分簇无线传感器网络中动态密钥管理方案的研究
|
摘要
无线传感器网络以其低成本、多功能及特殊的应用环境,自问世以来,受到了各领域的广泛关注。它的出现和发展,不仅影响了现代科学技术,同时改变了人们的生活和观念。随着无线传感器网络各项技术和应用条件的日趋成熟,其安全问题也越来越受到人们的重视,而密钥管理方案的研究便是其中一个重要的方面。由于传感器节点自身低功耗、低存储、低计算能力等的限制和网络应用的特殊环境,传统的密钥管理方案无法直接运用到无线传感器网络中。因此,设计出能够满足无线传感器网络各种需求的密钥管理方案,对其进一步的发展有着极为重要而深远的意义。
本文首先介绍了无线传感器网络目前所面临的安全问题及需求,总结了现有的典型无线传感器网络的密钥管理方案,并将这些方案的优缺点及性能进行了讨论分析。然后,根据这些方案的不足,针对无线传感器网络的特性和安全需求,本文提出了一种新的基于分簇的动态密钥管理方案——KMSS方案。该方案结合了分簇网络结构和动态密钥管理的特点,将网络分成若干簇并提供密钥定期更新机制,减小节点各部分的能量消耗,延长网络寿命,同时满足了无线传感器网络的可扩展性。另一方面,本文将网络中的通信密钥分成簇内会话密钥和主密钥两种。普通节点之间的会话密钥通过预置的单向函数来生成,加强了节点的抗俘获性,而簇头节点与基站之间的主密钥则利用门限秘密共享机制,将主密钥分成n个子密钥分发给各个簇头,单个簇头节点的失效只能泄露其子密钥,提高了网络的安全性。最后,经过分析与比较,该方案能够有效地降低节点的计算、存储开销和网络的通信开销,增强抗俘获性,能够抵御外部的各种攻击,也很好地满足了网络的可扩展性要求。最后,在KMSS方案原有的模型上,提出了一种基于椭圆曲线密码体制的密钥管理方案·——KMSE方案,并针对其各方面性能进行了分析。
The technology of wireless sensor networks (WSNs for short) has attracted more and more interests from all over the world because its low cost, multi-function and extensive potential applications. The development of WSN has changed peoples' way of life and conceptions. Since wireless sensor networks are often deployed in hostile environments in many applications, security becomes the critical issue in WSN. Due to the limitation of the sensor nodes, traditional key management schemes are not suitable for it and existing protocols cannot provide sufficient security in many cases and a feasible and efficient key management scheme is an important guarantee for security communication.
This paper first introduces the security problems and requirements faced by WSN nowadays. It also reviews the exit key management schemes for wireless sensor networks, and then analyses and compares the features and merits and faults of these schemes. According to the characteristics and requirements of wireless sensor networks, we propose a novel key management scheme for hierarchical wireless sensor networks -MSS. In this scheme, we combine the clustering structure of WSN with dynamic key management schemes, dividing the whole network into several clusters and providing key update mechanism. In this way, it can reduce the conception of nodes and meet the requirements of dynamic. There are two kinds of keys to encrypt the data. One is the session key shared between sensor nodes, the other is the master key shared between cluster head nodes and the base station. In our scheme, the sensor nodes use the preloaded information to generate the session keys in order to increase the resistance of captured attack. On the other hand, we adopt the main idea of threshold secret sharing scheme to enhance the security of the master key. This scheme divides the master key into several sub keys and each cluster head only keep the sub key, and the compromise of the cluster head won't release the message of the master key. Thus, it can provide strong security and resistance of captured attack. Compared to other key management schemes, our protocol has strong security and resistance of captured attack as well as low computational overhead and storage, and it also can meet the demands of the scalability. In the end, we propose a new key management scheme based ECC-KMSE, which is proposed on the base of KMSS and can provide high security and low conception.
本文首先介绍了无线传感器网络目前所面临的安全问题及需求,总结了现有的典型无线传感器网络的密钥管理方案,并将这些方案的优缺点及性能进行了讨论分析。然后,根据这些方案的不足,针对无线传感器网络的特性和安全需求,本文提出了一种新的基于分簇的动态密钥管理方案——KMSS方案。该方案结合了分簇网络结构和动态密钥管理的特点,将网络分成若干簇并提供密钥定期更新机制,减小节点各部分的能量消耗,延长网络寿命,同时满足了无线传感器网络的可扩展性。另一方面,本文将网络中的通信密钥分成簇内会话密钥和主密钥两种。普通节点之间的会话密钥通过预置的单向函数来生成,加强了节点的抗俘获性,而簇头节点与基站之间的主密钥则利用门限秘密共享机制,将主密钥分成n个子密钥分发给各个簇头,单个簇头节点的失效只能泄露其子密钥,提高了网络的安全性。最后,经过分析与比较,该方案能够有效地降低节点的计算、存储开销和网络的通信开销,增强抗俘获性,能够抵御外部的各种攻击,也很好地满足了网络的可扩展性要求。最后,在KMSS方案原有的模型上,提出了一种基于椭圆曲线密码体制的密钥管理方案·——KMSE方案,并针对其各方面性能进行了分析。
The technology of wireless sensor networks (WSNs for short) has attracted more and more interests from all over the world because its low cost, multi-function and extensive potential applications. The development of WSN has changed peoples' way of life and conceptions. Since wireless sensor networks are often deployed in hostile environments in many applications, security becomes the critical issue in WSN. Due to the limitation of the sensor nodes, traditional key management schemes are not suitable for it and existing protocols cannot provide sufficient security in many cases and a feasible and efficient key management scheme is an important guarantee for security communication.
This paper first introduces the security problems and requirements faced by WSN nowadays. It also reviews the exit key management schemes for wireless sensor networks, and then analyses and compares the features and merits and faults of these schemes. According to the characteristics and requirements of wireless sensor networks, we propose a novel key management scheme for hierarchical wireless sensor networks -MSS. In this scheme, we combine the clustering structure of WSN with dynamic key management schemes, dividing the whole network into several clusters and providing key update mechanism. In this way, it can reduce the conception of nodes and meet the requirements of dynamic. There are two kinds of keys to encrypt the data. One is the session key shared between sensor nodes, the other is the master key shared between cluster head nodes and the base station. In our scheme, the sensor nodes use the preloaded information to generate the session keys in order to increase the resistance of captured attack. On the other hand, we adopt the main idea of threshold secret sharing scheme to enhance the security of the master key. This scheme divides the master key into several sub keys and each cluster head only keep the sub key, and the compromise of the cluster head won't release the message of the master key. Thus, it can provide strong security and resistance of captured attack. Compared to other key management schemes, our protocol has strong security and resistance of captured attack as well as low computational overhead and storage, and it also can meet the demands of the scalability. In the end, we propose a new key management scheme based ECC-KMSE, which is proposed on the base of KMSS and can provide high security and low conception.
引文
[1]Weiser M. The Computer for the Twenty-First Century. Scientific American.1991, Vol.265(3):94-104
[2]Tilak S, AbuGhazaleh N. B, Heinzelman W. A Taxonomy of Wireless Micro-sensor Network Models. Mobile Computing Communication Review,2002, Vol.1(2):1-8
[3]Anderson J. P. Computer Security Threat Monitoring and Surveillance. Technical report, James PAnderson Co. Fort Washington, Pennsylvania,1980
[4]孙利民,李建中,陈渝,朱红松..无线传感器网络.清华出版社.2005
[5]于海斌,曾鹏,林闯.智能无线传感器网络系统.科学出版社.2006
[6]任丰源,黄海宁,林闯.无线传感器网络.软件学报,2003,Vol.14(7):1282-1291
[7]Akyildiz I. F, Su W, Sankaraubramaniam Y and Cayirci E. A survey on sensor networks[J]. In IEEE Communications Magazine, Vol.40(8), August 2002,102-114
[8]苏忠,林闯,封富君,任丰原.无线传感器网络密钥管理的方案和协议.软件学报,2007,Vol.18(5):1218-1220
[9]英春,史美林.自组网体系结构研究.通信学报,1999,20(9)
[10]Estrin D, Govindan R, Heideman J, et al. Next century challenges:Scalable coordinate in sensor network. In:Proceedings of the 5th ACM/IEEE International Conference on Mobile Computing and Networking. Seattle,1999,263-270
[11]Steere P, Baptista A, Mcnamee D, et al. Research challenges in environmental observation an forecasting systems, proc,6 ACM/IEEE MobiCOM,2000:292-299
[12]Schwiebert L, GuptA S. K. S, Weinmann J, et al. Research challenges in wireless networks of biomedical sensors. MobiCOM'01,2001:151-165
[14]Essa I. A. Ubiquitous sensing for smart and aware environments. IEEE Personal Communications, Vol.2000(10):47-49
[15]周贤伟等.无线传感器网络与安全.国防工业出版社,2007.6
[16]Warneke B, Last M, Liebowitz B, Pister KSJ. Smart dust:Communicating with a cubic millimeter computer. IEEE Computer Magazine,2001, Vol.34(1):44-51
[17]Karlof C, Wagner D. Secure Routing in Sensor Network:Attacks and Countermeasures. Ad Hoc Network,2003, Vol.1(1):293-315
[18]Shi E, Perrig A. Designing secure sensor networks. Wireless Communication Magazine,2004, Vol.11(6):38-43
[19]Perrig A, Stankovic J, Wagner D. Security in Wireless Sensor Networks. Communications of the ACM,2004, Vol.47(6):53-57
[20]贾玉福,董天临,石坚.无线传感器网络安全问题分析.网络安全技术与应 用,2005,Vol.5(1):48-51
[21]陈菲,宋志高,陈克非.无线传感器网络中对密钥管理评估指标研究.计算机仿真,Vol.22(5),2005.5
[22]Jiang Y. X, Lin C, Shi M. H. Security in Sensor Networks. Oxfordshire:Taylor and Francis Group,2006,113-143
[23]Eschenauer L, Gligor V. D. A Key Management Scheme for Distributed Sensor Networks, In:Proc. of the 9th ACM Conference on Computer and Communications Security. New York:ACM Press,2002,41-47
[24]Chan H, Perrig A, Song D. Random Key Predistribution Schemes for Sensor Networks, In:Proc. of the IEEE Symp. On Security and Privacy, Washington:IEEE Computer Society,2003,197-213
[25]Blundo R, Sunnis A D, Herzbeg A, et al. Perfectly Secure Key Distribution for Dynamic Conferences. In:Proc. of the 12th Annual International Cryptology Conference on Advances in Cryptalogy. Springer-Verlag UK,1992,471-486
[26]Blom R, An Optimal Class of Symmetric Key Generation Systems, In:Proc. of the Eurocrypt 84 Workshop on Advances in Cryptology:Theory and Application of Cryptogarphic Techniques, Springer-Verlag,1985,335-338
[27]李琳,王汝传,姜波.无线传感器网络层簇式密钥管理方案的研究.电子与信息学报,2006,,Vol.28(12):2195-2397
[28]Traynor P, Choi H, Cao G, et al. Establishing pairwise keys in heterogeneous sensor networks. In:Proc of IEEE INFOCOM 2006, Piscataway; IEEE Communication Society,2006
[29]Zhu S, Setia S, Jajodia S. LEAP:Efficient security mechanisms distributed for large-scale sensor networks. In:Proc. of the 10th ACM Conf. on Computer and Communications Security. New York:ACM Press,2003,62-72
[30]Arazi O, Qil H. Self-Certified Group Key Generation for Ad Hoc Clusters in Wireless Sensor Networks. In:Proceeding of the 14th International Conference on Computer Communications and Networks (ICCCN). San Diego:IEEE Computer Communications,2005,359-364
[31]Huang Q, Cukier J, Kobayashi H, Liu B, Zhang J. Fast authenticated key establishment protocols for self-organizing sensor networks. The 2nd ACM Int'l Conf. on Wireless Sensor Networks and Applications, New York:ACM Press.2003, 141-150
[32]Zhang YC, Liu W, Lou WJ, Fang YG. Location-Based compromise tolerant security mechanisms for wireless sensor networks. IEEE Journal on Selected Areas in Communications,2006, Vol.24(2):247-260
[33]Liu D, Ning P. Location-Based pairwise key establishments for static sensor networks. In:Proc. of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. New York:ACM Press,2003,72-82
[34]Manjeshwar A, Agrawal D P. APTEEN:a hybrid protocol for efficient routing and comprehensive information retrieval in wireless sensor networks. Proceedings of the 2nd International Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile computing, Ft. Lauderdale, FL,2002.4
[35]Eltoweissy M., Heydari M. H. and Morales L., et al. Combinatorial optimization of group key management. Journal of Network and Systems Management:Special Issue on Network Security.2004, Vol.12(1):33-50.
[36]Younis M. F, Ghumman K, Eltoweissy M. Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks IEEE Transactions on Parallel and Distributed Systems 2006, Vol.17(8):865-882
[37]Heinzelman W. R, Chandrakasan A. Energy-Efficient Communication Protocol for Wireless Microsensor Networks. Proceedings of the 33rd Hawaii International Conference on System Scicences.2000
[38]Shamir A. How to share a secret. Communications of the ACM,1979, Vol.22(11): 612-613
[39]Asmuth C, Bloom J. A Modular Approach to Key Safeguarding. IEEE Transactions on Information Theory,1983, Vol.29:208-210
[40]McEliece R. J, Sarwate D. V. On Sharing Secrets and Reed-Solomon Codes. Communication of the ACM,1981, Vol.24(8):583-584
[41]Benaloh J. C. Secret Sharing Homomorphisms:Keeping Shares of a Secret. Proc of CRYPTO'86, Berlin:Springer,1986,412-417
[42]Huang D, Mehta M, Liefvoort A.V, and Medhi D. Modeling pairwise key establishment of random key predistribution in large-scale sensor networks. IEEE/ACM Transactions on Networking,2007, Vol.15(5):1204-1215
[43]林亚平,土雷,陈宇传感器网络中一种分布式数据汇聚层次路由算法. 电子学报,2004,Vol.32(11):1801-1805
[44]Heinzelman W, Chandrakasan A, Balakrishnan H. An application-specifid protocol architecture for wireless microsensor networks. In:IEEE Transaction on Wireless Communications,2002, Vol.10:660-670
[45]http://www.tinyos.net/
[46]郭文生,刘奎安,桑楠.TinyOS集成开发环境的设计与实现.计算机应用,2008, Vo1.28(5):1283-1286
[47]Gay D, Levis P, Cutler D, Brewer E. nesC1.1 Language Refernce Manual,2003
[48]张嫒嫒.若干无线嵌入式系统的安全技术研究[博士论文].上海:交通大学,2009年6月
[49]卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版).北京:清华大学出版社,2003
[50]李学俊,敬忠良等.基于椭圆曲线离散对数问题的公钥密码.计算机工程与应用,Vo1.38(6):2002-2022
[51]Washington L.C. Elliptic Curves-Number Theory and Cryptography. CHAPMAN & HALL/CRC,2003,133-156
[52]张明.椭圆曲线加密技术研究[硕士论文].南京工业大学,2004年5月
[53]庞辽军,李慧贤,焦李成,王育民.基于秘密共享的无线传感器网络广播密钥分发协议.传感技术学报,2008,Vo1.21(10):1775-1779
[54]Jongdeog Lee, Krasimira Kapitanova, Sang H. Son. The price of security in wireless sensor networks. Computer Networks,2010,54:2967-2978
[55]Marcos A, Simplicio Jr., Paulo S.L.M. Barreto, Cintia B, Margi, Tereza C.M.B. Carvalho. A survey on key management mechanisms for distributed Wireless Sensor Networks. Computer Networks,2010,2591-2612
[2]Tilak S, AbuGhazaleh N. B, Heinzelman W. A Taxonomy of Wireless Micro-sensor Network Models. Mobile Computing Communication Review,2002, Vol.1(2):1-8
[3]Anderson J. P. Computer Security Threat Monitoring and Surveillance. Technical report, James PAnderson Co. Fort Washington, Pennsylvania,1980
[4]孙利民,李建中,陈渝,朱红松..无线传感器网络.清华出版社.2005
[5]于海斌,曾鹏,林闯.智能无线传感器网络系统.科学出版社.2006
[6]任丰源,黄海宁,林闯.无线传感器网络.软件学报,2003,Vol.14(7):1282-1291
[7]Akyildiz I. F, Su W, Sankaraubramaniam Y and Cayirci E. A survey on sensor networks[J]. In IEEE Communications Magazine, Vol.40(8), August 2002,102-114
[8]苏忠,林闯,封富君,任丰原.无线传感器网络密钥管理的方案和协议.软件学报,2007,Vol.18(5):1218-1220
[9]英春,史美林.自组网体系结构研究.通信学报,1999,20(9)
[10]Estrin D, Govindan R, Heideman J, et al. Next century challenges:Scalable coordinate in sensor network. In:Proceedings of the 5th ACM/IEEE International Conference on Mobile Computing and Networking. Seattle,1999,263-270
[11]Steere P, Baptista A, Mcnamee D, et al. Research challenges in environmental observation an forecasting systems, proc,6 ACM/IEEE MobiCOM,2000:292-299
[12]Schwiebert L, GuptA S. K. S, Weinmann J, et al. Research challenges in wireless networks of biomedical sensors. MobiCOM'01,2001:151-165
[14]Essa I. A. Ubiquitous sensing for smart and aware environments. IEEE Personal Communications, Vol.2000(10):47-49
[15]周贤伟等.无线传感器网络与安全.国防工业出版社,2007.6
[16]Warneke B, Last M, Liebowitz B, Pister KSJ. Smart dust:Communicating with a cubic millimeter computer. IEEE Computer Magazine,2001, Vol.34(1):44-51
[17]Karlof C, Wagner D. Secure Routing in Sensor Network:Attacks and Countermeasures. Ad Hoc Network,2003, Vol.1(1):293-315
[18]Shi E, Perrig A. Designing secure sensor networks. Wireless Communication Magazine,2004, Vol.11(6):38-43
[19]Perrig A, Stankovic J, Wagner D. Security in Wireless Sensor Networks. Communications of the ACM,2004, Vol.47(6):53-57
[20]贾玉福,董天临,石坚.无线传感器网络安全问题分析.网络安全技术与应 用,2005,Vol.5(1):48-51
[21]陈菲,宋志高,陈克非.无线传感器网络中对密钥管理评估指标研究.计算机仿真,Vol.22(5),2005.5
[22]Jiang Y. X, Lin C, Shi M. H. Security in Sensor Networks. Oxfordshire:Taylor and Francis Group,2006,113-143
[23]Eschenauer L, Gligor V. D. A Key Management Scheme for Distributed Sensor Networks, In:Proc. of the 9th ACM Conference on Computer and Communications Security. New York:ACM Press,2002,41-47
[24]Chan H, Perrig A, Song D. Random Key Predistribution Schemes for Sensor Networks, In:Proc. of the IEEE Symp. On Security and Privacy, Washington:IEEE Computer Society,2003,197-213
[25]Blundo R, Sunnis A D, Herzbeg A, et al. Perfectly Secure Key Distribution for Dynamic Conferences. In:Proc. of the 12th Annual International Cryptology Conference on Advances in Cryptalogy. Springer-Verlag UK,1992,471-486
[26]Blom R, An Optimal Class of Symmetric Key Generation Systems, In:Proc. of the Eurocrypt 84 Workshop on Advances in Cryptology:Theory and Application of Cryptogarphic Techniques, Springer-Verlag,1985,335-338
[27]李琳,王汝传,姜波.无线传感器网络层簇式密钥管理方案的研究.电子与信息学报,2006,,Vol.28(12):2195-2397
[28]Traynor P, Choi H, Cao G, et al. Establishing pairwise keys in heterogeneous sensor networks. In:Proc of IEEE INFOCOM 2006, Piscataway; IEEE Communication Society,2006
[29]Zhu S, Setia S, Jajodia S. LEAP:Efficient security mechanisms distributed for large-scale sensor networks. In:Proc. of the 10th ACM Conf. on Computer and Communications Security. New York:ACM Press,2003,62-72
[30]Arazi O, Qil H. Self-Certified Group Key Generation for Ad Hoc Clusters in Wireless Sensor Networks. In:Proceeding of the 14th International Conference on Computer Communications and Networks (ICCCN). San Diego:IEEE Computer Communications,2005,359-364
[31]Huang Q, Cukier J, Kobayashi H, Liu B, Zhang J. Fast authenticated key establishment protocols for self-organizing sensor networks. The 2nd ACM Int'l Conf. on Wireless Sensor Networks and Applications, New York:ACM Press.2003, 141-150
[32]Zhang YC, Liu W, Lou WJ, Fang YG. Location-Based compromise tolerant security mechanisms for wireless sensor networks. IEEE Journal on Selected Areas in Communications,2006, Vol.24(2):247-260
[33]Liu D, Ning P. Location-Based pairwise key establishments for static sensor networks. In:Proc. of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. New York:ACM Press,2003,72-82
[34]Manjeshwar A, Agrawal D P. APTEEN:a hybrid protocol for efficient routing and comprehensive information retrieval in wireless sensor networks. Proceedings of the 2nd International Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile computing, Ft. Lauderdale, FL,2002.4
[35]Eltoweissy M., Heydari M. H. and Morales L., et al. Combinatorial optimization of group key management. Journal of Network and Systems Management:Special Issue on Network Security.2004, Vol.12(1):33-50.
[36]Younis M. F, Ghumman K, Eltoweissy M. Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks IEEE Transactions on Parallel and Distributed Systems 2006, Vol.17(8):865-882
[37]Heinzelman W. R, Chandrakasan A. Energy-Efficient Communication Protocol for Wireless Microsensor Networks. Proceedings of the 33rd Hawaii International Conference on System Scicences.2000
[38]Shamir A. How to share a secret. Communications of the ACM,1979, Vol.22(11): 612-613
[39]Asmuth C, Bloom J. A Modular Approach to Key Safeguarding. IEEE Transactions on Information Theory,1983, Vol.29:208-210
[40]McEliece R. J, Sarwate D. V. On Sharing Secrets and Reed-Solomon Codes. Communication of the ACM,1981, Vol.24(8):583-584
[41]Benaloh J. C. Secret Sharing Homomorphisms:Keeping Shares of a Secret. Proc of CRYPTO'86, Berlin:Springer,1986,412-417
[42]Huang D, Mehta M, Liefvoort A.V, and Medhi D. Modeling pairwise key establishment of random key predistribution in large-scale sensor networks. IEEE/ACM Transactions on Networking,2007, Vol.15(5):1204-1215
[43]林亚平,土雷,陈宇传感器网络中一种分布式数据汇聚层次路由算法. 电子学报,2004,Vol.32(11):1801-1805
[44]Heinzelman W, Chandrakasan A, Balakrishnan H. An application-specifid protocol architecture for wireless microsensor networks. In:IEEE Transaction on Wireless Communications,2002, Vol.10:660-670
[45]http://www.tinyos.net/
[46]郭文生,刘奎安,桑楠.TinyOS集成开发环境的设计与实现.计算机应用,2008, Vo1.28(5):1283-1286
[47]Gay D, Levis P, Cutler D, Brewer E. nesC1.1 Language Refernce Manual,2003
[48]张嫒嫒.若干无线嵌入式系统的安全技术研究[博士论文].上海:交通大学,2009年6月
[49]卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版).北京:清华大学出版社,2003
[50]李学俊,敬忠良等.基于椭圆曲线离散对数问题的公钥密码.计算机工程与应用,Vo1.38(6):2002-2022
[51]Washington L.C. Elliptic Curves-Number Theory and Cryptography. CHAPMAN & HALL/CRC,2003,133-156
[52]张明.椭圆曲线加密技术研究[硕士论文].南京工业大学,2004年5月
[53]庞辽军,李慧贤,焦李成,王育民.基于秘密共享的无线传感器网络广播密钥分发协议.传感技术学报,2008,Vo1.21(10):1775-1779
[54]Jongdeog Lee, Krasimira Kapitanova, Sang H. Son. The price of security in wireless sensor networks. Computer Networks,2010,54:2967-2978
[55]Marcos A, Simplicio Jr., Paulo S.L.M. Barreto, Cintia B, Margi, Tereza C.M.B. Carvalho. A survey on key management mechanisms for distributed Wireless Sensor Networks. Computer Networks,2010,2591-2612