【作者】 毕嘉娜；

【导师】 季振洲；

【作者基本信息】 哈尔滨工业大学 ， 计算机系统结构， 2009， 博士

【摘要】 无线传感器网络是由一组传感器节点以自组织方式构成的无线网络,其目的是协作地感知、采集和处理网络覆盖的地理区域中感知对象的信息,并发布给观察者。无线传感器网络的应用前景非常广泛,主要表现在军事、环境、健康、家庭和其它商业领域等各个方面。由于节点的电池能量有限,在很多无人值守情况下节点不能频繁更换电池,因此最小化能量消耗是无线传感器网络协议和算法设计的关键要求。目前已经提出了很多无线传感器网络节能路由协议。以数据为中心的路由是一个普遍应用的方法,它使用基于属性的方法采集感知数据。定向扩散为无线传感器网络提供了一种强健、可扩展、节能的以数据为中心的路由协议,但是也有自身的缺点。例如,兴趣和探测数据采用广播方法在网络中散布,在密集的网络中,每个节点都要广播接收到的新的兴趣和探测数据。当网络节点覆盖严重时,定性扩散的方法就显得非常低效,导致很多重复广播。大量的广播消息竞争有限的无线信道造成数据包的频繁冲突,使节点能量快速消耗,严重影响了无线传感器网络的性能。本文提出了一种基于网格的定向扩散路由协议。在无线传感器网络中形成虚拟地理网格簇,簇中仅有一个节点负责兴趣和探测数据的广播,其它节点接收簇头节点的广播,执行传感任务,这些节点的数据传输都要经过簇头节点,簇头节点先对接收到的数据进行融和,再通过其它簇头节点转发给汇聚节点。实验表明,采用这种网格结构,不仅降低和平衡了网络能量消耗,而且定向扩散的优点得到了保留。由于无线传感器网络经常部署在开放区域,传感器节点容易遭受攻击,例如俘获,窃听,拒绝服务,虫洞,女巫攻击等。随着无线传感器网络应用的广泛深入,其安全问题也变得越来越重要,其安全性研究引起了研究人员和应用者的强烈关注。本文从基于网格的定向扩散协议出发,分析了分簇路由协议的易攻击性,分别从安全数据聚集、流量攻击检测和密钥管理三个角度增加了分簇协议的安全设计,并进行了安全性分析和仿真验证。首先,提出了一种基于信任的簇内数据聚集协议。数据聚集作为无线传感器网络的关键技术之一,能够在很大程度上减少传感器节点的通信量,节约节点的电池能量,从而延长传感器网路的生命周期。然而随着无线传感器网络越来越多地布置在恶劣的环境中,传感器节点很可能被敌人俘获,数据聚集安全所依赖的密钥将会泄露,从而使数据聚集的安全受到很大的威胁。本文引入邻居节点信任评估机制,由邻居节点互相监视数据聚集行为,根据监测结果,使用信任机制对节点的行为进行评价,从而识别出被俘节点,并基于信任评估选举安全簇头。由安全簇头依据对成员节点过去聚集行为的信任评估,进行可靠数据聚集。实验结果表明本文设计的信任机制,能够很好地应对被俘节点的攻击,保证数据聚集的安全。其次,提出了一种基于ARMA的流量攻击检测协议。在无线传感器网络中,如何准确和迅速地检测流量攻击,以保障网络设施的可用性,是一个极具挑战的安全问题。本文采用线性预测技术,为传感器节点建立了简单高效的ARMA(2,1)流量预测模型,进而设计了基于流量预测的流量攻击检测方案。根据节点担任的不同角色,实施不同的监视机制。通过选举虚拟簇头和监视节点,让它们联合检测簇头是否被俘并及时报警,同时结合了簇头对成员节点的检测。模拟实验表明,这些机制能够实时地预测流量攻击,且没有增加过多额外的开销,在有效抵御攻击的同时,延长了网络的寿命。最后,提出了一种基于安全节点的密钥管理协议。由普通节点和簇头节点负责数据采集及传输,安全节点负责密钥管理。文中详细介绍了安全节点的生成与在安全节点监控下簇头节点的生成以及节点密钥、对密钥、簇密钥、公共密钥的生成和管理。理论分析和实验表明,协议的通信能量消耗性能优越,生成密钥的延迟时间满足要求,可以提供多点协同认证的安全多对密钥,有很强的抗节点俘获能力,能支撑较大规模的网络。更多还原

【Abstract】 Wireless sensor network(WSN) is a wireless network composed of a group of sensor nodes, which are deployed in an ad hoc fashion cooperate on sensing, collecting and processing the information of the covered area and then sending the information to the observer. WSN has wide application potential in military affairs, environment detecting, health affairs, home network and other commercial fields.Due to the limited battery capacity and characteristics of unattended operation after deployment, minimizing energy consumption is a key requirement in the design of sensor network protocols and algorithms. Various energy-efficient routing protocols have been proposed for wireless sensor networks. Data-centric routing is a commonly utilized approach that uses attribute-based addressing to perform the collective sensing task. Directed diffusion (DD) is a robust, scaled, and energy-efficient data dissemination protocol based on data-centric routing, but there are still some shortcomings associated with it. For example, interests are broadcasted in the network-wide range. Every node in the network forwards each new interest message to all of its neighbor nodes. The approach is rather inefficient in the sensor networks where the significant overlap between the neighbors of the two nodes in immediate vicinity can lead to a large number of unnecessary rebroadcasts. This additionally results in increased channel contention and waste of bandwidth that take further toll of the scarce energy resource of the nodes. The network-wide broadcast operations strongly influence the performance of the protocol. We proposed a grid-based directed diffusion inspired. The network area is firstly divided into fixed virtual grids. In each grid, only one node is responsible for broadcasting interest message, and the rest ones receive the interest from it. Due to rest nodes firstly sending data to the header node, more chances are provided to aggregate the redundant data information as early as possible. Simulations show that, utilizing the approach, broadcast overhead and data message are reduced. This results in large energy savings. At the same time, advantages of DD are also reserved.As WSN is usually deployed in open areas, sensor nodes are susceptible to a variety of attacks, such as capture, eavesdropping, denial of services, wormhole, and sybil attack. Along with WSN becoming hot spots in research and industry, the security aspects of WSN attract attentions of both researchers and engineers. According to DD, we analyze the possible attacks, and add security schemes such as secure data aggregation, traffic attack detection and key management to it. Then we perform security analysis and simulation.Firstly, we propose a trust-base data aggregation protocol in cluster. Data aggregation is thought to be one of the main technologies in wireless sensor networks, and can mostly reduce the whole networks’data transmission, save the sensor node’s battery energy, and so it prolongs the whole networks’life. But with wireless sensor network increasingly deployed in hostile environment, sensor nodes are easily captured by enemy, the secure keys that data aggregation needs will be revealed. And then data aggregation will be not secure. In this paper, we introduce trust evaluation scheme of neighbors and use the listen mechanism to watch sensor node’s data aggregation action. According to the listening result, we use trust mechanism to evaluate nodes’aggregation action, and recognize the captured nodes. Then we elect secure cluster head according to trust evaluation. Secure cluster head evaluates nodes’trust according to their past aggregation result, and performs reliable data aggregation. Simulations show that the proposed trust scheme can effectively deal with the threats of the captured nodes, and ensure the secure of the data aggregation.Secondly, we propose ARMA-based traffic attack detection protocol. In wireless sensor networks, how to accurately and rapidly detect traffic attack, so as to ensure the availability of network infrastructure, is one of the most challenging security problems. This paper proposes a simple and efficient ARMA(2,1) traffic prediction model for sensor nodes based on linear prediction technique. Then a traffic attack detection scheme based traffic prediction, is designed. According different roles of nodes, different monitoring schemes are used. Virtual cluster heads and monitoring nodes are elected to monitor cluster head. Member nodes are monitored by cluster head. Simulations show that the propose scheme can quickly detect traffic attack with less resource overhead, and prolong the lifetime of network.Lastly, we propose security node-based key management. Ordinary nodes and the cluster head node are responsible for data collection and transmission. Security nodes are responsible for key management. In this paper, we describe the formation of security nodes and the cluster head under control of the security nodes. We also describe the formation of foue kinds of key: node key, pair of keys, cluster key and public key. Performance analysis and experiments show that, the proposed key management protocol is superiority in communication and energy consumption. The delay time of the cluster key generation is to meet the requirements. It provides more coordinated and more security authentication key to effective anti-node arrived in the ability to capture. It supports large-scale networks.更多还原