在無線感測網路中,如果當感測節點佈置在無人照顧的敵方地區時,為了能使感測節點之間的通訊是安全的,必須要有秘密的金鑰做為他們之間的通訊。到目前為止已經有許多金鑰建立的方法,被提出用在大型的無線感測網路中。目前的方法中,藉由事先配置的方式,每個感測節點能跟他周圍鄰居分享一把秘密金鑰。但這個方法,有可能兩個端點節點沒有共享一把金鑰,這時需要透過一條安全的路徑來分享他們之間的秘密金鑰。然而在傳送秘密金鑰時,這把秘密金鑰可能會被暴露在路徑經過的節點。許多研究者提出透過多條路徑,來建立金鑰以防止少數被俘虜的感測節點知道這把秘密金鑰,但是這些方法卻容易遭受拜占庭攻擊。為了對付這種攻擊,我們提出一種驗證方法,在利用多條路徑建立金鑰時,來阻止拜占庭攻擊。跟之前的方法比較,我們提出的方法可以減低惡意的感測節點,發動拜占庭攻擊,而且感測節點可以判斷出誰是具有惡意行為的感測節點。除此之外,我們的方法能達到省電的效果,因為我們能偵測且過濾錯誤的資料不超過兩步,使得資料不會繼續無意義的傳送下去。 When sensor network deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a common key with its neighbors via preinstalled keys. But it may be occur that two end nodes which do not share a key with each other. They can use a secure path to share a session key between them. However during transmitting the session key, the session key will be revealed to each node along the secure path. Many researchers proposed multi-path key establishment to prevent a few compromised sensors to know the session key, but it is vulnerable to stop forwarding attack or Byzantine attack. To counter these attacks, we propose a hop by hop authentication scheme multi-path key establishment prevent Byzantine attack with. Compare with conventional protocols, our proposed scheme can mitigate the impact of malicious nodes to do Byzantine attack and sensor can identify the malicious nodes. In addition, our scheme can achieve energy saving since it can detect and filter false data no beyond two hops.
