Research On Secure Routing Mechanisms For Wireless Sensor Networks

With the development of MEMS(Micro-Electro-Mechanical System),computing and wireless communication technology,various functions such as information gathering,data processing and wireless communication and so on can be integrated into sensor nodes usually with smaller volume as well as lower energy-consumption. Those nodes bring about the development of wireless sensor networks(WSNs) with broad potential application in military,smart home,medical care and many other fields.WSNs are multi-hop and self-organized wireless network systems that consist of many low-cost and resource-constrained sensor nodes through wireless communication.The purpose of WSNs is to sense the information of the monitored area and then send the information to the observer reliably.WSNs have the network characteristic of self-organization,data-centric,distributed cooperation:Sensor nodes are resource-limited on computing,storage,bandwidth and energy;For the more,they work as routers to forward neighbor nodes' data while sensing data;Those factors bring about bring about new security threats. hence,new challenges,to routing security of WSNs.The dissertation focuses on the research of secure routing mechanisms of WSNs and is outlined as the following:(1)A secure directed diffusion protocol based on random key pre-distribution model is proposed,which provides secure routing by extending the security of the directed diffusion protocol.The proposed protocol ensures the safety of routing and path reinforcement information and prevents attacker from breaking routing information and obtaining the locations of source nodes by establishing secure gradients and applying cumulative message authentication code and multilayer encryption,in which the secure gradients is established by pre-distributed keys.The security analysis shows that the proposed protocol can ensure the security of all phases of directed diffusion and provide node-to-node secure data communication,for the more,meet various applications by adjusting configuration parameters.(2)A trust-based LEACH(Low-Energy Adaptive Clustering Hierarchy) protocol. TLEACH(Trust-based LEACH) protocol,is proposed.The traditional security solutions based on cryptography and authentication can not defend against the attacks caused by internal compromised-nodes,so the TLEACH protocol against such attacks is proposed,which is an integration of a trust-management module and a trust-based routing module,in which the former is to establish trust relationships among sensor nodes and the latter is a modified version of that in the original LEACH protocol.Considering the resource-limits and security requirements of WSNs,the trust-management module applies some novel methodologies,for example. cluster-head-assisted monitoring scheme and dynamic updating-factor scheme,for behavior monitoring,trust exchange and evaluation.The trust-based routing module has the same head-election algorithm and working phases as the original LEACH protocol,but with added trust-based decision-making to provide more secure routing. Simulation results demonstrate that the TLEACH protocol can detect more sophisticated compromised-nodes and increase packet delivery ratio significantly.(3)A defense mechanism against selective forwarding attacks of WSNs is proposed,which is based on trust and multi-hop traffic verification.For basic selective forwarding attack,the proposed mechanism evaluates the neighbor nodes' trust by monitoring their data forwarding behavior,and the next hops for data forwarding are chosen by the trust for avoiding the compromised-nodes.The compromised-nodes can disturb the monitoring behavior by collusion and blind letter attacks,so that the correct trust can not be obtained,the proposed mechanism defends such attacks by multi-hop traffic verification procedure:The downstream nodes of the data forwarding path periodically send the feedback of their traffic count information to the upstream nodes,then the upstream nodes can find the collusive compromised-nodes by verifying the downstream nodes' traffic and update the downstream compromised-neighbors' trust correctly.On the other hand,as the base station is the final destination of all data,it has the most accurate data delivery information;meanwhile,the base station has stronger safety assurance than normal nodes.The proposed mechanism is to verify the traffic of the base station,thus can evaluate neighbor nodes' trust more precisely.The performance analysis and simulation results demonstrate the necessity of multi-hop traffic verification procedure and the effectiveness of the proposed mechanism in improving packet delivery ratio.