CN101765109B - Program dynamic updating method for wireless sensor network capable of resisting compromised node attack - Google Patents
Program dynamic updating method for wireless sensor network capable of resisting compromised node attack Download PDFInfo
- Publication number
- CN101765109B CN101765109B CN2009101550417A CN200910155041A CN101765109B CN 101765109 B CN101765109 B CN 101765109B CN 2009101550417 A CN2009101550417 A CN 2009101550417A CN 200910155041 A CN200910155041 A CN 200910155041A CN 101765109 B CN101765109 B CN 101765109B
- Authority
- CN
- China
- Prior art keywords
- sensor node
- message
- program
- program updating
- updating message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a program dynamic updating method for a wireless sensor network capable of resisting compromised node attack, comprising the following steps: before deploying sensor nodes, a base station determines a Hash function, selects a Euclidean space, and decomposes the Euclidean space into a first subspace and a second subspace which are orthogonal to each other; the base station selects an identifier for each sensor node and a vector belonging to the first subspace; the vector, the identifier and the Hash function are respectively loaded into each sensor node; and after deploying the sensor nodes, when updating programs, the base station broadcasts a program updating message to the sensor network, and each sensor node verifies the effectiveness of the message after receiving the program updating message. The program dynamic updating method has the advantages that the programs on all the sensor nodes can be updated only by sending one broadcast message through the base station; operation is simple, and reliability is high; and even certain nodes are compromised, the safety of the wireless sensor network can still be ensured.
Description
Technical field
The present invention relates to a kind of program (also be called as: software, down with) dynamically update method, belong to wireless communication field.
Background technology
In recent years, wireless sensor network receives academia and industrial quarters attention more and more widely because of its wide application prospect.In most of occasions, for new demand is provided, the program on all the sensors node need be upgraded in the base station.Yet, so far, a kind of update method of dynamic routine does not safely and effectively also appear.Some agreement use digital signature ensures the fail safe of program dynamic updating, but this method can consume a large amount of resources, is not useful on the resource-constrained sensor node; Some agreements adopts the matrix orthogonality principle to ensure the fail safe of program dynamic updating, though that this method is calculated cost is few, and the spoof attack that these agreements can't resisting compromised node be started.That is to say that in these agreements, the compromise node can successfully pretend the false program updating message of base station broadcast, and then control whole sensor network.
Summary of the invention
But-the object of the present invention is to provide a kind of method for dynamically updating wireless sensor network program of resisting compromised node attack.
The technical solution adopted for the present invention to solve the technical problems is following:
But the method for dynamically updating wireless sensor network program of resisting compromised node attack mainly comprises with the lower part:
1) before sensor node deployment,
A hash function is confirmed in the base station;
A base station selected Euclidean space; This Euclidean space is decomposed into first subspace and second subspace of quadrature; The dimension of said first subspace is k, and the dimension of said second subspace is n-k, wherein; N is the dimension of said Euclidean space, and k is the quantity of sensor node in the said wireless sensor network;
An identification identifier and the vector that belongs to first subspace are selected for each sensor node in the base station;
Said vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node; The base station is to sensor network radio program updating message; This program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding key hash message authentication code of each sensor node, said key hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the said program updating message according to the following steps:
I. sensor node extracts the key hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii. if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Iii. sensor node obtains the key hash message authentication code according to the vector that is loaded, with the key hash message authentication code that extracts in this key hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Compared with prior art, the advantage that has of the present invention is:
(1) arbitrary sensor node m even the enemy has compromised, thus secret value C obtained
mBut the enemy issues false program updates information and the checking through other sensor nodes at the base station that can't disguise oneself as, even therefore some node is compromised, the fail safe of this wireless sensor network still can be protected;
(2) ensure (comprising hash function, matrix quadrature and key hash message authentication code) fail safe of wireless sensor network through simple calculations, reliability is high, therefore is particularly suitable for resource-constrained wireless sensor network;
(3) in order to upgrade the program on all the sensors node, a broadcast only need be sent in the base station just can upgrade the program on all the sensors node.
Description of drawings
Fig. 1 is the workflow diagram of method for dynamically updating wireless sensor network program of the present invention.
Embodiment
Relevant technical term is following:
The M program
X
PidThe identifier of program M
X
VerThe version of program M
HMAC () key hash message authentication code (keyed hash message authentication code)
The dot product of AB matrix A and matrix B
A
TThe transposition of matrix A
|| polyphone connects operation
ID
iThe identifier of node i
Referring to Fig. 1, but the method for dynamically updating wireless sensor network program of the present invention's resisting compromised node attack is following:
A. before sensor node deployment, a hash function h is confirmed in the base station; And the Euclidean space V of base station selected n dimension is decomposed into the subspace of two quadratures, the i.e. first subspace V with V
1With the second subspace V
2, V wherein
1Be the k dimension, V
2Be the n-k dimension, wherein, k is the quantity of all the sensors node of this wireless sensor network.In addition, the base station is that each sensor node i selects an identification identifier ID
iWith one belong to V
1Vectorial C
i, i=1,2K, k, C
iLength should be enough this C to avoid guessing greatly with the method for exhaustion
i, C for example
iLength can be 512 bits.Vector C
i, hash function h and identification identifier ID
iBe installed in each sensor node.
B. behind sensor node deployment, when the base station need be upgraded the program on all the sensors node, the base station was to all sensor node broadcasts program updating message M
Adv (j),
ID
k, HMAC (C
k, (j||t
j|| M||ID
k|| X
Pid|| X
Ver)), j=1 wherein, 2Kk, the j representation program upgrades sequence number, t
jMessage M is sent in expression
Adv (j)Timestamp, the program after M representes to upgrade.
C. work as arbitrary sensor node i and receive message M
Adv (j)The time, for this message is verified, need carry out following operation:
1) sensor node i is according to the identifier ID of oneself
i, extract oneself key hash message authentication code HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)).
2) validity of checking j is if j is less than or equal to the j that is stored in node
*The time, this message of sensor node refusal; Otherwise sensor node thinks that j is fresh and replaces j with j
*(when initial, the j of node storage
*=0).And continuation checking t
jValidity, the current time of sensor node is Clock, if | Clock-t
j|<Δ t, get into next step, otherwise this message of sensor node refusal.Here Δ t is the time delay threshold value of the program updating message that pre-sets.
3) sensor node is according to the C of oneself
iCalculate HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)), with the HMAC (C that calculates
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) with 1) and in the HMAC (C that extracts
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) compare, if equate that sensor node is accepted this broadcast and upgraded the program of self; Otherwise this message of sensor node refusal;
Each sensor node carries out above a series of check to the program updates broadcast of being received, if this message can be through above whole check, then this sensor node is accepted this broadcast; Otherwise, this this broadcast of sensor node refusal.Suppose the enemy a certain sensor node m that compromised, thereby obtained the secret value C on this sensor node
mBut the enemy can't pretend the checking that the base station is issued false program updates information and passed through other sensor nodes.Therefore, even under the situation that sensor node is compromised, the present invention also can ensure the fail safe of the program dynamic updating of sensor network.
Claims (1)
1. but the method for dynamically updating wireless sensor network program of a resisting compromised node attack is characterized in that comprising with the lower part:
1) before sensor node deployment,
A hash function is confirmed in the base station;
A base station selected Euclidean space; This Euclidean space is decomposed into first subspace and second subspace of quadrature; The dimension of said first subspace is k, and the dimension of said second subspace is n-k, wherein; N is the dimension of said Euclidean space, and k is the quantity of sensor node in the said wireless sensor network;
An identification identifier and the vector that belongs to first subspace are selected for each sensor node in the base station;
Said vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node; The base station is to sensor network radio program updating message; This program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding key hash message authentication code of each sensor node, said key hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the said program updating message according to the following steps:
I) sensor node extracts the key hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii) if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Wherein, The method of the validity of the renewal sequence number in the sensor node proving program updating message is: if the renewal sequence number in the program updating message is greater than the renewal sequence number of sensor node storage; Then sensor node thinks that the renewal sequence number in this program updating message is effectively, and replaces the renewal sequence number of sensor node storage with the renewal sequence number in the program updating message;
The method of the validity of the timestamp that the message in the sensor node proving program updating message is sent is: if the difference of the current time of timestamp that the message in the program updating message is sent and sensor node satisfies the relation shown in the following formula; Then sensor node thinks that the timestamp that this message is sent is effective
|Clock-t
j|<Δt
In the following formula, Clock representes the current time of sensor node, t
jThe timestamp that message in the representation program updating message is sent, Δ t are the time delay threshold value of the program updating message that pre-sets;
Iii) sensor node obtains the key hash message authentication code according to the vector that is loaded, with the key hash message authentication code that extracts in this key hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101765109A CN101765109A (en) | 2010-06-30 |
| CN101765109B true CN101765109B (en) | 2012-05-02 |
Family
ID=42496066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101550417A Expired - Fee Related CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101765109B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102547799A (en) * | 2010-12-22 | 2012-07-04 | 江苏联优信息科技有限公司 | Firmware management method of wireless sensing access multiplexing device |
| CN102238603A (en) * | 2011-08-12 | 2011-11-09 | 苏州鼎汗传感网技术有限公司 | Wireless sensor network updating method |
| CN102665196B (en) * | 2012-04-28 | 2014-11-05 | 清华大学 | On-line progressive program updating method for wireless sensor network |
| CN103324501B (en) * | 2013-05-28 | 2015-12-23 | 大连理工大学 | Wireless sensor network node software Efficient Remote update method |
| CN111614650B (en) * | 2020-05-14 | 2022-02-01 | 长沙学院 | Method and device for detecting compromised nodes in wireless sensor network |
| CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277265A (en) * | 2008-05-07 | 2008-10-01 | 浙江大学 | Method for accelerating loading ELF document in wireless sensing network |
| CN101281479A (en) * | 2008-05-07 | 2008-10-08 | 浙江大学 | Method for dynamically allocating internal memory for wireless sensing network node operating system |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
-
2009
- 2009-12-14 CN CN2009101550417A patent/CN101765109B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277265A (en) * | 2008-05-07 | 2008-10-01 | 浙江大学 | Method for accelerating loading ELF document in wireless sensing network |
| CN101281479A (en) * | 2008-05-07 | 2008-10-08 | 浙江大学 | Method for dynamically allocating internal memory for wireless sensing network node operating system |
| CN101600198A (en) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | Wireless sensor network security trust method based on identity |
Non-Patent Citations (2)
| Title |
|---|
| 刘丽萍等.无线传感器网络连接问题研究.《兵工学报》.2007,第28卷(第9期),第1096-1101页. * |
| 贾晨军等.无线传感器网络中高效的基于身份的加密算法.《浙江大学学报(工学版)》.2009,第43卷(第8期),第1396-1400页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101765109A (en) | 2010-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101765109B (en) | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack | |
| Conti et al. | Emergent properties: detection of the node-capture attack in mobile wireless sensor networks | |
| CN102577462B (en) | Methods and apparatus for deriving, communicating and/or verifying ownership of expressions | |
| He et al. | Secure data discovery and dissemination based on hash tree for wireless sensor networks | |
| WO2020095938A1 (en) | Apparatus and method | |
| CN103595530A (en) | Software secret key updating method and device | |
| CN101720086B (en) | Identity protection method for mobile communication user | |
| CN102917313B (en) | Method suitable for broadcast authentication of wireless sensor network | |
| CN105379190A (en) | System and method for indicating service set identifier | |
| WO2010088060A3 (en) | Authentication for a multi-tier wireless home mesh network | |
| US20180338244A1 (en) | Regulatory domain security techniques for wireless devices | |
| CN116325847A (en) | Method and apparatus for authenticating a master station | |
| CN109845185A (en) | A kind of data transmission method, terminal, node device and system | |
| CN108924827A (en) | A kind of fast access method and system of wireless network | |
| CN103368731B (en) | Wireless sensor network security data based on Hash tree find and transmission method | |
| EP3915304A1 (en) | Iab initial access | |
| Jin et al. | DoS-resilient cooperative beacon verification for vehicular communication systems | |
| CN104618090A (en) | Group key management method applicable to heterogeneous sensor network | |
| CN103209453B (en) | Trust routing algorithm of wireless sensor network based on topological structure | |
| EP2874423B1 (en) | Data transmission method, access point and station | |
| CN101742577B (en) | Method and base station of verifying user equipment identifier | |
| CN102421094B (en) | Distributed safety reprogramming method of wireless sensor network | |
| CN111527731B (en) | Method for limiting memory write access in IOT devices | |
| CN100581171C (en) | Handshake protocol method suitable for ultra-wide band network | |
| JPWO2022029149A5 (en) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 Termination date: 20171214 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |