The content of the invention
The present invention proposes a kind of Sensor Network peace for above mentioned problem present in prior art Sensor Network safety test technology
Full method of testing and system, the system are used to verify whether the security function of equipment under test to meet expected requirement and safe work(
Can realize whether step and mode are consistent with the testing standard of selection, so that it is determined that equipment under test realizes the correctness of security function
And integrality.
The present invention proposes a kind of Sensor Network safety test system, standard test equipment served as in test network telegon,
Router, terminal device role, standard test equipment enter row energization to equipment under test, transmitted test server test order and upper
Pass response message to testing service device;Protocol analyzer captures the packet in test network and is sent to host computer in real time, on
Position machine is analyzed to packet;The transmission message of simulated strike node not timing, for attacking network;Equipment under test
Perform test command and make respective response, whether the response of equipment under test has expected security function and realization as it
The whether correct decision condition of mode;Safety test server generates the test use cases of safety test, and imports corresponding survey
Example information on probation, test client, for system provides safety test entrance, confirms the test of system as the interface of man-machine interaction
Set of uses case and uniformity test normative reference specification.
Wherein, protocol analyzer detection one channel of 433MHz frequency ranges, 470MHz frequency ranges channel, a 780MHz frequently
The wireless data message of section 16 channels of 4 channels and 2.4GHz frequency ranges.The information and mark of server storage safety test use-case
Accurate test specification collection, and for test client provides inquiry and newly-increased test case interface, increase the scalability of system.If
Equipment under test is terminal device, then standard test equipment is configured to router;If equipment under test is router, standard testing sets
It is standby to be configured to telegon.Standard test equipment excites equipment under test, and carrying out test to the security function of equipment under test specifically includes:
After standard test equipment is connected to test command, the short address in order asks to short address equipment under test transmission test is distributed
Ask order;Equipment under test tectonic knot test function, parses test-request command, while test respond request function is constructed, to
Standard test equipment sends test respond request;After standard test equipment receives test respond request, safety test life is issued
Order, and reply equipment under test exact p-value order;After equipment under test receives confirmation order, the identifier of test command is analyzed, held
The corresponding security functional testing use-case of row identifier;The test response command that test equipment forwarding is received gives safety test service
Device.
The present invention also proposes a kind of Sensor Network safety detecting method, it is characterised in that:Standard test equipment sets according to tested
Into different roles, protocol analyzer captures the packet in test network and is sent to host computer standby type configuration in real time,
Host computer is analyzed to packet;The transmission message of simulated strike node not timing, for attacking network;It is tested to set
Standby to perform test command and make respective response, whether the response of equipment under test has expected security function and reality as it
The whether correct decision condition of existing mode;Safety test server generates the test use cases of safety test, and imports corresponding
Test case information, test client, for system provides safety test entrance, confirms the survey of system as the interface of man-machine interaction
Examination set of uses case and uniformity test normative reference specification.
If equipment under test is terminal device, standard test equipment is configured to router;If equipment under test is router,
Standard test equipment is configured to telegon.Equipment under test is excited by standard test equipment, the security function to equipment under test is entered
Row test is specifically included:After standard test equipment is connected to test command, the short address in order is to the distribution short address quilt
Measurement equipment sends test-request command;Equipment under test tectonic knot test function, parses test-request command, while constructing test
Respond request function, test respond request is sent to standard test equipment;After standard test equipment receives test respond request,
Safety test order is issued, and replys equipment under test exact p-value order;After equipment under test receives confirmation order, analysis test life
The identifier of order, performs the corresponding security functional testing use-case of identifier;The test response command that test equipment forwarding is received
Give safety test server.All channel safety analysis instrument captures the packet of network, obtains the under fire forward and backward inclusive of network
Energy parameter, distinguishes calculating network under fire front and rear performance parameter difference, according to formula:The performance of S=parameter differences/under fire preceding
Parameter, calculating parameter percentage S, if having two or more parameter percentages more than or equal to threshold value, mark network
Anti-attack ability is weak, and otherwise, network has stronger attack tolerant.Equipment under test has the security function to be tested, then give
Test equipment replys a positive response command;Equipment under test does not have the security function to be tested, will give test equipment one
Individual Negative Acknowledgment order.
The present invention has following advantage compared with prior art:
Whether can realize that security function is verified to Sensor Network equipment;Attack tolerant test can verify that system is attacked in difference
Security performance under hitting;Safety compliance test can verify that whether the application solutions of equipment meet normal process;Present system
Standard test equipment be configurable to different role, different test environments can be met;Present system can both carry out this
Ground logs in test, it is also possible to which Telnet is tested, with very big flexibility and versatility;The safety test clothes of present system
Business device provides multiple interfaces, and system has scalability.
Specific embodiment
In order to protrude system of the invention the advantage and safety detecting method that carry out remote testing and local test and
The real-time and versatility of safety compliance method of testing, are preferable to carry out case and the present invention are retouched in detail below in conjunction with accompanying drawing
State.
A kind of Sensor Network safety test system architecture is as shown in figure 1, system is by head end test network and back end test service
Platform is constituted.Head end test network includes safety test equipment, simulated strike node and equipment under test.Safety test equipment includes
Standard test equipment and all channel safety analysis instrument, equipment under test include tested telegon, tested route and measured terminal equipment.
Back end test service platform by test client, safety test server group into.
1) standard test equipment serves as telegon, router, terminal device role, specific role's distribution in test network
Determined according to equipment under test type;Standard test equipment enters row energization, transmitted test server test order to equipment under test
With upload response message to testing service device.
2) all channel safety analysis instrument is made up of all channel protocol analyzer and host computer, and protocol analyzer captures survey in real time
Try the packet in network and be sent to host computer, host computer is analyzed to packet.Protocol analyzer can detect 433MHz
16 channels of one channel of frequency range, a channel of 470MHz frequency ranges, 4 channels of 780MHz frequency ranges and 2.4GHz frequency ranges
Wireless data message.Safety analysis instrument can provide the functions such as protocol-decoding, Performance Evaluation, network analysis, fault diagnosis.
3) simulated strike node is used to attack network, analog network under fire environment.The class of simulated strike node
Type has Dos to attack, Replay Attack, Hello extensive aggressions etc..Under attack context, system utilizes all channel safety analysis instrument logarithm
It is acquired according to bag and network performance of the analysis system under with security function pattern, it is therefore an objective to the attack resistance of test network
Property.
4) equipment under test can be one of which including tested telegon, test router, measured terminal equipment etc.,
Can be several combinations, perform test command and make respective response.The response of equipment under test is expected as whether it has
The whether correct decision condition of the mode of security function and realization.
5) safety test server possesses the function of automatically analyzing data, automatically generates the test use cases of safety test,
And import corresponding test case information.The test information of server storage safety test use-case and the test specification collection of standard,
And for test client provides inquiry and newly-increased test case interface, increase the scalability of system.
6) test client, for system provides safety test entrance, confirms the test of system as the interface of man-machine interaction
Set of uses case and uniformity test normative reference specification.After the completion of system safety test, test result is inquired about from testing service device,
And generate test report, there is provided printing and preservation service.
The present invention also proposes a kind of Sensor Network safety detecting method, including security function and safety compliance test.Test
Framework is as shown in Fig. 2 security functional testing includes that networking authentication test, key management test, access control test, node differentiate
Test, data encryption test etc..Safety compliance test be detect security function realize step and mode whether with standard one
Cause.
Security functional testing method can be divided into following two situations,
1. equipment under test is excited by standard test equipment, to the security function of equipment under test(Networking certification, data add
It is close, access control, key management etc.)Tested, step is as shown in figure 3, specific features are as follows:
The test preparatory stage:
(1)System equipment is configured, and startup forms Sensor Network, after telegon is for router and node distribution short address,
Into state to be tested.Standard test equipment is according to the type configuration of equipment under test into different roles, if equipment under test is for eventually
End equipment, then standard test equipment be configured to router;If equipment under test is router, standard test equipment is configured to coordinate
Device.
(2)Test user selects safety test set of uses case, safety test server to receive and process by test client
Test use cases information.
Test starting and carry out the stage:
(1)Safety test server sends test command to standard test equipment, and test command form is as shown in table 1:
The test command form of table 1.
Heading |
Order length degree |
Short address |
Identifier |
2 byte |
1 byte |
2 byte |
1 byte |
Heading:2 bytes, for identifying the test command head.
Order length:1 byte, its value changes with order length change.
Short address:2 bytes, distinguish different equipment under tests.
Identifier:1 byte, the flag bit of test case, with uniqueness.
After standard test equipment is connected to test command, the short address in order is sent out to the short address equipment under test is distributed
Send test-request command;
(2)Equipment under test tectonic knot test function, parses test-request command, while constructing test respond request letter
Number, test respond request is sent to standard test equipment.Respond request includes equipment short address, it is therefore an objective to realize standard testing
Object-oriented between equipment and equipment under test is interacted;
(3)After standard test equipment receives test respond request, safety test order is issued, and it is true to reply equipment under test
Recognize test command;
(4)After equipment under test receives confirmation order, the identifier of test command is analyzed, perform the corresponding safe work(of identifier
Can test case.Equipment under test has the security function to be tested, then reply a positive response command to test equipment;It is tested
Equipment does not have the security function to be tested, will give one Negative Acknowledgment order of test equipment.The form of response command:
The response command format of table 2.
Heading |
Order length degree |
Short address |
Identifier |
As a result flag bit |
2 byte |
1 byte |
2 byte |
1 byte |
1 byte |
Identifier:The identifier of test case response, it is different from test command identifier with uniqueness.
As a result flag bit:The decision condition of test result.01:Positive response;00:Negative Acknowledgment.
Perform the decision condition of test:
Key management:Can the key to equipment under test be read out, and update and set up.
Networking certification:The networking authentication code in equipment under test networking claim frame can be read.
Access control:Whether the accesses control list of equipment under test can be read.
Data encryption:Character string to random-length can be encrypted.
(5)The test response command that test equipment forwarding is received gives safety test server.
Response command is tested in the parsing of safety test server, and as a result flag bit is tested into for 01 test client shows
Work(, 00 display test crash.
Whether the security function for 2. being provided network by all channel safety analysis instrument and attack node has attack tolerant
Tested.Security function is tested the performance impact of system during system is realized, by all channel safety analysis instrument
The attack tolerant of Sensor Network is tested, the influence using the attack tolerant analysis security function of system to systematic function.In safe work(
The partial test can be carried out while partial test.All channel safety analysis instrument gathers network packet not under fire and sends
To host computer, host computer analytical calculation packet loss(Vpacket), energy consumption(Jenergy), propagation delay time(Tdelay)Taken with the network bandwidth
Rate(Bband)Performance parameter;In addition, the collection of all channel safety analysis instrument is subjected to the network packet after different type is attacked, analysis
Calculate packet loss(Vpacket′), energy consumption(Jenergy′), propagation delay time(TDelay′)With network bandwidth occupancy(Bband′)Performance is joined
Number;The packet that host computer analysis contrast is gathered twice determines whether system has attack tolerant.It is specific as follows:
The test preparatory stage:
Attack against each other beat time point and equipment under test is configured, and startup forms Sensor Network, into state to be tested.
Test starting and carry out the stage:
(1)Not actuated attack node:The packet of network, the letter in packet are captured with all channel safety analysis instrument
Mark frame, data frame, command frame and acknowledgement frame obtain the performance parameter of system:Packet loss(Vpacket), energy consumption(Jenergy), transmission when
Prolong(Tdelay)With network bandwidth occupancy(Bband).
For example:Packet loss(Vpacket):Lost data packets quantity and the ratio for sending packet sum in Sensor Network, typically
Not above 5%;Energy consumption(Jenergy):The consumption of Sensor Network plant capacity, maintenance equipment operation need to meet Jenergy>5%;During transmission
Prolong(Tdelay):Sensor Network slave unit service request(Tstart)Responded to respective service is sent(Tend)Time interval, Tdelay=
Tend-Tstart.Network bandwidth occupancy(Bband):Sensor Network network bandwidth utilization factor.
(2)Start and attack node:The packet of network is captured with all channel safety analysis instrument, after obtaining network under fire
Above-mentioned performance parameter:Packet loss(Vpacket′), energy consumption(Jenergy′), propagation delay time(TDelay′), network bandwidth occupancy
(Bband′).The difference of calculating network under fire front and rear performance parameter respectively,
V=Vpacket′-Vpacket
J=Jenergy′-Jenergy
T=TDelay′-Tdelay
B=Bband′-Bband
Test result and analysis phase:
Parameter |
State |
Extensive aggression |
Replay Attack |
Dos is attacked |
V |
Rise |
|
√ |
|
J |
Rise |
√ |
|
√ |
T |
Rise |
√ |
√ |
√ |
B |
Rise |
√ |
√ |
√ |
√:Represent the existence attacked.For example:If V rises, then it represents that the attack type of appearance is Replay Attack.Most
Excellent attack threshold value can be 5%:
According to formula:The initial value of S=parameter differences/not actuated attack, calculating parameter percentage S
SV=V/Vpacket;SJ=J/Jenergy;ST=T/Tdelay;SB=B/Bband;
If SV, SJ, ST, SBIn have two or more performance parameter percentages more than or equal to threshold value, then identify network
Anti-attack ability it is weak, otherwise then represent network with stronger attack tolerant.
The method of the system invention safety compliance test is as follows:
The test preparatory stage:
The safety standard that tested mechanism's selection equipment under test meets, mechanism for testing according to standard configuration standard test equipment,
And in test client editor's test command collection and judgment basis, including test step command and test step judgment condition, startup sets
It is standby to enter state to be tested;
The test step is that each step that equipment under test security function is realized is tested, and verifies security function reality
Whether existing process is consistent with selected standard security implementation process.Each test step is rung by testing step command and test step
Should realize, be interdepended between test step, the execution of latter test step depends on the result of previous test step.
Test starting and carry out the stage:
Situation 1:When equipment under test is terminal node, starts standard test equipment 1,2 and equipment under test constitutes one simply
Sensor Network.Standard test equipment 1 is configured to telegon, and standard test equipment 2 is configured to router.As shown in figure 4, tested set
The standby node as router.Test user issues the test command collection for having editted, safety test clothes by test client
After business device reception processing order, router is directly forwarded to.After router realizes that object-oriented is interacted with node, start to perform survey
Try order.
Situation 2:As shown in figure 5, when equipment under test is router, standard test equipment 2 is configured to terminal device, used as road
By the node of device.Test user takes equipment is tested with the identical testing procedure of situation 1, but test step is different.
Situation 3:As shown in fig. 6, equipment under test is telegon, standard test equipment 1,2 is respectively configured as router and section
Point.Test user takes equipment is tested with the identical testing procedure of situation 1, but test step is different.
Test step is the main contents of safety compliance test, determines the data flow of test system, is uniformity test
Key.Formation flow chart such as Fig. 7 of test command collection:
The corresponding test case of different standards is different.When standard is identical, when equipment under test is different, test case is likely to
Difference, test client can provide different test cases according to the selection of test user.When test case determine, test step and
Test command collection also can mutually should determine that.Test step command format is as shown in table 3, similar with security functional testing command format, mark
Know symbol to be provided by client.
The response command format of table 3.
Heading |
Order length degree |
Short address |
Identifier |
Additional character string |
2 byte |
1 byte |
2 byte |
1 byte |
n byte |
Additional character string:N byte, is generated at random by client, for special case testing, such as data encryption, secrecy
Property etc. use-case test, other use-cases test do not need additional character string when, n is 0.
Judgment condition:According to the requirement of various criterion, to the application solutions step and the function of application solutions of equipment under test
Test one by one.Such as meet standard requirement, then return to test by response.Otherwise, test crash response is returned.
Test result and analysis phase:
If first test step court verdict is successfully, to proceed next test step, until selected use-case is surveyed
Examination terminates;If a judgement failure occurs in test step, the test case is immediately finished, and test result is sent to safety test
Server.Server is analyzed to test result, automatically generates a test report and is sent to test client, for user's ginseng
Examine.
Testing service device receives the test request of test user, needs test content generation ets (executive testing suite) to enter user
Row storage, and load and execution test related application, the survey for being connected backward appropriately processed to ets (executive testing suite) information
Examination equipment sends testing and control order.At the same time, testing service device has loaded data acquisition process, and test signal is carried out
Collection is tested remote testing object by network test equipment and is returned to test data, and testing service device is to these data
If carrying out dry-cure and being analyzed, by the storage of test execution result in testing service device, certain additional information generation is added
Test report.
Safety test case management mainly divides use-case to choose, use-case compiling, use case storage.It is according to Sensor Network that use-case is chosen
Safety test standard is provided by this test platform and refers to test case;Use-case compiling provides the user use-case compiling window, that is, use
Family is according to the information for oneself needing to write dependence test use-case;Use case storage is that security server chooses and use-case compiling use-case
Use-case information Store afterwards is to transfer test execution information after test starting.
The structure of security server storage test case is hierarchical structure, is divided into four levels:Test set, test group is surveyed
Example on probation, test step, as shown in Figure 8:
Test set:To one or more OSI(Open System Interconnection)Agreement carries out dynamic conformance
Test case full set needed for test, it may constitute the test group of nesting.
1)Test group;Corresponding to a test target of this agreement, can be comprising multiple test groups in a test set.
2)Test case:Corresponding to an a certain item function description for standard agreement, a test group is used by multiple test
Example composition.
3)Test step:One completion of test process needs to be initialized, transmitting-receiving message etc., and each action is exactly one
Individual test step, test step is the unit of minimum in test set, and a test case includes more than one test step.
Edit after test case, it is necessary to test case information is saved in server, so that next time calls.
After starting test, comprise the following steps that:
Step 1. mechanism for testing configuration standard test equipment and it is devices under, and startup optimization, equipment under test and standard
Test equipment forms a simple sensor network.
Step 2. test user registered into safety test webpage, and safety test system is logged in after registration.
After step 3. logs in safety test system, the executable abstract test suite of testing service device generation, in test use cases
Middle selection needs the security function of test.
Step 4. starts the safety test system testing page, issues security functional testing request command.Equipment under test is received
To after test-request command, safety test is performed, while capturing packet using Analysis of Security Protocols instrument, calculate every internetworking
Energy parameter, and result is uploaded to safety test server.
Step 5. safety test server is analyzed to test result and automatically generates test report, for test user carries
For referring to.