分散式無線感測網路之輕量化金鑰管理機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：46

、訪客IP：3.139.97.43

姓名

陳明軒(Ming-Hsuan Chen) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

分散式無線感測網路之輕量化金鑰管理機制
(Lightweight Key Management Schemes for Distributed Wireless Sensor Networks)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

近年來無線感測網路在許多關鍵場所上被廣泛應用，像是軍事、機場、醫療等環境來進行環境監控或感測。由於感測節點的資源配備與計算能力是受限的，因此，在現實中不太能夠使用較昂貴的防竄改硬體來保護節點內部重要的秘密金鑰。

而在無線感測網路中最為嚴重的兩種威脅分別是節點捕獲 (Node Capture) 與惡意程式注入攻擊 (Malicious Code Injection)。攻擊者可以藉由物理得方式來捕獲感測節點並竊取記憶體內部可利用的秘密資訊。此外，攻擊者也可以將惡意程式注入到被捕獲的感測節點中，並將它置回原處。事實上，一個惡意節點將有能力去偽裝成一般的感測節點來傳送偽造的資料給基地台 (Base Station)。

因此在無線感測網路中，金鑰管理機制上的安全性成為一個重要的議題。許多學者們提出了門檻式秘密共享機制來防禦前述所提及的攻擊。這些方法採用了Shamir 的門檻式秘密共享機制來將主秘鑰 (Master Key) 切為許多小部份，並給予鄰近節點屬於它自己的部份。然而，此方法只適用於擁有較高計算資源的叢集頭 (Cluster Head) 之階層式無線感測網路架構下。

所以，我們提出一種較有效率且基於簡單秘密共享 (Trivial Secret Sharing)之金鑰管理機制，此方法能夠適用於分散式無線感測網路架構之下。經由局部檢測之群組化秘密共享金鑰管理機制 (group-based secret sharing key management scheme via local attestation) ，此方法不僅能夠抵抗節點捕獲攻擊，也能檢測出節點是否已被注入惡意。此外，如同Shamir 的門檻式秘密共享機制，此方法一樣能夠容忍節點損壞的情況，但也僅使用到了互斥或運算。

摘要(英)

In recently years, Wireless Sensor Networks (WSN) have been deployed for a wide variety of mission-critical applications such as monitoring and sensing in military, airports, and healthcare environments. Due to limited resources and computing constraints, it is impractical to use the expensive tamper-resistant hardware for protecting the secret keying material.

Two of the most serious threats in WSN are node capture attack and malicious code injection. In order to instigate these attacks, the adversary can physically capture
some sensor nodes and steal the keying materials from their internal memories. Also, the captured nodes can be reprogrammed with malicious code and redeployed back. In fact, the compromised node can always behave normally and send forged data to base station.

Therefore, security of the key management for WSN becomes the important issue. Researchers have proposed several threshold secret sharing schemes for preventing above attacks. The scheme adopts the idea of Shamir’s (t,n) threshold secret sharing algorithm to divide the master key into many parts and give each neighbor node its own unique part. However, it is more suitable for hierarchical WSN architecture because of the cluster head has more powerful computational capabilities.

Accordingly, we propose the efficient key management scheme based on trivial secret sharing which is feasible in the distributed WSN architecture. The proposed group-based secret sharing key management scheme via local attestation can not only prevent the node capture attack but also attest whether the internal memories have been maliciously compromised or not. The proposed scheme can tolerate the node broken situation as same as Shamir’s (t,n) threshold secret sharing scheme, but only use the exclusive-or operation.

關鍵字(中)

★ 金鑰管理
★ 無線感測網路
★ 門檻式秘密分享技術
★ 節點捕獲攻擊
★ 惡意程式注入

關鍵字(英)

★ key management
★ wireless sensor networks
★ threshold secret sharing
★ node capture attack
★ malicious code injection

論文目次

1 Introduction 1
1.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Our Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Preliminary 5
2.1 Introduction to WSN . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 System model . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Hierarchical WSN architecture . . . . . . . . . . . . . . . . . 5
2.1.3 Distributed WSN architecture . . . . . . . . . . . . . . . . . . 6
2.2 Security Threats to WSN . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 Secret Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.1 (n, n) secret sharing . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.2 Shamir’s (t, n) threshold secret sharing . . . . . . . . . . . . . 8
3 Related Work 11
3.1 Review of Secret Sharing Based Key Management Scheme . . . . . . 11
3.1.1 Introduction to secret sharing based key management scheme 11
3.1.2 Attack model . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1.3 Review of Hu et al.’s hierarchical SSKM scheme . . . . . . . . 12
3.1.4 Security analysis . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.5 Performance analysis . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Review of Software-based Attestation Scheme . . . . . . . . . . . . . 16
3.2.1 Introduction to software-based attestation scheme . . . . . . . 16
3.2.2 Security threats of malicious code injection . . . . . . . . . . 18
3.2.3 Review of Yang et al.’s distributed software-based attestation
scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4 The Proposed Group-based SSKM Scheme via Local Attestation 22
4.1 On the Weakness of Hu et al.’s Hierarchical SSKM Scheme . . . . . . 22
4.1.1 Security analysis . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2 The Proposed Group-based SSKM Scheme via Local Attestation . . . 23
4.2.1 Attack model . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2.2 Description of the proposed scheme . . . . . . . . . . . . . . . 25
4.2.3 Security analysis . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.2.4 Performance analysis . . . . . . . . . . . . . . . . . . . . . . . 30
4.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5 Conclusion 34
5.1 Brief Review of Main Contributions . . . . . . . . . . . . . . . . . . . 34
5.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

參考文獻

[1] T. AbuHmed, N. Nyamaa, and D. Hyang, “Software-Based Remote Code Attestation
in Wireless Sensor Network,” Proc. of 28th IEEE Conference on Global
Telecommunications - GLOBECOM ’09, pp. 1–8, 2009.
[2] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “Wireless sensor
networks: a survey,” IEEE Communications Magazine, pp. 393-422, 2002.
[3] M. Bertier, A. Mostefaoui, and G. Trédan, “Low-Cost Secret-Sharing in Sensor
Networks,” Proc. of 12th IEEE International Symposium on High Assurance
Systems Engineering - HASE ’10, pp. 1–9, 2010.
[4] C. Castelluccia, A. Francillon, D. Perito, and C. Soriente, “On the Difficulty
of Software-based Attestation of Embedded Devices,” Proc. of 16th ACM Conference
on Computer and Communications Security - CCS ’09, pp. 400–409,
2009.
[5] A. Chadha, Y. Liu, and S. K. Das, “Group Key Distribution via Local Collaboration
in Wireless Sensor Networks,” Proc. of 2nd Annual IEEE Communication
Society Conference and Networks - SECON ’05, pp. 46–54, 2005.
[6] A. K. Das, “A Key Establishment Scheme for Mobile Wireless Sensor Networks
Using Post-Deployment Knowledge,” International Journal of Computer
Networks and Communications, Vol. 3, No. 4, 2011.
[7] Datasheet of the mica2 wireless measurement system, Crossbow Technology,
2007. Available at
http://www.xbow.com
[8] W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions
on Information Theory, Vol. 22, No. 6, pp. 644–654, 1976.
[9] A. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard-
Architecture Devices,” Proc. of 15th ACM Conference on Computer and Communications
Security - CCS ’08, pp. 15–26, 2008.
[10] J. Hu, E. Bai, and Y. Yang, “A Novel Key Management Scheme for Hierarchical
Wireless Sensor Networks,” Proc. of 12th IEEE International Conference on
Communication Technology - ICCT ’10, pp. 526–529, 2010.
[11] C. Hartung, J. Balasalle, and R. Han, “Node Compromise in Sensor Networks
: The Need for Secure Systems,” Technical Report CU-CS-990-05, Department
of Computer Science University of Colorado at Boulder, 2005.
[12] P. Hämäläinen, M. Kuorilehto, T. Alho, M. Hännikäinen, and T. D.
Hämäläinen, “Security in Wireless Sensor Networks: Considerations and Experiments,”
Proc. of 6th International Workshop on Systems, Architectures,
Modeling, and Simulation - SAMOS ’06, LNCS 4017, pp. 167–177, Springer,
2006.
[13] J. Heide, Q. Zhang, and F. H. P. Fitzek, “Selecting Optimal Parameters of
Random Linear Network Coding for Wireless Sensor Networks,” Proc. of 78th
Vehicular Technology Conference - VTC ’13, pp. 1–6, 2013.
[14] D. Liu and P. Ning, “Establishing Pairwise Keys in Distributed Sensor Networks,”
Proc. of 10th ACM Conference on Computer and Communications
Security - CCS ’03, pp. 52–61, 2003.
[15] C. S. Laih, M. K. Sun, C. C. Chang, and Y. S. Han, “Adaptive key predistribution
model for distributed sensor networks,” IET Communications, Vol.
3, No. 5, pp. 723–732, 2009.
[16] T. Park and K. G. Shin, “Soft Tamper-Proofing via Program Integrity Verification
in Wireless Sensor Networks,” IEEE Transactions on Mobile Computing,
Vol. 4, No. 3, pp. 297–309, 2005.
[17] R. L. Rivest, A. Shamir, and L. M. Adleman, “A Method for Obtaining Digital
Signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol.
21, No. 2, pp. 120–126, 1978.
[18] A. Seshadri, A. Perrig, L. V. Doorn, and P. K. Khosla, “SWATT SoftWarebased
ATTestation for Embedded Devices,” Proc. of IEEE Symposium on Security
and Privacy - SP ’04, pp. 272–282, 2004.
[19] A. Seshadri, M. Luk, A. Perrig, L. V. Doorn, and P. K. Khosla, “SCUBA:
Secure Code Update By Attestation in sensor networks,” Proc. of 5th ACM
Workshop on Wireless Security - WiSe ’06, pp. 85–94, 2006.
[20] A. Seshadri, M. Luk, and A. Perrig, “SAKE: Software Attestation for Key
Establishment in Sensor Networks,” Proc. of 4th IEEE International Conference
on Distributed Computing in Sensor Systems, LNCS 5067, pp. 372–385, 2008.
[21] A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 22,
No. 11, pp. 612–613, 1979.
[22] M. Shaneck, K. Mahadevan, V. Kher, and Y. Kim, “Remote Software-Based
Attestation for Wireless Sensors,” Proc. of ESAS ’05, LNCS 3813, pp. 27–41,
Springer, 2005.
[23] D. Spinellis, “Reflection as a Mechanism for Software Integrity Verification,”
ACM Transactions on Information and System Security, Vol. 3, No. 1, pp. 51–
62, 2000.
[24] Trivial secret sharing. Available at
http://en.wikipedia.org/wiki/Secret_sharing
[25] Y. Yang, X. Wang, S. Zhu, and G. Cao, “Distributed Software-based Attestation
for Node Compromise Detection in Sensor Networks,” Proc. of 26th IEEE
International Symposium on Reliable Distributed Systems - SRDS ’07, pp. 219–
230, 2007.
[26] F. Ye, H. Luo, S. Lu, L. Zhang, “Statistical En-route Filtering of Injected False
Data in Sensor Networks,” IEEE Journal on Selected Areas in Communications,
Vol. 23, No. 4, pp. 839–850, 2005.
[27] W. Zhang, S. Zhu, and G. Cao, “Predistribution and Local Collaboration-based
Group Rekeying for Wireless Sensor Networks,” Ad Hoc Networks, Vol. 7, No.
6, pp. 1229–1242, 2009.
[28] Y. Zhang, C. Wu, J. Cao, and X. Li, “A Secret Sharing-Based Key Management
in Hierarchical Wireless Sensor Network,” International Journal of Distributed
Sensor Networks, Vol. 2013, pp. 1–7, 2013.
[29] S. Zhu, S. Setia, and S. Jajodia, “LEAP: Efficient Security Mechanisms for
Large-Scale Distributed Sensor Networks,” Proc. of 10th ACM Conference on
Computer and Communications Security - CCS ’03, pp. 62–72, 2003.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2014-11-26

推文