CN101309151A - Safe positioning method for wireless sensor - Google Patents

Abstract

The invention discloses a safe positioning method for a wireless sensor; the safe positioning method adopts two safe positioning methods which are the malicious beacon detection based on the checkpoint and the malicious beacon detection algorithm based on the regional voting mechanism to solve the positioning safety problem of the sensor network nodes. The positioning method improves the anti-attack capability of the system through filtering the malicious beacons directly so that not only the known attacks can be defended, but also the unknown attacks can be defended; the corresponding defending measurement for every possible specific attack is avoided; the implementation of the safety strategy of the positioning system is simplified; the two detection methods are combined effectively to adjust the defending strategy automatically according to the attack types; the safe positioning is guaranteed and the computation cost is reduced effectively; the neighbor communication authentication technique based on the unidirectional key chain is adopted to avoid the support of other network safety protocols so that the storage cost of the sensor nodes is reduced; the neighbor communication authentication technique can be compatible and used together with the present wireless sensor network protocol; the safety target of the positioning system of the sensor network nodes is realized.

Description

Wireless sensor safe positioning method

Technical field

The invention belongs to network communications technology field, relate to the wireless self-organization network safe practice, specifically be based on conforming verification inside and outside the beacon, a kind of safe wireless sensor network node locating method is proposed, solve the safety problem of node locating in the sensor network, be how node is correctly obtained the geographical location information of oneself after quilt is disposed at random, prevent various internaling attack and external attack at node positioning system.

Background technology

The wireless multi-hop network that wireless sensor network is made up of the sensor node miniature in a large number, low-cost, low-power consumption that is deployed in the monitored area is realized collection, processing and issue to sensitive data in the monitored area.Sensor network has numerous advantages such as quick deployment, collaborative perception, high fault tolerance, therefore has application prospect in association areas such as military affairs, Homeland Security, environmental surveillance and city management.

As the bridge that connects physical world and digital world, the positional information of node is most important to the monitor activities of network in the sensor network.Sensor network must rely on the spatial relationship that the positional information of node is come building network, and reporting event or follow the tracks of external object according to this.In addition, the positional information of node also provides the important foundation of network functions such as network topology self-configuring, statistics network covering quality.Therefore transducer must adopt certain mechanism to realize the location after disposing earlier, just can enter monitoring state.

1. the basic fixed position method of wireless senser

Be subjected to the restriction of factors such as cost, volume, power consumption and autgmentability, most of sensor networks adopt the auxiliary location mechanism of beaconing nodes, its principle is as shown in Figure 1: network is disposed in advance on a small quantity by modes such as GPS and is realized the beaconing nodes of locating, beacon obtains transducer and the position relation of peripheral a plurality of beaconing nodes by receiving and measuring, and adopts mathematical method to determine himself position then.As shown in Figure 1: s is by measuring to b ₁, b ₂, b ₃Range information d ₁, d ₂, d ₃Determine self-position.These location algorithms are broadly divided into: based on range finding location and non-distance measuring location.The former uses method calculating locations such as trilateration, triangulation or maximum likelihood estimation by distance or orientation between measured node, and ranging technology commonly used has RSSI, TOA, TDOA and AOA.And the latter only realizes location Calculation according to information such as network connectivties, and common algorithm has centroid algorithm, DV-Hop algorithm, convex programming algorithm and APIT algorithm etc.

2. the security threat that faces of node positioning system

Owing to self have fragility, node positioning system very easily suffers from inside and outside attack.On the one hand, the assailant may obtain inner trust by capturing node, thereby implements the location deception.On the other hand, the assailant also may adopt modes such as displacement node and interference signal to implement external attack.Obviously, the physics mobile node is to the most direct security threat of node positioning system.In addition, because all being some physical phenomenon (as time delay, power consumption, go into the angle and transmit jumping figure etc.) according to wireless beacon transmission, navigation system comes the position relation between measured node.The assailant is easy to adopt duplicate, block and to change means such as propagation path and distorts these measurement results.Because external attack directly at the tender spots of location mechanism, need not to obtain inner trust, therefore can walk around the protection of various conventional security mechanism (as encryption and authentication etc.).

3. existing wireless sensor node safe positioning method

Node positioning system comes down to the coordination mechanism that a kind of physical attribute according to radio communication is determined the node space relation, and it realizes facing great challenge safely.At present, domestic and international existing security solution roughly can be generalized into three major types: (1) is based on the safety location of beacon attribute verification.For example, the safe location mechanism SeRLoc of a kind of non-distance measuring of people such as the L.Lazos proposition of the U.S. in 2004.Its principle is: beaconing nodes adopts directional antenna to send beacon to different sectors, and unknown node is estimated self-position according to the overlapping situation of beacon sector again.Utilize the uniqueness and the communication distance boundary of beacon sector, SeRLoc can take precautions against Replay Attack.The people such as S.Capkun of the U.S. in 2006 propose a kind of VM mechanism based on the distance threshold agreement.Utilization is apart from threshold agreement and triangle calibration technology, and the VM algorithm can be resisted various attacks of distorting range finding.(2) locate based on the safety of robust regression algorithm.These class methods are primarily aimed at the fragility problem that least square method exists, and strengthen the ability that the navigation system tolerance is attacked by the robustness that improves location Calculation.For example, the people such as Z.Li of the U.S. in 2005 introduce minimum intermediate value two and take advantage of the ability of estimating to improve navigation system tolerance attack.(3) locate based on the safety of intrusion detection.For example, a kind of malice beaconing nodes detection scheme that the people such as D.Liu of the U.S. in 2005 propose, its principle is: each beaconing nodes uses detection ID to disguise oneself as sensor node initiatively to neighbours' beaconing nodes request positioning service, and check with reference to self coordinate whether the other side provides correct beacon, at last by the base station unification with malice beaconing nodes isolation network.

But there is following shortcoming respectively in these above-mentioned 3 kinds of safe positioning strategies:

Strategy (1): these class methods often rely on the integrality that certain checkpoint comes verification beacon attribute, and system robustness is poor.For example, the VM calibration technology be based upon the assailant can not with the strong assumption of checkpoint collusion on; SeRLoc is based upon on the strong assumption that beacon signal can not get clogged, if the assailant has blocked the signal of relevant beaconing nodes, two geometrical properties (sector uniqueness and communication distance boundary) that then are used to detect Replay Attack all can lose efficacy.

Strategy (2): the greatest problem of these class methods is calculated too complicated exactly.The amount of calculation of robust regression algorithm is often all bigger, can't be applicable to low-power consumption, sensor application field cheaply.For example, because median function can not differential, the Z.Li scheme need adopt the bigger Monte Carlo random device of space-time complexity to find the solution minimum median problem.

Strategy (3): these class methods are detected object with the malice beaconing nodes, can only have potential safety hazard at internaling attack.For example, in the Liu detection scheme, if the assailant adopts the beacon message in the external attack method attack channel such as signal interference, though then the location of unknown node can not be subjected to the influence of malice beacon, but the source node of beacon is malice beaconing nodes and isolation network with detected scheme erroneous judgement, thereby reduced the service quality of navigation system, even caused its paralysis.

In sum, with regard to the demand for security of whole node navigation system, existing solution does not all also form perfect security system, can only resist the attack pattern of part mostly, can't tackle the attack with characteristics such as knitting hidden and compound more.

The content of invention

The object of the invention is to solve the deficiency of existing safe positioning method, fully investigate the characteristic of sensor network and node locating mechanism, propose a kind of wireless sensor safe positioning method, this method improves the anti-attack ability of transducer self poisoning by filtering malice beacon.The present invention comprises based on " the beacon screening of checkpoint " and " based on the beacon screening of checkpoint " two kinds of beacon screening techniques, discern and filtering fallacious beacon by the internal consistency and the outside consistency of verification beacon respectively, and be applied to take precautions against the external attacker and the person of internaling attack respectively.

Method 1: based on the beacon screening technique of checkpoint

In position fixing process, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes.The checkpoint is reference with the self-position, by checking whether inner consistent (calculate distance and whether mate measuring distance) comes the detection of malicious beacon to beacon.If beacon inside is inconsistent, then explanation is the malice beacon.Find the malice beacon when the checkpoint and then send a warning information to neighbours' unknown node.Transducer add up each receive beacon by alarm number of times, the beacon that defendant's number of times wherein is no more than thresholding τ is considered as safety beacon, and all the other beacons is considered as the suspicion beacon, i.e. the beacon of safe condition the unknown.

Method 2: based on the beacon screening technique of regional voting mechanism

Introducing regional voting mechanism on the basis of method 1 further checks inconsistent between beacon (localizing objects of malice beacon and the localizing objects of optimum beacon is often inconsistent, abbreviate as outside inconsistent), and discern and filtering fallacious beacon according to majority principle.Its basic thought is: the target area is divided into a uniform lattice, and utilizes each beacon may residing unit to vote for transducer, then with the maximum unit of poll as verification unit, further detect whether malice of remaining suspicion beacon.If certain suspicion beacon can mate verification unit, illustrate that then it is a safety beacon, otherwise be the malice beacon.

The anti-wireless senser localization method of attacking of the present invention on conventional location mechanism basis, improves the ability that the navigation system opposing is attacked by introducing the malice beacon isolation mech isolation test and the lightweight security protocol of mixing.Its basic thought is as follows: in position fixing process, transducer at first receives alarm that neighbours check by method 1 and detects and isolate the malice beacon.The safety beacon that filters out when transducer satisfy the location Calculation condition (based on the location Calculation of range finding at least three of needs with reference to beacon), then abandon all suspicion beacons, directly carry out self poisoning and calculate, otherwise the regional voting mechanism of employing method 2 further screens safety beacon from the suspicion beacon with reference to safety beacon.

With existing node security localization method contrast, the present invention has the following advantages:

(1) the present invention improves the anti-attack ability of transducer self poisoning by filtering malice beacon, the measure that need not to take to take precautions against one by one at every kind of particular attack behavior that may occur is (as worm hole testing mechanism, the playback testing mechanism, the anti-tamper mechanism etc. of finding range), thus simplified the enforcement of security strategy.Not only be highly resistant to known attack, can also defend unknown attack.

(2) the beacon triage techniques based on the checkpoint can effectively filter the malice beacon that seat offence causes, and computing cost is little, but (be captured node may lodge a false accusation against optimum beacon be the malice beacon) attacked in the false accusation that can't resist the person of internaling attack.And based on the beacon triage techniques strong robustness of voting in the zone, can effectively take precautions against the person's of internaling attack false accusation to attack, but resource overhead is bigger.The present invention organically combines the advantage of two kinds of beacon triage techniqueses, can regulate defence policies according to adversary's attack pattern self adaptation, thereby effectively lowered the computing cost of transducer when guaranteeing positioning security.

(3) the present invention only adopts the neighbours' communication authentication technology based on one-way key chain.Its advantage comprises: 1. computing cost is little, and the generation of one-way key chain and distribution are finished by central server, and communication node only needs the hash computing of lightweight; 2. storage overhead is little, and 200 beaconing nodes are arranged in the hypothetical network, and node ID 8 bit representations, Hash function are output as 128.Then the storage overhead of transducer needs is (8+128) * 200=3400B, and MICA1Motes has the 128kB flash memory, can satisfy the demand of the present invention of implementing.3. need not key management; 4. need not whole message is carried out the MAC authentication.

Description of drawings

Fig. 1 is a sensor node navigation system schematic diagram

Fig. 2 is the position relation of beacon and checkpoint

Fig. 3 is the checkpoint principle schematic

Fig. 4 is for determining the example of region of search: Fig. 4 (a) supposition transducer receives 4 beacon bs ₁～bs ₄Fig. 4 (b) bs ₄Situation for safety beacon; All beacons of Fig. 4 (c) all are the situations of suspicion beacon

Fig. 5 is the example of selected candidate unit and ballot screening: Fig. 5 (a) bs ₄Situation for safety beacon; Fig. 5 (b) bs ₂And bs ₄Situation for safety beacon; All beacons of Fig. 5 (c) all are the situations of suspicion beacon

Fig. 6 is the particular flow sheet of node security localization method

The functional arrangement of Fig. 7 formula (1)

Fig. 8 is the functional arrangement of formula (3)

Fig. 9 is provided with figure for simulating scenes

Figure 10 is the simulation result figure of verification and measurement ratio

Specific embodiments

In conjunction with above-mentioned accompanying drawing and subordinate list, the embodiment of the included various technical schemes of wireless sensor node safe positioning method of the present invention is described further.Enforcement of the present invention is based on following relevant hypothesis and precondition:

(1) the supposition sensor network uses the secret positioning and communicating of group key, mixes receive mode monitoring beacon on every side so that other nodes can adopt; (2) the supposition location Calculation is the center with the transducer, and transducer has certain wireless distance finding ability (as RSSI and TDOA etc.); (3) hypothetical network is disposed node at random with certain density, and this deployment model can be regarded the even poisson process on the geometry as; (4) if two nodes are in mutually in the other side's the communication coverage, then be referred to as neighbor node.

1. based on the implementation of the beacon screening technique of checkpoint

As shown in Figure 2, in position fixing process, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes.The checkpoint is reference with the self-position, by checking whether inner consistent (calculate distance and whether mate measuring distance) comes the detection of malicious beacon to beacon.

Checkpoint: adopt and mix the receiving mode monitor channel,, check then whether the measuring distance of this beacon and calculating distance mate when the destination node that listens to beacon signal and this beacon is a neighbor node.If do not match, be the malice beacon, then generate a warning message and report this beacon to relevant unknown node.The beacon of checkpoint is checked principle as shown in Figure 3: self coordinate of supposition checkpoint is (x _c, y _c), the reference coordinates of claiming in the beacon message is (x _b, y _b), the measuring distance between checkpoint and the beaconing nodes is D _MeasureThen legal beacon should satisfy relation: $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{measure}}|\≤e_{\max },$ E wherein _MaxBe the maximum measure distance error that allows.Suppose navigation system range error error～N (0, σ ²), according to 3-σ criterion, then can make e _Max=3 σ, the probability of miscarriage of justice of checkpoint is reduced to 0.0026 like this.

Transducer: construct a locating information table (as table 1), all beacons that preservation receives and corresponding quilt alarm number of times thereof; And will wherein be no more than the beacon adding safety beacon collection of thresholding τ by the accusation number of times.With table 1 is example: supposition τ is 5, then beacon ₄Be suspicion beacon (the alarm number of times surpasses 5), and beacon ₁～beacon ₃Be safety beacon.

Table 1

Beacon ID	The position is with reference to information	Defendant's number of times
			Beacon 1	(x 1，y 1，d 1)	1
Beacon 2	(x 2，y 2，d 2)	0
			Beacon 3	(x 3，y 3，d 3)	0
Beacon 4	(x 4，y 4，d 4)	6

2. the enforcement based on the beacon screening technique of zone ballot comprises the steps

Step 1 transducer is at first determined self residing rectangular search zone (x _Min, y _Min) * (x _Max, y _Max).Suppose beacon collection BS={bs _i| i=1,2 ..., n} is all beacons that transducer receives, BS ^*Be safety beacon collection (through technology 1 screening) wherein.If BS ^*≠ φ (having safety beacon) then appoints and gets a safety beacon bs _i=(x _i, y _i, d _i), make (x _Min, y _Min) * (x _Max, y _Max)=(x _i-d _i, y _i-d _i) * (x _i+ d _i, y _i+ d _i); If BS ^*=φ, then order:

$x_{\min }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\min }(x_i-d_i)\text{,}{x}_{\max }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\max }(x_i+d_i),y_{\min }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\min }(y_i-d_i),y_{\max }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\max }(y_i+d_i);$

With Fig. 4 is that example further specifies.Shown in Fig. 4 (a), suppose BS={bs ₁, bs ₂, bs ₃, bs ₄.If BS ^*={ bs ₄, region of search (x then _Min, y _Min) * (x _Max, y _Max)=(x ₄-d ₄, y ₄-d ₄) * (x ₄+ d ₄, y ₄+ d ₄), as the dash area among Fig. 4 (b).If BS ^*=φ, then (x _Min, y _Min) * (x _Max, y _Max)=(x ₄-d ₄, y ₃-d ₃) * (x ₁+ d ₁, y ₂+ d ₂), as the dash area among Fig. 4 (c).

Step 2 is selected candidate unit: transducer evenly is divided into grid G with the region of search _{K * k}, k=max (x _Max-x _Min, y _Max-y _Min)/e _MaxIf BS ^*≠ φ (safety beacon is arranged) then selectes and wherein can mate the unit of all safety beacons as candidate unit.If BS ^*=φ, then selected all unit are as candidate unit.Unit g _MnWith beacon bs _iMatching condition be || g _Mn-(x _i, y _i) || _Max〉=d _i〉=|| g _Mn-(x _i, y _i) || _Min, wherein || g _Mn-(x _i, y _i) || _MaxWith || g _Mn-(x _i, y _i) || _MinBe respectively coordinate (x _i, y _i) to unit g _MnMaximum distance and minimum distance;

Step 3 ballot screening: it is corresponding with grid G to set up a two-dimentional ballot table; When initial, the poll of each candidate unit correspondence is 0, if a candidate unit can mate a suspicion beacon, then its corresponding poll adds 1; Repeat this process, all finish matching test with all suspicion beacons up to each candidate unit.After the ballot, transducer is a verification unit with the highest unit of poll, and all suspicion beacons that can mate verification unit are added the safety beacon collection.

The present invention further specifies step 2 and 3 (supposition k=10) by Fig. 5.Among Fig. 5 (a), bs ^*={ bs ₄, then candidate unit is all and bs ₄The unit that is complementary; Candidate unit cell[2,9] while and suspicion beacon bs ₁And bs ₂Coupling (who gets the most votes, 2) therefore is chosen as verification unit; At last, bs ^*=bs ^*∪ { bs ₁∪ { bs ₂}={ bs ₁, bs ₂, bs ₄.Among Fig. 5 (b), bs ^*={ bs ₂, bs ₄, then candidate unit is all and bs ₄And bs ₂The unit that is complementary (cell[1,3], cell[2,9]); Through ballot, cell[2,9] be chosen as verification unit; Therefore, bs ^*=bs ^*∪ { bs ₁}={ bs ₁, bs ₂, bs ₄.Among Fig. 5 (c), bs ^*=φ, then all unit all are candidate unit; Through ballot, cell[4,7] be chosen as verification unit; So bs ^*=bs ^*∪ { bs ₁∪ { bs ₂∪ { bs ₄}={ bs ₁, bs ₂, bs ₄.

3. sensor safe positioning method is implemented to comprise the steps

(1) generation of one-way key chain: central server is that each beaconing nodes b distributes a unique password PW _b, and use a unidirectional Hash function of crash-resistant (as SHA-1 or MD5) to generate a unidirectional key chain: $<k_b^0,{\mathrm{<figure-callout\; id="1"\; label="k\; b"\; filenames="A20081015030800191.png"\; state="\{\{state\}\}">k</figure-callout>}}_b^{},\&CenterDot;\&CenterDot;\&CenterDot;,k_b^n>=<{\mathrm{pw}}_b,h\left({\mathrm{pw}}_b\right),\&CenterDot;\&CenterDot;\&CenterDot;,h^n\left({\mathrm{pw}}_b\right)>,$ Wherein, n depends on that beaconing nodes need send the quantity of message (beacon message and warning message);

(2) sensor network disposition: before sensor network disposition, central server distributes the key chain that produces in the step 1 for each beaconing nodes, and with the ID of all beaconing nodes and the begin chain k of correspondence _b ⁿBe loaded into each network node.

(3) Location Request: the transducer s of no-fix broadcasts Location Request: s → * a: s to neighbours;

(4) beacon is replied: each the neighbours' beaconing nodes b that receives Location Request replys a beacon: ${\mathrm{bs}}_b^j=\{s,b,(x_b,y_b),k_b^{n-j},j\}.$ Wherein, (x _b, y _b) be the position coordinates of beaconing nodes b; k _b ^N-jAuthentication code for the current message of b (j); J is the Hash counter, if receiving node has missed some middle cryptographic Hash, then can be synchronized to up-to-date key again according to the j value;

(5) supervision of checkpoint: the checkpoint is adopted and is mixed the receiving mode monitor channel.C listens to bs when the checkpoint _b ^jThe time, check at first whether the sensor of interest of this beacon is neighbor node, if then carry out following processing:

1. authentication: the checkpoint is by the checking equation $h\left(k_b^{n-1}\right)=k_b^{n-\mathrm{<figure-callout\; id="1"\; label="j\; +"\; filenames="A20081015030800191.png"\; state="\{\{state\}\}">j</figure-callout>}+1}$ Whether judge this message truly from b, wherein k _b ^N-jBe the authentication code of carrying in the beacon message, k _b ^N-j+1The current authentication key of preserving for receiving node about b (is initially preallocated begin chain k _b ⁿ).If authentication is passed through, then checkpoint k _b ^N-jK in the substitute memory _b ^N-j+1, otherwise abandon this beacon, do not do further processing;

2. beacon verification: checkpoint c obtains distance D between itself and the beaconing nodes by the wireless distance finding technology _Measure, and by the checking inequality $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{measure}}|>e_{\max }$ Judge this beacon whether malice, wherein (x _c, y _c) be the coordinate position of checkpoint c self, e _MaxBe the maximum measure distance error that allows.If find it is the malice beacon, then checkpoint c sends a warning message to transducer s: ${\mathrm{alert}}_c^i=\{c,s,{\mathrm{beacon}}_b^j,k_c^{n-i+1},i\},$ K wherein _c ^N-i+1With the implication of i and the k in the step (4) _b ^N-jSimilar with j;

(6) transducer location: transducer receives the beacon and the warning message of all answers, and verifies the authenticity (being similar to step 5 1.) of these messages, utilizes these beacons and warning message to position calculating then.Concrete position fixing process is: construct a locating information table, all beacons that preservation receives and corresponding quilt alarm number of times thereof.If wherein the number of safety beacon (being no more than thresholding τ by alarming number of times) is less than 3, then execution area ballot method is further screened safety beacon; At last, transducer adopts the maximum likelihood estimation technique to estimate self-position with reference to safety beacon.

The flow process that sensor safe positioning method is implemented as shown in Figure 6.

4. invention effect analysis

The present invention sets forth effect of the present invention from safety analysis, the verification and measurement ratio analysis of malice beacon and three aspects of emulation experiment assessment.Suppose and around a unknown node, disposed n optimum beaconing nodes and m malice beaconing nodes at random.

(1) attacks analysis

Obviously, malice beacon that seat offence caused inevitable because of exist inner inconsistent and tested make an inventory of find.What need special analysis here is local Replay Attack.The assailant may lure that the checkpoint reports to the authorities this beacon into by retransmitting local beacon.But, because directly the beacon of propagating is certain to arrive receiving node earlier than the beacon of resetting, receiving node has also obtained up-to-date authentication code thus, and therefore the beacon of any playback can't be by the authentication of receiving node because its authentication code of carrying is out-of-date.

And the false accusation attack is the main attack pattern at this paper scheme.Legal beacon may be lodged a false accusation against by making up warning message in a captive checkpoint, also may implement to lodge a false accusation against by the warning message of distorting other checkpoints and attack.With Fig. 2 is example, supposes that the assailant has collected a warning message alert who has nothing to do with s by monitor channel; When b sent beacon, the assailant took out alert and changes alarm object wherein into beacon that b sends, resends then to s; Then because the authentication code among the alert is fresh with respect to s, so s has accepted this accusation.Though it is truly feasible that two kinds of above-mentioned false accusations are attacked for the assailant, the influence of its generation is very limited.At first, this paper scheme is provided with a tolerance thresholding τ.The assailant needs to capture a checkpoint, τ+1 at least or distorts the warning message that τ+1 has up-to-date authentication code and could effectively lodge a false accusation against a legal beacon.Secondly, even all beacons are all lodged a false accusation against, unknown node is accessible region territory ballot algorithm screening safety beacon still.

(2) the theoretical verification and measurement ratio p of method 1 ₁p ₁Equal a malice beacon and reported to the authorities the probability of number of times, promptly listen to the probability of the checkpoint number of this beacon greater than τ above thresholding τ.Can get by Poisson distribution:

${\mathrm{<figure-callout\; id="1"\; label="p"\; filenames="A20081015030800191.png"\; state="\{\{state\}\}">p</figure-callout>}}_1=p\left(\right|\mathrm{checkpoint}|>\mathrm{\&tau;})=1-{\mathrm{\&Sigma;}}_{i=0}^{\mathrm{\&tau;}}\frac{{(p_b\&times;A\left(o\right))}^i}{i!}{e}^{-(p_b\&times;A\left(o\right))}---\left(1\right)$

$A\left(o\right)=2[r^2\arccos \left(\frac{d}{r}\right)-d\sqrt{(r^2-d^2)}],d=\frac{|s-b|}{2}---\left(2\right)$

Wherein, p _bBe the deployment density of beaconing nodes, A (o) is the area (as the dash area among Fig. 2) in the common neighbours zone of beaconing nodes and unknown node.Fig. 7 is the functional arrangement of formula (1).As shown in the figure: p ₁Along with p _bIncrease and increase, and along with τ increases and reduces.Therefore can be according to p _bActual setting, by selecting suitable τ, to guarantee p ₁Can satisfy the demand for security of using.For example, make p ₁=0.99, work as P _b=0.01 o'clock, then τ got 5.

(3) the theoretical verification and measurement ratio p of technology 2 ₂p ₂Equal zone ballot screening method and select the probability of correct unit, promptly the number of votes obtained of correct unit is higher than the probability of number of votes obtained of the error unit of malice beacon indication.Because a beacon may mate a plurality of unit (promptly may vote to a plurality of unit), removing optimum beacon votes certainly to object element, the fixing ballot of malice beacon (considering the sight of conspiracy attack) is given outside certain error unit, and remaining ballot can be thought random fashion.Therefore:

$p_2=\underset{i=0}{\overset{m}{\mathrm{\&Sigma;}}}\left(\mathrm{Prob}(\mathrm{\&xi;}=i)\underset{j=0}{\overset{n+i-m-1}{\mathrm{\&Sigma;}}}\mathrm{Prob}(\mathrm{\&xi;}=j)\right)=\underset{i=0}{\overset{m}{\mathrm{\&Sigma;}}}\left(\begin{array}{c}m\\ i\end{array}\right){p_v}^i{(1-p_v)}^{m-i}\underset{j=0}{\overset{n+i-m-1}{\mathrm{\&Sigma;}}}\left(\begin{array}{c}n\\ j\end{array}\right){p_v}^j{(1-p_v)}^{n-j}---\left(3\right)$

Wherein, (ξ=x) opens probability with air ticket, p for certain candidate unit obtains x just to Prob _vBe that a beacon is voted at random to the probability (1≤p of certain unit _v≤ 2/k).Fig. 8 is functional arrangement (the supposition p of formula (3) _v=2/k).As shown in the figure: p ₂Increase with m reduces, when optimum checkpoint accounts for plurality, and p ₂Value is very good.For example, though when the ratio of malice beaconing nodes up to 40%, the p under the different n values ₂All still be higher than 85%.

(4) emulation experiment assessment.

Adopt matlab to realize that the present invention suggests plans.Test scene as shown in Figure 9: a transducer is placed by central authorities in one 40 * 40 (rice) zone, dispose some beaconing nodes (wherein n=16) on every side at random, the communication radius of node is 30 meters (so that transducer can receive the signal of all beaconing nodes), thresholding τ is set at 5, and whole experiment repeats 1000 times.Attack and external attack by malice beaconing nodes simulated interior: 1. internal attack behavior: the malice beaconing nodes conspires to issue wrong beacon, and lodges a false accusation against all legal beacons; 2. external attack behavior: the malice beaconing nodes is issued wrong beacon at random, and this is because external attacker is difficult to accurately to handle beacon and can't implements the malice accusation and attack.

Following two parameter indexs of the main assessment of experiment: 1. verification and measurement ratio, it equals the ratio that success filters out experiment number and total experiment number of all malice beacons.2. computing cost refers to the number of times of performance element and beacon matching test in this paper scheme.In the detection design of this paper, unknown node does not need to send data, so the present invention only investigates computing cost.

Figure 10 provides the verification and measurement ratio experimental result that the present invention program attacks two classes.As can be seen from Figure 10: 1. experimental result and theory analysis basically identical, wherein, to the verification and measurement ratio of external attack a little less than theoretical value p ₁(p ₁=0.99), to the verification and measurement ratio of internaling attack then a little more than theoretical value p ₂This is because in actual motion, and unknown node might not need execution area voting mechanism algorithm, and the ballot quantity of each beacon may (be pv≤2/k) less than 2k also.Therefore in addition, because the k value of each run all is dynamic change, the theoretical value with k=10 and k=20 compares.2. the increase with σ 2 values reduces to the verification and measurement ratio of internaling attack, and this is because the resolution high more (the k value is big more) of σ 2 more little then grids, and verification and measurement ratio is also high more.

Table 2 has provided computing cost situation of the present invention: 1. the computing cost at external attack all is 0 under different m values, and this is because this paper scheme only adopts the checkpoint to take precautions against external attack, need not execution area ballot step.2. internaling attack under the scene, when the m value hour, computing cost all levels off to 0; Along with the m value further increases, computing cost begins to enlarge markedly; Increase to a certain degree but work as the m value, computing cost tends towards stability again.This be because: when having only a small amount of malice checkpoint, unknown node can receive enough safety beacons and need not the execution area step; Along with the further increase of m value, the probability that normal beacons is lodged a false accusation against becomes greatly gradually, and the probability of unknown node execution area ballot step also increases gradually, so the corresponding increase of computing cost; But when this probability increased to 100%, computing cost tended towards stability again.3. then enlarge markedly with diminishing of σ 2 at the computing cost of internaling attack, this is that computing cost is also big more because the resolution of σ 2 more little then grids is high more.

Table 2

Experimental result shows that the composite defense strategy that this method adopts has effectively lowered computing cost when guaranteeing positioning security.

Though by describing specific implementation process of the present invention and analysis, showed advantage of the present invention,, the present invention is not subjected to the restriction of described detail, exemplary example, typical method and emulation tool.Therefore, under the situation of the spirit and scope of the general notion that does not depart from the applicant invention, can be different with the details of claims.

Symbol description:

GPS: global positioning system

VM:Verifiable Multilateration can verify polygon measurement

MAC: message authentication code

The h:hash function

A (o): the area of regional o

BS: beacon collection

BS ^*: be the safety beacon collection.

Claims (6)

1, a kind of wireless sensor safe positioning method, improve the anti-attack ability of transducer self poisoning by filtering malice beacon, it is characterized in that: this localization method comprises " based on the beacon sieve of checkpoint " and " based on the beacon sieve of regional voting mechanism " two kinds of beacon screening techniques, discern and filtering fallacious beacon by the internal consistency and the outside consistency of verification beacon respectively, and be applied to take precautions against the external attacker and the person of internaling attack respectively;

Method 1: based on the beacon screening of checkpoint, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes, the checkpoint is reference with the self-position, by checking whether inner consistent (calculate distance and whether mate measuring distance) comes the detection of malicious beacon to beacon, if beacon inside is inconsistent, then explanation is the malice beacon, find the malice beacon when the checkpoint and then send a warning information to neighbours' unknown node, transducer is added up each quilt alarm number of times that receives beacon, the beacon that defendant's number of times wherein is no more than thresholding τ is considered as safety beacon, and all the other beacons are considered as the suspicion beacon;

Method 2: based on the beacon screening of regional voting mechanism, on the basis of method 1, introduce regional voting mechanism and further check inconsistent between beacon, and discern and filtering fallacious beacon according to majority principle, that is: the target area is divided into a uniform lattice, utilize each beacon may to vote residing unit for transducer, then with the maximum unit of poll as verification unit, further detect whether malice of remaining suspicion beacon, if certain suspicion beacon can mate verification unit, illustrate that then it is a safety beacon, otherwise be the malice beacon.

2, wireless sensor safe positioning method according to claim 1, it is characterized in that on conventional location mechanism basis, improve the ability that the navigation system opposing is attacked by introducing the malice beacon isolation mech isolation test and the lightweight security protocol of mixing, in position fixing process, transducer at first receives alarm that neighbours check by " method 1 " and detects and isolate the malice beacon; The safety beacon number that filters out when transducer satisfies the location Calculation condition, then abandons all suspicion beacons, directly carries out self poisoning with reference to safety beacon and calculates; Otherwise adopt " method 2 " regional voting mechanism from the suspicion beacon, further to screen safety beacon.

3, wireless sensor safe positioning method according to claim 2 is characterized in that employing method 1 directly carries out the safety beacon quantity that self poisoning calculates and be at least 3.

4, wireless sensor safe positioning method according to claim 1 is characterized in that carrying out beacon screening step based on the checkpoint comprises:

(1) the beacon inspection is carried out in the checkpoint: adopt and mix the receiving mode monitor channel, when the destination node that listens to beacon signal and this beacon is a neighbor node, check then whether the measuring distance between this beacon and the checkpoint mates with the calculating distance, if coupling is legal beacon, not matching is the malice beacon, then generates a warning message and reports this beacon to relevant unknown node;

(2) locating information table of sensor arrangement is used to preserve all beacons of receiving and corresponding to the alarm number of times, will be wherein reported to the authorities the beacon that number of times be no more than thresholding τ and adds the safety beacon collection, and it then is the suspicion beacon that the alarm number of times surpasses τ.

5, wireless sensor safe positioning method according to claim 1 is characterized in that the beacon screening technique that carries out the zone ballot comprises the steps:

Step 1: transducer is at first determined self residing rectangular search zone (x _Min, y _Min) * (x _Max, y _Max), suppose beacon collection BS={bs _i| i=1,2 ..., n} is all beacons that transducer receives, BS ^*For safety beacon collection, if BS through method 1 screening ^*Promptly there is safety beacon in ≠ φ, then appoints and gets a safety beacon bs _i=(x _i, y _i, d _i), make (x _Min, y _Min) * (x _Max, y _Max)=(x _i-d _i, y _i-d _i) * (x _i+ d _i, y _i+ d _i); If BS ^*=φ, then order:

$x_{\min }\text{=}\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\min }(x_i-d_i),$ $x_{\max }\text{=}\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\max }(x_i+d_i),$ $y_{\min }\text{=}\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\min }(y_i-d_i),$ $y_{\max }\text{=}\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\max }(y_i+d_i),$

Step 2: selected candidate unit, transducer evenly is divided into the grid G that is made up of k * k unit, k==max (x with the region of search _Max-x _Min, y _Max-y _Min)/e _MaxIf, BS ^*=φ, the then selected unit that wherein can mate all safety beacons is as candidate unit, if BS ^*=φ, then selected all unit are as candidate unit; Unit g _MnWith beacon bs _iMatching condition be || g _Mn-(x _i, y _i) || _Max〉=d _i〉=|| g _Mn-(x _i, y _i) || _Min, wherein || g _Mn-(x _i, y _i) || _MaxWith || g _Mn-(x _i, y _i) || _MinBe respectively coordinate (x _i, y _i) to unit g _MnMaximum distance and minimum distance;

Step 3: the ballot screening, it is corresponding with grid G to set up a two-dimentional ballot table; When initial, the poll of each candidate unit correspondence is 0, if a candidate unit can mate a suspicion beacon, then its corresponding poll adds 1; Repeat this process, all finish matching test with all suspicion beacons up to each candidate unit; After the ballot, transducer is a verification unit with the highest unit of poll, and all suspicion beacons that can mate verification unit are added the safety beacon collection.

6, wireless sensor safe positioning method according to claim 1 and 2, the method for location comprises the steps: to it is characterized in that carrying out safely by transducer

1) generation of one-way key chain: central server is that each beaconing nodes b distributes a unique password PW _b, and use a unidirectional Hash function of crash-resistant to generate a unidirectional key chain: ${<k}_b^0,k_b^1,...,k_b^n>=<{\mathrm{pw}}_b,h\left({\mathrm{pw}}_b\right),...,h^n\left({\mathrm{pw}}_b\right)>,$ Wherein, n depends on that beaconing nodes need send the quantity of message;

2) sensor network disposition: before sensor network disposition, the key chain that central server distributes a step 1) to produce for each beaconing nodes, and with the ID of all beaconing nodes and the begin chain k of correspondence _b ⁿBe loaded into each network node;

3) Location Request: the transducer s of no-fix is to Location Request: s → *: s of neighbor node b broadcasting;

4) beacon is replied: each the neighbours' beaconing nodes b that receives Location Request replys a beacon: ${\mathrm{bs}}_b^j=\{s,b,(x_b,y_b),k_b^{n-j},j\},$ Wherein, (x _b, y _b) be the position coordinates of beaconing nodes b; k _b ^N-jAuthentication code for the current message of beaconing nodes b; J is the Hash counter, if receiving node has missed some middle cryptographic Hash, then can be synchronized to up-to-date key again according to the j value;

5) supervision of checkpoint: the checkpoint is adopted and is mixed the receiving mode monitor channel, when checkpoint c listens to beacon bs _b ^jThe time, check at first whether the sensor of interest of this beacon is neighbor node, if then carry out following processing:

1. authentication: the checkpoint is by the checking equation $h\left(k_b^{n-j}\right)=k_b^{n-j+1}$ Judge that whether this message is truly from beaconing nodes b, wherein k _b ^N-jBe the authentication code of carrying in the beacon message, k _b ^N-j+1The current authentication key about beaconing nodes b for receiving node is preserved passes through if authenticate, then checkpoint k _b ^N-jK in the substitute memory _b ^N-j+1, otherwise abandon this beacon, do not do further processing;

2. beacon verification: checkpoint c obtains distance D between itself and the beaconing nodes by the wireless distance finding technology _Measure, and by the checking inequality $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{measure}}|>e_{\max }$ Judge this beacon whether malice, wherein (x _c, y _c) be the coordinate position of checkpoint c self, e _MaxBe the maximum measure distance error that allows; If find it is the malice beacon, then checkpoint c sends a warning message to transducer s: ${\mathrm{alert}}_c^i=\{c,s,{\mathrm{beacon}}_b^j,k_c^{n-i},i\},$ K wherein _c ^N-iWith the implication of i and the k in the step 4) _b ^N-jIdentical with j;

6) transducer location: transducer receives the beacon and the warning message of all answers, and the authenticity of checking message, utilize the beacon and the warning message of replying to position calculating then, concrete position fixing process is: construct a locating information table, all beacons that preservation receives and corresponding quilt alarm number of times thereof, if wherein the number of safety beacon is less than 3, then execution area ballot method is further screened safety beacon, at last, transducer adopts the maximum likelihood estimation technique to estimate self-position with reference to safety beacon.

Images