發(fā)布時間：2018-01-18 00:13

  本文關(guān)鍵詞：基于無線信道特征的體域網(wǎng)安全技術(shù)研究　出處：《北京郵電大學(xué)》2014年博士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 體域網(wǎng) 無線信道 密鑰分配 身份認(rèn)證 訪問控制 信號接收強(qiáng)度

【摘要】：隨著傳感器技術(shù)、通信技術(shù)和計(jì)算機(jī)技術(shù)的發(fā)展和進(jìn)步,具有感知能力、計(jì)算能力和通信能力的可穿戴式傳感器節(jié)點(diǎn)以及終端設(shè)備陸續(xù)出現(xiàn),因此針對這些節(jié)點(diǎn)和設(shè)備組成的體域網(wǎng)的研究正如火如荼地展開。與傳統(tǒng)網(wǎng)絡(luò)不同,信道開放性、數(shù)據(jù)敏感性、資源有限性、網(wǎng)絡(luò)動態(tài)性以及應(yīng)用特殊性是體域網(wǎng)的主要特征。一方面,由于體域網(wǎng)的通信媒介——無線信道是開放性的,攻擊者可以通過復(fù)制、偽造信息和信息干擾手段,影響數(shù)據(jù)的正確性。如果攻擊者蓄意干擾或更改用戶的健康數(shù)據(jù),可能會導(dǎo)致醫(yī)生無法診斷或做出錯誤的診斷致使病人病情加重甚至死亡。另一方面,無線體域網(wǎng)面臨著兩類隱私侵犯,位置隱私與信息隱私。由于在無線體域網(wǎng)技術(shù)應(yīng)用中,位置隱私帶有高度的個人性,用戶的位置信息可能會很容易的被探知。而包括用戶各項(xiàng)生理參數(shù)的信息,如果不經(jīng)過隱私保護(hù),這些重要的數(shù)據(jù)很可能泄露并被第三方接收查看。因此,如何通過以上三種技術(shù)實(shí)現(xiàn)體域網(wǎng)安全是當(dāng)前研究面臨的主要任務(wù)。 一般而言,安全問題的研究是從機(jī)密性、完整性、可用性、認(rèn)證和不可否認(rèn)性這五個角度出發(fā)的,而傳統(tǒng)網(wǎng)絡(luò)中的安全技術(shù)并不完全滿足體域網(wǎng)需求。由于體域網(wǎng)節(jié)點(diǎn)少且分布范圍小,完整性和不可否認(rèn)性可以通過身份認(rèn)證來實(shí)現(xiàn)；同時,體域網(wǎng)的資源有限性和網(wǎng)絡(luò)動態(tài)性等特點(diǎn)也對機(jī)密性和認(rèn)證提出了新的挑戰(zhàn)；此外,由于體域網(wǎng)信息具有高度敏感性且存在突發(fā)緊急情況處理的需求,也為可用性帶來了新的挑戰(zhàn)。由于這三種安全需求所對應(yīng)的技術(shù)分別是加密、身份認(rèn)證和訪問控制,因此,如何通過以上三種技術(shù)實(shí)現(xiàn)體域網(wǎng)安全是當(dāng)前研究面臨的主要任務(wù)也是基本途徑。 本文從體域網(wǎng)對安全的需求出發(fā),對體域網(wǎng)節(jié)點(diǎn)間的密鑰分配、身份認(rèn)證和外部節(jié)點(diǎn)的的訪問控制三項(xiàng)技術(shù)的核心機(jī)制與關(guān)鍵技術(shù)進(jìn)行了研究,具體包括以下內(nèi)容：(1)針對資源有限性和網(wǎng)絡(luò)動態(tài)性迫使體域網(wǎng)必須具有高效的輕量級加密以滿足機(jī)密性的要求,提出了一種基于小波變換趨勢的無線體域網(wǎng)密鑰協(xié)商機(jī)制(Wavelet-Transform Trend-Based Key Extraction, WTKE)。首先,WTKE充分利用了體域網(wǎng)通信節(jié)點(diǎn)間在信道相干時間內(nèi)RSS(ReceivedSignal Strength)相互測量值的高相關(guān)性,通過4級Haar小波變換后進(jìn)行趨勢量化,使得體域網(wǎng)節(jié)點(diǎn)間即使有竊聽者的存在也可以共享密鑰。其次,WTKE的安全性通過了實(shí)驗(yàn)驗(yàn)證,竊聽節(jié)點(diǎn)Eve和合法節(jié)點(diǎn)(Alice或者Bob)之間的密鑰偏差比接近于0.5,這和Eve通過隨機(jī)猜測每一位密鑰的概率是一樣的。WTKE生成密鑰通過了NIST test suite檢驗(yàn),證明密鑰滿足隨機(jī)性要求。然后,本文在密鑰生成速率和密鑰偏差率兩個指標(biāo)上,將WTKE和經(jīng)典的幅度量化方法以及傳統(tǒng)的趨勢量化方法進(jìn)行對比,結(jié)果表明：和幅度量化方法相比,WTKE都具有優(yōu)勢；和之前的趨勢量化方法相比,WTKE通過降低密鑰生成速率來降低密鑰偏差率。最后,在引入足夠運(yùn)動的前提下,WTKE同時也可以應(yīng)用于節(jié)點(diǎn)和basestation間,本文也做了類似的實(shí)驗(yàn)進(jìn)行驗(yàn)證。綜合來看,WTKE是一種低資源消耗、低硬件復(fù)雜度的輕量級密鑰協(xié)商機(jī)制。 (2)針對網(wǎng)絡(luò)動態(tài)性要求體域網(wǎng)必須具備快速簡單的身份認(rèn)證以滿足認(rèn)證的要求,提出了一種針對體域網(wǎng)的輕量級近距離身份認(rèn)證機(jī)制(RSSRatio-Based Node Authentication, R2NA)。R2NA沒有額外添加硬件使用帶外信道,而是充分利用了無線信道的物理特征：當(dāng)發(fā)送端距離體域網(wǎng)控制單元(Control Unit, CU)或者一個體域網(wǎng)傳感器節(jié)點(diǎn)足夠近時,發(fā)送端和CU間RSS值、與發(fā)送端和傳感器節(jié)點(diǎn)間RSS值差別很大,而遠(yuǎn)距離的發(fā)送端是不可能產(chǎn)生這種大的差值的。首先,本文通過理論推導(dǎo)分析和實(shí)驗(yàn)數(shù)據(jù)驗(yàn)證了R2NA機(jī)制的原理。其次,本文探討了可能影響R2NA機(jī)制的因素,包含傳感器穿戴位置、人體移動、環(huán)境和人體體型,綜合考慮后,給出了R2NA機(jī)制相關(guān)參數(shù)。最后,本文通過實(shí)驗(yàn)分析了R2NA的安全性,和之前基于無線信道特征的體域網(wǎng)節(jié)點(diǎn)認(rèn)證機(jī)制BANA (Body Area Network Authentication)在性能上進(jìn)行了對比,結(jié)果表明：R2NA在速度、能耗和適用性這3個指標(biāo)上優(yōu)于BANA,在兼容性和易用性這2個指標(biāo)上和BANA一樣；依據(jù)本文中的參數(shù)設(shè)置,R2NA的認(rèn)證時間不超過12秒,在0.2m范圍內(nèi)的認(rèn)證成功率接近100%,且R2NA可以適用于多種擁擠場景。 (3)針對資源有限性與應(yīng)用特殊性要求體域網(wǎng)必須有松緊耦合的訪問控制以滿足可用性的需求,提出了一種基于情景自感知的松緊耦合型訪問控制機(jī)制,即體域網(wǎng)會在正常情況下需要嚴(yán)格的訪問控制機(jī)制,而在緊急情況下需要相對寬松的訪問控制機(jī)制。為了實(shí)現(xiàn)情景自感知,外置網(wǎng)關(guān)CU利用加速度計(jì)測量人體加速度信號,并通過貝葉斯方法實(shí)現(xiàn)跌倒識別,從而判別情景區(qū)分緊急與否,進(jìn)行不同訪問控制機(jī)制切換。在訪問控制技術(shù)上,針對多種不同場景的安全需要,本文提出了兩種模式的通信方案,使得CU可以主動切換訪問控制機(jī)制或通過干擾進(jìn)行被動防御,從而可以實(shí)現(xiàn)不同情景之間的安全切換。本機(jī)制還引入了基于Fuzzy Vault(模糊金庫)的密鑰協(xié)商機(jī)制(Fuzzy Vault based Key Distribution, FVKD)來保障普通模式的通信機(jī)密性,同時在普通模式利用R2NA,以及在被動緊急模式下關(guān)閉CU來判別近距離屬性進(jìn)行認(rèn)證確權(quán)。最后,本文通過實(shí)驗(yàn)分析了提出的訪問控制機(jī)制的安全性：在CU正常穿戴在身上工作時,即使其干擾功率比普通傳感器節(jié)點(diǎn)傳輸功率低20dB,仍然可以防御攻擊者的攻擊。 隨著體域網(wǎng)大規(guī)模的應(yīng)用,體域網(wǎng)安全必將引起人們更多的關(guān)注,本文利用無線信道物理層特征提出的上述輕量級解決方案對有效提高體域網(wǎng)安全性具有重要意義。
[Abstract]:With the development of sensor technology, communication technology and computer technology development and progress, with perception, computation and communication capabilities of wearable sensor nodes and terminal devices have appeared, so the research on network, the nodes and components is carried out like a raging fire. Different from the traditional network, channel opening. Data sensitivity, LIMITED resources, dynamic network and special application is the main feature of the network. On the one hand, because of the network communication media, wireless channel is open, the attacker can pass the copy, false information and information interference means, influence the accuracy of the data. If the attacker deliberately health data interference or change user, may cause the doctor couldn't make the wrong diagnosis or diagnosis of the patient illness and even death. On the other hand, wireless body area network is facing Two types of invasion of privacy, location privacy and information privacy. Due to the application of wireless body area network technology, with a highly personal location privacy, location information of the user can easily be detected. The information includes the physiological parameters of the user, without privacy protection, these important data may be leaked and by the third party receiving view. Therefore, how to through the above three kinds of technology to realize the body area network security is the main task of current research faces.
Generally speaking, the research on security is from the confidentiality, integrity, availability, authentication and non repudiation of the five point of view, the traditional security technology in the network does not fully meet the needs of the network. Because the body area network node is less and the distribution range is small, integrity and non repudiation. Can be achieved through the identity authentication; at the same time, the network characteristics of the limited resources and network dynamics and also brings new challenges to confidentiality and authentication; in addition, the body area network information with high sensitivity and emergency handling requirements, it also brings new challenges to the availability. Corresponding to these three kinds of security requirements are encryption technology, identity authentication and access control, therefore, how to through the above three kinds of technology to realize the body area network security is the main task of current research is also facing the basic way.
This article from the body area network security needs, the key distribution area network nodes, identity authentication and external node access control technology three core mechanisms and key technologies are studied, including the following: (1) according to the limited resources and the network dynamic force body area network must with efficient lightweight encryption to meet the confidentiality requirements, proposes a wireless body area network key negotiation mechanism based on the trend of wavelet transform (Wavelet-Transform Trend-Based Key Extraction, WTKE WTKE). First, make full use of the body area network communication between nodes in the channel coherence time RSS (ReceivedSignal Strength) high correlations between measured values the 4 level through Haar wavelet transform trend quantization, make appropriate network nodes domain even with the presence of the eavesdropper can also share key. Secondly, the safety of WTKE by the Verified, the eavesdropper Eve and legitimate nodes (Alice or Bob) between the key deviation ratio close to 0.5, and the Eve by random guessing probability of every key is.WTKE key generation like NIST test through suite test, prove that the key to satisfy the requirements randomness. Then, based on the key generation rate and key the deviation of the two indexes, compared to the amplitude quantization method and classical WTKE and the trend of traditional quantitative method results show that: compared with the amplitude quantization method, WTKE has the advantages of quantitative methods and compared; trend before, by reducing WTKE key generation rate to reduce the key rate of deviation. Finally, based on the introduction of enough the campaign, WTKE can also be applied to the nodes and basestation, this paper has done a similar experiment. On the whole, WTKE is a kind of low resource consumption, low hardware complexity Lightweight key negotiation mechanism.
(2) according to the requirement of network dynamic authentication body area network must have quick and easy to meet the certification requirements, a method is proposed for network distance lightweight authentication mechanism (RSSRatio-Based Node Authentication, R2NA.R2NA) without extra hardware to use out of band, but make full use of the physical characteristics of the wireless channel the sending end distance: when the body area network control unit (Control Unit CU) or a personal area network sensor nodes close enough, the sender and the CU RSS value, the difference and the sending end and the sensor nodes RSS, while the transmitter distance is unlikely to produce such a big difference. First of all, this paper verified the principle of the R2NA mechanism through theoretical analysis and experimental data. Secondly, this paper discusses the factors that may affect the R2NA mechanism, including position sensor, wearable human movement, environment and people Body, after comprehensive consideration, given the relevant parameters of the R2NA mechanism. Finally, this paper analyzes the security of R2NA by experiment, and before the body area network node based on BANA authentication mechanism in the wireless channel characteristics (Body Area Network Authentication) were compared in terms of performance, the results show that R2NA in speed, the 3 indicators energy consumption and applicability is better than BANA, the compatibility and usability of these 2 indexes and BANA; based on the parameters in this paper set up R2NA authentication time is not more than 12 seconds, in the range of 0.2m authentication success rate close to 100%, and the R2NA can be applied to a variety of crowded scenes.
(3) for the access control of the limited resources and the application requirements of body area network must have tightly coupled to meet the usability requirements, proposed a scenario based elastic coupling type self aware access control mechanism, namely the body area network would normally require strict access control mechanisms and needs the relatively loose access control mechanism in case of emergency. In order to achieve situational self perception, the external CU gateway using the accelerometer to measure the body acceleration signal, and the Bayesian method to determine fall recognition, emergency situation distinction or not, different access control mechanism in switch. Access control technology, according to the security needs of a variety of different scenes in this paper, the communication scheme of two modes, so that CU can active handoff mechanism of access control or passive defense by interference, which can realize different scenarios The safety switch. This mechanism is introduced based on Fuzzy Vault (fuzzy vault) key negotiation mechanism (Fuzzy Vault based Key Distribution, FVKD) to protect the confidentiality of communications in the normal mode, while using R2NA in normal mode, and the closure of CU in passive emergency mode to determine the authentication right close attributes. Finally, this paper analyzes the security of the proposed access control mechanism through the experiment: CU in normal wear on the body, even if the interference power is 20dB lower than the ordinary sensor nodes transmit power, still can defend the attackers.
With the large-scale application of body area network, the security of body area network will cause more attention. This lightweight solution proposed by using the physical layer characteristics of wireless channel is of great significance for improving the security of body area network effectively.

【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2014
【分類號】：TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 朱冬梅;成謝鋒;趙青;;基于匹配追蹤算法的信號復(fù)雜度在心音分段定位中的應(yīng)用[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年06期

，

本文編號：1438597