【作者】 欧阳熹；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 信息安全， 2013， 博士

【摘要】 近年来,受益于半导体硬件制造以及软件算法的技术提升,无线传感器网络技术得到了空前的发展和广泛的应用。然而,在无线传感器网络技术发展之初,设计者们并没有加入对安全需求的考虑。在无线传感器网络技术进一步发展的过程中,由于传感器节点资源严重受限、无线通信信道的开放性以及网络部署环境的特殊性等多种原因,安全问题面临着越来越严峻的威胁和挑战。通常,网络安全威胁主要来源于各种攻击对网络信息的窃取和网络通信的破坏,无线传感器网络也不例外。事实上,无线传感器网络安全技术受限于网络的多种特点,使网络的攻击防御问题变得更加困难,而传统网络中使用的各种安全机制也因为资源开销较大无法应用于无线传感器网络。因此研究设计适合无线传感器网络的有效安全机制或技术己成为无线传感器网络研究领域当前最重要的任务和挑战之一。本文结合无线传感器网络中存在的攻击手段特点,将网络的攻击威胁来源分为外部恶意节点和内部恶意节点两类。对于防御外部恶意节点对网络的攻击,传统的做法是利用加密技术对数据进行保护,利用认证机制验证节点的合法性。而对内部恶意节点攻击的防御相对比较困难,因为内部恶意节点通常掌握网络通信的密钥和认证信息,能够以合法节点的身份参与内部通信并轻松的发起隐蔽性较高的内部攻击,所以内部恶意节点对网络的威胁破坏要远远大于外部恶意节点。针对如何防御内部恶意节点的问题,本文对基于信任管理的网络安全技术展开了研究。并以无线传感器网络节点信誉以及相关概念为基础,提出了一系列安全措施。这些措施主要集中在节点信誉评价和信誉管理、安全路由以及恶意节点识别等方面。简要来说,论文的研究工作主要包括以下几个方面：1.提出一种层次型分布式节点信誉评价管理模型。本文以降低信誉评价中的冗余信息和提高信誉管理效率为出发点,提出一种层次型分布式的节点信誉评价管理模型。该模型以簇头节点为信誉计算中心,采用Beta分布拟合计算,对节点信誉进行评估。并设置了基于节点的信息冗余度的选取规则,对提供参考信息的第三方节点进行筛选,从而达到降低信息冗余、节省能量、提高网络生存时间的效果。2.提出一种基于无线传感器网络节点信誉的安全路由协议。在蚁群优化算法的启发下,该协议的目标为建立一条网内连接数据源和汇聚节点间的最佳路由路径,通过模拟蚁群寻找食物并利用信息素确定最短路径的方法,将网络节点的信誉值作为评价路径安全的信息因素,对潜在的数据传输路径进行评估,最终确定安全可靠性高的数据传输路径。通过对协议在攻击环境网络条件下的数据传输、网络延迟以及丢包性能的仿真实验分析和对比,验证了协议的安全性能优势。3.提出一种利用节点信誉时间序列分析识别恶意节点的方法。节点的信誉值是对节点历史通信行为的直观体现,通过对节点信誉值高低的判断能初步地了解节点行为的好坏。传统的通过信誉阈值判断识别网络恶意节点的方法,只能粗略根据信誉将网络节点进行甄别,精度不高。而在网络中存在这样一种恶意节点,其攻击行为在统计数据上接近于正常节点,通过信誉阈值无法对其有效识别。为了识别这种类型的恶意节点,我们通过引入时间序列的概念,深层次分析节点信誉值变化过程中隐藏的特征,利用数据挖掘的方法找出攻击节点不同于普通节点的信誉变化规律,对这种恶意节点进行识别。最后通过仿真实验,验证了这种方法的有效性。4.基于信誉分析的DoS攻击防御系统设计与验证实验。结合本文提出的关于节点信誉的安全研究成果,对DoS攻击防御系统进行了研究和设计。并在实验室环境下,搭建了无线传感器网络原型,利用文中的研究成果对发起特殊种类DoS攻击的恶意节点进行识别。实验结果表明,本文的提出的方法设计合理并且有效可行。更多还原

【Abstract】 In recent years, benefited from the development of the hardware manufacturing technology and software algorithm, wireless sensor networks have developed rapidly. Nevertheless, the designers did not fully consider the security aspects of the WSN at the beginning of its development. And now, the security issues are facing a variety of threats and challenges because of the limitation resources of the sensor nodes, openness of the wireless communication channel and the deployment environment of the network. Generally speaking, the defense of the WSN becomes more complex since the security mechanisms that wildly used in the traditional network scene are too costly to be deployed in the WSN.In this paper, the network attacks are divided into two aspects which are external and internal malicious nodes according to the technical characteristics. The traditional approaches to defending the external attacks of malicious nodes are utilizing data encryption technology. However, the internal malicious nodes are more dangerous since these nodes are easy to obtain the key and authentication information of the network traffic by masquerades as trusted notes.We research the security technology based on the trust management to defeat the internal malicious nodes. Moreover, we propose a series of discussions using the reputation of node and the corresponding conceptions. More specifically, the contributions of this dissertation are following:1. A hierarchical reputation system model was proposed for wireless sensor network. Utilizing this model, we evaluate the nodes’reputation by cluster head which will collect the evaluation information of itself and the third-party, and employ a beta reputation system for reputation representation. Alternatively, we reduce the information redundancy and improve the computing resource utilization rates by building the selection rules based on the information redundancy of nodes.2. A secure routing protocol based on node reputation of wireless sensor networks was designed for setup security data transfer tunnul. With be enlightened by the idea of ant colony optimization, the routing protocol named Reputation-based Ant Secure Routing Protocol (RBASR). This routing protocol simulates an ant system to find the optimum route path of wireless sensor network. Distinguish from a real ant colony, RBASR use reputations of nodes as a special pheromone to evaluate rating of a path. Consider with other flexible requirements, protocol setup the optimum routing path of data transferring between the sources to the destination.3. A malicious nodes detection method was proposed for wireless sensor network which is based on the analysis of time sequence on node’s reputation. The traditional malicious nodes classification methods are based on the threshold of the reputation value since it directly reflects the history of a node communication. However, this mechanism will be invalid for the malicious nodes that have normal behaviors in terms of statistical data. In order to solve this problem, we introduce the concept of time sequence on node’s reputation. We use this strategy to find the inner characteristics, and evaluate a tendency that the target node has. According to these differences, this method can identify the malicious nodes. The experiments demonstrate that, our proposed method has effective classification abilities and achieves satisfying results.4. We conduct a comprehensive verification experiment based on the reputation to evaluate the DoS attack and defense system. Following the idea of the research that proposed before, we design this DoS attack and defense system. The experiment demonstrates our proposed research has a satisfying identification result and therefore proves the effectiveness of this paper.更多还原