密钥传播在传感器网络中的应用

由于传感器节点资源有限,传感器网络密钥管理极具挑战性.建立用于分析密钥传播协议安全性的概率模型,提出基于组的密钥传播协议,增强密钥传播的安全性能;结合密钥传播与密钥预分配协议,提出基于组和预分配的传感器网络密钥建立协议.分析结果表明,密钥传播及其增强协议寻求有限资源与安全性能的折中,适用于大规模微型传感器网络.     

基于区域的异构无线传感器网络密钥管理

密钥管理是无线传感器网络中极具挑战性的安全问题之一.在随机密钥预分配方案的基础上,提出一种利用节点部署知识和已知区域信息的异构无线传感器网络密钥预分配方案,并分别从网络连通性、节点内存需求和安全性等方面对方案进行性能评价和模拟仿真.结果表明,相比现有密钥管理方案,本方案能提高网络的连通性,减小节点所需存储空间,并增强网络抗攻击能力.     

无线传感器网络的多空间密钥预分配方案

针对无线传感器网络的安全性要求,分析R.Blom的密钥预分配方案,并在此基础上做出改进,提出了多空间密钥预分配方案:为无线传感器网络中的每一个传感器节点构建多个密钥空间,并通过节点间的共同密钥空间使每个节点对之间都形成一个成对密钥。通过仿真实验测试该方案的安全性,实验结果认为该方案对于该方案对节点捕获攻击具有较高的弹性。     

基于混沌映射的密钥预分配方案

文中提出一种新的无线传感器网络密钥预分配方案——基于混沌映射的密钥预分配方案CMKP（Chaos Mapping based Key Pre-distribution）。CMKP方案利用整数混沌映射产生具有良好随机性和自相关性能的混沌序列形成密钥池,其传感节点只需存储密钥池中部分密钥的密钥标识ID,改进了节点会话密钥计算方法。性能分析结果表明：在不增加通信开销的同时CMKP方案能够提高无线传感器网络的连通概率和安全性能。     

一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

一种基于ID的传感器网络密钥管理方案

对偶密钥的建立是无线传感器网络的安全基础,它使得节点之间能够进行安全通信。但是由于节点资源的限制,传统的密钥管理方法在传感器网络中并不适用。在分析了现有密钥预分配协议的前提下,该文提出一种新的基于ID的密钥预分配协议。此协议用计算和比较散列值的方式替代广播方式协商密钥,减少了传感器节点大量的通信消耗。然后,分析了所提出方案的安全性、通信量和计算量,并和已有协议进行了比较。结果表明本文的方法不仅能保证安全性,而且节约了大量通信资源。     

无线传感器网络密钥管理

无线传感器网络密钥管理极具挑战性,不仅因为传感器节点拥有的资源有限,不宜采用非对称密码技术,同时也因为传感器节点暴露在恶劣甚至敌对环境中,易于被敌手俘获。虽然目前提出许多密钥分配协议,但没有一个协议能在扩展性、共享密钥概率、存储代价和抵御节点俘获攻击等方面同时具有良好性能。密钥管理协议采用的技术必须与具体网络需求和传感器节点拥有的资源一致。分析和评估了典型的密钥管理方案和协议,并指出了该方向存在的开放问题及今后的发展趋势。     

无线传感器网络中基于EBS的高效安全的群组密钥管理方案

为了保证无线传感器网络(WSN)群组通信的安全性,设计了一种基于EBS的群组密钥管理方案.提出方案首先通过合并链状簇和星型簇简化无线传感器网络的拓扑结构,然后通过增加网络被捕获时所需入侵节点的数量来防止攻击者通过少量共谋节点得到所有管理密钥,之后利用图染色算法对分配密钥组合的节点进行排序,并依据海明距离和EBS方法对网络中的传感器节点进行管理密钥分配.在此基础上给出了对传感器节点的加入和离开事件进行处理的方法.在有效性和性能分析阶段,首先通过2个实验分别对提出方案中共谋攻击的可能性和入侵节点数量对网络抵抗共谋攻击能力的影响进行分析,实验结果表明提出方案增强了WSN抵抗共谋攻击的能力;然后对提出方案和SHELL在加入事件和离开事件时的系统代价进行比较,结果表明提出方案所需的密钥更新消息数量和传感器节点存储量均小于SHELL方案.     

一种新的基于辛空间的密钥预分配方案

密钥预分配是无线传感器网络中最具挑战的安全问题之一。 该文基于有限域上辛空间中子空间之间的正交关系构造了一个新的组合设计,并基于该设计构造了一个密钥预分配方案。令V 是有限域上8维辛空间中的一个(4,2)型子空间,V 中每一个(1,0)型子空间看作密钥预分配方案中的一个节点,所有的(2,1)型子空间看作该方案的一个密钥池。将整个目标区域划分为若干个大小相同的小区,每个小区有普通节点和簇头两种类型的传感器节点。小区内的普通节点采用基于辛空间的密钥预分配方案分发密钥,不同小区内节点所用密钥池互不相同,因此不同小区内的节点需通过簇头建立间接通信,不同小区内簇头采用完全密钥预分配方式分发密钥。与其他方案相比,该方案的最大优势是网络中节点的抗捕获能力较强,且随着网络规模的不断扩大,网络的连通概率逐渐趋于1。     

适合于无线传感器网络的混合式组密钥管理方案

针对无线传感器网络中经常出现节点加入或退出网络的情况,提出了一种安全有效的混合式组密钥管理方案.多播报文的加密和节点加入时的组密钥更新,采用了对称加密技术;而系统建立后,组密钥的分发和节点退出后的组密钥更新,采用了基于身份的公钥广播加密方法.方案可抗同谋、具有前向保密性、后向保密性等安全性质.与典型组密钥管理方案相比,方案在适当增加计算开销的情况下,有效降低了节点的存储开销和组密钥更新通信开销.由于节点的存储量、组密钥更新开销独立于群组大小,方案具有较好的扩展性,适合应用于无线传感器网络环境.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

一种新的异构无线传感网覆盖优化算法

针对异构传感器节点在网络初期部署中产生大量覆盖面积冗余的问题，结合相关几何图形知识，以提高网络覆盖率、改善节点分布均匀度为优化目标，提出一种基于节点定向移动来减少节点两两之间覆盖冗余面积的网络覆盖优化算法。算法预先设立判定门限，通过判定两两节点之间覆盖冗余面积与设定门限的大小关系，对节点实施有向性偏移，逐一减少节点之间的覆盖冗余面积。理论分析与实验仿真证明，该算法能够有效提高异构传感器网络部署中的覆盖率，优化节点分布均匀度将近8.7，尤其在大型传感器网络的节点部署中具有极强实用性。     

Distributed differential space-time coding for asynchronous two-way relaying networks with Nakagami-m fading

A signal detection scheme was proposed for two-way relaying networks (TWRNs) using distributed differential space-time coding (DDSTC) under imperfect synchronization. Unlike most existing work perfect with synchronization assumed, a relative delay between the signals transmitted from both sources to the relay was considered. Since perfect channel state information (CSI) is difficult to be acquired in fast fading, the scenarios and computation complexity will be increased especially when there appear multiple relays, CSI is assumed unavailable at all nodes. Therefore, the article proposes a differential signal detection scheme based on estimating and cancelling the imperfect synchronization component in the received signal at the two source nodes, followed by a least square (LS) decoder. Simulations, using the Nakagami-m fading channel due to its versatile statistical distribution property, show that the proposed scheme for both source nodes are effective in suppressing the inter-symbol interference (ISI) caused by imperfect synchronization while neither the source nodes nor the relay nodes have any knowledge of CSI.     

Bounds for Key Distribution Patterns

This paper is concerned with the problem of distributing pieces of information to nodes in a network in such a way that any pair of nodes can compute a secure common key but the amount of information stored at each node is small. It has been proposed that a special type of finite incidence structure, called a key distribution pattern (KDP) , might provide a good solution to this problem. We give various lower bounds on the information storage of KDPs. Our main result shows that in general KDP schemes necessarily have greater information storage at the nodes than the minimum possible. This minimum is achieved by a scheme not based on KDPs. Received 29 January 1996 and revised 12 September 1997     

Localization algorithm based on minimum condition number for wireless sensor networks

During range-based self-localization of Wireless Sensor Network (WSN) nodes, the number and placement methods of beacon nodes have a great influence on the accuracy of localization. This paper proves a theorem which describes the relationship between the placement of beacon nodes and whether the node can be located in 3D indoor environment. In fact, as the highest locating accuracy can be acquired when the beacon nodes form one or more equilateral triangles in 2D plane, we generalizes this conclusion to 3D space, and proposes a beacon nodes selection algorithm based on the minimum condition number to get the higher locating accuracy, which can minimize the influence of distance measurement error. Simulation results show that the algorithm is effective and feasible.     

Analysis and evaluation of Secos, a protocol for energy efficient and secure communication in sensor networks

Wireless sensor networks are increasingly being used in applications where the communication between nodes needs to be protected from eavesdropping and tampering. Such protection is typically provided using techniques from symmetric key cryptography. The protocols in this domain suffer from one or more of the following problems—weak security guarantees if some nodes are compromised, lack of scalability, high energy overhead for key management, and increased end-to-end data latency. In this paper, we propose a protocol called Secos that mitigates these problems in static sensor networks. Secos divides the sensor field into control groups each with a control node. Data exchange between nodes within a control group happens through the mediation of the control head which provides the common key. The keys are refreshed periodically and the control nodes are changed periodically to enhance security. Secos enhances the survivability of the network by handling compromise and failures of control nodes. It provides the guarantee that the communication between any two sensor nodes remains secure despite the compromise of any number of other nodes in the network. The experiments based on a simulation model show a seven time reduction in energy overhead and a 50% reduction in latency compared to SPINS, which is one of the state-of-the-art protocols for key management in sensor networks.     

Some analytical tools for the global performance evaluation of packet switching networks based on virtual paths

We present a simple model for the global performance evaluation of a packet switching network. Through a detailed analytical treatment, a set of formulae is derived which allow a compact and reliable evaluation of the most significant statistical properties of the network, such as the arrival probabilities, the queue states distribution and the mean utilizations of the links. Starting from the knowledge of these quantities, the network can be characterized also taking into account the mutual interaction between different nodes. An example is given with reference to a mesh-connected structure.     

Reliable and efficient forwarding in ad hoc networks

This paper focuses on packet forwarding in ad hoc networks and proposes a new approach to improve performance of nodes communication. In particular, we present a lightweight mechanism for REliable and Efficient Forwarding (REEF), which mitigates the effects of adverse situations caused by cooperation misbehavior or network fault conditions. It exploits nodes’ local knowledge to estimates route reliability, and multi-path routing to forward packets on the most reliable route. REEF becomes also a security mechanism in case of a security association established between the communication parties. This additional feature makes the mechanism robust, guaranteeing trustworthiness of the reliability estimator and security of data transmission.A new approach to cooperation enforcing is also proposed. The classical method denies service to misbehaving nodes by, for example, not serving their forwarding requests. We approach the problem less drastically, differentiating the quality of service provided to nodes according to their behavior. In other words, traffic of misbehaving nodes will flow through the network slower than that one of reliable nodes.     

LAKER: learning from past actions to guide future behaviors in ad hoc routing

In this paper, we present a location aided knowledge extraction routing (LAKER) protocol for mobile ad hoc networks (MANETs). The novelty of LAKER is that it learns from past actions to guide future behaviors. In particular, LAKER can gradually discover current topological characteristics of the network, such as population density distribution, residual battery map, and traffic load status. This knowledge can be organized in the form of a set of guiding routes, each of which consists of a chain of guiding positions between a pair of source and destination locations. The guiding route information is learned by individual nodes during route discovery phase, and it can be used to guide future route discovery processes in a more efficient manner. LAKER is especially suitable for mobility models where nodes are not uniformly distributed. LAKER can exploit topological characteristics in these models and limit the search space in route discovery processes in a more refined granularity than location aided routing (LAR) protocol. Simulation results show that LAKER outperforms LAR and DSR in term of routing overhead, saving up to 30–45% broadcast routing messages compared to LAR approach. Copyright © 2006 John Wiley & Sons, Ltd.     

多用户网络环境下量子密码术

在传统的点到点之间进行量子密钥分发协议的基础上,利用量子存储技术和EPR粒子纠缠态互换的方法,提出了在多用户、多控制中心、远距离的网络环境下进行量子密钥传送的方案。与传统的点与点之间的量子密钥传送协议类似,其安全性也是建立在量子力学原理上,任何窃听者的存在必将使生成密钥的误码率上升而被合法通信用户发现。