CN102917313A - Method suitable for broadcast authentication of wireless sensor network - Google Patents

Method suitable for broadcast authentication of wireless sensor network Download PDF

Info

Publication number
CN102917313A
CN102917313A CN2012103949832A CN201210394983A CN102917313A CN 102917313 A CN102917313 A CN 102917313A CN 2012103949832 A CN2012103949832 A CN 2012103949832A CN 201210394983 A CN201210394983 A CN 201210394983A CN 102917313 A CN102917313 A CN 102917313A
Authority
CN
China
Prior art keywords
broadcast
message
wireless sensor
base station
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103949832A
Other languages
Chinese (zh)
Other versions
CN102917313B (en
Inventor
王浩
方闻娟
李玉
王平
李昊阳
孙浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201210394983.2A priority Critical patent/CN102917313B/en
Publication of CN102917313A publication Critical patent/CN102917313A/en
Application granted granted Critical
Publication of CN102917313B publication Critical patent/CN102917313B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a wireless sensor network broadcast authentication method based on a Chinese remainder theorem, and aims to solve the problems of origin authentication and message integrity of a broadcast data package in a wireless sensor network. The wireless sensor network broadcast authentication method comprises the following steps that: a base station takes a unique solution of a congruence equation set of the Chinese remainder theorem as a 'signature' of a message to construct the broadcast data package and sends the broadcast data package; and a receiving party recovers a message authentication code (MAC) according to the 'signature' of in the broadcast data package, generates the message authentication code through the message and pair secret keys in the broadcast data package, and finishes the authentication operation on the broadcast data package by comparing whether the MACs are equal. According to the method suitable for the broadcast authentication of the wireless sensor network, a complex secret key management mechanism is unnecessary in the whole wireless sensor network, the instant authentication, the tolerance package losing and the like on an optional broadcast message can be realized, and according to the method, the capabilities of replay attack resistance, DOC (Disk Operating System) attack resistance, and node trapping resistance also can be realized.

Description

一种适用于无线传感器网络广播认证的方法A method suitable for broadcast authentication of wireless sensor networks

技术领域 technical field

本发明涉及一种无线传感器网络,尤其涉及无线传感器网络的广播认证方法。The invention relates to a wireless sensor network, in particular to a broadcast authentication method of the wireless sensor network.

背景技术 Background technique

随着传感器技术和无线网络技术的飞速发展,无线传感器网络作为新兴的下一代传感器网络,具有广阔的应用前景,是目前非常活跃的一个领域。无线传感器网络在节点数量、节点组成、组网方式、应用领域等方面明显区别于因特网、移动自组网等传统网络形式,具有鲜明的特点,目前己成为研究人员和产业界关注的热点领域。这些特征意味着无线传感器网络在军用和民用中的应用非常广泛。With the rapid development of sensor technology and wireless network technology, wireless sensor network, as an emerging next-generation sensor network, has broad application prospects and is currently a very active field. Wireless sensor networks are obviously different from traditional network forms such as the Internet and mobile ad hoc networks in terms of the number of nodes, node composition, networking methods, and application fields. These characteristics mean that wireless sensor networks are widely used in military and civilian applications.

无线传感器网络是一个以数据为中心的网络,是一种全新的信息获取平台。无线传感器网络管理者通常需要发送控制信息、管理信息和查询信息等指令,为了减小通信开销和网络带宽,广播作为解决问题有效通信方式。由于无线链路的开放性,一方面恶意节点会冒充合法节点发送非法广播数据包,另一方面在发送广播数据包的过程中很容易受到恶意攻击者篡改和插入虚假。为了保证广播源的合法性和消息的完整性,无线传感器网络需要最基本的广播认证机制。Wireless sensor network is a data-centric network and a new information acquisition platform. Wireless sensor network managers usually need to send commands such as control information, management information, and query information. In order to reduce communication overhead and network bandwidth, broadcasting is an effective communication method to solve problems. Due to the openness of the wireless link, on the one hand, malicious nodes will pretend to be legitimate nodes to send illegal broadcast data packets; In order to ensure the legitimacy of the broadcast source and the integrity of the message, the wireless sensor network needs the most basic broadcast authentication mechanism.

目前,关于无线传感器网络广播认证的研究主要集中在使用非对称密钥体制和对称密钥体制。1、基于非对称密钥体制的方法,由王汝传等人提出的基于分级安全的广播认证设计方法,申请号200910184933.X,申请日2009-10-21的中国专利申请。基站通过数字签名算法将信息签名后发给簇头,簇头通过阈值判断安全需求的高低,再根据安全需求选择簇头发送广播数据包给簇内节点的方式是采用数字签名还是使用单向hash链生成消息认证码。该发明虽然最大限度减小协议的开销,但是基站发送广播包给簇头采用数字签名仍需要较高的计算、通信和存储开销,目前难以适用于资源受限的传感器网络。2、基于对称的密钥体系的方法,由杜志强等人提出的一种资源受限的无线传感网络的广播认证方法,申请号为200910021834.X,申请日2009-04-03。该发明采用单向链和Merkle树实现高效的μTESLA参数分发,后续使用μTESLA协议进行广播认证。该发明适用于大规模、多广播节点的无线传感网络,但存在广播数据包认证延迟、易受DOS攻击等问题。At present, the research on broadcast authentication of wireless sensor networks mainly focuses on the use of asymmetric key system and symmetric key system. 1. The method based on the asymmetric key system, the design method of broadcast authentication based on hierarchical security proposed by Wang Ruchuan et al., the application number is 200910184933.X, and the Chinese patent application date is 2009-10-21. The base station signs the information through the digital signature algorithm and sends it to the cluster head. The cluster head judges the level of security requirements through the threshold, and then selects whether the cluster head sends the broadcast data packet to the nodes in the cluster according to the security requirements. Digital signature or one-way hash chain to generate message authentication codes. Although the invention minimizes the overhead of the protocol, it still requires high computing, communication, and storage overheads when the base station sends broadcast packets to the cluster heads to adopt digital signatures, and it is currently difficult to apply to resource-constrained sensor networks. 2. A method based on a symmetric key system, a broadcast authentication method for resource-constrained wireless sensor networks proposed by Du Zhiqiang et al., the application number is 200910021834.X, and the application date is 2009-04-03. The invention uses one-way chain and Merkle tree to realize efficient μTESLA parameter distribution, and then uses μTESLA protocol for broadcast authentication. The invention is suitable for large-scale wireless sensor networks with multiple broadcast nodes, but there are problems such as delay in broadcast data packet authentication, vulnerability to DOS attacks, and the like.

综上所述,现有的一些方法,虽然在实现无线传感器网络广播认证方面取得了一些成果,但是都无法完全满足其基本性能需求,存在计算、通信和存储开销过大,易导致DOS攻击,引入延迟认证,以及事先需要网络中所有节点时间同步等问题。In summary, although some existing methods have achieved some results in the realization of wireless sensor network broadcast authentication, they cannot fully meet their basic performance requirements, and there are too many calculation, communication and storage overheads, which easily lead to DOS attacks. Introduce delayed authentication, and the need for time synchronization of all nodes in the network in advance.

发明内容 Contents of the invention

鉴于上述问题,本发明提出了一种适用于无线传感器网络广播认证的方法。In view of the above problems, the present invention proposes a broadcast authentication method suitable for wireless sensor networks.

本发明解决上述技术问题的技术方案是,采用基于中国剩余定理的推论以及中国剩余定理同余方程组的唯一解实现广播数据包的源认证和消息完整性认证。同时,能满足无线广播数据包的立即认证、随机广播、容忍包丢失、抗DOS攻击等重要需求。The technical solution of the present invention to solve the above technical problems is to use the deduction based on the Chinese remainder theorem and the unique solution of the congruence equations of the Chinese remainder theorem to realize the source authentication and message integrity authentication of the broadcast data packets. At the same time, it can meet important requirements such as immediate authentication of wireless broadcast data packets, random broadcast, tolerance of packet loss, and resistance to DOS attacks.

本发明的技术方案实现如下:一种基于中国剩余定理的无线传感器网络广播认证方法,包括以下步骤:The technical solution of the present invention is realized as follows: a wireless sensor network broadcast authentication method based on the Chinese remainder theorem, comprising the following steps:

S1:组网前,基站进行系统初始化配置并且传感器节点预存储初始化参数;S1: Before networking, the base station performs system initialization configuration and sensor nodes pre-store initialization parameters;

S2:基站通过与网内各节点的对密钥生成相应的消息认证码MAC,构造同余方程组;S2: the base station generates a corresponding message authentication code MAC through the key pair of each node in the network, and constructs a congruence equation group;

S3:解方程组,基站将同余方程组的唯一解作为“签名”,将广播消息、计数器值和签名顺序连接从而构造广播数据包并发送;S3: solving the equation group, the base station uses the unique solution of the congruence equation group as a "signature", and sequentially connects the broadcast message, the counter value and the signature to construct a broadcast data packet and send it;

S4:接收方收到广播数据包后,利用对密钥和广播数据包中的广播消息m以及计数器的值CB生成消息认证码

Figure BDA0000226702911
;S4: After receiving the broadcast data packet, the receiver uses the key and the broadcast message m in the broadcast data packet and the value C B of the counter to generate a message authentication code
Figure BDA0000226702911
;

S5:由广播包中的“签名”恢复出消息认证码MAC;S5: recover the message authentication code MAC by the "signature" in the broadcast packet;

S6:判断广播消息认证码与恢复的消息认证码MAC是否相等,若相等,则广播认证成功;反之,认证失败,丢弃广播数据包。S6: judging broadcast message authentication code Whether it is equal to the restored message authentication code MAC, if they are equal, the broadcast authentication is successful; otherwise, the authentication fails, and the broadcast data packet is discarded.

进一步,基站进行系统初始化配置包括三方面:其一,基站根据无线传感器网络布局的节点总数k,生成k个大于2c-1并且两两互质的正整数(n1,n2…nk),其中c为消息认证码的位长度;其二,基站预存储与各传感器节点的对密钥;其三,基站还配置单调递增计数器,计数器的值记作CB,每发一次广播包,计数器值CB加一。Further, the system initialization configuration of the base station includes three aspects: first, the base station generates k positive integers (n 1 , n 2 ...n k ), where c is the bit length of the message authentication code; second, the base station pre-stores the key pair with each sensor node; third, the base station is also configured with a monotonically increasing counter, and the value of the counter is denoted as C B , and each time a broadcast packet is sent , the counter value C B is increased by one.

进一步,所述接收传感器节点预存储初始化参数是将n1,n2…nk分别一一对应预存储到每个节点中。此外,各节点预配置与基站对应的唯一对密钥KBi,,其中i=1,2…k。Further, the receiving sensor node pre-stored initialization parameters is to pre-store n 1 , n 2 . . . n k in each node in a one-to-one correspondence. In addition, each node pre-configures a unique pair key K Bi, corresponding to the base station, where i=1, 2...k.

进一步,所述基站生成消息的“签名”,利用基站与各接收节点的对密钥生成k个消息认证码,将其作为方程组各等式的余数,基站初始化时预配置的k个两两互素的正整数作为方程组的模,建立基于中国剩余定理的同余方程组,并得出同余组的唯一解作为广播消息的“签名”,所述中国剩余定理同余方程组具体为:Further, the base station generates a "signature" of the message, and uses the key pair between the base station and each receiving node to generate k message authentication codes, which are used as the remainder of each equation of the equation system, and the k two-twos pre-configured during the initialization of the base station Reciprocal positive integers are used as the modulus of the system of equations, and a system of congruence equations based on the Chinese remainder theorem is established, and the unique solution of the congruence group is obtained as the "signature" of the broadcast message. The congruence equation system of the Chinese remainder theorem is specifically :

其中,将消息认证码MACi记作Mi(i=1,2…k);求解上述方程组的唯一解为:

Figure BDA0000226702914
NiyiMimodN,其中,N=n1n2…nk;Ni=N/ni;Niyi≡1mod ni, i=1,2…k。Among them, the message authentication code MAC i is recorded as M i (i=1,2...k); the only solution to solve the above equations is:
Figure BDA0000226702914
N i y i M i modN, wherein, N=n 1 n 2 ...n k ; N i =N/n i ; N i y i ≡1 mod n i , i=1,2...k.

接收方提取收到广播数据包中的“签名”X,由“签名”和预存储的素数ni,通过计算MACi=X mod ni恢复得到消息认证码MACiThe receiver extracts the "signature" X in the received broadcast data packet, and recovers the message authentication code MAC i by calculating MAC i =X mod n i from the "signature" and the pre-stored prime number n i .

本发明提出了一种适用于无线传感器网络广播认证的方法,通过使用本发明提出的方法可以解决无线传感器网络的广播认证问题,能实现对广播数据包的立即认证,容忍包丢失,抗节点捕获和抗重放攻击等重要广播认证的需求。立即认证使得在发送和验证消息之前发送者和接受者无需缓存广播数据包,从而可以克服广播数据包认证延迟,有效的抵御DOS攻击。The present invention proposes a method suitable for broadcast authentication of wireless sensor networks. By using the method proposed by the present invention, the problem of broadcast authentication of wireless sensor networks can be solved, immediate authentication of broadcast data packets can be realized, packet loss is tolerated, and node capture is resistant and anti-replay attacks and other important broadcast authentication requirements. Immediate authentication eliminates the need for the sender and receiver to cache broadcast data packets before sending and verifying messages, thereby overcoming the delay in broadcast data packet authentication and effectively resisting DOS attacks.

本发明的其它优点、目标和特征在某种程度上将在随后的说明书中进行阐述,并且,对本领域技术人员而言将是显而易见的,或者可以从本发明的实践中得到教导。本发明的目标和其它优点可以通过下面的说明书,权利要求书,以及附图中所特别指出的结构来实现和获得。Additional advantages, objects and features of the invention will be set forth in part in the description which follows, and will be apparent to those skilled in the art, or can be taught by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明 Description of drawings

图1为本发明无线传感器网络广播认证的流程图;Fig. 1 is the flowchart of wireless sensor network broadcast authentication of the present invention;

图2为生成广播消息签名的流程图;Fig. 2 is the flowchart of generating broadcast message signature;

图3为接收节点认证广播消息流程图。Fig. 3 is a flow chart of receiving a node authentication broadcast message.

具体实施方式 Detailed ways

本发明由于广播消息“签名”的长度可能会随接收方数量的增加而增加,因此,适用于规模不大、需要立即认证、安全性较高且不宜采用公私钥机制进行签名的广播应用场景。例如,运用在小区安防或智能家居控制等小型无线传感器网络中,在实现小区安防的管理控制中,控制台广播程序初始化指令、管理指令、报警指令等,接收方均可过滤掉非法节点发送,伪造和篡改信息。针对大规模的分簇拓扑传感网络,可以将本发明运用在基站与簇首之间的广播通信,簇首节点对簇内节点广播,这样通过逐级广播,实现在全网范围内对广播数据包的认证。Since the length of the broadcast message "signature" may increase with the increase of the number of recipients, the present invention is suitable for broadcast application scenarios that are not large in scale, require immediate authentication, have high security, and are not suitable for signatures using public-private key mechanisms. For example, it is used in small wireless sensor networks such as community security or smart home control. In the management and control of community security, the console broadcasts program initialization commands, management commands, alarm commands, etc., and the receiver can filter out illegal nodes. falsification and falsification of information. For a large-scale cluster topology sensor network, the present invention can be applied to the broadcast communication between the base station and the cluster head, and the cluster head node broadcasts to the nodes in the cluster. In this way, broadcast Authentication of packets.

以下将结合附图及实施例对本发明进行详细的描述。下面将结合附图对本发明作进一步的详细描述:The present invention will be described in detail below with reference to the drawings and embodiments. The present invention will be described in further detail below in conjunction with accompanying drawing:

图1为本发明无线传感器网络广播认证的流程图。为了更清晰易懂地描述本发明的设计思路,本发明可采用三个阶段实施:系统初始化,广播消息签名,广播消息认证。本实施例的各种数据和方法,仅是作为明晰实施方法的一个特例。本专利的应用不限于实施例中的数据、方法等。FIG. 1 is a flow chart of wireless sensor network broadcast authentication in the present invention. In order to describe the design idea of the present invention more clearly and easily, the present invention can be implemented in three stages: system initialization, broadcast message signature, and broadcast message authentication. The various data and methods in this embodiment are only a special case of a clear implementation method. The application of this patent is not limited to the data, methods, etc. in the examples.

1)系统初始化。如基站节点数为k,消息认证码长度为c。1) System initialization. For example, the number of base station nodes is k, and the length of the message authentication code is c.

1.1)基站生成比特长度为c的消息认证码。1.1) The base station generates a message authentication code with a bit length c.

1.2)基站根据本基站范围内无线传感器网络所布局的节点总数k,生成k个大于2c-1并且两两互素的正整数(n1,n2…nk)作为中国剩余定理的模。1.2) The base station generates k positive integers (n 1 ,n 2 ...n k ) that are greater than 2 c -1 and mutually prime according to the total number of nodes k deployed in the wireless sensor network within the scope of the base station as the modulus of the Chinese remainder theorem .

1.3)将两两互素的正整数(n1,n2…nk)分别一一对应预存储到网内相应节点中。各节点配置与基站对应的唯一对密钥KBi,其中i=1,2…k;1.3) Pre-store pairwise mutually prime positive integers (n 1 , n 2 ...n k ) in corresponding nodes in the network in one-to-one correspondence. Each node is configured with a unique pair key K Bi corresponding to the base station, where i=1, 2...k;

1.4)基站配置一个单调递增计数器,计数器的值记作CB,每发一次广播包,计数器值CB加一;1.4) The base station is configured with a monotonically increasing counter, and the value of the counter is denoted as C B , and each time a broadcast packet is sent, the counter value C B is increased by one;

2)广播消息签名2) Broadcast message signature

图2为基站生成广播消息签名的流程图,其具体步骤如下:Fig. 2 is the flowchart of base station generating broadcast message signature, and its specific steps are as follows:

2.1)基站中算法模块用与各接收节点Si之间对应的密钥KBi根据公式MACi=H(m‖CB, KBi) 为广播消息m计算广播消息认证码MACi,从而获得k个消息认证码,其中‖为连接符;i=1,2…k;H(·)表示Hash函数,CB是基站中单调递增计数器产生的计数器值,提供对广播包的强新鲜性认证。2.1) The algorithm module in the base station uses the key K Bi corresponding to each receiving node S i to calculate the broadcast message authentication code MAC i for the broadcast message m according to the formula MAC i =H(m∥C B , K Bi ), thus obtaining k message authentication codes, where ‖ is a connector; i=1, 2...k; H(·) represents a Hash function, and C B is the counter value generated by a monotonically increasing counter in the base station, providing strong freshness authentication for broadcast packets .

2.2)基站构建同余方程组,将k个消息认证码(MAC1,MAC2…MACk)作为方程组各等式的余数,基站生成的k个两两互素的正整数(n1,n2…nk)作为方程组各等式的模。为了方便同余方程组的表示,将消息认证码MACi记作Mi(i=1,2…k),建立下列中国剩余定理(CRT)同余方程组:2.2) The base station constructs a congruence equation group, and takes k message authentication codes (MAC 1 , MAC 2 ...MAC k ) as the remainder of each equation of the equation group, and the base station generates k pairwise mutually prime positive integers (n 1 , n 2 …n k ) as the modulus of each equation of the system of equations. In order to facilitate the expression of congruence equations, the message authentication code MAC i is denoted as M i (i=1,2...k), and the following Chinese remainder theorem (CRT) congruence equations are established:

Figure BDA0000226702915
Figure BDA0000226702915

求解上述方程组唯一的解:

Figure BDA0000226702916
 NiyiMimodN;其中,N=n1n2…nk;Ni=N/ni;Niyi≡1mod ni, i=1,2…k。Find the unique solution to the above system of equations:
Figure BDA0000226702916
N i y i M i modN; wherein, N=n 1 n 2 ...n k ; N i =N/n i ; N i y i ≡1 mod n i , i=1,2...k.

计算同余方程组得出唯一解X,将X称作广播消息的“签名”。Computing the system of congruence equations leads to a unique solution X, which is called the "signature" of the broadcast message.

2.3)基站将广播消息m、单调递增计数器的值CB和签名X顺序连接,从而构造广播包记作<m‖CB,X>,将该广播包发送给网络内的所有节点。2.3) The base station sequentially connects the broadcast message m, the value C B of the monotonically increasing counter, and the signature X to construct a broadcast packet denoted as <m‖C B ,X>, and send the broadcast packet to all nodes in the network.

3)接收节点认证广播消息3) Receive node authentication broadcast message

图3为传感器节点收到该广播数据包后认证广播消息的流程图。Fig. 3 is a flow chart of authenticating the broadcast message after the sensor node receives the broadcast data packet.

3.1) 接收节点Si首先检查所接收的广播包中计数器值CB是否大于上次收到广播包中的计数器值C′B,如果CB≤C′B,则丢弃广播包;如果CB>C′B,则转至步骤3.2)继续认证。3.1) The receiving node S i first checks whether the counter value C B in the received broadcast packet is greater than the counter value C′ B in the broadcast packet received last time, if C B ≤ C′ B , discard the broadcast packet; if C B >C′ B , go to step 3.2) to continue authentication.

3.2) 接收节点Si根据帧格式提取广播数据包<m‖CB,X>中的签名X,根据公式X mod ni恢复获得第i个接收节点的消息认证码MACi3.2) The receiving node S i extracts the signature X in the broadcast data packet <m∥C B ,X> according to the frame format, and restores and obtains the message authentication code MAC i of the i-th receiving node according to the formula X mod n i .

3.3)然后接收节点Si根据自己与基站唯一的对密钥KBi,以及当前接收到广播包中的广播消息m以及计数器值CB,根据公式

Figure BDA0000226702918
计算消息认证码,其中,‖为连接符,H(·)表示Hash函数。3.3) Then the receiving node S i is based on the unique pair key K Bi between itself and the base station, as well as the broadcast message m in the currently received broadcast packet and the counter value C B , according to the formula
Figure BDA0000226702918
Calculate message authentication code , where, ‖ is a connector, and H(·) represents a Hash function.

3.4)接收节点Si比较消息认证码MACi

Figure BDA00002267029110
是否相等,若
Figure BDA00002267029111
,则广播认证失败,丢弃广播数据包;若
Figure BDA00002267029112
,则广播认证成功,接收广播数据包。3.4) The receiving node S i compares the message authentication code MAC i with
Figure BDA00002267029110
are equal, if
Figure BDA00002267029111
, the broadcast authentication fails, and the broadcast data packet is discarded; if
Figure BDA00002267029112
, the broadcast authentication is successful, and the broadcast data packet is received.

本发明中,广播数据包的认证是单独进行的,不依赖于其他广播包,广播包的丢失对其他广播包的认证没有任何影响,因此能够容忍报文的丢失。由于广播者(基站)使用它与各接收方唯一的对密钥计算广播消息认证码,因此只有广播者才可以计算出正确的签名。并且每个节点只能使用它与广播者的对密钥才能对收到的签名进行认证。而各自的对密钥只有广播者和对应的节点知道,因此,如果接收节点被俘虏无助于攻击者生成合法的广播数据包,不会影响广播者与其他节点之间的通信和对广播的认证。In the present invention, the authentication of broadcast data packets is carried out independently without depending on other broadcast packets, and the loss of broadcast packets has no influence on the authentication of other broadcast packets, so the loss of messages can be tolerated. Since the broadcaster (base station) uses its unique pair key with each receiver to calculate the broadcast message authentication code, only the broadcaster can calculate the correct signature. And each node can only use its key pair with the broadcaster to authenticate the received signature. The respective pair keys are only known by the broadcaster and the corresponding node. Therefore, if the receiving node is captured, it will not help the attacker to generate a legitimate broadcast packet, and will not affect the communication between the broadcaster and other nodes and the communication between the broadcaster and other nodes. certified.

Claims (3)

1. wireless sensor network broadcast authentication method based on Chinese remainder theorem is characterized in that: may further comprise the steps:
The base station is according to wireless sensor node sum k in this base station scope, and pre-configured k greater than 2 c-1 and coprime positive integer (n in twos 1, n 2N k), every the broadcast packet in base station, Counter Value C BAdd one;
With coprime in twos positive integer (n 1, n 2N k) respectively one by one corresponding pre-stored in the net in the respective nodes.Unique to key K corresponding with the base station of each node configuration Bi, i=1 wherein, 2 ... k;
The base station is according to key K BiBe that broadcast is calculated k message authentication code by the message authentication code generating algorithm;
The base station is with k message authentication code (MAC 1, MAC 2MAC k) as the remainder of each equation of Chinese remainder theorem congruence equations, with positive integer (n 1, n 2N k) as the mould of each equation of congruence equations, make up congruence equations; Calculate congruence equations and draw unique solution X, with " signature " of X as broadcast, and then structure broadcast packet<m ‖ C B, X 〉, and with broadcast packet send to the net in all nodes;
Receiving node S iReceive broadcast packet<m ‖ C B, X〉after, the signature X in the broadcast packet extracted, according to formula MAC i=X mod n iObtain receiving node S iBroadcast authentication code MAC i, receiving node S iAccording to the message m sum counter value C that receives in the broadcast packet BAnd with the base station share unique to key K Bi, by the message authentication code calculation
Figure FDA0000226702901
Calculate message authentication code Compare MAC iWith
Figure FDA0000226702903
Whether equate, if , then broadcast authentication failure abandons broadcast data packet; If
Figure FDA0000226702905
, then broadcast authentication success receives broadcast data packet.
2. wireless sensor network broadcast authentication method according to claim 1 is characterized in that: described base station is specially by the Chinese remainder theorem congruence equations that message authentication code and coprime positive integer make up:
Figure FDA0000226702906
Wherein, M i(i=1,2 ... k) be message authentication code MAC iThe unique solution of finding the solution above-mentioned equation group is: N iy iM iModN, wherein, N=n 1n 2N kN i=N/n iN iy i≡ 1mod n i, i=1,2 ... k.
3. wireless sensor network broadcast authentication method according to claim 1 is characterized in that: recipient S iAfter receiving broadcast packet, according to the value C of current counter BWith the front value C ' that once receives the broadcast packet Counter BRelatively, if C ' B≤ C B, abandon this broadcast packet.
CN201210394983.2A 2012-10-17 2012-10-17 Method suitable for broadcast authentication of wireless sensor network Active CN102917313B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210394983.2A CN102917313B (en) 2012-10-17 2012-10-17 Method suitable for broadcast authentication of wireless sensor network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210394983.2A CN102917313B (en) 2012-10-17 2012-10-17 Method suitable for broadcast authentication of wireless sensor network

Publications (2)

Publication Number Publication Date
CN102917313A true CN102917313A (en) 2013-02-06
CN102917313B CN102917313B (en) 2015-05-27

Family

ID=47615512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210394983.2A Active CN102917313B (en) 2012-10-17 2012-10-17 Method suitable for broadcast authentication of wireless sensor network

Country Status (1)

Country Link
CN (1) CN102917313B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532667A (en) * 2013-09-30 2014-01-22 西安电子科技大学 Reliable wireless sensor network data transmission method based on Chinese remainder theorem
CN103560998A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method and system for wireless sensor network to resist DoS attacks
CN103905999A (en) * 2014-03-18 2014-07-02 重庆邮电大学 Multi-user broadcast authentication method suitable for wireless sensor network
CN104101376A (en) * 2013-04-09 2014-10-15 罗伯特·博世有限公司 Sensor module and method for operating a sensor module
CN103200563B (en) * 2013-03-28 2016-06-29 重庆邮电大学 A kind of subliminal channel anonymous communication method based on authentication code
CN105933277A (en) * 2015-02-26 2016-09-07 瑞萨电子株式会社 Communication system and communication device
CN106304046A (en) * 2015-06-01 2017-01-04 陈晓华 To the encryption of iBeacon broadcast, the method for authentication
CN107809760A (en) * 2017-11-16 2018-03-16 郑州轻工业学院 A kind of method of message authentication in wireless sensor network
CN109615838A (en) * 2018-12-14 2019-04-12 浙江大学 Low-cost and low-power multi-terminal signal synchronization acquisition system based on Wi-Fi
CN112636898A (en) * 2019-09-24 2021-04-09 比亚迪股份有限公司 Communication method, device and system based on communication network
DE112016003605B4 (en) 2015-08-07 2024-08-01 Denso Corporation Communication system, management node, normal node, counter synchronization method, program and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090158045A1 (en) * 2007-12-12 2009-06-18 National Tsing Hua University Light-overhead and flexible wireless sensor message authentication method
US20090193224A1 (en) * 2008-01-25 2009-07-30 Vardhan Itta Vishnu Techniques for reducing storage space and detecting corruption in hash-based application
CN101610452A (en) * 2009-07-15 2009-12-23 西安西电捷通无线网络通信有限公司 A kind of sensor network is differentiated the fusion method with key management mechanism
CN101820620A (en) * 2009-10-19 2010-09-01 兰州理工大学 Secure WiMAX wireless network authentication protocol
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
CN102547694A (en) * 2012-02-20 2012-07-04 上海电力学院 Chinese-remainder-theorem-based group key creation method for sensor network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090158045A1 (en) * 2007-12-12 2009-06-18 National Tsing Hua University Light-overhead and flexible wireless sensor message authentication method
US20090193224A1 (en) * 2008-01-25 2009-07-30 Vardhan Itta Vishnu Techniques for reducing storage space and detecting corruption in hash-based application
CN101610452A (en) * 2009-07-15 2009-12-23 西安西电捷通无线网络通信有限公司 A kind of sensor network is differentiated the fusion method with key management mechanism
CN101820620A (en) * 2009-10-19 2010-09-01 兰州理工大学 Secure WiMAX wireless network authentication protocol
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
CN102547694A (en) * 2012-02-20 2012-07-04 上海电力学院 Chinese-remainder-theorem-based group key creation method for sensor network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JIANMIN ZHANG: "CRTBA: Chinese Remainder Theorem-Based Broadcast Authentication in Wireless Sensor Networks", 《COMPUTER NETWORK AND MULTIMEDIA TECHNOLOGY, 2009. CNMT 2009. INTERNATIONAL SYMPOSIUM ON 》 *
王浩: "WIA-PA 网络的入网认证和密钥更新机制研究", 《自动化仪表》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200563B (en) * 2013-03-28 2016-06-29 重庆邮电大学 A kind of subliminal channel anonymous communication method based on authentication code
CN104101376B (en) * 2013-04-09 2019-05-31 罗伯特·博世有限公司 Sensor module and method for running sensor module
CN104101376A (en) * 2013-04-09 2014-10-15 罗伯特·博世有限公司 Sensor module and method for operating a sensor module
CN103532667B (en) * 2013-09-30 2016-10-05 西安电子科技大学 Wireless sensor network data method for reliable transmission based on Chinese remainder theorem
CN103532667A (en) * 2013-09-30 2014-01-22 西安电子科技大学 Reliable wireless sensor network data transmission method based on Chinese remainder theorem
CN103560998A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method and system for wireless sensor network to resist DoS attacks
CN103905999B (en) * 2014-03-18 2017-07-25 重庆邮电大学 A multi-user broadcast authentication method suitable for wireless sensor networks
CN103905999A (en) * 2014-03-18 2014-07-02 重庆邮电大学 Multi-user broadcast authentication method suitable for wireless sensor network
CN105933277A (en) * 2015-02-26 2016-09-07 瑞萨电子株式会社 Communication system and communication device
CN105933277B (en) * 2015-02-26 2020-08-25 瑞萨电子株式会社 Communication systems and communication equipment
CN106304046A (en) * 2015-06-01 2017-01-04 陈晓华 To the encryption of iBeacon broadcast, the method for authentication
CN106304046B (en) * 2015-06-01 2020-01-07 陈晓华 Method for encrypting and authenticating iBeacon broadcast message
DE112016003605B4 (en) 2015-08-07 2024-08-01 Denso Corporation Communication system, management node, normal node, counter synchronization method, program and storage medium
CN107809760A (en) * 2017-11-16 2018-03-16 郑州轻工业学院 A kind of method of message authentication in wireless sensor network
CN109615838A (en) * 2018-12-14 2019-04-12 浙江大学 Low-cost and low-power multi-terminal signal synchronization acquisition system based on Wi-Fi
CN109615838B (en) * 2018-12-14 2020-07-03 浙江大学 Wi-Fi (wireless fidelity) -based low-cost low-power-consumption multi-terminal signal synchronous acquisition system
CN112636898A (en) * 2019-09-24 2021-04-09 比亚迪股份有限公司 Communication method, device and system based on communication network
CN112636898B (en) * 2019-09-24 2023-03-14 比亚迪股份有限公司 Communication method, device and system based on communication network

Also Published As

Publication number Publication date
CN102917313B (en) 2015-05-27

Similar Documents

Publication Publication Date Title
CN102917313B (en) Method suitable for broadcast authentication of wireless sensor network
Nilsson et al. Key management and secure software updates in wireless process control environments
Snoeren et al. Single-packet IP traceback
CN106664561B (en) System and method for securing pre-association service discovery
Mahalle et al. Identity establishment and capability based access control (iecac) scheme for internet of things
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
Gunasekaran et al. TEAP: trust‐enhanced anonymous on‐demand routing protocol for mobile ad hoc networks
Mishra et al. A pairing-free identity based authentication framework for cloud computing
CN102684874B (en) A kind of wireless sensor network broadcast authentication method based on ECDSA algorithm
CN103368731B (en) Wireless sensor network security data based on Hash tree find and transmission method
Guangjun et al. Secure network coding against intra/inter-generation pollution attacks
Mbarek et al. A secure authentication mechanism for resource constrained devices
CN103095451B (en) A kind of method being authenticated in sensor network and sensor network
Bamasag et al. Efficient multicast authentication in internet of things
CN103702325A (en) Lightweight wireless sensor network safety small data distribution method
Al-Riyami et al. Impact of hash value truncation on ID anonymity in wireless sensor networks
Xu et al. Data authentication model based on reed-solomon error-correcting codes in wireless sensor networks
Zhang et al. CRTBA: Chinese remainder theorem-based broadcast authentication in wireless sensor networks
Ghasemzadeh et al. Key management system for WSNs based on hash functions and elliptic curve cryptography
Farahmandian et al. Comprehensive analysis of broadcast authentication protocols in wireless sensor networks
Mbarek et al. BFAN: A bloom filter-based authentication in wireless sensor networks
Sasirega et al. Bi-level authentication and mannequin routing for improving security features of WSN-IoT
CN105141620A (en) Small data distribution method enabling wireless sensor network security and denial of service attack defense
Bekara et al. SAPC: A secure aggregation protocol for cluster-based wireless sensor networks
Mo et al. Comments on a remote user authentication scheme for multi-server 5G networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant