基于IPv6无线传感器网络的路由策略及数据安全技术

发布时间：2018-05-27 20:04

本文选题：无线传感网 + 安全路由　；参考：《南京邮电大学》2017年硕士论文

【摘要】：随着物联网技术的流行,无线传感器网络(WSN)开始受到越来越多的专家和学者的关注。传感器节点由于多数部署在不可达的区域,难以人为地更换电池,故其资源(包括存储、计算、通信)及其有限。然而,在很多场合,例如无人看管的区域、军事监测、车载系统、医疗系统中,数据的安全和隐私保护显得尤为重要。随着IPv6的出现,为了实现更大规模的物联网应用,WSN引入了IPv6编址方案,并出现RPL等数据转发路由算法。针对于现阶段无线传感器网络与IPv6结合的数据转发路由算法具有高能耗、高延迟等缺陷以及考虑到安全性越来越重要的地位,本文提出了一套完整的安全数据转发及路由认证体系。具体包括如下方面:(1)提出了GSRM策略,节点将自身划分成一个个的分组,在分组中部分节点仅发送消息,部分节点仅接收消息,各司其职。节点通过计算自己所位于网络中的GSRM层数值来确定自己所处的分组。中继节点负责消息在组与组之间的转发。基于GSRM分组,设计了相应的密钥分配算法和密钥更新算法,确保数据包在传输的过程中可以受到加密算法的保护,且攻击者在截获、嗅探数据包时无法获知其内容。为了减少网络中不必要的通信并提高网络的鲁棒性,提供了在仅有少量节点死亡或加入网络时的拓扑解决方案。(2)提出了完整的IPv6编址方案,通过对建立的树形拓扑,节点很容易找到自己的父/子节点。基于该IPv6编址方案,设计了相应的路由算法,保证节点与节点之间的通信都有惟一的路径可供数据包送达。(3)基于(1)和(2),针对节点的广播认证问题,本文改进了μTESLA协议,并将其与GSRM策略相结合。通过定义多Hash树和GSRM-Hash树,结合ECC加密方案,设计了GSRM可再生Hash链,当μTESLA协议中的Hash链使用完毕后,可以使得节点不可否认地产生另一条完整的Hash链。(4)基于(1)和(2),针对密钥更新中攻击者可以采取俘获攻击从而高概率预测密钥更新值的问题,本文结合矩阵运算提出了同态加密算法HEBM。其可以保证在leader节点不知道代理节点的隐私向量的前提下完成密钥更新的整个工作,并通过数学公式证明了HEBM的正确性。最后,论文完成了对以上方案的性能评估。从存储、连通性、延迟、安全性、计算开销、通信开销等多个角度分析并比较了GSRM和HEBM的性能。比较结果可以得知本文的方案在这些方面均具有更好的表现。此外也从存储、计算、通信方面将改进后的μTESLA协议与μTESLA协议、多级μTESLA协议进行对比。除了存储开销略大之外,改进的μTESLA协议优于μTESLA协议和多级μTESLA协议。
[Abstract]:With the popularity of Internet of things (IoT) technology, WSNs have attracted more and more attention from experts and scholars. Because most sensor nodes are deployed in unreachable areas, it is difficult to replace batteries artificially, so their resources (including storage, computation, communication) are limited. However, in many situations, such as unattended areas, military monitoring, vehicular systems, medical systems, data security and privacy protection is particularly important. With the emergence of IPv6, in order to realize a larger scale of Internet of things applications, IPv6 addressing scheme is introduced, and RPL and other data forwarding routing algorithms are presented. The data forwarding routing algorithm which combines wireless sensor network and IPv6 has many disadvantages such as high energy consumption, high delay, and considering the increasingly important position of security. In this paper, a complete set of secure data forwarding and routing authentication system is proposed. The main contents are as follows: (1) A GSRM strategy is proposed, in which some nodes only send messages and some nodes only receive messages, and each node performs its duties. Nodes determine their grouping by calculating the GSRM layer in their network. The relay node is responsible for forwarding messages between groups. Based on the GSRM packet, the corresponding key distribution algorithm and key update algorithm are designed to ensure that the packet can be protected by the encryption algorithm during the transmission process, and the attacker can not know the content of the packet when sniffing the packet. In order to reduce unnecessary communication in the network and improve the robustness of the network, a topology solution with only a small number of nodes dead or added to the network is provided. A complete IPv6 addressing scheme is proposed. Nodes can easily find their own parent / child node. Based on this IPv6 addressing scheme, a corresponding routing algorithm is designed to ensure that there is a unique path between nodes for data packet delivery. (3) based on No.1) and No.2), this paper improves the 渭 TESLA protocol for the broadcast authentication of nodes. And combine it with GSRM strategy. By defining multiple Hash trees and GSRM-Hash trees and combining with ECC encryption scheme, a GSRM reproducing Hash chain is designed. When the Hash chain in 渭 TESLA protocol is finished, This allows the node to undeniably generate another complete Hash chain. 4) based on 1) and 2), aiming at the problem that an attacker can take a capture attack in a key update so as to predict the value of a key update with a high probability. In this paper, a homomorphic encryption algorithm, HEBM, is proposed based on matrix operation. It can ensure that the leader node can complete the whole work of the key update without knowing the privacy vector of the proxy node, and prove the correctness of the HEBM by mathematical formula. Finally, the performance evaluation of the above scheme is completed. The performance of GSRM and HEBM is analyzed and compared from storage, connectivity, delay, security, computing overhead and communication overhead. The comparison results show that the scheme of this paper has better performance in these aspects. In addition, the improved 渭 TESLA protocol is compared with 渭 TESLA protocol and multilevel 渭 TESLA protocol in storage, computation and communication. The improved 渭 TESLA protocol is superior to the 渭 TESLA protocol and the multilevel 渭 TESLA protocol.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP212.9;TN929.5

【参考文献】