Research On Key Management And Secure Data Aggregation Technologies In Wireless Sensor Networks

Recently, with the rapid development of wireless communication, embedded computing and microelectronics techniques, Wireless Sensor Networks(WSNs) are attracting more and more attention. As the bridge between the physical world and the information world, WSNs can be widely used in many fields, such as environment monitoring, health care and military defense. However, WSNs suffer various security threats and challenges, due to the characteristics of wireless communication, constrained resource, unattended operation manner and the absence of fixed infrastructure. Whether WSNs can be widely applied depends on its ability to provide secure and reliable service for the users. Hence, how to guarantee the security of WSNs is a non-negligible research field, which has important theoretical and practical significance.The dissertation studies the security techniques of WSNs mainly from two aspects, which are key management and secure data aggregation. On one hand, aiming at the problems of high communication overhead, high memory occupation, low connectivity and poor resilience against node capture, which existing in the traditional key pre-distribution techniques while applying to the large scale WSNs, Based on concise and efficient public key cryptography, we study the pairwise key management techniques for large scale WSNs. On the other hand, aiming at the conflicts between in-network data aggregation and security, based on privacy homomorphic and aggregate message authentication code, we study the secure data aggregation techniques, in order to preserving the privacy and integrity during data aggregation. In addition, most of the performance and security evaluations of algorithms are limited to theoretical analysis. There are few prototype implementation and practical performance data based on specific sensor nodes. Aiming at the problem that the current performance evaluation tools for security algorithms of WSNs are not self-contained, we combined a variety of network simulation tools and performance analysis tools to construct the simulation experimental platform, and study the methods of performance and security evaluation for security protocols of WSNs.The main contributions of this dissertation are as follows:First, an identity-based key agreement scheme for WSNs named IBKAS is proposed. This scheme provides identity authentication and implicit key authentication through encrypting the key agreement parameters using identity-based encryption. It can be used to key agreement, rekeying and key revocation for large scale WSNs. The security of IBKAS is formally proved in the random oracle model, and the heuristic security analysis is demonstrated. The security poof and analysis indicate that IBKAS not only meets the basic security requirement of authenticated key agreement scheme, but also can resist man-in-the-middle attacks, replay and node-capture attacks, and provides the PKG-forward security(i.e. no key escrow). Compared with the same type of schemes, IBKAS is much more efficient. Furthermore, the prototype of IBKAS is implemented based on the TinyOS platform, and its performance deployed on the MICA2 motes is evaluated. The experiment results demonstrate that IBKAS is feasible for infrequent key distribution and rekeying for large scale WSNs.Second, an identity-based authenticated key agreement scheme for WSNs named TinyIBAK is proposed. This scheme, which provides identity authentication and key confirmation, can be used to key agreement, rekeying and key revocation for large scale WSNs. The security of TinyIBAK is formally proved in the random oracle model, and the security properties which are not covered by the security model are analyzed using heuristic methods. Furthermore, the proposed scheme is simulated and validated using formal security validation tool AVISPA. All these security analysis demonstrate that TinyIBAK is strongly secure against the passive and active attacks. In order to evaluate the performance and feasibility of the proposed scheme, the prototype of TinyIBAK is implemented, and the node-level and network-level experiments are designed based the TinyOS platform. The experimental results indicate that TinyIBAK consumes an acceptable amount of resources, and is feasible for infrequent key distribution and rekeying in large scale sensor networks. Compared with the traditional key pre-distribution schemes, TinyIBAK achieves significant improvements in terms of security strength, key connectivity, scalability, communication and storage overhead, and enables efficient secure rekeying. Compared with other ID-based key agreement approaches, TinyIBAK is much more efficient or comparable in performance but provides rekeying.Third, a revocable privacy-preserving integrity-assured data aggregation scheme named RPIDA is proposed based on privacy homomorphism and aggregate message authentication code techniques, aiming at achieving privacy-preserving and data integrity simultaneously for the data aggregate pattern in WSNs. This scheme provides two special functionalities. Firstly, the based station can recover each sensing data collected by all sensors even if these data have been aggregated by aggregators. Secondly, the base station can perform any aggregation functions over the collected data. The security analysis indicate that the proposed RPIDA scheme can ensure the end-to-end privacy and integrity of sensing data and aggregated data, resist the aggregator compromise attack and the unauthorized aggregating attack, detect and localize the malicious node, and limit the malicious behavior into a certain range. In order to evaluate the performance and feasibility of the proposed RPIDA, an prototype of the proposal is implemented based on the TinyOS platform, and its performance deployed on the MICA2 motes is evaluated in terms of energy consumption, executing time and memory occupation. The experimental results indicate that RPIDA can achieve the data confidentiality and integrity simultaneously during the process of data aggregation, with reasonable low resource consumption. Compared with the existing schemes, the proposed RPIDA has remarkable advantage in terms of computation and communication overhead.Forth, a performance evaluation and validation platform for WSNs, named WSNs-PEV, is constructed, and a new performance evaluation model is proposed based on the WSNs-PEV platform. Moreover, a memory analysis tool, named MSeeker, is designed for precise memory measurement. Combined with the proposed performance evaluation model and Mseeker, the WSNs-PEV platform supports fine-grained simulation for WSNs network environment, and enables high-accuracy measurement for the performance of communication, computing and storage of the WSNs protocols. Furthermore, the platform also supports security validation for the WSNs protocols through formally security analysis. Using the WSNs-PEV platform, we developed the prototype implementation of the proposed security schemes, i.e. IBKAS, TinyIBAK, RPIDA, and evaluated the performance such as the time, energy and memory occupation based on the MICA-family hardware platform.