节点文献
无线传感器网络中若干安全问题研究
Several Security Issues in Wireless Sensor Networks
【作者】 陈海光;
【导师】 高传善;
【作者基本信息】 复旦大学 , 计算机应用技术, 2008, 博士
【摘要】 无线传感器网络有着广泛的应用前景,但安全性是影响其发展的一个重要问题。本文对无线传感器网络中的若干安全相关问题展开了研究。本文的第一部分工作主要在无线传感器网中建立信任等级以此来加强其安全性。与传统的信任等级方案不同,我们认为网络存在不可靠性和不确定性,尤其在无线网络中。文中我们引入了“确认值”的概念来建立信任等级,并分析了证据空间、确认值和信任等级之间的一些性质,同时还建立了信任等级值的计算和分发模型。另外,本章在基本信任等级模型的基础上,针对一个节点只有一个信任等级值的不足,提出了基于事件的信任等级改进算法,每个节点根据其处理事件的种类不同可以存在多个信任等级,以此来加强网络的安全性,提高无线传感器网络的整体性能,延长节点在网络中的存活时间,提高节点的协作能力。在第一部分工作中。本文的主要创新点在于建立了基于不完全证据空间上的“确认值”,从而得到信任等级来加强无线传感器网络的安全;同时还建立了同一个节点基于不同事件的多个信任等级值的模型来提高网络的整体性能。本文的第二部分工作主要针对无线传感器网络中的各种DoS攻击设计了一个具有通用性的入侵检测模型。在无线传感器网络中部署监视节点和普通节点两类节点,其中监视节点通过监听无线信道得到普通节点的行为信息以及网络的当前状态,然后通过事先定义好的一些规则对收集到的信息进行检查,如果发现有不符合规则的行为信息,则产生报警信息。然后将该信息丢弃;如果还有余下的信息,则使用网络特征检测方式进行检测,如果还有不确定的数据,表明需要更多的信息来判断是否有入侵行为发生。在第二部分工作中,本文的主要贡献在于提出了一种通用的入侵检测机制,可以检测到已知类型的DoS攻击,同时还可以发现一些未知类型的攻击。本文的第三部分工作主要涉及无线传感器网络的会话密钥管理。由于无线传感器网络节点的资源受限,密钥管理是无线传感器网络中一个十分具有挑战性的问题。本文提出了一种基于信息的新型会话密钥管理模型,该模型根据相邻节点直接通信的特点,只需要在邻居节点间建立会话密钥,减少节点存储密钥空间;该机制将密钥更新和信息传递一起进行,还可以减少节点间更新会话密钥的传递通信开销,节约了能耗。另外,由于每次会话过程中,使用的加密和解密密钥都不相同,可以有效地防止物理攻击和信息偷听等攻击,有效地提高了系统抵抗攻击的能力。在第三部分工作中,本文的主要贡献是在资源有限的节点中,建立了基于信息的动态会话密钥更新机制来增强系统的安全性。
【Abstract】 Wireless Sensor Networks has a wide application, but the security is still an important issue. We extend our work on several hot security-related topics in Wireless Sensor Networks.The first part of our work focuses on building up a trust system in Wireless Sensor Networks to enhance its security. Our trust system is different from traditional trust systems. We suggested a new term "certainty" used in trust system to build trust rating because there is unreliability and uncertainty in Wireless Sensor Networks. We discuss some important properties of evidence space, certainty and trust-rating, and we build up a model to calculate and distribute the trust-rating in Wireless Sensor Networks. Finally, we build a new trust model which based on event. In the new model, a node has several trust-rating which based on different event. The new model is different from the based trust model. A node has one trust rating in the based system model. Our new model can enhance the security, prolong the lifetime of nodes and improve the collaboration in Wireless Sensor Networks. The contribution of this work is suggested a new term "certainty" based on incomplete evidence space, and we use the certainty to build up trust rating to enhance the security in Wireless Sensor Networks. We also propose an event-based trust model to improve the performance of networks.The second part of our work is concerning DoS attacks in Wireless Sensor Networks. We propose a generic intrusion detection scheme for these attacks. In our scheme, there are monitor nodes and sensor nodes in Wireless Sensor Networks, the monitor nodes are listenning the channel then get the behavior data of sensor nodes and the state of the networks. At first, the monitor node use Pre-defined rules to check these data. If the monitor nodes find any data fail in any rules then to alarm and discard the data. If all the rules has been used and there is still data left, then the monitor nodes use key feature to check the left data and to find intrusion. When all the features has been used and still data left then the monitor node collect more data to check. The main contribution in this work is that we propose a generic intrusion detection scheme to detect all kinds of DoS attacks. Our scheme not only can detect some known attacks fast in Wirless Sensor Networks but also potentially applicable to detect some unknown attacks in Wireless Sensor Networks.The third part of our work is concerned with session key management in Wireless Sensor Networks. Due to the resource constraints, key management has been a quite challenging problem in Wireless Sensor Networks. We propose a new kind of message-based session key management schemes. In our scheme, only the direct neighbor node need to build session keys due to there is immediate communication, and our scheme can reduce the storage space for session keys.The process of exchanging message goes with updating session keys, and reduces the overhead of updating session keys on communication. By using dynamic updating session keys, the encryption and decryption keys are different every time while deal with the communication message. Our scheme can effectively prevent Physical attacks and Eavesdropping to enhance the security resilience. Our main contribution in this work focuses on the dynamic updating the session keys in resource constrainted sensor nodes to enhance the networks security
【Key words】 Wireless Sensor Networks; Key Management; Session Key; Intrusion Detection; Trust-rating;