节点文献

无线传感器网络密钥管理方案研究

Research on Key Management Schemes in Wireless Sensor Networks

【作者】 应必娣

【导师】 仇佩亮;

【作者基本信息】 浙江大学 , 通信与信息系统, 2008, 博士

【摘要】 随着微电子通信技术的进步,无线传感器网络(Wireless Sensor Networks,WSNs)被广泛应用于环境检测、军事监视等对开放性要求较高的环境中。由于WSNs应用环境的开放性,部署区域的物理安全无法保证,使得WSNs中传感节点易被捕获,从而对WSNs形成攻击,泄露传感节点所携带的信息。因此传感节点安全交换信息技术已成为WSNs应用技术中主要的研究课题之一。在WSNs安全机制中,认证和加密是最重要的模块,其中任意两个传感节点之间建立一对一密钥是安全服务的基础。近年来,国内外学者提出多种WSNs的密钥管理方法,其中基于对称密码体制的的密钥预分配管理方法,相比其他方法有较大的优势,更加适用于资源严格受限的WSNs,所以国内外多数研究成果都是在此基础上提出的。但是,这些研究没有考虑部署区域中的不规则性而引起的边界区域问题和传感节点的能量消耗不均衡问题。因此,本文以节省存储开销、计算开销、通信开销、提高网络的安全性、密钥连通度为动机去探索新的WSNs密钥管理方法,使得研究成果具有实用价值。本文具体研究成果和结论如下:1)提出了一种能量均衡的密钥管理方案。在WSNs应用中,传感节点建立共享密钥对之后,各个传感节点的能量消耗不均衡,从而对整个网络造成影响。因此为提高WSNs的能量均衡性,本文提出能量均衡的密钥管理方案。该方案通过传感节点的能量大小建立源传感节点到目的传感节点的多条传感节点不相交路径,然后根据传感节点的最小最大能量原理选择一条合适的传感节点不相交路径作为源传感节点和目的传感节点协商路径密钥的通道。仿真结果表明,该方法能够提高网络的能量均衡性。2)提出一种基于位置的密钥管理方案。已有的利用部署信息的密钥管理方案由于局部连通率与安全性之间存在矛盾,因此本文在已有算法基础上给出基于位置的密钥管理方案。在该方案中,相邻核心组的子密钥池之间的共享密钥由重叠因子决定,而非核心组的子密钥池从相邻核心组的子密钥池获取密钥。通过该思想可以降低子密钥池大小,从而提高局部连通率。本文分两种情况加以讨论:1)密钥随机产生的情况下的局部连通率和网络安全性;2)密钥通过对称多项式产生的情况下的局部连通率和网络安全性。结果表明该方案在保证网络的安全性下能够提高网络的连通度和降低传感节点的通信开销。3)提出一种基于不规则区域的密钥管理方案。在WSNs应用中,传感节点可能部署在峡谷、河岸、海湾等不规则区域上,但现有的大部分密钥管理方法都基于部署区域规则的假设,无法解决因不规则的地理形状而带来的边界区域问题。本文研究了不规则网络下的密钥预分配方案。根据不规则网络的形状给出纵向与横向大小不同的位置关联而形成部署子密钥池,组内的传感节点从对应的部署子密钥池中选取密钥。目前密钥的产生方法主要有三种:1)密钥通过矩阵空间(组合理论)产生;2)密钥随机产生;3)密钥通过对称多项式产生。本文对这三种不同密钥产生的密钥管理方案进行性能分析与仿真验证。结果表明该方案能够解决不规则区域的边界问题。该方案具有实用价值和创新性。4)提出了一套有效的、安全的密钥管理综合评价系统。上述所提出的各种密钥管理方法各有侧重点,适用于不同的需求。但是,对现有的各种密钥管理方法如何进行选取来保证WSNs安全已成为传感器网络应用的关键。本文提出了一种密钥管理综合评价系统。该评价体系构建一个由四个性能指标组成的评价函数,用于根据WSNs不同的需求环境,对各种密钥管理方法进行评价选取。

【Abstract】 Wireless sensor networks (WSNs) are ideal candidates to monitor the environment such as military surveillance, forest fire monitoring. In some WSNs military application scenarios, if a sensor is compromised or captured, the information on the sensor is disclosed to the adversary, and then its operation may be manipulated by the adversary. Therefore, security becomes one of the main concerns. However, providing security services in such networks turns out to be a challenging task due to the resource constraints on sensors and the sensor compromise attacks. These features and challenges motivate the research on security services such as encryption and authentication for sensor networks.Encryption and authentication are the most important modules in the security framework, especially encryption messages among sensors. Due to resource constraints, some key management schemes, such as the key distributed center scheme and the public key scheme, are not suitable for WSNs. Key pre-distribution schemes whose keys are pre-installed into sensors have been studied for a few years. However these schemes can not take application scenarios such as irregular deployment regions and energy-balancing into consideration. Thus, this paper studies how to achieve the key management schemes’ performances including connectivity, security, and memory usage/computational capabilities from deployment information, energy-balancing and irregular deployment regions.The main conclusions are as follows:1) After establishing direct-keys between neighbor sensors, sensors in the network are different in energy consumption. Thus they can bring bad effects to the network. We propose an energy-balancing key management scheme in distributed sensor networks in order to improve network energy balance. This scheme establishes energy-based sensor-disjoint paths and then chooses a good sensor-disjoint path by which two sensors negotiate an indirect key according to the Min-Max energy method. Compared with the conventional proposals, the proposed scheme provides good energy balance while still maintaining high network resilience.2) There is a contradiction between security and local connectivity in the proposed schemes using a priori area deployment information. Thus, we study a location-based key management (LKM) scheme. In this scheme, we separate the network into core groups which select keys from neighbor core groups and non-core groups which select keys from neighbor core groups. We take the LKM scheme and the LKM-Polynomial (LKM-P) scheme which keys are generated by polynomials into analysis and simulation. Simulations show that these two schemes achieve a high local connectivity, and enhance the network resilience against sensor capture.3) Many sensors are deployed over a vast terrain, such as a canyon and a fjord. Some proposed schemes using deployment information are difficult when there are obstacles and holes in the network topology and can not deal with the problem of boundary regions. We discuss how to exchange messages among sensors in the irregular sensor networks, and analyze the whole network local connectivity in details. Theoretical and experimental analysis demonstrates that our method effectively resolves the exchange messages among sensors in the irregular region.4) The various key management schemes have focused on different aspects and applications. How to select a good scheme among them becomes a key for the applications of WSNs. We propose an effective system that is constructed by four performances to evaluate those key management schemes.

  • 【网络出版投稿人】 浙江大学
  • 【网络出版年期】2009年 06期
  • 【分类号】TN918;TP212.9
  • 【被引频次】9
  • 【下载频次】734
  • 攻读期成果
节点文献中: