Research On The Key Technologies For Security Of Wireless Sensor Networks

Title: Research on the key technologies for security of wirelesssensor networksWireless sensor networks (WSNs) is a kind of wireless Ad Hoc network composed of a large number of sensor nodes. They are widely applied both in military and civil fields such as traffic management, environment monitor, building security, medical and healthy treatment, military surveillance, etc. However, there are still many problems, which need be further studied like routing protocols, localization service, network security, etc. This dissertation focuses on the security of wireless sensor networks, involving the key management, public key authentication, secure localization service, intrusion detection and response of WSNs (or wireless sensor and actuator network). The main parts of this dissertation are as follows:1．The key management of wireless sensor networksBecause of the properties of WSNs (e.g. wireless Ad Hoc communication, resource constraint, etc), traditional key management schemes like certification authority (CA), key distribution center (KDC), etc, cannot be instantly deployed in WSNs. Therefore, key management is becoming the hot topic of research in WSNs. At present, the key management of WSNs mainly uses the schemes based on random key predistribution model. However, these schemes cannot solve the problem between the network security and connection. Even the improved location-based key management schemes either destroy the properties of WSN like random deployment of sensor nodes or decrease the feasibility of schemes, because these schemes need preknow the sensor deployment knowledge or need help by extra tamper-resisted configure servers. To solve these problems, this dissertation proposes a ring domain and random key predistribution-based key management scheme. In the scheme, deployed sensor nodes, according to their location, firstly get the subset of random number keys, which were broadcasted by base station with different power; then derive the keys by hashing the random number key subset and preloaded original key subset; and last find the shared derived keys between nodes by secure approaches and build the secure links. In addition, this part of dissertation also discusses the problems such as how to keep network scalability, how to build the pairwise key between new nodes and the other nodes, and how to revoke key conveniently. By theoretical and experimental analysis, the ring domain-based scheme has better performances on security (e.g. resistance on node compromise) and connection, compared with q-composite random key predistribution scheme. Moreover, it need not preknow the deployment knowledge of sensor nods or the help of other tamper-resisted servers, compared with these location-based key management schemes. Also, the scheme has no influence on scalability of WSN and can distribute/revoke keys conveniently.2．The public key authentication scheme on wireless sensor and actuator networksThe public key cryptography (PKC) has been proved to be able to be applied in memory-constrained sensor nodes and has nice properties like the scalability, distributive management and resilience for large-scale wireless sensor and actuator networks (WSANs). In order to prevent the man-in-the-middle attack, the public keys of nodes in WSAN must be authenticated with each other before communication. Compared with RSA algorithm and ECC algorithm, using Merkle tree to authenticate the public key can reduce computation cost, communication overhead and therefore save energy consumption of WSAN. In order to reduce the risk of building Merkle tree after deployment and to decrease resource consumption, we pre-build the actor Merkle tree and sensor Merkle forest, according to their location deployment knowledge. In addition, this scheme also supports to build Merkle tree for these missed sensors after deployment and trade off the communication overhead and memory consumption of nodes by using the node heterogeneity of WSAN.3．Secure localization service for wireless sensor and actuator networkThe need for efficient and secure localization service is an important issue in a scalable self-organizing network. When wireless sensor and actuator networks (WSANs) deployed in unprotected or hostile environment, attackers may start up all kinds of location attacks like tampering the positions of sensor nodes, tempting actors to not react to received information, collecting the position information of actors for physical attacks, etc. In this part of dissertation, from economy, convenience, and security point of view, we propose a novel approach (SerLoc) to secure localization for WSANs, according to the nature of WSAN (e.g. heterogeneous nodes, location privacy of actor, etc). After passively receiving authentication messages and minimum hop numbers from unknown sensor nodes, these nearby actors distributively compute these sensors' location by actor-actor coordination and maximum likelihood estimators (MLE). By filtering inaccurate/false localization information, the SerLoc localization scheme can prevent these location attacks and improve the accuracy of localization. In addition, we also propose the voting-based location verification scheme and discuss these defense ways. This verification scheme can not only effectively decrease the success probability of attack, but also tolerate attacks to some extent. Theoretical and experimental analysis show that SerLoc scheme is robust against location attacks and against other attacks like (wormhole attacks, Sybil attacks), etc. Also, compared with other infrastructure-centric localization schemes, SerLoc scheme is energy saving, economical and secure by fully using the features of WSAN.4．lntrusion detection and response model in wireless sensor networkIntrusion detection system (IDS) is usually regarded as the second layer of secure defense of network. However, few papers have proposed the intrusion detection and response architecture except some discussions on intrusion detection schemes by using the game theory in WSN. In this part of dissertation, we propose a self-adaptive intrusion detection and response model by employing the mobile agent technology and thought of immune mechanism. We also design three kinds of agents (monitor agents, decision agents and defense agents), which are suitable to deploy in WSN. By coordinating all kinds of agents and knowledge base, the model can detect and respond to these single-point attacks, cooperative attacks and even unknown attacks. Furthermore, the model can adjust the number of agents by controlling the life period of agents according to the security situation of WSN, in order to improve the network performance. In addition, we also propose the firewall scheme and local routing restoration scheme. Theoretical and experimental analysis illustrate that the model can be deployed in WSN and can defend these known and unknown attacks effectively.