CN101754206B - Multi-dimensional en-route filtering method of wireless sensor network - Google Patents

Abstract

The invention relates to a multi-dimensional en-route filtering method of a wireless sensor network. A network key database is divided into a plurality of clusters, and each node can be joined in a group in each cluster. The rejection service attack and the false report attack in the wireless sensor network can be effectively dealt with, the problem of the traditional en-route filtering method that the coverage performance and the filtering performance cannot be simultaneously improved can be solved, and at the same time higher trapping resistance can be still maintained.

Description

Filter method in the multi-dimensional en-route of wireless sensor network

Technical field

The present invention relates to the filter method in a kind of wireless sensor network, relate in particular to filter method in a kind of multi-dimensional en-route of wireless sensor network.

Background technology

Wireless sensor network is an emerging cross discipline technology that is expected to wireless network, modern sensor and the integrated fusion of embedded system three big core industrial technologies.It can be widely used in military and civilian every field such as autonomous in real time monitoring and the long-range tracking of target.Its application scenarios is the environment that the people is had danger (like chemical field) a bit, and some is the scene with hostile property (like battlefield of both sides at war).Therefore, for the wireless sensor network of autonomous operation, fail safe is the unusual key characteristic that also is absolutely necessary.

Because wireless sensor network generally has characteristics such as remote deployment, autonomous operation,, wherein just comprise false data injection attacks and false data report attack so all kinds of attacks are captured and be used for starting to the easy victim of sensor node.The false data injection attacks is meant that captive sensor node sends a large amount of false data bags so that exhaust Internet resources, and the false data report is attacked and is meant that captive sensor node sends the false data report and makes false judgment so that mislead aggregation node.The false data injection attacks is similar to the Denial of Service attack in the Internet, and the method for reply Denial of Service attack mainly comprises the egress filtering and the tracking etc. of tracing to the source in the Internet.Tracking need be collected the lot of data newspaper because trace to the source; So being mainly in the one dimension way, the scheme of these two types of attacks of wireless sensor network field reply at present filters; Be that key store is divided into a plurality of groups, each node selects to add a group, in this group, selects the storage of part key then.A legal packet must obtain the mark of T monitoring node, and node utilizes the corresponding packet of its incident of being monitored of its key tag of storing, perhaps carries out authentication and filtration to transmitting packet.

Covering performance, filter efficiency, anti-capturing property are to weigh the three big indexs of filtering solution in the way.After the incident in optional position took place in the network, the probability that the pairing packet of this incident can carry T legal mark was p, and then p has represented the spreadability of network.Suppose that a false data bag on average is filtered after being forwarded h step, then h has represented the filter efficiency of scheme.Suppose total N node in the network, the network area area is A, and under n the captive situation of node, the assailant can forge A _nFalse data in the area and not coming to light, then A _n/ A representes anti-the capturing property of network.

Filtering scheme: SEF in the way of present existence three quasi-representatives, LBRS, GBSEF.Wherein SEF is a filtering scheme in the way that proposes the earliest; Each node is selected the storage of fraction key randomly in key store in this scheme; Each node is with oneself secret key encryption and filtering data bag; But anti-the capturing property of SEF scheme is relatively poor, and the assailant captures about 2T node, and probability that just can be high is forged the incident that betides any zone in the network.In order to solve the anti-relatively poor problem of capturing property of SEF, LBRS has proposed the key distribution scheme based on geographical location information, and promptly the assailant captures the node of some; Then can only forge these node corresponding region institute events, simultaneously, in order to improve the covering performance of scheme; LBRS is divided into the L group with the netkey storehouse; Wherein L is much larger than T, still owing to node in the way possibly stored the key of a large amount of null packets, so reduced filter efficiency; Though LBRS has been alleviated this problem through the light beam model; But light beam requirements of model aggregation node can not move, and system must adopt the specific routing mechanism based on geographical location information, has caused the scheme versatility not enough.The GBSEF solution only is divided into the T group with the netkey storehouse; Can under the prerequisite that does not rely on static aggregation node and specific routing mechanism, significantly improve filter efficiency like this; But, can know that the incident that occurs in the network area will be reduced by the probability that T node from the T group detects just because the netkey storehouse only is divided into the T group through calculating; Therefore, the covering performance of this scheme is lower.Can obtain conclusion through theory analysis and experimental verification: filtering scheme perhaps can not guarantee anti-capturing property in the one dimension way, perhaps under the prerequisite that guarantees anti-capturing property, can not improve covering performance and filter efficiency simultaneously.

Summary of the invention

The object of the invention is exactly the problems referred to above that exist in the prior art in order to solve, and filter method in a kind of multi-dimensional en-route of wireless sensor network is provided

The object of the invention is realized through following technical scheme:

Filter method in the multi-dimensional en-route of wireless sensor network, it may further comprise the steps:

1. step is divided into whole key store two-layer, be provided with M keysets and G set of keys, and each set of keys comprises S key;

2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into;

Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, confirm self-position through location algorithm, each node is selected the own set of keys that in each set, needs adding.

Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.

5. step calculates its projected position on every reference axis to node, based on the projected position on group that it added and every the reference axis, confirms the key in its each keysets that need store;

6. step when the incident of generation, surveys a plurality of nodes of this incident; Common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting; Utilize its key of storing that this report is verified, if checking not through abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, confirm to accept or abandon this report according to the checking result.

Filter method in the multi-dimensional en-route of above-mentioned wireless sensor network; Wherein: before 3. described each node of step is being disposed, all be assigned with a hash function H; Be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.

Further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: the 3. described node of step at first through a random number generating algorithm, is selected the group group that preparation adds as this node, i.e. { G at random in each set after deployment ₁, G ₂..G _M, G wherein _iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..

Further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: the 3. described node v of step generates the information that it prepares broadcasting<v, L _v, { G _V1, G _V2... G _VM}>, wherein v representes node i d, L _vThe position of expression node v, G _ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G ₁, G ₂... G _M}>, linked list element supposes to have m node preparation adding group G in set i according to the dist descending _i, dist representes the beeline between node v is in this m node; Node v receives the broadcasting of arbitrary node u (be the information that node v has received some node broadcasts, claim that then this node point is node u, just in order to express easily)<u, L _u, { G _U1, G _U2... G _UM}>After, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design _Vu, if the chained list that node v renewal itself is safeguarded is { G _U1, G _U2... G _UMExist in the former chained list and suppose that its corresponding dist is dist ₁If L _Vu＜dist ₁, then replace dist1, otherwise keep dist with Lvu ₁Constant; If { G _U1, G _U2..G _UMDo not exist in the former chained list, then will<l _Vu, { G _U1, G _U2... G _UM}>Insert chained list; Node v upgrades the information and the broadcast message of its grouping; (for example gather 1 for any keysets j; Set 2 etc. for each set, all are to adopt to come in such a way to confirm); Node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j; If also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add; The node v node that chosen distance selects most from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of confirming its required adding with quadrat method; If DT does not exhaust, jump to step 2..

Again further, filter method in the multi-dimensional en-route of above-mentioned wireless sensor network, wherein: step is 6. described to be verified as, and supposes that original datagram is D, simultaneously D carry a message authentication code MAC (k, D); Wherein MAC is an overall situation function, and all nodes know that all k is a key; If node i stores key k (in the present invention, key is corresponding with the geographical position, and node i can judge whether oneself grasps key k through obtaining the geographical position that datagram took place) just; Then node i is also calculated MAC (k; D), if with datagram in MAC (k, D) unanimity of carrying; Then checking is passed through, otherwise does not pass through.

The advantage of technical scheme of the present invention is mainly reflected in: Denial of Service attack and the spurious report that can tackle effectively in the wireless sensor network are attacked; Solve in traditional way the problem that covering performance and strainability cannot improve simultaneously in the filter method, still kept higher anti-capturing property simultaneously.

Description of drawings

The object of the invention, advantage and characteristics will illustrate through the non-limitative illustration of following preferred embodiment and explain.These embodiment only are the prominent examples of using technical scheme of the present invention, and all technical schemes of taking to be equal to replacement or equivalent transformation and forming all drop within the scope of requirement protection of the present invention.In the middle of these accompanying drawings,

Fig. 1 is the sketch map of network configuration;

Fig. 2 is the sketch map that key is formed;

Fig. 3 is the sketch map that generates datagram;

Fig. 4 is the sketch map of node broadcasts verify data newspaper;

Fig. 5 is the sketch map that filters in the way.

Embodiment

Filter method in the multi-dimensional en-route of wireless sensor network, its special feature is may further comprise the steps: 1. step is divided into whole key store two-layer, be provided with M keysets and G set of keys, and each set of keys comprises S key; 2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into; Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, confirm self-position through location algorithm, each node is selected the own set of keys that in each set, needs adding.Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.5. step calculates its projected position on every reference axis to node, according to the projected position on group that it added and every the reference axis, confirms the key in its each keysets that need store; 6. step when the incident of generation, surveys a plurality of nodes of this incident; Common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting; Utilize its key of storing that this report is verified, if checking not through abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, confirm to accept or abandon this report according to the checking result.

Further, before 3. described each node of step is being disposed, all be assigned with a hash function H, be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.And, after deployment,, in each set, select the group group that preparation adds as this node at random, i.e. { G at first through a random number generating algorithm at the 3. described node of step ₁, G ₂..G _M, G wherein _iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..

Again further, the 3. described node v of step generates the information that it prepares broadcasting<v, L _v, { G _V1, G _V2... G _VM}>, wherein v representes node i d, L _vThe position of expression node v, G _ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G ₁, G ₂... G _M}>, linked list element supposes to have m node preparation adding group G in set i according to the dist descending _i, dist representes the beeline between node v is in this m node.

And node v receives the broadcasting of arbitrary node u<u, L _u, { G _U1, G _U2... G _UM}>After, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design _Vu, if the chained list that node v renewal itself is safeguarded is { G _U1, G _U2... G _UMExist in the former chained list and suppose that its corresponding dist is dist ₁If L _Vu＜dist ₁, then replace dist1, otherwise keep dist with Lvu ₁Constant; If { G _U1, G _U2... G _UMDo not exist in the former chained list, then will<l _Vu, { G _U1, G _U2... G _UM}>Insert chained list; Node v upgrades the information and the broadcast message of its grouping; For arbitrary collection j; Node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j; If also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add; The node v node that chosen distance selects most from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of confirming its required adding with quadrat method; If DT does not exhaust, jump to step 2..

In conjunction with practical application of the present invention; Its system model is following: the general hypothesis that adopts this area; Be promptly no longer mobile after general sensor nodes is disposed, but aggregation node (being data collection point) can move, this meets wireless sensor network model commonly used.In other words, the ordinary node of detection data need not move, and data collection point might move so that gather its interested data better.Simultaneously, the route mode is not done any hypothesis, promptly this method can and be deposited with all kinds of Routing Protocols.

Further combine workflow of the present invention:

If A is the Minimum Area of ability overlay node deployment region, in A, select position as a reference, suitable position, the coordinate that makes this position is 0.Simultaneously a reference coordinate axle is set in this zone, is called reference axis 1, reference axis 1 rotates to an angle and forms reference axis 2.And the rest may be inferred, forms reference axis i+1 after reference axis i rotates to an angle.Every reference axis is initial point with the reference position all, and the unit length of establishing reference axis is 1, and then the network manager can set the physical length of reference axis as the case may be.Thus, each node all has a projected position on every reference axis, if this position is positioned at the k section (node) of this reference axis, claims that then the projected position of this node on this reference axis is k.

Simultaneously, suppose that the key store of whole network is made up of M keysets (Set), wherein each keysets comprises G set of keys (Group).If the projected length of reference axis i in the network area is L _iEach set of keys of then gathering i all comprises L _iIndividual key, wherein each key is corresponding to unit length in the reference axis (segment).Thus, each node all selects a set of keys to add in each set, make adjacent node add as far as possible a set not on the same group in.It has the advantage of progressively refinement, even in extremely short running time, also can obtain result relatively preferably, along with the increase of running time, the precision of algorithm also will improve.

And each node all has a projected position on every reference axis, supposes that the projected position of node K on reference axis i is K _i, node K has added the j set of keys of gathering i according to the algorithm that preceding text proposed simultaneously, and then node K will obtain the pairing key in j set of keys Ki position among the keysets i.For other all keysets, node K will obtain corresponding key simultaneously.These keys are become the detection key, when promptly node K detects an incident generation, will come this incident of mark with the mark that this key generates.Moreover node K also will the j set of keys select the position of some at random in set i, and will obtain corresponding key, and these keys are become authenticate key.The datagram that node K will utilize this type of key authentication to receive.

In order to prolong the life-span of whole network, reduce the power consumption of individual node, the present invention does not adopt probe node to form cluster (cluster), is sent the form of detection data newspaper then by cluster head (cluster head).And adopt following a kind of mode at random to generate the detection data newspaper: suppose that a legal datagram should carry the individual not isolabeling (MAC) of T; Then when an incident takes place; The node that the detects description of part is at first as to this reached an agreement; Comprising locale, the just following tuple of node broadcasts towards periphery of each node that detects then:

1, S ₁, MAC} ... { i, S _i, MAC} ... { M, S _M, MAC}}, wherein in i keysets, node adds S _iGroup.

Further, the information of its neighbor node broadcasting of each nodes records when it collects abundant MAC, just is combined into a complete datagram.For fear of repeating transmission, each node is the monitoring wireless channel all, and each node all has a timer at random simultaneously, after timer time exhausts, just complete datagram is sent.If node listens to complete datagram and is sent out, then timer is cancelled.Otherwise,, then send the datagram that is generated if timer time exhausts.

Receive a datagram when a node, at first extract locale, correspondingly calculate its projected position on every reference axis.If this node has been stored and has been used for the key of this datagram of mark, verify then whether its entrained MAC is correct.

In conjunction with Fig. 5,,, then transmit this datagram if correct or this node is not stored corresponding key if incorrect then abandon this datagram.Aggregation node carries out last checking to all datagrams of receiving, because it has all keys, so can carry out this operation.

In conjunction with Fig. 1, the illustrated network environment of the present invention is as follows: each legal datagram need be by 8 from the same group node institute mark not, and whole key store is divided into 2 keysets, and wherein each keysets is made up of 4 set of keys.Suppose that sensor network is distributed in the rectangular extent, wherein aggregation node is positioned at rectangular centre.

In conjunction with Fig. 2, the present invention in the present embodiment supposes that whole key store is made up of two keysets, and each keysets comprises four set of keys.Node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation.Can realize that the present invention selects timer to represent DT through timer or counter.

After node is disposed, at first start timer, move a random number generating algorithm then, generate a random number in the respective range, select pairing group of group that preparation adds as this node of this random number for each is integrated into.

If timer makes zero, then algorithm finishes, and the group that preparation adds will if the time does not exhaust, then continue the following algorithm of operation as the final group that adds of this node.

As shown in Figure 1, whole key store is divided into two keysets in a practical application, and each keysets comprises 4 set of keys.Each node adopts CSMA/CA protocol broadcast location message<v, L _v, { G ₁, G ₂}>, wherein v representes node i d, L _vThe position of expression node v, G ₁With G ₂Represent that respectively it is in set 1 and the group of gathering preparation adding in 2.

Adopt the CSMA/CA agreement can solve the channel confliction problem, so in a channel region, only have a node in its positional information of broadcasting in a certain period of time.Simultaneously, if produce conflict, then each node random back certain hour monitor channel again, so whole algorithm has at random the characteristic with justice.

And each node v keeps a chained list, and wherein linked list element is<dist, { G ₁, G ₂}>, { G ₁, G ₂Represent that some neighbor node of node v has added G in set 1 ₁Group.In set 2, added G ₂Group, dist representes the distance of the own nearest-neighbors of distance in node v and these neighbor nodes.Wherein linked list element is according to the descending of dist.

As shown in Figure 3, suppose that the information that node 1 is prepared to broadcast at present does<1, L ₁, 3,4}>, at present its chained list of safeguarding for<2.1,1,3}>,<3.9,2,2}>; I.e. expression exists one or more neighbours in set 1, to add set of keys 1; In set 2, add set of keys 3, these neighbours are 2.1 to the minimum distance of oneself, exist one or more neighbours in set 1, to add set of keys 2; In set 2, add set of keys 2, these neighbours are 3.9 to the minimum distance of oneself.Conflict but produce with other nodes when node 1 is broadcasted through the CSMA/CA agreement, node 1 selection random back, in this process node 1 receive node 7 broadcast message 7, L7; 3,2} >, the distance that just calculates between the two is 1.9, and the own chained list of being safeguarded of renewal is { < 1.9; 3,2} >, < 2.1, { 1; 3} >, 3.9,2,2}>}.

Specifically, because the neighbours of node 1 have added set of keys 1,2,3 respectively in keysets 1, so node 1 selects to add set of keys 4.In keysets 2, the neighbours of node 1 add set of keys 2,3 respectively, and node 1 is selected to add set of keys 3 or 4 at random, finally is chosen as 4.Therefore node 1 upgrades oneself needs the information of broadcasting to be 1, L1,4,4} >.Above computing moves always, equals 0 up to DT, and node 1 is intended the promptly own selected final grouping of grouping in the broadcast message at this moment.Can find out that this method is distributed, and each node will select as far as possible all the group different with its neighbor node to add, and finally make the node mean allocation in each group.Algorithm is long more running time, and the effect that then distributes is good more, therefore has adaptability preferably.

Though can think that conceptive each node is in certain set of keys, to select corresponding key, because the key of node is relevant with the position among the present invention, node generally can not grasped the position that it will be disposed in advance in practical application.Therefore, the concrete grammar of node acquisition key is following among the present invention: each node all will obtain 4 master keys and a hash function before disposing, 4 master keys are expressed as K respectively ₁, K ₂, K ₃, K ₄After node 1 was disposed, through moving the grouping selection algorithm of a last joint, node 1 had added the 4th group that gathers in 1, and promptly the corresponding master key of this group is K ₄K4, then node i obtains its key K corresponding to paragraph s in this group through following mode _s=H (K ₄, 1, s), the corresponding secret key computational methods in other set are identical.After key obtained, node was just deleted its master key of storing.

As shown in Figure 3, when an incident takes place, the node in investigative range all will according to fixed format generate datagram, and the hash function through storage in advance generates message authentication code with the monitoring key then, and to this message authentication code of neighbor node broadcasting.

For example, the verify data newspaper of node 2 broadcasting is as shown in Figure 4, is illustrated in node 2 and in keysets 1, adds set of keys 2, and generate corresponding message authentication code, in keysets 2, adds set of keys 3, and generates corresponding message authentication code.Abundant authentication code (coming from 8 set of keys in 2 keysets) is collected in set 1, just can be integrated into a complete datagram and send to aggregation node.

If the position that incident takes place in the present embodiment is projected as 5 on reference axis 1, on reference axis 2, be projected as 6, after then node 12 was received datagram in the way, the paragraph 6 of paragraph 5 or reference axis 2 that at first judges whether to select reference axis 1 was as the authentication paragraph.The concrete Fig. 5 that combines; If node 12 has selected the paragraph 5 of reference axis 1 as the authentication paragraph; Node 12 adds key vertical 3 in keysets 1 simultaneously; Then node 12 extracts the corresponding message authentication code of 3 paragraphs 5 of set of keys in the entrained keysets 1 of these datagrams, and compares with the message authentication code that utilizes self key calculation.Authentication is passed through if the two is identical, otherwise abandons this datagram.If authentication is passed through, perhaps node 12 does not select corresponding paragraph as the authentication paragraph, then directly transmits this datagram.Node adopts identical processing mode in other ways, and aggregation node carries out last authentication operation to the datagram of collecting, because it grasps all keys.

From covering performance, filter efficiency and anti-three aspects of capturing property---

Covering performance: because grouping algorithm proposed by the invention has at random the attribute with justice, the interstitial content that therefore we suppose to store some set of keys in analytic process is N _G≈ N/G, wherein N is a node total number in the network, each keysets comprises G set of keys.For the convenience of calculating, we make N _G=N/G, we make G=T/M simultaneously, and M represents the number of keysets, and each datagram need comprise T mark.

It is generally acknowledged that the detection range of single-sensor node will be much smaller than the yardstick of whole network, the present invention still adopts this hypothesis, and representes the radius of investigation of individual node with R, and therefore the investigative range of a node is S=π R ²At first, consider a specific key group in the keysets, because N is arranged _GThe key of this set of keys of=NM/T node storage is so the probability that the node that a bit is stored this group key arbitrarily in the network area covers is P _c=1 (1-S/A) ^NM/TThe probability that is a bit covered by all groups in the keysets arbitrarily in the network area is P _s=P _c ^T/MThe probability that is a bit covered by all groups of all keysets arbitrarily in the network area is:

P _as＝P _s ^M＝P _c ^T＝(1-(1-S/A) ^NM/T) ^T。

The method and the one dimension filtering scheme that has T set of keys are compared.For the purpose of the justice, number of keys is set to identically in each set of keys, and each node is randomly with the equal probabilities decision set of keys that it was added.In the filtering scheme of one dimension, the probability that is a bit covered by T set of keys arbitrarily in the network area is P ₁=(1-(1-S/A) ^N/T) ^TIn order to simplify expression way, make α=(1-S/A) ^N/T

Because this programme and the contrast of one dimension scheme on covering performance are following:

$\frac{P_{\mathrm{as}}}{{\mathrm{<figure-callout\; id="1"\; label="P"\; filenames="H2009102648817E00021.png"\; state="\{\{state\}\}">P</figure-callout>}}_1}={\left(\frac{1-{\mathrm{\&alpha;}}^M}{1-\mathrm{\&alpha;}}\right)}^T$

Filter efficiency: the hypothesis assailant has grasped the key that comes from Nc different set of keys in analysis, has correspondingly forged the key that comes from (T-Nc) individual set of keys.The probability that the datagram of calculate forging in this case, is filtered in the step at h.The probability that arbitrary forward node filters out this datagram does

$P_{\mathrm{af}}=\frac{T-N_c}{T/M}*q=\frac{M(T-N_c)}{T}*q.$

In order to simplify expression, make β=((T-N _cThe q of)/T), under the situation that has M set, the probability that the data falsification newspaper is filtered does

If filtering scheme in the way of consideration one dimension, filter efficiency increases along with the set of keys decreased number.Be divided into when key store under the situation of T set of keys, the filter efficiency of one dimension scheme reaches the highest.This situation just is equivalent to the situation that M equals 1 in the multidimensional filtering scheme, therefore:

$\frac{P_h^{\mathrm{<figure-callout\; id="1"\; label="M\; P\; h"\; filenames="H2009102648817E00021.png"\; state="\{\{state\}\}">M</figure-callout>}}}{P_h^{}}=\frac{1-{(1-\mathrm{M\&beta;})}^h}{1-{(1-\mathrm{\&beta;})}^h}.$

Anti-capturing property: for convenience of calculation, suppose that the projector distance of network area on every reference axis all is L, the unit length of reference axis is seg, and the radius of investigation of each node is R.At first consider keysets 1, suppose that node v victim captures, the i section of reference axis 1 by the probability that node v covers is so: $P_i=\frac{\mathrm{Seg}+2R}{L},$ P _iCan think a constant, node v obtains key with probability q from the group that its select to add, so node obtains the probability of the corresponding key of i section in the reference axis 1 is: P _Ai=P _i+ (1-P _i) q.Equally, P _AiAlso can be counted as constant.

Suppose that the assailant has captured N _CmIndividual node considers that at first such unit area---its projection on every reference axis all is the i section.Calculate the probability that this unit area is captured fully, promptly the assailant can forge should zone institute's event and not found probability.At first consider set 1, the assailant has obtained N from G group of keysets 1 obviously _CmIndividual key calculates the probability that x node belongs to particular group k in the set 1:

Captured when x node, then in this group be corresponding to the captive probability of the key of this section:

P(compromised|n＝x)＝1-(1-P _ai) ^x。

Therefore, corresponding to the captive probability of the key of this section be:

$P=\underset{x=0}{\overset{N_{\mathrm{cm}}}{\mathrm{\&Sigma;}}}P\left(\mathrm{compromised}\right|n=x)=P_M(n=x)$

$=\underset{x=0}{\overset{N_{\mathrm{cm}}}{\mathrm{\&Sigma;}}}\left(\underset{x}{N_{\mathrm{cm}}}\right){(1-\frac{1}{G})}^{N_{\mathrm{cm}}-x}{\left(\frac{1}{G}\right)}^x\left({1-(1-P_{\mathrm{ai}})}^x\right)$

$=\underset{x=0}{\overset{N_{\mathrm{cm}}}{\mathrm{\&Sigma;}}}\left(\underset{x}{N_{\mathrm{cm}}}\right){(1-\frac{1}{G})}^{N_{\mathrm{cm}}-x}{\left(\frac{1}{G}\right)}^x-\underset{x=0}{\overset{N_{\mathrm{cm}}}{\mathrm{\&Sigma;}}}\left(\underset{x}{N_{\mathrm{cm}}}\right){(1-\frac{1}{G})}^{N_{\mathrm{cm}}-x}{\left(\frac{1-P_{\mathrm{ai}}}{G}\right)}^x$

$=1-{(1-\frac{P_{\mathrm{ai}}}{G})}^{N_{\mathrm{cm}}}$

Because a datagram need be carried G the key that comes from G group in the set 1, can obtain gathering 1 whole captive probability and be:

$P^G={(1-{(1-\frac{P_{\mathrm{ai}}}{G})}^{N_{\mathrm{cm}}})}^G$

Because the assailant has captured the N of G group in any set _CmIndividual key can calculate the probability that this unit area captured fully and does

$P_M^T={\left(P^G\right)}^M={(1-{(1-\frac{P_{\mathrm{ai}}}{G})}^{N_{\mathrm{cm}}})}^T,(G=T/M)$

P _M ^TRepresented a captive probability of unit area, the desired value of being captured area in total network area does

Wherein S is the area of whole network area.

Because this programme has adopted the relevant key distribution mechanisms in geographical position; Be that the assailant captures part of nodes and then can only forge event in certain zone; Be very beneficial for the network manager like this and position and isolate, so the present invention filters solution in a kind of anti-way of capturing.

Through above-mentioned character express and combine accompanying drawing to find out; After adopting the present invention; Denial of Service attack and the spurious report that can tackle effectively in the wireless sensor network are attacked; Solve in traditional way the problem that covering performance and strainability cannot improve simultaneously in the filter method, still kept higher anti-capturing property simultaneously.

Claims (5)

1. filter method in the multi-dimensional en-route of wireless sensor network is characterized in that may further comprise the steps:

1. step is divided into whole key store two-layer, be provided with M keysets and G set of keys, and each set of keys comprises S key;

2. step adopts the reference axis rotation mode, makes having M bar reference axis in the whole network area, and every reference axis projection in the network area is by the equidistant S section that is divided into;

Step 3., node had all been preset parameter DT before disposing, the period of expression grouping algorithm operation; After node is disposed, confirm self-position through location algorithm, each node is selected the own set of keys that in each set, needs adding;

Step 4., node is when disposing, it selects " segmentation " as its " checking segmentation " at random on each reference axis, promptly obtains the pairing key of these segmentations, so that verify occurring in the formed report of incident at a distance.

5. step calculates its projected position on every reference axis to node, based on the projected position on group that it added and every the reference axis, confirms the key in its each keysets that need store;

6. step when the incident of generation, surveys a plurality of nodes of this incident; Common this incident of mark forms report and to the aggregation node transmission, forward node is received when reporting; Utilize its key of storing that this report is verified, if checking not through abandon this node, otherwise transmit this node; After aggregation node is received report, it is carried out last checking, confirm to accept or abandon this report according to the checking result.

2. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1; It is characterized in that: before 3. described each node of step is being disposed, all be assigned with a hash function H; Be used to obtain the key that himself need store, so that the incident that occurs in its search coverage is carried out mark.

3. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1; It is characterized in that: the 3. described node of step is after deployment; At first, in each set, select the group group that preparation adds as this node at random, i.e. { G through a random number generating algorithm ₁, G ₂... G _M, G wherein _iRepresent its group that preparation adds in set i, the certain location algorithm of node operation obtains the position of himself then, if DT exhausts, then jumps to step 5..

4. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1 is characterized in that: the information of 3. described its preparation broadcasting of node generation of step<v, L _v, { G _V1, G _V2... G _VM}>, wherein v representes node i d, L _vThe position of expression node v, G _ViExpression node v selects the group of adding in set i, node adopts CSMA/CA protocol broadcast information, if channel does not produce conflict, then send successfully, otherwise the random back regular hour is selected to send once more; And arbitrary node v safeguards a chained list, and wherein linked list element is<dist, { G ₁, G ₂... G _M}>, linked list element supposes to have m node preparation adding group G in set i according to the dist descending _i, dist representes the beeline between node v is in this m node; Node v receives the broadcasting of arbitrary node u<u, L _u, { G _U1, G _U2... G _UM}>After, will carry out following steps: the distance between computing node v and the node u at first, it is L that the result is calculated in design _Uv, if the chained list that node v renewal itself is safeguarded is { G _U1, G _U2... G _UMExist in the former chained list and suppose that its corresponding dist is dist ₁If L _Vu＜dist ₁, then use L _VuReplacement dist ₁, otherwise keep dist ₁Constant; If { G _U1, G _U2... G _UMDo not exist in the former chained list, then will<l _Vu, { G _U1, G _U2... G _UM}>Insert chained list; Node v upgrades the information and the broadcast message of its grouping; For any keysets j; Node v upgrades the group of its required adding as follows: node v traversal also writes down the group that node adds in its chained list in set j; If also have i group not have node to add, then node v selects an adding at random in this i group, if all groups have all had node to add; Node v chosen distance node farthest from these nodes then, and add the group that it adds; For other arbitrary collections, node v is according to the group of confirming its required adding with quadrat method; If DT does not exhaust, jump to step 2..

5. filter method in the multi-dimensional en-route of wireless sensor network according to claim 1, it is characterized in that: step is 6. described to be verified as, and supposes that original datagram is D, simultaneously D carry a message authentication code MAC (k, D); Wherein MAC is an overall situation function, and all nodes know that all k is a key; If node i stores key k just, then node i also calculate MAC (k, D), if with datagram in the MAC that carries (then checking is passed through, otherwise does not pass through for k, D) unanimity.

Images