Research On Security Technologies For Wireless Sensor Networks

Wireless sensor networks, which can be tasked with a target monitoring or tracking missionin various complicated environments, are guiding a revolution of sensing and gatheringinformation, and have a bright future in a wide range of fields.Wireless sensor networks are vulnerable to various types of security threats and pose uniquechallenges to security techniques due to many factors such as deployment in unattendedenvironments, broadcast nature of the unreliable wireless channel, larger scale and multi-hopnetworking property in an ad hoc fashion, special data-centric traffic flow model, inter-nodeunconditional collaborative and trust relationship, and severe resource constraints etc. Therefore,the key issue in further widely application of wireless sensor networks is how to giveconsideration to both availability and security for wireless sensor networks.Aiming at this problem and taking into account the deep application-embeddedcharacteristic, the research work of this dissertation is focused on providing appropriate securitymeasures for wireless sensor networks. The main contributions of this dissertation are:1. Due to the diversity and complexity of wireless sensor networks applications, most existingresearch work can not help application designers to choose or develop appropriate securitymechanisms for their application. So, an application-driven designing approach of securitymechanisms is proposed in this dissertation, which emphasizes it important to an effectivesecurity realization in wireless sensor networks that the determination of the level of securityand refining attacks set should based on consideration to both appropriate system securityrequirements for specific application and detailed security objective based on attackersbehavior analysis and the selection and design of the security mechanism should also bereasonable.2. Considering highly resource constrained, especially more stringent energy constrainedsensor nodes, research on appropriate security schemes has a strong practicability forwireless sensor networks. Based on trusted nodes, an appropriate security scheme forwireless sensor networks has been proposed. The scheme includes designing trusted sensornodes, in which it is pointed out that sensor nodes based on security co-processor designinghave anti-tamper ability in some degree, and then proposing a simple and effective one-hopcluster key pre-distribution strategy, and putting forth a lightweight trust relationshipestablishment mechanism among neighboring nodes, which all can suit well to the resourceconstrainedproperty of wireless sensor networks.3. This dissertation presents a collaborative neighbors based algorithm for masqueraderdetection and identification. In this algorithm, nodes can use initiative or slave alarm rules todetect a masquerade attack and can identify the masquerader based on collaborativeneighbors with volunteer rule of suspect set forwarding.This algorithm can work without theneed of any underlying routing protocols and global topology information, and theidentification process does not rely on any cryptographic algorithms. Theoretical analysis shows that, when higher density in local area networks, this algorithm has a property of lowleak rate and high success identification rate. Simulation analysis shows that, compared withsimplicity algorithm, our algorithm reduces averagely 25.8% leak rate and improvesaveragely 45.5% success identification rate with only introducing additional 1.19 sendingpackets per neighbors.4. By introducing two concepts of node's convergence degree and local convergence degree asa capability measure of node in routing path, a novel detection strategy of sinkhole attackpoint based on first choice father's local convergence degree is proposed. Without anycryptographic algorithms and additional communication cost, the strategy is suitable forvarious network deployment density, different channel condition and attack power. And thestrategy, which does not rely on any routing protocol, is a general sinkhole attack detectionstrategy.5. A newly simple lightweight selective forwarding attack defense strategy is proposed. Basedon a (T,N) threshold secret sharing, each node needs to send to base station only one shareof event sensing data, which can be generated by simple polynomial evaluating. In thedelivery process, a simple dynamic individual path routing protocol, as far as possible,makes related data share transfer dispersed, it can better resist the destruction of packet losscaused by selective forwarding attacks and provide a security guarantee of reliabletransmission.