【作者】 余磊；

【导师】 李建中；

【作者基本信息】 哈尔滨工业大学 ， 计算机软件与理论， 2011， 博士

【摘要】 随着无线通讯技术、微电子技术及嵌入式计算技术的快速发展,无线传感器网络(WSNs)被广泛地应用在环境监测、医疗健康、军事国防等众多领域。为了避免大量感知数据的传输,基于网内节点分布式协作计算的数据处理方式成为WSNs用户获取所需信息的必要手段,也得到了广泛的关注和研究。这种网内数据处理既节省了通信开销,也提高了网络通信效率和信息处理效率。然而在传感器网络中它面临着各种严重的安全威胁。在网内数据处理过程中,攻击者可以通过监听信道或俘获节点获取感知数据信息和计算结果,造成机密信息的泄露;也可以通过恶意节点伪造或篡改数据处理结果,造成用户作出错误的决策;还可以通过攻击网内数据处理基于的网络拓扑和通信协议来破坏数据的可用性、扩大攻击效果等。考虑到网内数据处理涉及到节点通信和数据路由、拓扑控制、分布式查询处理算法等各个方面,所以如何从各个层面设计相应的安全机制来抵御上述威胁保护网内数据处理达到数据和计算的机密性、认证性、完整性和可用性是传感器网络安全的重要方面。本文针对WSNs的特点,从拓扑控制、虚假数据过滤、安全聚集查询和入侵检测方面研究了安全网内数据处理。本文的主要研究成果包括如下几个方面:首先,本文提出了一种分布式安全成簇协议。为了节省能量,提高网络通信效率和大规模网络下的可扩展性,WSNs往往组织成簇的网络拓扑来完成事件监测和查询处理等网内数据处理的任务。因为攻击者可以通过破坏和误用成簇协议来发动针对网内数据处理的有效攻击,所以安全的成簇拓扑控制是基于簇拓扑的网内数据处理的安全基础之一。本文提出的分布式安全成簇协议通过可信基站的随机数广播保证了簇首选择结果的强制随机性和可验证性,同时又避免了集中式成簇带来的不可扩展性;通过在网络初始化阶段节点建立d-跳邻居列表和到d-跳范围内每个节点的近似最短路径跳数来抵御簇成员恶意征募攻击和多重簇成员身份攻击;以单向密钥链技术为基础建立有效的簇首身份认证机制,实现d-跳邻居节点对簇首通知消息和簇首身份的认证。本文分析了协议的安全性和通信、计算及存储开销,证明了协议的有效性。第二,本文提出了一种虚假数据随机路由过滤机制GRPEF。在事件报告的网内数据处理过程中,攻击者可以通过俘获节点向网络注入虚假事件报告以引起错误警报或者消耗路径的能量,因此这类应用需要能够抵御俘获节点攻击的弹性事件报告认证方案保证数据的认证性,需要高效的路由过滤机制来抵御恶意的能量消耗。而目前已有的工作或具有安全门限问题,或依赖于确定的路由模型和sink的位置固定,无法适用于移动sink和其他类型的路由协议的WSNs。针对这些问题,本文提出的GRPEF基于多轴划分的位置相关密钥生成技术来解决安全门限问题,使其不依赖sink的位置不变性和具体某个路由模型,从而在达到对于节点俘获的安全弹性的同时可以适用于具有移动sink和其他各种路由协议的WSNs。此外,GRPEF基于有效的分布式算法避免了已有方案的分组策略引入额外分组而影响虚假数据过滤效率的问题。分析和实验结果表明GRPEF显著地提高了虚假数据过滤效率且可以达到与已有方案同样的T组认证覆盖率。第三,本文针对连续数据聚集提出了一种安全机制用以验证聚集结果随时间变化的模式信息的正确性。考虑到WSNs经常用于长期监测环境信息,连续聚集查询是获取环境数据与时间之间的变化关系的重要方式,从中用户可以获得聚集结果随时间变化的数据模式信息。针对连续聚集,攻击者可以干扰一系列连续聚集结果来达到伪造聚集结果随时间变化模式的攻击目的。而已有的安全聚集方案集中于验证单次聚集结果,直接应用于连续聚集查询结果的验证会导致大量的通信开销。本文提出的安全连续聚集机制通过有选择地检查聚集结果序列中的若干数据点来验证在时间窗口内的数据随时间变化模式的正确性。相比于直接应用已有的安全聚集机制,该机制避免针对每个epoch聚集结果的验证,很大程度上减小了通信开销。每个特征点采用采样技术验证其正确性。基于采样的验证技术仅需要网内部分节点参与,减小了能量开销,同时也使得验证过程不依赖于如树的特定网内聚集拓扑,从而可以适用于各种网内聚集协议。此外,本文也提出一系列安全机制保护采样过程,其中基于可验证的随机采样保护每个采样节点的身份合法性,基于空间相关性的本地样本认证机制保护样本数据的完整性。第四,本文提出了一种入侵检测系统框架SpyMon,在该框架下基于两种监测节点选择策略提出了两种入侵检测机制C-SpyMon和D-SpyMon。一方面,SpyMon通过监测节点的ID隐藏选取增强了安全性,使得攻击者无法轻易发现监测节点而有效发动有针对性的攻击。另一方面,SpyMon通过监测节点的随机均匀选择达到了能量有效性,通过确定地或概率地保证每个节点被k个监测节点监测达到了可靠性。此外,SpyMon通过邻域协同监测触发机制进一步提高了监测的可靠性。分析表明SpyMon在具有抵御俘获节点的弹性的同时达到了能量有效性。更多还原

【Abstract】 In recent years, with the rapid development of wireless communication tech-niques, microelectronics and embedded computing techniques, Wireless Sensor Networks(WSNs) are being widely used in many fields, such as environment monitoring, healthcare and military defense. To avoid a large amount of transmission of raw sensing datafrom the sensor network to the base station, in-network data processing becomes an essen-tial approach for users to extract information from wireless sensor networks and has beenwidely studied. It greatly reduces the communication cost and improves the efficiency ofnetwork communication and information processing. However, the existing in-networkdata processing schemes suffers various serious security threats. During the in-networkdata processing, the adversaries can obtain confidential information through interceptingthe wireless channels and compromising sensor nodes, can manipulate the results of dataprocessing by compromised nodes, can disrupt the data availability and enlarge attackresults. Considering the in-network data processing involves routing, topology controland distributed query processing and so on, It is a crucial problem in sensor network se-curity to design security mechanisms from various aspects of in-network processing todefend above threats and achieve the confidentiality, authenticity, integrity and availabil-ity of data and computation results. Regarding the features of WSNs, the study of securein-network data processing was focused on by this dissertation from aspects of topologycontrol, false data en-route filtering, secure aggregation and intrusion detection. The maincontributions of this dissertation are as follows:First, a distributed secure clustering protocol is proposed. To reduce energy cost,improve the communication efficiency and scalability, WSNs are usually organized intoclusters to carry out the in-network data processing task such as event detection and queryprocessing. Since the adversaries can disrupt and misuse clustering protocols to effec-tively attack the in-network data processing. As a result, the security of the clusteringprotocols is a basic requirement for the secure in-network data processing. In the pro-posed secure clustering protocol, the secure network initialization, with the random num-ber broadcast from the trusted base station, the randomness and verifiability of clusterhead selection are ensured while achieving better scalability comparing the centralized secure clustering protocols. The protocol defends malicious cluster-member recruitingand multiple cluster-membership attacks by establishing the d-hop neighbor list and ap-proximate hops of shortest paths to nodes in d-hop neighborhood for every node. Basedon the one-way hash chain technique, the protocol can verify the authenticity of the clus-ter head identity. The security and cost of the proposed protocol are evaluated and theresults show the resiliency and efficiency of the protocol.Second, a probabilistic false data en-route filtering scheme is proposed, referred to asGRPEF. During the in-network data processing for event detection and report task, the ad-versaries can inject false reports to exhaust network energy or trigger false alarms throughcompromised nodes. Thus, resilient report authentication and efficient en-route filteringare required to protect the report authenticity and prevent malicious energy consumptionon the routing path. Several existing schemes for filtering false reports either suffer athreshold limitation problem, which may easily lead to complete breakdown of the secu-rity protection, or are designed within the scenarios of static sinks and specific routingprotocols, which cannot work with mobile sinks and other kinds of protocols. In responseto these, a scheme referred to as Grouping-enhanced Resilient Probabilistic En-route Fil-tering (GRPEF) is proposed. In GRPEF, a multi-coordinate system based location-awarekey derivation approach is used to overcome the threshold problem and removes the de-pendence on the sink stationarity and routing protocols, thus GRPEF can be applicable tothe sensor networks with mobile sinks while reserving the resiliency. Besides, GRSEF di-vides sensor nodes into groups through an efficient distributed algorithm without incurringextra groups and reducing the filtering effectiveness as the existing schemes. Compared tothe existing schemes, GRPEF significantly improves the en-route filtering effectivenesswhile being able to achieve the same T-authentication coverage degree as the existingschemes.Third, a secure continuous aggregation scheme is proposed to verify the correct-ness of the temporal variation patterns of aggregation results. in-network aggregationprovides an energy-efficient way to extract summarization information from sensor net-works. Considering that WSNs are usually used to monitor physical environments for along time, continuous aggregation is needed to obtain the temporal variation informationof some interesting aggregates by users. However, for the continuous in-network aggre-gation in a hostile environment, the adversary could manipulate a series of aggregation results through compromised nodes to fabricate false temporal variation patterns of theaggregates. Existing secure aggregation schemes conduct one individual verification foreach aggregation result and would incur significant communication cost if they are di-rectly applied to detect false temporal variation pattern. The proposed scheme checksonly a small part of aggregation results to verify the correctness of the temporal variationpatterns in a time window. The checking of the aggregation results uses a sampling-basedapproach, which involves only a small part of sensor nodes and enables the proposedscheme independent of any particular in-network aggregation protocol. Besides, a seriesof security mechanisms are proposed to protect the sampling process, in which the identitylegitimacy of sampled nodes are protected by verifiable random sample and the integrityof samples are protected by spatial- correlation based local sample authentication.Fourth, an intrusion detection system framework SpyMon is proposed and two in-trusion detection schemes C-SpyMon and D-SpyMon based on different strategies areproposed under this framework. On one hand, SpyMon protects the monitor nodes fromidentity exposure during the monitor selection and prevent them becoming the explicittargets of adversaries. On the other hand, SpyMon randomly selects a subset of sensornodes as monitors to achieve energy-efficiency, and ensure each sensor node being mon-itored by at least k nodes in deterministic or probabilistic ways to achieve reliability. Acollective monitoring triggering scheme is also proposed to further improve the capabilityand reliability of monitoring. Our analysis shows that SpyMon is resilient against nodecompromise while attaining energy efficiency.更多还原