| The Internet of things(Io T), big data and cloud computing are positioned to be the three central driving forces of the prospective development of information technology. Nowadays, the IoT has been widely applied in many fields ranging from military affairs to civil life. As the core part of perceptual layer in the architecture of IoT, the security of wireless sensor networks(WSN) is directly related to the further application of IoT, and it is the key issue of both WSN and the security of IoT. Due to the openness of deployment environment, the WSN are dangerously vulnerable to many attacks including Camouflage, Black hole, Wormhole, Flood and so on. The most existing security solutions in WSN mainly depend on security routing protocols. Moreover, most security protocols are based on keys management and authentication. Therefore, the key of security route is to study the keys management scheme and authentication algorithm to satisfy the requirements of nature of WSN(dynamic topology, computing capability, energy etc.) by considering the architecture of WSN under the IoT environment. From the perspectives of keys management, authentication of nodes and security routing strategy, this thesis proposes effective sulutions to strengthen the security of route in WSN.The security of routing in WSN involves keys management, authentication, energy saving, congestion and many other factors. In current studies on routing security, there exist lots of problems such as the vulnerability of the primary keys, the inflexibility of management of cluster keys, the limitation of computing capability and energy, etc. By avoiding these problems, and satisfying the security requirements of routing(involve the layered clustered architecture and the innate features of WSN), this thesis investigates the security routing solution by combining signature and signcryption in authentication. In particular, the main contributions of this thesis are list as follows.1. Taking account of the defect that the key exposure of single key scheme in traditional WSN will completely undermine the security of the whole network, a keys agreement scheme based on Schnorr identification is provided. The main contribution of this scheme is that it enhances the security of the primary keys. It is a security multiple agreement scheme with Spin protocol as its core. The security analysis shows that the proposed scheme can not only detect faulty nodes, but also prevent security risk caused by counterfeiting nodes due to the exposure of shared key.2. The group keys management becomes extremely complex because of the dynamic changes of nodes in WSN. To solve this problem, inspired by the layered clustering-based approach, a group key management scheme based on threshold mechanism and virtual nodes for WSN is proposed. The main advantage is that the cluster keys can be recovered by secret sharing scheme of virtual nodes even a few problem nodes are existed. Security analysis and simulation experiments show that, the cluster keys can be built and recovered rapidly, and the flexibility of key management as well as the confidentiality of communications can be well preserving.3. Constrained by the computation capability of nodes, most compute intensive signature mechanisms cannot be applied to nodes authentication of WSN. To solve this problem, a computationally efficient online/offline signature scheme is proposed. The noteworthy contribution of this scheme is that the expensive operations are assigned to the offline signature stage which is equipped with sufficient resources. Security analysis and simulation experiments show that,(1) compared with other schemes, the proposed scheme leads to a lower computational complexity;(2) in the proposed scheme, only the specified verifier can verify the signed message, thus ensures the security of WSN;(3) the proposed scheme can meet the requirements of authentication with limited computation and communication resources.4. Aiming at the requirement that some nodes probably need to verify multiple signcryption from other nodes in WSN(this may lead to the signature overload), an aggregate signcryption scheme without certification is proposed by combining identity-based cryptography. The security proof of the scheme is also given. And simulation experiments show that the scheme presented here has distinct advantage in communication cost over other existing schemes.5. Most routing algorithms in traditional WSN assume that the sensor nodes are trusted, which is contrary to actual situation(hazardous and hostile environments, and the limitation of computation capability of sensor nodes). This leads to that the critical parameters of routing schemes are vulnerable to be modified or forged by the attackers. In this thesis, a secure routing scheme based on random keys pair named CR-AODV(Cross-layer Routing AODV) scheme based on the cross-layer design concept is presented. The main contribution of proposed scheme is that, the family node broadcasts the identifications of nodes which are regarded as their public keys, and then reliable secure routing is achieved based on the unique key pair associated with the peer nodes. The simulation experiments show that CR-AODV can increase the number of valid data packages, prolong the network lifetime, reduce the energy consumption, and preserve the load balance effectively.In summary, after fully analysis of the basic properties and security requirements of WSN, this thesis aims to provide a deep study about keys management and authentication to guarantee the security of routing in WSN. To achieve this goal, an efficient cluster keys management scheme which can solve exposure of the primary keys is designed; an efficient online/offline signature scheme is presented and an aggregate signcryption scheme without certification is built. And on this basis a secure routing scheme named CR-AODV is proposed for multi-hop WSN. The proposed schemes in this thesis can provide beneficial references for the study and application of routing security.
|
PDF Full Text Request