无线传感器网络密钥种子管理和分配模型及应用

随机密钥种子预分配方案是实现安全的无线传感器网络应用的首选方案,该方案在无线传感器网络节点布置之前建立和分配某种密钥种子信息,在网络节点布置之后利用密钥种子信息建立或发现节点之间安全的通信链路.根据传感器网络的通信保密和节点认证需求,提出了通用密钥种子管理和分配模型(KSMA).该模型可用于预分配方案的安全分析,描述了预分配方案的5个安全属性.在KSMA模型中,基于单向累加器,定义了一类新的密钥种子结构,提出了新的密钥种子预分配方案和节点秘密共享发现协议,并在UC(universally composable)安全框架中对新的秘密共享发现协议进行了可证明安全分析.在新方案中说明了如何设定密钥池参数和节点密钥链参数的方法,该方法不仅保证了高概率的安全链路建立,而且可以通过节点身份证人确认机制实现节点之间身份认证,有效地防御传感器网络Sybil攻击.通过与其他方案的分析对比,新方案改善了网络安全弹性、综合性能良好.

A General Key Seed Management and Assignment Model for Wireless Sensor Networks and Application

To achieve security in distributed wireless sensor networks,one of the most promising approaches is the so-called random pre-distribution of key seeds.Pair-wise secure communication channels between nodes were established or discovered by using key seeds information that were constructed and pre-distribution to each node in distributed wireless sensor networks.A general key seeds management and assignment(KSMA) model is proposed,which is used to study the security of key pre-distribution schemes with five attributes for requirement of confidentiality and authentication.New key pre-distribution schemes based on new types of key seed are constructed within the framework of one-way accumulators,and new shared-key discovery protocols are presented.The discovery protocols are provably secure against the active adversaries in universally composable model.It is also shown how to set the parameters(pool and key-ring size) in such a way that the network is not only connected with high probability via secure links, but also new schemes are against Sybil attacks by using identity witness validated technique and achieving node-to-node identity authentication.New key pre-distribution scheme improves the resilience of the network compared with previous schemes,and an analysis of the scheme is given in terms of network resilience and associated overhead.