Research On Security Assurance Model And Mechanisms In Wireless Sensor Networks

Wireless sensor networks are used to inspect and collect various kinds of environmental and surveillant object information collaboratively through integrated micro sensors. They process the information using embedded system and transmit the processed data to the user terminal by wireless ad hoc network in a self-organized, multi-hop way. The logical information world and the real physical world are merged together. They change the way of people interacting with nature and have prospected applications in military, environmental science, medical and health care, space exploration and automation in industry and agriculture.However, due to wireless sensor networks usually deployed in unattended or even hostile areas, sensor nodes communicate with each other using wireless links, and the computational, storage, communication and energy capacity of sensor nodes are limited, wireless sensor networks are susceptible to various kinds of malicious attacks. This dissertation focuses on the security of wireless sensor networks in critical circumstances, such as military reconnaissance, disaster prediction and equipment monitor. A security assurance model and several security schemes are proposed in it. The proposed model includes static key management scheme, dynamic key management scheme, secure multiple deployment scheme and intrusion detection scheme, which are designed according to the types of sensor nodes and the underlying network structure. The major contributions of this dissertation are stated as follows:(1) A security assurance model is proposed in this dissertation. It includes key management schemes and intrusion detection scheme. Key management scheme works as the first barrier against the outside attacker's attack. Its major object is to provide basic technical support for secure data transmission, secure routing, entity authentication and secure multicast. Furthermore, intrusion detection scheme works as the second barrier against the insider attacker's attack. Its major object is to detect abnormal behaviors in the network effectively, such as modify message attack, selective forwarding attack, sinkhole attack, wormhole attack, hello flood attack and black hole attack etc. It enhances the security of wireless sensor network further. A solid security assurance model is provided for secure data collection and information processing by combining key management schemes and intrusion detection scheme together.(2) Static key management scheme can reduce the resource consumption of sensor nodes effectively while maintaining the security of wireless sensor networks. The proposed hexagon-based key predistribution scheme belongs to static key management schemes. It makes use of hexagon to simulate the signal propagation area and builds cell network of sensors to distribute the key polynomials. This scheme increases the probability of pair-wise key establishment and decreases the cost of key establishment simultaneously.(3) In order to improve the connectivity and security of wireless sensor nodes among different deployment sets in static key management scheme, the secure multiple deployment scheme is proposed. This scheme selects the minimal span set of all predistributed keys by running the adaptive key selection algorithm. It can maintain the security of the network and improve the connectivity among sensors simultaneously and integrate with the existed key predistribution schemes very easily.(4) Dynamic key management scheme can avoid the influence of compromised sensor nodes to the connectivity of sensor networks. The proposed group-based dynamic key management scheme is suitable for flat wireless sensor networks. This scheme is based on the exclusive basis systems and can be implemented without the participation of base station and cluster heads. And the dynamic key update feature ensures that the security of the wireless sensor network is not influenced by the compromised sensor nodes.(5) In order to ensure the security of hierarchical wireless sensor networks, the refined key link tree based group key management scheme is proposed. By incorporating dirty key paths into the key link tree based group key management scheme and delaying the key update operations in dirty key paths, the number of duplicate key update messages for auxiliary nodes can be reduced, which also brings down the energy cost. It requires fewer rekeying messages and costs less power than those in the existing group key management schemes.(6) Working as the first barrier against malicious attacks in wireless sensor networks, key management schemes are not able to defend all of them. In order to detect attacks in wireless sensor networks effectively, the group-based intrusion detection scheme is proposed. This scheme partitions the sensor networks into many groups in which the sensors in each group are physically close to each other and are equipped with the same sensing capability. Then it detects the abnormal sensor nodes in the group using statistic based intrusion detection algorithm and segregates them from the networks. The group based intrusion detection scheme takes simultaneously into consideration of multiple attributes of the sensor nodes to detect malicious attackers precisely. Comparing with the existing schemes, this group based intrusion detection scheme can decrease the false alarm rate and increase the detection accuracy while lowering the computation and transmission power consumption.