【作者】 杜薇；

【导师】 何明星；

【作者基本信息】 西华大学 ， 计算机软件与理论， 2009， 硕士

【摘要】 无线传感器网络WSN(Wireless Sensor Networks)一般是由大量体积小,价格便宜,仅依靠电池供电的具有数据处理、传输以及存储和计算能力的专用传感器节点(Sensor Node)和功能相对强大的基站(Base Station)所组成的网络。传感器节点大多被部署在无人照看地方或者区域,很容易受到监听和物理俘获等攻击,保证无线传感器网络的安全性更是应该首先考虑的问题。由于无线传感器网络所固有的特点,例如受限的计算、通信、存储能力等,使得传统的密钥分配技术很难直接运用于传感器网络中,因此应采用新的适合于无线传感器网络的密钥分配协议,同时也应使其具有容侵的特性。本文首先提出的一种新的适用于无线传感器网络的密钥预分配NRKPD协议。NRKPD协议主要将密钥演化的概念运用到密钥预分配协议中。在直接对密钥建立阶段后增加了密钥环演化阶段。这样,每个节点在完成直接对密钥建立后,演化密钥环上的每一个密钥,并删除之前的原始密钥。这样,即便节点被敌手物理俘获时,也能够在很大程度上防止密钥池里的密钥泄露,从而大大降低了由于节点被敌手俘获而对其他安全的网络路径造成的影响。由于无线传感器网络的不稳定性,如网络延迟等原因,拥有自愈能力的密钥分配协议在无线传感器网络中显得十分重要。本文分析了现有的两种存储量为常数的自愈密钥分配协议:Dutta et al.协议和Robust.协议,并给出了对Dutta et al.协议的两种攻击,并提出了对Dutta et al.协议的一种修改协MSHKD协议。此外本文在MSHKD协议的基础上,给出了一种新的能够抵抗合谋攻击的自愈密钥分配协议NSKD with RR协议。NSKD with RR协议不仅满足了基本的安全属性,同时也能够有效防止敌手通过俘获一个撤销用户和新用户而获得它们不是合法成员时的群会话密钥。接着,本文又给出了一种新的存储量为常数的自愈密钥分配协议CSSKDwith R协议。NCSSKD with R协议满足前向安全、后向安全,同时用户私钥的使用周期不再受到限制。通过对比可以看出本文提出的NCSSKD with R协议更高效和实用。最后,利用C++环境,对本文提出的NCSSKD with R协议进行了实验仿真,其运行结果表明了理论的正确性和可行性,证明了该协议是一个适用于WSN的高效、可行的自愈密钥分配协议。更多还原

【Abstract】 Wireless sensor networks (WSN) consists of a large number sensor nodes with limited power, computation, storage and communication capabilities. Sensor nodes can be deployed in many different fields such as military, environment, health, home and other commercial areas etc. Moreover, in some deployment scenarios sensor nodes need to operate under adversarial condition. Security solutions for such applications depend on existence of strong and efficient key distribution mechanisms.In this paper, we first introduce the concept of key ring evolution into the key pre-distribuion scheme. We add the key ring evolution phase after the direct pairwise key establishment phase to propose an easy and practical resistent random key pre-distribution scheme. In the proposed scheme, each node evolves the keys in its key ring after the direct pairwise key establishment phase and deletes the original keys in its the key ring. This will decrease the risk of leaking the original keys in the key pool even if the nodes were compromised by attacker, because keys in key ring are not as the same as the original ones in the key pool. Besides, this key ring evolution phase does not involve any network-wide broadcast message form BS(Base Station), hence, it is especially simple and effcient.. The new proposed scheme also combines the property of energy effcient in the key discovery phase to realize no communication requirement. Due to the lossy of the networks, self-healing key distribution is important. In this paper, we also analyze two existing constant storage selfhealing key distribution schemes in wireless sensor networks. Then, we show two attacks to the Dutta et al.’s scheme and propose a modified scheme MSHKD scheme to overcome the two flaws.Then, we propose a new self-healing key distribution scheme NSKD with RR scheme to improve the modified scheme. The most prominent properties of the new proposed scheme are as follows: achieving forward secrecy, backward secrecy and resisting to a collusion attack. So that a revoked user with the assistance of the newly joined users cannot get any information of group session keys which it is not entitled to get.Furthermore, we propose another new self-healing key distribution scheme NCSSKD with R scheme. It is shown that the proposed scheme realizes the properties such as constant storage, forward secrecy and backward secrecy. Moreover, the proposed scheme has the property of long life-span of the users’ personal secret keys. So the user’s personal secret key is not restricted in a fixed session in the setup phase and the user’s personal secret key can be used until the user is revoked from the group. Finally, we will present that the proposed scheme is more practical and effcient than some existing schemes.Lastly, we use of the C++ compiled language to perform the system of the NCSSKD with R scheme. The experiment result demonstrates that the analysis is right and the proposed protocol is feasible and efficient in practice.更多还原