无线传感器网络密钥管理与安全数据聚合技术的研究

发布时间：2018-01-18 15:14

本文关键词：无线传感器网络密钥管理与安全数据聚合技术的研究　出处：《南京邮电大学》2014年博士论文　论文类型：学位论文

【摘要】：随着无线通信技术、嵌入式计算技术和微电子技术的迅速发展,无线传感器网络(Wireless Sensor Networks,WSNs)受到越来越多的关注。作为沟通物理世界与信息世界的桥梁,WSNs可广泛应用于环境监测、医疗卫生、军事国防等众多领域。但是WSNs无线通信、资源受限、无人值守和无固定基础实施的特点,使其面临各种安全威胁与挑战。WSNs能否广泛应用,关键在于其能否为用户提供安全可靠、值得信赖的服务。因此,如何保障WSNs的安全性是一个不可忽视的前沿研究领域,具有重要的理论和实际意义。本文主要从密钥管理和安全数据聚合两个方面对WSNs的安全技术进行研究。一方面,针对传统密钥预分配技术应用于大规模WSNs存在的通信和存储开销高、密钥连通度低及抗俘获性差等问题,基于简洁高效的公钥密码技术,研究适用于大规模WSNs的成对密钥管理技术。另一方面,针对网内数据聚合技术与安全目标之间的矛盾,结合隐私同态和聚合认证技术,研究安全数据聚合技术,旨在在网内聚合过程中保障数据的隐私性和完整性。此外,现有的WSNs安全研究中,算法的性能评估和安全评估大多只限于理论分析,极少有原型实现和针对具体平台的实际性能数据。针对目前WSNs安全算法的性能评估工具不完备的问题,本文结合网络仿真工具和多种性能分析工具构建WSNs性能评估与验证平台,研究WSNs安全协议的性能评估模型和安全评估方法。本文的主要研究成果包括如下几个方面:(1)提出了一种基于身份的WSNs密钥协商方案,称为IBKAS(Identity-Based Key Agreement Scheme for WSNs),该机制利用基于身份的密码技术(Identity-Based Encrytption,IBE)加密密钥协商参数,支持身份认证和隐式密钥认证,适用于大规模WSNs中相邻节点的对称密钥协商、更新与撤销。本文在随机预言模型下证明了方案IBKAS的安全性,并对其进行了启发式安全分析。分析表明,IBKAS不仅满足认证密钥协商协议需具备的基本安全属性,还能够抵抗中间人攻击、重放攻击和节点俘获攻击,并提供PKG前向安全性(无密钥托管性质)。与同类方案相比,IBKAS各方面开销显著减少。本文基于TinyOS平台给出了方案IBKAS的原型实现,并对其进行了性能评估。实验结果表明,虽然IBKAS消耗的资源略高,但对于大规模传感器网络中的密钥分配与更新这类使用频率较低的应用来说,IBKAS是合理可行的。(2)提出了一种基于身份的WSNS认证密钥协商方案,称为TinyIBAK(Identity-Based Authenticated Key Agreement Scheme for WSNs)。该机制同时支持身份认证和密钥确认,适用于大规模WSNs中相邻节点间对称密钥的建立、更新和撤销。本文在随机预言模型下证明了协议TinyIBAK的安全性,并利用启发式分析方法对安全模型中没有涵盖的安全性质进行分析,还利用形式化安全验证工具AVISPA仿真验证了协议的安全性能。这些安全性分析同时表明,TinyIBAK能够有效抵御主动和被动攻击,具有良好的安全性。为了评估该方案在WSNs中的性能与可行性,本文基于TinyOS平台给出了其原型实现,并设计了节点级实验和网络级实验。实验结果表明,TinyIBAK消耗的资源在可接受范围内,对于大规模传感网络中的密钥协商、更新与撤销这类使用频率较低的应用而言是合理可行的。与传统密钥预分配方案相比,TinyIBAK支持高效的密钥更新,且在安全强度、密钥连通性、可扩展性、通信开销和存储开销方面有显著优势。与同类方案相比,TinyIBAK性能更加优异,或性能相当但提供密钥动态性和密钥更新。(3)为了在数据聚合模式下同时实现隐私保护与完整性保护功能,基于同态加密和聚合消息验证码技术提出了一种同时保障数据隐私性与完整性的可恢复数据聚合方案,称为RPIDA(Recoverable Privacy-preserving and Integrity-assured Data Aggregation for WSNs)。该方案具有两种特殊性质:第一,BS能够从聚合结果中恢复出所有感知节点采集的感知数据;第二,BS能够在一定范围内检测出恶意节点攻击并定位恶意节点。安全分析表明RPIDA方案能够同时保障感知数据和聚合数据的端到端隐私性和完整性,抵抗未授权聚合攻击和聚合节点俘获攻击,还能够检测并定位恶意节点,并将恶意行为限制在一定范围内。为了评估协议的性能和可行性,本文基于TinyOS平台开发了RPIDA的原型实现,并基于目前主流的传感器网络硬件平台MICA2节点分析了协议运行所需的能耗、时间和存储空间。实验结果表明,方案RPIDA能够以较低的资源消耗,同时保障聚合过程中的数据机密性和完整性,实现安全的数据聚合。相比同类方案,RPIDA方案在通信和计算开销方面都具有显著优势。(4)构建了一种新的WSNs性能评估与验证平台WSNs-PEV(WSNs Performance Evaluation and Validation platform),并基于该平台提出了一种新的性能评估模型。同时,为实现对协议存储占用的精确测量,设计了一种存储性能分析工具MSeeker。结合本文提出的性能评估模型和存储性能评估工具MSeeker,WSNs-PEV能够实现对WSNs协议通信、计算和存储性能的高精度测量和分析。此外,WSNs-PEV平台还能够利用形式化分析方法验证协议的安全性。基于WSNs-PEV平台,我们给出了本文提出的安全方案的原型实现,并评估了这些方案部署在MICA系列节点上的执行时间、能耗和存储占用等关键性能指标。
[Abstract]:With the rapid development of wireless communication technology, embedded computing technology and microelectronics technology, wireless sensor network (Wireless Sensor Networks, WSNs) has attracted more and more attention. As a communication bridge between the physical world and information world, WSNs can be widely used in environmental monitoring, medical and health, many areas of military defense. But the WSNs wireless communication resources limited, unattended and no fixed infrastructure, it faces a variety of security threats and challenges of.WSNs can be widely used, the key lies in its ability to provide users with safe and reliable, trustworthy service. Therefore, how to protect the security of WSNs is an important research field, has the important theory and the practical significance. This article mainly from the key management and secure data aggregation of security technology for WSNs two aspects. On the one hand, the traditional key pre distribution Communication and storage overhead technology applied to large scale WSNs have high and low degree of connectivity, the key problem of anti capture of the poor, simple and efficient public key cryptography based on pairwise key management technology research for large scale WSNs. On the other hand, the contradiction between network data aggregation technology and security objectives, combined with the privacy homomorphism study on polymerization and polymerization authentication technology, technology safety data, to protect the privacy and integrity of the polymerization process of data in the network. In addition, the existing WSNs security research, mostly limited to theoretical analysis of the performance evaluation and security evaluation algorithm, there is little prototype and according to the actual performance data for specific platform. The current performance evaluation tool WSNs security algorithm incomplete problems, combined with the network simulation tools and a variety of performance analysis tools to construct the WSNs performance evaluation and Verification Platform Research The performance evaluation model and method of safety evaluation of the WSNs security protocol. The main research results of this paper are as follows: (1) proposed a WSNs identity based key agreement scheme, called IBKAS (Identity-Based Key Agreement Scheme for WSNs), the mechanism of using identity based encryption (Identity-Based encryption Encrytption, IBE) key parameters, support authentication and implicit key authentication, symmetric key agreement applies to adjacent nodes in large-scale WSNs, update and revocation. This paper proved the security of IBKAS scheme in the random oracle model, and has carried on the heuristic safety analysis. Analysis shows that IBKAS not only meet the basic security properties of authentication key negotiation protocol is required, but also can resist man in the middle attack, replay attack and node capture attack, and provide PKG forward security (without key escrow property with the same). For compared to all aspects of the IBKAS overhead significantly reduced. This paper presents the implementation scheme of IBKAS TinyOS platform based on the prototype, and evaluates its performance. The experimental results show that although the IBKAS resource consumption is slightly higher, but for key distribution in large-scale sensor networks and update the application that use low frequency. IBKAS is reasonable and feasible. (2) proposed a WSNS authenticated key agreement scheme based on identity, called TinyIBAK (Identity-Based Authenticated Key Agreement Scheme for WSNs). The mechanism also supports authentication and key confirmation, establish suitable for large-scale WSNs adjacent nodes in the symmetric key update and revocation. This paper shows that the security of the TinyIBAK protocol in the random oracle model, and no security properties covered security model was analyzed by using the heuristic analysis method, also use the form Safety verification tool AVISPA simulation to verify the security properties of the protocol. The security analysis also shows that TinyIBAK can effectively resist the active and passive attacks, with good security. In order to evaluate the feasibility and performance of the scheme in WSNs, based on TinyOS platform is given its prototype, and the design of the experiment and the node level the network level experiments. Experimental results show that the consumption of TinyIBAK resources within an acceptable range for key agreement in large-scale wireless sensor networks application, update and revocation of this kind of low frequency of use is reasonable and feasible. Compared with the traditional key pre distribution scheme, TinyIBAK supports efficient key update, and the security strength, key connectivity, scalability, have significant advantages for communication overhead and storage overhead. Compared with similar schemes, TinyIBAK more excellent performance, or performance is quite dense but Dynamic key update and key. (3) in data aggregation while achieving privacy protection and integrity protection mode, homomorphic encryption and message authentication code polymerization technology brings a while ensuring data privacy and integrity of the recovery scheme based on data aggregation, called RPIDA (Recoverable Privacy-preserving and Integrity-assured Data Aggregation for WSNs). The scheme has two special properties: first, BS can restore all sensor nodes sensing data from the polymerization results; second, BS can be detected in a certain range of malicious nodes and locate malicious nodes. Security analysis shows that the RPIDA scheme can also guarantee the sensing data and aggregate data to the end the end of privacy and integrity, against unauthorized polymerization and polymerization against node capture attack, but also can detect and locate malicious nodes and malicious behavior Is limited to a certain range. In order to evaluate the performance and feasibility of the agreement, the implementation of TinyOS platform RPIDA is developed based on the prototype, and based on the hardware platform of MICA2 sensor network node mainstream analysis of the energy consumption required to run the protocol, time and storage space. The experimental results show that the RPIDA scheme can lower the consumption of resources at the same time, to ensure data confidentiality and integrity in the polymerization process, to achieve secure data aggregation. Compared with similar schemes, RPIDA scheme has significant advantages in communication and computation overhead. (4) to build a new performance evaluation and validation of WSNs platform WSNs-PEV (WSNs Performance Evaluation and Validation platform), and based on the the platform put forward a new performance model. At the same time, to achieve accurate measurement of the occupation of the store, designed a storage performance analysis tool MSeeker. The evaluation tool MSeeker and performance evaluation model and storage performance are presented in this paper, WSNs-PEV can be achieved on the WSNs protocol, high precision measurement and analysis calculation and storage performance. In addition, WSNs-PEV platform is able to use formal security analysis method validation protocol. Based on the WSNs-PEV platform, we give the implementation of security scheme is proposed in this paper the prototype, and evaluated the deployment in the MICA series node on the execution time, the key performance indicators of energy consumption and storage.

【学位授予单位】：南京邮电大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP212.9;TN918.4

【相似文献】