CN106507347A - A kind of key generation method for protecting wireless sensor network security - Google Patents
A kind of key generation method for protecting wireless sensor network security Download PDFInfo
- Publication number
- CN106507347A CN106507347A CN201710011767.8A CN201710011767A CN106507347A CN 106507347 A CN106507347 A CN 106507347A CN 201710011767 A CN201710011767 A CN 201710011767A CN 106507347 A CN106507347 A CN 106507347A
- Authority
- CN
- China
- Prior art keywords
- key
- equation
- node
- wireless sensor
- generation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to wireless communication field, discloses a kind of key generation method for protecting wireless sensor network security.The key generation method generates key as secret for network node by the use of equation group, so as to realize the secure communication between node.Equation in the equation group for being constructed can be any form of equation, but must assure that number and equation group one and only one solution of the number of equation in equation group no less than required key.Equation in equation group further generates key by key-function.When key is generated using the method, node can remain able to realize secure communication using unique solution generation same key in the case of without shared key.The key that the method is generated is can be widely applied in existing various key managing projects; and key connectedness can be significantly increased on the premise of ensureing not reducing other performances, so as to improving the communication efficiency of node and being that network improves more safe and efficient protection.
Description
Technical field
The invention belongs to wireless communication field, is related to a kind of key generation side for protecting wireless sensor network security
Method.
Background technology
Wireless sensor network (Wireless Sensor Networks, abbreviation WSN) is by microelectric technique, sensing skill
Art, the new network of wireless communication technology fusion, can be widely applied to the numerous areas such as military affairs, medical treatment, traffic, with very good
Application prospect.In actual applications, safety for wireless sensor network most important, particularly wireless sensor network quilt
Be deployed in nobody touch or easily be damaged environment when, it is ensured that the safety of wireless sensor network even more should be top-priority
Problem.Key management can provide safe and reliable secret communication for network, be to ensure that the vital clothes of network security
Business.
According to the characteristics of wireless sensor network, existing key managing project mainly reduces node using symmetric key
Energy expenditure.Generally, this kind of scheme includes four steps:1) key distribution;2) encryption key distribution;3) key is generated;4) key
Distribution.Key distribution stage, server are stored according to needed for the scale of network determines the size of pool of keys and each node
The number of key;Encryption key distribution stage, server determine the mapping relations between key and node, and then determine that each node is deposited
Which key stored up;Key generation phase, server generate specifically used key;Key distribution phase, server by generate
Key is distributed to corresponding node according to encryption key distribution relation.
The key form that existing key managing project is mainly used includes that common string key, binary symmetric multinomial are close
Key, matrix key.The binary symmetric polynomial-key that Blundo et al. is proposed is primarily used to improve key and cracks difficulty.So
And, this kind of key increased the calculating of node and storage overhead.The matrix key that Blom et al. is proposed can improve network
Connective.However, the scheme extensibility for being proposed is poor, large scale network is not suitable for.
Although key management can improve the safety of network, other performances, such as communication efficiency would generally be reduced.
Key connectedness is very important performance indications of key management, reflects network node and can realize that directly safety is logical
The probability of letter.It is directly logical that the connective low scheme of key can cause a lot of neighbor nodes realize due to lacking shared key
Letter.If this kind of node wants intercommunication, need to set up cipher key path to complete to communicate.However, these operations can be produced
Substantial amounts of message is forwarded, so as to greatly consume the energy of node while also bringing the authentication question of node.Thereby it is ensured that
The key connectedness of key managing project is most important.Although part existing scheme can guarantee that key is connective for 1.However, this
Or a little scheme poor expandabilities cannot be applied to catenet, or needing the positional information of node, problem above to limit
Availability of this kind of scheme in actual environment.In fact, the key of existing most schemes connective both less than 1, so as to
The communication efficiency even Network morals of network are seriously reduced.
In sum, it is necessary to invent a kind of key generation method for protecting wireless sensor network security.Pass through
The key that the method is generated can be widely used in various key managing projects, and ensure do not affecting key management other property
Key is significantly increased on the premise of energy connective, so as to ensure that the key managing project using such key can be carried for network
For more efficient security service.
Content of the invention
For the deficiencies in the prior art, the present invention proposes a kind of key generation side of protection wireless sensor network security
Method, the method use equation group to generate shared key as secret for network node, are strengthened between key using solution of equations
Contact, and to ensure that and improve direct secure communication using the implicit contact on the premise of key privacy is not being reduced
Probability.The key generation method can be widely used in various existing key managing projects, significantly increase key management
Efficiency and ensure not reduce other performances.The basic thought of the method is summarized as follows:
According to size u of pool of keys, the equation group containing u equations is constructed so that equation group one and only one solution.So
Afterwards using each equation in equation group as secret, using unified key-function (usually one-pass key hash function)
H () generates final key.
Equation in the equation group for being constructed can be any form of equation, including linear equation, polynomial equation etc..
In fact, the equation group for being constructed only needs to ensure one and only one solution, comprising equation number more than or equal to key
Number.The key generated by the method can be applied more broadly in various existing key managing projects, significantly
The key for improving key management is connective, it is ensured that the communication efficiency of network.
In order to achieve the above object, the technical scheme is that:
A kind of key generation method of protection wireless sensor network security, the method use equation group as secret for net
Network node generates key to ensure the safety communicated between node, generates two parts including equation set constructor, key, specifically
Step is as follows:
The first step, equationof structure group
According to size u of pool of keys, equationof structure group
Wherein,Containing u equation, each equation contains v variable;In addition, cI, jRepresent Equation fiJ-th not
Know several coefficients, pI, jRepresent the power of the unknown number, 1≤i≤u, 1≤j≤v;Equation groupOne and only one solution
S(v)={ x1..., xv}T(2)
Second step, generates key
WillIn each is equations turned for only character string:
fi=<cI, 1||pI, 1>||cI, 2||pI, 2>||…||<cI, v||pI, v, 1≤i≤u (3)
Wherein, | | represent attended operation;By fiAs input, generated using identical key-function H () corresponding
Key
ki=H (fi), 1≤i≤u (4)
According to said method, using equation groupGenerate all key k in pool of keysi(1≤i≤u).In addition, sharp
With only solution S(v)As follows for generating key:
ks=H (S(v))=H (x1||x2||…||xv) (5)
Then, these keys are applied to the communication security in specific key managing project between protection node.
Theoretical according to equation group, when the node in network is storedIn more than v equations when so that the node is possible to logical
Cross only solution S of known Equation for Calculating(v).The key generated using this method, node can utilize the key of oneself storage incessantly
(equation) realizes the secure communication with other nodes, and the only solution generation shared key that can also pass through to calculate equation group is realized
Secure communication with other nodes.The process is referred to as shared key discovery procedure, is described in detail below:
When in network, a node A is wanted with another Node B Communication, node A broadcasts the ID of oneself key first.Logical
These key IDs are crossed, node B checks whether which has shared key with node A.If there is shared key in node A and node B,
The secure communication between message realization is encrypted using shared key;Otherwise, node A and node B calculates only solution, and uses
ks=H (S(v)) encryption message realize between secure communication.
Further, size of the number of the equation in the equation group for being constructed in the first step more than or equal to pool of keys
U, it is ensured that each key is generated by different equations.
Further, specifically used equation group number is determined according to number of total pool of keys comprising sub-key pond, if always
Pool of keys includes multiple sub-key ponds, then the corresponding equation group in each sub-key pond.
Further, the key-function described in second step is arbitrary one-way Hash function (one-way hash
) or pseudo-random function (pseudo-random function) function.
Proposed invention method is actually the method that in cipher key management procedures generate concrete key for node.Reality should
With in, need the method is combined with key managing project, the safeguard protection of more comprehensive, system could be provided for network.
Beneficial effects of the present invention are:Equation group is used to generate key to ensure between node for network node as secret
The safety of communication.Using this method, node can utilize incessantly stored key to realize secure communication when communicating, can also lead to
The only solution generation shared key for crossing group of equations realizes secure communication.Therefore, between node direct secure communication probability
It is significantly improved, and then improves the communication efficiency between node.The key generated by the method widely can be applied
In existing various key managing projects, so as to ensure to significantly increase key management on the premise of not reducing other performances
Efficiency.
Description of the drawings
Fig. 1 key management flow charts.
Fig. 2 contains the corresponding geometric figure of equation group of only solution.
Fig. 3 equation group, key, node relationships figure.
Specific embodiment
Below in conjunction with the accompanying drawings, the preferred embodiment of the present invention is illustrated.The inventive concept that the present invention is provided can be real
Apply in multiple specific environments.The specific embodiment that is discussed is merely to illustrate the implementation of the present invention, and does not limit this
Bright scope.
The flow chart that Fig. 1 illustrates an examplary key Managed Solution.Key management generally comprises key distribution, key point
Match somebody with somebody, key is generated and key distribution Four processes.As described above, the key distribution stage be intended to determine pool of keys size and
The number of keys of each node storage;The encryption key distribution stage realizes the mapping relations between key and node;Key generation phase
Determine the concrete form of key;Key is distributed to corresponding node according to the relations of distribution above by key distribution phase.
As a example by with classical EBS (n, k, m) key managing project, the realization combined with key management by the inventive method is described
Flow process.EBS (n, k, m) key managing project requires each node storage k key, and total pool of keys size is k+m.So,
The unknown number of keys of each node is m.New information is encrypted by the unknown m keys of each node, EBS schemes can be efficient
Expulsion any failure node in ground simultaneously completes key updating.This example is assumed to contain 10 nodes in network, and EBS (10,2,3) scheme
It is used to the communication security for ensureing network.Key managing project is divided into three parts for the protection of network:Key predistribution, altogether
Enjoy the foundation of key discovery/cipher key path, key redistribution.
1. key predistribution
Key predistribution stage needs were completed before node deployment, and the allocation rule of the stage major design key is simultaneously raw
All-network node is distributed to into concrete key.As it was previously stated, the stage is mainly made up of four-stage:Key distribution, key
Distribution, key are generated and key distribution.
1) key distribution
Construction rule according to network size n and EBS schemes determines that the number of keys that pool of keys, each node are stored is full
Sufficient relation
Above-mentioned formula ensure that each node can select k keys from pool of keys and cipher key combinations are not weighed in network
Multiple.
2) the encryption key distribution stage
When EBS (10,2,3) key management system be used for when protecting network, key and node that the encryption key distribution stage determines
Between mapping relations represent such as table 1.According to table 1, if the i-th row j train values of form are 1, then it represents that node j stores key i.
If node N5Fail, then key k2、k3Expose.Now, server can pass through k1、k4And k5The new key k ' of encryption2、k′3And it is wide
Broadcast.As a result, other nodes can be decrypted these message and complete key updating, node N5Driven as new information cannot be decrypted
By.
Table 1 EBS (10,2,3) key distribution scheme
N1 | N2 | N3 | N4 | N5 | N6 | N7 | N8 | N9 | N10 | |
k1 | 1 | 1 | 1 | 1 | ||||||
k2 | 1 | 1 | 1 | 1 | ||||||
k3 | 1 | 1 | 1 | 1 | ||||||
k4 | 1 | 1 | 1 | 1 | ||||||
k5 | 1 | 1 | 1 | 1 |
3) key generation phase
Key generation phase, overall efficiency and security consideration, total pool of keys would generally be divided into t (t >=1)
Pool of keys, then uses key generation method proposed by the present invention for each sub-key pond.Implement in conjunction with this example as follows:
A) according to the actual requirements, total pool of keys is SK={ k1, k2, k3, k4, k5}.In this example, total pool of keys is not entered
Row segmentation.Therefore, the key in total pool of keys is generated using an equation group.
B) equationof structure groupFor generating the key in SK
Corresponding solution is
Fig. 2 showsCorresponding figure.Can be seen according to Fig. 2, the equation in involved equation group is all
It is linear equation, wherein each equation corresponds to the straight line of 2 dimension spaces, and the only solution of equation group is corresponding to all straight lines
Intersection point.
C) specific key is generated according to the equation group of construction.Due toIt is the linear equation containing two variables.Root
Theoretical according to plane geometry, corresponding equation can be determined by 2 points on straight line.Therefore, represented per bar using the point on straight line
Straight line (equation) generates key as secret.With straight line (equation) f1:As a example by x-y-1=0, and selected element (8,7) and (- 2, -3)
Key k is generated as secret1=H ((8,7) | | (- 2, -3)).Fig. 3 illustrates the corresponding straight line of equation group, point, key and node
Between relation.
4) key distribution phase
According to the encryption key distribution rule that table 1 determines, server will be for generating the point of key, one-way Hash function and close
The ID of key is distributed to corresponding node.
Through above flow process, server can generate specifically used key according to the scale design allocation rule of network,
And these keys are distributed to node.After node is deployed to network, these nodes can pass through the close of oneself storage each
Key completes secure communication.
2. shared key discovery/cipher key path is set up
After node is deployed to network, need to judge whether that there is shared key with other nodes leads to so as to realize safety
Letter.First, it is desirable to the ID of the respective key of two node broadcasts of communication, so that these nodes can be judged by key ID
Each other with the presence or absence of shared key, if there is shared key, secure communication is realized using these shared keys;Otherwise, these
Node judges the only solution that whether can calculate identical equation group each other according to key ID, if can reach, using these
The only solution of identical generates identical key and realizes secure communication.Scheme, this embodiment general side are generated compared to traditional key
The only solution of journey group is used for generating the shared key between node as newly-increased shared secret, so as to drastically increase key
The efficiency of management.Can be obtained by analysis, be had in this examplePlant and can but lead to without shared key between situation lower node
The only solution for crossing equation group realizes secure communication.
When two communication nodes neither have shared key cannot calculate identical solution again, need to set up cipher key path
To ensure communication safety.By find can with the intermediate node of oneself direct secure communication, communication node can with these in
Intermediate node sets up a cipher key path, can realize the secure communication between communication node using this paths.
3. key redistribution
When the node in network is captured or during depleted of energy, needs to increase new node.If still suffering from pool of keys
Available cipher key combinations, server optional cipher key combinations from available cipher key combinations according to the expected deployed position of node
And it is distributed to the node.If there is no available key combination, need to re-establish cipher key system for all nodes in network.This
When, need to re-execute the key that above-mentioned flow process generates new suitable network.Then, the existing key of server is encrypted new close
Key completes the reconstruction of whole cipher key system to the node broadcasts in network.
Claims (5)
1. a kind of key generation method for protecting wireless sensor network security, it is characterised in that comprise the steps:
The first step, equationof structure group
According to size u of pool of keys, equationof structure group
Wherein,Containing u equation, each equation contains v variable;In addition, cI, jRepresent Equation fiJ-th unknown number
Coefficient, pI, jRepresent the power of the unknown number, 1≤i≤u, 1≤j≤v;Equation groupOne and only one solution
S(v)={ x1..., xv}T(2)
Second step, generates key
1) willIn each is equations turned for only character string:
fi=<cI, 1||pI, 1>||<cI, 2||pI, 2>||…||<cI, v||pI, v>, 1≤i≤u (3)
Wherein, | | represent attended operation;By fiAs input, corresponding key is generated using identical key-function H ()
ki=H (fi), 1≤i≤u (4)
2) only solution S is utilized(v)Generate key as follows:
ks=H (S(v))=H (x1||x2||…||xv) (5).
2. according to claim 1 a kind of protection wireless sensor network security key generation method, it is characterised in that
The number of the equation in the equation group constructed in the first step more than or equal to pool of keys size u, it is ensured that each key by
Different equations are generated.
3. the key generation method of a kind of protection wireless sensor network security according to claim 1 and 2, its feature exists
In specifically used equation group number is determined according to number of total pool of keys comprising sub-key pond, if total pool of keys is comprising multiple
Sub-key pond, the then corresponding equation group in each sub-key pond.
4. the key generation method of a kind of protection wireless sensor network security according to claim 1 and 2, its feature exists
In the key-function described in second step is arbitrary one-way Hash function or pseudo-random function.
5. according to claim 3 a kind of protection wireless sensor network security key generation method, it is characterised in that
Key-function described in second step is arbitrary one-way Hash function or pseudo-random function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710011767.8A CN106507347B (en) | 2017-01-09 | 2017-01-09 | It is a kind of for protecting the key generation method of wireless sensor network security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710011767.8A CN106507347B (en) | 2017-01-09 | 2017-01-09 | It is a kind of for protecting the key generation method of wireless sensor network security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106507347A true CN106507347A (en) | 2017-03-15 |
CN106507347B CN106507347B (en) | 2019-05-10 |
Family
ID=58345158
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710011767.8A Active CN106507347B (en) | 2017-01-09 | 2017-01-09 | It is a kind of for protecting the key generation method of wireless sensor network security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106507347B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833098A (en) * | 2018-07-05 | 2018-11-16 | 西北大学 | A kind of key management method of wireless sensor network based on Solution for System of Linear Equations |
CN109818739A (en) * | 2019-01-24 | 2019-05-28 | 中国人民武装警察部队工程大学 | A kind of production image latent writing method based on confrontation network |
CN111587557A (en) * | 2017-12-11 | 2020-08-25 | 空客防务和空间简易股份有限公司 | Secure communication method |
CN112995935A (en) * | 2021-02-05 | 2021-06-18 | 中国电力科学研究院有限公司 | Management method and device for remote communication terminal key of electric power wireless private network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009145732A1 (en) * | 2008-05-29 | 2009-12-03 | Agency For Science, Technology And Research | A method of signing a message |
CN102006165A (en) * | 2010-11-11 | 2011-04-06 | 西安理工大学 | Ring signature method for anonymizing information based on multivariate public key cryptography |
CN102547694A (en) * | 2012-02-20 | 2012-07-04 | 上海电力学院 | Chinese-remainder-theorem-based group key creation method for sensor network |
-
2017
- 2017-01-09 CN CN201710011767.8A patent/CN106507347B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009145732A1 (en) * | 2008-05-29 | 2009-12-03 | Agency For Science, Technology And Research | A method of signing a message |
CN102006165A (en) * | 2010-11-11 | 2011-04-06 | 西安理工大学 | Ring signature method for anonymizing information based on multivariate public key cryptography |
CN102547694A (en) * | 2012-02-20 | 2012-07-04 | 上海电力学院 | Chinese-remainder-theorem-based group key creation method for sensor network |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111587557A (en) * | 2017-12-11 | 2020-08-25 | 空客防务和空间简易股份有限公司 | Secure communication method |
CN108833098A (en) * | 2018-07-05 | 2018-11-16 | 西北大学 | A kind of key management method of wireless sensor network based on Solution for System of Linear Equations |
CN108833098B (en) * | 2018-07-05 | 2021-08-03 | 西北大学 | Wireless sensor network key management method based on linear equation block solution |
CN109818739A (en) * | 2019-01-24 | 2019-05-28 | 中国人民武装警察部队工程大学 | A kind of production image latent writing method based on confrontation network |
CN109818739B (en) * | 2019-01-24 | 2022-02-25 | 中国人民武装警察部队工程大学 | Generation type image steganography method based on countermeasure network |
CN112995935A (en) * | 2021-02-05 | 2021-06-18 | 中国电力科学研究院有限公司 | Management method and device for remote communication terminal key of electric power wireless private network |
Also Published As
Publication number | Publication date |
---|---|
CN106507347B (en) | 2019-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhong et al. | An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare | |
Su et al. | ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things | |
Li et al. | Privacy-aware attribute-based encryption with user accountability | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN106507347A (en) | A kind of key generation method for protecting wireless sensor network security | |
Ali et al. | Lightweight revocable hierarchical attribute-based encryption for internet of things | |
CN107276766B (en) | Multi-authorization attribute encryption and decryption method | |
CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
CN106022167A (en) | Social privacy protection method of multi-level attribute management center based on characteristic encryption | |
Zhang et al. | Enabling proxy-free privacy-preserving and federated crowdsourcing by using blockchain | |
Ning et al. | Traceable CP-ABE with short ciphertexts: How to catch people selling decryption devices on ebay efficiently | |
CN106817217A (en) | A kind of dynamic password AES of interrupted aging | |
CN109510707A (en) | Group key management method based on tree model | |
Chen et al. | Blockchain/abe-based fusion solution for e-government data sharing and privacy protection | |
Si et al. | KP-ABE based verifiable cloud access control scheme | |
Yang et al. | Improved privacy-preserving Bayesian network parameter learning on vertically partitioned data | |
Wang et al. | Secure and Efficient Data-Privacy-Preserving Scheme for Mobile Cyber–Physical Systems | |
Meng | Directly revocable ciphertext-policy attribute-based encryption from lattices | |
Xu et al. | Graph encryption for all‐path queries | |
CN104780174A (en) | Safe content access method | |
Zhu et al. | Privacy-enhanced multi-user quantum private data query using partial quantum homomorphic encryption | |
Zhang et al. | Efficient cloud-based private set intersection protocol with hidden access attribute and integrity verification | |
Wang et al. | A Blockchain-Based fine-grained access data control scheme with attribute change function | |
Nayudu et al. | Dynamic Time and Location Information in Ciphertext-Policy Attribute-Based Encryption with Multi-Authorization. | |
Liu et al. | Sharing and privacy in PHRs: Efficient policy hiding and update attribute-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |