本文選題：工業(yè)物聯(lián)網(wǎng) + IEEE802.15.4e��； 參考：《北京科技大學(xué)》2017年博士論文

【摘要】：由于工業(yè)無(wú)線應(yīng)用對(duì)可靠性、低功耗和實(shí)時(shí)性有著嚴(yán)格要求,以前IEEE802.15.4-2006標(biāo)準(zhǔn)的MAC(Medium Access Control)層協(xié)議暴露出許多不足。IEEE802.15.4e是一個(gè)面向工業(yè)物聯(lián)網(wǎng)應(yīng)用新的MAC層標(biāo)準(zhǔn),采用時(shí)間同步信道跳頻(Time-Synchronized Channel Hopping,TSCH)技術(shù),實(shí)現(xiàn)了一個(gè)高可靠、低功耗的工業(yè)無(wú)線網(wǎng)絡(luò)。由于時(shí)間同步是IEEE802.15.4e網(wǎng)絡(luò)的核心支撐技術(shù),一旦遭受攻擊,將導(dǎo)致網(wǎng)絡(luò)通信、節(jié)點(diǎn)定位以及數(shù)據(jù)融合等方面應(yīng)用無(wú)法正常工作。因此,時(shí)間同步協(xié)議的安全是基于IEEE802.15.4e工業(yè)物聯(lián)網(wǎng)中值得研究的一個(gè)關(guān)鍵問(wèn)題。木文將IEEE802.15.4e時(shí)間同步協(xié)議劃分為單跳Pair-Wise、簇內(nèi)和多跳三個(gè)層次,分別分析了由TSCH技術(shù)本身和高精度同步要求所帶來(lái)的安全漏洞,并定義了其主要面臨的攻擊,然后提出了相應(yīng)的安全策略。本文主要研究?jī)?nèi)容和貢獻(xiàn)如下：(1)提出了一種單跳Pair-Wise時(shí)間同步協(xié)議的安全策略。IEEE802.15.4e單跳Pair-Wise時(shí)間同步協(xié)議由ASN(Absolute Slot Number)和Device-to-Device時(shí)間同步組成。首先,分析了單跳Pair-Wise時(shí)間同步協(xié)議中存在的安全漏洞,并定義了ASN攻擊和時(shí)隙模板攻擊。然后,提出了一種安全策略,該策略包括抵御ASN攻擊的Sec_ASN算法和抵御時(shí)隙模板攻擊的TOF(Time Offset Filter)算法兩部分。Sec_ASN算法通過(guò)消息完整性認(rèn)證和2s+1的方法,解決了新入網(wǎng)節(jié)點(diǎn)獲取正確的ASN值問(wèn)題。TOF算法基于節(jié)點(diǎn)時(shí)鐘模型設(shè)計(jì)了一個(gè)過(guò)濾器,過(guò)濾掉來(lái)自攻擊節(jié)點(diǎn)的時(shí)間同步包。最后,通過(guò)實(shí)驗(yàn)驗(yàn)證了該安全策略的有效性和能耗與成本約束下的可實(shí)現(xiàn)性。(2)提出了一種簇內(nèi)時(shí)間同步協(xié)議的安全策略。在IEEE802.15.4e簇狀網(wǎng)絡(luò)中,采用廣播的方式可以高效地實(shí)現(xiàn)簇內(nèi)節(jié)點(diǎn)的時(shí)間同步。IEEE802.15.4e簇內(nèi)時(shí)間同步協(xié)議主要面臨偽造廣播同步包和捕獲兩種攻擊。針對(duì)偽造廣播包攻擊,本文采用了基于包的密鑰鏈機(jī)制的μTESLA廣播認(rèn)證算法。該算法解決了原始μTESLA廣播認(rèn)證在密鑰公布延遲和密鑰鏈長(zhǎng)度之間存在沖突問(wèn)題,使得其更適用于簇內(nèi)時(shí)間同步。針對(duì)捕獲攻擊,本文采用了基于簇內(nèi)時(shí)間同步模型的容錯(cuò)算法。該算法能夠在捕獲節(jié)點(diǎn)數(shù)量小于簇內(nèi)節(jié)點(diǎn)的總數(shù)目的1/3時(shí),保證任何兩個(gè)合法節(jié)點(diǎn)之間的同步誤差存在上限。最后,通過(guò)理論和實(shí)驗(yàn)驗(yàn)證了上述安全策略的有效性和可行性。(3)提出了一種多跳時(shí)間同步協(xié)議的安全策略。首先,指出了IEEE802.15.4e多跳時(shí)間同步協(xié)議主要面臨時(shí)間同步樹(shù)攻擊和誤差累積攻擊。然后,提出了一種安全策略,該策略包括基于Rank異常的入侵檢測(cè)算法和基于信任模型的多路徑時(shí)間同步方法等關(guān)鍵技術(shù)�；赗ank異常的入侵檢測(cè)算法通過(guò)對(duì)網(wǎng)絡(luò)中節(jié)點(diǎn)發(fā)送DIO包的Rank值進(jìn)行規(guī)則驗(yàn)證,及時(shí)檢測(cè)出時(shí)間同步樹(shù)攻擊�；谛湃文Ｐ偷亩嗦窂綍r(shí)間同步方法通過(guò)建立節(jié)點(diǎn)與節(jié)點(diǎn)之間信任模型,使得節(jié)點(diǎn)在構(gòu)建多跳同步路徑時(shí)繞過(guò)那些不受信任節(jié)點(diǎn),從而抵御誤差累積攻擊。最后，通過(guò)仿真實(shí)驗(yàn)驗(yàn)證了該安全策略的有效性,并采用了16個(gè)OpenMoteSTM硬件節(jié)點(diǎn)和OpenWSN軟件搭建了一個(gè)多跳時(shí)間同步的實(shí)驗(yàn)測(cè)試平臺(tái),驗(yàn)證了該安全策略的抗攻擊性和可實(shí)現(xiàn)性。
[Abstract]:As industrial wireless applications have strict requirements for reliability, low power consumption and real-time performance, the MAC (Medium Access Control) layer protocol of previous IEEE802.15.4-2006 standards exposes many deficiencies.IEEE802.15.4e is a new MAC layer standard for the application of the industrial Internet of things, using time synchronization channel frequency hopping (Time-Synchronized Channel Hopping,) TSCH) technology, an industrial wireless network with high reliability and low power consumption is realized. Because time synchronization is the core support technology of IEEE802.15.4e network, once attacked, it will lead to network communication, node location and data fusion. Therefore, the security of time synchronization protocol is based on the IEEE802.15.4e industry. The key problem worth studying in the Internet of things is that the IEEE802.15.4e time synchronization protocol is divided into single hop Pair-Wise, intra cluster and multi hop three levels. The security vulnerabilities brought by TSCH technology and high precision synchronization are analyzed respectively, and the main attacks are defined, and the corresponding security strategy is put forward. The main research contents and contributions are as follows: (1) a security strategy for single hop Pair-Wise time synchronization protocol is proposed,.IEEE802.15.4e single hop Pair-Wise time synchronization protocol is composed of ASN (Absolute Slot Number) and Device-to-Device time synchronization. Firstly, the security vulnerabilities in single hop Pair-Wise time synchronization protocol are analyzed, and it is fixed. ASN attacks and slot template attacks are defined. Then, a security strategy is proposed, which includes the Sec_ASN algorithm against ASN attacks and the TOF (Time Offset Filter) algorithm against time slot template attacks. The two part.Sec_ASN algorithm, through the method of message integrity authentication and 2s+1, solves the problem of getting the correct ASN value problem.TOF. The algorithm designs a filter based on the node clock model and filters out the time synchronization packet from the attack node. Finally, the effectiveness of the security policy and the implementation of the energy consumption and cost constraints are verified by experiments. (2) a security strategy for intra cluster time synchronization protocol is proposed. It is widely used in the IEEE802.15.4e cluster network. The time synchronization protocol of.IEEE802.15.4e cluster within cluster nodes can be efficiently implemented in the mode of sowing, which mainly face forged broadcast synchronization packets and two attacks. In this paper, we use a packet based key chain mechanism based on the TESLA broadcast authentication algorithm. This algorithm solves the original TESLA broadcast authentication. There is a conflict between key publication delay and key chain length, which makes it more suitable for intra cluster time synchronization. In this paper, a fault tolerant algorithm based on intra cluster time synchronization model is adopted in this paper. This algorithm can guarantee the same number of two legitimate nodes when the number of nodes is less than 1 /3 of the total number of nodes in the cluster. There is an upper limit of step error. Finally, the validity and feasibility of the above security strategy are verified by theory and experiment. (3) a security strategy for multi hop time synchronization protocol is proposed. First, it is pointed out that the IEEE802.15.4e multi hop time synchronization protocol is mainly faced with time synchronization tree attack and error cumulative attack. Then, a security policy is proposed. The strategy includes the Rank anomaly based intrusion detection algorithm and the multi path time synchronization method based on the trust model. The intrusion detection algorithm based on the Rank anomaly is used to verify the rules of the Rank value of the DIO packets sent to the nodes in the network, and detect the time and the same step tree attack. The synchronization method establishes a trust model between nodes and nodes, which makes the node bypass those untrusted nodes when constructing multi hop synchronization path, thus resisting cumulative error attacks. Finally, the effectiveness of the security strategy is verified by simulation experiments, and a more than 16 OpenMoteSTM hardware nodes and OpenWSN software are used. Jumping time synchronization test platform validates the security policy's anti attack and feasibility.
【學(xué)位授予單位】：北京科技大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 楊朔;李長(zhǎng)庚;;無(wú)線傳感器網(wǎng)絡(luò)泛洪時(shí)間同步協(xié)議安全算法[J];傳感器與微系統(tǒng);2014年01期

2 李秋靈;白焰;王仁書(shū);;具有容錯(cuò)性的洪泛時(shí)間同步算法研究[J];計(jì)算機(jī)仿真;2013年12期

3 孫言強(qiáng);王曉東;周興銘;;無(wú)線網(wǎng)絡(luò)中的干擾攻擊[J];軟件學(xué)報(bào);2012年05期

4 王良民;郭淵博;詹永照;;容忍入侵的無(wú)線傳感器網(wǎng)絡(luò)模糊信任評(píng)估模型[J];通信學(xué)報(bào);2010年12期

5 尹香蘭;齊望東;;LiteST:一種無(wú)線傳感器網(wǎng)絡(luò)輕量級(jí)安全時(shí)間同步協(xié)議[J];通信學(xué)報(bào);2009年04期

6 馮濤;馬建峰;;防御無(wú)線傳感器網(wǎng)絡(luò)Sybil攻擊的新方法[J];通信學(xué)報(bào);2008年06期

7 蹇強(qiáng);龔正虎;朱培棟;桂春梅;;無(wú)線傳感器網(wǎng)絡(luò)MAC協(xié)議研究進(jìn)展[J];軟件學(xué)報(bào);2008年02期

8 張偉;何斌;趙霞;陳啟軍;;開(kāi)放的無(wú)線傳感器網(wǎng)絡(luò)平臺(tái)OpenWSN[J];計(jì)算機(jī)研究與發(fā)展;2008年01期

9 徐朝農(nóng);徐勇軍;李曉維;;無(wú)線傳感器網(wǎng)絡(luò)時(shí)間同步新技術(shù)[J];計(jì)算機(jī)研究與發(fā)展;2008年01期

10 裴慶祺;沈玉龍;馬建峰;;無(wú)線傳感器網(wǎng)絡(luò)安全技術(shù)綜述[J];通信學(xué)報(bào);2007年08期

相關(guān)博士學(xué)位論文 前1條

1 李暉;無(wú)線傳感器網(wǎng)絡(luò)安全技術(shù)研究[D];上海交通大學(xué);2007年

相關(guān)碩士學(xué)位論文 前2條

1 袁江;無(wú)線傳感網(wǎng)絡(luò)的蟲(chóng)洞攻擊防御方法研究[D];華中科技大學(xué);2013年

2 毛瀛洲;NTP網(wǎng)絡(luò)授時(shí)系統(tǒng)設(shè)計(jì)與實(shí)現(xiàn)[D];山東大學(xué);2008年

，

本文編號(hào)：2104723