无线传感器网络安全研究
摘要
无线传感器网络是一种全新的信息获取、处理和传输技术,通常包含大量的自组织成多跳无线网络的分布式传感器节点。由于无线传感器网络具有组网快捷、灵活,不受有线网络约束的优点,可广泛用于紧急搜索、灾难救助、军事、医疗等环境中,因而具有广泛的应用前景。无线传感器网络作为现代通信技术中一个新的研究领域,引起了学术界和工业界的高度重视。多家科学和商业杂志将无线传感器网络技术评为21世纪深刻改变人类生活的十大技术之一。无线传感器网络将是沟通物理世界和数字世界的一个桥梁。
由于无线传感器网络一般配置在恶劣环境、无人区域或敌方阵地中,加之无线传感器网络本身固有的限制,因而网络安全引起了人们的极大关注,这也给研究人员和工程技术人员提出了大量具有挑战性的研究课题。在传感器节点计算速度、电源能量、通信能力和存储空间非常有限的情况下,传统的安全机制不适合运用于无线传感器网络中。无线传感器网络安全通信信协议的研究成果近几年才陆续出现。安全方案还处于理论研究阶段,距离实际应用和形成普遍接受的标准还相差甚远。
本文深入地研究了无线传感器网络常见的攻击方式及防御手段和现有的安全算法。并在此基础上,提出了一种新的无线传感器网络安全方案,并对该方案进行了性能、安全、连通性和抗俘获分析。该算法主要在两个方面改进了安全方案的性能:一是设计了簇密钥以支持安全网内处理,为数据融合,冗余删除和被动加入提供了安全保障,提高了无线传感器网络在安全模式下的工作效率和网络的生命周期。二是应用概率性冗余路径传输,随机的增加返回给数据处理中心的信息副本数量,供数据处理中心进行比较分析,以识别恶意节点。
在实用化的安全方案研究方面,在实际的原型实验平台上实现了基于对称密钥算法的安全管理方案,做出了实现安全系统的初步探索,奠定了进一步研究的良好基础。文章的最后对全文做了总结并对将来的研究方向做出了展望。
Wireless Sensor network (WSN) is a novel technology about acquiring and processing information , which is made by the convergence of sensor intercommunicated via wireless radio and can be defined as an autonomous, ad hoc system. Typically, these nodes coordinate to perform a common task. WSN takes on widespread application foreground and becomes a new research area of modern corresponds technology. Both academia and industries are very interested in it. Many scientific magazines and business magazines have selected the WSN as the one of the greatest technologies which will greatly change human society in the 21 st century. WSN will be the bridge between physical world and the digital world.
Wireless sensor network is commonly deployed in harsh, unattended or even hostile environment, together with the intrinsic limitation of wireless sensor network. So people pay attention to the security of the network. And it also put forward a great deal of challenging subjects to the researchers and engineers. Because of the limit of the computing speed, energy, communicating ability and storage of the sensors, the traditional security mechanisms are not suitable for wireless sensor network. The research fruits of the security protocol for wireless sensor network in succession in recent years and the security proposals are still at theoretic research stage that is far from the practical application and the standard which is widely accepted.
This thesis discussed in depth study of wireless sensor networks common attacks and corresponding defenses methods and the existing security algorithms. Based on these, a new wireless sensor network security algorithm was presented and the analysis for the performance, security, connectivity and anti-capture was discrssed. It improved existing security algorithms: firstly, it designed cluster key to support secure in-network processing including aggregation and duplicate elimination and passive participation. By this way, the efficiency and the life time of the secure network were improved. Secondly, it used .random probability multi-path to increase copies of information to data processing centers to identify the malicious node.
After that, we implemented algorithm on our test-beds. Finally, we sum up this thesis and the directions of research in this area are introduced.
由于无线传感器网络一般配置在恶劣环境、无人区域或敌方阵地中,加之无线传感器网络本身固有的限制,因而网络安全引起了人们的极大关注,这也给研究人员和工程技术人员提出了大量具有挑战性的研究课题。在传感器节点计算速度、电源能量、通信能力和存储空间非常有限的情况下,传统的安全机制不适合运用于无线传感器网络中。无线传感器网络安全通信信协议的研究成果近几年才陆续出现。安全方案还处于理论研究阶段,距离实际应用和形成普遍接受的标准还相差甚远。
本文深入地研究了无线传感器网络常见的攻击方式及防御手段和现有的安全算法。并在此基础上,提出了一种新的无线传感器网络安全方案,并对该方案进行了性能、安全、连通性和抗俘获分析。该算法主要在两个方面改进了安全方案的性能:一是设计了簇密钥以支持安全网内处理,为数据融合,冗余删除和被动加入提供了安全保障,提高了无线传感器网络在安全模式下的工作效率和网络的生命周期。二是应用概率性冗余路径传输,随机的增加返回给数据处理中心的信息副本数量,供数据处理中心进行比较分析,以识别恶意节点。
在实用化的安全方案研究方面,在实际的原型实验平台上实现了基于对称密钥算法的安全管理方案,做出了实现安全系统的初步探索,奠定了进一步研究的良好基础。文章的最后对全文做了总结并对将来的研究方向做出了展望。
Wireless Sensor network (WSN) is a novel technology about acquiring and processing information , which is made by the convergence of sensor intercommunicated via wireless radio and can be defined as an autonomous, ad hoc system. Typically, these nodes coordinate to perform a common task. WSN takes on widespread application foreground and becomes a new research area of modern corresponds technology. Both academia and industries are very interested in it. Many scientific magazines and business magazines have selected the WSN as the one of the greatest technologies which will greatly change human society in the 21 st century. WSN will be the bridge between physical world and the digital world.
Wireless sensor network is commonly deployed in harsh, unattended or even hostile environment, together with the intrinsic limitation of wireless sensor network. So people pay attention to the security of the network. And it also put forward a great deal of challenging subjects to the researchers and engineers. Because of the limit of the computing speed, energy, communicating ability and storage of the sensors, the traditional security mechanisms are not suitable for wireless sensor network. The research fruits of the security protocol for wireless sensor network in succession in recent years and the security proposals are still at theoretic research stage that is far from the practical application and the standard which is widely accepted.
This thesis discussed in depth study of wireless sensor networks common attacks and corresponding defenses methods and the existing security algorithms. Based on these, a new wireless sensor network security algorithm was presented and the analysis for the performance, security, connectivity and anti-capture was discrssed. It improved existing security algorithms: firstly, it designed cluster key to support secure in-network processing including aggregation and duplicate elimination and passive participation. By this way, the efficiency and the life time of the secure network were improved. Secondly, it used .random probability multi-path to increase copies of information to data processing centers to identify the malicious node.
After that, we implemented algorithm on our test-beds. Finally, we sum up this thesis and the directions of research in this area are introduced.
引文
[1] 孙利民,李建中、陈渝,朱红松.无线传感器网络.北京:清华大学出版社,2005年5月
[2] 任丰原,黄海宁,林闯。无线传感器网络.软件学报,2003.7,Vol.14(No.2):1148-1157
[3] Jason Lester Hill. System Architecture for Wireless Sensor Networks. Ph. D. thesis, U. C. Berkeley, Spring 2003
[4] Ten emerging technologies that will change the world. Technology Review. Feb.2003,vol.106, no.1, pp.22-49, http://www.technologyreview.com/Infotech/13060/
[5] SensIT.http://www.ece.wisc.edu/~sensit/
[6] J. Beutel, Geolocation in a PicoRadio Environment MS Thesis, ETH Zurich Electronics Laboratory, 1999. 12
[7] irupama Bulusu, John Heidemann and Deborah Estrin. GPS-less Low Cost Outdoor Localization for Very Small Devices. IEEE Personal Communications, 2000.10, Vol.7(5): 28-34
[8] 李建中,李金宝,石胜飞,传感器及其数据管理的概念、问题与进展.软件学报,2003,14(10)
[9] IF Akyildiz, W Su, Y Sankarasubramaniam et al. A survey on sensor networks. IEEE communications, 2002, 40(8): 102~114
[10] Estrin D, Govindan R, Heidemann J, Kumar S. Next century challenges: Scalable coordinate in sensor network. In: Proceedings of the 5th ACM/IEEE International Conference on Mobile Computing and Networking. Seattle: IEEE Computer Society, 1999, 263-270.
[11] Chan H, Perdg A. Security and Privacy in Sensor Networks IEEE Computer, 2003, 36(10): 103~105
[12] Perrig A, Szewczyk R, Wen V, et al. SPINS: security protocols for sensor networks. Journal of Wireless Networks, 2002, 8(5): 521~534
[13] Perrig A, Stankovic J, Wagner D. Security in Wireless Sensor Networks. Communications of the ACM, 2004, 47(6): 53~57
[14] Carman D, Kruus P, Matt B. Constraints and approaches for distributed sensor network security.NAI Labs Technical Report #00-010, September 2000
[15] Wood A, Stankovic J. Denial of Service in sensor networks. IEEE Computer, 2002, 35(10): 54~62
[16] Chris Karlof, David Wagner. Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures The 1st IEEE International Workshop on Sensor Network Protocols and Applications, 2003, (5): 113-127
[17] Douceur J R. The sybil attack. In: Proc. of First International workshop On Peer-to-peer systems(IPTPS'02). Cambridge MA, USA: Springer-Verlag, Volume 2429 of Lecture Notes in computer Science, 2002. 251~260
[18] Newsome J, Shi E, Song D, et al. The Sybil Attack in Sensor Networks Analysis & Defenses. In: Proc. of Third Intl. Symposium on Information Processing in Sensor Networks(IPSN'04). Berkeley, California. USA: ACM Press, April 2004. 259~268
[19] Hu Y C, Perrig A, Johnson DB. Wormhole detection in wireless ad hoc networks: [Technical report TR01-384]. Department of Computer Science. Rice University, June 2002
[20]Kwok J. A Wireless Protocol to Prevent Wormhole Attacks. A Thesis in TCC 402 Pressented to the Faculty of the School of Engineering and Applied Science University of Virginia, March 2004. 1-52.
[21]I F Akyildiz, W Su, et al. Wireless Sensor Networks: A Survey.Computer Networks, 2002, 38: 393-422
[22] Eschenauer L, Gligor V D. A key-management scheme for distributed sensor networks. Washinigton D.C. :ACM Press, Nov. 2002. 41-47
[23] J. Spencer, The Strange Logic of Random Graphs, Algorithms and Combinatorics 22, Springer-Verlag 2000, ISBN 3-540-41654-4.
[24] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. Berkeley, CA: IEEE Computer Society,2003.197-213
[25]Ross Anderson , Adrian Perrig. Key infection:Smart trust for smart dust. Unpublished Manuscript, November 2001.
[26] Jolly G, KUSCU MC, Kokate P, Younis M, et al. A low-energy Key Management Protocol for Wireless Sensor Network. Proc. of the Eighth IEEE Intl. Symposium on computers and communication(ISCC' 03). Turkey: July 2003, 1: 335-340
[27] Perrig A, Szewczyk R, Wen V, et al. SPINS: security protocols for sensor networks. Journal of Wireless Networks, 2002, 8(5): 521-534
[28] Zhu S, Satia S, Jajodia S. LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor networks. Washington: ACM Press, Oct. 2003. 62-72
[29] Liu D, Ning P. Establishing pairwise keys in distributed sensor networks. Washington: ACM Press, Oct. 2003. 52-61
[30] Wadaa A, Olariu s, Wilson L, et al. Scalable Cryptographic Key Management in Wireless Sensor Networks. Tokyo: IEEE Computer Society, March 2004. 796-802
[31] Perrig A, Canetti R, Tygar J D , et al . The TESLA broadcast Authentication Protocol. Cryptobytes, 2002, 5(2): 2-13
[32] A. Wadaa, S. Olariu, L. Wilson, K. Jones, and Q.Xu, "On Training Wireless Sensor Networks," Proc. 3-rd International Workshop on Wireless, Mobile and Ad Hoc Networks, Nice, France, April 2003.
[33] Du w, Deng J, Han Y S, Varshney P. A pairwise Key Pre-distribution Scheme for Wireless Sensor Networks. In: Proc. of the 10~(th) ACM Conf, on Computer and Communications Security (CCs) , Washington: ACM Press, Oct. 2003.1—10
[34] Blom R. An optimal class of symmetric key generation systems. Paris: Springer-Verlag, Volume 209 of Lecture Notes in Computer Science, 1985. 335-338
[35] Blundo C, Santis A D, Herzberg A , Kutten S, Vaccaro U, Yung M . Perfectly-secure key distribution for dynamic conferences. Santa Barbara, California, USA: Springer—Verlag, Volume 740 of Lecture Notes in Computer Science, 1993. 471-486
[36] Du W, Deng J, Han YS, et al. A Key Management Scheme for wireless Sensor Networks Using Deploying Knowledge. Hong Kong: IEEE Computer society. March 2004. 172-183
[37] Liu D, Ning P. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. San Diego, California: Internet Society Press. February 2003. 263-276
[38] Bohge M, Trappe W. An Authentication framework for Hierarchical Ad Hoe Sensor Networks. San diego, California, USA.. ACM Press. Sep. 2003. 79-87
[39] C. Karlof, N. Sastry, and D. Wagner. TinySec: Link layer encryption for tiny devices. In ACM SenSys, Baltimore, Maryland, USA, November 3-5 2004
[40] MICA. http://www.xbow.com
[41] TinyOS.http://www.tinyos.net
[42] Gay D,Levis P, Culler D, Brewer E. nesC1.1 Language Reference Manual, 2003.
[43] RFC2040. http://www.rfc-archive.org/getrfc.php?rfc=2040
[2] 任丰原,黄海宁,林闯。无线传感器网络.软件学报,2003.7,Vol.14(No.2):1148-1157
[3] Jason Lester Hill. System Architecture for Wireless Sensor Networks. Ph. D. thesis, U. C. Berkeley, Spring 2003
[4] Ten emerging technologies that will change the world. Technology Review. Feb.2003,vol.106, no.1, pp.22-49, http://www.technologyreview.com/Infotech/13060/
[5] SensIT.http://www.ece.wisc.edu/~sensit/
[6] J. Beutel, Geolocation in a PicoRadio Environment MS Thesis, ETH Zurich Electronics Laboratory, 1999. 12
[7] irupama Bulusu, John Heidemann and Deborah Estrin. GPS-less Low Cost Outdoor Localization for Very Small Devices. IEEE Personal Communications, 2000.10, Vol.7(5): 28-34
[8] 李建中,李金宝,石胜飞,传感器及其数据管理的概念、问题与进展.软件学报,2003,14(10)
[9] IF Akyildiz, W Su, Y Sankarasubramaniam et al. A survey on sensor networks. IEEE communications, 2002, 40(8): 102~114
[10] Estrin D, Govindan R, Heidemann J, Kumar S. Next century challenges: Scalable coordinate in sensor network. In: Proceedings of the 5th ACM/IEEE International Conference on Mobile Computing and Networking. Seattle: IEEE Computer Society, 1999, 263-270.
[11] Chan H, Perdg A. Security and Privacy in Sensor Networks IEEE Computer, 2003, 36(10): 103~105
[12] Perrig A, Szewczyk R, Wen V, et al. SPINS: security protocols for sensor networks. Journal of Wireless Networks, 2002, 8(5): 521~534
[13] Perrig A, Stankovic J, Wagner D. Security in Wireless Sensor Networks. Communications of the ACM, 2004, 47(6): 53~57
[14] Carman D, Kruus P, Matt B. Constraints and approaches for distributed sensor network security.NAI Labs Technical Report #00-010, September 2000
[15] Wood A, Stankovic J. Denial of Service in sensor networks. IEEE Computer, 2002, 35(10): 54~62
[16] Chris Karlof, David Wagner. Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures The 1st IEEE International Workshop on Sensor Network Protocols and Applications, 2003, (5): 113-127
[17] Douceur J R. The sybil attack. In: Proc. of First International workshop On Peer-to-peer systems(IPTPS'02). Cambridge MA, USA: Springer-Verlag, Volume 2429 of Lecture Notes in computer Science, 2002. 251~260
[18] Newsome J, Shi E, Song D, et al. The Sybil Attack in Sensor Networks Analysis & Defenses. In: Proc. of Third Intl. Symposium on Information Processing in Sensor Networks(IPSN'04). Berkeley, California. USA: ACM Press, April 2004. 259~268
[19] Hu Y C, Perrig A, Johnson DB. Wormhole detection in wireless ad hoc networks: [Technical report TR01-384]. Department of Computer Science. Rice University, June 2002
[20]Kwok J. A Wireless Protocol to Prevent Wormhole Attacks. A Thesis in TCC 402 Pressented to the Faculty of the School of Engineering and Applied Science University of Virginia, March 2004. 1-52.
[21]I F Akyildiz, W Su, et al. Wireless Sensor Networks: A Survey.Computer Networks, 2002, 38: 393-422
[22] Eschenauer L, Gligor V D. A key-management scheme for distributed sensor networks. Washinigton D.C. :ACM Press, Nov. 2002. 41-47
[23] J. Spencer, The Strange Logic of Random Graphs, Algorithms and Combinatorics 22, Springer-Verlag 2000, ISBN 3-540-41654-4.
[24] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. Berkeley, CA: IEEE Computer Society,2003.197-213
[25]Ross Anderson , Adrian Perrig. Key infection:Smart trust for smart dust. Unpublished Manuscript, November 2001.
[26] Jolly G, KUSCU MC, Kokate P, Younis M, et al. A low-energy Key Management Protocol for Wireless Sensor Network. Proc. of the Eighth IEEE Intl. Symposium on computers and communication(ISCC' 03). Turkey: July 2003, 1: 335-340
[27] Perrig A, Szewczyk R, Wen V, et al. SPINS: security protocols for sensor networks. Journal of Wireless Networks, 2002, 8(5): 521-534
[28] Zhu S, Satia S, Jajodia S. LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor networks. Washington: ACM Press, Oct. 2003. 62-72
[29] Liu D, Ning P. Establishing pairwise keys in distributed sensor networks. Washington: ACM Press, Oct. 2003. 52-61
[30] Wadaa A, Olariu s, Wilson L, et al. Scalable Cryptographic Key Management in Wireless Sensor Networks. Tokyo: IEEE Computer Society, March 2004. 796-802
[31] Perrig A, Canetti R, Tygar J D , et al . The TESLA broadcast Authentication Protocol. Cryptobytes, 2002, 5(2): 2-13
[32] A. Wadaa, S. Olariu, L. Wilson, K. Jones, and Q.Xu, "On Training Wireless Sensor Networks," Proc. 3-rd International Workshop on Wireless, Mobile and Ad Hoc Networks, Nice, France, April 2003.
[33] Du w, Deng J, Han Y S, Varshney P. A pairwise Key Pre-distribution Scheme for Wireless Sensor Networks. In: Proc. of the 10~(th) ACM Conf, on Computer and Communications Security (CCs) , Washington: ACM Press, Oct. 2003.1—10
[34] Blom R. An optimal class of symmetric key generation systems. Paris: Springer-Verlag, Volume 209 of Lecture Notes in Computer Science, 1985. 335-338
[35] Blundo C, Santis A D, Herzberg A , Kutten S, Vaccaro U, Yung M . Perfectly-secure key distribution for dynamic conferences. Santa Barbara, California, USA: Springer—Verlag, Volume 740 of Lecture Notes in Computer Science, 1993. 471-486
[36] Du W, Deng J, Han YS, et al. A Key Management Scheme for wireless Sensor Networks Using Deploying Knowledge. Hong Kong: IEEE Computer society. March 2004. 172-183
[37] Liu D, Ning P. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. San Diego, California: Internet Society Press. February 2003. 263-276
[38] Bohge M, Trappe W. An Authentication framework for Hierarchical Ad Hoe Sensor Networks. San diego, California, USA.. ACM Press. Sep. 2003. 79-87
[39] C. Karlof, N. Sastry, and D. Wagner. TinySec: Link layer encryption for tiny devices. In ACM SenSys, Baltimore, Maryland, USA, November 3-5 2004
[40] MICA. http://www.xbow.com
[41] TinyOS.http://www.tinyos.net
[42] Gay D,Levis P, Culler D, Brewer E. nesC1.1 Language Reference Manual, 2003.
[43] RFC2040. http://www.rfc-archive.org/getrfc.php?rfc=2040