Research On Several Key Technologies In Data Security For Distributed Wireless Sensor Networks

With the rapid development of computing, MEMS (Micro-Electro-MechanicalSystem), and wireless communication technologies make tiny sensors integrated withvarious functionalities such as information collection, storage, processing and wirelesscommunication. Wireless sensor network (WSN) are made up of these large amountsof low-cost sensor nodes deployed in the target sensing fields. These low powerconsuming sensors can establish a multi-hop and ad-hoc network infrastructure tocooperatively sense, collect and process information of the objects. The final resultsare sent back to the observers for further processing. WSN have revolutionized theway we human interact with the outside world, and they have been widely applied invarious domains such as military, agriculture and industry manufacture, environmentalmonitoring, and medical care.For data management and usage, WSN mainly adopt a centralized approach, that is,data are collected from individual sensors and transmitted back to a central location,usually the sink, for processing and maintenance. However, recent studies have foundthat this central case may suffer from many weaknesses, such as large bandwidthconsumption, single point of failure or attack lead to performance bottleneck of thenetwork, lack of actual ability to deploy, etc. These make it unsuitable for the WSNapplied in new applications.Distributed architecture has gained increasing popularity for efficient and robustdata management. However, as WSN are usually deployed in hostile environments,due to its local data storage characteristics, the adversary can easily launch variousattacks such as physical node compromises, disrupt normal traffic, insert falseinformation, and unauthorized access to the data. Not only change the networktopology and routing structure, but also affect the sensed data’s security, reliabilityand availability, and undermine the normal operation of the sensor networks.This work takes the data flowing as the main line and get a deeply study on thesecurity problem in the whole course of data storage, transmission and access indistributed WSN. The goal of this theis is to establish a basic security framework fordistributed WSN. The main results are as follows:1) for the data storage security, as sensor data are stored and maintained byindividual sensors and unattended sensors are easily subject to various unexpected security threats, including data interception, tampering, and injection.①To addressthe problems, we propose a secure data storage scheme with continuously integrityverification. Each sensor node first encodes the sensed data into a certain number (say,n) of shares with redundancy, and randomly chooses n neighbor nodes to which aunique data share is sent. The integrity of data share later can be publicly verified byall the share holders. The proposed scheme enables continuously verity the data sharesof the same data source aggregated on the neighbor nodes in one execution timewithout the need of holding original data. Analysis shows that the proposed schemehas strong resistance against data tempering and collusion attacks while introduce lowcommunication and storage overhead.②On this basis, we further propose anadaptive data storage scheme, which achieves tunable data storage according todifferent network topology and security requirement. Furthermore, we design anefficient data retrieval procedure, which greatly reduces the communication andcomputation cost. Analysis and evaluation show that the proposed scheme have a niceperformance under node compromise attacks, Byzantine failures and data pollutionattacks, and ensure data availability and reliability.2) For the data transmission security, existing cryptographic-based securitysolutions incur higher computational complexity, and have to store huge number ofkeys, which brought many unsatisfied limitations in key management and keydistribution process. Therefore, they are ineffective in addressing node capture attacks.According to the influence size, node capture attacks can be separated into randomlynode capture attacks and regional node capture attacks.①To solve random nodecompromise attacks, we propose an multipath-based incremental redundancytransmission scheme. In the proposed scheme, the data is encoded in (n, k) RS codeand transmitted through multiple node-disjoint paths towards to destination. To reducethe transmission cost, the redundant symbols are transmitted only if the destinationfails to decode the data. Experiments results show that the proposed scheme caneffectively defense the node capture attacks with a relatively lower node compromisedprobability.②To solve regional attacks, we develop a randomized multipath routingmechanism to address the problem. For a particular source node, each data deliveryphase will regenerate a different multipath with the considerations of the networksecurity requirements and energy performance. Experiments results show that byappropriately setting the parameters, the proposed scheme can achieve at least oneorder of magnitude of the transmission reliability compared to the deterministiccounterparts. 3) For the data access security, since sensor nodes have limited resources, frequentdecryption of data will deplete node’s energy, leading to the premature death of nodesand eventually shorted the lifetime of the network. Depending on the distinct ofprotection objects, the data access security can be regarded as the security of accessobject and the security of access subject.①In the former case, we propose an accesscontrol mechanism based on the feature expression of data. Data is divided intovarious features, and the encryption key is associated with a specific featureexpression. Each user is preassigned one or several keys to decrypt the interested data.The use of key-related query policy can determine the legitimacy of the user.Furthermore, the proposed scheme can effectively support user revocation. Thus, itcan achieve refined data access control. Security analysis and evaluation demonstratethat the proposed scheme has good resistance to node compromise attacks andcollusion attacks.②In the latter case, we proposed a certificate-based data accessscheme so that the sensed data are only accessible to users whom have certificate, theuse of proxy blind signature in certificate generation ensures that certificate arepublicly verifiable while unlinkable to user identities, so privacy preserving access isachieved. To further prevent malicious users from misusing certificate. We propose asuite of techniques for credential-misusing detection. Security analysis andexperiments results demonstrated that the proposed scheme can balance thecommunication and storage overhead with certificate detection probability.In summary, we give a comprehensive study to the data security in distributedwireless sensor networks by considering several key problems such as data storage,transmission and retrieval. We take advantage of the inherent characteristics andattributes of sensor nodes, and design reasonable solutions according to differentsecurity requirements and applications. The proposed schemes can effectively dealwith different kinds of attacks. Therefore, we provide a new way in securing thedistributed sensor networks and help it will promote the practical application in thenear future.