传感器网络关键安全技术研究

发布时间：2018-06-21 20:56

本文选题：无线传感器网络 + 网络安全　；参考：《西安电子科技大学》2014年博士论文

【摘要】：传感器网络综合了传感器技术、嵌入式计算技术、分布式信息处理技术和通信技术,能够协作地实时监测、感知和采集网络分布区域内的各种环境或监测对象的信息,并将这些信息处理后传送给用户。由于传感器节点资源严格受限以及传感器网络自身的无线特性,其安全面临巨大挑战。本文研究传感器网络中的关键安全技术,内容包括：传感器网络密钥管理与节点鉴别机制、传感器网络广播鉴别机制以及传感器网络访问控制机制。主要研究成果有： 1.对传感器网络密钥管理与节点鉴别机制进行了研究,提出一套完整的传感器网络密钥管理机制,包括成对密钥、组密钥的分发和协商等,在利用这些密钥提供保密通信的同时,能够支持节点间端到端的身份鉴别。基于hash算法,提出基于预共享密钥的轻量级节点鉴别机制,增强了传感器网络节点抵抗捕获攻击的能力,能够防止节点被复制和伪造,且具有较低的资源开销和很好的扩展性。 3.对传感器网络广播鉴别机制进行了研究,分别提出基于一次性签名和基于消息验证码的传感器网络广播鉴别机制,其中基于一次性签名的多广播节点传感器网络广播鉴别协议具有存储、通信和计算开销低,能够抵抗穷举、选择明文、DoS等攻击,适用于大规模多广播节点传感器网络的特性；基于消息鉴别码的传感器网络广播鉴别机制能够抵抗针对μTESLA参数分发过程的DoS攻击,较Tree-Based μTESLA协议计算、通信和存储开销小,且能够立即撤销被俘节点的鉴别能力。 4.对传感器网络访问控制机制进行了研究,针对存在移动用户的传感器网络,设计两跳覆盖THC(Two-Hop Cover)算法,通过周期性地信息扩散,使传感器节点能够在用户移动过程中及时得到用户的鉴别信息,保证了用户移动过程中鉴别信息在传感器网络节点间的同步性。基于THC算法,引入Merkle哈希树和单向链等安全机制,采用分布式的访问控制模式,提出了适用于随机移动用户的传感器网络访问控制机制。实验和分析表明,本机制既适用移动用户,也适用静止用户,计算、通信、存储开销低,能够抵制节点捕获、重放、DoS等攻击。
[Abstract]:Sensor network integrates sensor technology, embedded computing technology, distributed information processing technology and communication technology. It can monitor, perceive and collect the information of various environments or monitoring objects in the distributed area of the network in collaboration in real time. The information is processed and transmitted to the user. Due to the limited resource of sensor nodes and the wireless characteristics of sensor networks, the security of sensor networks faces great challenges. The key security technologies in sensor networks are studied in this paper, including key management and node authentication in sensor networks, broadcast authentication in sensor networks and access control mechanisms in sensor networks. The main research results are as follows: 1. This paper studies the key management and node authentication mechanism of sensor networks, and proposes a complete key management mechanism for sensor networks, including pairwise keys, distribution and negotiation of group keys, etc., which are used to provide secure communication at the same time. Can support end-to-end authentication between nodes. Based on hash algorithm, a lightweight node authentication mechanism based on pre-shared key is proposed, which enhances the ability of sensor network nodes to resist capture attacks, and can prevent nodes from being copied and forged. And has the lower resource overhead and the very good extensibility. 3. In this paper, the broadcast authentication mechanism of sensor network is studied, and the broadcast authentication mechanism based on one-off signature and message verification code is proposed respectively. Multi-broadcast node sensor network broadcast authentication protocol based on one-off signature has the characteristics of storage, low communication and computing overhead, resistance to exhaustive attack, selection of clear text dos and so on, which is suitable for large-scale multi-broadcast node sensor network. The broadcast authentication mechanism based on message authentication code can resist the dos attack against 渭 Tesla parameter distribution process, which is less than Tree-Based 渭 Tesla protocol calculation, communication and storage overhead, and can revoke the authentication ability of captured nodes immediately. 4. In this paper, the access control mechanism of sensor networks is studied. For sensor networks with mobile users, a two-hop overlay THC Two-Hop coverage algorithm is designed, which diffuses information periodically. The sensor node can get the user identification information in time during the process of the user moving, which ensures the synchronization of the identification information between the nodes of the sensor network. Based on the THC algorithm, Merkle hash tree and one-way chain are introduced, and the distributed access control mode is used to propose an access control mechanism for random mobile users in sensor networks. Experiments and analyses show that the proposed scheme is suitable for both mobile and static users, and can resist attacks such as node capture and replay of dos with low computing, communication and storage overhead.
【学位授予单位】：西安电子科技大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP212.9;TN915.08

【参考文献】