【作者】 肖湘蓉；

【导师】 孙星明；

【作者基本信息】 湖南大学 ， 计算机应用技术， 2010， 博士

【摘要】 随着微电子技术的发展和嵌入式技术研究的深入,无线传感器网络在实际应用中得到越来越多的使用,并表现出极大的应用潜力。传感器网络的安全问题为众多研究者所关注,对以数据为中心的传感器网络,保护流式数据全过程的安全是安全管理的一个关键问题。由于计算能力和资源限制,传统的安全手段难以有效应用到传感器网络中,迫切需要全新的安全措施对流式数据实施全方位的防护。本文针对传感器网络的诸多特点和现有研究的不足,把流式数据安全控制与信息隐藏技术有机结合,以数据的流动过程为主线,致力于解决传感器网络数据的采集、传输和应用过程中的安全问题。包括可信的数据来源、可控的数据传输和可靠的数据应用,这些问题相互渗透、紧密关联,直接影响到整个网络和数据获取的安全。本文主要工作和贡献如下：(1)在数据来源安全方面,由于部署后的传感器节点一般难于接近,可能面临各种难以预料的安全威胁。①为保证获取数据的来源真实,提出可信的数据源过滤机制CSFM。应用CSFM机制,网络中的节点在数据发送前先嵌入身份标记,中继节点进行一致性验证后转发；若发现嵌入的标记不一致,则认为数据来源非法并中断传输,从而尽早去除可疑的数据。CSFM机制可节约网络能耗、过滤虚假数据,避免仿冒数据对监测结果的干扰,保证可信的数据来源。②针对节点标记隐藏需求,设计基于曼彻斯特码的信息隐藏算法MSHA,通过改变数据某些位的跳变来嵌入信息,隐蔽性好且不占用传输数据包的额外空间。进一步针对处于危险环境及大规模的传感器网络,设计了脆弱MSHA算法的和大容量的MSHA算法,以应对轻微的数据改动、或较多标记码的嵌入。实验结果表明MSHA算法能较好隐藏节点的标记信息,应用CSFM机制可有效检测并验证采集数据的完整性和真实性,过滤非法数据,保证可信的数据来源。(2)在数据传输安全方面,应用于国防军事等重要领域的传感器网络,采集的数据由于涉及一些敏感、机密内容,而无线信道暴露的弱点使得数据可能在传输中被拦截或篡改。现有的加密安全解决方案计算复杂度高,且由于密钥数量巨大,存在管理、分配方面诸多不完善,实际应用难度大。①为保证网络获取的涉密信息能安全送达,设计了基于信息隐藏技术的安全传输策略,利用被监控信道传输机密信息。并提出大容量的流式数据隐藏算法HCHA,在设置的数据范围内扩大嵌入位,以牺牲数据精度换取涉密信息的嵌入,算法在嵌入容量和隐蔽性中得到折衷。仿真实验证明HCHA算法具有很好的嵌入容量,同时对敏感信息的隐藏传输节约网络能耗。②为避免入侵者对网络造成更大的危害,研究基于移动传感器的节点检测及恶意对象隔离问题。提出最小危害覆盖遍历问题MDCT,并设计用作移动传感器调度的加权层次遍历算法WHIA。移动传感器在不知道全网节点位置信息情况下,逐层覆盖遍历检测网络中的节点,对发现的恶意节点进行隔离。仿真实验结果表明,WHIA算法用较低的开销达到近似最优的效果,有效控制网络中数据的安全传输。(3)在数据应用安全方面,由于加密处理计算量巨大,且数据解密后难以控制,为避免流式数据被滥用、未授权的传播及非法拷贝,研究用作版权保护、泄密追踪的流式水印算法。①为增强流式水印的隐蔽性,提出基于虚拟分组的流式水印算法VGWA。通过对流式数据构造虚拟剩余类组,分组进行水印的嵌入；且水印不是直接嵌入到数据中,而是依照数据的次LSB位值作双重筛选,对各组选出的数据赋相同随机数。提取时先找回分组中的嵌入数据,统计数字频度并依阈值判断得到嵌入信息。实验结果表明VGWA算法嵌入的水印标记均匀、分散,隐蔽性好,且具有一定的鲁棒性能。②针对感知结果精度要求高的传感器网络应用,提出无损的流式水印算法LSWA,水印嵌入过程不改变数据的值。嵌入时先从数据包中选取参照对,通过调整数据顺序以改变对状态而嵌入水印。并设计了在线提取和离线检测两种模式,分别用于实时的数据真伪验证及对盗版数据的版权认证。实验中使用上述两种模式,均能较好对数据实施认证。③针对遭遇传输丢失及恶意删除的数据,提出基于喷泉编码的鲁棒流式水印FCSW。利用喷泉编码抗删除的特性,对待嵌水印进行编码后嵌入,以增强水印的鲁棒性；并设计了改进的Raptor编码MRC,使编码的抗删除性能更为稳定。即使发生数据丢失,只要能获取一定数量的编码,仍能较好提取隐藏标记,从而有效保护数据版权。仿真实验表明,MRC编码对不同量的编码数据具有稳定的抗删除性能,FCSW算法对于数据丢失、删除均有较好的鲁棒性。综上所述,本文针对无线传感器网络中数据采集、传输及应用过程中存在的安全问题,利用信息隐藏技术隐蔽、低耗的特性,以不同的应用场景和需求为主线提出了合理、有效的解决方案。非常适合流式数据的需求和无线传感器网络的特点,能有效防止对数据的各类攻击,给传感器数据安全保护提供了新思路,对推进流式数据安全研究及传感器网络实用化具有较好的理论意义和应用价值。更多还原

【Abstract】 Wireless sensor networks (WSNs) have great potential in embedded technologies and microelectronics. The security of WSNs has become the major concern of many researchers. It is a key issue for protecting the whole process of streaming data flowing, especially in data-centric WSNs. The traditional strategies are difficultly applied into WSNs because of the limitation of computation and resource. Some new security mechanisms are urgently required for comprehensive protecting to the streaming data.Aiming at the features of WSNs and the lack of existing technologies, combining the security control to streaming data and IH technology, taking the data flowing as the main line, we are trying to solve the security problem in the whole course of data acquiring, transmitting and application in WSNs. The trusted data source, controlled data transmission and reliable data application, are interpenetrating and closed connection, which are directly affecting the network security and the obtained data. The main works are as follows.(1) For the data source security, it is possible to face different security threat that is difficult to forecast.①For ensuring the authenticity of data sources, we propose a Creditable Source Filtering Mechanism (CSFM). The sensor embeds the identity into data before sending, and the immediate node validates the consistency of mark. It will transmit the data to the next when it passed the validation, otherwise to terminate the communication for filtering the suspicious data. We can obtain the goal of saving consumption and filtering the fake data by using CSFM, which is avoid of disturbing the sensing results and ensures the authentic data sources.②In order to hide the mark into data, we propose a Manchester-code-based Streaming Hiding Algorithm (MSHA). We embed the mark by changing the switching state of some bits of data. The hidden mark has good invisibility and does not occupy the extra space in packets. Furthermore, we develop the fragile MSHA and high capacity MSHA in cope with slight data changed and long mark embedded, which is for danger application and big size network respectively. The simulation result show that MSHA can hide the identity of node well invisible, CSFM ensures the credible data source by validating the authentic and the integrity of data and filtering the invalid data.(2) For the data transmission security, the data have the risks of being intercepted and tampered in the wireless communication, especially involving with some sensitive or secret content in national defense and military applications. Traditional cryptography solutions are difficult to practice for much faultiness such as high computation cost and huge key management.①To ensure that the obtained secret-associated information can be transported to Sink safely, we design a secure data transmission strategy based on IH to utilize the monitored channel for secret transmitting. Additionally, we propose a High Capacity Hiding Algorithm (HCHA) for enormous data embedding. HCHA enlarges the embedding position within the accepted range of data, which sacrifices data precision for more information hidden. The simulation results demonstrate that HCHA has the tradeoff between the capacity and the invisibility. It has good capacity while reduce the energy consumption for sensitive data transmitting covertly.②To avoid more damage into WSNs, we study the problem of adversaries detecting and isolating based on the mobile sensor. Firstly, we propose the Minimal Damage Coverage Traversing (MDCT) problem. Then, Weighted and Hierarchical Isolating Adversaries (WHIA) algorithm is designed and implemented. The mobile sensor makes decision by weighing both the significance and the priority of nodes level by level while only use local position message. It will cut them for communication from the trusted nodes when finding malicious nodes. The simulation results show that WHIA can isolate malicious node, alleviate the damages of network, and hence increase the robustness of WSNs against adversaries.(3) For the data application security, there is a problem that cryptography is high computation cost and the decrypted data are difficulty to control. We study the streaming watermarking algorithm for copyright protection and traitor tracing aiming at the threat of streaming data misuse, unauthorized spread and illegal copy.①In order to increasing the invisibility of watermarking, we propose a Virtual Grouping-based Watermarking Algorithm (VGWA). VGWA first constructs the virtual residual group by constructing a complete residual system. Then it embeds one bit in each group by setting a random number to a specific position according to the second-LSB of data instead of embedding directly. The mark is retrieved in groups by comparing with the threshold, which is set according to the distribution probabilities of data, with the maximum occurrence frequency of the data in the corresponding position in extraction. The simulation results show that the algorithm has a well invisibility and a good robustness while it embeds the mark evenly.②For the requirement of some high data precision applications, we propose a Lossless Streaming Watermarking Algorithm (LSWA). The mark is embedded into streaming data without modifying the value. Through adjusting the sequence of data in every packet and keeping the value of the data unchanged, we embed the watermark into the streaming data. Then we design online extraction for authenticity validating and off-line detection for copyright proofing to the segment of data. The experiment results demonstrate that LSWA has good efficiency.③To solve the problem of the missed data when transmitting and the malicious deleted the data, we further propose a Fountain Code-based Streaming Watermarking (FCSW). Utilizing the anti-erasure feature of Fountain Code, we encode the mark before embedded for increasing robustness. Then we design the modified Raptor code (MRC) to steady the performance of anti-erasure. We also extract the hiding mark even that there are data losed when we obtain a certain number of codes. The simulation results show that MRC code has equable anti-erasure performance and FCSW is robust to data losing and deleting.In summary, we present solutions to several key problems of data security in data acquiring, transmitting and application. Aiming at different application scenario, we propose a reasonable and effective solution, which has theoretical and practical value for advancing the theory and practicability of reliable data transmission in wireless sensor networks.更多还原