CN101754206A - Multi-dimensional en-route filtering method of wireless sensor network - Google Patents

Multi-dimensional en-route filtering method of wireless sensor network Download PDF

Info

Publication number
CN101754206A
CN101754206A CN200910264881A CN200910264881A CN101754206A CN 101754206 A CN101754206 A CN 101754206A CN 200910264881 A CN200910264881 A CN 200910264881A CN 200910264881 A CN200910264881 A CN 200910264881A CN 101754206 A CN101754206 A CN 101754206A
Authority
CN
China
Prior art keywords
node
group
key
cipher key
reference axis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910264881A
Other languages
Chinese (zh)
Other versions
CN101754206B (en
Inventor
周学海
李曦
杨峰
张起元
高妍妍
陈香兰
余艳玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Institute for Advanced Study USTC
Original Assignee
Suzhou Institute for Advanced Study USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Institute for Advanced Study USTC filed Critical Suzhou Institute for Advanced Study USTC
Priority to CN200910264881.7A priority Critical patent/CN101754206B/en
Publication of CN101754206A publication Critical patent/CN101754206A/en
Application granted granted Critical
Publication of CN101754206B publication Critical patent/CN101754206B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a multi-dimensional en-route filtering method of a wireless sensor network. A network key database is divided into a plurality of clusters, and each node can be joined in a group in each cluster. The rejection service attack and the false report attack in the wireless sensor network can be effectively dealt with, the problem of the traditional en-route filtering method that the coverage performance and the filtering performance cannot be simultaneously improved can be solved, and at the same time higher trapping resistance can be still maintained.

Description

Filter method in the multi-dimensional en-route of wireless sensor network
Technical field
The present invention relates to the filter method in a kind of wireless sensor network, relate in particular to filter method in a kind of multi-dimensional en-route of wireless sensor network.
Background technology
Wireless sensor network is an emerging cross discipline technology that is expected to wireless network, modern sensor and the integrated fusion of embedded system three big core industrial technologies.It can be widely used in military and civilian every field such as autonomous in real time monitoring and the long-range tracking of target.Its application scenarios is the environment that the people is had danger (as chemical field) a bit, and some is the scene with hostile property (as battlefield of both sides at war).Therefore, for the wireless sensor network of autonomous operation, fail safe is the unusual key characteristic that also is absolutely necessary.
Because wireless sensor network generally has characteristics such as remote deployment, autonomous operation,, wherein just comprise false data injection attacks and false data report attack so all kinds of attacks are captured and be used for starting to the easy victim of sensor node.The false data injection attacks is meant that captive sensor node sends a large amount of false data bags so that exhaust Internet resources, and the false data report is attacked and is meant that captive sensor node sends the false data report and makes false judgment so that mislead aggregation node.The false data injection attacks is similar to the Denial of Service attack in the Internet, and the method for reply Denial of Service attack mainly comprises the egress filtering and the tracking etc. of tracing to the source in the Internet.Tracking need be collected the lot of data newspaper because trace to the source, so present wireless sensor network field is tackled the scheme of this two classes attack and is mainly filtration in the one dimension way, be that cipher key store is divided into a plurality of groups, each node selects to add a group, selects the storage of part key then in this group.A legal packet must obtain the mark of T monitoring node, and node utilizes the packet of its incident correspondence of being monitored of its key tag of storing, perhaps authenticates and filters transmitting packet.
Covering performance, filter efficiency, anti-capturing property are to weigh the three big indexs of filtering solution in the way.After the incident in optional position took place in the network, the probability that the pairing packet of this incident can carry T legal mark was p, and then p has represented the spreadability of network.Suppose that a false data bag on average is filtered after being forwarded h step, then h has represented the filter efficiency of scheme.Suppose total N node in the network, the network area area is A, and under n the captive situation of node, the assailant can forge A nFalse data in the area and not being found, then A n/ A represents anti-the capturing property of network.
Filtering scheme: SEF in the way of present existence three quasi-representatives, LBRS, GBSEF.Wherein SEF is a filtering scheme in the way that proposes the earliest, each node is selected the storage of fraction key randomly in cipher key store in this scheme, each node secret key encryption and filtering data bag of oneself, but anti-the capturing property of SEF scheme is relatively poor, the assailant captures about 2T node, and probability that just can be high is forged the incident that betides any zone in the network.In order to solve the anti-relatively poor problem of capturing property of SEF, LBRS has proposed the key distribution scheme based on geographical location information, it is the node that the assailant captures some, then can only forge these node corresponding region institute events, simultaneously, in order to improve the covering performance of scheme, LBRS is divided into the L group with the netkey storehouse, wherein L is much larger than T, but because node may have been stored the key of a large amount of null packets in the way, so reduced filter efficiency, though LBRS has been alleviated this problem by the light beam model, but the light beam model requires aggregation node not move, and system must adopt the specific routing mechanism based on geographical location information, has caused scheme versatility deficiency.The GBSEF solution only is divided into the T group with the netkey storehouse, can under the prerequisite that does not rely on static aggregation node and specific routing mechanism, significantly improve filter efficiency like this, but because the netkey storehouse only is divided into the T group, by calculating as can be known, the incident that occurs in the network area will be reduced by the probability that T node from the T group detects just, therefore, the covering performance of this scheme is lower.Can obtain conclusion by theory analysis and experimental verification: filtering scheme or can not guarantee anti-capturing property in the one dimension way, perhaps under the prerequisite that guarantees anti-capturing property, can not improve covering performance and filter efficiency simultaneously.
Summary of the invention
Purpose of the present invention is exactly in order to solve the above-mentioned problems in the prior art, and filter method in a kind of multi-dimensional en-route of wireless sensor network is provided
Purpose of the present invention is achieved through the following technical solutions:
Filter method in the multi-dimensional en-route of wireless sensor network, it may further comprise the steps:
1. step is divided into whole cipher key store two-layer, be provided with M cipher key sets and G set of cipher key, and each set of cipher key comprises S key;
2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into;
Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, determine self-position by location algorithm, each node is selected the own set of cipher key that adds of needing in each set.
Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.
5. step calculates its projected position on every reference axis to node, according to the projected position on group that it added and every the reference axis, determines the key in its each cipher key sets that need store;
6. step when the incident of generation, surveys a plurality of nodes of this incident, common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting, utilize its key of storing that this report is verified, if checking not by abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, determine to accept or abandon this report according to the checking result.
Filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: before 3. described each node of step is being disposed, all be assigned with a hash function H, be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.
Further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: the 3. described node of step at first by a random number generating algorithm, is selected the group group that preparation adds as this node, i.e. { G at random in each set after deployment 1, G 2..G M, G wherein iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..
Further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: the 3. described node v of step generates its information<v for preparing broadcasting, L v, { G V1, G V2... G VM, wherein v represents node i d, L vThe position of expression node v, G ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G 1, G 2... G M, linked list element supposes to have m node preparation adding group G in set i according to the dist descending i, dist represents the beeline between node v is in this m node; Node v receives the broadcasting<u of arbitrary node u (being the information that node v has received some node broadcasts, claiming that then this node point is node u, is in order to express easily), L u, { G U1, G U2... G UMAfter, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design Vu, if the chained list that node v renewal itself is safeguarded is { G U1, G U2... G UMExist in the former chained list and suppose that its corresponding dist is dist 1If L Vu<dist 1, then replace dist1, otherwise keep dist with Lvu 1Constant; If { G U1, G U2..G UMThere is not general<L then in the former chained list Vu, { G U1, G U2... G UMThe insertion chained list; Node v upgrades the information and the broadcast message of its grouping; (for example gather 1 for any one cipher key sets j, set 2 etc., for each set, all be to adopt to come in such a way to determine), node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j, if also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add, the node v node that chosen distance selects most from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of determining its required adding with quadrat method; If DT does not exhaust, jump to step 2..
Again further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: step is 6. described to be verified as, and supposes that original datagram is D, simultaneously D carry a message authentication code MAC (k, D); Wherein MAC is an overall situation function, and all nodes know that all k is a key; If node i stores key k (in the present invention just, key is corresponding with the geographical position, node i can judge whether oneself grasps key k by obtaining the geographical position that datagram took place), then node i is also calculated MAC (k, D), if with datagram in MAC (k, D) unanimity of carrying, then checking is passed through, otherwise does not pass through.
The advantage of technical solution of the present invention is mainly reflected in: Denial of Service attack and the spurious report that can tackle effectively in the wireless sensor network are attacked, solve in traditional way the problem that covering performance and strainability cannot improve simultaneously in the filter method, still kept higher anti-capturing property simultaneously.
Description of drawings
Purpose of the present invention, advantage and characteristics will illustrate by the non-limitative illustration of following preferred embodiment and explain.These embodiment only are the prominent examples of using technical solution of the present invention, and all technical schemes of taking to be equal to replacement or equivalent transformation and forming all drop within the scope of protection of present invention.In the middle of these accompanying drawings,
Fig. 1 is the schematic diagram of network configuration;
Fig. 2 is the schematic diagram that key is formed;
Fig. 3 is the schematic diagram that generates datagram;
Fig. 4 is the schematic diagram of node broadcasts verify data newspaper;
Fig. 5 is the schematic diagram that filters in the way.
Embodiment
Filter method in the multi-dimensional en-route of wireless sensor network, its special feature is may further comprise the steps: 1. step is divided into whole cipher key store two-layer, be provided with M cipher key sets and G set of cipher key, and each set of cipher key comprises S key; 2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into; Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, determine self-position by location algorithm, each node is selected the own set of cipher key that adds of needing in each set.Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.5. step calculates its projected position on every reference axis to node, according to the projected position on group that it added and every the reference axis, determines the key in its each cipher key sets that need store; 6. step when the incident of generation, surveys a plurality of nodes of this incident, common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting, utilize its key of storing that this report is verified, if checking not by abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, determine to accept or abandon this report according to the checking result.
Further, before 3. described each node of step is being disposed, all be assigned with a hash function H, be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.And, after deployment,, in each set, select the group group that preparation adds as this node at random, i.e. { G at first by a random number generating algorithm at the 3. described node of step 1, G 2..G M, G wherein iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..
Again further, the 3. described node v of step generates its information<v for preparing broadcasting, L v, { G V1, G V2... G VM, wherein v represents node i d, L vThe position of expression node v, G ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G 1, G 2... G M, linked list element supposes to have m node preparation adding group G in set i according to the dist descending i, dist represents the beeline between node v is in this m node.
And node v receives broadcasting<u of arbitrary node u, L u, { G U1, G U2... G UMAfter, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design Vu, if the chained list that node v renewal itself is safeguarded is { G U1, G U2... G UMExist in the former chained list and suppose that its corresponding dist is dist 1If L Vu<dist 1, then replace dist1, otherwise keep dist with Lvu 1Constant; If { G U1, G U2... G UMThere is not general<L then in the former chained list Vu, { G U1, G U2... G UMThe insertion chained list; Node v upgrades the information and the broadcast message of its grouping; For arbitrary collection j, node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j, if also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add, the node v node that chosen distance selects most from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of determining its required adding with quadrat method; If DT does not exhaust, jump to step 2..
In conjunction with practical application of the present invention, its system model is as follows: the general hypothesis that adopts this area, be promptly no longer mobile after general sensor nodes is disposed, but aggregation node (being data collection point) can move, this meets wireless sensor network model commonly used.In other words, the ordinary node of detection data does not need to move, and data collection point might move so that gather its interested data better.Simultaneously, the route mode is not done any hypothesis, promptly this method can and be deposited with all kinds of Routing Protocols.
Further combined with workflow of the present invention:
If A is the Minimum Area of energy overlay node deployment region, in A, select suitable position as the reference position, the coordinate that makes this position is 0.Simultaneously a reference coordinate axle is set in this zone, is called reference axis 1, reference axis 1 rotates to an angle and forms reference axis 2.And the rest may be inferred, forms reference axis i+1 after reference axis i rotates to an angle.Every reference axis is initial point with the reference position all, and the unit length of establishing reference axis is 1, and then the network manager can set the physical length of reference axis as the case may be.Thus, each node all has a projected position on every reference axis, if this position is positioned at the k section (node) of this reference axis, claims that then the projected position of this node on this reference axis is k.
Simultaneously, suppose that the cipher key store of whole network is made up of M cipher key sets (Set), wherein each cipher key sets comprises G set of cipher key (Group).If the projected length of reference axis i in the network area is L iEach set of cipher key of then gathering i all comprises L iIndividual key, wherein each key is corresponding to unit length in the reference axis (segment).Thus, each node all selects a set of cipher key to add in each set, make adjacent node add as far as possible a set not on the same group in.It has the advantage of progressively refinement, even also can obtain result relatively preferably in extremely short running time, along with the increase of running time, the precision of algorithm also will improve.
And each node all has a projected position on every reference axis, supposes that the projected position of node K on reference axis i is K i, node K has added the j set of cipher key of gathering i according to above algorithm simultaneously, and then node K will obtain the pairing key in j set of cipher key Ki position among the cipher key sets i.For other all cipher key sets, node K will obtain corresponding key simultaneously.These keys are become the detection key, when promptly node K detects an incident generation, will come this incident of mark with the mark that this key generates.Moreover node K also will the j set of cipher key select the position of some at random in set i, and will obtain corresponding key, and these keys are become authenticate key.The datagram that node K will utilize this type of key authentication to receive.
In order to prolong the life-span of whole network, reduce the power consumption of individual node, the present invention does not adopt probe node to form cluster (cluster), is sent the form of detection data newspaper then by cluster head (cluster head).And adopt following a kind of mode at random to generate detection data newspaper: suppose that a legal datagram should carry the individual not isolabeling (MAC) of T, then when an incident takes place, the node that the detects description of part is at first as to this reached an agreement, comprising locale, the just following tuple of node broadcasts towards periphery of each node that detects then:
1, S 1, MAC} ... { i, S i, MAC} ... { M, S M, MAC}}, wherein in i cipher key sets, node adds S iGroup.
Further, the information of its neighbor node broadcasting of each nodes records when it collects abundant MAC, just is combined into a complete datagram.For fear of repeating transmission, each node is the monitoring wireless channel all, and each node all has a timer at random simultaneously, just complete datagram is sent after timer time exhausts.If node listens to complete datagram and is sent out, then timer is cancelled.Otherwise,, then send the datagram that is generated if timer time exhausts.
Receive a datagram when a node, at first extract locale, correspondingly calculate its projected position on every reference axis.If this node has been stored and has been used for the key of this datagram of mark, verify then whether its entrained MAC is correct.
In conjunction with Fig. 5,,, then transmit this datagram if correct or this node is not stored corresponding key if incorrect then abandon this datagram.Aggregation node carries out last checking to all datagrams of receiving, because it has all keys, so can carry out this operation.
In conjunction with Fig. 1, the illustrated network environment of the present invention is as follows: each legal datagram need be by 8 from the same group node institute mark not, and whole cipher key store is divided into 2 cipher key sets, and wherein each cipher key sets is made up of 4 set of cipher key.Suppose that sensor network is distributed in the rectangular extent, wherein aggregation node is positioned at rectangular centre.
In conjunction with Fig. 2, the present invention in the present embodiment supposes that whole cipher key store is made up of two cipher key sets, and each cipher key sets comprises four set of cipher key.Node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation.Can realize that the present invention selects timer to represent DT by timer or counter.
After node is disposed, at first start timer, move a random number generating algorithm then, generate a random number in the respective range, select pairing group of group that preparation adds as this node of this random number for each is integrated into.
If timer makes zero, then algorithm finishes, and the group that preparation adds will if the time does not exhaust, then continue the following algorithm of operation as the final group that adds of this node.
As shown in Figure 1, whole cipher key store is divided into two cipher key sets in a practical application, and each cipher key sets comprises 4 set of cipher key.Each node adopts CSMA/CA protocol broadcast location message<v, L v, { G 1, G 2, wherein v represents node i d, L vThe position of expression node v, G 1With G 2Represent that respectively it is in set 1 and the group of gathering preparation adding in 2.
Adopt the CSMA/CA agreement can solve the channel confliction problem, so in a channel region, only have a node in its positional information of broadcasting in a certain period of time.Simultaneously, if produce conflict, then each node random back certain hour monitor channel again, so whole algorithm has at random the characteristic with justice.
And each node v keeps a chained list, and wherein linked list element is<dist, { G 1, G 2, { G 1, G 2Represent that some neighbor node of node v has added G in set 1 1Group.In set 2, added G 2Group, dist represents the distance of the own nearest-neighbors of distance in node v and these neighbor nodes.Wherein linked list element is according to the descending of dist.
As shown in Figure 3, suppose that it is<1 that node 1 is prepared the information of broadcasting at present, L 1, 3,4} 〉, at present its chained list of safeguarding for<2.1,1,3} 〉,<3.9,2,2}〉}, i.e. expression exists one or more neighbours to add set of cipher key 1 in set 1, add set of cipher key 3 in set 2, these neighbours are 2.1 to the minimum distance of oneself, exist one or more neighbours to add set of cipher key 2 in set 1, add set of cipher key 2 in set 2, these neighbours are 3.9 to the minimum distance of oneself.Conflict with other nodes generations when but node 1 is broadcasted by the CSMA/CA agreement, node 1 is selected random back, and node 1 is received broadcast message<7 of node 7 in this process, L7,3,2} 〉, just the distance that calculates between the two is 1.9, and the own chained list of being safeguarded of renewal is {<1.9, { 3,2} 〉,<2.1, { 1,3} 〉,<3.9,2,2}〉}.
Specifically, because the neighbours of node 1 have added set of cipher key 1,2,3 respectively in cipher key sets 1, so node 1 selects to add set of cipher key 4.In cipher key sets 2, the neighbours of node 1 add set of cipher key 2,3 respectively, and node 1 is selected to add set of cipher key 3 or 4 at random, finally is chosen as 4.Therefore the information of node 1 renewal oneself needs broadcasting is<1, L1,4,4} 〉.Above computing moves always, equals 0 up to DT, and node 1 is intended the promptly own selected final grouping of grouping in the broadcast message at this moment.As can be seen, this method is distributed, and each node all will select the group different with its neighbor node to add as far as possible, finally makes the node mean allocation in each group.Algorithm is long more running time, and the effect that then distributes is good more, therefore has adaptability preferably.
Though can think that conceptive each node is to select corresponding key in certain set of cipher key, because the key of node is relevant with the position among the present invention, node generally can not grasped the position that it will be disposed in advance in actual applications.Therefore, the concrete grammar of node acquisition key is as follows among the present invention: each node all will obtain 4 master keys and a hash function before disposing, 4 master keys are expressed as K respectively 1, K 2, K 3, K 4After node 1 was disposed, by moving the grouping selection algorithm of a last joint, node 1 had added the 4th group that gathers in 1, and promptly the corresponding master key of this group is K 4K4, then node i obtains its key K corresponding to paragraph s in this group in the following way s=H (K 4, 1, s), the corresponding secret key computational methods in other set are identical.After key obtained, node was just deleted its master key of storing.
As shown in Figure 3, when an incident takes place, the node in investigative range all will according to fixed format generate datagram, and the hash function by storage in advance generates message authentication code with the monitoring key then, and broadcasts this message authentication code to neighbor node.
For example, the verify data newspaper of node 2 broadcasting is illustrated in node 2 and adds set of cipher key 2 in cipher key sets 1, and generate corresponding message authentication code as shown in Figure 4, adds set of cipher key 3 in cipher key sets 2, and generates corresponding message authentication code.Abundant authentication code (coming from 8 set of cipher key in 2 cipher key sets) is collected in set 1, just can be integrated into a complete datagram and send to aggregation node.
If the position that incident takes place in the present embodiment is projected as 5 on reference axis 1, on reference axis 2, be projected as 6, after then node 12 was received datagram in the way, the paragraph 6 that at first judges whether to select the paragraph 5 of reference axis 1 or reference axis 2 was as the authentication paragraphs.Specifically in conjunction with Fig. 5, if node 12 has selected the paragraph 5 of reference axis 1 as the authentication paragraph, node 12 adds key vertical 3 in cipher key sets 1 simultaneously, then node 12 extracts the message authentication code of set of cipher key 3 paragraphs 5 correspondences in the entrained cipher key sets 1 of these datagrams, and compares with the message authentication code that utilizes self cipher key calculation.Authenticate if the two is identical and to pass through, otherwise abandon this datagram.If authentication is passed through, perhaps node 12 does not select corresponding paragraph as the authentication paragraph, then directly transmits this datagram.Node adopts identical processing mode in other ways, and aggregation node carries out last authentication operation to the datagram of collecting, because it grasps all keys.
From covering performance, filter efficiency and anti-three aspects of capturing property---
Covering performance: because grouping algorithm proposed by the invention has at random the attribute with justice, therefore the interstitial content that we suppose to store some set of cipher key in analytic process is N G≈ N/G, wherein N is a node total number in the network, each cipher key sets comprises G set of cipher key.For the convenience of calculating, we make N G=N/G, we make G=T/M simultaneously, and M represents the number of cipher key sets, and each datagram need comprise T mark.
It is generally acknowledged that the detection range of single-sensor node will be much smaller than the yardstick of whole network, the present invention still adopts this hypothesis, and represents the radius of investigation of individual node with R, and therefore the investigative range of a node is S=π R 2At first, consider a specific key group in the cipher key sets, because N is arranged G=NM/T node is stored the key of this set of cipher key, so the probability that the node that a bit is stored this group key arbitrarily in the network area covers is P c=1 (1-S/A) NM/TThe probability that is a bit covered by all groups in the cipher key sets arbitrarily in the network area is P s=P c T/MThe probability that is a bit covered by all groups of all cipher key sets arbitrarily in the network area is:
P as=P s M=P c T=(1-(1-S/A) NM/T) T
The method and the one dimension filtering scheme that has T set of cipher key are compared.For the purpose of the justice, number of keys is set to identically in each set of cipher key, and each node determines the set of cipher key that it is added with equal probabilities randomly.In the filtering scheme of one dimension, the probability that is a bit covered by T set of cipher key arbitrarily in the network area is P 1=(1-(1-S/A) N/T) TIn order to simplify expression way, make α=(1-S/A) N/T
Because this programme and the contrast of one dimension scheme on covering performance are as follows:
P as P 1 = ( 1 - α M 1 - α ) T
Filter efficiency: the hypothesis assailant has grasped the key that comes from Nc different set of cipher key in analysis, has correspondingly forged the key that comes from (T-Nc) individual set of cipher key.In this case, the probability that is filtered in the step at h of the datagram of calculate forging.The probability that arbitrary forward node filters out this datagram is
P af = T - N c T / M * q = M ( T - N c ) T * q .
In order to simplify expression, make β=((T-N cThe q of)/T), under the situation that has M set, the probability that the data falsification newspaper is filtered is
Figure G2009102648817D00132
If filtering scheme in the way of consideration one dimension, filter efficiency increases along with the set of cipher key decreased number.Be divided into when cipher key store under the situation of T set of cipher key, the filter efficiency of one dimension scheme reaches the highest.This situation just is equivalent to the situation that M equals 1 in the multidimensional filtering scheme, therefore:
P h M P h 1 = 1 - ( 1 - Mβ ) h 1 - ( 1 - β ) h .
Anti-capturing property: for convenience of calculation, suppose that the projector distance of network area on every reference axis all is L, the unit length of reference axis is seg, and the radius of investigation of each node is R.At first consider cipher key sets 1, suppose that node v victim captures, the i section of reference axis 1 by the probability that node v covers is so: P i = seg + 2 R L , P iCan think a constant, node v obtains key with probability q from the group that its select to add, so the probability that node obtains the key of i section correspondence in the reference axis 1 is: P Ai=P i+ (1-P i) q.Equally, P AiAlso can be counted as constant.
Suppose that the assailant has captured N CmIndividual node considers that at first such unit area---its projection on every reference axis all is the i section.Calculate the probability that this unit area is captured fully, promptly the assailant can forge this zone institute's event and not found probability.At first consider set 1, the assailant has obtained N from G group of cipher key sets 1 obviously CmIndividual key calculates the probability that x node belongs to particular group k in the set 1:
Figure G2009102648817D00135
When x node is captured, then in this group be corresponding to the captive probability of the key of this section:
P(compromised|n=x)=1-(1-P ai) x
Therefore, corresponding to the captive probability of the key of this section be:
P = Σ x = 0 N cm P ( compromised | n = x ) = P M ( n = x )
= Σ x = 0 N cm ( N cm x ) ( 1 - 1 G ) N cm - x ( 1 G ) x ( 1 - ( 1 - P ai ) x )
= Σ x = 0 N cm ( N cm x ) ( 1 - 1 G ) N cm - x ( 1 G ) x - Σ x = 0 N cm ( N cm x ) ( 1 - 1 G ) N cm - x ( 1 - P ai G ) x
= 1 - ( 1 - P ai G ) N cm
Because a datagram need be carried G the key that comes from G group in the set 1, can obtain gathering 1 whole captive probability and be:
P G = ( 1 - ( 1 - P ai G ) N cm ) G
Because the assailant has captured the N of G group in any set CmIndividual key can calculate the probability that this unit area captured fully and is
P M T = ( P G ) M = ( 1 - ( 1 - P ai G ) N cm ) T , ( G = T / M )
P M TRepresented a captive probability of unit area, the desired value that is captured area in total network area is
Figure G2009102648817D00147
Wherein S is the area of whole network area.
Because this programme has adopted the relevant cipher key distribution mechanisms in geographical position, be that the assailant captures part of nodes and then can only forge event in certain zone, be very beneficial for the network manager like this and position and isolate, so the present invention filters solution in a kind of anti-way of capturing.
By above-mentioned character express also in conjunction with the accompanying drawings as can be seen, after adopting the present invention, Denial of Service attack and the spurious report that can tackle effectively in the wireless sensor network are attacked, solve in traditional way the problem that covering performance and strainability cannot improve simultaneously in the filter method, still kept higher anti-capturing property simultaneously.

Claims (5)

1. filter method in the multi-dimensional en-route of wireless sensor network is characterized in that may further comprise the steps:
1. step is divided into whole cipher key store two-layer, be provided with M cipher key sets and G set of cipher key, and each set of cipher key comprises S key;
2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into;
Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, determine self-position by location algorithm, each node is selected the own set of cipher key that adds of needing in each set;
Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.
5. step calculates its projected position on every reference axis to node, according to the projected position on group that it added and every the reference axis, determines the key in its each cipher key sets that need store;
6. step when the incident of generation, surveys a plurality of nodes of this incident, common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting, utilize its key of storing that this report is verified, if checking not by abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, determine to accept or abandon this report according to the checking result.
2. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1, it is characterized in that: before 3. described each node of step is being disposed, all be assigned with a hash function H, be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.
3. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1, it is characterized in that: the 3. described node of step is after deployment, at first, in each set, select the group group that preparation adds as this node at random, i.e. { G by a random number generating algorithm 1, G 2... G M, G wherein iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..
4. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1 is characterized in that: the 3. described node v of step generates its information<v for preparing broadcasting, L v, { G V1, G V2... G VM, wherein v represents node i d, L vThe position of expression node v, G ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G 1, G 2... G M, linked list element supposes to have m node preparation adding group G in set i according to the dist descending i, dist represents the beeline between node v is in this m node; Node v receives broadcasting<u of arbitrary node u, L Ll, { G U1, G U2... G UMAfter, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design Vu, if the chained list that node v renewal itself is safeguarded is { G U1, G U2... G UMExist in the former chained list and suppose that its corresponding dist is dist 1If L Vu<dist 1, then replace dist1, otherwise keep dist with Lvu 1Constant; If { G U1, G U2... G UMThere is not general<L then in the former chained list Vu, { G U1, G U2... G UMThe insertion chained list; Node v upgrades the information and the broadcast message of its grouping; For any one cipher key sets j, node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j, if also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add, the node v node that chosen distance selects most from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of determining its required adding with quadrat method; If DT does not exhaust, jump to step 2..
5. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1, it is characterized in that: step is 6. described to be verified as, and supposes that original datagram is D, simultaneously D carry a message authentication code MAC (k, D); Wherein MAC is an overall situation function, and all nodes know that all k is a key; If node i stores key k just, then node i also calculate MAC (k, D), if with datagram in the MAC that carries (then checking is passed through, otherwise does not pass through for k, D) unanimity.
CN200910264881.7A 2009-12-25 2009-12-25 Multi-dimensional en-route filtering method of wireless sensor network Expired - Fee Related CN101754206B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910264881.7A CN101754206B (en) 2009-12-25 2009-12-25 Multi-dimensional en-route filtering method of wireless sensor network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910264881.7A CN101754206B (en) 2009-12-25 2009-12-25 Multi-dimensional en-route filtering method of wireless sensor network

Publications (2)

Publication Number Publication Date
CN101754206A true CN101754206A (en) 2010-06-23
CN101754206B CN101754206B (en) 2012-08-29

Family

ID=42480424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910264881.7A Expired - Fee Related CN101754206B (en) 2009-12-25 2009-12-25 Multi-dimensional en-route filtering method of wireless sensor network

Country Status (1)

Country Link
CN (1) CN101754206B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014147A (en) * 2010-07-09 2011-04-13 北京哈工大计算机网络与信息安全技术研究中心 Positioning system in Internet of things as well as deploying method and device thereof
CN103298104A (en) * 2012-03-04 2013-09-11 山东大学威海分校 Wireless sensor network node three-dimensional positioner of leader intelligent choice mechanism
CN106851636A (en) * 2017-01-10 2017-06-13 南京邮电大学 A kind of dynamic key false data filter method for being applied to wireless sensor network
CN110138559A (en) * 2019-06-03 2019-08-16 北京智芯微电子科技有限公司 The method and system of quantum-key distribution are carried out to the terminal in platform area
US11637849B1 (en) * 2017-11-27 2023-04-25 Lacework Inc. Graph-based query composition

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067817B (en) * 2018-05-31 2021-12-07 北京五八信息技术有限公司 Media content flow distribution method and device, electronic equipment and server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101415011B (en) * 2008-10-31 2011-11-23 北京工业大学 Safety effective data polymerization method for wireless sensor network
CN101494861A (en) * 2009-03-03 2009-07-29 东南大学 Method for pre-distributing wireless sensor network cipher key

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014147A (en) * 2010-07-09 2011-04-13 北京哈工大计算机网络与信息安全技术研究中心 Positioning system in Internet of things as well as deploying method and device thereof
CN102014147B (en) * 2010-07-09 2013-05-08 北京哈工大计算机网络与信息安全技术研究中心 Positioning system in Internet of things as well as deploying method and device thereof
CN103298104A (en) * 2012-03-04 2013-09-11 山东大学威海分校 Wireless sensor network node three-dimensional positioner of leader intelligent choice mechanism
CN106851636A (en) * 2017-01-10 2017-06-13 南京邮电大学 A kind of dynamic key false data filter method for being applied to wireless sensor network
CN106851636B (en) * 2017-01-10 2019-11-08 南京邮电大学 A kind of dynamic key false data filter method applied to wireless sensor network
US11637849B1 (en) * 2017-11-27 2023-04-25 Lacework Inc. Graph-based query composition
US11882141B1 (en) 2017-11-27 2024-01-23 Lacework Inc. Graph-based query composition for monitoring an environment
CN110138559A (en) * 2019-06-03 2019-08-16 北京智芯微电子科技有限公司 The method and system of quantum-key distribution are carried out to the terminal in platform area
CN110138559B (en) * 2019-06-03 2022-02-01 北京智芯微电子科技有限公司 Method and system for quantum key distribution of terminal in transformer area

Also Published As

Publication number Publication date
CN101754206B (en) 2012-08-29

Similar Documents

Publication Publication Date Title
CN101754206B (en) Multi-dimensional en-route filtering method of wireless sensor network
Lee et al. Mobeyes: smart mobs for urban monitoring with a vehicular sensor network
Xing et al. Real-time detection of clone attacks in wireless sensor networks
Lee et al. Dissemination and harvesting of urban data using vehicular sensing platforms
Yu et al. Practical and secure multidimensional query framework in tiered sensor networks
Rezgui et al. Detecting faulty and malicious vehicles using rule-based communications data mining
Nam et al. Context-aware architecture for probabilistic voting-based filtering scheme in sensor networks
Liu et al. Sampling bloom filter-based detection of unknown RFID tags
Harb et al. A suffix-based enhanced technique for data aggregation in periodic sensor networks
CN110351251B (en) Industrial control equipment asset detection method based on filtering technology
CN101594271B (en) Wireless self-organization network establishing and operating method as well as related networks and devices thereof
Ghosal et al. Intrusion detection in wireless sensor networks: Issues, challenges and approaches
Sy et al. CAPTRA: coordinated packet traceback
Gu et al. Cluster-based malicious node detection for false downstream data in fog computing-based VANETs
CN102510388A (en) Negative selection intrusion detection method based on variable self-body radius
Vamsi et al. Secure data aggregation and intrusion detection in wireless sensor networks
CN104967535A (en) Big data analysis applied to information security operation and maintenance management
Liang et al. Secure data aggregation for top-k queries in tiered wireless sensor networks.
Nayak et al. A review on DoS attack for WSN: Defense and detection mechanisms
Ye et al. A security architecture based on immune agents for MANET
Tang et al. Anomaly detection in social-aware IoT networks
WO2020020358A1 (en) Method and apparatus for determining residence time duration, device, and storage medium
Ze et al. False data filtering in wireless sensor networks
Behrens et al. Pando: Efficient Byzantine-Tolerant Distributed Sensor Fusion using Forest Ensembles
Alomari et al. Data Encryption-enabled Cloud Cost Optimization and Energy Efficiency-based Border Security Model

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120829

Termination date: 20121225