无线传感网络复制节点检测方法研究
|
摘要
在无线传感网络中,传感节点具有体积小、隐蔽性强等特点,因此复制节点攻击成为传感网络中一种非常有效的内部攻击手段。目前对复制节点的检测是传感网络的一个研究热点,但是大部分方案都是基于分布式的且需要对传感网络进行周期性的监控,网络开销较大且容易暴露传感节点的位置。因此,在设计传感网络的安全问题上,抵抗复制节点攻击是非常重要的,它具有重要的理论意义和应用价值。
本论文通过对无线传感网络复制节点攻击的分析,分别对基于分布式结构和基于分簇结构的传感网络复制节点检测方法进行了研究,具体工作如下:
(1)分析了伏飞等人提出的复制节点检测方案,指出了该方案中存在的时间同步问题,计算开销大以及检测率低等安全缺陷,提出了一个新的适用于分布式传感网络的复制节点检测方案。该方案使用一个二元对称多项式来生成节点间的共享密钥,而且针对网络中的每个传感节点,都定义了一个有效区域。该方案通过节点传播时间的差异来检测有效区域内的复制节点,通过节点的位置信息来阻止有效区域外的复制节点加入,不仅提高了检测率,而且克服了伏飞等人方案的时间同步等问题,节省了计算开销。
(2)针对伏飞等人提出的方案以及本文提出的分布式方案中消息在转发过程中需要不断加密解密的问题,提出了一个基于分簇的复制节点检测方案。簇头通过认证声明和邻居证据来检测复制节点,不需要对消息进行重复的加密解密操作。另外,该方案使用了一个三元对称多项式来生成节点和簇头之间的共享密钥,减少了计算和存储开销。
(3)利用仿真软件NS2模拟了复制节点检测的过程,通过设定不同的模拟场景,分别在复制节点随机加入网络和随机加入有效区域两种情况下,对不同复制节点数的情况做了测试。比较了本文提出的分布式方案、分簇方案以及伏飞等人方案的复制节点检测概率,本文提出的方案比伏飞等人提出的方案的检测概率要高。
In wireless sensor networks, sensor node is very small and hidden, so nodereplication attack become a very effective internal attack. Currently, more and morepeople begin to research node replication attack, but most schemes are based ondistributed and need to monitor sensor networks periodically. These schemes needconsume a large communication and storage overhead and are likely to expose thelocation of the sensor nodes. Therefore, node replication attack have very broadapplication prospects and research significance.
The dissertation mainly focuses on the replication detection procedure of wirelesssensor networks, the contributions of the dissertation are outlined as follows:
(1)Analysing the replication detection scheme that Fu et al proposed, pointingout that the time synchronization problem, the larger computation overhead and thelower detection probability etc. in the scheme, proposing a new replication detectionscheme for distributed sensor network. The scheme uses a t-degree binary symmetricpolynomial to generate the shared key between nodes and defines a effective rang foreach sensor node. When replica nodes are deployed in effective range, we could detectthe replica nodes based on travel-time. When replica nodes are deployed innon-effective range, we could detect the replica nodes based on location information ofnodes. This scheme not only can improve detection probability, but also solve timesynchronization problem and have low computation overhead.
(2)Proposing a replication detection scheme based on cluster-based structure tosolve the drawback of constantly encrypting and decrypting the forward message in Fuet al scheme and distribution scheme of this article. The scheme need not to constantlyencrypt and decrypt the forward message because the cluster heads employs theauthenticated claim and neighbor proof to detect replica nodes. Besides, The schemeuses a t-degree tri-variable symmetric polynomial to generate the shared key in orderto reduce computation and storage overhead.
(3)Simulating the process of replication detection for wireless sensor networks based on the use of network simulation software, NS2. By setting the differentsimulation scene, we get the detection probability of the replica nodes are deployed inthe effective range and in the non-effective range. Comparing the detection probabilityof the three schemes, we find the detection probabilityf of our scheme is higher.
本论文通过对无线传感网络复制节点攻击的分析,分别对基于分布式结构和基于分簇结构的传感网络复制节点检测方法进行了研究,具体工作如下:
(1)分析了伏飞等人提出的复制节点检测方案,指出了该方案中存在的时间同步问题,计算开销大以及检测率低等安全缺陷,提出了一个新的适用于分布式传感网络的复制节点检测方案。该方案使用一个二元对称多项式来生成节点间的共享密钥,而且针对网络中的每个传感节点,都定义了一个有效区域。该方案通过节点传播时间的差异来检测有效区域内的复制节点,通过节点的位置信息来阻止有效区域外的复制节点加入,不仅提高了检测率,而且克服了伏飞等人方案的时间同步等问题,节省了计算开销。
(2)针对伏飞等人提出的方案以及本文提出的分布式方案中消息在转发过程中需要不断加密解密的问题,提出了一个基于分簇的复制节点检测方案。簇头通过认证声明和邻居证据来检测复制节点,不需要对消息进行重复的加密解密操作。另外,该方案使用了一个三元对称多项式来生成节点和簇头之间的共享密钥,减少了计算和存储开销。
(3)利用仿真软件NS2模拟了复制节点检测的过程,通过设定不同的模拟场景,分别在复制节点随机加入网络和随机加入有效区域两种情况下,对不同复制节点数的情况做了测试。比较了本文提出的分布式方案、分簇方案以及伏飞等人方案的复制节点检测概率,本文提出的方案比伏飞等人提出的方案的检测概率要高。
In wireless sensor networks, sensor node is very small and hidden, so nodereplication attack become a very effective internal attack. Currently, more and morepeople begin to research node replication attack, but most schemes are based ondistributed and need to monitor sensor networks periodically. These schemes needconsume a large communication and storage overhead and are likely to expose thelocation of the sensor nodes. Therefore, node replication attack have very broadapplication prospects and research significance.
The dissertation mainly focuses on the replication detection procedure of wirelesssensor networks, the contributions of the dissertation are outlined as follows:
(1)Analysing the replication detection scheme that Fu et al proposed, pointingout that the time synchronization problem, the larger computation overhead and thelower detection probability etc. in the scheme, proposing a new replication detectionscheme for distributed sensor network. The scheme uses a t-degree binary symmetricpolynomial to generate the shared key between nodes and defines a effective rang foreach sensor node. When replica nodes are deployed in effective range, we could detectthe replica nodes based on travel-time. When replica nodes are deployed innon-effective range, we could detect the replica nodes based on location information ofnodes. This scheme not only can improve detection probability, but also solve timesynchronization problem and have low computation overhead.
(2)Proposing a replication detection scheme based on cluster-based structure tosolve the drawback of constantly encrypting and decrypting the forward message in Fuet al scheme and distribution scheme of this article. The scheme need not to constantlyencrypt and decrypt the forward message because the cluster heads employs theauthenticated claim and neighbor proof to detect replica nodes. Besides, The schemeuses a t-degree tri-variable symmetric polynomial to generate the shared key in orderto reduce computation and storage overhead.
(3)Simulating the process of replication detection for wireless sensor networks based on the use of network simulation software, NS2. By setting the differentsimulation scene, we get the detection probability of the replica nodes are deployed inthe effective range and in the non-effective range. Comparing the detection probabilityof the three schemes, we find the detection probabilityf of our scheme is higher.
引文
[1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci. A survey on sensornetworks. IEEE Communications Magazine,2002,40(8):102-114.
[2] J.R.Douceur, The Sybil Attack. In: Proc. of First International workshop onPeer-to-peer systems.2002,2429:251-260.
[3] C.Karlof, D.Wagner. Secure routing in wireless sensor networks: Attacks andcountermeasures. Elsevier’s AdHoc Networks Journal, Special Issue on SensorNetwork Applications and Protocols.2003,1(2):293-315.
[4] J.Newsome, E.Shi, D.Song, A.Perrig. The Sybil Attack in Sensor NetworksAnalysis&Defenses. In:Proc.of Third Intl.Symposium on Information Processingin Sensor Net-works.2004:259-268.
[5] V.Manjula, Dr.C.Chellappan. The Replication Attack in wireless Sensor Networks:Analysis and Defenses. Communications in Computer and Information Science.Berlin: Springer-Verlag,2012:169-178.
[6] Parno B, Perrig A, Gligor V. Distributed Detection of Node Replication Attacks inSensor Networks[J]. IEEE Symposium on Security and Privacy,2005:49-63.
[7] Ho J, Liu Donggang, Wright M et al. Distributed detection of replica node attackswith group deployment knowledge in wireless sensor networks[C]//Privacy andSecurity in Wireless Sensor and Ad Hoc Networks. Elsevier B.V,2009,7(8):1476-1488.
[8] Zhu B, Addada VGK, Setia S, Jajodia S, Roy S. Efficient distributed detection ofnode replication attacks in sensor networks. In: Proceedings of the23rd annualcomputer security applications conference.2007:257–267.
[9] Conti M, Di Pietro R, Mancini LV, Mei A. A randomized, efficient, distributedprotocol for the detection of node replication attacks in wireless sensor network. In:Proceedings of the8th ACM international symposium on mobile Ad Hocnetworking and computing.2007:80–89.
[10]Zhang M, Khanapure V, Chen S, Xiao X. Memory efficient protocols for detectingnode replication attacks in wireless sensor networks. In: Proceedings of the17thIEEE international conference on network protocols.2009:284–293.
[11]Mauro Conti, Luigi Vincenzo Mancini, Alessandro Mei. Distributed Detection ofClone Attacks in Wireless Sensor Networks. IEEE Transactions on Dependableand Secure Computing.2011.
[12]J Hwang, T He, Y Kim. Detecting phanton nodes in wireless sensor networks.Anchorage, Alaska, USA: IEEE.2007.2391-2395.
[13]Choi H, Zhu Sencun, La Porta TF. SET: Detecting node clones in SensorNetworks[J]. The Third International Conference on Security and Privacy inCommunication Networks,2007:341-350.
[14]Bekara C, Laurent-Maknavicius M. A new protocol for securing wireless sensornetworks against nodes replication attacks. In: Proceedings of the3rd IEEEinternational conference on wireless and mobile computing, networking andcommunications.2007.
[15]Znaidi W, Minier M, Ubeda S. Hierarchical node replication attacks detection inwireless sensors networks. In: Proceedings of the20th IEEE internationalsymposium on personal, indoor and mobile radio communications.2009:82–86.
[16]Ho J, Liu Donggang, Wright M et al. Distributed detection of replica node attackswith group deployment knowledge in wireless sensor networks[C]//Privacy andSecurity in Wireless Sensor and Ad Hoc Networks. Elsevier B.V,2009,7(8):1476-1488.
[17]Xing K, Liu F, Cheng X, Du DHC. Real-time detection of clone attacks in wirelesssensor networks. In: Proceedings of the28th international conference ondistributed computing systems.2008:3–10.
[18]伏飞,齐望东.实现位置及时间绑定的密钥分发——防御传感器网络节点复制攻击的新方法[A].通信学报,2010,4(31):16-25.
[19]林雅榕.基于散列算法的认证协议的研究.合肥工业大学硕士学位论文.2005.
[20]Liu Donggang, Ning Peng, Li Rongfang. Establishing pairwise keys in distributedsensor networks[J]. ACM Transactions on Information and System Security,2005,8(1):52-61.
[21]张先红.数字签名原理及技术.北京:机械工业出版社,2004.
[22]Rivest R. The MD5Message digest algorithm. Request for Comments:1321MITLaboratory for Computer Science and RSA Data Security, Inc. Network WorkingGroup R.Rivest, April1992.
[23]NIST. Secure Hash Standard. FIPS PUB180-l,1995U.S.Department ofCommerce.
[24]Bosselacrs A, Dobbertin H, Preneel B. The new eryptographic hash functionRIPEMD160. Dr.Dobbs,1997,22(l):24-28.
[25]Liu Donggang, Ning Peng, Li Rongfang. Establishing pairwise keys in distributedsensor networks[J]. ACM Transactions on Information and System Security,2005,8(1):52-61.
[26]周荣华.散列函数密码分析的研究.华中科技大学硕士学位论文.2006.
[27]Blundo C, De Santis A, Herzberg A et al. Perfectly-Secure Key Distribution forDynamic Conferences[C]. Advances in Cryptology-Crypto’92. Berlin:Springer-Verlag,1992:471–486.
[28]M. Bechler, H.J. Hof, D. Kraft, F. P hlke, L.Wolf. A Cluster-Based SecurityArchitecture for Ad Hoc Networks. Twenty-third AnnualJoint Conference of theIEEE computer and Communications Societies. vol.4,2004,pp.2393–2403.
[29]李冰. Ad Hoc无线网络组密钥管理技术的仿真研究.北京邮电大学硕士论文.2007,03:23-24.
[30]NS-2[EB/OL].[2011-03-10]. http://nsnam.isi.edu/nsnam/index.php/Main_Page.
[2] J.R.Douceur, The Sybil Attack. In: Proc. of First International workshop onPeer-to-peer systems.2002,2429:251-260.
[3] C.Karlof, D.Wagner. Secure routing in wireless sensor networks: Attacks andcountermeasures. Elsevier’s AdHoc Networks Journal, Special Issue on SensorNetwork Applications and Protocols.2003,1(2):293-315.
[4] J.Newsome, E.Shi, D.Song, A.Perrig. The Sybil Attack in Sensor NetworksAnalysis&Defenses. In:Proc.of Third Intl.Symposium on Information Processingin Sensor Net-works.2004:259-268.
[5] V.Manjula, Dr.C.Chellappan. The Replication Attack in wireless Sensor Networks:Analysis and Defenses. Communications in Computer and Information Science.Berlin: Springer-Verlag,2012:169-178.
[6] Parno B, Perrig A, Gligor V. Distributed Detection of Node Replication Attacks inSensor Networks[J]. IEEE Symposium on Security and Privacy,2005:49-63.
[7] Ho J, Liu Donggang, Wright M et al. Distributed detection of replica node attackswith group deployment knowledge in wireless sensor networks[C]//Privacy andSecurity in Wireless Sensor and Ad Hoc Networks. Elsevier B.V,2009,7(8):1476-1488.
[8] Zhu B, Addada VGK, Setia S, Jajodia S, Roy S. Efficient distributed detection ofnode replication attacks in sensor networks. In: Proceedings of the23rd annualcomputer security applications conference.2007:257–267.
[9] Conti M, Di Pietro R, Mancini LV, Mei A. A randomized, efficient, distributedprotocol for the detection of node replication attacks in wireless sensor network. In:Proceedings of the8th ACM international symposium on mobile Ad Hocnetworking and computing.2007:80–89.
[10]Zhang M, Khanapure V, Chen S, Xiao X. Memory efficient protocols for detectingnode replication attacks in wireless sensor networks. In: Proceedings of the17thIEEE international conference on network protocols.2009:284–293.
[11]Mauro Conti, Luigi Vincenzo Mancini, Alessandro Mei. Distributed Detection ofClone Attacks in Wireless Sensor Networks. IEEE Transactions on Dependableand Secure Computing.2011.
[12]J Hwang, T He, Y Kim. Detecting phanton nodes in wireless sensor networks.Anchorage, Alaska, USA: IEEE.2007.2391-2395.
[13]Choi H, Zhu Sencun, La Porta TF. SET: Detecting node clones in SensorNetworks[J]. The Third International Conference on Security and Privacy inCommunication Networks,2007:341-350.
[14]Bekara C, Laurent-Maknavicius M. A new protocol for securing wireless sensornetworks against nodes replication attacks. In: Proceedings of the3rd IEEEinternational conference on wireless and mobile computing, networking andcommunications.2007.
[15]Znaidi W, Minier M, Ubeda S. Hierarchical node replication attacks detection inwireless sensors networks. In: Proceedings of the20th IEEE internationalsymposium on personal, indoor and mobile radio communications.2009:82–86.
[16]Ho J, Liu Donggang, Wright M et al. Distributed detection of replica node attackswith group deployment knowledge in wireless sensor networks[C]//Privacy andSecurity in Wireless Sensor and Ad Hoc Networks. Elsevier B.V,2009,7(8):1476-1488.
[17]Xing K, Liu F, Cheng X, Du DHC. Real-time detection of clone attacks in wirelesssensor networks. In: Proceedings of the28th international conference ondistributed computing systems.2008:3–10.
[18]伏飞,齐望东.实现位置及时间绑定的密钥分发——防御传感器网络节点复制攻击的新方法[A].通信学报,2010,4(31):16-25.
[19]林雅榕.基于散列算法的认证协议的研究.合肥工业大学硕士学位论文.2005.
[20]Liu Donggang, Ning Peng, Li Rongfang. Establishing pairwise keys in distributedsensor networks[J]. ACM Transactions on Information and System Security,2005,8(1):52-61.
[21]张先红.数字签名原理及技术.北京:机械工业出版社,2004.
[22]Rivest R. The MD5Message digest algorithm. Request for Comments:1321MITLaboratory for Computer Science and RSA Data Security, Inc. Network WorkingGroup R.Rivest, April1992.
[23]NIST. Secure Hash Standard. FIPS PUB180-l,1995U.S.Department ofCommerce.
[24]Bosselacrs A, Dobbertin H, Preneel B. The new eryptographic hash functionRIPEMD160. Dr.Dobbs,1997,22(l):24-28.
[25]Liu Donggang, Ning Peng, Li Rongfang. Establishing pairwise keys in distributedsensor networks[J]. ACM Transactions on Information and System Security,2005,8(1):52-61.
[26]周荣华.散列函数密码分析的研究.华中科技大学硕士学位论文.2006.
[27]Blundo C, De Santis A, Herzberg A et al. Perfectly-Secure Key Distribution forDynamic Conferences[C]. Advances in Cryptology-Crypto’92. Berlin:Springer-Verlag,1992:471–486.
[28]M. Bechler, H.J. Hof, D. Kraft, F. P hlke, L.Wolf. A Cluster-Based SecurityArchitecture for Ad Hoc Networks. Twenty-third AnnualJoint Conference of theIEEE computer and Communications Societies. vol.4,2004,pp.2393–2403.
[29]李冰. Ad Hoc无线网络组密钥管理技术的仿真研究.北京邮电大学硕士论文.2007,03:23-24.
[30]NS-2[EB/OL].[2011-03-10]. http://nsnam.isi.edu/nsnam/index.php/Main_Page.