CN104270751A - Security protocol based on received signal intensity in wireless sensor network - Google Patents

Abstract

The present invention relates to a security protocol based on received signal intensity in a wireless sensor network, specifically to secure routing and key management. According to the number of adjacent nodes, the intensity of received signals and the energy value thereof, a convergent node is selected by a convergent node selection equation. According to the number of the adjacent nodes and the throughput of the convergent node, a hot zone is determined by a hot zone selection equation. By comparing the feature similarity between collected data and pre-stored abnormal data, abnormal data is detected. An inter-node session key is generated dynamically, and according to whether a hot zone is determined, different keys are selected to generate a function. The key and data are encrypted in a manner of combining a public key cipher mechanism and a symmetric cipher mechanism. The security protocol improves flexibility of a key, enhances the rationality for selecting a convergent node and well ensures safe transmission of inter-node data.

Description

Based on the safety guarantee agreement of received signal strength in wireless sensor network

Technical field

The present invention relates to the foundation of Security routing and the management of dynamic key, belong to wireless communication technology field.

Technical background

Wireless sensor network (Wireless Sensor Networks, WSN) forms, by cooperation mode perception, collection, process and transmission of monitoring data by being deployed in cheap micro wireless sensor nodes a large amount of in monitored area.WSN is usually operated in rugged environment, has between node and links the characteristics such as fragility, topological structure dynamic change.Therefore, wireless sensor network easily suffers various types of attack, thus set up Security routing and data key management imperative.

Public key cryptography mechanism principle is separated with decruption key by encryption key.Key generates in pairs, and often pair of key is made up of a PKI and a private key.Key is longer, and cipher round results is better, but the expense of encrypting and decrypting is larger.Symmetric Cryptography is then adopt identical key to be encrypted deciphering, and encryption/decryption speed is fast, and expense is little.For wireless sensor network, how to utilize public key cryptography mechanism and Symmetric Cryptography that key and data are delivered to the hot issue that aggregation node becomes Data Collection in WSN safely.

Consider that node is generally deployed in deathtrap, in the face of various complex situations, therefore need will set abnormality detection mechanism in node, with attacking ability of improving the precaution, ensure data reliability.Because node energy is limited, the equilibrium assignment of energy becomes key issue, therefore according to dump energy Dynamic Selection aggregation node, need ensure the reasonability that aggregation node is selected.Sensor node is in practice, and because Node distribution is uneven, perception data amount varies in size, therefore dynamically need judge hot-zone.For transmitting procedure, the mode adopting public key cryptography mechanism and Symmetric Cryptography to combine, contributes to the safety ensureing data and key.

For above situation, patent of the present invention achieves the safe transmission etc. of aggregation node Dynamic Selection, the Dynamic Selection of hot-zone, data and key, devises the wireless sensor network protocols that has more fail safe.

Summary of the invention

For solving the problems referred to above in wireless sensor network, the foundation of Security routing and dynamic key management way combine by the present invention, form highly effective and safe agreement.

1, the foundation of Security routing, comprises following prerequisite, definition and step.

Prerequisite is as follows:

1) base-station node is safe, can not be counterfeiting;

2) N number of sensing node { S is had at zone of ignorance ₁, S ₁..., S _n, each sensor node has unique ID number, between node mutually uncorrelated (node independently can determine perception data);

3) characteristic value of pre-stored data exception in each node, for detecting by suspecting node.

Be defined as follows:

1) broadcast singal sends the form of message:

Source address

Destination address

Current time

Communication flows

Jumping figure

2) aggregation node is responsible for the data of collecting all the sensors node perceived, and communicates with control centre;

3) node sets t interval time, for calculating the throughput of aggregation node in the t time;

4) node pre-sets the threshold value converging selective factor B is F _th, hot-zone selective factor B threshold value be D _th, aggregation node dump energy threshold value is E _thbe Y with the threshold value of data exception characteristic similarity _th;

5) update time of setting network aggregation node is T.

Step comprises detection three aspects of the selection of aggregation node, the selection of hot-zone and data exception:

One, the selection step of aggregation node is as follows:

1) all nodes send broadcast to its neighbor node;

2) neighbor node is according to the broadcast received, and obtains the intensity of Received signal strength, the source of signal and direction, and calculates the particular location of self according to beaconing nodes (base station) orientation;

3) all nodes are according to neighbor node number, received signal strength and self-energy value, utilize aggregation node to select formulae discovery aggregation node selective factor B θ, if θ is greater than F _th, then transfer aggregation node to from ordinary node, otherwise remain ordinary node.Aggregation node selects formula as follows:

Wherein, θ represents the convergence selective factor B of node; E represents this node energy value; N represents this nodes neighbors nodes: represent the neighbor node received signal strength sum of this node; represent weight coefficient, size depends on the emphasis of practical application, if then using the neighbor node received signal strength sum of this node as paying the utmost attention to item;

4) aggregation node chosen after, its neighbor node determines the aggregation node of subordinate according to the signal strength signal intensity of the information of reception, and completes and shake hands with aggregation node, sets up network topology.Meanwhile, aggregation node is by periodic test self-energy, if dump energy is lower than threshold value E _th, then broadcast is sent, according to the 3rd to neighbor node) and step reselects aggregation node.

Two, the selection step of hot-zone is as follows:

1) according to aggregation node selected in step one, by the throughput of aggregation node in certain hour t and neighbor node number, hot-zone is utilized to judge formulae discovery hot-zone selective factor B π, if π is greater than D _th, be then hot-zone, otherwise be general area.Hot-zone judges that formula is as follows:

$\mathrm{\π}=\∂n+(1-\∂)\mathrm{Data}$

Wherein, π represents the hot-zone selective factor B of aggregation node; N represents the neighbor node number of this aggregation node; Data represents the throughput of this aggregation node in certain hour t; represent weight coefficient, size depends on the emphasis of practical application, if then using the neighbor node number of this aggregation node as paying the utmost attention to item;

2) if be judged to be hot-zone, resetting the aggregation node update cycle is T ', wherein T ' <T, accelerates aggregation node and selects, real-time update aggregation node.

Three, the detecting step of data exception is as follows:

1) feature of the feature of node image data and pre-stored data exception is contrasted, utilize calculating formula of similarity to obtain abnormal nodes selective factor B ξ, if ξ is greater than threshold value Y _th, then suspect node for being subject to, and this node will notify its neighbor node, otherwise remain ordinary node.Calculating formula of similarity is as follows:

$\mathrm{\&xi;}=\underset{i=1}{\overset{m_1}{\mathrm{\&Sigma;}}}\underset{j=1}{\overset{m_2}{\mathrm{\&Sigma;}}}(\mathrm{SubS}{\mathrm{tr}}_i\&CirclePlus;{\mathrm{Str}}_j)$

Wherein, ξ represents the abnormal selective factor B of node; m ₁represent the substring number of node image data; m ₂represent node pre-stored data unusual character string number; SubStr _irepresent i-th substring of node image data; Str _jrepresent that node prestores the jth character string of abnormal data;

2) after being subject to the neighbor node suspecting node to obtain the data exception testing result of himself, if abnormal data, then abnormality detection result feeds back to by suspecting node by this node, if the feedback result number receiving neighbor node by suspection node is greater than 1/2 of neighbor node sum, be then infected node, otherwise remain ordinary node;

3) if be defined as infected node, then isolate this node, if this infected node is aggregation node, then utilize aggregation node to select step to reselect aggregation node.

2, the foundation of key management, comprises following prerequisite and step.

Prerequisite is as follows:

1) all node initializing keys are K _n, for broadcast, choose aggregation node and realize the dynamic interpolation of new node;

2) all node initializing keys are K _eand K _p, be represent PKI and private key respectively, for public key cryptography mechanism.

Step is as follows:

1) sending node is with key K _nencryption its temporal information T ₁with the throughput Data of aggregation node in certain hour t of its subordinate, and enciphered message is sent to receiving node;

2) receiving node is according to key K _nthe information that deciphering receives, obtains its temporal information T simultaneously ₂, whether be hot-zone according to convergence region, utilize different F () functions dynamically to generate different session key K _d.If convergence region is hot-zone, then F () function is according to the temporal information (T of two nodes ₁, T ₂) and the throughput Data of aggregation node in certain hour t of sending node subordinate, session key K _d=F (F (T ₁, T ₂), Data); If convergence region is general area, then F () function is according to the temporal information (T of two nodes ₁, T ₂), session key K _d=F (T ₁, T ₂);

3) receiving node calculates session key K _dafter, adopt PKI K _eencrypted session key K _d, and by the K after encryption _dsend to sending node;

4) sending node obtains the K after encrypting _d, by private key K _pdecrypt key K _d, then with K _dfor key uses Symmetric Cryptography coded communication packet, and send to receiving node;

5) receiving node is according to key K _d, decrypting communication data bag, obtains wherein information.

Advantage of the present invention:

1) in existing WSN, because N node need pre-install N-1 key, and this agreement does not need to predict nodes, can meet the key pair process of conventional need, reduce the space of storage key;

2) this Protocol Through Network topological structure has adaptivity, prestored secret key K in node _n, can achieve the dynamic interpolation of new node, supplementing failure node, ensures the persistence to this area monitoring;

3) this agreement adopts anomaly data detection mechanism, can complete the isolation to infected node exactly, prevent malicious data from attacking;

4) adopt aggregation node selection algorithm and periodically update aggregation node, ensure that the reasonability that aggregation node exists;

5) mode adopting public key cryptography mechanism and Symmetric Cryptography to combine, ensures the transmission security of key and data;

6) for the data of different stage and the data in dissimilar convergence region, adopt different function session key generation, ensure the safety of inter-node communication.

Accompanying drawing explanation

Fig. 1: aggregation node selects flow chart;

Fig. 2: hot-zone Establishing process figure;

Fig. 3: key management algorithm schematic diagram;

Fig. 4: node abnormality detection mechanism flow chart.

Embodiment

In order to solve the safety problem in wireless sensor network, the foundation of Security routing and dynamic key management way combine by the present invention, form highly effective and safe agreement.In order to realize the above results, key step of the present invention is as follows:

Shown in composition graphs 1, known aggregation node and hot-zone establishment step:

1) there is N number of node for zone of ignorance, utilize prestored secret key K _nbroadcast encryption, data content has 5;

2) send data message format and example as follows:

3) each node is with key K _nthe message that deciphering receives, then according to neighbor node number, received signal strength and self-energy value, utilize aggregation node to select formulae discovery aggregation node selective factor B θ, if θ is greater than F _th, then transfer aggregation node to from ordinary node, otherwise remain ordinary node.Aggregation node selects formula as follows:

Wherein, θ represents the convergence selective factor B of node; E represents this node energy value; N represents this nodes neighbors nodes; represent the neighbor node received signal strength sum of this node; represent weight coefficient, size depends on the emphasis of practical application, if then using the neighbor node received signal strength sum of this node as paying the utmost attention to item;

4) aggregation node chosen after, its neighbor node determines the aggregation node of subordinate according to the signal strength signal intensity of the information of reception, and completes and shake hands with aggregation node, sets up network topology.Meanwhile, aggregation node is by periodic test self-energy, if dump energy is lower than threshold value E _th, then broadcast is sent, according to the 3rd to neighbor node) and step reselects aggregation node.

Shown in composition graphs 2, known hot-zone Establishing process step is as follows:

1) according to the throughput of aggregation node in certain hour t and neighbor node number, hot-zone is utilized to judge formulae discovery hot-zone selective factor B π, if π is greater than D _th, be then hot-zone, otherwise be general area.Hot-zone judges that formula is as follows:

$\mathrm{\&pi;}=\&PartialD;n+(1-\&PartialD;)\mathrm{Data}$

Wherein, π represents the hot-zone selective factor B of aggregation node; N represents the neighbor node number of this aggregation node; Data represents the throughput of this aggregation node in certain hour t; represent weight coefficient, size depends on the emphasis of practical application, if then using the neighbor node number of this aggregation node as paying the utmost attention to item;

2) if be judged to be hot-zone, resetting the aggregation node update cycle is T ', and meets T ' <T, accelerates aggregation node and selects, real-time update aggregation node.

Shown in composition graphs 3, known dynamic key management process step:

1) suppose that sending node A transmits data to reception receiving node B, then sending node A is with key K _nencryption its temporal information T ₁with the throughput Data of aggregation node in certain hour t of its subordinate, and enciphered message is sent to receiving node B;

2) receiving node B is according to key K _nresolve the data received, obtain its temporal information T simultaneously ₂, whether being hot-zone for convergence region, dynamically producing different session key K by utilizing different F () functions _d.If convergence region is hot-zone, then F () function is according to the temporal information (T of two nodes ₁, T ₂) and the throughput Data of aggregation node in certain hour t of sending node subordinate, session key K _d=F (F (T ₁, T ₂), Data); If convergence region is general area, then F () function is according to the temporal information (T of two nodes ₁, T ₂), session key K _d=F (T ₁, T ₂);

3) receiving node B calculates session key K _dafter, adopt PKI K _eencrypted session key K _d, and by the K after encryption _dsend to sending node A, ensure the fail safe of key at inter-node transmission;

4) sending node A obtains the K after encrypting _d, by private key K _pdecrypt key K _d, then with K _dfor key uses Symmetric Cryptography coded communication packet, and send to receiving node B, ensure the reliability of data at inter-node transmission;

5) receiving node B is according to key K _d, decrypting communication data bag, obtains wherein information.

Shown in composition graphs 4, known node abnormality detection mechanism process step:

1) feature of the feature of node image data and pre-stored data exception is contrasted, utilize calculating formula of similarity to obtain abnormal nodes selective factor B ξ, if ξ is greater than threshold value Y _th, then suspect node for being subject to, and this node will notify its neighbor node, otherwise remain ordinary node.Calculating formula of similarity is as follows:

$\mathrm{\&xi;}=\underset{i=1}{\overset{m_1}{\mathrm{\&Sigma;}}}\underset{j=1}{\overset{m_2}{\mathrm{\&Sigma;}}}(\mathrm{SubS}{\mathrm{tr}}_i\&CirclePlus;{\mathrm{Str}}_j)$

Wherein, ξ represents the abnormal selective factor B of node; m ₁represent the substring number of node image data; m ₂represent node pre-stored data unusual character string number; SubStr _irepresent i-th substring of node image data; Str _jrepresent that node prestores the jth character string of abnormal data;

2) after being subject to the neighbor node suspecting node to obtain the data exception testing result of himself, if abnormal data, then abnormality detection result feeds back to by suspecting node by this node, if the feedback result number receiving neighbor node by suspection node is greater than 1/2 of neighbor node sum, be then infected node, otherwise remain ordinary node;

3) if be defined as infected node, then isolate this node, if this infected node is aggregation node, then utilize aggregation node to select step to reselect aggregation node.

Claims (2)

1. in wireless sensor network based on the safety guarantee agreement of received signal strength, it is characterized in that the foundation of Security routing, described method comprises following prerequisite, definition and step.

Prerequisite is as follows:

1) base-station node is safe;

2) N number of sensing node { S is had at zone of ignorance ₁, S ₂..., S _n, each sensor node has unique ID number, between node mutually uncorrelated (node independently can determine perception data);

3) characteristic value of pre-stored data exception in each node.

Be defined as follows:

1) broadcast singal sends the form of message:

Source address Destination address Current time Communication flows Jumping figure

2) aggregation node is responsible for the data of collecting all the sensors node perceived, and communicates with control centre;

3) node sets t interval time, for calculating the throughput of aggregation node in the t time;

4) node pre-sets the threshold value converging selective factor B is F _th, hot-zone selective factor B threshold value be D _th, aggregation node dump energy threshold value is E _thbe Y with the threshold value of data exception characteristic similarity _th;

5) update time of setting network aggregation node is T.

Step comprises detection three aspects of the selection of aggregation node, the selection of hot-zone and data exception:

One, the selection step of aggregation node is as follows:

1) all nodes send broadcast to its neighbor node;

2) neighbor node is according to the broadcast received, and obtains the intensity of Received signal strength, the source of signal and direction, and calculates the particular location of self according to beaconing nodes (base station) orientation;

3) all nodes are according to neighbor node number, received signal strength and self-energy value, utilize aggregation node to select formulae discovery aggregation node selective factor B θ, if θ is greater than F _th, then transfer aggregation node to from ordinary node, otherwise remain ordinary node.Aggregation node selects formula as follows:

Wherein, θ represents the convergence selective factor B of node; E represents this node energy value; N represents this nodes neighbors nodes; represent the neighbor node received signal strength sum of this node; represent weight coefficient,

4) aggregation node chosen after, its neighbor node determines the aggregation node of subordinate according to the signal strength signal intensity of the information of reception, and completes and shake hands with aggregation node, sets up network topology.Meanwhile, aggregation node is by periodic test self-energy, if dump energy is lower than threshold value E _th, then broadcast is sent, according to the 3rd to neighbor node) and step reselects aggregation node.

Two, the selection step of hot-zone is as follows:

1) according to aggregation node selected in step one, by the throughput of aggregation node in certain hour t and neighbor node number, hot-zone is utilized to judge formulae discovery hot-zone selective factor B π, if π is greater than D _th, be then hot-zone, otherwise be general area.Hot-zone judges that formula is as follows:

$\mathrm{\&pi;}=\&PartialD;n+(1-\&PartialD;)\mathrm{Data}$

Wherein, π represents the hot-zone selective factor B of aggregation node; N represents the neighbor node number of this aggregation node; Data represents the throughput of this aggregation node in certain hour t; represent weight coefficient,

2) if be judged to be hot-zone, reset upgrade aggregation node cycle T ', wherein T ' <T, accelerates aggregation node and selects, real-time update aggregation node.

Three, the detecting step of data exception is as follows:

1) feature of the feature of node image data and pre-stored data exception is contrasted, utilize calculating formula of similarity to obtain abnormal nodes selective factor B ξ, if ξ is greater than threshold value Y _th, then suspect node for being subject to, and this node will notify its neighbor node, otherwise remain ordinary node.Calculating formula of similarity is as follows:

$\mathrm{\&xi;}=\underset{i=1}{\overset{m_1}{\mathrm{\&Sigma;}}}\underset{j=1}{\overset{m_2}{\mathrm{\&Sigma;}}}(\mathrm{SubS}{\mathrm{tr}}_i\&CirclePlus;{\mathrm{Str}}_j)$

Wherein, ξ represents the abnormal selective factor B of node; m ₁represent the substring number of node image data; m ₂represent node pre-stored data unusual character string number; SubStr _irepresent i-th substring of node image data; Str _jrepresent that node prestores the jth character string of abnormal data;

2) after being subject to the neighbor node suspecting node to obtain the data exception testing result of himself, if abnormal data, then abnormality detection result feeds back to by suspecting node by this node, if the feedback result number receiving neighbor node by suspection node is greater than 1/2 of neighbor node sum, be then infected node, otherwise remain ordinary node;

3) if be defined as infected node, then isolate this node, if this infected node is aggregation node, then utilize aggregation node to select step to reselect aggregation node.

2. in wireless sensor network based on the safety guarantee agreement of received signal strength, it is characterized in that the foundation of key management, comprise following prerequisite and step.

Prerequisite is as follows:

1) all node initializing keys are K _n;

2) all node initializing keys are K _eand K _p, be represent PKI and private key respectively.

Step is as follows:

1) sending node is with key K _nencryption its temporal information T ₁with the throughput Data of aggregation node in certain hour t of its subordinate, and enciphered message is sent to receiving node;

2) receiving node is according to key K _nthe information that deciphering receives, obtains its temporal information T simultaneously ₂, determine whether that converging region is hot-zone, adopts different F () functions dynamically to generate different session key K for step 2 in right 1 _d.If convergence region is hot-zone, then F () function is according to the temporal information (T of two nodes ₁, T ₂) and the throughput Data of aggregation node in certain hour t of sending node subordinate, session key K _d=F (F (T ₁, T ₂), Data); If convergence region is general area, then F () function is according to the temporal information (T of two nodes ₁, T ₂), session key K _d=F (T ₁, T ₂);

3) receiving node calculates session key K _dafter, adopt PKI K _eencrypted session key K _d, and by the K after encryption _dsend to sending node;

4) sending node obtains the K after encrypting _d, by private key K _pdecrypt key K _d, then with K _dfor key uses Symmetric Cryptography coded communication packet, send to receiving node;

5) receiving node is according to key K _d, decrypting communication data bag, obtains wherein information.