共查询到18条相似文献,搜索用时 93 毫秒
1.
提出了一种安全透明的传感器网络数据汇聚方案,汇聚节点在不对加密数据进行解密的情况下通过散列函数与异或操作完成数据完整性检查、数据源身份认证、数据汇聚等功能,保证了数据在汇聚及传输过程中的隐私性。与相关数据汇聚方案相比,除了提供密钥安全性,所提方案可有效抵抗主动攻击、节点妥协攻击及DoS攻击等恶意行为,具有高的安全性;同时,方案的汇聚结果提供了数据的全局分布信息。 相似文献
2.
广播认证技术能抵御污染攻击,保障传感器编码网络广播通信安全。但由于网络资源受限,广播认证技术所引入的计算量使得网络又易遭受拒绝服务攻击。为了有效抵御污染攻击与拒绝服务攻击,并兼顾网络安全性与时间延迟,本文以节点遭受污染攻击概率为决策因子,采用博弈论的思想研究广播认证协议。首先考察安全传感器编码网络中中间节点的策略行为,归纳与总结典型的广播认证协议模式;针对广播认证协议模式选择中存在的两次博弈过程,研究先转发策略、先认证策略与先聚合策略,对各策略的博弈成本/收益进行量化;构造广播认证协议二阶段博弈模型,博弈的纳什均衡即为节点应选择的广播认证协议模式。实例分析验证了各策略成本/收益量化及博弈模型的有效性。 相似文献
3.
针对无线传感器网络(WSN)用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。 相似文献
4.
GEAR路由是无线传感器网络中一种高效的位置和能量感知的地理路由协议,在抵御路由攻击方面有较好的特性,但是GEAR路由不能抵御虚假路由、女巫、选择性转发等攻击。针对该问题,提出了一种适合无线传感器网络特征的、基于位置密钥对引导模型的安全GEAR路由协议SGEAR,并对该协议进行了性能分析,分析显示在较小的系统开销下,SGEAR能有效抑制上述攻击及DoS攻击。 相似文献
5.
为了减少传感器节点的资源利用并提高网络的安全性,提出了一种基于信任度的认证方案。该方案在计算节点信任度时引入时间片、安全行动系数和交互频度来计算节点信任度,这样使得自私节点很难伪装成正常节点,信任度与当前节点行为紧密相关,并防止节点通过很少的交易次数来达到较高的信任度,再利用信任度来判断一个节点是否可信,有效地提高了应用的安全性,对恶意节点的攻击起到一定的阻碍作用。然后设计了身份标识、密码、智能卡相结合的认证方案,并且用户在与传感器节点认证之前,网关查询网络中节点的信任度,从而找到可信的节点与用户进行认证,实现可信的传感器节点、网关节点和用户三者之间的交互认证,并且用户能方便地更改密码。安全性分析、性能分析及仿真实验的结果表明,与已提出的认证方案相比,该方案能够抵制重放攻击、内部攻击、伪装攻击等,同时计算花费少,适合于对安全性和性能有要求的无线传感器网络。本文网络版地址:http://www.eepw.com.cn/article/276364.htm 相似文献
6.
7.
8.
9.
在无线传感器网络的应用中,维护网络的可用性是尤为重要的。拒绝服务的攻击(Denial-of-service,DoS) 就是要降低甚至摧毁整个网络的功能,让网络彻底不可用。鉴于传感器节点自身资源的限制,必须要采取一些恰当的安全机制来预防拒绝服务的攻击。文章从传感器网络各层所遭受的各种常见的拒绝服务攻击出发,探讨传感器节点应对DoS 攻击的策略与方法。 相似文献
10.
泛在网络是标准的异质异构网络,保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析,指出该协议有着高认证时延,且面临着用户身份泄露、中间人攻击、DoS攻击等安全威胁,此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证,使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞,该文提出一种改进的安全认证协议,将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善,为用户和接入点的身份信息提供有效性保护,避免主会话密钥泄露,采用椭圆曲线Diffie Hellman算法生成对称密钥,在每次认证会话时生成随机的共享密钥,并实现用户终端与家乡域网络的相互认证。通过开展实验,对协议进行比较分析,验证了新协议的有效性及高效率。 相似文献
11.
Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC??s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes?? energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first. In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing. Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable. 相似文献
12.
乐光学 《微电子学与计算机》2005,22(7):92-98
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击.使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能。仿真结果表明,本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%。 相似文献
13.
14.
基于Gnutella协议的P2P网络中DoS攻击防御机制 总被引:2,自引:0,他引:2
乐光学 《微电子学与计算机》2005,22(8):26-31,35
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%. 相似文献
15.
In wireless sensor networks (WSNs), broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. In this contribution, we propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4 × 4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7-34.5% less energy and runs about 50% faster than the traditional signature verification method. The efficiency of the proposed technique has been tested through an experimental study on a network of MICAz motes. 相似文献
16.
The quarantine region scheme (QRS) is introduced to defend against spam attacks in wireless sensor networks where malicious antinodes frequently generate dummy spam messages to be relayed toward the sink. The aim of the attacker is the exhaustion of the sensor node batteries and the extra delay caused by processing the spam messages. Network-wide message authentication may solve this problem with a cost of cryptographic operations to be performed over all messages. QRS is designed to reduce this cost by applying authentication only whenever and wherever necessary. In QRS, the nodes that detect a nearby spam attack assume themselves to be in a quarantine region. This detection is performed by intermittent authentication checks. Once quarantined, a node continuously applies authentication measures until the spam attack ceases. In the QRS scheme, there is a trade-off between the resilience against spam attacks and the number of authentications. Our experiments show that, in the worst-case scenario that we considered, a not quarantined node catches 80 percent of the spam messages by authenticating only 50 percent of all messages that it processes. 相似文献
17.
With the help of satellites, the entire surface of the world can be covered, which provides the high speedy communications all over the world. Consequently, security is becoming an important concern in the satellite multicast communications. However, due to the inherent dynamic broadcast nature of the communication medium, this multicast system is easily susceptible to interferences and interceptions. In addition, the satellite system generally has a large number of terminal members with the high frequent join-leave characteristic. Therefore, the satellite systems face significant security challenges. The denial of service (DoS) is one of the most harmful attacks to the satellite systems and also terrestrial fixed or mobile networks. It can maliciously prevent legitimate users from accessing the service. It is especially true for the disassociation DoS attacks where an attacker sends bogus disassociation requests to disable the communication between the server and their legitimate clients. In this paper, the main focus of our work is to detect and defend against the disassociation DoS attacks on the satellite system. We also provide preliminary modeling verifications and simulation results regarding the efficiency and practicability of this new approach. Further analysis of the proposed method is also appended to demonstrate its feasibility. 相似文献
18.
In mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs), it is easy to launch various sophisticated attacks such as wormhole, man-in-the-middle and denial of service (DoS), or to impersonate another node. To combat such attacks from outsider nodes, we study packet authentication in wireless networks and propose a hop-by-hop, efficient authentication protocol, called HEAP. HEAP authenticates packets at every hop by using a modified HMAC-based algorithm along with two keys and drops any packets that originate from outsiders. HEAP can be used with multicast, unicast or broadcast applications. We ran several simulations to compare HEAP with existing authentication schemes, such as TESLA, LHAP and Lu and Pooch’s algorithm. We measured metrics such as latency, throughput, packet delivery ratio, CPU and memory utilization and show that HEAP performs very well compared to other schemes while guarding against outsider attacks. 相似文献
