發(fā)布時(shí)間：2018-01-18 15:14

  本文關(guān)鍵詞：無線傳感器網(wǎng)絡(luò)密鑰管理與安全數(shù)據(jù)聚合技術(shù)的研究　出處：《南京郵電大學(xué)》2014年博士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 無線傳感器網(wǎng)絡(luò) 密鑰協(xié)商 同態(tài)加密 隱私保護(hù) 完整性保護(hù) 安全數(shù)據(jù)聚合 原型實(shí)現(xiàn) 性能評(píng)估

【摘要】：隨著無線通信技術(shù)、嵌入式計(jì)算技術(shù)和微電子技術(shù)的迅速發(fā)展,無線傳感器網(wǎng)絡(luò)(Wireless Sensor Networks,WSNs)受到越來越多的關(guān)注。作為溝通物理世界與信息世界的橋梁,WSNs可廣泛應(yīng)用于環(huán)境監(jiān)測(cè)、醫(yī)療衛(wèi)生、軍事國防等眾多領(lǐng)域。但是WSNs無線通信、資源受限、無人值守和無固定基礎(chǔ)實(shí)施的特點(diǎn),使其面臨各種安全威脅與挑戰(zhàn)。WSNs能否廣泛應(yīng)用,關(guān)鍵在于其能否為用戶提供安全可靠、值得信賴的服務(wù)。因此,如何保障WSNs的安全性是一個(gè)不可忽視的前沿研究領(lǐng)域,具有重要的理論和實(shí)際意義。本文主要從密鑰管理和安全數(shù)據(jù)聚合兩個(gè)方面對(duì)WSNs的安全技術(shù)進(jìn)行研究。一方面,針對(duì)傳統(tǒng)密鑰預(yù)分配技術(shù)應(yīng)用于大規(guī)模WSNs存在的通信和存儲(chǔ)開銷高、密鑰連通度低及抗俘獲性差等問題,基于簡潔高效的公鑰密碼技術(shù),研究適用于大規(guī)模WSNs的成對(duì)密鑰管理技術(shù)。另一方面,針對(duì)網(wǎng)內(nèi)數(shù)據(jù)聚合技術(shù)與安全目標(biāo)之間的矛盾,結(jié)合隱私同態(tài)和聚合認(rèn)證技術(shù),研究安全數(shù)據(jù)聚合技術(shù),旨在在網(wǎng)內(nèi)聚合過程中保障數(shù)據(jù)的隱私性和完整性。此外,現(xiàn)有的WSNs安全研究中,算法的性能評(píng)估和安全評(píng)估大多只限于理論分析,極少有原型實(shí)現(xiàn)和針對(duì)具體平臺(tái)的實(shí)際性能數(shù)據(jù)。針對(duì)目前WSNs安全算法的性能評(píng)估工具不完備的問題,本文結(jié)合網(wǎng)絡(luò)仿真工具和多種性能分析工具構(gòu)建WSNs性能評(píng)估與驗(yàn)證平臺(tái),研究WSNs安全協(xié)議的性能評(píng)估模型和安全評(píng)估方法。本文的主要研究成果包括如下幾個(gè)方面:(1)提出了一種基于身份的WSNs密鑰協(xié)商方案,稱為IBKAS(Identity-Based Key Agreement Scheme for WSNs),該機(jī)制利用基于身份的密碼技術(shù)(Identity-Based Encrytption,IBE)加密密鑰協(xié)商參數(shù),支持身份認(rèn)證和隱式密鑰認(rèn)證,適用于大規(guī)模WSNs中相鄰節(jié)點(diǎn)的對(duì)稱密鑰協(xié)商、更新與撤銷。本文在隨機(jī)預(yù)言模型下證明了方案IBKAS的安全性,并對(duì)其進(jìn)行了啟發(fā)式安全分析。分析表明,IBKAS不僅滿足認(rèn)證密鑰協(xié)商協(xié)議需具備的基本安全屬性,還能夠抵抗中間人攻擊、重放攻擊和節(jié)點(diǎn)俘獲攻擊,并提供PKG前向安全性(無密鑰托管性質(zhì))。與同類方案相比,IBKAS各方面開銷顯著減少。本文基于TinyOS平臺(tái)給出了方案IBKAS的原型實(shí)現(xiàn),并對(duì)其進(jìn)行了性能評(píng)估。實(shí)驗(yàn)結(jié)果表明,雖然IBKAS消耗的資源略高,但對(duì)于大規(guī)模傳感器網(wǎng)絡(luò)中的密鑰分配與更新這類使用頻率較低的應(yīng)用來說,IBKAS是合理可行的。(2)提出了一種基于身份的WSNS認(rèn)證密鑰協(xié)商方案,稱為TinyIBAK(Identity-Based Authenticated Key Agreement Scheme for WSNs)。該機(jī)制同時(shí)支持身份認(rèn)證和密鑰確認(rèn),適用于大規(guī)模WSNs中相鄰節(jié)點(diǎn)間對(duì)稱密鑰的建立、更新和撤銷。本文在隨機(jī)預(yù)言模型下證明了協(xié)議TinyIBAK的安全性,并利用啟發(fā)式分析方法對(duì)安全模型中沒有涵蓋的安全性質(zhì)進(jìn)行分析,還利用形式化安全驗(yàn)證工具AVISPA仿真驗(yàn)證了協(xié)議的安全性能。這些安全性分析同時(shí)表明,TinyIBAK能夠有效抵御主動(dòng)和被動(dòng)攻擊,具有良好的安全性。為了評(píng)估該方案在WSNs中的性能與可行性,本文基于TinyOS平臺(tái)給出了其原型實(shí)現(xiàn),并設(shè)計(jì)了節(jié)點(diǎn)級(jí)實(shí)驗(yàn)和網(wǎng)絡(luò)級(jí)實(shí)驗(yàn)。實(shí)驗(yàn)結(jié)果表明,TinyIBAK消耗的資源在可接受范圍內(nèi),對(duì)于大規(guī)模傳感網(wǎng)絡(luò)中的密鑰協(xié)商、更新與撤銷這類使用頻率較低的應(yīng)用而言是合理可行的。與傳統(tǒng)密鑰預(yù)分配方案相比,TinyIBAK支持高效的密鑰更新,且在安全強(qiáng)度、密鑰連通性、可擴(kuò)展性、通信開銷和存儲(chǔ)開銷方面有顯著優(yōu)勢(shì)。與同類方案相比,TinyIBAK性能更加優(yōu)異,或性能相當(dāng)?shù)峁┟荑�動(dòng)態(tài)性和密鑰更新。(3)為了在數(shù)據(jù)聚合模式下同時(shí)實(shí)現(xiàn)隱私保護(hù)與完整性保護(hù)功能,基于同態(tài)加密和聚合消息驗(yàn)證碼技術(shù)提出了一種同時(shí)保障數(shù)據(jù)隱私性與完整性的可恢復(fù)數(shù)據(jù)聚合方案,稱為RPIDA(Recoverable Privacy-preserving and Integrity-assured Data Aggregation for WSNs)。該方案具有兩種特殊性質(zhì):第一,BS能夠從聚合結(jié)果中恢復(fù)出所有感知節(jié)點(diǎn)采集的感知數(shù)據(jù);第二,BS能夠在一定范圍內(nèi)檢測(cè)出惡意節(jié)點(diǎn)攻擊并定位惡意節(jié)點(diǎn)。安全分析表明RPIDA方案能夠同時(shí)保障感知數(shù)據(jù)和聚合數(shù)據(jù)的端到端隱私性和完整性,抵抗未授權(quán)聚合攻擊和聚合節(jié)點(diǎn)俘獲攻擊,還能夠檢測(cè)并定位惡意節(jié)點(diǎn),并將惡意行為限制在一定范圍內(nèi)。為了評(píng)估協(xié)議的性能和可行性,本文基于TinyOS平臺(tái)開發(fā)了RPIDA的原型實(shí)現(xiàn),并基于目前主流的傳感器網(wǎng)絡(luò)硬件平臺(tái)MICA2節(jié)點(diǎn)分析了協(xié)議運(yùn)行所需的能耗、時(shí)間和存儲(chǔ)空間。實(shí)驗(yàn)結(jié)果表明,方案RPIDA能夠以較低的資源消耗,同時(shí)保障聚合過程中的數(shù)據(jù)機(jī)密性和完整性,實(shí)現(xiàn)安全的數(shù)據(jù)聚合。相比同類方案,RPIDA方案在通信和計(jì)算開銷方面都具有顯著優(yōu)勢(shì)。(4)構(gòu)建了一種新的WSNs性能評(píng)估與驗(yàn)證平臺(tái)WSNs-PEV(WSNs Performance Evaluation and Validation platform),并基于該平臺(tái)提出了一種新的性能評(píng)估模型。同時(shí),為實(shí)現(xiàn)對(duì)協(xié)議存儲(chǔ)占用的精確測(cè)量,設(shè)計(jì)了一種存儲(chǔ)性能分析工具M(jìn)Seeker。結(jié)合本文提出的性能評(píng)估模型和存儲(chǔ)性能評(píng)估工具M(jìn)Seeker,WSNs-PEV能夠?qū)崿F(xiàn)對(duì)WSNs協(xié)議通信、計(jì)算和存儲(chǔ)性能的高精度測(cè)量和分析。此外,WSNs-PEV平臺(tái)還能夠利用形式化分析方法驗(yàn)證協(xié)議的安全性�；赪SNs-PEV平臺(tái),我們給出了本文提出的安全方案的原型實(shí)現(xiàn),并評(píng)估了這些方案部署在MICA系列節(jié)點(diǎn)上的執(zhí)行時(shí)間、能耗和存儲(chǔ)占用等關(guān)鍵性能指標(biāo)。
[Abstract]:With the rapid development of wireless communication technology, embedded computing technology and microelectronics technology, wireless sensor network (Wireless Sensor Networks, WSNs) has attracted more and more attention. As a communication bridge between the physical world and information world, WSNs can be widely used in environmental monitoring, medical and health, many areas of military defense. But the WSNs wireless communication resources limited, unattended and no fixed infrastructure, it faces a variety of security threats and challenges of.WSNs can be widely used, the key lies in its ability to provide users with safe and reliable, trustworthy service. Therefore, how to protect the security of WSNs is an important research field, has the important theory and the practical significance. This article mainly from the key management and secure data aggregation of security technology for WSNs two aspects. On the one hand, the traditional key pre distribution Communication and storage overhead technology applied to large scale WSNs have high and low degree of connectivity, the key problem of anti capture of the poor, simple and efficient public key cryptography based on pairwise key management technology research for large scale WSNs. On the other hand, the contradiction between network data aggregation technology and security objectives, combined with the privacy homomorphism study on polymerization and polymerization authentication technology, technology safety data, to protect the privacy and integrity of the polymerization process of data in the network. In addition, the existing WSNs security research, mostly limited to theoretical analysis of the performance evaluation and security evaluation algorithm, there is little prototype and according to the actual performance data for specific platform. The current performance evaluation tool WSNs security algorithm incomplete problems, combined with the network simulation tools and a variety of performance analysis tools to construct the WSNs performance evaluation and Verification Platform Research The performance evaluation model and method of safety evaluation of the WSNs security protocol. The main research results of this paper are as follows: (1) proposed a WSNs identity based key agreement scheme, called IBKAS (Identity-Based Key Agreement Scheme for WSNs), the mechanism of using identity based encryption (Identity-Based encryption Encrytption, IBE) key parameters, support authentication and implicit key authentication, symmetric key agreement applies to adjacent nodes in large-scale WSNs, update and revocation. This paper proved the security of IBKAS scheme in the random oracle model, and has carried on the heuristic safety analysis. Analysis shows that IBKAS not only meet the basic security properties of authentication key negotiation protocol is required, but also can resist man in the middle attack, replay attack and node capture attack, and provide PKG forward security (without key escrow property with the same). For compared to all aspects of the IBKAS overhead significantly reduced. This paper presents the implementation scheme of IBKAS TinyOS platform based on the prototype, and evaluates its performance. The experimental results show that although the IBKAS resource consumption is slightly higher, but for key distribution in large-scale sensor networks and update the application that use low frequency. IBKAS is reasonable and feasible. (2) proposed a WSNS authenticated key agreement scheme based on identity, called TinyIBAK (Identity-Based Authenticated Key Agreement Scheme for WSNs). The mechanism also supports authentication and key confirmation, establish suitable for large-scale WSNs adjacent nodes in the symmetric key update and revocation. This paper shows that the security of the TinyIBAK protocol in the random oracle model, and no security properties covered security model was analyzed by using the heuristic analysis method, also use the form Safety verification tool AVISPA simulation to verify the security properties of the protocol. The security analysis also shows that TinyIBAK can effectively resist the active and passive attacks, with good security. In order to evaluate the feasibility and performance of the scheme in WSNs, based on TinyOS platform is given its prototype, and the design of the experiment and the node level the network level experiments. Experimental results show that the consumption of TinyIBAK resources within an acceptable range for key agreement in large-scale wireless sensor networks application, update and revocation of this kind of low frequency of use is reasonable and feasible. Compared with the traditional key pre distribution scheme, TinyIBAK supports efficient key update, and the security strength, key connectivity, scalability, have significant advantages for communication overhead and storage overhead. Compared with similar schemes, TinyIBAK more excellent performance, or performance is quite dense but Dynamic key update and key. (3) in data aggregation while achieving privacy protection and integrity protection mode, homomorphic encryption and message authentication code polymerization technology brings a while ensuring data privacy and integrity of the recovery scheme based on data aggregation, called RPIDA (Recoverable Privacy-preserving and Integrity-assured Data Aggregation for WSNs). The scheme has two special properties: first, BS can restore all sensor nodes sensing data from the polymerization results; second, BS can be detected in a certain range of malicious nodes and locate malicious nodes. Security analysis shows that the RPIDA scheme can also guarantee the sensing data and aggregate data to the end the end of privacy and integrity, against unauthorized polymerization and polymerization against node capture attack, but also can detect and locate malicious nodes and malicious behavior Is limited to a certain range. In order to evaluate the performance and feasibility of the agreement, the implementation of TinyOS platform RPIDA is developed based on the prototype, and based on the hardware platform of MICA2 sensor network node mainstream analysis of the energy consumption required to run the protocol, time and storage space. The experimental results show that the RPIDA scheme can lower the consumption of resources at the same time, to ensure data confidentiality and integrity in the polymerization process, to achieve secure data aggregation. Compared with similar schemes, RPIDA scheme has significant advantages in communication and computation overhead. (4) to build a new performance evaluation and validation of WSNs platform WSNs-PEV (WSNs Performance Evaluation and Validation platform), and based on the the platform put forward a new performance model. At the same time, to achieve accurate measurement of the occupation of the store, designed a storage performance analysis tool MSeeker. The evaluation tool MSeeker and performance evaluation model and storage performance are presented in this paper, WSNs-PEV can be achieved on the WSNs protocol, high precision measurement and analysis calculation and storage performance. In addition, WSNs-PEV platform is able to use formal security analysis method validation protocol. Based on the WSNs-PEV platform, we give the implementation of security scheme is proposed in this paper the prototype, and evaluated the deployment in the MICA series node on the execution time, the key performance indicators of energy consumption and storage.

【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP212.9;TN918.4

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王秋華;陳惠芳;謝磊;王匡;;傳感器網(wǎng)絡(luò)中建立路徑密鑰的增強(qiáng)方案[J];信息與控制;2011年02期

2 楊洲;景博;孫勇;;基于密鑰連通的WSN簇頭選擇安全算法[J];計(jì)算機(jī)工程;2010年14期

3 秦滔;;基于部署知識(shí)的異構(gòu)WSN密鑰管理算法[J];計(jì)算機(jī)工程;2012年08期

4 應(yīng)必娣;陳惠芳;趙問道;仇佩亮;;低功耗無線傳感器網(wǎng)絡(luò)密鑰預(yù)分布方案[J];傳感技術(shù)學(xué)報(bào);2007年07期

5 胡榮磊;姜一通;蔣華;曾萍;汪良辰;楊慶銳;;基于擴(kuò)展DNA模型的對(duì)密鑰預(yù)分發(fā)方案[J];計(jì)算機(jī)工程;2012年13期

6 肖博;;無線傳感網(wǎng)絡(luò)通信的密鑰預(yù)分配協(xié)議設(shè)計(jì)探討[J];科技風(fēng);2009年09期

7 吳丘林;李喬良;;基于對(duì)稱平衡不完全區(qū)組設(shè)計(jì)的持續(xù)安全管理密鑰預(yù)分配方案[J];計(jì)算機(jī)應(yīng)用;2012年04期

8 章睿;劉吉強(qiáng);趙佳;;一種基于ID的傳感器網(wǎng)絡(luò)密鑰管理方案[J];電子與信息學(xué)報(bào);2009年04期

9 劉海英;熊俊俏;戴璐萍;鄭寬磊;;基于哈希密鑰鏈的無線傳感器網(wǎng)絡(luò)密鑰預(yù)分配方案[J];長江大學(xué)學(xué)報(bào)(自然科學(xué)版)理工卷;2009年04期

10 曹t，

本文編號(hào)：1441404