CN105141620A - Small data distribution method enabling wireless sensor network security and denial of service attack defense - Google Patents
Small data distribution method enabling wireless sensor network security and denial of service attack defense Download PDFInfo
- Publication number
- CN105141620A CN105141620A CN201510589728.7A CN201510589728A CN105141620A CN 105141620 A CN105141620 A CN 105141620A CN 201510589728 A CN201510589728 A CN 201510589728A CN 105141620 A CN105141620 A CN 105141620A
- Authority
- CN
- China
- Prior art keywords
- packet
- sensor node
- base station
- key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
The invention discloses a small data distribution method enabling wireless sensor network security and denial of service attack defense. The method includes the following steps that: a system initialization phase: a base station generates a key material and loads a public parameter into each sensor node before sensor network deployment; a data packet earlier-stage processing phase: the base station generates data packets through adopting a cipher confusing technology and a digital signature method before data item distribution; and a data packet authentication phase: after receiving the data packets, the sensor nodes judge the validity of the data packets, if the data packets are valid data packets, the sensor nodes receive and update the data packets, otherwise, the sensor nodes discard the data packets. With the mall data distribution method of the invention, under the condition that sensor node resources are limited, resistance to compromise of the sensor nodes can be realized, the integrity and security of information can be ensured, and no time synchronization is required between the base station and the sensor nodes, and defense for denial of service attack can be effectively realized. The small data distribution method has high robustness in packet loss and data packet transmission out-of-sequence.
Description
Technical field
The invention belongs to the technical field of radio communication, particularly a kind of without sensor network security and can the small data distribution method of resisting abnegation service aggression.
Background technology
At present, being widely distributed of wireless sensor network, applies also varied, comprises environmental monitoring, battlefield supervision and the data acquisition under harsh geographical environment.In wireless sensor network, can distribute small data is in a network a very useful operating function.It allows base station to write some little programs, order, inquiry and configuration parameter toward sensor node.It is emphasized that small data distribution protocol is different from by code distribution (being also sometimes referred to as Data dissemination or the reprogrammed) agreement furtherd investigate.Code distribution is distributed in network new binary file, thus realize complete system reprogrammed.For example, the binary file of distributing several ten thousand bytes efficiently needs code distribution agreement, and distributes the configuration parameter that several size is two bytes, needs small data distribution protocol.
Wireless sensor network belongs to a kind of network of broadcast type in essence, and all nodes namely in network are all shared communication channel.Therefore, in order to ensure the confidentiality diffused information in network, information privacy is a very important security attribute.Because under normal circumstances, the information of base station may not be wanted to share to everyone, and only wants to send some confidential information to specific node.In addition, except ensureing the confidentiality of the information propagated, guarantee that message is that to come from believable source also very important.Consider the problems such as computational efficiency, traditional small data distribution protocol all can adopt elliptic curve encryption algorithm to be encrypted, but the signature of this mode is easy to the attack being subject to the service of refusal formula.In order to resist Denial of Service attack, existing work adopts the specific fascination method of information substantially, but this method is not encrypted message, and assailant does not even need compromise sensor node just can carry out intercepting messages by interception communication easily.Adopt ciphertext obfuscation technique herein, thus not only guarantee the confidentiality of information, can also resisting abnegation service aggression.
For base station, use the calculation cost paid required for customizing messages fascination method and ciphertext fascination method very nearly the same, but it is different that enemy builds an effective fascination solution degree of difficulty.In customizing messages fascination method, a fascination solution is a fixing field, so that front V the byte of cryptographic Hash of the series connection being verified information is fixing result.Once this pattern is determined, enemy just easily in advance by force search, can obtain the solution likely met.And in ciphertext fascination method, in each Data dissemination, front V byte of the cryptographic Hash of signing messages is all different.Enemy can not find answer by a pattern violence.In addition, in customizing messages fascination, all message is not encrypted, and assailant does not need the compromise of sensor node, just can intercept and capture communication in network easily to obtain these information.In ciphertext fascination, these authentic message are all encrypted by mystery key, and before acquisition message, enemy must obtain mystery key by compromise sensor node.
The object of the invention is to overcome the shortcoming of prior art and deficiency; there is provided a kind of without sensor network security and can the small data distribution method of resisting abnegation service aggression; while the efficiency inheriting Drip agreement and robustness; for distribution of information provides safeguard protection; comprise integrity protection and Confidentiality protection, can also resisting abnegation service aggression.
Summary of the invention
The present invention proposes a kind of wireless sense network safety and can the small data distribution method of resisting abnegation service aggression, comprise as the next stage:
System initialisation phase: base station generates key material, and is loaded into by common parameter in each sensor node before sensor network disposition;
The processing stage of packet early stage: before data item distribution, described base station adopts ciphertext obfuscation technique and digital signature method to generate packet;
In the packet authentication stage: after receiving packet, each sensor node judges the legitimacy of described packet, if described packet is legal packet, then accepts described packet and upgrades, otherwise directly abandoning described packet.
The described wireless sense network safety that the present invention proposes and can in the small data distribution method of resisting abnegation service aggression, described system initialisation phase comprises the steps:
Steps A 1: elliptic curve encryption algorithm is set up in described base station, and generate private key, common parameter and PKI with this;
Steps A 2: described base station generates the first random number;
Steps A 3: described base station utilizes hash function to generate one-way key chain according to described first random number, described one-way key chain comprises multiple mystery key, and last mystery key of wherein said one-way key chain is called key chain commitment value;
Steps A 4: described key chain commitment value is loaded in each sensor node by described base station.
The described wireless sense network safety that the present invention proposes and can in the small data distribution method of resisting abnegation service aggression, described in steps A 3, one-way key chain generation method is, using described first random number as the head node of described one-way key chain, thereafter the mystery key on each key chain node carries out Hash operation by the mystery key on previous key chain node by hash function and obtains, and the length of described one-way key chain is not less than the data item number that in network lifecycle, base station will be distributed.
The described wireless sense network safety that the present invention proposes and can in the small data distribution method of resisting abnegation service aggression, described packet comprised the following steps the processing stage of early stage:
Step B1: described base station generates the second random number, and described second random number is connected with data item, utilize hash function to produce the cryptographic Hash of series connection item;
Step B2: front L the bit that described cryptographic Hash is got in described base station carries out symmetric cryptography as session key to described series connection item, obtains enciphered message;
Step B3: described base station uses described private key to carry out digital signature to described cryptographic Hash, obtains its signature value;
Step B4: described base station force search obtains a numerical value, the condition that described numerical value need meet is: the series value of described cryptographic Hash, described numerical value and next mystery key is used to the ciphertext after current mystery key symmetric cryptography, and described ciphertext is equal with several bit values front of the cryptographic Hash of described digital signature; Described base station data item, described digital signature and the described ciphertext that will distribute as the packet of distribution to described sensor node broadcasts.
The described wireless sense network safety that the present invention proposes and can in the small data distribution method of resisting abnegation service aggression, described data item comprises marking variable, version number and data; Described marking variable is used for the variable that unique identification will be updated, and described version number is for representing the newness degree of data item, and described data are for representing the data that needs are distributed.
The described wireless sense network safety that the present invention proposes and can in the small data distribution method of resisting abnegation service aggression, the described packet authentication stage comprises the following steps:
Step C1: described sensor node receives a packet from any one adjacent jump set sensor node or described base station;
Step C2: described sensor node verifies the version number of described packet, if old version number then directly abandons described packet, if new version number, then utilize current mystery key to rebuild ciphertext confuse and judge that whether the deciphering that ciphertext confuses is correct, if decipher unsuccessfully, described sensor node directly abandons this packet, if deciphering is correct, whether the relation that described sensor node is checked between the current mystery key on the mystery key of deciphering and node further by described one-way Hash function is correct; If both sides relation is correct, then performs next step operation, otherwise directly abandon this packet;
Step C3: described sensor node adopts the PKI in the common parameter stored to verify the correctness of described digital signature, if authentication failed, sensor node directly abandons described packet; If be proved to be successful, described sensor node, by upgrading the version number of Data dissemination, is verified for follow-up renewal; Sensor node selects two tuple < marking variables, version number > check version number in the data item this packet, if new version number, then performs step C4; If the version number stored with itself is identical, then perform step C5; If old version number, then perform step C6;
Step C4: described sensor node is according to described marking variable more new data;
Step C5: described sensor node increases the broadcast interval of this packet by Trikle algorithm, to reduce network energy cost when network consistency;
Step C6: described sensor node then broadcasts the packet self stored at present.
Beneficial effect of the present invention is:
Can the integrality of guarantee information and fail safe: after the cryptographic Hash of base station private key to data item is signed, private key only has itself to know, when not compromised in base station, can ensure that all the sensors node can both certifying signature.
Ensure base station with do not need between sensor node temporal synchronous: do not seek common ground between base station and sensor node and walk.Therefore, without the time interval that tentation data bag arrives, once data packets is to sensor node, it can be verified at once.
Can resisting abnegation service aggression: use ciphertext fascination, certification can be carried out rapidly to the packet received, and can by symmetric cryptography and hash function operation demonstration false data bag, also by abuse that each sensor node prevents Trikcle mechanism to the certification diffused information.
Efficientibility: each sensor node promptly can carry out the authentication operation to received packet, in addition, only need storage two tuple to carry out the integrality of verification msg bag in node, therefore on communication, calculating and storage cost, this agreement is all very efficient.
Packet loss and data packets out-of-sequence on there is high robust: data-bag lost events relatively many in wireless sensor network and the arrival of out of order packet need to tolerate the design of high rate of data loss and out of order data packet transmission.
Accompanying drawing explanation
Fig. 1 is the present invention without sensor network security and can the flow chart of small data distribution method of resisting abnegation service aggression.
Fig. 2 is the formation schematic diagram of one-way key chain.
Fig. 3 (a) be packet early stage processing stage schematic diagram.
Fig. 3 (b) is ciphertext fascination constructor schematic diagram.
Embodiment
In conjunction with following specific embodiments and the drawings, the present invention is described in further detail.Implement process of the present invention, condition, experimental technique etc., except the following content mentioned specially, be universal knowledege and the common practise of this area, the present invention is not particularly limited content.
The implication of technical term representative relevant in the present invention is as follows:
(SIG
k(M)) expression key k signs to data item M;
E
k(M) expression symmetric key K carries out symmetric cryptography to data item X;
(M)-V represents the value of information before data item M removing after V byte;
(M) V represents the value of front V the byte of data item M;
H (.) represents one-pass key hash function;
H (M) represents the cryptographic Hash of data item M;
|| represent concatenation operation.
As shown in Figure 1, the present invention is without sensor network security and the small data distribution method of resisting abnegation service aggression can comprise following three phases:
First stage: system initialisation phase, base station generates key material, and is loaded into by common parameter in each sensor node before sensor network disposition;
Second stage: the processing stage of early stage of packet, namely before data item distribution, base station adopts ciphertext obfuscation technique and digital signature method to generate packet;
Phase III: packet authentication stage, each sensor node judges after receiving packet whether it is legal packet, if the packet received is legal packet, then accepts this packet and upgrades, otherwise directly abandoning this packet.
The described first stage comprises the following steps:
An elliptic curve encryption algorithm ECC is set up in A1, base station, produces private key SK, common parameter { PK, Q, p, q, H (.) }, and PKI PK=SK*Q;
A first random number K is selected in A2, base station
b;
A3, generate an one-way key chain according to Kb, by K
b... K
1, K
0composition, wherein K
j=H (K
j+ 1) (j=b-1, b-2 ..., 0);
A4, base station preassignment key chain, ensure key chain commitment value K
0be loaded onto in each sensor node before sensor node network is disposed.
Wherein in steps A 3, described one-way key chain generation method is, using the first base station selected random number as the head node of one-way key chain, thereafter the mystery key on each key chain node carries out Hash by the mystery key on previous key chain node by hash function and obtains, the length of one-way key chain can be arbitrary, but should not be less than the data item number that in network lifecycle, base station will be distributed.
Described second stage comprises the following steps:
Second random number N of B1, a base station selected L bit long, by this second random number and data item D
iseries connection obtains series value D
i|| N, utilizes one-way Hash function to obtain series value D
i|| the cryptographic Hash of N, with H (D
i|| N) represent;
B2, by cryptographic Hash H (D
i|| N) assignment is to after h, and front L the bit of h is got in base station will as session key to series value D
i|| N carries out symmetric cryptography, obtains enciphered message (E
h(D
i|| N));
B3, base station use the private key of oneself to carry out digital signature to the cryptographic Hash after aforesaid operations, obtain its signature value (SIG
sk(h)).
B4, base station force search numerical value W, this numerical value meets the following conditions: the series value of above-mentioned cryptographic Hash, this numerical value and next mystery key three is used to the ciphertext after current mystery key symmetric cryptography, with the cryptographic Hash of above-mentioned digital signature, both front V bit values are equal.The intensity that the ciphertext that represents V confuses, V is larger, and intensity is larger, but simultaneously also more to the consumption of base station resource.Then, base station will be distributed data item, above-mentioned digital signature and above-mentioned two ciphertexts are gone out as the data packet broadcast of distribution.
Wherein, the tlv triple (key, version, data) of the data item in step B1 represents, namely described data item comprises marking variable, version number and data; Wherein, the variable that marking variable unique identification will be updated, version number represents the newness degree of data item, the data that data representation will be distributed.
The described phase III comprises the following steps:
C1, sensor node receive a packet from any one adjacent jump set sensor node or base station;
C2, sensor node verify the version number of the packet received, thus determine that the distribution of this packet is new and old, if new version, then utilize current mystery key to rebuild ciphertext confuse and judge that whether the deciphering that ciphertext confuses is correct, if deciphering is failed, sensor node then directly abandons this packet; Otherwise sensor node by then operated by one-way Hash function check deciphering further mystery key and node on current mystery key between relation whether correct.If both sides relation is correct, then then perform next step operation; Otherwise directly abandon this packet.
C3, sensor node then adopt the PKI in stored common parameter to verify the correctness of this digital signature, if signature verification failure, then sensor node directly abandons this packet; Otherwise sensor node, by upgrading the version number of Data dissemination, is verified for follow-up renewal.Then, sensor node selects two tuple < marking variables, version number > check version number in the data item this packet;
What if C4 received is a new version, sensor node according to this marking variable more new data, otherwise, abandon this bag;
If what C5 received is, what to store with itself is same version, and sensor node increases the broadcast interval of this packet by Trikle algorithm, understands like this and reduce network energy cost when network consistency;
If C6 packet is old one packet of taking turns distribution, then its oneself packet stored at present of sensor node broadcasts.
Below in conjunction with specific embodiment, small data distributing step of the present invention is illustrated.
In system initialisation phase, an elliptic curve encryption algorithm will be set up to produce private key SK, common parameter { PK, Q, p, q, H (.) } and PKI PK in base station.Concrete implementation step is as follows: select an elliptic curve E at elliptic curve group territory GF (p), wherein p represents a very large prime number, point Q is a basic point on elliptic curve E, the rank of basic point Q are made to be Big prime q, select a private key belonging to GF (p), and obtain PKI PK by computing SK*Q.Illustratively, elliptic curve encryption algorithm be 160 long, PKI SK and basic point Q be all 320 long, large number p and q be all then 160 long.
Next, as shown in Figure 2, a first random number Kb is selected in base station, then generates an one-way key chain, by K
b... K
1, K
0composition, wherein K
j=H (K
j+ 1) (j=b-1, b-2 ..., 0).Then, base station preassignment key chain, ensures key chain commitment value K
0joined in each sensor node before sensor node network is disposed.Key K
b... K
1, K
0be called mystery key (puzzlekey), mystery key K
jfor representing the information of a jth distribution, wherein j>0.Here the length b of hash chain is that wireless sensor network allows in the life-span can the maximum of distributing data item.
Before sensor network disposition, by the commitment value K of hash chain
0together be loaded in each sensor node with the common parameter { PK, Q, p, q, H (.) } of base station.Any one existing published safe key preassignment mechanism all can realize achieving the above object.Hash chain is also called version chain, because the renewal version of the corresponding message of its content, the jth element being namely stored in hash chain in sensor node is also called a jth version key.
After completion system initial phase, the processing stage of entering the early stage of packet, as shown in Fig. 3 (a).If base station is wanted to distribute such data item: Di={key, seqno, data}, wherein i>0.It can adopt ciphertext obfuscation technique and digital signature method, by performing the packet that following steps build.
Second random number N of a base station selected L bit long, by this second random number and data item D
iseries connection obtains series value D
i|| N, utilizes one-way Hash function to obtain series value D
i|| the cryptographic Hash of N, with H (D
i|| N) represent, after by this cryptographic Hash assignment to h, front L the bit of h is got in base station will as session key to series value D
i|| N carries out symmetric cryptography, obtains enciphered message (E
h(D
i|| N)).After h is used for encrypted packet, it will be used in the module of ciphertext fascination constructor, and base station uses the private key of oneself to carry out digital signature to h at this, obtains its signature value (SIG
sk(h)).
Finally, base station force search numerical value W, this numerical value meets the following conditions: the series value of above-mentioned cryptographic Hash h, this numerical value W and next mystery key Ki three is used to the ciphertext (Ki-1 (h||W||Ki)) after current mystery key Ki-1 symmetric cryptography, with the cryptographic Hash (H (SIG of above-mentioned digital signature
sk(h))), both front V bit values are equal, as shown in Fig. 3 (b).The intensity that the ciphertext that represents V confuses, V is larger, and intensity is larger, but simultaneously also more to the consumption of base station resource.Then, base station is by above-mentioned digital signature SIG
sk(h) and above-mentioned two ciphertext (that is: E
h(D
i|| N) and Ki-1 (h||W||Ki)) remove before ciphertext value after V bit go out as the data packet broadcast distributed.
Three phases is the packet authentication stage.When sensor node receives a packet (this packet receives from any one adjacent jump set sensor node or base station), each sensor node, is assumed to be Ri, performs following operation:
Sensor node first verifies the version number of the packet received, thus determine that the distribution of this packet is new and old, if new version, then this node rebuild ciphertext fascination Ki-1 (h||W||Ki) utilize current mystery key Ki-1 to judge that whether the deciphering that ciphertext confuses is correct, if deciphering is failed, sensor node then directly abandons this packet; Otherwise sensor node by then operated by one-way Hash function check deciphering further mystery key Ki and node on current mystery key Ki-1 between relation whether correct.If both sides relation is correct, then then perform next step operation; Otherwise directly abandon this packet.
Sensor node then adopts the PKI PK in stored common parameter to verify this digital signature SIG
skthe correctness of (h), if signature verification failure, then sensor node directly abandons this packet; Otherwise sensor node, by upgrading the version number of Data dissemination, is verified for follow-up renewal.Then, sensor node is selected two tuples { key, seqno} is also checked seqno, if what receive is a new version, then perform step a in the data item Di this packet; If what receive is the same version stored with itself, then perform b; If what receive is a legacy version, then perform c.Corresponding operation is as follows:
A, sensor node are according to this marking variable key more new data;
B, sensor node increase the broadcast interval of this packet by Trikle algorithm, can reduce network energy cost like this when network consistency;
C, the sensor node broadcasts packet at present stored by self.
At present small data dispatch communication method is existed to the mode of three class Denial of Service attacks, be respectively: the Denial of Service attack that (1) postpones for checking; (2) for the Denial of Service attack of this complex operations of digital signature authentication; (3) for the Denial of Service attack of the rudimentary algorithm Trickle of small data distribution method.The present invention can resist all above-mentioned three class Denial of Service attacks.
For the mode of first kind Denial of Service attack, small data distribution method of the present invention adopts ciphertext obfuscation technique, once receive a packet, each sensor node or receiver just verify this packet immediately by performing efficient processing procedure (that is: a symmetrical deciphering and a hash function operation), thus successfully can resist the Denial of Service attack postponed for checking.
For the mode of Equations of The Second Kind Denial of Service attack, because small data distribution method of the present invention have employed ciphertext obfuscation technique, each sensor node or receiver just detect false digital signature by performing a symmetrical deciphering, a hash function operation and a compare operation, thus successfully can resist the Denial of Service attack for this complex operations of digital signature authentication.
For the mode of the 3rd class Denial of Service attack, small data distribution method of the present invention can be guaranteed at each node once the authenticity receiving packet and just can verify this packet, therefore outside attacker cannot make recipient remove this algorithm of misuse Trickle, thus successfully can resist the Denial of Service attack of the rudimentary algorithm Trickle for small data distribution method.
Protection content of the present invention is not limited to above embodiment.Under the spirit and scope not deviating from inventive concept, the change that those skilled in the art can expect and advantage are all included in the present invention, and are protection range with appending claims.
Claims (6)
1. wireless sense network safety and can the small data distribution method of resisting abnegation service aggression, is characterized in that, comprise as the next stage:
System initialisation phase: base station generates key material, and is loaded into by common parameter in each sensor node before sensor network disposition;
The processing stage of packet early stage: before data item distribution, described base station adopts ciphertext obfuscation technique and digital signature method to generate packet;
In the packet authentication stage: after receiving packet, each sensor node judges the legitimacy of described packet, if described packet is legal packet, then accepts described packet and upgrades, otherwise directly abandoning described packet.
2. wireless sense network according to claim 1 safety and can the small data distribution method of resisting abnegation service aggression, it is characterized in that, described system initialisation phase comprises the steps:
Steps A 1: elliptic curve encryption algorithm is set up in described base station, and generate private key, common parameter and PKI with this;
Steps A 2: described base station generates the first random number;
Steps A 3: described base station utilizes hash function to generate one-way key chain according to described first random number, described one-way key chain comprises multiple mystery key, and last mystery key of wherein said one-way key chain is called key chain commitment value;
Steps A 4: described key chain commitment value is loaded in each sensor node by described base station.
3. wireless sense network according to claim 2 safety and can the small data distribution method of resisting abnegation service aggression, it is characterized in that, described in steps A 3, one-way key chain generation method is, using described first random number as the head node of described one-way key chain, thereafter the mystery key on each key chain node carries out Hash operation by the mystery key on previous key chain node by hash function and obtains, and the length of described one-way key chain is not less than the data item number that in network lifecycle, base station will be distributed.
4. wireless sense network according to claim 1 safety and can the small data distribution method of resisting abnegation service aggression, is characterized in that, described packet comprised the following steps the processing stage of early stage:
Step B1: described base station generates the second random number, and described second random number is connected with data item, utilize hash function to produce the cryptographic Hash of series connection item;
Step B2: front L the bit that described cryptographic Hash is got in described base station carries out symmetric cryptography as session key to described series connection item, obtains enciphered message;
Step B3: described base station uses described private key to carry out digital signature to described cryptographic Hash, obtains its signature value;
Step B4: described base station force search obtains a numerical value, the condition that described numerical value need meet is: the series value of described cryptographic Hash, described numerical value and next mystery key is used to the ciphertext after current mystery key symmetric cryptography, and described ciphertext is equal with several bit values front of the cryptographic Hash of described digital signature; Described base station data item, described digital signature and the described ciphertext that will distribute as the packet of distribution to described sensor node broadcasts.
5. wireless sense network according to claim 4 safety and can the small data distribution method of resisting abnegation service aggression, it is characterized in that, described data item comprises marking variable, version number and data; Described marking variable is used for the variable that unique identification will be updated, and described version number is for representing the newness degree of data item, and described data are for representing the data that needs are distributed.
6. wireless sense network according to claim 4 safety and can the small data distribution method of resisting abnegation service aggression, it is characterized in that, the described packet authentication stage comprises the following steps:
Step C1: described sensor node receives a packet from any one adjacent jump set sensor node or described base station;
Step C2: described sensor node verifies the version number of described packet, if old version number then directly abandons described packet, if new version number, then utilize current mystery key to rebuild ciphertext confuse and judge that whether the deciphering that ciphertext confuses is correct, if decipher unsuccessfully, described sensor node directly abandons this packet, if deciphering is correct, whether the relation that described sensor node is checked between the current mystery key on the mystery key of deciphering and node further by described one-way Hash function is correct; If both sides relation is correct, then then performs next step operation, otherwise directly abandon this packet;
Step C3: described sensor node adopts the PKI in the common parameter stored to verify the correctness of described digital signature, if authentication failed, sensor node directly abandons described packet; If be proved to be successful, described sensor node, by upgrading the version number of Data dissemination, is verified for follow-up renewal; Sensor node selects two tuple < marking variables, version number > check version number in the data item this packet, if new version number, then performs step C4; If the version number stored with itself is identical, then perform step C5; If old version number, then perform step C6;
Step C4: described sensor node is according to described marking variable more new data;
Step C5: described sensor node increases the broadcast interval of this packet by Trikle algorithm, to reduce network energy cost when network consistency;
Step C6: described sensor node then broadcasts the packet self stored at present.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510589728.7A CN105141620A (en) | 2015-09-16 | 2015-09-16 | Small data distribution method enabling wireless sensor network security and denial of service attack defense |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510589728.7A CN105141620A (en) | 2015-09-16 | 2015-09-16 | Small data distribution method enabling wireless sensor network security and denial of service attack defense |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105141620A true CN105141620A (en) | 2015-12-09 |
Family
ID=54726828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510589728.7A Pending CN105141620A (en) | 2015-09-16 | 2015-09-16 | Small data distribution method enabling wireless sensor network security and denial of service attack defense |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105141620A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106792665A (en) * | 2016-12-19 | 2017-05-31 | 华东师范大学 | Wireless sensor network security small data distribution method based on short and small public-key cryptosystem |
| CN108268779A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of processing method and system for being used to carry out invoice short ciphertext signature |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1667999A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A secure communication method between mobile nodes in mobile self-organized network |
| CN101072096A (en) * | 2007-05-31 | 2007-11-14 | 北京威讯紫晶科技有限公司 | Data safety transmission method for wireless sensor network |
| WO2014047135A2 (en) * | 2012-09-18 | 2014-03-27 | Interdigital Patent Holdings, Inc. | Generalized cryptographic framework |
| CN103702325A (en) * | 2013-12-19 | 2014-04-02 | 华南理工大学 | Lightweight wireless sensor network safety small data distribution method |
-
2015
- 2015-09-16 CN CN201510589728.7A patent/CN105141620A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1667999A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A secure communication method between mobile nodes in mobile self-organized network |
| CN101072096A (en) * | 2007-05-31 | 2007-11-14 | 北京威讯紫晶科技有限公司 | Data safety transmission method for wireless sensor network |
| WO2014047135A2 (en) * | 2012-09-18 | 2014-03-27 | Interdigital Patent Holdings, Inc. | Generalized cryptographic framework |
| CN103702325A (en) * | 2013-12-19 | 2014-04-02 | 华南理工大学 | Lightweight wireless sensor network safety small data distribution method |
Non-Patent Citations (1)
| Title |
|---|
| HAILUN TAN,ET AL: "A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks", 《COMPUTERS & SECURITY,VOLUME 32》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106792665A (en) * | 2016-12-19 | 2017-05-31 | 华东师范大学 | Wireless sensor network security small data distribution method based on short and small public-key cryptosystem |
| CN108268779A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of processing method and system for being used to carry out invoice short ciphertext signature |
| CN108268779B (en) * | 2016-12-30 | 2022-03-04 | 航天信息股份有限公司 | Processing method and system for carrying out short ciphertext signature on invoice |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aman et al. | Low power data integrity in IoT systems | |
| Cui et al. | HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs | |
| Saxena et al. | EasySMS: A protocol for end-to-end secure transmission of SMS | |
| He et al. | Secure data discovery and dissemination based on hash tree for wireless sensor networks | |
| He et al. | SDRP: A secure and distributed reprogramming protocol for wireless sensor networks | |
| Zeng et al. | On the security of an enhanced novel access control protocol for wireless sensor networks | |
| Grover et al. | A survey of broadcast authentication schemes for wireless networks | |
| CN105049401A (en) | Secure communication method based on intelligent vehicle | |
| He et al. | Secure and distributed data discovery and dissemination in wireless sensor networks | |
| Singla et al. | Look before you leap: Secure connection bootstrapping for 5g networks to defend against fake base-stations | |
| Adomnicai et al. | Hardware security threats against Bluetooth mesh networks | |
| Das | An efficient random key distribution scheme for large‐scale distributed sensor networks | |
| Lee et al. | Flexicast: Energy-efficient software integrity checks to build secure industrial wireless active sensor networks | |
| CN101895388B (en) | Distributed dynamic keys management method and device | |
| Gunasekaran et al. | TEAP: trust‐enhanced anonymous on‐demand routing protocol for mobile ad hoc networks | |
| Ghosal et al. | A lightweight security scheme for query processing in clustered wireless sensor networks | |
| CN104769907A (en) | Apparatus and method for transmitting data | |
| CN104010310A (en) | Heterogeneous network unified authentication method based on physical layer safety | |
| CN103702325B (en) | Lightweight wireless sensor network safety small data distribution method | |
| CN105141620A (en) | Small data distribution method enabling wireless sensor network security and denial of service attack defense | |
| CN106792665A (en) | Wireless sensor network security small data distribution method based on short and small public-key cryptosystem | |
| He et al. | Small data dissemination for wireless sensor networks: The security aspect | |
| Kolesnikov et al. | MAC aggregation protocols resilient to DoS attacks | |
| Zhang et al. | Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11 ah networks | |
| Hyun et al. | FEC-Seluge: Efficient, reliable, and secure large data dissemination using erasure codes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151209 |