【作者】 江琼希；

【导师】 周南润；

【作者基本信息】 南昌大学 ， 通信与信息系统， 2012， 硕士

【摘要】 无线传感器网络(WSN)是目前国内外前沿热点研究领域,并具有广泛的应用。随着无线传感器网络技术的发展,无线传感器网络各层安全问题备受关注。应用层涉及的安全问题为安全组播和密钥管理,其中密钥管理为WSN底层提供预防和保护机制,为机密性、认证性、完整性、安全管理等WSN安全服务提供密钥支持,是物理层安全编码、数据链路层和网络层加解密的基础。传感器节点能量、信息处理能力以及存储量受限的特点决定WSN通常采取密钥预分配和基于公钥的密钥管理。现有的WSN密钥预分配方案一般不能在连通性、抗毁性、节点开销和扩展性等方面同时取得理想结果。基于公钥的密钥管理方案安全性较高,但节点开销很大,使得WSN生存时间下降。针对无线传感器网络密钥管理存在的连通性差、安全性低、节点开销大等问题,本文主要研究满足多种性能要求的密钥预分配机制和基于公钥的轻量级密钥管理机制,设计无线传感器网络密钥管理方案并对其各种性能进行分析。本文的主要工作如下：提出了两个分簇式传感器网络密钥预分配方案。一是多项式密钥预分配改进方案,通过对二元四次对称多项式进行保密,方案能够抵抗合谋攻击和阈值攻击,认证机制保证簇头节点间信息交换的安全性；一是CRT-LU密钥预分配方案,利用中国剩余定理(CRT)生成簇内节点与簇头节点的通信密钥,利用LU矩阵生成簇头节点之间的通信密钥。结果表明,这两个方案在连通性、抗毁性、节点开销和扩展性方面具有显著优势。提出了基于身份的可证明安全的传感器网络密钥管理方案。节点之间利用身份建立通信密钥。安全性证明利用香农信息理论形式化敌手攻击模型,在该模型下,方案的安全性归约到BDH难题,因此方案是可证明安全的。节点开销分析显示,该方案的节点存储开销和通信开销很小。节点开销是一个常数,保证了方案的扩展性。提出了一个高效无证书签密方案。利用双线性对方法构建标准模型下安全的无证书签密(CLSC)方案,在公钥替换攻击或者主密钥攻击下,构建的CLSC方案是IND-CCA2和EUF-CMA安全的。与典型的CLSC方案相比,该方案归约效率更高。分析表明,无证书签密对于传感器网络密钥管理而言可行而且必要,无证书签密应用到传感器网络密钥管理时通信密钥建立方法与基于身份的传感器网络密钥管理方案类似,不同点在于选取的随机数不同,且得到的方案不存在密钥托管问题。更多还原

【Abstract】 Wireless Sensor Network (WSN) is a research focus at home and abroad nowadays, and can be applied to various fields. Security problems in different layers of WSN have attracted much attention with the development of WSN technology. Secure multicast and key management are included in the security of application layer. Key management provides the prevention mechanism for the security in lower layers of WSN and the key support for the security services such as privacy, authentication, integrity and security management. Key management is the basis of security encoding in physical layer, encryption or decryption in data link layer and network layer. The characteristic of WSN has decided that key management scheme (KMS) based on public key cryptography and key predistribution scheme (KPS) are generally adopted for WSN. However, the ideal results in connectivity, resistance, overhead and scalability can not be obtained by most proposed KPSs. Despite of high security, KMSs based on public key cryptography have great overhead so as to decrease the lifetime of sensor node. Aiming at the shortages in connectivity, security and node overhead of key management for WSN, KMSs are proposed to meet all four requirements in key predistribution and research the key management based on lightweight public key cryptography. Performance analyses for the presented KMSs are given. The research results are as follows.Two KPSs for heterogeneous sensor network are proposed:One is improved polynomial KPS, where two-parameter4th-order polynomial is kept secret to resist collusion attack and threshold attack, and then authentication mechanism guarantees the security during communication key establishment between any two cluster heads; The other is KPS based on Chinese Remainder Theorem (CRT) and LU matrix, where the CRT is used to secure the communication key between the cluster head and its any cluster member, and the communication key between any two cluster heads is generated with LU matrix. The analytical results show that there are remarkable advantages in connectivity, resistance, overhead and scalability in the presented two schemes. An identity-based KMS for WSN is proposed, where the node identity is used to generate the communication key. The Shannon Information Theory is used to build the attack model in the security proof. Moreover, the BDH problem is used as the computational complexity assumption and then the identity-based KMS is provable secure. The overhead analysis indicates that the proposed KMS has low storage and communication overhead. In addition, the overhead for each node is constant, so the scheme is scalable.An efficient certificateless signcryption (CLSC) scheme is proposed, where the parings are used to lead to a formal security proof. The presented CLSC scheme is IND-CCA2and EUF-CMA secure against the replacement attack and the master key attack without random oracles. Compared with the typical CLSC scheme, the reduction is tighter in the presented CLSC scheme. CLSC is necessary and feasible to key management for WSN. When the proposed CLSC scheme is applied to key management for WSN, the principle of communication key generation is similar to the identity-based KMS. However, the chosen random numbers in the two schemes are distinct. Key escrow problem does not exist in the key management for WSN based on the proposed CLSC scheme.更多还原