CN101383699B - Cipher key pre-distributing method for sensor network - Google Patents

Abstract

The invention discloses a key predistribution method of a sensor network, which uses a rational normal curve in a projective space on the finite field to construct one type of key predistribution plan suitable for the radio sensor network, i.e. the inequation Q<2>(Q<3>-1) being more than or equal to N is solved firstly, the minimum prime number q in the solution set of the inequation is the parameter, the key number in a sub-key cell of the network is determined to be q<2>+q+1, each key in the sub-key cell is defined to the number, and q+1 keys are chosen from the sub-key cell to be used as one group, so N groups of keys and corresponding numbers are obtained, at last one group of keys and corresponding numbers thereof are distributed to one sensor. The distribution plan is constructed bythe steps, the numbers are permuted between the two sensors so that the enciphered communications can be performed, so others can not analyze and explain intercepted communication information betweenthe two sensors. The method has high safety communication probability, and is also convenient for enlarging the spread range and the density of the sensors according to the practical requirements.

Description

A kind of cipher key pre-distributing method of sensor network

Technical field

The present invention relates to the transmission field of digital information, be specifically related to the method for distributing key in secret or the secure communication.

Background technology

Wireless distributed sensor network can be used for measuring some physical datas (as heat, infrared ray, sonar, radar, seismic wave etc.) of surrounding environment, and by radio communication test result is beamed back the test station.Each transducer has the function of test and stored information, transmission and reception wireless signal, but owing to be subjected to the restriction of the resource that it has, the function of its storage and transmission information all is subjected to bigger restriction.When using sensor network, at first the transducer random scatter of some to be arrived test site, each transducer will send other transducer foundation contact in signal and the accessible scope of its radio communication then.Position distribution between the transducer was unknown before spreading to test site, and because the influence of environment of living in, the position of each transducer may be moved, and some transducer also may be destroyed, loss of function.In the time of will transmitting information between any two transducers, if their distance in emission radius separately, they just can directly transmit information.Otherwise transmission information can by delivering in relays, reach receiving sensor at last from sending transducer on an instantaneous selected formed passage of sensor chain.Formed communication port also may constantly change between the transducer.

Because be subjected to the restriction of the transducer energy, calculating and storage capacity, public-key cryptosystem can not adopt on this class network, utilizing symmetric cryptography is a feasible program.Transducer by random scatter before the test site, in each transducer, preset the key of some, they are spread to after the test site, two adjacent sensors (referring to that they are in the wireless signal transmission radius) as presetting identical key, just can utilize symmetric cryptography to carry out secure communication.Before transducer uses, the well-chosen group key of input in each transducer, the probability that makes any pair of sensors have same key is the bigger the better, and this probability is called safety and is communicated with probability.Because the storage capacity of transducer is restricted, the key number that can import is conditional.In addition, after certain transducer is destroyed, (for example stolen) by the enemy, the key of depositing in this transducer will be stopped using on whole network, and at this moment the safety connection probability of network is subjected to destruction to a certain degree, and the impaired probability of safety connection probability is called damage probability.Obviously the damage probability of network is the smaller the better, and it has reflected the anti-attack ability of network.More than two probability are two leading indicators estimating a cipher key pre-distribution scheme.Equally, secure communication also can be carried out on a sensor chain, as long as each all has safe contact to adjacent sensors on this chain.

Cipher key pre-distribution scheme on the known sensor network has two classes, and a class is a random device, the another kind of method that is based on Combination Design.In the one class scheme of back, J.Lee and D.Stinson are at Deterministic key predistributionschemes for sensor networks (IEEE WCNC2005, New Orleans) propose to utilize the cipher key pre-distribution scheme (hereinafter to be referred as the TD scheme) of following Transversal Design (TD) structure sensor network in the literary composition: establishing n is prime number, chooses an integer k and makes 2≤k≤n.Note set Z _N=0,1,2 ..., n-1}.Definition point set M={ (x, y) | 0≤x＜k, y ∈ Z _N, to Z _NIn any logarithm (i, j), define district's group (x, ix+j mod N) | 0≤x≤k-1}.This cipher key pre-distribution scheme can be supported n at most ²Individual transducer needs to store k key in each transducer, but the key of storing in each transducer more after a little while, and the number of sensors that whole network is supported is on the low side relatively, and sharply descends with the increase safety connection probability of number of sensors in the network.Therefore obviously there is following deficiency in the TD scheme: when 1, obtaining desirable safe connection rate, the storage and the computing capability of transducer are had relatively high expectations; 2, be not easy to constantly increase according to actual needs the cloth transducer, otherwise just can not guarantee secure communication; 3, the increase of the number of sensors of supporting along with network, safety are communicated with probability and sharply descend, and the sensor network that be used for high density, scatters on a large scale can't obtain higher safety and be communicated with probability.

(inventor v.24, publishes thesis on pp71-77) " a kind of based on finite field on the cipher key pre-distribution scheme of rational normal curve " at the applied mathematics journal in calendar year 2001.The model of this scheme is made of the set that some users formed a trust authority and one.Wherein, described trust authority produces a secret information for each user, and be distributed to the user in the mode of secret, make the user who gives in the franchise subclass can calculate encryption key, thereby can obtain enciphered message, and for the user in the subclass that is not authorized to, even any information of the encryption key of joining together also to can not get, so this method is not suitable for the cipher key pre-distribution of sensor network.

Summary of the invention

In view of there is above-mentioned deficiency in prior art, the invention provides a kind of cipher key pre-distributing method of sensor network, increase the technical problem that the cloth transducer can not guarantee secure communication in the set sensor network to solve.

The technical scheme that the present invention will address the above problem is:

A kind of cipher key pre-distributing method of sensor network, this method comprises the following steps:

(1) according to being dispersed in number of sensors N in the network, finds the solution inequation Q ²(Q ³-1) 〉=and N gets the Q value, and choosing prime number q minimum in the Q value is design parameter, and the Q in the wherein said inequation is a positive integer;

(2) from the pool of keys of symmetric cryptography, get q at random ²+ q+1 key is as the sub-key pond of described network;

(3) q in the antithetical phrase pool of keys ²+ q+1 key is titled with numbering, and this is numbered 1,2,3 ..., q ²+ q+1; Simultaneously,

(4) establish each key in the sub-key pond corresponding to a point in the projective space, the coordinate of remembering this point for (x, y z), work as x, and y and z during value, obtain the set of the pairing projective space point of key in the sub-key pond by the following method:

4.1) when x got 1, y, z got 0,1,2 respectively ..., q-1 obtains q ²Individual point (1, y, z);

4.2) when x gets 0, y got 1 o'clock, z gets 0,1,2 respectively ..., q-1, obtain q point (0,1, z);

4.3) when x and y get 0, z got 1 o'clock, obtained a point (0,0,1);

(5) determine to deposit in key in each transducer by following step:

5.1) with the q in the resulting sub-key pond ²It is a group that+q+1 key chosen q+1 key by the following method:

Produce earlier three rank invertible matrix at random $T=\left(\begin{array}{ccc}{a}_1& a_2& a_3\\ b_1& b_2& b_3\\ c_1& c_2& c_3\end{array}\right)$ , then with the subclass of T and the described set of step (4) (1, α, α ²) | α=0,1,2 ..., (x, y's each point among the q-1} ∪ { (0,0,1) } z) multiply each other, promptly $(x,y,z)\left(\begin{array}{ccc}{a}_1& a_2& a_3\\ b_1& b_2& b_3\\ c_1& c_2& c_3\end{array}\right)=(x{a}_1+y{b}_1+z{c}_1,x{a}_2+y{b}_2+z{c}_2,x{a}_3+y{b}_3+z{c}_3)$ Obtain the coordinate of q+1 point, again each coordinate figure of this q+1 point is got remainder after divided by q, get behind the remainder if the not point in the described projective space of step (4) is arranged, then each coordinate that will put is put the coordinate figure of first non-zero respectively divided by this, make this point in the described projective space point of step (4), until described q+1 point all being transformed in the described projective space point of step (4) the element a among the wherein said three rank invertible matrix T ₁, a ₂, a ₃, b ₁, b ₂, b ₃, c ₁, c ₂, c ₃Respectively 0,1,2,3 ... random value in the q-1 scope;

5.2) execution in step 5.1) N time, obtain N and organize mutually different point set, that is the N group key of resultant correspondence;

(6) with step 5.2) the corresponding numbering of being preced with deposits the distribution of promptly finishing key in N the transducer respectively in the N group key that obtains and the step (3).

Above-mentioned steps 5.1) described each coordinate specifically is made up of following steps divided by the method for the coordinate figure of first non-zero respectively:

Make in q+1 the point not the coordinate of the described projective space mid point of step (4) for (u, v, w), so,

If u ≠ 0 and u ≠ 1 a., then each coordinate that will put is divided by u;

If u=0 b., v ≠ 0 and v ≠ 1, then each coordinate that will put is divided by v;

If u=0 c., v=0, w ≠ 0 and w ≠ 1, then each coordinate that will put is divided by w.

Method of the present invention can be used for the cipher key pre-distribution in the wireless sensor network, and the pairing numbering of a group key that two transducer exchanges in described network store each other can be carried out coded communication.

The present invention utilizes the rational normal curve in the projective space on the finite field to construct a class to be fit to cipher key pre-distribution scheme in the wireless sensor network, promptly set up the one-to-one relationship between the point in key and the projective space, and be defined as each transducer according to the point in the rational normal curve and store which key, then determined and corresponding numbering is deposited in respectively in the transducer.So the allocative decision that makes up can carry out coded communication as long as any two transducers carry out the exchange of described numbering, so other people can't crack the communication information between the two sensors of being intercepted and captured.

By such scheme of the present invention as can be known, wherein said parameter q is inequation Q ²(Q ³-1) 〉=and N separates and concentrates minimum prime number, the therefore cipher key number that is deposited in according to determined each transducer of parameter q, and the actual number of sensors of supporting is much larger than design calculated value.Obvious thus, adopt the designed sensor network of the inventive method, when needs enlarge scattered band or improve distribution density, when promptly the quantity of transducer does not satisfy actual needs, can increase cloth as required at any time, and system need not upgrading.Method of the present invention, wherein the key that each transducer deposited in is all incomplete same, therefore can significantly improve safe level.In addition, the present invention compared with prior art, not only safe connection rate is high but also stable, can manyly because of the quantity of the transducer supported sharply not descend, it is obvious especially therefore to be used for the more network advantage of transducer.

Embodiment

Below the present invention is explained in further detail,, fully understands the effect that the inventive method can reach so that the public grasps method of the present invention better with a specific embodiment.

Have 1000 transducers in the sensor network described in this example, employed pool of keys is the pool of keys of symmetric cryptography commonly used, and its method for distributing key is as described below.

(1) according to the quantity of transducer in the network, make that Q is a positive integer, list inequation Q ²(Q ³-1) 〉=1000, separate the disaggregation that this equation gets Q, the least prime of choosing wherein 5 is design parameter q.

(2) from the pool of keys of symmetric cryptography, get q at random ²+ q+1=25+5+1=31 key is as the sub-key pond of described network.

(3) 31 keys in the antithetical phrase pool of keys are titled with numbering, and this is numbered 1,2,3 ..., 31.

(4) establish each key in the sub-key pond corresponding to a point in the projective space, the coordinate of remembering this point for (x, y z), work as x, and y and z during value, obtain the set of the pairing projective space point of key in the sub-key pond by the following method:

4.1) when x got 1, y, z got 0,1,2 respectively ..., 4, obtain 25 points and be (1,0,0), (1,0,1), (1,0,2), (1,0,3), (1,0,4), (1,1,0), (1,1,1), (1,1,2), (1,1,3), (1,1,4), (1,2,0), (1,2,1), (1,2,2), (1,2,3), (1,2,4), (1,3,0), (1,3,1), (1,3,2), (1,3,3), (1,3,4), (1,4,0), (1,4,1), (1,4,2), (1,4,3), (1,4,4) };

4.2) when x gets 0, y got 1 o'clock, z gets 0,1,2 respectively ..., 5-1 obtains 5 points and is (0,1,0), (0,1,1), (0,1,2), (0,1,3), (0,1,4);

4.3) when x and y get 0, z got 1 o'clock, obtained a point and was (0,0,1);

For the ease of comparison, the key of supposing described sub-key pond is K ₁, K ₂, K ₃... ..K ₃₁, the set of the projective space point of numbering that step (3) is preced with and the resulting correspondence of step (4) is arranged and can be obtained table 1 so.

Table 1

Key	K 1	K 2	K 3	K 1	K 5	K 6	K 7	K 8
									Numbering	1	2	3	4	5	6	7	8
The coordinate of point	(0，0，1)	(0，1，0)	(0，1，1)	(0，1，2)	(0，1，3)	(0，1，4)	(1，0，0)	(1，0，1)
									Key	K 9	K 10	K 11	K 12	K 13	K 14	K 15	K 16
Numbering	9	10	11	12	13	14	15	16
									The coordinate of point	(1，0，2)	(1，0，3)	(1，0，4)	(1，1，0)	(1，1，1)	(1，1，2)	(1，1，3)	(1，1，4)
Key	K 17	K 18	K 19	K 20	K 21	K 22	K 23	K 24
									Numbering	17	18	19	20	21	22	23	24
The coordinate of point	(1，2，0)	(1，2，1)	(1，2，2)	(1，2，3)	(1，2，4)	(1，3，0)	(1，3，1)	(1，3，2)
									Key	K 25	K 26	K 27	K 28	K 29	K 30	K 31
Numbering	25	26	27	28	29	30	31
									The coordinate of point	(1，3，3)	(1，3，4)	(1，4，0)	(1，4，1)	(1，4，2)	(1，4，3)	(1，4，4)

(5) determine to deposit in key in each transducer by following step:

5.1) be a group with choosing 6 keys in 31 keys in the resulting sub-key pond by the following method;

Earlier produce three rank invertible matrix at random under smaller or equal to 4 condition at element $T=\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)$ , since in this example the subclass of the resulting set of step (4) (1, α, α ²) | α=0,1,2 ..., the point among the q-1} ∪ { (0,0,1) } (x, y z) are following six points { (1,0,0), (1,1,1), (1,2,4), (1,3,4), (1,4,1), (0,0,1) }, so (x, y, z) * T obtains six point coordinates and is respectively:

$\left(\mathrm{1,0,0}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{1,3,1}\right);$

$\left(\mathrm{1,1,1}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{6,9,5}\right)$ , the result is got remainder divided by q=5 gets (1,4,0);

$\left(\mathrm{1,2,4}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{15,23,13}\right)$ , the result is got remainder divided by q=5 gets (0,3,3), again with each coordinate divided by 3, obtain (0,1,1);

$\left(\mathrm{1,3,4}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{8,25,15}\right)$ , the result is got remainder divided by q=5 gets (3,0,0), again with each coordinate divided by 3, obtain (1,0,0);

$\left(\mathrm{1,4,1}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{15,15,11}\right)$ , the result is got remainder divided by q=5 gets (0,0,1);

$\left(\mathrm{0,0,1}\right)\left(\begin{array}{ccc}1& 3& 1\\ 3& 2& 2\\ 2& 4& 2\end{array}\right)=\left(\mathrm{2,4,2}\right)$ , each coordinate divided by 2, is obtained (1,2,1).

Above-mentioned six points all in the described projective space of step (4), can get this six points by table 1, pairing six be numbered 1,3,7,18,23,27}, pairing six keys are { K ₁, K ₃, K ₇, K ₁₈, K ₂₃, K ₂₇.

5.2) for another transducer in the network, also produce another three rank invertible matrix at random under smaller or equal to 4 condition at element $T=\left(\begin{array}{ccc}1& 3& 1\\ 1& 1& 0\\ 0& 0& 1\end{array}\right)$ , equally set by step 5.1) described method, with subclass (1, α, α ²) | α=0,1,2 ..., the point { (1,0 among the q-1} ∪ { (0,0,1) }, 0), (1,1,1), (1,2,4), (1,3,4), (1,4,1), (0,0,1) } to take advantage of the coordinate of six points that T obtains respectively be { (1,0,0), (1,0,1), (1,2,1), (1,2,3), (1,3,0), (1,3,3) }, by table 1 can get these six points pairing six be numbered 7,8,18,20,22,25}, pairing six keys are { K ₇, K ₈, K ₁₈, K ₂₀, K ₂₂, K ₂₅.So repeat 1000 times, just obtain 1000 group keys and corresponding numbering thereof.

(6) 1000 group keys that obtain and corresponding numbering thereof deposit in respectively in 1000 transducers, promptly finish the distribution of key.

Provide computational methods and the result that scheme safety of the present invention is communicated with probability and damage probability below in conjunction with the foregoing description, compare calculating with the TD scheme described in the background technology simultaneously.

1, scheme safety of the present invention is communicated with the calculating of probability and damage probability

As everyone knows, it is that sensor network carries out safe and secret two important indicators of communicating by letter with damage probability that safety is communicated with probability, and the computing formula that the safety of scheme of the present invention is communicated with probability is a following formula I, and the formula of damage probability is a Formula Il

$p=\frac{\frac{5}{8}{q}^5+\frac{7}{8}{q}^4-\frac{7}{8}{q}^3-\frac{3}{8}{q}^2-\frac{1}{4}q-1}{q^5-q^2-1}---I$

$\mathrm{fail}=\frac{\frac{1}{3}{q}^9+\frac{13}{12}{q}^8-\frac{13}{6}{q}^7+\frac{11}{8}{q}^6-\frac{35}{24}{q}^5-\frac{7}{24}{q}^4+\frac{43}{24}{q}^3-\frac{13}{6}{q}^2+\frac{3}{2}q}{\frac{5}{8}{q}^{10}+\frac{7}{8}{q}^9-\frac{7}{8}{q}^8-q^7-\frac{9}{8}{q}^6-\frac{1}{8}{q}^5+\frac{3}{8}{q}^4+\frac{1}{4}{q}^3+q^2}.---\mathrm{II}$

With 5 difference substitution following formula I and the II of the q value in the foregoing description, get safety and be communicated with Probability p=0.767667, damage probability fail=0.125.

2, the number of sensors of system's support is communicated with probability and damage probability influence to safety

The safety that discloses the TD scheme according to J.Lee and D.Stinson in Deterministic key predistribution schemes for sensornetworks (IEEE WCNC2005, a New Orleans) literary composition is communicated with probability and damage probability is respectively shown in Formula Il I and the IV.

p＝k/(n+1) III

fail＝(n-2)/(n ²-2) IV

The theoretical foundation of technical scheme of the present invention is projective space and rational normal curve, and the number of sensors of described sensor network support is q ²(q ³-1).In view of the above, for the convenience of calculating and comparing, we might as well suppose that parameter q is respectively 5,7,11,13,17 and 29, adopt the quantity of the supported transducer of sensor network of scheme of the present invention to be respectively 3100,16758,160930,371124,1419568,20510308 so.According to the quantity of the sensor, suitable TD scheme can be supported number of sensors n ²Difference 53 ²=2809,127 ²16129,401 ²=160801,607 ²=368449,1187 ²=1408969 and 4523 ²=20457529.Adopt the safety of the present invention program and TD scheme to be communicated with Probability p and damage probability fafl at last according to above-mentioned formula I, II and III, IV, concrete outcome sees the following form 2.

Table 2

By table 2 as seen, under the suitable situation of the two number of sensors of supporting, the quantity of the key that deposits in each transducer equates that the damage probability of TD scheme seems lower, it is obviously on the low side that but safety is communicated with probability, and sharply descend along with the increase of number of sensors in the network.With respect to the TD scheme, safety of the present invention is communicated with probability and then exceeds more than 7 times, especially along with the increase of number of sensors in the network does not have tangible decline, therefore take all factors into consideration safety and be communicated with probability and these two indexs of damage probability, the present invention has advantage clearly, is more suitable for the safe and secret communication between the transducer of high density, distribution on a large scale.

3, increase the quantity of cloth transducer to safety connection probability and damage probability influence

The network of above-mentioned 1000 transducers, if density or the scope scattered can not satisfy actual needs, can increase cloth, can increase cloth to 3100 at most, and carry out verification with above-mentioned formula I and II, it is communicated with probability safely and is maintained 0.7677 substantially, and its damage probability also is maintained 0.12500 substantially.But adopt the network of 1000 transducers of the same design of TD scheme, will select to satisfy equation n ²〉=1000 least prime, n=37 as can be known can be calculated by formula III and IV and to be communicated with probability and damage probability is respectively 0.1579 and 0.0256.If transducer is increased cloth to 2809, it is communicated with probability safely then is 0.1111, and its damage probability then is 0.0181.This shows, adopt the network of the transducer of the inventive method design, in the scope of allowing, increase the cloth transducer and still can keep original safe and secret level, and adopt the TD scheme, if increase the cloth transducer in the scope of allowing, its safe and secret level will significantly descend.And when needs increased the cloth transducer, the sensor network of the present invention's design did not need to reset system parameters, and the scheme of TD then needs to reset system.

Claims (1)

1. the cipher key pre-distributing method of a sensor network, this method comprises the following steps:

(1) according to being dispersed in number of sensors N in the network, lists inequation Q ²(Q ³-1) 〉=N, find the solution the Q value, choosing in the Q value minimum prime number q is design parameter, the Q in the wherein said inequation is a positive integer;

(2) from the pool of keys of symmetric cryptography, get q at random ²+ q+1 key is as the sub-key pond of described network;

(3) q in the antithetical phrase pool of keys ²+ q+1 key is titled with numbering, and this is numbered 1,2,3 ..., q ²+ q+1; Simultaneously,

(4) establish each key in the sub-key pond corresponding to a point in the projective space, the coordinate of remembering this point for (x, y z), work as x, and y and z during value, obtain the set of the pairing projective space point of key in the sub-key pond by the following method:

4.1) when x got 1, y, z got 0,1,2 respectively ..., q-1 obtains q ²Individual point (1, y, z);

4.2) when x gets 0, y got 1 o'clock, z gets 0,1,2 respectively ..., q-1, obtain q point (0,1, z);

4.3) when x and y get 0, z got 1 o'clock, obtained a point (0,0,1);

(5) determine to deposit in key in each transducer by following step:

5.1) with the q in the resulting sub-key pond ²It is a group that+q+1 key chosen q+1 key by the following method:

Produce earlier three rank invertible matrix at random

Then with the subclass of the described set of step (4) (1, α, α ²) | α=0,1,2 ..., q-1}U{ (0,0,1) each point } (x, y, z) with produce three rank invertible matrix T at random and multiply each other, obtain the coordinate of q+1 point, again each coordinate figure of this q+1 point is got remainder after divided by q, get behind the remainder if the not point in the described projective space of step (4) is arranged, then each coordinate that will put is put the coordinate figure of first non-zero respectively divided by this, make this point in the described projective space point of step (4), until described q+1 point all transformed in the described projective space point of step (4), the element among the wherein said three rank invertible matrix T is respectively 0,1,2,3 ... random value in the q-1 scope;

5.2) execution in step 5.1) N time, obtain N and organize mutually different point set, that is the N group key of resultant correspondence and N group key are corresponding to the N group # in the step (3);

(6) with step 5.2) the N group key that obtains and N group key be corresponding to the N group # in the step (3), deposits the distribution of promptly finishing key in N the transducer respectively in;

Step 5.1) described each coordinate is made up of following steps divided by the method for the coordinate figure of first non-zero respectively:

Make in q+1 the point not the coordinate of the described projective space mid point of step (4) for (u, v, w), so,

If u ≠ 0 and u ≠ 1 a., then each coordinate that will put is divided by u;

If u=0 b., v ≠ 0 and v ≠ 1, then each coordinate that will put is divided by v;

If u=0 c., v=0, w ≠ 0 and w ≠ 1, then each coordinate that will put is divided by w.