高级量测体系WSNs安全防御技术研究
发布时间:2019-06-24 22:36
【摘要】:智能电网是一种全新的能源管理模式,发展智能电网是我国的国家战略之一,而高级量测体系(AMI)是实施智能电网的第一步。AMI的一个重要特点是利用安全、可靠的通信网络实现用户与供电方之间的双向数据交换,有效实施互动用电。低成本的无线传感网络(WSNs)是AMI中智能电表到数据集中器之间常用的无线通信技术。鉴于AMI在智能电网中所处的关键位置,保证WSNs通信的安全性是亟需解决的关键问题。安全防御技术是保证WSNs通信安全的常用手段。安全防御技术中以密钥管理、加密技术等为代表的被动防御技术被称为保证信息安全的第一道防线,而以入侵检测为代表的主动防御技术是保证信息安全的第二道屏障。因此,本文围绕高级量测体系WSNs中的密钥管理、安全数据聚合、信任管理和入侵检测等几方面安全防御技术开展研究。在分析高级量测体系WSNs的网络结构和信息传输方式的基础上,提出了一种基于改进椭圆曲线Diffie-Hellman密钥交换协议(ECDH)的密钥管理方案,给出了一种节点公钥、私钥的分配、更新方法和基于哈希运算的认证函数的数据完整性验证方法。所提密钥管理方案可解决WSNs单播通信和多播通信中会话密钥的建立、分配和更新等问题。为验证该方案会话密钥的安全性和应对中间人攻击的能力,对该方案的安全性能进行了分析。为验证该方案能否应用于智能电表和汇聚节点等硬件资源和计算能力有限的AMI装置中,对所提方案的时间消耗和密钥存储消耗进行了分析。为减少AMI中智能电表在数据传输时的资源开销,并保证数据传输的安全性,提出了一种基于对称同态加密的安全数据聚合算法(HECDA)。该算法通过加法同态加密算法保证数据聚合时的机密性,采用中国剩余定理(CRT)实现数据完整性验证。针对在AMI中为实现客户账单的生成、电能质量分析和优化等功能需获得每个智能电表的数据这一要求,提出了一种数据可恢复的安全数据聚合算法(ERCDA)。该算法通过采用一种有效的串零编码方式首先将明文数据进行编码,并利用加法同态加密算法对编码后的数据进行加密。为验证这两种算法是否具有较好的数据机密性、完整性和新鲜性保护功能,对其安全性能进行了分析。为展现AMI中各节点工作时的网络状态是否正常,提出了一种基于优化Beta分布理论的信任管理机制。该机制以优化的Beta分布理论为基础实现对各节点信任值的计算,通过综合考虑针对WSNs的典型网络攻击及其主要特征进行信任属性的定义,采用一种自适应的方法进行信任属性的采集,基于马氏距离对信任属性是否异常进行判断,在信任值计算时对信任属性连续异常和交替异常的情况采取惩罚措施。通过仿真分析以及与RFSN方案进行对比,验证了该机制的有效性。针对AMI工作环境中存在电磁干扰严重、多种无线通信并存,因此不能确定节点信任值的降低是由干扰还是攻击引起这一问题,通过分析AMI中节点信任值具有时间相关性和空间相关性,提出了一种基于节点信任值异常的分级入侵检测方案。该方案包括节点信任值的点异常检测和序列异常检测,提出了一种基于直推信度机和K近邻相结合的算法(TCM-KNN)对节点信任值的点异常进行检测,提出了一种基于1/4超球体的单类支持向量机(QS-OCSVM)算法对节点信任值的序列异常进行检测。仿真分析表明,本文方案具有较好的检测性能(包括较高的检测率和较低的误检率)。
[Abstract]:The intelligent power grid is a brand-new energy management mode, and the development of the intelligent power grid is one of the national strategies of our country, and the advanced measurement system (AMI) is the first step to implement the intelligent power grid. An important feature of AMI is to use a secure and reliable communication network to realize the two-way data exchange between the user and the power supply, and to effectively implement the interactive power utilization. The low-cost wireless sensor network (WSNs) is a common wireless communication technology between the smart meter and the data concentrator in the AMI. In view of the critical position of AMI in the intelligent power grid, the security of WSNs communication is the key problem to be solved urgently. The security defense technology is a common means to guarantee the communication safety of WSNs. The passive defense technology, which is represented by key management and encryption technology, is called the first line of defense to guarantee the information security, while the active defense technology, which is represented by the intrusion detection, is the second barrier to guarantee the information security. Therefore, this paper studies the security defense technology in the aspects of key management, security data aggregation, trust management and intrusion detection in the high-level measurement system WSNs. On the basis of analyzing the network structure and the information transmission mode of the high-level measurement system WSNs, a key management scheme based on the improved elliptic curve Diffie-Hellman key exchange protocol (ECDH) is proposed, and the distribution of the public key and the private key of the node is given. The invention relates to an updating method and a data integrity verification method of an authentication function based on a hash operation. The proposed key management scheme can solve the problems of establishing, distributing and updating the session key in the WSNs unicast communication and multicast communication. In order to verify the security of the session key and the ability to deal with the man-in-the-middle attack, the security performance of the scheme is analyzed. In order to verify that the scheme can be applied to the hardware resources such as smart meter and sink node and the AMI device with limited computing capacity, the time consumption and key storage consumption of the proposed scheme are analyzed. In order to reduce the resource overhead of the smart meter in the data transmission, and to ensure the security of data transmission, a secure data aggregation algorithm (HECDA) based on symmetric homomorphic encryption is proposed. In this paper, the confidentiality of data aggregation is guaranteed by adding homomorphic encryption algorithm, and data integrity verification is realized by using the Chinese remainder theorem (CRT). A safe data aggregation algorithm (ERCDA) for data recovery is proposed in order to obtain the data of each smart meter for the function of the generation of the customer's bill in the AMI, the analysis of the quality of the electric energy and the optimization. In the method, the plaintext data is first coded by adopting an effective serial-zero coding method, and the coded data is encrypted by the addition homomorphic encryption algorithm. In order to verify whether these two algorithms have better data confidentiality, integrity and freshness protection, the security performance of the two algorithms is analyzed. In order to show whether the network state of each node in AMI is normal, a trust management mechanism based on the optimization of Beta distribution theory is proposed. based on the optimized Beta distribution theory, the mechanism realizes the calculation of the trust value of each node, and by comprehensively considering the definition of the trust attribute of the typical network attack and the main characteristic of the WSNs, the mechanism adopts an adaptive method to acquire the trust attribute, Judging whether the trust attribute is abnormal based on the Markov distance, and taking a punishment measure to the condition that the trust attribute is continuously abnormal and the alternate abnormality when the trust value is calculated. The effectiveness of this mechanism is verified by the simulation analysis and the comparison with the RFSN scheme. in ord to solve that problem of serious electromagnetic interference and multiple wireless communication in the working environment of the AMI, it is not possible to determine whether the decrease in the trust value of the node is caused by interference or attack, and the time dependence and the spatial correlation of the node trust value in the AMI are analyzed, A hierarchical intrusion detection scheme based on node trust value anomaly is proposed. The scheme includes the point anomaly detection and the sequence anomaly detection of the node trust value, and proposes a method (TCM-KNN) based on the combination of the direct-push reliability machine and the K-neighbor to detect the point anomaly of the node trust value, A single class support vector machine (QS-OCSVM) algorithm based on 1/4 supersphere is proposed to detect the sequence of the node trust value. The simulation analysis shows that the scheme has better detection performance (including higher detection rate and lower error rate).
【学位授予单位】:哈尔滨工业大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TM76;TM73
本文编号:2505417
[Abstract]:The intelligent power grid is a brand-new energy management mode, and the development of the intelligent power grid is one of the national strategies of our country, and the advanced measurement system (AMI) is the first step to implement the intelligent power grid. An important feature of AMI is to use a secure and reliable communication network to realize the two-way data exchange between the user and the power supply, and to effectively implement the interactive power utilization. The low-cost wireless sensor network (WSNs) is a common wireless communication technology between the smart meter and the data concentrator in the AMI. In view of the critical position of AMI in the intelligent power grid, the security of WSNs communication is the key problem to be solved urgently. The security defense technology is a common means to guarantee the communication safety of WSNs. The passive defense technology, which is represented by key management and encryption technology, is called the first line of defense to guarantee the information security, while the active defense technology, which is represented by the intrusion detection, is the second barrier to guarantee the information security. Therefore, this paper studies the security defense technology in the aspects of key management, security data aggregation, trust management and intrusion detection in the high-level measurement system WSNs. On the basis of analyzing the network structure and the information transmission mode of the high-level measurement system WSNs, a key management scheme based on the improved elliptic curve Diffie-Hellman key exchange protocol (ECDH) is proposed, and the distribution of the public key and the private key of the node is given. The invention relates to an updating method and a data integrity verification method of an authentication function based on a hash operation. The proposed key management scheme can solve the problems of establishing, distributing and updating the session key in the WSNs unicast communication and multicast communication. In order to verify the security of the session key and the ability to deal with the man-in-the-middle attack, the security performance of the scheme is analyzed. In order to verify that the scheme can be applied to the hardware resources such as smart meter and sink node and the AMI device with limited computing capacity, the time consumption and key storage consumption of the proposed scheme are analyzed. In order to reduce the resource overhead of the smart meter in the data transmission, and to ensure the security of data transmission, a secure data aggregation algorithm (HECDA) based on symmetric homomorphic encryption is proposed. In this paper, the confidentiality of data aggregation is guaranteed by adding homomorphic encryption algorithm, and data integrity verification is realized by using the Chinese remainder theorem (CRT). A safe data aggregation algorithm (ERCDA) for data recovery is proposed in order to obtain the data of each smart meter for the function of the generation of the customer's bill in the AMI, the analysis of the quality of the electric energy and the optimization. In the method, the plaintext data is first coded by adopting an effective serial-zero coding method, and the coded data is encrypted by the addition homomorphic encryption algorithm. In order to verify whether these two algorithms have better data confidentiality, integrity and freshness protection, the security performance of the two algorithms is analyzed. In order to show whether the network state of each node in AMI is normal, a trust management mechanism based on the optimization of Beta distribution theory is proposed. based on the optimized Beta distribution theory, the mechanism realizes the calculation of the trust value of each node, and by comprehensively considering the definition of the trust attribute of the typical network attack and the main characteristic of the WSNs, the mechanism adopts an adaptive method to acquire the trust attribute, Judging whether the trust attribute is abnormal based on the Markov distance, and taking a punishment measure to the condition that the trust attribute is continuously abnormal and the alternate abnormality when the trust value is calculated. The effectiveness of this mechanism is verified by the simulation analysis and the comparison with the RFSN scheme. in ord to solve that problem of serious electromagnetic interference and multiple wireless communication in the working environment of the AMI, it is not possible to determine whether the decrease in the trust value of the node is caused by interference or attack, and the time dependence and the spatial correlation of the node trust value in the AMI are analyzed, A hierarchical intrusion detection scheme based on node trust value anomaly is proposed. The scheme includes the point anomaly detection and the sequence anomaly detection of the node trust value, and proposes a method (TCM-KNN) based on the combination of the direct-push reliability machine and the K-neighbor to detect the point anomaly of the node trust value, A single class support vector machine (QS-OCSVM) algorithm based on 1/4 supersphere is proposed to detect the sequence of the node trust value. The simulation analysis shows that the scheme has better detection performance (including higher detection rate and lower error rate).
【学位授予单位】:哈尔滨工业大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TM76;TM73
【相似文献】
相关期刊论文 前7条
1 刘彬;陈特放;张仁津;;基于属性比较和信任传递的信任启动[J];四川大学学报(工程科学版);2013年06期
2 龙雨;朱宁波;;网格任务调度中的信任值计算算法研究[J];科学技术与工程;2009年01期
3 吴银锋;周翔;冯仁剑;万江文;许小丰;;基于节点信任值的无线传感器网络安全路由[J];仪器仪表学报;2012年01期
4 李治军;廖明宏;;一种能快速收敛的对等网络信任值计算算法[J];哈尔滨工业大学学报;2007年03期
5 巫冬;;无线传感器网络中节点信任值计算下的安全路由问题分析[J];科技视界;2014年25期
6 刘治来;石祥滨;;一种P2P环境下的信任值计算算法[J];沈阳航空工业学院学报;2009年05期
7 ;[J];;年期
相关会议论文 前2条
1 黄银锋;朱春鸽;谷利泽;杨义先;;网格环境中的一种基于推荐的信任值的计算方法[A];第一届中国高校通信类院系学术研讨会论文集[C];2007年
2 李鹏;李长云;饶居华;;基于信誉度的可信服务发现研究[A];2008年全国开放式分布与并行计算机学术会议论文集(上册)[C];2008年
相关博士学位论文 前5条
1 梁建权;高级量测体系WSNs安全防御技术研究[D];哈尔滨工业大学;2016年
2 冯景瑜;开放式P2P网络环境下的信任管理技术研究[D];西安电子科技大学;2011年
3 鲍翊平;P2P环境下演化的信誉系统及其关键技术研究[D];国防科学技术大学;2011年
4 左申正;基于机器学习的网络异常分析及响应研究[D];北京邮电大学;2010年
5 苏志远;面向服务网络环境中信任机制的研究[D];大连理工大学;2014年
相关硕士学位论文 前10条
1 路浩;基于声誉的电子商务动态信任研究[D];青岛理工大学;2015年
2 那超;P2P网络中可信异地数据备份模型的研究与设计[D];大连海事大学;2015年
3 龙雨;用于网格任务调度的信任值计算算法研究[D];湖南大学;2008年
4 高磊;对等网络中节点间推荐信任值的计算方法研究[D];北京邮电大学;2013年
5 邢艳艳;P2P社区的形成及演化研究[D];西安电子科技大学;2013年
6 冯真;P2P环境下文件共享的声誉系统研究[D];解放军信息工程大学;2006年
7 陈海宝;基于忠诚度具有激励机制的信任和信誉模型的研究[D];西南大学;2007年
8 张明生;基于信任的访问控制模型研究[D];哈尔滨理工大学;2011年
9 贺银慧;社会网络中用户信任关系的研究及其应用[D];电子科技大学;2011年
10 沈舫涛;面向云服务的信任演化仿真模型研究[D];南京大学;2013年
,本文编号:2505417
本文链接:https://www.wllwen.com/shoufeilunwen/xxkjbs/2505417.html
