分簇无线传感器网络中基于横截设计的对密钥建立方案

由于节点能量有限、存贮空间小等特点,使传统的网络密钥管理方案受到挑战。该文基于横截设计、双变量多项式和门限机制,提出了适用于分簇结构传感器网络的对密钥建立方案和多路径密钥建立策略。该方案采用横截设计保证同簇内节点可以直接建立对密钥,而不同簇的节点可以基于门限机制构建多路径密钥。理论和实验分析表明,新方案在增强安全性、连通性和抗毁性的同时,有效地降低了通信量及密钥存储量等代价,并且具有良好的可扩展性。     

WSN的网络安全管理机制研究

本文提出一种基于多项式的WSN密钥管理方案.基站通过计算节点秘密信息构成的多项式来生成网络的全局密钥,节点通过全局密钥可以认证网络中的合法节点.节点用全局密钥经过对称多项式密钥交换来生成与簇头节点之间的会话密钥.该方案能够动态更新密钥,从而解决了由于节点被捕获所导致的信息泄露、密钥连通性下降和密钥更新通信开销大等问题.性能分析表明,该方案与现有的密钥预分配方案相比,具有更低的存储开销、通信开销、良好的扩展性和连通性.     

低轨卫星网络中基于轨道分簇的密钥更新算法

该文提出一种基于轨道分簇的低轨(LEO)卫星网络密钥更新算法,即RAOC算法。该算法根据运行轨道特性对LEO卫星网络进行分簇,通过动态产生密钥更新发起节点和簇首节点完成LEO卫星网络的密钥更新。RAOC算法提出一种基于密钥更新锁的密钥更新状态描述方法,以确保密钥更新的一致性。仿真结果表明,与目前LEO卫星网络基于地基测控网和天基测控网的密钥更新算法相比,RAOC算法能自主完成LEO卫星网络的密钥更新,并能提高LEO卫星网络密钥更新的效率。     

无线传感器网络中基于EBS的高效安全的群组密钥管理方案

为了保证无线传感器网络(WSN)群组通信的安全性,设计了一种基于EBS的群组密钥管理方案.提出方案首先通过合并链状簇和星型簇简化无线传感器网络的拓扑结构,然后通过增加网络被捕获时所需入侵节点的数量来防止攻击者通过少量共谋节点得到所有管理密钥,之后利用图染色算法对分配密钥组合的节点进行排序,并依据海明距离和EBS方法对网络中的传感器节点进行管理密钥分配.在此基础上给出了对传感器节点的加入和离开事件进行处理的方法.在有效性和性能分析阶段,首先通过2个实验分别对提出方案中共谋攻击的可能性和入侵节点数量对网络抵抗共谋攻击能力的影响进行分析,实验结果表明提出方案增强了WSN抵抗共谋攻击的能力;然后对提出方案和SHELL在加入事件和离开事件时的系统代价进行比较,结果表明提出方案所需的密钥更新消息数量和传感器节点存储量均小于SHELL方案.     

面向WSN的双向认证与密钥协商方案设计

由于无线传感器网络（Wireless Sensor Network,WSN）节点计算能力等资源受限，如何使用较少的计算量实现节点间的认证与密钥协商以保证通信安全一直是研究的热点。针对基于对称密码的认证方案网络扩展性较差、密钥更新困难的问题，以及基于非对称密码的认证方案计算资源开销大的问题，面向WSN安全需求，提出了一种基于身份的非双线性节点认证与密钥协商方案，以椭圆曲线密码算法（Elliptic Curve Cryptography,ECC）为基础，实现了通信节点之间的双向认证、会话密钥协商、确认和更新。分析表明，方案可以满足无线传感器网络节点密钥协商过程所需的几种典型的安全属性，且在资源消耗上有所优化。     

一种新的基于辛空间的密钥预分配方案

密钥预分配是无线传感器网络中最具挑战的安全问题之一。 该文基于有限域上辛空间中子空间之间的正交关系构造了一个新的组合设计,并基于该设计构造了一个密钥预分配方案。令V 是有限域上8维辛空间中的一个(4,2)型子空间,V 中每一个(1,0)型子空间看作密钥预分配方案中的一个节点,所有的(2,1)型子空间看作该方案的一个密钥池。将整个目标区域划分为若干个大小相同的小区,每个小区有普通节点和簇头两种类型的传感器节点。小区内的普通节点采用基于辛空间的密钥预分配方案分发密钥,不同小区内节点所用密钥池互不相同,因此不同小区内的节点需通过簇头建立间接通信,不同小区内簇头采用完全密钥预分配方式分发密钥。与其他方案相比,该方案的最大优势是网络中节点的抗捕获能力较强,且随着网络规模的不断扩大,网络的连通概率逐渐趋于1。     

无线传感器网络的轻量级安全体系研究

结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。     

一种基于EBS的无线传感器网络动态密钥管理方法

设计安全合理的密钥管理方法是解决无线传感器网络安全性问题的核心内容。基于Exclusion Basis System (EBS)的动态密钥管理方法由于安全性高,动态性能好,节约存储资源,受到了广泛关注。但同时存在共谋问题,即对于被捕获节点通过共享各自信息实施的联合攻击抵抗性较差。针对这一问题,该文利用一种特殊形式的三元多项式(同化三元多项式)密钥取代EBS系统中的普通密钥,并在分簇式的网络拓扑结构基础上,设计了一种基于EBS的无线传感器网络动态密钥管理方法。仿真与分析结果表明,相比于采用普通密钥或是二元多项式密钥的方法,该文方法不仅可以有效地解决共谋问题,提高网络对被捕获节点的抵抗性,而且显著减低了更新密钥过程中的能量消耗。     

WSN中基于乱序多项式对偶密钥的攻击方案

针对Guo等的WSN中基于乱序对称多项式的对偶密钥方案提出一种攻击方案。通过构造黑盒的方式,对多项式进行攻击,通过整体求解多项式集合,而不是求解单个多项式的方式,使多项式的排列顺序在多项式的破解中失去作用,从而实现乱序多项式的破解。定理证明和实例分析表明Guo等的方案不能抵御大规模节点俘获攻击,未能突破多项式的容忍门限,是一种不安全的方案。     

基于按对平衡设计的异构无线传感器网络密钥预分配方案

利用异构无线传感器网络中普通节点和簇头节点间的差异性,基于中心可分解型按对平衡设计构造了异构的节点密钥环,设计了2种密钥预分配方案DCPBD和VDCPBD.其中,DCPBD利用了中心可分解类型PBD,将普通区组作为普通节点的密钥环,将特殊区组作为簇头节点的密钥环.VDCPBD基于DCPBD进行了扩展,将单一核密钥替换为基于另一密钥池进行SBIBD设计出的簇间密钥环,减小了DCPBD由于单个簇头节点被俘后对整个网络抗毁性的影响.由于在设计时考虑了节点的异构特性,使用确定性方法构造了异构密钥环,使得在保持密钥连通率不变的前提下获得了更低的空间复杂度.仿真实验表明,2个方案都支持大规模网络,且单跳密钥连通率随网络规模增大而趋近于1,2跳连通率恒为1.VDCPBD还具备了更强的抗节点捕获能力和更好的网络可扩展性.     

An unequal cluster-based routing scheme for multi-level heterogeneous wireless sensor networks

In wireless sensor networks (WSNs), clustering can significantly reduce energy dissipation of nodes, and also increase communication load of cluster heads. When multi-hop communication model is adopted in clustering, “energy hole” problem may occur due to unbalanced energy consumption among cluster heads. Recently, many multi-hop clustering protocols have been proposed to solve this problem. And the main way is using unequal clustering to control the size of clusters. However, many of these protocols are about homogeneous networks and few are about heterogeneous networks. In this paper, we present an unequal cluster-based routing scheme for WSNs with multi-level energy heterogeneity called UCR-H. The sensor field is partitioned into a number of equal-size rectangular units. We first calculate the number of clusters in each unit by balancing energy consumption among the cluster heads in different units. And then we find the optimal number of units by minimizing the total energy consumption of inter-cluster forwarding. Finally, the size of clusters in each unit is elaborately designed based on node’s energy level and the number of clusters in this unit. And a threshold is also designed to avoid excessive punishment to the nodes with higher energy level. Simulation results show that our scheme effectively mitigates the “energy hole” problem and achieves an obvious improvement on the network lifetime.     

A collaborative node management scheme for energy-efficient monitoring in wireless multimedia sensor networks

Clustering in sensor networks provides energy conservation, network scalability, topology stability, reducing overhead and also allows data aggregation and cooperation in data sensing and processing. Wireless Multimedia Sensor Networks are characterized for directional sensing, the Field of View (FoV), in contrast to scalar sensors in which the sensing area usually is more uniform. In this paper, we first group multimedia sensor nodes in clusters with a novel cluster formation approach that associates nodes based on their common sensing area. The proposed cluster formation algorithm, called Multi-Cluster Membership (MCM), establishes clusters with nodes that their FoVs overlap at least in a minimum threshold area. The name of Multi-Cluster Membership comes from the fact that a node may belong to multiple clusters, if its FoV intersects more than one cluster-head and satisfies the threshold area. Comparing with Single-Cluster Membership (SCM) schemes, in which each node belongs to exactly one cluster, because of the capability of coordination between intersected clusters, MCM is more efficient in terms of energy conservation in sensing and processing subsystems at the cost of adding complexity in the node/cluster coordination. The main imposed difficulty by MCM, is the coordination of nodes and clusters for collaborative monitoring; SCMs usually assign tasks in a round-robin manner. Then, as second contribution, we define a node selection and scheduling algorithm for monitoring the environment that introduces intra and inter-cluster coordination and collaboration, showing how the network lifetime is prolonged with high lifetime prolongation factors particularly in dense deployments.     

MUQAMI+: a scalable and locally distributed key management scheme for clustered sensor networks

Wireless sensor networks (WSN) are susceptible to node capture and many network levels attacks. In order to provide protection against such threats, WSNs require lightweight and scalable key management schemes because the nodes are resource-constrained and high in number. Also, the effect of node compromise should be minimized and node capture should not hamper the normal working of a network. In this paper, we present an exclusion basis system-based key management scheme called MUQAMI+ for large-scale clustered sensor networks. We have distributed the responsibility of key management to multiple nodes within clusters, avoiding single points of failure and getting rid of costly inter-cluster communication. Our scheme is scalable and highly efficient in terms of re-keying and compromised node revocation.     

一种用于水声传感网的MAC层协议

针对分簇的水声传感网,提出了一种基于时分多址（TDMA）的MAC层协议——Cluster-TDMA。该协议主要由规划阶段和传输阶段组成。规划阶段,首先由网关节点规划能造成簇间干扰的子节点的传输,其次由各簇头节点分别规划本簇内其他子节点的传输;传输阶段,子节点根据规划表周期性地向簇头节点发送数据,这些数据最终汇聚到网关节点。该协议简单有效地解决了引起簇间干扰子结点的传输规划问题。C++仿真实验表明,该协议具有良好的吞吐率和能量效率性能。     

Constructing a MANET Based on Clusters

This paper proposes a scheme for constructing a mobile ad hoc network (MANET) based on clusters. The proposed MANET architecture is made up of two hierarchies. One hierarchy is the backbone network which is made up of cluster heads and associate nodes, and the other hierarchy is the cluster which is made up of one cluster head and multiple cluster members. In the proposed cluster generation algorithm, the number of potential cluster members is used as a metric, and it is always the new node with the maximum number of potential cluster members that is elected as a cluster head. In this way, the number of cluster heads is minimized. In this scheme, only one associate node is used to achieve the communication between two cluster heads, so the number of nodes included in the backbone network is minimized. This scheme also proposes the cluster merging algorithm in order to maintain the minimum number of cluster heads. In the proposed cluster repair algorithm, if a cluster head fails/moves out of the cluster, then a new cluster head is elected to maintain the cluster stability. From the perspective of the cluster stability, this paper analyzes the performance parameters of the proposed scheme, and the data results show that the proposed scheme improves the MANET stability.     

Energy-balanced unequal clustering protocol for wireless sensor networks

Clustering provides an effective way to prolong the lifetime of wireless sensor networks.One of the major issues of a clustering protocol is selecting an optimal group of sensor nodes as the cluster heads to divide the network.Another is the mode of inter-cluster communication.In this paper,an energy-balanced unequal clustering(EBUC)protocol is proposed and evaluated.By using the particle swarm optimization(PSO)algorithm,EBUC partitions all nodes into clusters of unequal size,in which the clusters closer to the base station have smaller size.The cluster heads of these clusters can preserve some more energy for the inter-cluster relay traffic and the 'hot-spots' problem can be avoided.For inter-cluster communication,EBUC adopts an energy-aware multihop routing to reduce the energy consumption of the cluster heads.Simulation results demonstrate that the protocol can efficiently decrease the dead speed of the nodes and prolong the network lifetime.     

Cluster-Based and Distributed IPv6 Address Configuration Scheme for a MANET

In a Mobile Ad hoc Network (MANET), after a mobile node is configured with a unique IP address it can perform the unicast communications. In order to reduce the address configuration cost and shorten the latency, this paper proposes an IPv6 address configuration scheme for a MANET. In the scheme, the cluster-based architecture is proposed. In the architecture, the clustering mechanism is combined with the address configuration process in order to achieve the low-cost and low-latency address configuration for all nodes in a MANET. Based on the architecture, the distributed address configuration algorithm is proposed. In the algorithm, a cluster member acquires an address from a cluster head within one-hop scope, so the address configuration task is distributed around cluster heads. In this way, the address configuration in different clusters can be performed in parallel, so the address configuration delay is shortened and the network scalability is improved. The address reclamation/maintenance algorithm is also proposed so that the address resources released by failed nodes can be rapidly recovered for reuse. Finally, the merging/splitting algorithm is proposed in order to ensure that no address collision happens in a MANET. This paper analyzes the performance parameters of the proposed scheme, and the data results show that the proposed scheme effectively reduces the address configuration cost and shortens the delay.     

基于多层分簇的北斗卫星导航系统拓扑结构与路由策略

针对网络拓扑动态变化和路由多重选择等问题,空间节点按其属性划分为3个不同的物理簇,各簇可按需要进行下一级子簇的划分,建立了基于多层分簇架构的动态网络拓扑演化模型,从MEO独立运行、GEO和MEO协同运行2个方面研究了导航系统的路由策略。设计了基于簇管理者、簇首和簇成员的三级信息传输与分发机制。通过分簇和子簇间边界节点的设置,实现了簇间的拓扑变化相互屏蔽、独立的组网路由策略和子簇间的信息交互,减小了网络管理和路由计算的复杂度。     

A cost‐effective attack matrix based key management scheme with dominance key set for wireless sensor network security

To guarantee the proper functionality of wireless sensor network even in the presence of the potential threats, a well‐designed key management scheme is very important. The assumptions about attackers critically influence the performance of security mechanisms. This paper investigates the problem of node capture from adversarial view point in which the adversary intelligently exploits the different vulnerabilities of the network to establish a cost‐effective attack matrix. To counteract such attacks, the defender or the network designer constructs similar attack matrix. The defender will identify a set of critical nodes and use the key compromise relationship to assign a key dominance rank to each node of the network. The key dominance rank quantifies the possibility of attack on a particular node. It is used to determine the hash chain length. It is also used to improve the security of path key establishment as well as rekeying of the proposed scheme. The performance of the proposed scheme is analyzed with other existing schemes, and it is shown that it outperforms with increased resilience against node capture, reduced number of hash computations, reduced key compromise probability of proxy nodes, and reduced number of revoked links during rekeying process.