CN101309151B - Safe positioning method for wireless sensor - Google Patents

Abstract

The invention discloses a safe positioning method for a wireless sensor; the safe positioning method adopts two safe positioning methods which are the malicious beacon detection based on the checkpoint and the malicious beacon detection algorithm based on the regional voting mechanism to solve the positioning safety problem of the sensor network nodes. The positioning method improves the anti-attack capability of the system through filtering the malicious beacons directly so that not only the known attacks can be defended, but also the unknown attacks can be defended; the corresponding defending measurement for every possible specific attack is avoided; the implementation of the safety strategy of the positioning system is simplified; the two detection methods are combined effectively to adjust the defending strategy automatically according to the attack types; the safe positioning is guaranteed and the computation cost is reduced effectively; the neighbor communication authentication technique based on the unidirectional key chain is adopted to avoid the support of other network safety protocols so that the storage cost of the sensor nodes is reduced; the neighbor communication authentication technique can be compatible and used together with the present wireless sensor network protocol; the safety target of the positioning system of the sensor network nodes is realized.

Description

Wireless sensor safe positioning method

Technical field

The invention belongs to network communications technology field; Relate to the wireless self-organization network safe practice; Specifically be based on conforming verification inside and outside the beacon, propose a kind of safe wireless sensor network node locating method, solve the safety problem of node locating in the sensor network; Be how node is correctly obtaining the geographical location information of oneself after disposing at random, prevent various internaling attack and external attack to node positioning system.

Background technology

The wireless multi-hop network that wireless sensor network is made up of the sensor node miniature in a large number, low-cost, low-power consumption that is deployed in the monitored area is realized collection, processing and issue to sensitive data in the monitored area.Sensor network has numerous advantages such as quick deployment, collaborative perception, high fault tolerance, therefore has application prospect in association areas such as military affairs, Homeland Security, environmental surveillance and city management.

As the bridge that connects physical world and digital world, the positional information of node is most important to the monitor activities of network in the sensor network.Sensor network must rely on the spatial relationship that the positional information of node is come building network, and reporting event or follow the tracks of external object according to this.In addition, the positional information of node also provides the important foundation of network functions such as network topology self-configuring, statistics network covering quality.Therefore transducer must adopt certain mechanism to realize the location after disposing earlier, could get into monitoring state.

1. the basic fixed position method of wireless senser

Receive the restriction of factors such as cost, volume, power consumption and autgmentability; Most of sensor networks adopt the auxiliary location mechanism of beaconing nodes; Its principle is as shown in Figure 1: network is disposed in advance on a small quantity through modes such as GPS and is realized the beaconing nodes of locating; Beacon obtains transducer and the position relation of peripheral a plurality of beaconing nodes through receiving and measuring, and adopts mathematical method to confirm himself position then.As shown in Figure 1: s is through measuring to b ₁, b ₂, b ₃Range information d ₁, d ₂, d ₃Confirm self-position.These location algorithms are broadly divided into: based on range finding location and non-distance measuring location.The former uses method calculating locations such as trilateration, triangulation or maximum likelihood estimation through distance or orientation between measured node, and ranging technology commonly used has RSSI, TOA, TDOA and AOA.And the latter only realizes location Calculation according to information such as network connectivties, and common algorithm has centroid algorithm, DV-Hop algorithm, convex programming algorithm and APIT algorithm etc.

2. the security threat that faces of node positioning system

Owing to self have fragility, node positioning system very easily suffers from inside and outside attack.On the one hand, the assailant possibly obtain inner trust through capturing node, thereby implements the location deception.On the other hand, the assailant also possibly adopt modes such as displacement node and interference signal to implement external attack.Obviously, the physics mobile node is to the most direct security threat of node positioning system.In addition, because all being some physical phenomenon (like time delay, power consumption, go into the angle and transmit jumping figure etc.) according to wireless beacon transmission, navigation system comes the position relation between measured node.The assailant is easy to adopt duplicate, block and to change means such as propagation path and distorts these measurement results.Because external attack directly is directed against the tender spots of location mechanism, need not to obtain inner trust, therefore can walk around the protection of various conventional security mechanism (like encryption and authentication etc.).

3. existing wireless sensor node safe positioning method

Node positioning system comes down to the coordination mechanism that a kind of physical attribute according to radio communication is confirmed the node space relation, and it realizes facing great challenge safely.At present, domestic and international existing security solution roughly can be generalized into three major types: (1) is based on the safety location of beacon attribute verification.For example, the safe location mechanism SeRLoc of a kind of non-distance measuring of people such as the L.Lazos proposition of the U.S. in 2004.Its principle is: beaconing nodes adopts directional antenna to send beacon to different sectors, and unknown node is estimated self-position according to the overlapping situation of beacon sector again.Utilize the uniqueness and the communication distance boundary property of beacon sector, SeRLoc can take precautions against Replay Attack.The people such as S.Capkun of the U.S. in 2006 propose a kind of based on the VM mechanism apart from threshold agreement.Utilization is apart from threshold agreement and triangle calibration technology, and the VM algorithm can be resisted various attacks of distorting range finding.(2) locate based on the safety of robust regression algorithm.These class methods are primarily aimed at the fragility problem that least square method exists, and come the ability of enhanced positioning system tolerant attack through the robustness that improves location Calculation.For example, the people such as Z.Li of the U.S. in 2005 introduce minimum intermediate value two and take advantage of the ability of estimating to improve navigation system tolerance attack.(3) locate based on the safety of intrusion detection.For example; A kind of malice beaconing nodes detection scheme that the people such as D.Liu of the U.S. in 2005 propose; Its principle is: each beaconing nodes uses detection ID to disguise oneself as sensor node initiatively to neighbours' beaconing nodes request positioning service; And with reference to self coordinate inspection the other side whether correct beacon is provided, at last by the base station unification with malice beaconing nodes isolation network.

But there is following shortcoming respectively in these above-mentioned 3 kinds of safe positioning strategies:

Strategy (1): these class methods often rely on the integrality that certain checkpoint comes verification beacon attribute, and system robustness is poor.For example, the VM calibration technology be based upon the assailant can not with the strong assumption of checkpoint collusion on; SeRLoc is based upon on the strong assumption that beacon signal can not get clogged, if the assailant has blocked the signal of relevant beaconing nodes, two geometrical properties (sector uniqueness and communication distance boundary property) that then are used to detect Replay Attack all can lose efficacy.

Strategy (2): the greatest problem of these class methods is calculated too complicated exactly.The amount of calculation of robust regression algorithm is often all bigger, can't be applicable to low-power consumption, sensor application field cheaply.For example, because median can not differential, the Z.Li scheme need adopt the bigger Monte Carlo random device of space-time complexity to find the solution minimum median problem.

Strategy (3): these class methods are detected object with the malice beaconing nodes, can only have potential safety hazard to internaling attack.For example; In the Liu detection scheme; If the assailant adopts the beacon message in the external attack method attack channel such as signal interference, though then the location of unknown node can not receive the influence of malice beacon, the source node of beacon is malice beaconing nodes and isolation network with scheme erroneous judgement to be detected; Thereby reduced the service quality of navigation system, even caused its paralysis.

In sum, with regard to the demand for security of whole node navigation system, existing solution does not all also form perfect security system, can only resist the attack pattern of part mostly, can't tackle the attack with characteristics such as knitting hidden and compound more.The content of invention

The object of the invention is to solve the deficiency of existing safe positioning method; Fully investigate the characteristic of sensor network and node locating mechanism; Propose a kind of wireless sensor safe positioning method, this method improves the anti-attack ability of transducer self poisoning through filtering malice beacon.The present invention comprises based on " the beacon screening of checkpoint " and " based on the beacon screening of checkpoint " two kinds of beacon screening techniques; Discern and filtering fallacious beacon through the internal consistency and the outside consistency of verification beacon respectively, and be applied to take precautions against the external attacker and the person of internaling attack respectively.

Method 1: based on the beacon screening technique of checkpoint

In position fixing process, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes.The checkpoint is reference with the self-position, and whether inner consistent (whether computed range matees measuring distance) come the detection of malicious beacon through the inspection beacon.If beacon inside is inconsistent, then explanation is the malice beacon.Find the malice beacon when the checkpoint and then send a warning information to neighbours' unknown node.Transducer statistics each receive beacon by alarm number of times, the beacon that defendant's number of times wherein is no more than thresholding τ is regarded as safety beacon, and all the other beacons are regarded as the suspicion beacon, i.e. the unknown beacon of safe condition.

Method 2: based on the beacon screening technique of regional voting mechanism

On the basis of method 1, introduce regional voting mechanism and further check inconsistent (localizing objects of malice beacon and the localizing objects of optimum beacon are often inconsistent, abbreviate as outside inconsistent) between beacon, and discern and filtering fallacious beacon according to majority principle.Its basic thought is: the target area is divided into a uniform lattice, and utilizes each beacon maybe residing unit to vote for transducer, then with the maximum unit of poll as verification unit, further detect whether malice of remaining suspicion beacon.If certain suspicion beacon can mate verification unit, explain that then it is a safety beacon, otherwise be the malice beacon.

The anti-wireless senser localization method of attacking of the present invention is on conventional location mechanism basis, through introducing the ability that the malice beacon isolation mech isolation test of mixing and lightweight security protocol improve the navigation system resisting attacks.Its basic thought is following: in position fixing process, the alarm that transducer at first receives neighbours' inspection through method 1 detects and isolates the malice beacon.The safety beacon that filters out when transducer satisfy the location Calculation condition (based on the location Calculation of range finding at least three of needs with reference to beacon); Then abandon all suspicion beacons; Directly carry out self poisoning and calculate, otherwise the regional voting mechanism of employing method 2 further screens safety beacon from the suspicion beacon with reference to safety beacon.

With existing node security localization method contrast, the present invention has the following advantages:

(1) the present invention improves the anti-attack ability of transducer self poisoning through filtering malice beacon; The measure that need not to take to take precautions against one by one to every kind of particular attack behavior that possibly occur is (like worm hole testing mechanism; The playback testing mechanism; The anti-tamper mechanism etc. of finding range), thus simplified the enforcement of security strategy.Not only be highly resistant to known attack, can also defend unknown attack.

(2) the beacon triage techniques based on the checkpoint can effectively filter the malice beacon that seat offence causes, and computing cost is little, but (captured node possibly lodge a false accusation against optimum beacon be the malice beacon) attacked in the false accusation that can't resist the person of internaling attack.And based on the beacon triage techniques strong robustness of voting in the zone, can effectively take precautions against the person's of internaling attack false accusation to attack, but resource overhead is bigger.The present invention has organically combined the advantage of two kinds of beacon triage techniqueses, can regulate defence policies according to adversary's attack pattern self adaptation, thereby when guaranteeing positioning security, effectively lower the computing cost of transducer.

(3) the present invention only adopts the neighbours' communication authentication technology based on one-way key chain.Its advantage comprises: 1. computing cost is little, and the generation of one-way key chain and distribution are accomplished by central server, and communication node only needs the hash computing of lightweight; 2. storage overhead is little, and 200 beaconing nodes are arranged in the hypothetical network, and node ID is used 8 bit representations, and the Hash function is output as 128.Then the storage overhead of transducer needs is (8+128) * 200=3400B, and MICA1 Motes has the 128kB flash memory, can satisfy the demand of embodiment of the present invention.3. need not key management; 4. need not whole message is carried out the MAC authentication.

Description of drawings

Fig. 1 is a sensor node navigation system sketch map

Fig. 2 is the position relation of beacon and checkpoint

Fig. 3 is the checkpoint principle schematic

Fig. 4 is for confirming the example of region of search: Fig. 4 (a) supposition transducer receives 4 beacon bs ₁～bs ₄Fig. 4 (b) bs ₄Situation for safety beacon; All beacons of Fig. 4 (c) all are the situation of suspicion beacon

Fig. 5 is the example of selected candidate unit and ballot screening: Fig. 5 (a) bs ₄Situation for safety beacon; Fig. 5 (b) bs ₂And bs ₄Situation for safety beacon; All beacons of Fig. 5 (c) all are the situation of suspicion beacon

Fig. 6 is the particular flow sheet of node security localization method

The functional arrangement of Fig. 7 formula (1)

Fig. 8 is the functional arrangement of formula (3)

Fig. 9 is provided with figure for simulating scenes

Figure 10 is the simulation result figure of verification and measurement ratio

Specific embodiments

In conjunction with above-mentioned accompanying drawing and subordinate list, the embodiment of the included various technical schemes of wireless sensor node safe positioning method of the present invention is described further.Enforcement of the present invention is supposed and precondition based on following being correlated with:

(1) the supposition sensor network uses the secret positioning and communicating of group key, mixes receive mode monitoring beacon on every side so that other nodes can adopt; (2) the supposition location Calculation is the center with the transducer, and transducer has certain wireless distance finding ability (like RSSI and TDOA etc.); (3) hypothetical network is disposed node at random with certain density, and this deployment model can be regarded the even poisson process on the geometry as; (4) if two nodes are in mutually in the other side's the communication coverage, then be referred to as neighbor node.

1. based on the enforcement explanation of the beacon screening technique of checkpoint

As shown in Figure 2, in position fixing process, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes.The checkpoint is reference with the self-position, and whether inner consistent (whether computed range matees measuring distance) come the detection of malicious beacon through the inspection beacon.

Checkpoint: adopt and mix the receiving mode monitor channel,, check then whether the measuring distance of this beacon and computed range mate when the destination node that listens to beacon signal and this beacon is a neighbor node.If do not match, be the malice beacon, then generate a warning message to relevant this beacon of unknown node report.The beacon of checkpoint inspection principle is as shown in Figure 3: self coordinate of supposition checkpoint is (x _c, y _c), the reference coordinates of claiming in the beacon message is (x _b, y _b), the measuring distance between checkpoint and the beaconing nodes is D _MeasureThen legal beacon should satisfy relation: $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{Measure}}|\≤e_{\mathrm{Max}},$ E wherein _MaxBe the maximum measure distance error that allows.Suppose navigation system range error error～N (0, σ ²), according to 3-σ criterion, then can make e _Max=3 σ, the probability of miscarriage of justice of checkpoint is reduced to 0.0026 like this.

Transducer: construct a locating information table (like table 1), all beacons that preservation receives and corresponding quilt alarm number of times thereof; And with the beacon adding safety beacon collection that wherein be no more than thresholding τ by the accusation number of times.With table 1 is example: supposition τ is 5, then beacon ₄Be suspicion beacon (the alarm number of times surpasses 5), and beacon ₁～beacon ₃Be safety beacon.

Beacon ID	The position is with reference to information	Defendant's number of times
			Beacon 1	(x 1，y 1，d 1)	1
Beacon 2	(x 2，y 2，d 2)	0
			Beacon 3	(z 3，y 3，d 3)	0
Beacon 4	(x 4，y 4，d 4)	6

2. the enforcement based on the beacon screening technique of zone ballot comprises the steps

Step 1 transducer is at first confirmed a regional (x of self residing rectangular search _Min, y _Min) * (x _Max, y _Max).Suppose beacon collection BS={bs _i| i=1,2 ..., n} is all beacons that transducer receives, BS ^*Be safety beacon collection (through technology 1 screening) wherein.If BS ^*≠ φ (having safety beacon) then appoints and gets a safety beacon bs _i=(x _i, y _i, d _i), make (x _Min, y _Min) * (x _Max, y _Max)=(x _i-d _i, y _i-d _i) * (x _i+ d _i, y _i+ d _i); If BS ^*=φ, then order:

$x_{\min }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\min }(x_i-d_i),x_{\max }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\max }(x_i+d_i),y_{\min }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\min }(y_i-d_i),y_{\max }=\underset{{\mathrm{bs}}_i\∈\mathrm{Bs}}{\max }(y_i+d_i);$

With Fig. 4 is that example further specifies.Shown in Fig. 4 (a), suppose BS={bs ₁, bs ₂, bs ₃, bs ₄.If BS ^*={ bs ₄, region of search (x then _Min, y _Min) * (x _Max, y _Max)=(x ₄-d ₄, y ₄-d ₄) * (x ₄+ d ₄, y ₄+ d ₄), like the dash area among Fig. 4 (b).If BS ^*=φ, then (x _Min, y _Min) * (x _Max, y _Max)=(x ₄-d ₄, y ₃-d ₃) * (x ₁+ d ₁, y ₂+ d ₂), like the dash area among Fig. 4 (c).

Step 2 is selected candidate unit: transducer evenly is divided into grid G with the region of search _{K * k}, k=max (x _Max-x _Min, y _Max-y _Min)/e _MaxIf BS ^*≠ φ (safety beacon is arranged), the then selected unit that wherein can mate all safety beacons is as candidate unit.If BS ^*=φ, then selected all unit are as candidate unit.Unit g _MnWith beacon bs _iMatching condition be ‖ g _Mn-(x _i, y _i) ‖ _Max>=d _i>=‖ g _Mn-(x _i, y _i) ‖ _Min, ‖ g wherein _Mn-(x _i, y _i) ‖ _MaxWith ‖ g _Mn-(x _i, y _i) ‖ _MinBe respectively coordinate (x _i, y _i) to unit g _MnMaximum distance and minimum distance;

Step 3 ballot screening: it is corresponding with grid G to set up a two-dimentional ballot table; When initial, the poll that each candidate unit is corresponding is 0, if a candidate unit can mate a suspicion beacon, then its corresponding poll adds 1; Repeat this process, all accomplish matching test with all suspicion beacons up to each candidate unit.After the ballot, transducer is a verification unit with the highest unit of poll, and all suspicion beacons that can mate verification unit are added the safety beacon collection.

The present invention further specifies step 2 and 3 (supposition k=10) through Fig. 5.Among Fig. 5 (a), bs ^*={ bs ₄, then candidate unit is all and bs ₄The unit that is complementary; Candidate unit cell [2,9] while and suspicion beacon bs ₁And bs ₂Coupling (who gets the most votes, 2) therefore is chosen as verification unit; At last, bs ^*=bs ^*∪ { bs ₁∪ { bs ₂}={ bs ₁, bs ₂, bs ₄.Among Fig. 5 (b), bs ^*={ bs ₂, bs ₄, then candidate unit is all and bs ₄And bs ₂The unit that is complementary (cell [1,3], cell [2,9]); Through ballot, cell [2,9] is chosen as verification unit; Therefore, bs ^*=bs ^*∪ { bs ₁}={ bs ₁, bs ₂, bs ₄.Among Fig. 5 (c), bs ^*=φ, then all unit all are candidate unit; Through ballot, cell [4,7] is chosen as verification unit; So bs ^*=bs ^*∪ { bs ₁∪ { bs ₂∪ { bs ₄}={ bs ₁, bs ₂, bs ₄.

3. sensor safe positioning method is implemented to comprise the steps

(1) generation of one-way key chain: central server is that each beaconing nodes b distributes a unique password PW _b, and use a unidirectional Hash function of crash-resistant (like SHA-1 or MD5) to generate a unidirectional key chain: <math><mrow><mtext>&lt;</mtext><msubsup><mi>k</mi><mi>b</mi><mn>0</mn></msubsup><mtext>,</mtext><msubsup><mi>k</mi><mi>b</mi><mn>1</mn></msubsup><mtext>， &amp;CenterDot; &amp;CenterDot; &amp;CenterDot; ,</mtext><msubsup><mi>k</mi><mi>b</mi><mi>n</mi></msubsup><mtext>>=<p</mtext><msub><mi>w</mi><mi>b</mi></msub><mtext>, h</mtext><mrow><mo>(</mo><mi>p</mi><msub><mi>w</mi><mi>b</mi></msub><mo>)</mo></mrow><mtext>， &amp;CenterDot; &amp;CenterDot; &amp;CenterDot; ,</mtext><msup><mi>h</mi><mi>n</mi></msup><mrow><mo>(</mo><mi>p</mi><msub><mi>w</mi><mi>b</mi></msub><mo>)</mo></mrow><mtext>>,</mtext></mrow></math> Wherein, n depends on that beaconing nodes need send the quantity of message (beacon message and warning message);

(2) sensor network disposition: before sensor network disposition, central server distributes the key chain that produces in the step 1 for each beaconing nodes, and with the ID of all beaconing nodes and the begin chain k of correspondence _b ⁿBe loaded into each network node.

(3) Location Request: the transducer s of no-fix broadcasts Location Request: s → * a: s to neighbours;

(4) beacon is replied: each the neighbours' beaconing nodes b that receives Location Request replys a beacon: ${\mathrm{Bs}}_b^j=\{s,b,(x_b,y_b),k_b^{n-j},j\}.$ Wherein, (x _b, y _b) be the position coordinates of beaconing nodes b; k _b ^N-jAuthentication code for b current message (j); J is the Hash counter, if receiving node has missed some middle cryptographic hash, then can come to be synchronized to again up-to-date key according to the j value;

(5) supervision of checkpoint: the checkpoint is adopted and is mixed the receiving mode monitor channel.C listens to bs when the checkpoint _b ^jThe time, check at first whether the sensor of interest of this beacon is neighbor node, if then carry out following processing:

1. authentication: the checkpoint is through the checking equality $h\left(k_b^{n-j}\right)=k_b^{n-\mathrm{<figure-callout\; id="1"\; label="j\; +"\; filenames="S2008101503089E00041.png,S2008101503089E00051.png"\; state="\{\{state\}\}">j</figure-callout>}+1}$ Whether judge this message truly from b, wherein k _b ^N-jBe the authentication code of carrying in the beacon message, k _b ^N-j+1The current authentication key of preserving for receiving node about b (is initially preallocated begin chain k _b ⁿ).If authentication is passed through, then k is used in the checkpoint _b ^N-jK in the substitute memory _b ^N-j+1, otherwise abandon this beacon, do not do further processing;

2. beacon verification: checkpoint c obtains the distance B between itself and the beaconing nodes through wireless distance finding technology _Measure, and through the checking inequality $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{Measure}}|>e_{\mathrm{Max}}$ Judge this beacon whether malice, wherein (x _c, y _c) be the coordinate position of checkpoint c self, e _MaxBe the maximum measure distance error that allows.If find it is the malice beacon, then checkpoint c sends a warning message to transducer s: ${\mathrm{Alert}}_c^i=\{c,s,{\mathrm{Beacon}}_b^j,k_c^{n-i+1},i\},$ K wherein _c ^N-i+1With the implication of i and the k in the step (4) _b ^N-jSimilar with j;

(6) transducer location: transducer receives the beacon and the warning message of all answers, and verifies the authenticity (being similar to step 5 1.) of these messages, utilizes these beacons and warning message to position calculating then.Concrete position fixing process is: construct a locating information table, all beacons that preservation receives and corresponding quilt alarm number of times thereof.If wherein the number of safety beacon (being no more than thresholding τ by alarming number of times) is less than 3, then execution area ballot method is further screened safety beacon; At last, transducer adopts the maximum likelihood estimation technique to estimate self-position with reference to safety beacon.

The flow process that sensor safe positioning method is implemented is as shown in Figure 6.

4. invention effect analysis

The present invention sets forth effect of the present invention from safety analysis, the verification and measurement ratio analysis of malice beacon and three aspects of emulation experiment assessment.Suppose and around a unknown node, disposed n optimum beaconing nodes and m malice beaconing nodes at random.

(1) attacks analysis

Obviously, malice beacon that seat offence caused inevitable because of exist inner inconsistent and seized make an inventory of find.What need special analysis here is local Replay Attack.The assailant possibly lure this beacon of checkpoint accusation into through retransmitting local beacon.But; Because the beacon of directly propagating is certain to arrive receiving node earlier than the beacon of resetting; Receiving node has also obtained up-to-date authentication code thus, and therefore the beacon of any playback can't be through the authentication of receiving node because its authentication code of carrying is out-of-date.

And lodge a false accusation against attack is the main attack pattern to this paper scheme.Legal beacon possibly lodged a false accusation against through making up warning message in a captive checkpoint, also possibly implement to lodge a false accusation against through the warning message of distorting other checkpoints and attack.With Fig. 2 is example, supposes that the assailant passes through monitor channel and collected a warning message alert who has nothing to do with s; When b sent beacon, the assailant took out alert and changes alarm object wherein into beacon that b sends, resends then to s; Then because the authentication code among the alert is fresh with respect to s, so s has accepted this accusation.Though it is truly feasible that two kinds of above-mentioned false accusations are attacked for the assailant, the influence of its generation is very limited.At first, this paper scheme is provided with a tolerance thresholding τ.The assailant need capture a checkpoint, τ+1 at least or distort the warning message that τ+1 has up-to-date authentication code and could effectively lodge a false accusation against a legal beacon.Secondly, even all beacons are all lodged a false accusation against, unknown node is accessible region territory ballot algorithm screening safety beacon still.

(2) the theoretical verification and measurement ratio p of method 1 ₁p ₁Equal a malice beacon and reported to the authorities the probability of number of times, promptly listen to the probability of the checkpoint number of this beacon greater than τ above thresholding τ.Can get by Poisson distribution:

${\mathrm{<figure-callout\; id="1"\; label="p"\; filenames="S2008101503089E00041.png,S2008101503089E00051.png"\; state="\{\{state\}\}">p</figure-callout>}}_1=p\left(\right|\mathrm{checkpoint}|>\mathrm{\&tau;})=1-{\mathrm{\&Sigma;}}_{i=0}^{\mathrm{\&tau;}}\frac{{(p_b\&times;A\left(o\right))}^i}{i!}{e}^{-(p_b\&times;A\left(o\right))}---\left(1\right)$

$A\left(o\right)=2[{\mathrm{<figure-callout\; id="2"\; label="r"\; filenames="S2008101503089E00041.png,S2008101503089E00062.png"\; state="\{\{state\}\}">r</figure-callout>}}^2\arccos \left(\frac{d}{r}\right)-d\sqrt{(r^2-d^2)}],d=\frac{|s-b|}{2}---\left(2\right)$

Wherein, p _bBe the deployment density of beaconing nodes, A (o) is the area (like the dash area among Fig. 2) in the common neighbours zone of beaconing nodes and unknown node.Fig. 7 is the functional arrangement of formula (1).As shown in the figure: p ₁Along with p _bIncrease and increase, and along with τ increases and reduces.Therefore can be according to p _bActual setting, through selecting suitable τ, to guarantee p ₁Can satisfy the demand for security of using.For example, make p ₁=0.99, work as P _b=0.01 o'clock, then τ got 5.

(3) the theoretical verification and measurement ratio p of technology 2 ₂p ₂Equal zone ballot screening method and select the probability of correct unit, promptly the number of votes obtained of correct unit is higher than the probability of number of votes obtained of the error unit of malice beacon indication.Because a beacon possibly mate a plurality of unit (promptly possibly vote to a plurality of unit); Removing optimum beacon votes to object element certainly; The fixing ballot of malice beacon (considering the sight of conspiracy attack) is given outside certain error unit, and remaining ballot can be thought random fashion.Therefore:

${\mathrm{<figure-callout\; id="2"\; label="p"\; filenames="S2008101503089E00041.png,S2008101503089E00062.png"\; state="\{\{state\}\}">p</figure-callout>}}_2=\underset{i=0}{\overset{m}{\mathrm{\&Sigma;}}}\left(\mathrm{Prob}(\mathrm{\&xi;}=i)\underset{j=0}{\overset{n+i-m-1}{\mathrm{\&Sigma;}}}\mathrm{Prob}(\mathrm{\&xi;}=j)\right)=\underset{i=0}{\overset{m}{\mathrm{\&Sigma;}}}\left(\begin{array}{c}m\\ i\end{array}\right){p_v}^i{(1-p_v)}^{m-i}\underset{j=0}{\overset{n+i-m-1}{\mathrm{\&Sigma;}}}\left(\begin{array}{c}n\\ j\end{array}\right){p_v}^j{(1-p_v)}^{n-j}---\left(3\right)$

Wherein, Prob (ξ=x) open probability, p with air ticket for certain candidate unit obtains x just _vBe that a beacon is voted to the probability (1≤p of certain unit at random _v≤2/k).Fig. 8 is functional arrangement (the supposition p of formula (3) _v=2/k).As shown in the figure: p ₂Increase with m reduces, when optimum checkpoint accounts for plurality, and p ₂Value is very good.For example, though when the ratio of malice beaconing nodes up to 40%, the p under the different n values ₂All still be higher than 85%.

(4) emulation experiment assessment.

Adopt matlab to realize that the present invention suggests plans.The test scene is as shown in Figure 9: a transducer is placed by central authorities in one 40 * 40 (rice) zone; Dispose some beaconing nodes (wherein n=16) on every side at random; The communication radius of node is 30 meters (so that transducer can receive the signal of all beaconing nodes); Thresholding τ is set at 5, whole experiment repetition 1000 times.Attack and external attack through malice beaconing nodes simulated interior: 1. internal attack behavior: the malice beaconing nodes conspires to issue wrong beacon, and lodges a false accusation against all legal beacons; 2. external attack behavior: the malice beaconing nodes is issued wrong beacon at random, and this is because external attacker is difficult to accurately to handle beacon and can't implements the malice accusation and attack.

Following two parameter indexs of the main assessment of experiment: 1. verification and measurement ratio, it equals the ratio that success filters out experiment number with total experiment number of all malice beacons.2. computing cost refers to the number of times of performance element and beacon matching test in this paper scheme.In the detection design of this paper, unknown node need not sent data, so the present invention only investigates computing cost.

Figure 10 provides the verification and measurement ratio experimental result of the present invention program to two types of attacks.As can beappreciated from fig. 10: 1. experimental result and theory analysis basically identical, wherein, to the verification and measurement ratio of external attack a little less than theoretical value p ₁(p ₁=0.99), to the verification and measurement ratio of internaling attack then a little more than theoretical value p ₂This is because in actual motion, and unknown node might not need execution area voting mechanism algorithm, and the ballot quantity of each beacon possibly (be pv≤2/k) less than 2k also.Therefore in addition, because the k value of each run all is dynamic change, the theoretical value with k=10 and k=20 compares.2. the increase with σ 2 values reduces to the verification and measurement ratio of internaling attack, and this is because the resolution high more (the k value is big more) of σ 2 more little then grids, and verification and measurement ratio is also high more.

Table 2 has provided computing cost situation of the present invention: 1. the computing cost to external attack all is 0 under different m values, and this is because this paper scheme only adopts the checkpoint to take precautions against external attack, need not execution area ballot step.2. internaling attack under the scene, when the m value hour, computing cost all levels off to 0; Along with the m value further increases, computing cost begins to enlarge markedly; Increase to a certain degree but work as the m value, computing cost tends towards stability again.This be because: when having only a small amount of malice checkpoint, unknown node can receive enough safety beacons and need not the execution area step; Along with the further increase of m value, the probability that normal beacons is lodged a false accusation against becomes greatly gradually, and the probability of unknown node execution area ballot step also increases gradually, so the corresponding increase of computing cost; But when this probability increased to 100%, computing cost tended towards stability again.3. then enlarge markedly with diminishing of σ 2 to the computing cost of internaling attack, this is that computing cost is also big more because the resolution of σ 2 more little then grids is high more.

Table 2

Experimental result shows that the composite defense strategy that this method adopts has effectively lowered computing cost when guaranteeing positioning security.

Though through describing practical implementation process of the present invention and analysis, showed advantage of the present invention,, the present invention does not receive the restriction of said detail, exemplary, typical method and emulation tool.Therefore, under the situation of the spirit of the general notion that does not depart from the applicant invention and scope, can be different with the details of claims.

Symbol description:

GPS: global positioning system

VM:Verifiable Multilateration can verify polygon measurement

MAC: message authentication code

The h:hash function

A (o): the area of regional o

BS: beacon collection

BS ^*: be the safety beacon collection,

Claims (5)

1. wireless sensor safe positioning method; Improve the anti-attack ability of transducer self poisoning through filtering malice beacon; It is characterized in that: this localization method comprises " based on the beacon sieve of checkpoint " and " based on the beacon sieve of regional voting mechanism " two kinds of beacon screening techniques; Discern and filtering fallacious beacon through the internal consistency and the outside consistency of verification beacon respectively, and be applied to take precautions against the external attacker and the person of internaling attack respectively;

Method 1: based on the beacon screening of checkpoint, utilize the redundant configuration of sensor network, introduce the part-time beacon that transmits in the monitor channel of checkpoint that serves as of beaconing nodes; The checkpoint is reference with the self-position; Whether mate through inspection computed range that beacon provided and measuring distance and to judge its whether malice beacon,, then explain it is the malice beacon if do not match; Find the malice beacon when the checkpoint and then send a warning information to neighbours' sensor node; Each sensor node statistics each receive beacon by alarm number of times, the beacon that wherein is no more than thresholding τ by the alarm number of times is regarded as safety beacon, and all the other beacons is regarded as the suspicion beacon;

Method 2: based on the beacon screening of regional voting mechanism; On the basis of method 1, introduce regional voting mechanism and further check inconsistent between beacon, and discern and filtering fallacious beacon, that is: the target area is divided into a uniform lattice based on majority principle; Utilize each beacon possibly to vote residing unit for sensor; Then with the maximum unit of poll as verification unit, further detect whether malice of remaining suspicion beacon, if certain suspicion beacon can mate verification unit; Illustrate that then it is a safety beacon, otherwise be the malice beacon;

Wherein, the transducer method of carrying out safety location comprises the steps:

1) generation of one-way key chain: central server distributes a unique password PW for each beaconing nodes _b, and use a unidirectional Hash function of crash-resistant to generate a unidirectional key chain: $<k_b^0,k_b^1,\&CenterDot;\&CenterDot;\&CenterDot;,k_b^n>=<{\mathrm{Pw}}_b,h\left({\mathrm{Pw}}_b\right),\&CenterDot;\&CenterDot;\&CenterDot;,h^n\left({\mathrm{Pw}}_b\right)>,$ Wherein, n depends on that beaconing nodes need send the quantity of message;

2) sensor network disposition: before sensor network disposition; Central server distributes the key chain of a step 1) generation for each beaconing nodes, and the ID and the corresponding begin chain of all beaconing nodes is loaded into each network node;

3) Location Request: the transducer s of no-fix is to Location Request of neighbours' beaconing nodes b broadcasting;

4) beacon is replied: each the neighbours' beaconing nodes b that receives Location Request replys a beacon:

Wherein, (x _b, y _b) be the position coordinates of neighbours' beaconing nodes b;

Authentication code for neighbours' beaconing nodes b current message; J is the Hash counter, if receiving node has missed some middle cryptographic hash, then can come to be synchronized to again up-to-date key according to the j value;

5) supervision of checkpoint: the checkpoint is adopted and is mixed the receiving mode monitor channel; When checkpoint c listens to beacon ; Whether the sensor of interest of at first checking this beacon is neighbor node; If then carry out following processing:

1. authentication: the checkpoint judges that through checking equality

whether this message is truly from neighbours' beaconing nodes b; Wherein

is the authentication code of carrying in the beacon message; The current authentication key that

preserves for receiving node about neighbours' beaconing nodes b; If authentication is passed through; Then the checkpoint is used

in

substitute memory otherwise is abandoned this beacon, does not do further processing;

2. beacon verification: checkpoint c obtains the distance B between itself and the beaconing nodes through wireless distance finding technology _Measure, and through the checking inequality $|\sqrt{{(x_c-x_b)}^2+{(y_c-y_b)}^2}-D_{\mathrm{Measure}}|>e_{\mathrm{Max}}$ Judge this beacon whether malice, wherein (x _c, y _c) be the coordinate position of checkpoint c self, e _MaxBe the maximum measure distance error that allows; If find it is the malice beacon, then checkpoint c sends a warning message to transducer s:

With in the implication of i and the step 4) Identical with j;

6) transducer location: transducer receives the beacon and the warning message of all answers; And the authenticity of checking message; Utilize the beacon and the warning message of replying to position calculating then, concrete position fixing process is: construct a locating information table, all beacons that preservation receives and corresponding quilt alarm number of times thereof; If wherein the number of safety beacon is less than 3; Then execution area ballot method is further screened safety beacon, and is last, and transducer adopts the maximum likelihood estimation technique to estimate self-position with reference to safety beacon.

2. wireless sensor safe positioning method according to claim 1; It is characterized in that on conventional location mechanism basis; Introducing is based on the beacon screening technique of checkpoint and beacon screening technique based on regional voting mechanism; Improve the ability of navigation system resisting attacks, in position fixing process, transducer at first receives alarm that neighbours check through " method 1 " and detects and isolate the malice beacon; The safety beacon number that filters out when transducer satisfies the location Calculation condition, then abandons all suspicion beacons, directly carries out self poisoning with reference to safety beacon and calculates; Otherwise adopt " method 2 " regional voting mechanism from the suspicion beacon, further to screen safety beacon.

3. wireless sensor safe positioning method according to claim 2 is characterized in that employing method 1 directly carries out the safety beacon quantity that self poisoning calculates and be at least 3.

4. wireless sensor safe positioning method according to claim 1 is characterized in that carrying out beacon screening step based on the checkpoint comprises:

(1) the beacon inspection is carried out in the checkpoint: adopt and mix the receiving mode monitor channel; When the destination node that listens to beacon signal and this beacon is a neighbor node; Check then whether measuring distance and computed range between this beacon and the checkpoint mate; If coupling is legal beacon, not matching is the malice beacon, then generates a warning message to relevant this beacon of unknown node report;

(2) locating information table of sensor arrangement is used to preserve all beacons of receiving and corresponding to the alarm number of times, is added the safety beacon collection with wherein reporting to the authorities the beacon that number of times is no more than thresholding τ, and it then is the suspicion beacon that the alarm number of times surpasses τ.

5. wireless sensor safe positioning method according to claim 1 is characterized in that the beacon screening technique that carries out the zone ballot comprises the steps:

Step 1: transducer is at first confirmed a regional (x of self residing rectangular search _Min, y _Min) * (x _Max, y _Max), suppose beacon collection BS={bs _i| i=1,2 ..., n} is all beacons that transducer receives, BS ^*For safety beacon collection, if BS through method 1 screening ^*Promptly there is safety beacon in ≠ φ, then appoints and gets a safety beacon bs _i=(x _i, y _i, d _i), then make (x _Min, y _Min) * (x _Max, y _Max)=(x _i-d _i, y _i-d _i) * (x _i+ d _i, y _i+ d _i); If BS ^*=φ, then order:

$x_{\min }=\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\min }(x_i-d_i),x_{\max }=\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\max }(x_i+d_i),y_{\min }=\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\min }(y_i-d_i),y_{\max }=\underset{{\mathrm{bs}}_i\&Element;\mathrm{Bs}}{\max }(y_i+d_i);$

Step 2: selected candidate unit, transducer evenly is divided into the grid G that is made up of k * k unit, k=max (x with the region of search _Max-x _Min, y _Max-y _Min)/e _Max, e _MaxBe the range error of maximum, if BS ^*≠ φ, the then selected unit that wherein can mate all safety beacons is as candidate unit, if BS ^*=φ, then selected all unit are as candidate unit; Unit g _MnWith beacon bs _iMatching condition do || g _Mn-(x _i, y _i) || _Max>=d _i>=|| g _Mn-(x _i, y _i) || _Min, wherein || g _Mn-(x _i, y _i) || _MaxWith || g _Mn-(x _i, y _i) || _MinBe respectively coordinate (x _i, y _i) to unit g _MnMaximum distance and minimum distance;

Step 3: the ballot screening, it is corresponding with grid G to set up a two-dimentional ballot table; When initial, the poll that each candidate unit is corresponding is 0, if a candidate unit can mate a suspicion beacon, then its corresponding poll adds 1; Repeat this process, all accomplish matching test with all suspicion beacons up to each candidate unit; After the ballot, transducer is a verification unit with the highest unit of poll, and all suspicion beacons that can mate verification unit are added the safety beacon collection.

Images