key. Finally, performance analysis and ex-periments show that, the protocol is superior in communication and energy consumption. The delay of establishing the cluster key meets the requirements, and a multiple pairwise key which adopts the coordinated security authentication scheme is provided.     

A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks

In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis.