CN102883314B - Defense method for low-rate dormancy refusal attack of WPAN beacon broadcast - Google Patents

Abstract

The invention provides a defense method for low-rate dormancy refusal attack of WPAN (Wireless Personal Area Network) beacon broadcast. According to the method, a coordinator in the WPAN periodically sends beacon frames in a 'super frame' structure manner so as to regulate the communication with nodes of a synchronization network; and the nodes in the synchronization network determine the 'super frame' structure of a corresponding node according to the information of the beacon frames. According to the invention, the ratio of the length of an active period of each 'super frame' to the length of the whole 'super frame' period serves as duty cycle; a threshold value is set according to the possible maximal duty cycle of the normal beacon during the network operation process; the nodes in the network are used for calculating the ratio of the length of the active period of the currently received beacon frame to the length of the whole super frame period, when the ratio is smaller than the threshold value, the beacon is judged as an attack beacon and is discarded; and the maximal duty cycle of the normal beacon frame during the network operation is determined according to maximal service quantity, time delay and the like, so that the threshold value is determined. The method provided by the invention can effectively avoid dormancy refusal attack through simple calculation and comparison, basically not increasing extra energy expense.

Description

The defence method of the low rate refusal dormancy attack of Wireless Personal Network beacon broadcast

Technical field

The present invention relates to the mechanics of communication of Wireless Personal Network (WPAN), the defence method that the low rate refusal dormancy being specially a kind of Wireless Personal Network beacon broadcast is attacked.

Background technology

IEEE802.15.4 is IEEE802.15 the 4th task groups is the standard formulated for Wireless Personal Network (WPAN, the i.e. abbreviation of Wireless Personal Area Network), has low energy consumption, low complex degree, the feature of low cost.Because these features meet the abbreviation of WSN(wireless sensor network, i.e. wireless sensor network) application demand, so the present communication standard that all it can be used as of a lot of mechanism.The same with all wireless networks, the wireless network meeting IEEE802.15.4 also easily suffers interference attack, keeps out of the way attack etc.

IEEE802.15.4 agreement design in just by security consideration interior.According to different application demands, 802.15.4 can provide three level security mechanism to carry out the safe transmission of protected data in MAC layer, is respectively without safe mode, ACL pattern, AES encryption pattern.These security services are optional, and high-level user can determine concrete security mechanism according to demand.

But these basic security strategies of IEEE802.15.4 also exist a lot of leaks in IV management, key management, data integrity protection, be easily subjected to same random number and attack (same-nonce attack), reset to protect and attack (repaly-protection attack), ACK attack.The more important thing is, the security mechanism that IEEE802.15.4 agreement carries can only provide the certification to data, does not pay close attention to the certification of beacon broadcast.

Under beacon patterns; the abbreviation of IEEE802.15.4 beacon broadcast mechanism and GTS(Guaranteed Time Slot; i.e. guaranteed time slot) although the guarantee of distribution mechanism to network performance has crucial effect; but also there are potential security breaches; such as beacon broadcast leak; GTS distributes leak, PANID(Personal Area Network IDentity territory net Identity Code) conflict protection leak.

Some researcher proposes the abbreviation based on RSSI(ReceivedSignal Strength Indicator, i.e. Received signal strength indicating device) attack detecting of signal and defence method, its basic thought is that the sensor node being positioned at diverse location can be distinguished by RSSI signal strength signal intensity, F.Amini etc. propose the defence method based on RSSI under beacon enable mode, but when malicious node clutch method nodal distance is closer time, be then difficult to the RSSI distinguishing malicious node and legitimate node.

EAP-Sens uses EAP algorithm to produce shared key, provides certification and the key management of device id.But in the data transmission security ensureing equipment and telegon, EAP-Sens have employed the security mechanism that IEEE802.15.4 carries, and this just means still there is the safety problem identical with IEEE802.15.4 agreement.

Security protocol SPINS, TinySec and MiniSec of current link layer, when considering the energy constraint of wireless sensor network, provide certification and the confidentiality of data at link layer.But after assailant penetrates into network internal, these agreements just fail.Even without this shortcoming, these security protocols can not be used in the enable IEEE802.15.4 network of beacon, because the enable 802.15.4 network of beacon not only needs data authentication, also need to ensure control message, as the safety of beacon frame.And traditional data authentication technology can not directly apply to the certification of beacon broadcast.

Summary of the invention

The technical problem to be solved in the present invention be to provide a kind of Wireless Personal Network beacon broadcast low rate refusal dormancy attack defence method, this method allow node to the beacon frame received according to setting threshold value differentiate and filters attack beacon.

In Wireless Personal Network, telegon connects each node device, and IEEE802.15.4MAC layer utilizes " superframe " mechanism to realize the synchronous of net interior nodes.Telegon periodically sends the communication between broadcast packet beacon frame specification and Synchronization Network interior nodes.Beacon frame sends with " superframe " structure, and " superframe " structure comprises two periods, and one is active period, and for sending beacon frame and data communication, another is the inactive period.Net interior nodes equipment, after receiving the beacon frame from telegon, according to " superframe " structure of this node of format of the beacon frame of telegon, namely determines that this node enlivens work in which period, and which enters the dormancy that low power consumpting state saves energy the period.

In " superframe " mechanism of IEEE802.15.4, have two key parameters, one is the transmission interval that the length BO of " superframe ", BO determine beacon frame; It two is the length SO of active period in " superframe ".The span of BO and SO is 0 ~ 14, SO≤BO, when SO=BO represents that " superframe " does not arrange the inactive stage.

Telegon is determined and is informed the value of other node devices BO and SO in net by beacon frame.The length BI of " superframe " of each node device and the length SD of active period calculates by as shown in the formula (1) and formula (2).

BI=aBaseSuperframeDuration*2 ^BO,0≤BO≤14 (1)

SD=aBaseSuperframeDuration*2 ^SO,0≤SO≤BO≤14 (2)

In formula, aBaseSuperframeDuration is 960 symbols, and each symbol is 4 bits; BO and SO is according to data message value in the beacon frame of the telegon received.

In the beacon broadcast mechanism of IEEE802.15.4 agreement, node device in net does not carry out certification to received beacon, just detect the code (PAN ID) of the telegon in beacon, if the PAN ID in the beacon frame of current reception is identical with initial, " superframe " structure of this node is then arranged according to the relevant parameter in this beacon frame, namely the length SD of the length BI of " superframe " of this node and " superframe " middle active period is arranged, also just determine the period of node inactive phase thus, node transfers park mode to save energy in its inactive phase.

Malicious attacker sends a beacon frame forged to net interior nodes, SO is wherein strengthened, is set to the value close with BO, receive the node that this forges beacon, arrange SD and BI in this node " superframe " close by it, namely this node is in active state in nearly all period, cannot enter resting state, the energy of node will be exhausted rapidly, and namely this refuse dormancy and attack.

The beacon frame that malicious attacker is forged is compared with normal beacon frame, and just BO with SO two optimum configurations are wherein different.And after receiving the normal beacons from telegon, sending the beacon frame of forgery immediately at every turn, all nodes in malicious node communication range cannot enter low power consumpting state.This refusal dormancy based on beacon broadcast is attacked has low attack rate, disguised strong, the feature such as harmfulness is large, existingly all effectively cannot defend it based on defense mechanisms such as flow monitorings.

The defence method that the low rate refusal dormancy of the Wireless Personal Network beacon broadcast of the present invention's design is attacked is: with the ratio of active period length in each " superframe " and whole " superframe " Period Length for duty ratio, the maximum duty cycle that may occur in normal beacons in running by network arranges threshold value, net interior nodes calculates the length of active period and the ratio of whole " superframe " Period Length in current received beacon frame, compare with threshold value, when above-mentioned calculating gained ratio is less than threshold decision, it is attack beacon, make discard processing, not according to " superframe " parameter of this node of information updating wherein.

Attack to resist refusal dormancy, introduce IO parameter, and get the threshold value that its minimum value judges as duty ratio, it is defined as follows:

IO=BO-SO (3)

The length SD of each " superframe " middle active period that nodes arranges according to BO and SO of beacon frame and whole " superframe " Period Length BI, the ratio of the two is its duty ratio DC, and convolution (1) and (2) duty ratio DC represent such as formula (4):

$\mathrm{DC}=\frac{\mathrm{SD}}{\mathrm{BI}}=\frac{{\mathrm{aBaseSuperframeDuration}*2}^{\mathrm{SO}}}{\mathrm{aBaseSuperframeDuration}*2^{\mathrm{BO}}}=2^{\mathrm{SO}-\mathrm{BO}}---\left(4\right)$

Then obtain IO as the formula (5) thus:

$\mathrm{IO}=\log \frac{1}{\mathrm{DC}}---\left(5\right)$

From formula (5), IO is directly determined by duty ratio.The setting of duty ratio is very large for the impact of network performance.If duty ratio arranges too little, then may cause larger time delay and application demand can not be met; And if duty ratio arranges too large, then node may be caused to be in idle listening state for a long time increases energy consumption.And energy consumption and time delay are all very important performance index in WSN.So at the beginning of network foundation, all according to concrete application demand, as a duty ratio is determined in traffic carrying capacity, time delay restriction etc., balance can be made between time delay and energy consumption.Some application also may regulate duty ratio according to the change of traffic carrying capacity etc.So duty ratio DC can be expressed as one limit by the traffic carrying capacity b of embody rule, time delay the function that D, the transmission time of data in GTS time slot (being determined by SD) and message transmission rate really wait decision jointly.In order to save energy as far as possible, according to possible traffic peak b _max, tolerable maximum delay D _min, the transmission time of data in GTS time slot and message transmission rate determine the maximum duty cycle DC that may occur in normal beacons frame in running at network _max, can determine according to formula (5) the minimum IO that network may occur in normal beacons frame in running thus _min, and threshold value when it can be used as this defence method to filter, that is: net interior nodes is after receiving beacon frame, according to BO in the beacon frame be currently received _nowand SO _nowvalue calculate IO _now,=BO _now-SO _now, and itself and threshold value are contrasted, if find IO _now<IO _min, be then determined as attack beacon, make discard processing.

Such as, the determination of duty ratio DC can as the formula (6):

$\mathrm{DC}=\frac{\mathrm{SD}}{D+\mathrm{\&lambda;SD}}(\frac{b}{T_{\mathrm{data}}*C}+1)---\left(6\right)$

In formula (6), λ equals tolerable maximum delay when 1/16, D represents transfer of data, T _datarepresent the data transmission period of data in GTS time slot, determined by SD, b represents traffic carrying capacity, and C represents message transmission rate.Formula (9) represents that duty ratio limits D and SD tri-factors by traffic carrying capacity b, time delay and determines.During application, the occurrence of three is substituted into and can calculate maximum duty cycle DC _max, thus obtain threshold value IO _min.

Compared with prior art, the advantage of the defence method of the low rate refusal dormancy attack of Wireless Personal Network beacon broadcast of the present invention is: 1, for IEEE802.15.4 agreement beacon broadcast leak, introduce parameter duty ratio and threshold value, by simply calculating and multilevel iudge, just effectively can filter the broadcast packet that refusal dormancy is attacked, thus avoid being subject to this attack; 2, the energy consumption of node calculate threshold value is much smaller than the energy consumption of transfer of data, and this method does not increase extra energy expense substantially; 3, emulation experiment illustrates, the refusal dormancy that this method can stop malicious node is substantially attacked, and when there being refusal dormancy to attack, adopts the node energy consumption of this method to remain basically stable with without when attacking.

Accompanying drawing explanation

Fig. 1 is " superframe " structural representation of the defence method embodiment telegon transmission beacon frame that the low rate refusal dormancy of this Wireless Personal Network beacon broadcast is attacked;

Fig. 2 is that " superframe " that the defence method embodiment interior joint of the low rate refusal dormancy attack of this Wireless Personal Network beacon broadcast is subject to before and after refusal dormancy attack arranges schematic diagram;

Fig. 3 is the emulation topo graph of the defence method embodiment that the low rate refusal dormancy of this Wireless Personal Network beacon broadcast is attacked;

Fig. 4 be this Wireless Personal Network beacon broadcast low rate refusal dormancy attack defence method embodiment be subject to refuse dormancy attack network energy consumption comparison diagram.

Embodiment

Below the defence method embodiment that the low rate refusal dormancy describing this Wireless Personal Network beacon broadcast with reference to the accompanying drawings in detail is attacked.

In this routine Wireless Personal Network, telegon connects each node device, telegon periodically sends the communication between beacon frame specification and Synchronization Network interior nodes, beacon frame sends with " superframe " structure, " superframe " structure as shown in Figure 1, on time T axle, " superframe " comprises active period SO for sending beacon frame M and data communication and inactive period NO, and the total length of " superframe " is BO.There is " superframe " of beacon frame that (superframe spec.) territory is described in the frame structure of wherein beacon frame, wherein define the length BO of " superframe ", the length SO of active period.

Net interior nodes equipment is after receiving the beacon frame from telegon, and according to " superframe " structure of this node of format of the beacon frame of telegon, the length of whole " superframe " period of node arrangement is the length SD of the middle active period of BI and " superframe ",

BI=aBaseSuperframeDuration*2 ^BO

SD=aBaseSuperframeDuration*2 ^SO

Wherein aBaseSuperframeDuration is 960 symbols, and each symbol accounts for 4 bits.

Malicious attacker sends a beacon frame forged to net interior nodes, is set to identical with BO by SO wherein, causes refusal dormancy to attack.Receive the node that this forges beacon, arrange SD and BI in this node " superframe " close by it, namely this node is in active state in all periods, cannot enter resting state.Figure as upper in Fig. 2 is depicted as " superframe " structure of node arrangement under normal circumstances, comprise active period SD and the inactive period ND of beacon frame m and data communication, the total length of " superframe " is BI, and Fig. 2 figure below is depicted as " superframe " structure being subject to refusing node arrangement when dormancy is attacked, SD and BI is almost equal, there is not ND.

This example is low traffic network, its traffic peak b _maxfor 1Kbits, the maximum delay D of permission _maxbe 3 seconds, data rate C=250Kbps.By existing result of study in the network that traffic carrying capacity is lower, when to choose SO be 0 ~ 2, lower duty ratio can be maintained when meeting delay requirement.This routine parameter SO is set to 2, SD=960*4*2 ².When network is set up, if network bandwidth 10M, then T _datafor 40s, if λ is 1/16, according to following formula determination maximum duty cycle DC _maxbe 3.88%,

$\mathrm{DC}=\frac{\mathrm{SD}}{D+\mathrm{\&lambda;SD}}(\frac{b}{T_{\mathrm{data}}*C}+1)$

Therefore

${\mathrm{IO}}_{\min }=\log \frac{1}{{\mathrm{DC}}_{\max }}=\log \frac{1}{0.04}=4.66\&ap;5$

In present networks, each node is by IO _minas the threshold value of this defence method.In network operation process, node is according to BO in the beacon frame be currently received _nowand SO _nowvalue calculate IO _now,=BO _now-SO _now, itself and threshold value 5 are contrasted, if find IO _now<5, be then determined as attack beacon, abandoned, and upgrades the arrangement of this node to " superframe " not according to it, thus avoid being subject to refusal dormancy attack.

The emulation topo graph of the experiment of this example as shown in Figure 3, is star topology.Be provided with 5 nodes in topology altogether, one of them telegon n0, attack node n1, three task nodes n2, n3 and n4 for one.Telegon and attack node are FFD equipment (Full Functional Device complete function equipment), and three task nodes are RFD equipment, and wherein task node n2 and n4 can send data to telegon, thus form two ftp flows.Routing Protocol adopts AODV.In emulation other key parameter arrange as shown in table 1.In order to make the effect of emulation more obvious, wherein the setting of power consumption with reference to the parameter of CC2420 chip and the result after amplifying on year-on-year basis.

Table 1 simulation parameter is arranged

In order to maximize the effect of attack, in the beacon that this experimental challenge node n1 forges, BO and SO value is all set to 6.Threshold value IO in defence method _minbe 5 by above-mentioned calculating and setting.In telegon n0 normal beacons, BO and SO two parameters are set to 6 and 1 respectively.

Fig. 4 is the energy consumption comparison curve of the simulation experiment result, and abscissa is time T, ordinate is energy consumption J, because by before and after attack, the energy ezpenditure degree of three task nodes is the same, and the energy consumption only choosing node n2 is objects of statistics.In Fig. 4, the line of ■ represents energy consumption under normal circumstances, is 22.35J after the simulation time of 200s; ● line represents by the energy consumption after attacking, and increases to 39.96J, be almost twice under normal circumstances after the simulation time of 200s; ▲ line represents and adopts after this defence method by the energy consumption after attacking, energy consumption only has a little increase, be approximately 0.09%, illustrate that the low rate refusal dormancy that this defence method is resisted in the Wireless Personal Network supporting IEEE802.15.4 is effectively attacked, too large energy penalty need not be paid.

Above-described embodiment, be only the specific case further described object of the present invention, technical scheme and beneficial effect, the present invention is not defined in this.All make within scope of disclosure of the present invention any amendment, equivalent replacement, improvement etc., be all included within protection scope of the present invention.

Claims (2)

1. the defence method of the low rate refusal dormancy attack of Wireless Personal Network beacon broadcast, in Wireless Personal Network, telegon connects each node device, telegon periodically sends the communication between beacon frame specification and Synchronization Network interior nodes, beacon frame sends with " superframe " structure, net interior nodes equipment is after receiving the beacon frame from telegon, according to " superframe " structure of this node of format of the beacon frame of telegon, it is characterized in that:

With the ratio of active period length in each " superframe " and whole " superframe " Period Length for duty ratio, the maximum duty cycle that may occur in normal beacons in running by network arranges threshold value, net interior nodes calculates the length of active period and the ratio of whole " superframe " Period Length in current received beacon frame, compare with threshold value, judge that when above-mentioned calculating gained ratio is less than threshold value it is attack beacon, make discard processing;

In described beacon frame, the length of active period is SO, whole " superframe " Period Length is BO, the span of BO and SO is 0 ~ 14, SO≤BO, the length of whole " superframe " period of node arrangement is the length SD of active period in BI, " superframe ", and correlation is as follows:

BI＝aBaseSuperframeDuration*2 ^BO

SD＝aBaseSuperframeDuration*2 ^SO

Wherein aBaseSuperframeDuration is 960 symbols, and each symbol accounts for 4 bits;

Parameter IO is defined as:

IO＝BO-SO，

The ratio of SD and BI is duty ratio DC,

$\mathrm{DC}=\frac{\mathrm{SD}}{\mathrm{BI}}=\frac{\mathrm{aBaseSuperframeDuration}*2^{\mathrm{SO}}}{\mathrm{aBaseSuperframeDuration}*2^{\mathrm{BO}}}=2^{\mathrm{SO}-\mathrm{BO}}\text{,}$

Then have $\mathrm{IO}=\log \frac{1}{\mathrm{DC}}$

According to possible traffic peak b _max, tolerable maximum delay D _min, the transmission time of data in GTS time slot and message transmission rate determine the maximum duty cycle DC that may occur in normal beacons frame in running at network _max, determine the minimum IO that network may occur in normal beacons frame in running thus _min, and threshold value when it can be used as this defence method to filter, that is:

${\mathrm{IO}}_{\min }=\log \frac{1}{{\mathrm{DC}}_{\max }}$

Net interior nodes after receiving beacon frame, according to BO in the beacon frame be currently received _nowand SO _nowvalue calculate IO _now=BO _now-SO _now, and itself and threshold value are contrasted, if find IO _now<IO _min, be then determined as attack beacon, make discard processing.

2. the defence method of the low rate refusal dormancy attack of Wireless Personal Network beacon broadcast according to claim 1, is characterized in that:

The calculating formula of described duty ratio DC is

$\mathrm{DC}=\frac{\mathrm{SD}}{D+\mathrm{\&lambda;SD}}(\frac{b}{T_{\mathrm{data}}*C}+1)$

In formula, λ equals tolerable maximum delay when 1/16, D represents transfer of data, T _datarepresent the data transmission period of data in GTS time slot, determined by SD, b represents traffic carrying capacity, and C represents message transmission rate.