【作者】 夏戈明；

【导师】 王志英；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2007， 博士

【摘要】 随着相关技术的不断成熟,无线传感器网络在诸多应用领域得到了越来越多的实际部署,表现出广阔的应用前景和巨大的发展潜力。无线传感器网络是一个多学科高度交叉的新兴研究领域,涉及了多项前沿理论和先进技术,有着重要的科学研究意义。由于开放环境、公共信道和分布式控制等特征,无线传感器网络面临比传统网络更大的安全威胁,其安全技术的研究面临更高的难度。本文研究的安全数据传输就是其中一个关键性和富于挑战性的研究问题。本文针对无线传感器网络的安全数据传输关键技术进行深入研究,主要的工作包括:提出了基于对称平衡不完全区组设计的密钥预分发算法。实现了节点间能够共享多个密钥而且网络密钥共享图为完全图的安全连通;在相同密钥组长度和共享密钥个数的前提下,具有比其他方案更高的密钥共享概率。基于补集设计的扩展算法实现了对节点数连续性增长的支持,并较完善地解决了其他方案在解决此问题时产生的密钥共享概率损失问题;采用密钥分片的扩展算法在密钥组物理长度不变的前提下,以较大线性倍数增大了可支持的节点数,并以排列计数倍数扩大了共享密钥选择空间,大大提高了抗密钥分析攻击和抗妥协节点攻击的能力。提出了基于密钥组索引向量掩码的共享密钥发现算法。使用密钥组索引向量掩码代替密钥组ID列表进行公共密钥判别,降低了节点的计算复杂度和存储开销,并优化了在多跳路径上进行共享密钥发现的通信开销。面向安全增强提出了提高共享密钥强度和面向多共享密钥的扩展算法,实现了在共享密钥选择空间上进行密钥选取的较大随机性,能为节点对生成多个独立的共享密钥,并在算法中提供了安全与性能的权衡机制。提出了通信总量优化的多路径秘密共享密钥传输算法。针对现有基于完善秘密共享算法的多路径密钥传输方案因为完善共享界的存在而无法优化通信总量的问题,采用对初始秘密进行数据分割的方法来实现非完善秘密共享算法;并针对非完善秘密共享算法会带来安全性损失的问题,提出了一种编码算法进行安全提升,将分割后的初始秘密分段进行相互编码得出多路径上的共享份额,在实现通信总量最优化的同时,大大减小了相对于完善秘密共享算法的安全性下降程度。提出了单奇偶校验与多数据副本相结合的纠错编码算法。以较低的编译码计算复杂度实现了能够容忍多路径失效的容错能力,并可以支持多样化和动态变化的数据布局,而且在容错能力和数据传输总量上取得了较好的平衡。针对编码算法的可用性和容忍突发多错误问题,提出了基于广义折对角线的数据布局算法,以较小的计算开销和存储开销实现了数据布局的快速构造,提高了在路径数较大时编码算法的可用性,并显著提高了容错能力尤其是实现了概率性容忍突发大数量路径失效的容错能力。更多还原

【Abstract】 Along with the growing up of related technology, wireless sensor networks has been deployed in a good many of application domains, and shows its great potential. As a rising research domain in which multiple subjects intercrossed strongly, wireless sensor networks provides itself with grand significance by converging leading theory and advantaged technologies.For the opening to the outside world, shared channel and distributed control, wireless sensor networks faces much more threats than conventional networks, so there are much higher difficulty to realize security technologies.This dissertation focused on secure data transmission, a key and challenging problem in security of wireless sensor networks, and offered many contributions after doing in-depth research on key technologies, which are described as follows.An algorithm using Balanced Incomplete Block Design was presented for key predistribution. The algorithm lets the pair sensor nodes to share more than one keys, and make the key graph to be a complete graph. Using the Complementary set Design, the algorithm reinforced itself to satisfied the demand for consecutive number of nodes, and depressed the loss of key sharing probability commendably. By key slicing, the algorithm enlarged the networks’ capacity by linear times and expanded the common key space by permutation count, so improved the ability to resist key analyzing and compromised node attacking.An algorithm using mask on the index vector of key chain was presented for shared-key discovery. Uing the mask on the index vector of key chain for key comparing, the algorithm reduced both computation complexity and storage overhead, and optimized the communication overhead on multi-path. To enhance security, two reinforced algorithms for increasing shared key intensity and for discovering multiple common keys were presented, they realized the randomness of the key selecting on the common key space, produced multiple shared key for pair nodes, and offered the balance of security and performance.An algorithm to implement secret sharing on multi-path with total communications costs optimized was presented. As the perfect secret sharing algorithm can not optimize the total communications costs, the algorithm combined striping and coding to realized a imperfect secret sharing. By stripe the secret into segments and coding the segments each other, the algorithm greatly minished the loss of security when optimizing the total communications costs.An error correction coding algorithm combined single parity check with multiple copies was presented. The algorithm could tolerate multiple routes’ lost with low computation complexity, and admit diversified and dynamic data placement, along with trading off on fault-tolerance and data quantity transmitted. To improve workability of the algorithm and deal with error bursts, a data placement based on generalized broken diagonal was presented, which can build the data placement quickly with low computation complexity and storage overhead, and remarkably improved the ability of fault-tolerance especial the ability to tolerate unexpected mass routes’ lost.更多还原