CN104135727B - A kind of wireless body area network safe transmission method - Google Patents

A kind of wireless body area network safe transmission method Download PDF

Info

Publication number
CN104135727B
CN104135727B CN201410148159.8A CN201410148159A CN104135727B CN 104135727 B CN104135727 B CN 104135727B CN 201410148159 A CN201410148159 A CN 201410148159A CN 104135727 B CN104135727 B CN 104135727B
Authority
CN
China
Prior art keywords
node
data
sink
nodes
data1
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410148159.8A
Other languages
Chinese (zh)
Other versions
CN104135727A (en
Inventor
谭劲
杨红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Jiliang University
Original Assignee
China Jiliang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Jiliang University filed Critical China Jiliang University
Priority to CN201410148159.8A priority Critical patent/CN104135727B/en
Publication of CN104135727A publication Critical patent/CN104135727A/en
Application granted granted Critical
Publication of CN104135727B publication Critical patent/CN104135727B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种无线体域网络安全传输方法,其包括以下阶段:1、系统初始化:系统利用节点的时钟进展频率以及两节点的时钟偏移,交换两相邻节点及节点与Sink节点之间的时钟进展频率,形成两种类型的成对密钥;2、安全路由形成:当所有节点收到“OK”信息后,每个节点删除原来AODV路由信息,采用改进的AODV协议形成安全路由和加密传输数据;3、数据加密传输:将数据包分为路由信息Data1和感知数据Data2两部分,分别用两种不同的成对密钥加密,两相邻节点互相验证Data1,Sink节点验证Data2,然后进行传输。本方案支持“即插即用”且能够保证BAN数据安全与隐私,适用于所有的BAN网络。

The invention discloses a wireless body area network security transmission method, which includes the following stages: 1. System initialization: the system uses the clock progress frequency of the node and the clock offset of the two nodes to exchange two adjacent nodes and the relationship between the node and the Sink node. 2. Formation of secure routing: When all nodes receive the "OK" message, each node deletes the original AODV routing information, and uses the improved AODV protocol to form a secure routing 3. Data encrypted transmission: the data packet is divided into two parts: routing information Data1 and perception data Data2, which are encrypted with two different pairwise keys respectively. Two adjacent nodes verify Data1 with each other, and sink nodes verify Data2. , and then transfer. This solution supports "plug and play" and can guarantee BAN data security and privacy, and is applicable to all BAN networks.

Description

一种无线体域网络安全传输方法A wireless body area network security transmission method

技术领域technical field

本发明涉及无线网络加密传输领域,尤其是涉及一种无需事先预装密钥的无线体域网络安全传输方法。The invention relates to the field of wireless network encryption transmission, in particular to a wireless body area network security transmission method without prior pre-installed keys.

背景技术Background technique

无线体域网络BAN(Body Area Network),是一种穿戴在被监护者身上监测人体生理和医学数据的网络,其传感节点通过一跳或多跳的方式将感知的数据传送到BAN的Sink节点,该节点可以进一步将数据传送PC或PDA,对被监护者(老人、婴幼儿、运动员、残疾人以及慢性病者)提供生理数据实时监测,还广泛应用于消费者电子、娱乐、运动、环境智能、畜牧、军事或安全等领域。尽管BAN是WSN(无线传感器网络,Wireless Sensor Network)的分支,与WSN有很多相似性;但BAN在部署方式、节点类型与规模、流量类型、延迟、移动性等方面又不同于通用WSN,特别是WSN往往假定在无人值守的条件下运行,而BAN是运行在有人值守的环境中(被监护者本人、医务人员或家人)。Wireless body area network BAN (Body Area Network) is a network that is worn on the body of the ward to monitor human physiological and medical data. Its sensor nodes transmit the perceived data to the Sink of the BAN through one or more hops. Node, which can further transmit data to PC or PDA, provide real-time monitoring of physiological data for the wards (the elderly, infants, athletes, disabled and chronically ill), and is also widely used in consumer electronics, entertainment, sports, environment Intelligent, animal husbandry, military or security and other fields. Although BAN is a branch of WSN (Wireless Sensor Network, Wireless Sensor Network), it has many similarities with WSN; however, BAN is different from general WSN in terms of deployment method, node type and scale, traffic type, delay, mobility, etc., especially Yes, WSNs are often assumed to operate in unattended conditions, while BANs operate in an attended environment (the ward himself, medical staff or family).

由于BAN中传感节点感知的被监护者相关的生理和医学数据对医学诊断和治疗起着相当重要的作用,并且还涉及到被监护者个人隐私问题,因而数据安全和隐私是BAN网络的一个关键问题,同时临床应用的安全措施又希望“即插即用”的简单操作。信息加密与节点认证是保证网络安全通信的主要措施,密钥Key管理又是保证信息保密性、完整性及阻止非法节点入侵的关键。在通用传感网络中,保证数据安全主要有预装对称密钥和非对称公钥技术两种,但这都不适用于BAN网络。Since the physiological and medical data of the ward sensed by the sensor nodes in BAN play a very important role in medical diagnosis and treatment, and also involve the personal privacy of the ward, data security and privacy are one of the BAN network At the same time, the safety measures for clinical applications hope that "plug and play" simple operation. Information encryption and node authentication are the main measures to ensure network security communication, and key management is the key to ensure information confidentiality, integrity and prevent illegal node intrusion. In the general sensor network, there are mainly two kinds of pre-installed symmetric key and asymmetric public key technology to ensure data security, but these are not suitable for BAN network.

预装对称密钥技术:由于BAN节点规模较小(一般N小于50),每个节点预装N-1个密钥,就可以保证任意两接点间数据加密传输,这表面看可行,但存在以下问题:Pre-installed symmetric key technology: Due to the small scale of BAN nodes (generally N is less than 50), each node can pre-install N-1 keys to ensure encrypted data transmission between any two nodes. This seems feasible on the surface, but there are The following questions:

(1)每一个BAN必须预装不同于其它BAN的N-1个密钥,否则当两个穿戴BAN的病人靠近时,两个BAN的节点间可能形成成对密钥导致错误的传输;(1) Each BAN must be pre-installed with N-1 keys different from other BANs, otherwise, when two patients wearing BANs approach each other, a paired key may be formed between the nodes of the two BANs, resulting in wrong transmission;

(2)由于BAN节点异类,可能来自不同的生产厂家, 终端用户(医务人员或病人)给BAN中的每个节点分配N-1个密钥是很困难的,他们在临床中更希望“即插即用”(Plug-And-Play)的简单操作,即BSN中任何形式的Key分布与管理过程都应最小化、自动化且对用户透明;(2) Since the BAN nodes are heterogeneous and may come from different manufacturers, it is very difficult for end users (medical staff or patients) to assign N-1 keys to each node in the BAN. They prefer to "namely The simple operation of "Plug-And-Play", that is, any form of Key distribution and management process in BSN should be minimized, automated and transparent to users;

(3)即使经过努力预装了N-1个密钥,但当BAN工作后发现密钥泄露,在临床中改变预装的N-1个密钥也是很困难的。(3) Even if the N-1 keys are pre-installed after hard work, it is very difficult to change the pre-installed N-1 keys in the clinic when the keys are found to be leaked after the BAN works.

非对称公钥技术:该技术主要有以下问题:Asymmetric public key technology: This technology mainly has the following problems:

(1)能量和计算开销不适合资源受限的传感节点;(1) The energy and computational overhead are not suitable for resource-constrained sensor nodes;

(2)对环境的依赖和操作复杂性限制了在临床中的应用。(2) The dependence on the environment and the complexity of operation limit the clinical application.

目前,在BAN中主要利用人体生理信息和无线信道属性来产生对称密钥加密数据,在没有事先共享密钥的情况下,获得了“即插即用”效果,但两者都有不足之处:At present, in BAN, human physiological information and wireless channel properties are mainly used to generate symmetric key encryption data, and the "plug and play" effect is obtained without sharing the key in advance, but both have shortcomings :

1、利用人体生理信息1. Using human physiological information

由于BSN网络是用于监测人的生理信息,而生理信息是不易模仿的。许多研究利用脑电图(EEG)、光电血管容积图(PPG)、心电图(ECG)等生理信息,建立秘密信道对节点和信息进行认证。然而,这需要所有节点具备感知相同的某信号(EEG或ECG等)的能力,对节点硬件提出了新的要求;此外,在被监护者身上不同位置的传感节点测量相同的生理信号,很难具备相同的准确性,也就是说密钥恢复的准确性不能保证100%。Since the BSN network is used to monitor human physiological information, physiological information is not easy to imitate. Many studies use electroencephalogram (EEG), photoplethysmogram (PPG), electrocardiogram (ECG) and other physiological information to establish secret channels to authenticate nodes and information. However, this requires all nodes to have the ability to perceive the same signal (EEG or ECG, etc.), which puts forward new requirements for node hardware; It is difficult to have the same accuracy, which means that the accuracy of key recovery cannot be guaranteed to be 100%.

2、利用节点与无线信道的物理属性2. Utilize the physical properties of nodes and wireless channels

利用BAN/BSN网络的信道特征和节点自身的物理属性来产生对称密钥是一个比较新的方向,比较容易获取的物理属性主要有信号强度(Signal Strength),解决了利用人体生理信息带来的密钥恢复准确性不能保证100%的问题。然而,由于大多数无线传感节点采用半双工通信,RSS的测量不能在两个方向同时进行,且两节点间密钥产生要经历对无线信号进行采样、量化、协调(Reconcile)、私隐放大(Privacy Amplification)四个阶段,这带来了密钥提取的低效率问题。It is a relatively new direction to use the channel characteristics of the BAN/BSN network and the physical properties of the nodes themselves to generate symmetric keys. The physical properties that are relatively easy to obtain mainly include Signal Strength, which solves the problem caused by the use of human physiological information. Key recovery accuracy cannot be guaranteed 100% of the problem. However, since most wireless sensor nodes use half-duplex communication, the measurement of RSS cannot be carried out in two directions simultaneously, and the key generation between two nodes needs to go through sampling, quantization, reconcile, and privacy of wireless signals. Amplification (Privacy Amplification) four stages, which brings about the low efficiency of key extraction.

中华人民共和国国家知识产权局于2012年08月01日公开了申请公布号为CN102624530A的专利文献,名称是无线体域网的无证书远程匿名认证方法,其通过公钥/私钥配合的方法实现数据的加密,存在准确性低和提取效率低的问题。The State Intellectual Property Office of the People's Republic of China published a patent document with the application publication number CN102624530A on August 1, 2012. The name is a certificateless remote anonymous authentication method for wireless body area network, which is realized by the method of public key/private key cooperation. Data encryption has the problems of low accuracy and low extraction efficiency.

发明内容Contents of the invention

本发明主要是解决现有技术所存在的无法兼顾即插即用特性和准确性、提取效率的技术问题,提供一种无需事先预装密钥,在不需要增加附加硬件的情况下,用传感节点与Sink节点的成对密钥加密数据及两相邻节点的成对密钥加密路由信息的思想和方法,支持“即插即用”,使得保证BAN数据安全与隐私这一复杂的理论与技术问题变得具有可操作性和实用性的无线体域网络安全传输方法。The present invention mainly solves the technical problems existing in the prior art that the plug-and-play feature, accuracy, and extraction efficiency cannot be taken into account, and provides a method that does not require pre-installed keys in advance, and uses traditional The idea and method of encrypting data with the paired key of the sense node and the sink node and encrypting the routing information with the paired key of two adjacent nodes supports "plug and play", making it possible to ensure the complex theory of BAN data security and privacy A secure transmission method for wireless body area networks that becomes operable and practical with technical issues.

本发明针对上述技术问题主要是通过下述技术方案得以解决的:一种无线体域网络安全传输方法,包括以下阶段:The present invention mainly solves the above technical problems through the following technical solutions: a wireless body area network secure transmission method, including the following stages:

(1)系统初始化:系统利用节点的时钟进展频率以及两节点的时钟偏移的动态性与唯一性,在Sink节点标准时间控制下,交换两相邻节点及节点与Sink节点之间的时钟进展频率,形成两种类型的成对密钥;(1) System initialization: the system uses the clock progress frequency of the node and the dynamics and uniqueness of the clock offset of the two nodes, under the control of the standard time of the sink node, the clock progress of two adjacent nodes and between the node and the sink node is exchanged frequency, forming two types of pairwise keys;

(2)安全路由形成:当所有节点收到“OK”信息后,每个节点删除原来AODV(Ad hocon-demand distance vector routing)路由信息,采用改进的AODV协议形成安全路由和加密传输数据;(2) Secure routing formation: After all nodes receive the "OK" message, each node deletes the original AODV (Ad hocon-demand distance vector routing) routing information, and adopts the improved AODV protocol to form secure routing and encrypt transmission data;

(3)数据加密传输:将数据包分为路由信息Data1和感知数据Data2两部分,分别用两种不同的成对密钥加密,两相邻节点互相验证Data1,Sink节点验证Data2,然后进行传输。(3) Data encrypted transmission: Divide the data packet into two parts: routing information Data1 and perception data Data2, which are encrypted with two different pairwise keys respectively. Two adjacent nodes verify Data1 with each other, sink nodes verify Data2, and then transmit .

作为优选,如果CF x (t)表示节点x在真实时间t的时间,时钟进展频率CF x (t)定义为:As a preference, if CF x ( t ) represents the time of node x at real time t , the clock progress frequency CF x ( t ) is defined as:

CF x (t)=dCF x (t)/dt (t>=0) (1) CF x ( t ) = dCF x ( t )/ dt ( t >=0) (1)

Sink节点的时间作为真实时间,真实时间的时钟进展频率等于1;The time of the Sink node is used as the real time, and the clock progress frequency of the real time is equal to 1;

节点1与节点2的时钟偏移CS 12 (t)定义为CF 1 (t)和 CF 2 (t)的差值:The clock offset CS 12 ( t ) of node 1 and node 2 is defined as the difference between CF 1 ( t ) and CF 2 ( t ):

CS 12 (t)= CF 1 (t)- CF 2 (t) (2) CS 12 ( t ) = CF 1 ( t )- CF 2 ( t ) (2)

节点x的ID记为ID x The ID of node x is recorded as ID x ;

系统初始化具体操作为:The specific operation of system initialization is as follows:

(1)Sink节点以单跳方式向无线体域网络中所有节点广播两个随机间隔的标准时间戳T 1 T 2 (1) The Sink node broadcasts two randomly spaced standard time stamps T 1 and T 2 to all nodes in the wireless body area network in a single-hop manner;

(2)节点x收到T 1 T 2 后,用公式(1)计算出自己的时钟进展频率为:(2) After receiving T 1 and T 2 , node x uses the formula (1) to calculate its own clock progress frequency as:

CF x (T 2 -T 1 )=(CF x (T 2 )- CF x (T 1 ))/( T 2 -T 1 ) CF x ( T 2 - T 1 )=( CF x ( T 2 )- CF x ( T 1 ))/( T 2 - T 1 )

节点x保存CF x (T 2 -T 1 ),并将CF x (T 2 -T 1 )+ID x 通过原始的AODV协议发送给Sink节点,当无线体域网络工作时,节点xK x 对感知的数据进行加密,K x 定义如下:Node x saves CF x ( T 2 - T 1 ), and sends CF x ( T 2 - T 1 ) + ID x to the Sink node through the original AODV protocol. When the wireless body area network is working, node x uses K x encrypts the perceived data, and K x is defined as follows:

K x =F(CF x (T 2 -T 1 ),ID x ) (3) K x = F ( CF x ( T 2 - T 1 ), ID x ) (3)

这里F为密钥生成函数,根据需要产生指定长度的密钥,但密钥必须满足某些数学特征。例如,如果ID x 长度为1字节,CF x (T 2 -T 1 )为4字节,产生64位的密钥需根据ID x CF x (T 2 -T 1 )的值的不同,插入3字节满足数学特征;比如可以用Hash函数来生成密钥;Here F is a key generation function, which generates a key of a specified length as required, but the key must satisfy certain mathematical characteristics. For example, if the length of ID x is 1 byte, and CF x ( T 2 - T 1 ) is 4 bytes, a 64-bit key needs to be generated according to the value of ID x and CF x ( T 2 - T 1 ) Different, inserting 3 bytes meets the mathematical characteristics; for example, a Hash function can be used to generate a key;

(3)节点xCF x (T 2 -T 1 )+ID x 发送给Sink节点时,x的一跳范围内的邻居节点也会收到该信息并保存在自己存储中;同样,x作为邻居节点也会收到其它节点的时钟进展频率和ID信息,这样,BAN中两节点完成了时钟进展频率交换;(3) When node x sends CF x ( T 2 - T 1 )+ ID x to the sink node, the neighbor nodes within one hop of x will also receive the information and save it in its own storage; similarly, x As a neighbor node, it will also receive the clock progress frequency and ID information of other nodes, so that the two nodes in the BAN complete the clock progress frequency exchange;

(4)在节点x到Sink节点的路径上,两相邻节点mn都有对方的时钟进展频率,其时钟偏移与两节点的ID产生的密钥K mn K nm 是唯一的,用于加密路由信息,两节点进行相互认证,K mn K nm 相同,定义如下:(4) On the path from node x to sink node, two adjacent nodes m and n have the clock progress frequency of the other, and their clock offset and the key K mn or K nm generated by the IDs of the two nodes are unique, It is used to encrypt routing information, two nodes perform mutual authentication, K mn or K nm are the same, defined as follows:

K mn =K nm =F(CS mn (T 2 -T 1 ),ID m ,ID n ) (4) K mn = K nm = F ( CS mn ( T 2 - T 1 ), ID m , ID n ) (4)

CS mn (T 2 -T 1 ) =ABS(CF m (T 2 -T 1 )- CF n (T 2 -T 1 )) CS mn ( T 2 - T 1 ) =ABS( CF m ( T 2 - T 1 )- CF n ( T 2 - T 1 ))

这里F为密钥生成函数,与公式(3)相同,ABS为取绝对值;Here F is the key generation function, which is the same as formula (3), and ABS is the absolute value;

(5)Sink节点收到所有节点的时钟进展频率和ID信息后,Sink节点与每一个节点x形成了一个成对密钥K x ,用于加密数据本身,两相邻节点mn形成了成对密钥K mn K nm ,用于加密路由信息;当Sink节点以单跳方式广播“OK”信息后,BAN进入安全路由形成和数据加密传输阶段。(5) After the sink node receives the clock progress frequency and ID information of all nodes, the sink node forms a pairwise key K x with each node x , which is used to encrypt the data itself, and two adjacent nodes m and n form a The pairwise key K mn or K nm is used to encrypt routing information; when the Sink node broadcasts "OK" information in a single-hop manner, BAN enters the stage of secure route formation and data encryption transmission.

作为优选,当所有节点收到“OK”信息后,每个节点删除原来AODV路由信息,采用改进的AODV协议形成安全路由和加密传输数据;改进的AODV协议消息是在原有消息基础上增加一个时钟进展频率字段CF;当节点x希望向Sink节点发送数据时,首先要发送RREQ(路由请求)消息形成到Sink节点的安全路由,然后再根据该路由传送数据,数据源节点x请求形成到Sink节点的安全路由操作如下:As a preference, when all nodes receive the "OK" message, each node deletes the original AODV routing information, adopts the improved AODV protocol to form a secure route and encrypts the transmitted data; the improved AODV protocol message is to add a clock on the basis of the original message Progress frequency field CF; when node x wants to send data to the sink node, it must first send a RREQ (routing request) message to form a safe route to the sink node, and then transmit data according to the route, and the data source node x requests to form a sink node The safe routing operation is as follows:

(1)节点x产生一条RREQ消息,同原来AODV一样填充里面各字段信息,增加的CF字段用节点xCF x (T 2 -T 1 )填充,然后广播给邻居节点;(1) Node x generates a RREQ message, fills in each field information like the original AODV, and fills the added CF field with CF x ( T 2 - T 1 ) of node x , and then broadcasts to neighbor nodes;

(2)当节点x的邻居节点m收到RREQ消息时,分三种情况操作如下:(2) When the neighbor node m of node x receives the RREQ message, the operation is divided into three cases as follows:

A. 如果RREQ消息中的CF字段为空,说明RREQ来自一个不信任节点,停止转发该消息;A. If the CF field in the RREQ message is empty, it means that the RREQ comes from an untrusted node, and stop forwarding the message;

B. 如果RREQ消息中的CF字段存在且节点m中保存有节点x的CF值CF x (T 2 -T 1 ),节点m比较两者的值是否相等,如果相等,节点m用自己的CF值CF m (T 2 -T 1 )替换RREQ消息中节点x的CF值,继续转发该RREQ;否则,停止转发;B. If the CF field in the RREQ message exists and the CF value CF x ( T 2 - T 1 ) of the node x is saved in the node m , the node m compares whether the two values are equal, and if they are equal, the node m uses its own The CF value CF m ( T 2 - T 1 ) replaces the CF value of node x in the RREQ message, and continues to forward the RREQ; otherwise, stop forwarding;

C. 如果RREQ消息中的CF字段存在且节点m中没有保存节点x的CF值,节点m就向Sink节点请求节点x的CF值,如果Sink节点有节点x的CF值, 就将CF x (T 2 -T 1 )用K m 加密后以单跳方式发送给节点m,节点m收到该消息并用K m 正确解密后,保存CF x (T 2 -T 1 )在内存中,后续操作与B相同;C. If the CF field in the RREQ message exists and node m does not save the CF value of node x , node m will request the CF value of node x from the sink node. If the sink node has the CF value of node x , it will CF x ( T 2 - T 1 ) is encrypted with K m and then sent to node m in a single hop. After receiving the message and decrypting it correctly with K m , node m saves CF x ( T 2 - T 1 ) in the memory. The operation is the same as B;

(3)当节点m的邻居节点收到RREQ消息后,同步骤(2)类似的方式转发RREQ消息;(3) After the neighbor node of node m receives the RREQ message, it forwards the RREQ message in a similar manner to step (2);

(4)当Sink节点收到RREQ消息时,产生一条RREP(路由回应)消息,用Sink节点的CF值填充RREP的CF字段,然后单播传回给Sink节点的邻居节点;(4) When the sink node receives the RREQ message, it generates a RREP (routing response) message, fills the CF field of the RREP with the CF value of the sink node, and then unicasts it back to the neighbor node of the sink node;

(5)当Sink节点的邻居节点收到RREP消息后,同步骤(2)类似传回RREP消息;(5) When the neighbor node of the Sink node receives the RREP message, it returns the RREP message similarly to step (2);

(6)当数据源节点x收到RREP消息时,就形成了只有合法节点参与的安全路由。(6) When the data source node x receives the RREP message, it forms a safe route that only legal nodes participate in.

作为优选,N1、N2和N3都为节点,假定N1到Sink的安全路由为N1->N2->N3->Sink,源节点N1产生由标记Tag、Data1和Data2组成的数据包;Tag为消息类型,Data1包含源ID、目标ID和数据产生时间信息,Data2为N1实际感知的数据;在加密数据传输中,节点N1、N2、N3和Sink操作如下:Preferably, N1, N2, and N3 are all nodes, assuming that the safe route from N1 to Sink is N1->N2->N3->Sink, and the source node N1 generates a data packet composed of tags Tag, Data1 and Data2; Tag is a message Type, Data1 contains source ID, target ID and data generation time information, Data2 is the data actually perceived by N1; in encrypted data transmission, nodes N1, N2, N3 and Sink operate as follows:

(1)N1:将Data2用只有N1和Sink节点知道的成对密钥K 1加密得到E(Data2,K 1),Data1用只有节点N1和N2知道的成对密钥K 12加密为E(Data1,K 12),然后将数据包单播传送给N2;(1) N1: Encrypt Data2 with the pairwise key K 1 known only to N1 and the Sink node to obtain E ( Data2 , K 1 ), and encrypt Data1 with the pairwise key K 12 known only to nodes N1 and N2 to E ( Data1 , K 12 ), and then unicast the data packet to N2;

(2)N2:先用K 12解密出Data1,即D(E(Data1,K 12), K 12)得到Data1,获取路由信息后再用只有节点N2和N3知道的成对密钥K 23加密为E(Data1,K 23),然后将数据包传送给N3;E为加密操作,D为解密操作;(2) N2: first use K 12 to decrypt Data1, that is, D ( E ( Data 1, K 12 ), K 12 ) to get Data1, and then use the paired key K 23 known only to nodes N2 and N3 to obtain routing information Encrypt as E ( Data1 , K 23 ), and then send the data packet to N3; E is the encryption operation, D is the decryption operation;

(3)N3:先用K 23解密出Data1,即D(E(Data1,K 23), K 23)得到Data1,获取路由信息后再用只有节点N3和Sink节点知道的成对密钥K 30加密为E(Data1,K 30),然后将数据包传送给Sink节点;(3) N3: first use K 23 to decrypt Data1, that is, D ( E ( Data 1, K 23 ), K 23 ) to get Data1, and then use the paired key K known only by node N3 and Sink node after obtaining routing information 30 is encrypted as E ( Data 1, K 30 ), and then the data packet is sent to the Sink node;

(4)Sink:先用K 30解密出Data1,即D(E(Data1,K 30), K 30)得到Data1,获取源节点信息后,用K 1解密出Data2,即D(E(Data2,K 1), K 1)获得真实数据Data2。(4) Sink: first use K 30 to decrypt Data1, that is, D ( E ( Data 1, K 30 ), K 30 ) to get Data1, after obtaining the source node information, use K 1 to decrypt Data2, that is, D ( E ( Data 2, K 1 ), K 1 ) to obtain real data Data2.

加解密可以使用常规的算法来处理,比如AES算法。Encryption and decryption can be processed using conventional algorithms, such as the AES algorithm.

本发明带来的实质性效果是,在保证安全性的前提下,满足了即插即用的特性,不需要通过复杂的过程来设置密钥,具备良好的密钥恢复准确性,也不存在密钥提取效率低的问题。The substantive effect brought by the present invention is that under the premise of ensuring security, it satisfies the plug-and-play feature, does not need to set the key through a complicated process, has good key recovery accuracy, and does not exist The problem of low key extraction efficiency.

附图说明Description of drawings

图1是本发明的一种通用BAN结构示意图;Fig. 1 is a kind of general BAN structural representation of the present invention;

图2是本发明的一种改进的AODV协议消息结构示意图;Fig. 2 is a kind of improved AODV protocol message structure schematic diagram of the present invention;

图3是本发明的一种加密与传输过程示意图。Fig. 3 is a schematic diagram of an encryption and transmission process of the present invention.

具体实施方式detailed description

下面通过实施例,并结合附图,对本发明的技术方案作进一步具体的说明。The technical solutions of the present invention will be further specifically described below through the embodiments and in conjunction with the accompanying drawings.

实施例:本实施例的一种无需事先预装密钥的无线体域网络BAN(Body ArearNetworks)安全传输方法,分为三个阶段:Embodiment: In this embodiment, a wireless body area network BAN (Body Area Networks) secure transmission method that does not require pre-installed keys is divided into three stages:

(1)系统初始化:系统初始化需在安全环境下进行,利用节点的时钟进展频率(微秒级),两节点的时钟偏移Clock Skew的动态性与唯一性,在Sink标准时间控制下,交换两相邻节点及节点与Sink之间的时钟进展频率,形成两种类型的成对密钥(Pairwise Key);(1) System initialization: System initialization needs to be carried out in a safe environment, using the clock progress frequency of the node (microsecond level), the dynamics and uniqueness of the clock offset Clock Skew of the two nodes, under the control of the Sink standard time, exchange Two adjacent nodes and the clock progress frequency between the node and the Sink form two types of pairwise keys (Pairwise Key);

(2)安全路由形成:通过对著名的反应式协议AODV的改进,形成只有合法节点参与的安全路由;(2) Formation of secure routing: Through the improvement of the well-known reactive protocol AODV, a secure routing that only legal nodes participate in is formed;

(3)将数据包分为路由信息Data1和感知数据Data2两部分,分别用两种不同的成对密钥加密,两相邻节点互相验证Data1,Sink节点验证Data2, 这样既提高了加密、解密的效率,又保证了数据安全与隐私。(3) Divide the data packet into two parts, the routing information Data1 and the sensing data Data2, which are encrypted with two different pairwise keys respectively. The two adjacent nodes verify Data1 and the Sink node verifies Data2, which improves the encryption and decryption. Efficiency, but also to ensure data security and privacy.

一、系统模型1. System model

1 网络模型1 Network model

本发明的通用BAN结构如图1所示,图中正方形节点为Sink节点(ID=0),假定:The general BAN structure of the present invention is shown in Figure 1, the square node in the figure is the Sink node (ID=0), assuming:

(1)有N个传感节点{S1,S2,……,SN}部署在被监护者身上(一般来说BAN中N<50),每个节点有唯一ID(大于0),节点互不相关(每个节点能独立确定感知的数据),配有相同的无线通信接口,如ZigBee;(1) There are N sensor nodes {S 1 , S 2 ,...,S N } deployed on the ward (generally N <50 in BAN), each node has a unique ID (greater than 0), The nodes are not related to each other (each node can independently determine the perceived data), equipped with the same wireless communication interface, such as ZigBee;

(2)有1个Sink节点,其ID=0,收集所有传感节点感知的数据,其本身是安全的,并且知道当前运行BAN中的节点ID和每个节点产生数据的频率间隔;(2) There is 1 Sink node, whose ID=0, collects the data perceived by all sensor nodes, which is safe in itself, and knows the node ID in the current running BAN and the frequency interval of data generated by each node;

(3)Sink节点由于有足够的功率可以用一跳方式或多跳的方式向所有传感节点传送数据,传感节点采用甚低功率的短距离传输(对人体有益),以多跳的方式向Sink节点传送感知的数据,传输协议使用AODV;(3) The Sink node has enough power to transmit data to all sensor nodes in a one-hop or multi-hop manner. The sensor node uses very low power short-distance transmission (good for the human body) Transmit the perceived data to the Sink node, and the transmission protocol uses AODV;

(4)BAN网络已采取某种时间同步机制,但在PPM级是不同的,其同步本身是安全的;(4) The BAN network has adopted a certain time synchronization mechanism, but it is different at the PPM level, and its synchronization itself is safe;

(5)BAN初始化或添加新节点复位时,周围没有恶意节点(由医务人员或监护人操作,在室内环境下是可以保证的),在通用WSN中,往往也进行这样假设;(5) When the BAN is initialized or new nodes are added and reset, there are no malicious nodes around (operated by medical staff or guardians, which can be guaranteed in an indoor environment), and this assumption is often made in general WSNs;

2 攻击模型2 attack model

本发明主要考虑数据的机密性和完整性,攻击模型假定为:The present invention mainly considers the confidentiality and integrity of data, and the attack model is assumed to be:

(1)在无线通信范围内,攻击者可以随意偷听BAN中各节点发出的数据,修改或延迟后能以各种功率向BAN中继续传播;(1) Within the wireless communication range, the attacker can eavesdrop on the data sent by each node in the BAN at will, and after modification or delay, it can continue to propagate to the BAN with various powers;

(2)攻击者可以假冒其它合法节点,向BAN网络发布伪造数据;(2) The attacker can impersonate other legal nodes and publish forged data to the BAN network;

(3)攻击者可以进行节点捕获攻击。(3) The attacker can carry out node capture attack.

二、协议描述2. Protocol description

1 时钟进展频率与时钟偏移1 Clock progress frequency and clock offset

如果CF x (t)表示节点x在真实时间t的时间,时钟进展频率(简称为CF)CF x (t)定义为:If CF x ( t ) represents the time of node x at real time t , the clock progress frequency (abbreviated as CF) CF x ( t ) is defined as:

CF x (t)=dCF x (t)/dt (t>=0) (1) CF x ( t ) = dCF x ( t )/ dt ( t >=0) (1)

Sink节点的时间作为真实时间,真实时间的时钟进展频率等于1;The time of the Sink node is used as the real time, and the clock progress frequency of the real time is equal to 1;

节点1与节点2的时钟偏移CS 12 (t)定义为CF 1 (t)和 CF 2 (t)的差值:The clock offset CS 12 ( t ) of node 1 and node 2 is defined as the difference between CF 1 ( t ) and CF 2 ( t ):

CS 12 (t)= CF 1 (t)- CF 2 (t) (2) CS 12 ( t ) = CF 1 ( t )- CF 2 ( t ) (2)

节点x的ID记为ID x The ID of node x is recorded as ID x ;

通常,现代处理器数字时钟具有下面两个属性:In general, modern processor digital clocks have the following two properties:

1、任何时钟的时钟偏移在正常温度下是稳定的;1. The clock skew of any clock is stable at normal temperature;

2、每一个稳定的时钟偏移可以认为是唯一的。2. Each stable clock offset can be considered unique.

2 系统初始化2 System initialization

在安全环境下,当BAN加电或复位(系统初始化)时,各节点清除已保存在存储器中的原有时钟进展频率和路由信息,采用未改进的AODV传送数据,操作如下:In a safe environment, when the BAN is powered on or reset (system initialization), each node clears the original clock progress frequency and routing information stored in the memory, and uses the unimproved AODV to transmit data. The operation is as follows:

(1)Sink节点以单跳方式向无线体域网络中所有节点广播两个随机间隔的标准时间戳T 1 T 2 (1) The Sink node broadcasts two randomly spaced standard time stamps T 1 and T 2 to all nodes in the wireless body area network in a single-hop manner;

(2)节点x收到T 1 T 2 后,用公式(1)计算出自己的时钟进展频率为:(2) After receiving T 1 and T 2 , node x uses the formula (1) to calculate its own clock progress frequency as:

CF x (T 2 -T 1 )=(CF x (T 2 )- CF x (T 1 ))/( T 2 -T 1 ) CF x ( T 2 - T 1 )=( CF x ( T 2 )- CF x ( T 1 ))/( T 2 - T 1 )

节点x保存CF x (T 2 -T 1 ),并将CF x (T 2 -T 1 )+ID x 通过原始的AODV协议发送给Sink节点,当无线体域网络工作时,节点xK x 对感知的数据进行加密,K x 定义如下:Node x saves CF x ( T 2 - T 1 ), and sends CF x ( T 2 - T 1 ) + ID x to the Sink node through the original AODV protocol. When the wireless body area network is working, node x uses K x encrypts the perceived data, and K x is defined as follows:

K x =F(CF x (T 2 -T 1 ),ID x ) (3) K x = F ( CF x ( T 2 - T 1 ), ID x ) (3)

这里F为密钥生成函数,根据需要产生指定长度的密钥;Here F is a key generation function, which generates a key of a specified length as needed;

(3)节点xCF x (T 2 -T 1 )+ID x 发送给Sink节点时,x的一跳范围内的邻居节点也会收到该信息并保存在自己存储中;同样,x作为邻居节点也会收到其它节点的时钟进展频率和ID信息,这样,BAN中两节点完成了时钟进展频率交换;(3) When node x sends CF x ( T 2 - T 1 )+ ID x to the sink node, the neighbor nodes within one hop of x will also receive the information and save it in its own storage; similarly, x As a neighbor node, it will also receive the clock progress frequency and ID information of other nodes, so that the two nodes in the BAN complete the clock progress frequency exchange;

(4)在节点x到Sink节点的路径上,两相邻节点mn都有对方的时钟进展频率,其时钟偏移与两节点的ID产生的密钥K mn K nm 是唯一的,用于加密路由信息,两节点进行相互认证,K mn K nm 相同,定义如下:(4) On the path from node x to sink node, two adjacent nodes m and n have the clock progress frequency of the other, and their clock offset and the key K mn or K nm generated by the IDs of the two nodes are unique, It is used to encrypt routing information, two nodes perform mutual authentication, K mn or K nm are the same, defined as follows:

K mn =K nm =F(CS mn (T 2 -T 1 ),ID m ,ID n ) (4) K mn = K nm = F ( CS mn ( T 2 - T 1 ), ID m , ID n ) (4)

CS mn (T 2 -T 1 ) =ABS(CF m (T 2 -T 1 )- CF n (T 2 -T 1 )) CS mn ( T 2 - T 1 ) =ABS( CF m ( T 2 - T 1 )- CF n ( T 2 - T 1 ))

这里F为密钥生成函数,与公式(3)相同,ABS为取绝对值;Here F is the key generation function, which is the same as formula (3), and ABS is the absolute value;

(5)Sink节点收到所有节点的时钟进展频率和ID信息后,Sink节点与每一个节点x形成了一个成对密钥K x ,用于加密数据本身,两相邻节点mn形成了成对密钥K mn K nm ,用于加密路由信息;当Sink节点以单跳方式广播“OK”信息后,BAN进入安全路由形成和数据加密传输阶段。(5) After the sink node receives the clock progress frequency and ID information of all nodes, the sink node forms a pairwise key K x with each node x , which is used to encrypt the data itself, and two adjacent nodes m and n form a The pairwise key K mn or K nm is used to encrypt routing information; when the Sink node broadcasts "OK" information in a single-hop manner, BAN enters the stage of secure route formation and data encryption transmission.

3 安全路由形成3 Safe route formation

当所有节点收到“OK”信息后,每个节点删除原来AODV路由信息,采用改进的AODV协议形成安全路由和加密传输数据。改进的AODV协议消息是在原有消息基础上增加一个时钟进展频率字段CF,如图2所示;形成路由的方法与原来AODV相似,但多了CF验证过程。当节点x希望向Sink节点发送数据时,首先要发送RREQ请求形成到Sink的安全路由,然后再根据该路由传送数据,数据源节点x请求形成到Sink的安全路由操作如下:When all nodes receive the "OK" message, each node deletes the original AODV routing information, and uses the improved AODV protocol to form a secure route and encrypt data for transmission. The improved AODV protocol message is to add a clock progress frequency field CF on the basis of the original message, as shown in Figure 2; the method of forming the route is similar to the original AODV, but the CF verification process is added. When node x wants to send data to the sink node, it must first send a RREQ request to form a secure route to the sink, and then transmit data according to the route. The data source node x requests to form a secure route to the sink as follows:

(1)节点x产生一条RREQ消息,同原来AODV一样填充里面各字段信息,增加的CF字段用节点xCF x (T 2 -T 1 )填充,然后广播给邻居节点;(1) Node x generates a RREQ message, fills in each field information like the original AODV, and fills the added CF field with CF x ( T 2 - T 1 ) of node x , and then broadcasts to neighbor nodes;

(2)当节点x的邻居节点m收到RREQ消息时,分三种情况操作如下:(2) When the neighbor node m of node x receives the RREQ message, the operation is divided into three cases as follows:

A. 如果RREQ消息中的CF字段为空,说明RREQ来自一个不信任节点,停止转发该消息;A. If the CF field in the RREQ message is empty, it means that the RREQ comes from an untrusted node, and stop forwarding the message;

B. 如果RREQ消息中的CF字段存在且节点m中保存有节点x的CF值CF x (T 2 -T 1 ),节点m比较两者的值是否相等,如果相等,节点m用自己的CF值CF m (T 2 -T 1 )替换RREQ消息中节点x的CF值,继续转发该RREQ;否则,停止转发(说明RREQ可能来自一个假冒节点);B. If the CF field in the RREQ message exists and the CF value CF x ( T 2 - T 1 ) of the node x is saved in the node m , the node m compares whether the two values are equal, and if they are equal, the node m uses its own The CF value CF m ( T 2 - T 1 ) replaces the CF value of node x in the RREQ message, and continues to forward the RREQ; otherwise, stop forwarding (indicating that the RREQ may come from a fake node);

C. 如果RREQ消息中的CF字段存在且节点m中没有保存节点x的CF值,这可能是由于人体运动或不同姿势造成网络拓扑结构发生变化的结果。节点m就向Sink节点请求节点x的CF值,如果Sink节点有节点x的CF值, 就将CF x (T 2 -T 1 )用K m 加密后以单跳方式发送给节点m,节点m收到该消息并用K m 正确解密后,保存CF x (T 2 -T 1 )在内存中,后续操作与B相同;C. If the CF field in the RREQ message exists and the CF value of node x is not saved in node m , it may be the result of changes in the network topology due to human body movement or different postures. Node m requests the CF value of node x from the Sink node. If the Sink node has the CF value of node x , it encrypts CF x ( T 2 - T 1 ) with K m and sends it to node m in a single-hop manner. Node m After receiving the message and correctly decrypting it with K m , m saves CF x ( T 2 - T 1 ) in the memory, and the subsequent operation is the same as that of B;

(3)当节点m的邻居节点收到RREQ消息后,同步骤(2)类似的方式转发RREQ消息;(3) After the neighbor node of node m receives the RREQ message, it forwards the RREQ message in a similar manner to step (2);

(4)当Sink节点收到RREQ消息时,产生一条RREP消息,用Sink节点的CF值(等于1)填充RREP的CF字段,然后单播传回给Sink节点的邻居节点;(4) When the sink node receives the RREQ message, it generates a RREP message, fills the CF field of the RREP with the CF value of the sink node (equal to 1), and then unicasts it back to the neighbor node of the sink node;

(5)当Sink节点的邻居节点收到RREP消息后,同步骤(2)类似传回RREP消息;(5) When the neighbor node of the Sink node receives the RREP message, it returns the RREP message similarly to step (2);

(6)当数据源节点x收到RREP消息时,就形成了只有合法节点参与的安全路由。(6) When the data source node x receives the RREP message, it forms a secure route that only legal nodes participate in.

4 加密数据传输4 Encrypted data transmission

当安全路由形成后,数据源节点就可以向Sink传送数据了,其加密与传输过程如图3所示。After the secure route is formed, the data source node can transmit data to the sink, and its encryption and transmission process is shown in Figure 3.

在图3中,N1、N2和N3都为节点,假定N1到Sink的安全路由为N1->N2->N3->Sink,源节点N1产生由标记Tag、Data1和Data2组成的数据包;Tag为消息类型,Data1包含源ID、目标ID和数据产生时间信息,Data2为N1实际感知的数据;在加密数据传输中,节点N1、N2、N3和Sink操作如下:In Figure 3, N1, N2, and N3 are all nodes. Assume that the safe route from N1 to Sink is N1->N2->N3->Sink, and the source node N1 generates a data packet composed of tags Tag, Data1, and Data2; Tag It is a message type, Data1 contains source ID, target ID and data generation time information, and Data2 is the data actually perceived by N1; in encrypted data transmission, nodes N1, N2, N3 and Sink operate as follows:

(1)N1: 将Data2用只有N1和Sink节点知道的成对密钥K 1加密得到E(Data2,K 1),Data1用只有节点N1和N2知道的成对密钥K 12加密为E(Data1,K 12),然后将数据包单播传送给N2;(1) N1: Encrypt Data2 with the paired key K 1 known only to N1 and Sink nodes to obtain E ( Data2 , K 1 ), and encrypt Data1 with the paired key K 12 known only to nodes N1 and N2 to E ( Data1 , K 12 ), and then unicast the data packet to N2;

(2)N2:先用K 12解密Data1,即D(E(Data1,K 12), K 12)得到Data1,获取路由信息后再用只有节点N2和N3知道的成对密钥K 23加密为E(Data1,K 23),然后将数据包传送给N3;E为加密操作,D为解密操作;(2) N2: first use K 12 to decrypt Data1, that is, D ( E ( Data 1, K 12 ), K 12 ) to get Data1, obtain the routing information and then encrypt it with the pairwise key K 23 that only nodes N2 and N3 know is E ( Data1 , K 23 ), and then transmits the data packet to N3; E is an encryption operation, and D is a decryption operation;

(3)N3:先用K 23解密出Data1,即D(E(Data1,K 23), K 23)得到Data1,获取路由信息后再用只有节点N3和Sink节点知道的成对密钥K 30加密Data1,即E(Data1,K 30),然后将数据包传送给Sink节点;(3) N3: first use K 23 to decrypt Data1, that is, D ( E ( Data 1, K 23 ), K 23 ) to get Data1, and then use the paired key K known only by node N3 and Sink node after obtaining routing information 30 Encrypt Data1, namely E ( Data 1, K 30 ), and then transmit the data packet to the Sink node;

(4)Sink:先用K 30解密出Data1,即D(E(Data1,K 30), K 30)得到Data1,获取源节点信息后,用K 1解密出Data2,即D(E(Data2,K 1), K 1)获得真实数据Data2。(4) Sink: first use K 30 to decrypt Data1, that is, D ( E ( Data 1, K 30 ), K 30 ) to get Data1, and after obtaining the source node information, use K 1 to decrypt Data2, that is, D ( E ( Data 2, K 1 ), K 1 ) to obtain real data Data2.

5 安全性分析5 Security Analysis

下面从密钥动态性与准确性、被动与主动攻击、节点捕获、新节点加入和“即插即用”等方面分析我们发明的安全性:The following analyzes the security of our invention from the aspects of key dynamics and accuracy, passive and active attacks, node capture, new node joining, and "plug and play":

(1)密钥动态性与准确性:每次初始化产生的两种密钥是动态的,这是由于Sink节点广播的标准时间间隔是随机的,CF又随环境温度而变化,密钥计算公式(3)、(4)又与节点ID(唯一的)捆绑,因而,两种密钥又是唯一的;(1) Key dynamics and accuracy: The two keys generated each time initialization are dynamic. This is because the standard time interval broadcast by the Sink node is random, and CF changes with the ambient temperature. The key calculation formula (3) and (4) are bound with the node ID (unique), so the two keys are unique;

本发明不会带来利用生理信息产生对称密钥恢复的准确性问题,也没有从无线信道的物理属性提取密钥的低效率问题;这是因为CF由节点自己计算,不需要一个节点去测量另一节点的CF,在安全环境下两相邻节点完成CF值交换,没有密钥提取过程。The present invention does not bring about the accuracy problem of using physiological information to generate symmetric key recovery, and does not have the low efficiency problem of extracting the key from the physical properties of the wireless channel; this is because the CF is calculated by the node itself, and does not need a node to measure For the CF of another node, two adjacent nodes complete the CF value exchange in a secure environment without key extraction process.

(2)被动攻击:偷听节点可以无限接近BAN,偷听BAN中各节点发出的数据;由于节点数据包分为两个部分,分别用两种不同的成对密钥加密,安全路由上的合法节点只知道数据来自哪个节点,也不知道数据的内容;即使偷听者知道了密钥生成函数F,也不知道偷听的信息由哪个节点发出,也不知道哪个邻居节点接收,偷听者分析密钥K mn 是很困难的,而K x 又与x的ID紧密相关,因而很难得到真实的Data2。(2) Passive attack: The eavesdropping node can approach the BAN infinitely, and eavesdrop on the data sent by each node in the BAN; since the node data packet is divided into two parts, which are encrypted with two different pairwise keys, the security routing The legal node only knows which node the data comes from, and does not know the content of the data; even if the eavesdropper knows the key generation function F , he does not know which node sent the eavesdropped information, nor which neighbor node received it, and the eavesdropper It is very difficult for the reader to analyze the key K mn , and K x is closely related to the ID of x , so it is difficult to obtain the real Data2.

(3)主动攻击(3) Active attack

对主动攻击的三种主要表现方式进行分析:Analyze the three main manifestations of active attacks:

重放:对攻击者来说,只有重放过时数据才有意义。假定攻击者冒充节点x广播过时的数据(不做任何修改,只是延迟转发),只有x的邻居节点i能正确解密E(Data1,K xi ),获取路由信息,转发给i的邻居节点,其它节点由于不能正确解密E(Data1,K xi )而停止转发;但BAN全网时间同步,在x节点可以用一个时间域值判断该数据包是否过时,即使在域值时间内,数据传到了Sink节点,Sink节点也会将该数据同该节点的上一次数据比较而丢弃过时数据并报警;Replay: It only makes sense for an attacker to replay outdated data. Assume that the attacker impersonates node x to broadcast outdated data (without any modification, just delayed forwarding), only x ’s neighbor node i can correctly decrypt E ( Data1 , K xi ), obtain routing information, and forward it to i ’s neighbor node, other The node stopped forwarding because it could not decrypt E ( Data1 , K xi ) correctly; however, the time of the entire BAN network is synchronized, and node x can use a time domain value to judge whether the data packet is out of date, even if the data is transmitted to the Sink within the domain value time node, the Sink node will also compare the data with the last data of the node and discard the outdated data and give an alarm;

假冒:假冒就是攻击者假冒合法节点ID向Sink节点发送伪造数据。假定假冒节点功率足够大,所有BAN/BSN中的合法节点都能收到假冒节点发出的消息。如果假冒节点是一个新节点,发送数据前要先形成安全路由,由于形成安全路由需要对节点进行认证,所有合法节点中(含Sink)没有假冒节点的CF信息,不能建立路由信息,因而不能把伪造信息发送给Sink节点;如果假冒一个合法节点x发出伪造数据,攻击者必须向x的邻居节点i提供x的CF信息;攻击者由于没有该项数据而不能形成路由,因而不能将假冒合法节点向Sink传输数据。Counterfeiting: Counterfeiting means that the attacker fakes the legal node ID and sends fake data to the Sink node. Assuming that the counterfeit node is powerful enough, all legitimate nodes in BAN/BSN can receive the messages sent by the counterfeit node. If the fake node is a new node, a secure route must be formed before sending data. Since the formation of a secure route requires node authentication, all legitimate nodes (including Sink) do not have the CF information of the fake node, and routing information cannot be established. Forged information is sent to the Sink node; if a legitimate node x is faked to send fake data, the attacker must provide the CF information of x to the neighbor node i of x ; the attacker cannot form a route because he does not have this data, so he cannot send the fake legal node Transfer data to Sink.

篡改:篡改是修改数据后再重放,也就是攻击者修改了Data2(Data1未修改),将合法节点x的数据包再发送一次;与x相邻的合法节点都收到该伪造信息,但AODV行成的路由是单播传输的,不在x到Sink路由上的节点不会理睬该伪造信息,在路由表上的x邻居节点i(第一跳节点)用与合法节点x间的密钥K xi 解密E(Data1,K xi )(中间节点不验证Data2),未发现错误,数据能发送到Sink节点,但Sink节点不能用K x 解密E(Data2,K x ),因而丢弃该数据并报警。Tampering: Tampering is replaying after modifying the data, that is, the attacker modifies Data2 (Data1 is not modified), and sends the data packet of the legal node x again; the legal nodes adjacent to x all receive the forged information, but The route formed by AODV is unicast transmission, and the nodes that are not on the route from x to Sink will ignore the forged information, and the neighbor node i (first hop node) of x on the routing table uses the key between the legitimate node x K xi decrypts E ( Data1 , K xi ) (the intermediate node does not verify Data2), no error is found, the data can be sent to the sink node, but the sink node cannot use K x to decrypt E ( Data 2, K x ), so the data is discarded And call the police.

(4)节点捕获(4) Node capture

假定节点被捕获(丢失或其它途径),合法节点离开被监护者一段时间后,变成恶意节点又回到原来的BAN中;这段时间攻击者可以获得合法节点里CF及其邻居节点的CF,可以通过密钥生成函数计算出两种成对密钥,也就是BAN没有任何秘密可言,攻击模型也考虑到这种情况。由于BAN属于有人值守网络,节点异类且无冗余节点,出现节点丢失时,首先Sink在一定时间范围内(节点产生数据的间隔)能够感知某节点故障或丢失而报警;其次,即使发现节点捕获攻击(病人、医务人员比较容易发现节点丢失或被替换),清除恶意接点后,只需在安全环境下重新加电复位,Sink广播新的T 1 T 2 ,恶意节点再次进入BAN时,因为上次产生的CF信息已经不再使用,同样不能进行被动和主动攻击。Assuming that the node is captured (lost or otherwise), the legitimate node becomes a malicious node and returns to the original BAN after leaving the guardian for a period of time; during this time, the attacker can obtain the CF in the legitimate node and the CF of its neighbor nodes , which can be generated by the key generation function Two pairwise keys are calculated, that is, BAN does not have any secrets at all, and the attack model also takes this into account. Since BAN is a manned network with heterogeneous nodes and no redundant nodes, when a node is lost, firstly the Sink can detect a node failure or loss within a certain time range (the interval between nodes generating data) and alarm; secondly, even if the node is found to capture Attacks (patients and medical staff are more likely to find that the node is lost or replaced), after clearing the malicious contacts, only need to re-power on and reset in a safe environment, Sink broadcasts new T 1 and T 2 , when the malicious node enters the BAN again, because The CF information generated last time is no longer used, and passive and active attacks cannot be carried out.

(5) 新节点加入与“即插即用”(5) New node joining and "plug and play"

当需要在原有BAN中加入新的传感节点时,只需在安全环境下,安装新节点到被监护者身上后,执行一次加电复位就行;从内部讲就是重新进行系统初始化(密钥产生)、安全路由形成、加密数据传输三个过程;从外部讲加电复位本身就是一个按钮操作,对医务人员、家庭监护人等是可操作的,不需要特殊的专业知识,因而满足“即插即用”。When it is necessary to add a new sensor node to the original BAN, it is only necessary to perform a power-on reset after installing the new node on the ward in a safe environment; internally, it is to re-initialize the system (key generation ), secure route formation, and encrypted data transmission; from the outside, the power-on reset itself is a button operation, which is operable for medical staff and family guardians, and does not require special professional knowledge, thus satisfying the "plug and play" use".

本文中所描述的具体实施例仅仅是对本发明精神作举例说明。本发明所属技术领域的技术人员可以对所描述的具体实施例做各种各样的修改或补充或采用类似的方式替代,但并不会偏离本发明的精神或者超越所附权利要求书所定义的范围。The specific embodiments described herein are merely illustrative of the spirit of the invention. Those skilled in the art to which the present invention belongs can make various modifications or supplements to the described specific embodiments or adopt similar methods to replace them, but they will not deviate from the spirit of the present invention or go beyond the definition of the appended claims range.

尽管本文较多地使用了节点、进展频率、偏移等术语,但并不排除使用其它术语的可能性。使用这些术语仅仅是为了更方便地描述和解释本发明的本质;把它们解释成任何一种附加的限制都是与本发明精神相违背的。Although terms such as node, progression frequency, and offset are frequently used in this paper, the possibility of using other terms is not excluded. These terms are used only for the purpose of describing and explaining the essence of the present invention more conveniently; interpreting them as any kind of additional limitation is against the spirit of the present invention.

Claims (2)

1. a kind of wireless body area network safe transmission method, it is characterised in that including with the next stage:
(1)System initialization:System using node clock progress frequency and two nodes clock skew dynamic with only One property, in the case where the Sink node standard time controls, the clock exchanged between two adjacent nodes and node and Sink node enters spread spectrum Rate, forms two kinds of pairwise key;
(2)Security routing is formed:After all nodes receive " OK " information, each original AODV routing iinformations of knot removal are adopted With improved AODV agreements formation Security routing and encrypted transmission data;
(3)Data Encryption Transmission:Packet is divided into routing iinformation Data1 and perception data Data2 two parts, respectively with two kinds Different pairwise key encryptions, two adjacent nodes verify mutually Data1, Sink node checking Data2, are then transmitted;
IfCF x (t) represent nodexIn actual timetTime, clock progress frequencyCF x (t) be defined as:
CF x (t)=dCF x (t)/dt (t>=0) (1)
The time of Sink node is equal to 1 as actual time, the clock progress frequency of actual time;
The clock skew of node 1 and node 2CS 12 (t) be defined asCF 1 (t) andCF 2 (t) difference:
CS 12 (t)= CF 1 (t)- CF 2 (t) (2)
Node x ID is designated asID x
System initialization concrete operations are:
(First 1)Sink node is with the standard time of single-hop mode all two random intervals of node broadcasts into wireless body area network StampT 1 WithT 2
(First 2)NodexReceiveT 1 WithT 2 Afterwards, formula is used(1)Calculate oneself clock progress frequency be:
CF x (T 2 -T 1 )=(CF x (T 2 )- CF x (T 1 ))/( T 2 -T 1 )
NodexPreserveCF x (T 2 -T 1 ), and willCF x (T 2 -T 1 )+ID x Sink node is sent to by original AODV agreements, when When wireless body area network works, nodexWithK x Data to perception are encrypted,K x It is defined as follows:
K x =F(CF x (T 2 -T 1 ),ID x ) (3)
Here F is key-function, and the key of designated length is produced as needed;
(First 3)NodexWillCF x (T 2 -T 1 )+ID x When being sent to Sink node,xOne jump in the range of neighbor node can also receive The information is simultaneously stored in oneself storage;Equally,xThe clock progress frequency and ID of other nodes can be also received as neighbor node Information, so, two nodes complete clock progress frequency and exchanged in BAN;
(First 4)In nodexOnto the path of Sink node, two adjacent nodesmnThere are the clock progress frequency of other side, its clock The key that the ID of skew and two nodes is producedK mn OrK nm It is unique, for encrypting routing iinformation, two nodes are mutually recognized each other Card,K mn OrK nm It is identical, it is defined as follows:
K mn =K nm =F(CS mn (T 2 -T 1 ),ID m ,ID n ) (4)
CS mn (T 2 -T 1 ) =ABS(CF m (T 2 -T 1 )- CF n (T 2 -T 1 ))
Here F is key-function, with formula(3)Identical, ABS is to take absolute value;
(First 5)Sink node is received after the clock progress frequency and id information of all nodes, Sink node and each nodexShape Into a pairwise keyK x , for encryption data in itself, two adjacent nodesmnForm pairwise keyK mn OrK nm , for adding Close routing iinformation;After Sink node broadcasts " OK " information in single-hop mode, BAN enters Security routing formation and data encryption is passed The defeated stage;
After all nodes receive " OK " information, each original AODV routing iinformations of knot removal, using improved AODV agreements Form Security routing and encrypted transmission data;Improved AODV protocol messages are to increase a clock on original message basis to enter Spread spectrum rate field CF;Work as nodexWhen wishing to Sink node transmission data, first have to transmission RREQ and ask to form Sink node Security routing, then further according to the route transmit data, data source nodesxThe Security routing that request is formed to Sink node is grasped Make as follows:
(Second 1)NodexA RREQ message is produced, each field information in the inside, increased CF fields are equally filled with original AODV Use nodex'sCF x (T 2 -T 1 ) filling, it is then broadcast to neighbor node;
(Second 2)Work as nodexNeighbor nodemWhen receiving RREQ message, point three kinds of situation operations are as follows:
If A. the CF fields in RREQ message are sky, illustrate that RREQ, from a distrust node, stops forwarding the message;
If the CF fields B. in RREQ message are present and nodemIn preserve nodexCF valuesCF x (T 2 -T 1 ), nodemThan It is whether equal compared with both values, if equal, nodemWith the CF values of oneselfCF m (T 2 -T 1 ) replace RREQ message interior jointsx's CF values, continue to forward the RREQ;Otherwise, stop forwarding;
If the CF fields C. in RREQ message are present and nodemIn without preserve nodexCF values, nodemJust saved to Sink Point requesting nodexCF values, if Sink node has nodexCF values, just willCF x (T 2 -T 1 ) useK m With single-hop side after encryption Formula is sent to nodem, nodemThe message is received to be used in combinationK m After correct decryption, preserveCF x (T 2 -T 1 ) in internal memory, subsequent operation It is identical with B;
(Second 3)Work as nodemNeighbor node receive after RREQ message, same to step(Second 2)Similar mode forwards RREQ message;
(Second 4)When Sink node receives RREQ message, a RREP message is produced, fills RREP's with the CF values of Sink node CF fields, then unicast is returned to the neighbor node of Sink node;
(Second 5)After the neighbor node of Sink node receives RREP message, same to step(Second 2)It is similar to pass RREP message back;
(Second 6)Work as data source nodesxWhen receiving RREP message, the Security routing that only legitimate node is participated in is formed.
2. a kind of wireless body area network safe transmission method according to claim 1, it is characterised in that N1, N2 and N3 are For node, it is assumed that N1 to Sink Security routing is N1->N2->N3->Sink, source node N1 produce by mark Tag, Data1 and The packet of Data2 compositions;Tag is type of message, and Data1 includes source ID, Target id and data generation time information, Data2 For the data of N1 actual perceiveds;In encrypted data transmission, node N1, N2, N3 and Sink operation are as follows:
(The third 1)N1:The pairwise key that Data2 is known with only N1 and Sink nodeK 1Encryption is obtainedE(Data2,K 1), Data1 With the pairwise key that only node N1 and N2 knowK 12It is encrypted asE(Data1,K 12), then send packet unicast to N2;
(The third 2)N2:First useK 12Data1 is decrypted, i.e.,D(E(Data1,K 12), K 12) Data1 is obtained, obtain after routing iinformation again With the pairwise key that only node N2 and N3 knowK 23It is encrypted asE(Data1,K 23), then transfer a packet to N3;E is to add Close operation, D is decryption oprerations;
(The third 3)N3:First useK 23Data1 is decrypted, i.e.,D(E(Data1,K 23), K 23) Data1 is obtained, obtain after routing iinformation again With the pairwise key that only node N3 and Sink node are knownK 30It is encrypted asE(Data1,K 30), then transfer a packet to Sink node;
(The third 4)Sink:First useK 30Data1 is decrypted, i.e.,D(E(Data1,K 30), K 30) Data1 is obtained, obtain source node identification Afterwards, useK 1Data2 is decrypted, i.e.,D(E(Data2,K 1), K 1) obtain True Data Data2.
CN201410148159.8A 2014-04-15 2014-04-15 A kind of wireless body area network safe transmission method Expired - Fee Related CN104135727B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410148159.8A CN104135727B (en) 2014-04-15 2014-04-15 A kind of wireless body area network safe transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410148159.8A CN104135727B (en) 2014-04-15 2014-04-15 A kind of wireless body area network safe transmission method

Publications (2)

Publication Number Publication Date
CN104135727A CN104135727A (en) 2014-11-05
CN104135727B true CN104135727B (en) 2017-09-08

Family

ID=51808234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410148159.8A Expired - Fee Related CN104135727B (en) 2014-04-15 2014-04-15 A kind of wireless body area network safe transmission method

Country Status (1)

Country Link
CN (1) CN104135727B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104507085A (en) * 2015-01-13 2015-04-08 重庆邮电大学 Wireless body area network data encryption method
CN108809639B (en) * 2018-05-25 2021-02-09 中国计量大学 A WSN Dynamic Key Generation Method in Harsh Environment
CN108900529B (en) * 2018-07-25 2020-09-15 中国计量大学 WBAN in-vivo node reprogramming safety processing method
CN110191469B (en) * 2019-06-19 2020-05-12 西南交通大学 A certificate-based wireless body area network group authentication and key agreement method
CN110752977B (en) * 2019-10-11 2021-07-27 中国海洋大学 A kind of abnormal intrusion detection method and device of CAN bus of Internet of Vehicles
CN112512007B (en) * 2020-12-29 2022-07-22 河南科技大学 Energy-saving routing method based on temperature state perception in wireless body area network

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996833A (en) * 2006-12-04 2007-07-11 中国科学院计算技术研究所 Allocation and management method of the secrete key in the sensor network
CN101218780A (en) * 2005-06-13 2008-07-09 西门子公司 Method and device for safely transmitting data in AD HOC network
CN101253747A (en) * 2005-08-29 2008-08-27 西门子公司 Method and device for transmitting data in a communication system using a multi-hop method
CN101820619A (en) * 2010-01-15 2010-09-01 北京工业大学 Efficient and energy-saving link safety method in wireless sensor network
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
JP5163732B2 (en) * 2010-12-07 2013-03-13 富士通株式会社 Communication terminal
CN103596174A (en) * 2013-11-04 2014-02-19 中国计量学院 PairwiseKey generating method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101218780A (en) * 2005-06-13 2008-07-09 西门子公司 Method and device for safely transmitting data in AD HOC network
CN101253747A (en) * 2005-08-29 2008-08-27 西门子公司 Method and device for transmitting data in a communication system using a multi-hop method
CN1996833A (en) * 2006-12-04 2007-07-11 中国科学院计算技术研究所 Allocation and management method of the secrete key in the sensor network
CN101820619A (en) * 2010-01-15 2010-09-01 北京工业大学 Efficient and energy-saving link safety method in wireless sensor network
JP5163732B2 (en) * 2010-12-07 2013-03-13 富士通株式会社 Communication terminal
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
CN103596174A (en) * 2013-11-04 2014-02-19 中国计量学院 PairwiseKey generating method

Also Published As

Publication number Publication date
CN104135727A (en) 2014-11-05

Similar Documents

Publication Publication Date Title
Gupta et al. A provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN
Mana et al. Trust key management scheme for wireless body area networks.
Kompara et al. Survey on security in intra-body area network communication
CN104135727B (en) A kind of wireless body area network safe transmission method
Ibrahim et al. Secure anonymous mutual authentication for star two-tier wireless body area networks
Jan et al. LightIoT: Lightweight and secure communication for energy-efficient IoT in health informatics
Gope et al. BSN-Care: A secure IoT-based modern healthcare system using body sensor network
CN102882847B (en) Secure digital (SD)-password-card-based secure communication method of Internet of things healthcare service system
Tsai et al. Secure session key generation method for LoRaWAN servers
US8347094B2 (en) Securing wireless body sensor networks using physiological data
Sammoud et al. A new biometrics-based key establishment protocol in WBAN: Energy efficiency and security robustness analysis
US8345879B2 (en) Securing wireless body sensor networks using physiological data
US8291220B2 (en) Securing wireless body sensor networks using physiological values for nonces
Singelée et al. A secure cross-layer protocol for multi-hop wireless body area networks
Joshi et al. Authentication protocols for wireless body area network with key management approach
CN103457722A (en) Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold
CN105871929A (en) Wireless sensor network anonymity communication method
Sudarsono et al. An implementation of secure data sensor transmission in wireless sensor network for monitoring environmental health
Sudarsono et al. An implementation of secure wireless sensor network for e-healthcare system
CN103596174B (en) Pairwise key production method
Amini et al. Toward a security model for a body sensor platform
Kuptsov et al. Securing medical sensor network with HIP
Altop et al. SKA-PS: Secure key agreement protocol using physiological signals
Mohanavalli et al. Security architecture for at-home medical care using body sensor network
CN106961660A (en) The continuous data collection method that can verify that safely in sensor network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170908

CF01 Termination of patent right due to non-payment of annual fee