CN101557587A - Management method of hierarchical tree key in wireless sensor network (WSN) - Google Patents
Management method of hierarchical tree key in wireless sensor network (WSN) Download PDFInfo
- Publication number
- CN101557587A CN101557587A CNA2009100717282A CN200910071728A CN101557587A CN 101557587 A CN101557587 A CN 101557587A CN A2009100717282 A CNA2009100717282 A CN A2009100717282A CN 200910071728 A CN200910071728 A CN 200910071728A CN 101557587 A CN101557587 A CN 101557587A
- Authority
- CN
- China
- Prior art keywords
- node
- key
- network
- tree
- base station
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a management method of a hierarchical tree key in a wireless sensor network (WSN). The method comprises the steps of: before distributing sensor nodes, distributing an SF (session key), a hash function used for encryption and a unique ID to each node; establishing a WSN in a clustering mode by the nodes and generating a hierarchical tree simultaneously; in the hierarchical tree, calculating a lower node key according to an upper node key; during communication, recording all IDs of the nodes passing through, calculating a key of a child node by a father node, and calculating the keys of each node by adopting the father key and the child key as communication keys and base station dynamic condition; and issuing key updating by a base station and re-calculating the keys in the tree. The nodes with different importance is differentially protected, the cost of network maintenance is reduced, the network storage content is reduced, the contradiction between the safety requirement and expandability, and short network lifetime is overcome, and the network lifetime is simultaneously prolonged under the case of ensuring the safe communication of the nodes.
Description
(1) technical field
The present invention relates to a kind of netkey management and session key update method, specifically can be applicable in the sub-clustering formula wireless sensor network.
(2) background technology
In wireless sensor network, because sensor node often is deployed in unattended adverse circumstances, guarantee that it is vital carrying out safe transfer of data between node, as the basic service that safety function is provided, key management plays an important role in the encryption of information and authentication, therefore, to prolong the life cycle of network be the key content of current research to the key managing project of seeking low energy consumption.Because sub-clustering formula wireless sensor network can reduce volume of transmitted data by the fusion to data, improve network performance, proposed a lot recently about key managing project based on the sub-clustering network.In the existing sub-clustering key managing project, or, increased the burden of node because node participates in the forming process of bunch key; Or owing to reasons such as the inefficacy of leader cluster node do not solve, the node memory space is big, can not be widely used, overcome the short contradiction of prior art demand for security and extensibility and network life cycle and need to be resolved hurrily.
Mainly contain about open report: a kind of security arrangement model (M Tubaishat of document [1] sensor network based on the key managing project of sub-clustering, J Yin, B Panja, et al.A Secure Hierarchical Modelfor Sensor Network[J] .SIGMOD Rec.2004,33 (1): 7-13), lightweight key Managed Solution (M Eltoweissy in document [2] wireless sensor network, M Younis, K Ghumman.Lightweight KeyManagement for Wireless Sensor Networks[C] .IEEE Int Perform Comput CommunConfProc.2004:813-818)) etc.
(3) summary of the invention
The object of the present invention is to provide a kind of expense that can reduce maintaining network, reduce network storage amount, the middle-level tree key management method of a kind of wireless sensor network that when guaranteeing to carry out secure communication between node, prolongs the life cycle of network.
The object of the present invention is achieved like this:
1, before the spreading sensor node, gives each node assign sessions key SK and encryption hash function and unique identity ID;
2, node is set up wireless sensor network in the sub-clustering mode, and generates hierarchical tree;
3, in the hierarchical tree, according to the key of the cipher key calculation lower level node of upper layer node;
4, when communication, successively upwards write down all node ID of process, father node calculates its child's key and as the communication key of the two, the key of base station each node of dynamic calculation according to this;
5, initiate key updating by the base station, recomputate the key of all nodes in the tree.
The present invention can also comprise:
1, described node is set up wireless sensor network in the sub-clustering mode, and generates in the hierarchical tree, after bunch formation, in each bunch, hierarchical tree in forming bunch, in all bunches, form with the leader node be root bunch between hierarchical tree.
2, in the described hierarchical tree, according to the key of the cipher key calculation lower level node of upper layer node be: calculate the key K and the broadcasting of father node, child nodes is received cipher key calculation its private cipher key of broadcasting according to father node.
3, described by base station initiation key updating, the method that recomputates the key of all nodes in the tree is: in the time will inserting new node in the network or want deletion of node, number by base station record new node or failure node, when the decision operation is carried out, the base station produces new key and is broadcast to whole network during processing, upgrades the key of residue node in the network.
From above-mentioned implementation as can be seen, the present invention has following beneficial effect:
1. utilize the present invention, because each node is only stored the private cipher key of self, the base station need not the key of memory node but generates dynamically when needed, and then has saved the needed memory space of network.
2. method provided by the invention, in hierarchical tree, because the key of lower level node is the part of upper layer node key, so be no more than r (r>0, r represents anti-the catching property of network) inefficacy of individual lower level node, can not influence remaining network, and upper layer node can help the fail safe of enhanced system as the object of protection of emphasis; When r lower level node lost efficacy, the operation of a deletion of node will be carried out in the base station, and failure node is isolated in outside the network, has guaranteed the safety of network.
3. utilize the present invention, in hierarchical tree, when node inserts, as long as the ID of broadcasting new node gives network, from neighbors, find the maximum neighbors of dump energy as father node afterwards, and according to bunch head of how much campaigning for of energy, last, according to the key of father node, the ID of new node, calculate the key value of new node.So, method provided by the invention, it is also more outstanding to carry out more on the new management and extension of network adaptability performance at key.
4. method provided by the invention can realize the different node of importance is protected, and has reduced the expense that all nodes bring in the emphasis maintaining network, in the process that key produces, only needs father node once to broadcast, and has reduced the traffic of transmitting key; After node is hunted down, decide when carry out key updating by the base station according to the number of destroyed node, reduced by frequently carrying out the communication overhead that key updating brought, saved the energy of node, prolonged network life cycle.
The 5 this methods of in sensor network key being distributed and managing provided by the invention have solved after leader cluster node lost efficacy, the assignment problem of residue node.
(4) description of drawings
Fig. 1 be bunch in the hierarchical tree that forms;
Fig. 2 be bunch between the hierarchical tree that forms;
Fig. 3 is the insertion and the deletion of ordinary node;
Fig. 4 is the deletion of leader cluster node.
(5) embodiment
For example the present invention is done description in more detail below in conjunction with accompanying drawing:
The middle-level tree key management method of a kind of wireless sensor network of the present invention, mainly realize by following several steps:
1, before the spreading sensor node, give each node assign sessions key SK and encryption hash function and unique identity ID, the private cipher key of each node is not stored in the base station.
2, node is set up wireless sensor network in the sub-clustering mode, and generates hierarchical tree: after bunch formation, in each bunch, hierarchical tree in forming bunch, in all bunches, form with the leader node be root bunch between hierarchical tree.
3, in the hierarchical tree, according to the key of the cipher key calculation lower level node of upper layer node: calculate the key K and the broadcasting of father node, child nodes is received its private cipher key of cipher key calculation according to father node.
4, when communication, successively upwards write down all node ID of process, then father node can calculate its child's key and as the two communication key, the key that the base station also can each node of dynamic calculation.
5, initiate key updating by the base station, recomputate the key of all nodes in the tree: in the time will inserting new node in the network or want deletion of node, number by base station record new node or failure node, when the decision operation is carried out, the base station can produce new key and be broadcast to whole network during processing, upgrades the key of residue node in the network.
Fig. 1 is the hierarchical tree that forms in group.The formation mechanism of this hierarchical tree is: after bunch formation, leader cluster node can be selected the child nodes of the interior node of its communication range as it, other node also finds child nodes in the same way, and just having formed in each bunch with bunch head like this is the hierarchical tree of root node.In a plurality of leader cluster nodes, select the root node of hierarchical tree between a conduct bunch, be called the leader node, thereby formed the hierarchical tree of whole network, Fig. 2 be bunch between the hierarchical tree that forms.
After hierarchical tree forms, the base station produces the very big key (binary form of establishing key is shown the n position) of length for the root node of tree, and for forming the few key of some figure places, its all child nodes (adopt binary form to be shown the m position according to it, and m<n), the multiple method that is generated m position key by n position key can be arranged then.Intercepting m among the n is regarded as combinatorial problem in the position, and consider the situation of circulation intercepting m position from n, t=n-m+1+ (m-1)=n kind method is then arranged, make A=2
m-1, the binary form of A is m individual 1, it is the n position that A is replenished, the n-m position of front mends 0, by to behind the ring shift left of A and n position key do AND operation (with G=[A>>(n-h)] | (A<<h), the position to A ring shift left h is realized in h>0), and from the result, take out with G in 1 corresponding realize the intercepting of different m position.
The computation key process is as follows:
1, the identifier of establishing the leader node is ID, at first, produces a key K (establishing the integer that K is a n position) by the base station, encrypts K with SK and is broadcast to leader;
2, after the leader node was received, with SK deciphering, node calculated h=ID mod t, h ∈ [0, t-1] wherein, and G=[A>>(n-h)] | (A<<h), K
c=K﹠amp; G (K
cBe the m position of intercepting K and the n position key that contains n-m individual 0), from K
cIn take out and G in the position of 1 correspondence, among removal and the G 0 corresponding, obtain m position key K
Ce, last, calculate leader node key K
h=Hash (K
Ce), encrypt K with SK
hAnd once be broadcast to its all child nodes, delete SK and K;
3, after each child nodes is received,, calculate key separately respectively, h with the SK deciphering
i=ID
iMod t, G
i=[A>>(n-h
i)] | (A<<h
i), K
Ci=K
h﹠amp; G
i, from K
CiIn take out with G in 1 corresponding m position, obtain K
Cie, calculating K
i=Hash (K
Cie), i>0, node is preserved its part key information respectively, is broadcast to its child nodes after the encryption, the key of deletion SK and father node;
4, the 3rd step above circulation is carried out is up to each leaf node.
Fig. 3 is the insertion and the deletion of ordinary node:
1, the inserting step of node: when new node joins request, need the base station to verify to adding ingress, after checking is passed through, the ID that can broadcast new node to find neighbors for it, and therefrom select the father node of the node of an energy maximum as new node, afterwards, new node is compared with a bunch dump energy, if it is more than bunch head, then a new node and a bunch switch become new bunch head, and be last, the base station can produce a new cipher key broadcasting again and give network, begins to recomputate key from top to bottom along hierarchical tree from the leader node.
2, the deletion step of ordinary node: when ordinary node lost efficacy, can directly produce a new cipher key broadcasting again and give network, begin to recomputate key from top to bottom along hierarchical tree from the leader node by the base station.
Fig. 4 is the deletion of leader cluster node, step is: if when the base station finds to have leader cluster node to lose efficacy, then to judge the child nodes of bunch head that lost efficacy, therefrom select and have the maximum node of dump energy and replace leader cluster node, and keep new bunch of head and the child nodes before it to concern constant, again produce a new cipher key broadcasting by the base station and give network, begin to recomputate key from top to bottom along hierarchical tree from the leader node.
Claims (5)
1, the middle-level tree key management method of a kind of wireless sensor network is characterized in that:
(1) before the spreading sensor node, gives each node assign sessions key SK and encryption hash function and unique identity ID;
(2) node is set up wireless sensor network in the sub-clustering mode, and generates hierarchical tree;
(3) in the hierarchical tree, according to the key of the cipher key calculation lower level node of upper layer node;
(4) when communication, successively upwards write down all node ID of process, father node calculates its child's key and as the communication key of the two, the key of base station each node of dynamic calculation according to this;
(5) initiate key updating by the base station, recomputate the key of all nodes in the tree.
2, the middle-level tree key management method of a kind of wireless sensor network according to claim 1, it is characterized in that: described node is set up wireless sensor network in the sub-clustering mode, and in the generation hierarchical tree, after bunch formation, in each bunch, hierarchical tree in forming bunch, in all bunches, form with the leader node be root bunch between hierarchical tree.
3, the middle-level tree key management method of a kind of wireless sensor network according to claim 1 and 2, it is characterized in that: in the described hierarchical tree, key according to the cipher key calculation lower level node of upper layer node is: calculate the key K and the broadcasting of father node, child nodes is received cipher key calculation its private cipher key of broadcasting according to father node.
4, the middle-level tree key management method of a kind of wireless sensor network according to claim 1 and 2, it is characterized in that: described by base station initiation key updating, the method that recomputates the key of all nodes in the tree is: in the time will inserting new node in the network or want deletion of node, number by base station record new node or failure node, when the decision operation is carried out, the base station produces new key and is broadcast to whole network during processing, upgrades the key of residue node in the network.
5, the middle-level tree key management method of a kind of wireless sensor network according to claim 3, it is characterized in that: described by base station initiation key updating, the method that recomputates the key of all nodes in the tree is: in the time will inserting new node in the network or want deletion of node, number by base station record new node or failure node, when the decision operation is carried out, the base station produces new key and is broadcast to whole network during processing, upgrades the key of residue node in the network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100717282A CN101557587B (en) | 2009-04-08 | 2009-04-08 | Management method of hierarchical tree key in wireless sensor network (WSN) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100717282A CN101557587B (en) | 2009-04-08 | 2009-04-08 | Management method of hierarchical tree key in wireless sensor network (WSN) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101557587A true CN101557587A (en) | 2009-10-14 |
| CN101557587B CN101557587B (en) | 2011-01-26 |
Family
ID=41175477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100717282A Expired - Fee Related CN101557587B (en) | 2009-04-08 | 2009-04-08 | Management method of hierarchical tree key in wireless sensor network (WSN) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101557587B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883115A (en) * | 2010-06-25 | 2010-11-10 | 北京交通大学 | Access authentication method and system thereof |
| CN101959218A (en) * | 2009-10-25 | 2011-01-26 | 苏州大学 | Method for detecting event region based on splay tree |
| CN102196429A (en) * | 2011-04-27 | 2011-09-21 | 暨南大学 | Encrypted data fusion method for wireless sensor network |
| CN102202376A (en) * | 2010-03-23 | 2011-09-28 | 中兴通讯股份有限公司 | Joining network and method for joining wireless sensor network (WSN) terminal in network |
| CN103175571A (en) * | 2011-12-22 | 2013-06-26 | 中国科学院沈阳自动化研究所 | Power transmission line intelligent monitoring system based on network of things |
| CN103249035A (en) * | 2012-02-09 | 2013-08-14 | 美新微纳传感系统有限公司 | Wireless sensor network data encryption transmission method |
| CN103297959A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团广东有限公司 | Method for encryption in sensor network, encryption device and sensor network |
| CN103491536A (en) * | 2012-06-13 | 2014-01-01 | 株式会社理光 | State control method for mobile nodes and secret key receiving verifier of mobile nodes |
| CN103813316A (en) * | 2012-11-07 | 2014-05-21 | 中国移动通信集团公司 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
| CN106549754A (en) * | 2016-11-24 | 2017-03-29 | 北京爱接力科技发展有限公司 | The method and apparatus of management key |
| CN106658539A (en) * | 2016-12-23 | 2017-05-10 | 苏州工业职业技术学院 | Moving path planning method for mobile data collector in wireless sensor network |
| CN108958205A (en) * | 2018-08-21 | 2018-12-07 | 深圳艾迪宝智能系统有限公司 | A kind of cluster network working method and system |
| CN112106323A (en) * | 2018-07-12 | 2020-12-18 | 塞克罗斯股份有限公司 | Method for establishing a secure hierarchical reference system |
| CN112235324A (en) * | 2020-12-14 | 2021-01-15 | 杭州字节信息技术有限公司 | Key management system, updating method and reading method based on KeyStore key tree |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100924773B1 (en) * | 2002-09-16 | 2009-11-03 | 삼성전자주식회사 | Method for encrypting and decrypting metadata and method for managing metadata and system thereof |
| CN1487750A (en) * | 2002-09-30 | 2004-04-07 | 北京三星通信技术研究有限公司 | Cipher managing and distributing method in multimedia broadcast and multicasting service |
-
2009
- 2009-04-08 CN CN2009100717282A patent/CN101557587B/en not_active Expired - Fee Related
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101959218A (en) * | 2009-10-25 | 2011-01-26 | 苏州大学 | Method for detecting event region based on splay tree |
| CN101959218B (en) * | 2009-10-25 | 2013-04-17 | 苏州大学 | Method for detecting event region based on splay tree |
| CN102202376A (en) * | 2010-03-23 | 2011-09-28 | 中兴通讯股份有限公司 | Joining network and method for joining wireless sensor network (WSN) terminal in network |
| CN101883115A (en) * | 2010-06-25 | 2010-11-10 | 北京交通大学 | Access authentication method and system thereof |
| CN102196429B (en) * | 2011-04-27 | 2014-08-06 | 暨南大学 | Encrypted data fusion method for wireless sensor network |
| CN102196429A (en) * | 2011-04-27 | 2011-09-21 | 暨南大学 | Encrypted data fusion method for wireless sensor network |
| CN103175571A (en) * | 2011-12-22 | 2013-06-26 | 中国科学院沈阳自动化研究所 | Power transmission line intelligent monitoring system based on network of things |
| CN103175571B (en) * | 2011-12-22 | 2016-06-01 | 中国科学院沈阳自动化研究所 | Power transmission line intelligent based on Internet of Things monitors system |
| CN103249035A (en) * | 2012-02-09 | 2013-08-14 | 美新微纳传感系统有限公司 | Wireless sensor network data encryption transmission method |
| CN103297959A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团广东有限公司 | Method for encryption in sensor network, encryption device and sensor network |
| CN103297959B (en) * | 2012-02-28 | 2017-01-25 | 中国移动通信集团广东有限公司 | Method for encryption in sensor network, encryption device and sensor network |
| CN103491536A (en) * | 2012-06-13 | 2014-01-01 | 株式会社理光 | State control method for mobile nodes and secret key receiving verifier of mobile nodes |
| CN103491536B (en) * | 2012-06-13 | 2016-04-27 | 株式会社理光 | The key reception validator of mobile node condition control method and mobile node |
| CN103813316A (en) * | 2012-11-07 | 2014-05-21 | 中国移动通信集团公司 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
| CN103813316B (en) * | 2012-11-07 | 2017-03-22 | 中国移动通信集团公司 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
| CN106549754A (en) * | 2016-11-24 | 2017-03-29 | 北京爱接力科技发展有限公司 | The method and apparatus of management key |
| CN106658539A (en) * | 2016-12-23 | 2017-05-10 | 苏州工业职业技术学院 | Moving path planning method for mobile data collector in wireless sensor network |
| CN106658539B (en) * | 2016-12-23 | 2020-07-07 | 苏州工业职业技术学院 | Mobile path planning method for mobile data collector in wireless sensor network |
| CN112106323A (en) * | 2018-07-12 | 2020-12-18 | 塞克罗斯股份有限公司 | Method for establishing a secure hierarchical reference system |
| CN112106323B (en) * | 2018-07-12 | 2024-03-22 | 塞克罗斯股份有限公司 | Method for storing and reading data on a storage device in an untrusted environment |
| CN108958205A (en) * | 2018-08-21 | 2018-12-07 | 深圳艾迪宝智能系统有限公司 | A kind of cluster network working method and system |
| CN112235324A (en) * | 2020-12-14 | 2021-01-15 | 杭州字节信息技术有限公司 | Key management system, updating method and reading method based on KeyStore key tree |
| CN112235324B (en) * | 2020-12-14 | 2021-03-02 | 杭州字节信息技术有限公司 | Key management system, updating method and reading method based on KeyStore key tree |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101557587B (en) | 2011-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101557587B (en) | Management method of hierarchical tree key in wireless sensor network (WSN) | |
| EP3242437B1 (en) | Light-weight key update mechanism with blacklisting based on secret sharing algorithm in wireless sensor networks | |
| Xiao et al. | A survey of key management schemes in wireless sensor networks | |
| KR101486030B1 (en) | Method for combining authentication and secret keys management mechanism in a sensor network | |
| Tubaishat et al. | A secure hierarchical model for sensor network | |
| CA2698942C (en) | Simplified secure symmetrical key management | |
| US20060029226A1 (en) | Method of updating group key of secure group during new member's registration into the secure group and communication system using the method | |
| CN101155024A (en) | Effective key management method and its operation method for sensor network with clustering structure | |
| CN104980921B (en) | A kind of wireless sensor network key distribution method | |
| CN103929744B (en) | A kind of key management method of wireless sensor network | |
| KR20060128142A (en) | Key managing method in tree topology network for broadcast encryption | |
| Mehdizadeh et al. | Lightweight decentralized multicast–unicast key management method in wireless IPv6 networks | |
| WO2011041933A1 (en) | Method for key pre-distribution and key establishment in a sensor network | |
| KR100640058B1 (en) | Method of managing a key of user for broadcast encryption | |
| CN115765968A (en) | Homomorphic encrypted data security fusion method based on combined random number | |
| CN112383944A (en) | Unmanned aerial vehicle swarm self-adaptive networking method with built-in block chain | |
| Zhang et al. | A new security scheme for wireless sensor networks | |
| KR100640057B1 (en) | Method of managing a key of user for broadcast encryption | |
| Ba et al. | A deterministic key management scheme for securing cluster-based sensors networks | |
| Bao et al. | A key management scheme based on grouping within cluster | |
| Abraham et al. | An efficient protocol for authentication and initial shared key establishment in clustered wireless sensor networks | |
| Moharrum et al. | Dynamic combinatorial key management scheme for sensor networks | |
| Teymorian et al. | CAB: A cellular automata-based key management scheme for wireless sensor networks | |
| Jiang et al. | LEP: A lightweight key management scheme based on EBS and polynomial for wireless sensor networks | |
| Gañán et al. | BECSI: Bandwidth efficient certificate status information distribution mechanism for VANETs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: RUGAO PRODUCTIVITY PROMOTION CENTER Free format text: FORMER OWNER: HARBIN ENGINEERING UNIV. Effective date: 20130923 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 150001 HARBIN, HEILONGJIANG PROVINCE TO: 226503 NANTONG, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130923 Address after: 226503 Deng yuan community, Rugao Economic Development Zone, Jiangsu 15 Patentee after: Rugao Productivity Promotion Center Address before: 150001 Heilongjiang, Nangang District, Nantong street, building No. 145, Harbin Engineering University, Intellectual Property Office Patentee before: Harbin Engineering Univ. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110126 Termination date: 20180408 |