CN101765109B - Wireless sensor network program dynamic updating method capable of resisting compromised node attack - Google Patents
Wireless sensor network program dynamic updating method capable of resisting compromised node attack Download PDFInfo
- Publication number
- CN101765109B CN101765109B CN2009101550417A CN200910155041A CN101765109B CN 101765109 B CN101765109 B CN 101765109B CN 2009101550417 A CN2009101550417 A CN 2009101550417A CN 200910155041 A CN200910155041 A CN 200910155041A CN 101765109 B CN101765109 B CN 101765109B
- Authority
- CN
- China
- Prior art keywords
- sensor node
- message
- program
- program updating
- updating message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 230000001010 compromised effect Effects 0.000 title claims abstract description 13
- 239000000284 extract Substances 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 2
- 239000011159 matrix material Substances 0.000 description 5
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000017105 transposition Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种可抵御妥协节点攻击的无线传感器网络程序动态更新方法,包括以下部分:在传感器节点部署前,基站确定一个哈希函数、选择一个欧氏空间,将该欧氏空间分解为正交的第一子空间和第二子空间;基站为每一个传感器节点选择一个身份标识符和属于第一子空间的向量;将向量、身份标识符和哈希函数分别装载到每一个传感器节点中;在传感器节点部署后,程序更新时,基站向传感器网络广播程序更新消息,每个传感器节点收到所述程序更新消息后验证该消息的有效性。本发明的优点是:基站仅需要发送一个广播消息就能更新所有传感器节点上的程序;运算简单、可靠性高;即使某些节点被妥协,该无线传感器网络的安全性仍然能够得到保障。
The present invention discloses a method for dynamically updating a wireless sensor network program that can resist attacks from compromised nodes, comprising the following parts: before the sensor nodes are deployed, the base station determines a hash function, selects a Euclidean space, and decomposes the Euclidean space into an orthogonal first subspace and a second subspace; the base station selects an identity identifier and a vector belonging to the first subspace for each sensor node; the vector, the identity identifier and the hash function are loaded into each sensor node respectively; after the sensor nodes are deployed, when the program is updated, the base station broadcasts a program update message to the sensor network, and each sensor node verifies the validity of the message after receiving the program update message. The advantages of the present invention are: the base station only needs to send one broadcast message to update the programs on all sensor nodes; the operation is simple and the reliability is high; even if some nodes are compromised, the security of the wireless sensor network can still be guaranteed.
Description
Technical field
The present invention relates to a kind of program (also be called as: software, down with) dynamically update method, belong to wireless communication field.
Background technology
In recent years, wireless sensor network receives academia and industrial quarters attention more and more widely because of its wide application prospect.In most of occasions, for new demand is provided, the program on all the sensors node need be upgraded in the base station.Yet, so far, a kind of update method of dynamic routine does not safely and effectively also appear.Some agreement use digital signature ensures the fail safe of program dynamic updating, but this method can consume a large amount of resources, is not useful on the resource-constrained sensor node; Some agreements adopts the matrix orthogonality principle to ensure the fail safe of program dynamic updating, though that this method is calculated cost is few, and the spoof attack that these agreements can't resisting compromised node be started.That is to say that in these agreements, the compromise node can successfully pretend the false program updating message of base station broadcast, and then control whole sensor network.
Summary of the invention
But-the object of the present invention is to provide a kind of method for dynamically updating wireless sensor network program of resisting compromised node attack.
The technical solution adopted for the present invention to solve the technical problems is following:
But the method for dynamically updating wireless sensor network program of resisting compromised node attack mainly comprises with the lower part:
1) before sensor node deployment,
A hash function is confirmed in the base station;
A base station selected Euclidean space; This Euclidean space is decomposed into first subspace and second subspace of quadrature; The dimension of said first subspace is k, and the dimension of said second subspace is n-k, wherein; N is the dimension of said Euclidean space, and k is the quantity of sensor node in the said wireless sensor network;
An identification identifier and the vector that belongs to first subspace are selected for each sensor node in the base station;
Said vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node; The base station is to sensor network radio program updating message; This program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding key hash message authentication code of each sensor node, said key hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the said program updating message according to the following steps:
I. sensor node extracts the key hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii. if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Iii. sensor node obtains the key hash message authentication code according to the vector that is loaded, with the key hash message authentication code that extracts in this key hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Compared with prior art, the advantage that has of the present invention is:
(1) arbitrary sensor node m even the enemy has compromised, thus secret value C obtained
mBut the enemy issues false program updates information and the checking through other sensor nodes at the base station that can't disguise oneself as, even therefore some node is compromised, the fail safe of this wireless sensor network still can be protected;
(2) ensure (comprising hash function, matrix quadrature and key hash message authentication code) fail safe of wireless sensor network through simple calculations, reliability is high, therefore is particularly suitable for resource-constrained wireless sensor network;
(3) in order to upgrade the program on all the sensors node, a broadcast only need be sent in the base station just can upgrade the program on all the sensors node.
Description of drawings
Fig. 1 is the workflow diagram of method for dynamically updating wireless sensor network program of the present invention.
Embodiment
Relevant technical term is following:
The M program
X
PidThe identifier of program M
X
VerThe version of program M
HMAC () key hash message authentication code (keyed hash message authentication code)
The dot product of AB matrix A and matrix B
A
TThe transposition of matrix A
|| polyphone connects operation
ID
iThe identifier of node i
Referring to Fig. 1, but the method for dynamically updating wireless sensor network program of the present invention's resisting compromised node attack is following:
A. before sensor node deployment, a hash function h is confirmed in the base station; And the Euclidean space V of base station selected n dimension is decomposed into the subspace of two quadratures, the i.e. first subspace V with V
1With the second subspace V
2, V wherein
1Be the k dimension, V
2Be the n-k dimension, wherein, k is the quantity of all the sensors node of this wireless sensor network.In addition, the base station is that each sensor node i selects an identification identifier ID
iWith one belong to V
1Vectorial C
i, i=1,2K, k, C
iLength should be enough this C to avoid guessing greatly with the method for exhaustion
i, C for example
iLength can be 512 bits.Vector C
i, hash function h and identification identifier ID
iBe installed in each sensor node.
B. behind sensor node deployment, when the base station need be upgraded the program on all the sensors node, the base station was to all sensor node broadcasts program updating message M
Adv (j),
ID
k, HMAC (C
k, (j||t
j|| M||ID
k|| X
Pid|| X
Ver)), j=1 wherein, 2Kk, the j representation program upgrades sequence number, t
jMessage M is sent in expression
Adv (j)Timestamp, the program after M representes to upgrade.
C. work as arbitrary sensor node i and receive message M
Adv (j)The time, for this message is verified, need carry out following operation:
1) sensor node i is according to the identifier ID of oneself
i, extract oneself key hash message authentication code HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)).
2) validity of checking j is if j is less than or equal to the j that is stored in node
*The time, this message of sensor node refusal; Otherwise sensor node thinks that j is fresh and replaces j with j
*(when initial, the j of node storage
*=0).And continuation checking t
jValidity, the current time of sensor node is Clock, if | Clock-t
j|<Δ t, get into next step, otherwise this message of sensor node refusal.Here Δ t is the time delay threshold value of the program updating message that pre-sets.
3) sensor node is according to the C of oneself
iCalculate HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)), with the HMAC (C that calculates
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) with 1) and in the HMAC (C that extracts
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) compare, if equate that sensor node is accepted this broadcast and upgraded the program of self; Otherwise this message of sensor node refusal;
Each sensor node carries out above a series of check to the program updates broadcast of being received, if this message can be through above whole check, then this sensor node is accepted this broadcast; Otherwise, this this broadcast of sensor node refusal.Suppose the enemy a certain sensor node m that compromised, thereby obtained the secret value C on this sensor node
mBut the enemy can't pretend the checking that the base station is issued false program updates information and passed through other sensor nodes.Therefore, even under the situation that sensor node is compromised, the present invention also can ensure the fail safe of the program dynamic updating of sensor network.
Claims (1)
1. but the method for dynamically updating wireless sensor network program of a resisting compromised node attack is characterized in that comprising with the lower part:
1) before sensor node deployment,
A hash function is confirmed in the base station;
A base station selected Euclidean space; This Euclidean space is decomposed into first subspace and second subspace of quadrature; The dimension of said first subspace is k, and the dimension of said second subspace is n-k, wherein; N is the dimension of said Euclidean space, and k is the quantity of sensor node in the said wireless sensor network;
An identification identifier and the vector that belongs to first subspace are selected for each sensor node in the base station;
Said vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node; The base station is to sensor network radio program updating message; This program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding key hash message authentication code of each sensor node, said key hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the said program updating message according to the following steps:
I) sensor node extracts the key hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii) if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Wherein, The method of the validity of the renewal sequence number in the sensor node proving program updating message is: if the renewal sequence number in the program updating message is greater than the renewal sequence number of sensor node storage; Then sensor node thinks that the renewal sequence number in this program updating message is effectively, and replaces the renewal sequence number of sensor node storage with the renewal sequence number in the program updating message;
The method of the validity of the timestamp that the message in the sensor node proving program updating message is sent is: if the difference of the current time of timestamp that the message in the program updating message is sent and sensor node satisfies the relation shown in the following formula; Then sensor node thinks that the timestamp that this message is sent is effective
|Clock-t
j|<Δt
In the following formula, Clock representes the current time of sensor node, t
jThe timestamp that message in the representation program updating message is sent, Δ t are the time delay threshold value of the program updating message that pre-sets;
Iii) sensor node obtains the key hash message authentication code according to the vector that is loaded, with the key hash message authentication code that extracts in this key hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Wireless sensor network program dynamic updating method capable of resisting compromised node attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Wireless sensor network program dynamic updating method capable of resisting compromised node attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101765109A CN101765109A (en) | 2010-06-30 |
| CN101765109B true CN101765109B (en) | 2012-05-02 |
Family
ID=42496066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101550417A Expired - Fee Related CN101765109B (en) | 2009-12-14 | 2009-12-14 | Wireless sensor network program dynamic updating method capable of resisting compromised node attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101765109B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102547799A (en) * | 2010-12-22 | 2012-07-04 | 江苏联优信息科技有限公司 | Firmware management method of wireless sensing access multiplexing device |
| CN102238603A (en) * | 2011-08-12 | 2011-11-09 | 苏州鼎汗传感网技术有限公司 | Wireless sensor network updating method |
| CN102665196B (en) * | 2012-04-28 | 2014-11-05 | 清华大学 | On-line progressive program updating method for wireless sensor network |
| CN103324501B (en) * | 2013-05-28 | 2015-12-23 | 大连理工大学 | Wireless sensor network node software Efficient Remote update method |
| CN111614650B (en) * | 2020-05-14 | 2022-02-01 | 长沙学院 | Method and device for detecting compromised nodes in wireless sensor network |
| CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277265A (en) * | 2008-05-07 | 2008-10-01 | 浙江大学 | A Method for Accelerated Loading of ELF Files in Wireless Sensor Networks |
| CN101281479A (en) * | 2008-05-07 | 2008-10-08 | 浙江大学 | A method for dynamic memory allocation of wireless sensor network node operating system |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Identity-based wireless sensor network security trust method |
-
2009
- 2009-12-14 CN CN2009101550417A patent/CN101765109B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277265A (en) * | 2008-05-07 | 2008-10-01 | 浙江大学 | A Method for Accelerated Loading of ELF Files in Wireless Sensor Networks |
| CN101281479A (en) * | 2008-05-07 | 2008-10-08 | 浙江大学 | A method for dynamic memory allocation of wireless sensor network node operating system |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Identity-based wireless sensor network security trust method |
Non-Patent Citations (2)
| Title |
|---|
| 刘丽萍等.无线传感器网络连接问题研究.《兵工学报》.2007,第28卷(第9期),第1096-1101页. * |
| 贾晨军等.无线传感器网络中高效的基于身份的加密算法.《浙江大学学报(工学版)》.2009,第43卷(第8期),第1396-1400页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101765109A (en) | 2010-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101765109B (en) | Wireless sensor network program dynamic updating method capable of resisting compromised node attack | |
| JP5490898B2 (en) | Method and apparatus for deriving, communicating and / or verifying ownership of an expression | |
| He et al. | Secure data discovery and dissemination based on hash tree for wireless sensor networks | |
| CN101785277B (en) | Method and system of communication using extended sequence number | |
| US9524158B2 (en) | Managing firmware updates for integrated components within mobile devices | |
| He et al. | Security analysis and improvement of a secure and distributed reprogramming protocol for wireless sensor networks | |
| He et al. | DiCode: DoS-resistant and distributed code dissemination in wireless sensor networks | |
| WO2009108523A3 (en) | Method and system for mutual authentication of nodes in a wireless communication network | |
| WO2010088060A3 (en) | Authentication for a multi-tier wireless home mesh network | |
| CN116325847A (en) | Method and apparatus for authenticating a master station | |
| WO2018213496A1 (en) | Regulatory domain security techniques for wireless devices | |
| WO2018205148A1 (en) | Data packet checking method and device | |
| CN109845185A (en) | A kind of data transmission method, terminal, node device and system | |
| Miao et al. | A secure and efficient lightweight vehicle group authentication protocol in 5G networks | |
| CN103368731B (en) | Wireless sensor network security data based on Hash tree find and transmission method | |
| Spanghero et al. | Authenticated time for detecting GNSS attacks | |
| CN101877690B (en) | Broadcast authentication method for wireless network with limited node resource | |
| EP2874423B1 (en) | Data transmission method, access point and station | |
| US11916923B2 (en) | Method for restricting memory write access in IoT devices | |
| CN102421094B (en) | Distributed safety reprogramming method of wireless sensor network | |
| US20240391278A1 (en) | Two-way tire pressure monitoring system (tpms) learning and authenticated pairing | |
| US20200244465A1 (en) | Communication-Efficient Device Delegation | |
| EP2343667B1 (en) | Method, wireless access device and network device for platform integrity authentication | |
| KR101960583B1 (en) | Method for issuing a certificate | |
| EP3952239A1 (en) | Method and device for authenticating a base station |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 Termination date: 20171214 |