CN106507347A - A kind of key generation method for protecting wireless sensor network security - Google Patents

A kind of key generation method for protecting wireless sensor network security Download PDF

Info

Publication number
CN106507347A
CN106507347A CN201710011767.8A CN201710011767A CN106507347A CN 106507347 A CN106507347 A CN 106507347A CN 201710011767 A CN201710011767 A CN 201710011767A CN 106507347 A CN106507347 A CN 106507347A
Authority
CN
China
Prior art keywords
key
equation
node
wireless sensor
generation method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710011767.8A
Other languages
Chinese (zh)
Other versions
CN106507347B (en
Inventor
姚念民
战福瑞
卢志茂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian University of Technology
Original Assignee
Dalian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian University of Technology filed Critical Dalian University of Technology
Priority to CN201710011767.8A priority Critical patent/CN106507347B/en
Publication of CN106507347A publication Critical patent/CN106507347A/en
Application granted granted Critical
Publication of CN106507347B publication Critical patent/CN106507347B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to wireless communication field, discloses a kind of key generation method for protecting wireless sensor network security.The key generation method generates key as secret for network node by the use of equation group, so as to realize the secure communication between node.Equation in the equation group for being constructed can be any form of equation, but must assure that number and equation group one and only one solution of the number of equation in equation group no less than required key.Equation in equation group further generates key by key-function.When key is generated using the method, node can remain able to realize secure communication using unique solution generation same key in the case of without shared key.The key that the method is generated is can be widely applied in existing various key managing projects; and key connectedness can be significantly increased on the premise of ensureing not reducing other performances, so as to improving the communication efficiency of node and being that network improves more safe and efficient protection.

Description

A kind of key generation method for protecting wireless sensor network security
Technical field
The invention belongs to wireless communication field, is related to a kind of key generation side for protecting wireless sensor network security Method.
Background technology
Wireless sensor network (Wireless Sensor Networks, abbreviation WSN) is by microelectric technique, sensing skill Art, the new network of wireless communication technology fusion, can be widely applied to the numerous areas such as military affairs, medical treatment, traffic, with very good Application prospect.In actual applications, safety for wireless sensor network most important, particularly wireless sensor network quilt Be deployed in nobody touch or easily be damaged environment when, it is ensured that the safety of wireless sensor network even more should be top-priority Problem.Key management can provide safe and reliable secret communication for network, be to ensure that the vital clothes of network security Business.
According to the characteristics of wireless sensor network, existing key managing project mainly reduces node using symmetric key Energy expenditure.Generally, this kind of scheme includes four steps:1) key distribution;2) encryption key distribution;3) key is generated;4) key Distribution.Key distribution stage, server are stored according to needed for the scale of network determines the size of pool of keys and each node The number of key;Encryption key distribution stage, server determine the mapping relations between key and node, and then determine that each node is deposited Which key stored up;Key generation phase, server generate specifically used key;Key distribution phase, server by generate Key is distributed to corresponding node according to encryption key distribution relation.
The key form that existing key managing project is mainly used includes that common string key, binary symmetric multinomial are close Key, matrix key.The binary symmetric polynomial-key that Blundo et al. is proposed is primarily used to improve key and cracks difficulty.So And, this kind of key increased the calculating of node and storage overhead.The matrix key that Blom et al. is proposed can improve network Connective.However, the scheme extensibility for being proposed is poor, large scale network is not suitable for.
Although key management can improve the safety of network, other performances, such as communication efficiency would generally be reduced. Key connectedness is very important performance indications of key management, reflects network node and can realize that directly safety is logical The probability of letter.It is directly logical that the connective low scheme of key can cause a lot of neighbor nodes realize due to lacking shared key Letter.If this kind of node wants intercommunication, need to set up cipher key path to complete to communicate.However, these operations can be produced Substantial amounts of message is forwarded, so as to greatly consume the energy of node while also bringing the authentication question of node.Thereby it is ensured that The key connectedness of key managing project is most important.Although part existing scheme can guarantee that key is connective for 1.However, this Or a little scheme poor expandabilities cannot be applied to catenet, or needing the positional information of node, problem above to limit Availability of this kind of scheme in actual environment.In fact, the key of existing most schemes connective both less than 1, so as to The communication efficiency even Network morals of network are seriously reduced.
In sum, it is necessary to invent a kind of key generation method for protecting wireless sensor network security.Pass through The key that the method is generated can be widely used in various key managing projects, and ensure do not affecting key management other property Key is significantly increased on the premise of energy connective, so as to ensure that the key managing project using such key can be carried for network For more efficient security service.
Content of the invention
For the deficiencies in the prior art, the present invention proposes a kind of key generation side of protection wireless sensor network security Method, the method use equation group to generate shared key as secret for network node, are strengthened between key using solution of equations Contact, and to ensure that and improve direct secure communication using the implicit contact on the premise of key privacy is not being reduced Probability.The key generation method can be widely used in various existing key managing projects, significantly increase key management Efficiency and ensure not reduce other performances.The basic thought of the method is summarized as follows:
According to size u of pool of keys, the equation group containing u equations is constructed so that equation group one and only one solution.So Afterwards using each equation in equation group as secret, using unified key-function (usually one-pass key hash function) H () generates final key.
Equation in the equation group for being constructed can be any form of equation, including linear equation, polynomial equation etc.. In fact, the equation group for being constructed only needs to ensure one and only one solution, comprising equation number more than or equal to key Number.The key generated by the method can be applied more broadly in various existing key managing projects, significantly The key for improving key management is connective, it is ensured that the communication efficiency of network.
In order to achieve the above object, the technical scheme is that:
A kind of key generation method of protection wireless sensor network security, the method use equation group as secret for net Network node generates key to ensure the safety communicated between node, generates two parts including equation set constructor, key, specifically Step is as follows:
The first step, equationof structure group
According to size u of pool of keys, equationof structure group
Wherein,Containing u equation, each equation contains v variable;In addition, cI, jRepresent Equation fiJ-th not Know several coefficients, pI, jRepresent the power of the unknown number, 1≤i≤u, 1≤j≤v;Equation groupOne and only one solution
S(v)={ x1..., xv}T(2)
Second step, generates key
WillIn each is equations turned for only character string:
fi=<cI, 1||pI, 1>||cI, 2||pI, 2>||…||<cI, v||pI, v, 1≤i≤u (3)
Wherein, | | represent attended operation;By fiAs input, generated using identical key-function H () corresponding Key
ki=H (fi), 1≤i≤u (4)
According to said method, using equation groupGenerate all key k in pool of keysi(1≤i≤u).In addition, sharp With only solution S(v)As follows for generating key:
ks=H (S(v))=H (x1||x2||…||xv) (5)
Then, these keys are applied to the communication security in specific key managing project between protection node.
Theoretical according to equation group, when the node in network is storedIn more than v equations when so that the node is possible to logical Cross only solution S of known Equation for Calculating(v).The key generated using this method, node can utilize the key of oneself storage incessantly (equation) realizes the secure communication with other nodes, and the only solution generation shared key that can also pass through to calculate equation group is realized Secure communication with other nodes.The process is referred to as shared key discovery procedure, is described in detail below:
When in network, a node A is wanted with another Node B Communication, node A broadcasts the ID of oneself key first.Logical These key IDs are crossed, node B checks whether which has shared key with node A.If there is shared key in node A and node B, The secure communication between message realization is encrypted using shared key;Otherwise, node A and node B calculates only solution, and uses ks=H (S(v)) encryption message realize between secure communication.
Further, size of the number of the equation in the equation group for being constructed in the first step more than or equal to pool of keys U, it is ensured that each key is generated by different equations.
Further, specifically used equation group number is determined according to number of total pool of keys comprising sub-key pond, if always Pool of keys includes multiple sub-key ponds, then the corresponding equation group in each sub-key pond.
Further, the key-function described in second step is arbitrary one-way Hash function (one-way hash ) or pseudo-random function (pseudo-random function) function.
Proposed invention method is actually the method that in cipher key management procedures generate concrete key for node.Reality should With in, need the method is combined with key managing project, the safeguard protection of more comprehensive, system could be provided for network.
Beneficial effects of the present invention are:Equation group is used to generate key to ensure between node for network node as secret The safety of communication.Using this method, node can utilize incessantly stored key to realize secure communication when communicating, can also lead to The only solution generation shared key for crossing group of equations realizes secure communication.Therefore, between node direct secure communication probability It is significantly improved, and then improves the communication efficiency between node.The key generated by the method widely can be applied In existing various key managing projects, so as to ensure to significantly increase key management on the premise of not reducing other performances Efficiency.
Description of the drawings
Fig. 1 key management flow charts.
Fig. 2 contains the corresponding geometric figure of equation group of only solution.
Fig. 3 equation group, key, node relationships figure.
Specific embodiment
Below in conjunction with the accompanying drawings, the preferred embodiment of the present invention is illustrated.The inventive concept that the present invention is provided can be real Apply in multiple specific environments.The specific embodiment that is discussed is merely to illustrate the implementation of the present invention, and does not limit this Bright scope.
The flow chart that Fig. 1 illustrates an examplary key Managed Solution.Key management generally comprises key distribution, key point Match somebody with somebody, key is generated and key distribution Four processes.As described above, the key distribution stage be intended to determine pool of keys size and The number of keys of each node storage;The encryption key distribution stage realizes the mapping relations between key and node;Key generation phase Determine the concrete form of key;Key is distributed to corresponding node according to the relations of distribution above by key distribution phase.
As a example by with classical EBS (n, k, m) key managing project, the realization combined with key management by the inventive method is described Flow process.EBS (n, k, m) key managing project requires each node storage k key, and total pool of keys size is k+m.So, The unknown number of keys of each node is m.New information is encrypted by the unknown m keys of each node, EBS schemes can be efficient Expulsion any failure node in ground simultaneously completes key updating.This example is assumed to contain 10 nodes in network, and EBS (10,2,3) scheme It is used to the communication security for ensureing network.Key managing project is divided into three parts for the protection of network:Key predistribution, altogether Enjoy the foundation of key discovery/cipher key path, key redistribution.
1. key predistribution
Key predistribution stage needs were completed before node deployment, and the allocation rule of the stage major design key is simultaneously raw All-network node is distributed to into concrete key.As it was previously stated, the stage is mainly made up of four-stage:Key distribution, key Distribution, key are generated and key distribution.
1) key distribution
Construction rule according to network size n and EBS schemes determines that the number of keys that pool of keys, each node are stored is full Sufficient relation
Above-mentioned formula ensure that each node can select k keys from pool of keys and cipher key combinations are not weighed in network Multiple.
2) the encryption key distribution stage
When EBS (10,2,3) key management system be used for when protecting network, key and node that the encryption key distribution stage determines Between mapping relations represent such as table 1.According to table 1, if the i-th row j train values of form are 1, then it represents that node j stores key i. If node N5Fail, then key k2、k3Expose.Now, server can pass through k1、k4And k5The new key k ' of encryption2、k′3And it is wide Broadcast.As a result, other nodes can be decrypted these message and complete key updating, node N5Driven as new information cannot be decrypted By.
Table 1 EBS (10,2,3) key distribution scheme
N1 N2 N3 N4 N5 N6 N7 N8 N9 N10
k1 1 1 1 1
k2 1 1 1 1
k3 1 1 1 1
k4 1 1 1 1
k5 1 1 1 1
3) key generation phase
Key generation phase, overall efficiency and security consideration, total pool of keys would generally be divided into t (t >=1) Pool of keys, then uses key generation method proposed by the present invention for each sub-key pond.Implement in conjunction with this example as follows:
A) according to the actual requirements, total pool of keys is SK={ k1, k2, k3, k4, k5}.In this example, total pool of keys is not entered Row segmentation.Therefore, the key in total pool of keys is generated using an equation group.
B) equationof structure groupFor generating the key in SK
Corresponding solution is
Fig. 2 showsCorresponding figure.Can be seen according to Fig. 2, the equation in involved equation group is all It is linear equation, wherein each equation corresponds to the straight line of 2 dimension spaces, and the only solution of equation group is corresponding to all straight lines Intersection point.
C) specific key is generated according to the equation group of construction.Due toIt is the linear equation containing two variables.Root Theoretical according to plane geometry, corresponding equation can be determined by 2 points on straight line.Therefore, represented per bar using the point on straight line Straight line (equation) generates key as secret.With straight line (equation) f1:As a example by x-y-1=0, and selected element (8,7) and (- 2, -3) Key k is generated as secret1=H ((8,7) | | (- 2, -3)).Fig. 3 illustrates the corresponding straight line of equation group, point, key and node Between relation.
4) key distribution phase
According to the encryption key distribution rule that table 1 determines, server will be for generating the point of key, one-way Hash function and close The ID of key is distributed to corresponding node.
Through above flow process, server can generate specifically used key according to the scale design allocation rule of network, And these keys are distributed to node.After node is deployed to network, these nodes can pass through the close of oneself storage each Key completes secure communication.
2. shared key discovery/cipher key path is set up
After node is deployed to network, need to judge whether that there is shared key with other nodes leads to so as to realize safety Letter.First, it is desirable to the ID of the respective key of two node broadcasts of communication, so that these nodes can be judged by key ID Each other with the presence or absence of shared key, if there is shared key, secure communication is realized using these shared keys;Otherwise, these Node judges the only solution that whether can calculate identical equation group each other according to key ID, if can reach, using these The only solution of identical generates identical key and realizes secure communication.Scheme, this embodiment general side are generated compared to traditional key The only solution of journey group is used for generating the shared key between node as newly-increased shared secret, so as to drastically increase key The efficiency of management.Can be obtained by analysis, be had in this examplePlant and can but lead to without shared key between situation lower node The only solution for crossing equation group realizes secure communication.
When two communication nodes neither have shared key cannot calculate identical solution again, need to set up cipher key path To ensure communication safety.By find can with the intermediate node of oneself direct secure communication, communication node can with these in Intermediate node sets up a cipher key path, can realize the secure communication between communication node using this paths.
3. key redistribution
When the node in network is captured or during depleted of energy, needs to increase new node.If still suffering from pool of keys Available cipher key combinations, server optional cipher key combinations from available cipher key combinations according to the expected deployed position of node And it is distributed to the node.If there is no available key combination, need to re-establish cipher key system for all nodes in network.This When, need to re-execute the key that above-mentioned flow process generates new suitable network.Then, the existing key of server is encrypted new close Key completes the reconstruction of whole cipher key system to the node broadcasts in network.

Claims (5)

1. a kind of key generation method for protecting wireless sensor network security, it is characterised in that comprise the steps:
The first step, equationof structure group
According to size u of pool of keys, equationof structure group
F u ( v ) = f 1 ( x 1 , 1 , ... , x 1 , v ) = c 1 , 1 x 1 , 1 p 1 , 1 + c 1 , 2 x 1 , 2 p 1 , 2 + ... c 1 , v x 1 , v p 1 , v = 0 . . . f u ( x u , 1 , ... , x u , v ) = c u , 1 x u , 1 p u , 1 + c u , 2 x u , 2 p u , 2 + ... c u , v x u , v p u , v = 0 - - - ( 1 )
Wherein,Containing u equation, each equation contains v variable;In addition, cI, jRepresent Equation fiJ-th unknown number Coefficient, pI, jRepresent the power of the unknown number, 1≤i≤u, 1≤j≤v;Equation groupOne and only one solution
S(v)={ x1..., xv}T(2)
Second step, generates key
1) willIn each is equations turned for only character string:
fi=<cI, 1||pI, 1>||<cI, 2||pI, 2>||…||<cI, v||pI, v>, 1≤i≤u (3)
Wherein, | | represent attended operation;By fiAs input, corresponding key is generated using identical key-function H ()
ki=H (fi), 1≤i≤u (4)
2) only solution S is utilized(v)Generate key as follows:
ks=H (S(v))=H (x1||x2||…||xv) (5).
2. according to claim 1 a kind of protection wireless sensor network security key generation method, it is characterised in that The number of the equation in the equation group constructed in the first step more than or equal to pool of keys size u, it is ensured that each key by Different equations are generated.
3. the key generation method of a kind of protection wireless sensor network security according to claim 1 and 2, its feature exists In specifically used equation group number is determined according to number of total pool of keys comprising sub-key pond, if total pool of keys is comprising multiple Sub-key pond, the then corresponding equation group in each sub-key pond.
4. the key generation method of a kind of protection wireless sensor network security according to claim 1 and 2, its feature exists In the key-function described in second step is arbitrary one-way Hash function or pseudo-random function.
5. according to claim 3 a kind of protection wireless sensor network security key generation method, it is characterised in that Key-function described in second step is arbitrary one-way Hash function or pseudo-random function.
CN201710011767.8A 2017-01-09 2017-01-09 It is a kind of for protecting the key generation method of wireless sensor network security Active CN106507347B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710011767.8A CN106507347B (en) 2017-01-09 2017-01-09 It is a kind of for protecting the key generation method of wireless sensor network security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710011767.8A CN106507347B (en) 2017-01-09 2017-01-09 It is a kind of for protecting the key generation method of wireless sensor network security

Publications (2)

Publication Number Publication Date
CN106507347A true CN106507347A (en) 2017-03-15
CN106507347B CN106507347B (en) 2019-05-10

Family

ID=58345158

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710011767.8A Active CN106507347B (en) 2017-01-09 2017-01-09 It is a kind of for protecting the key generation method of wireless sensor network security

Country Status (1)

Country Link
CN (1) CN106507347B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833098A (en) * 2018-07-05 2018-11-16 西北大学 A kind of key management method of wireless sensor network based on Solution for System of Linear Equations
CN109818739A (en) * 2019-01-24 2019-05-28 中国人民武装警察部队工程大学 A kind of production image latent writing method based on confrontation network
CN111587557A (en) * 2017-12-11 2020-08-25 空客防务和空间简易股份有限公司 Secure communication method
CN112995935A (en) * 2021-02-05 2021-06-18 中国电力科学研究院有限公司 Management method and device for remote communication terminal key of electric power wireless private network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009145732A1 (en) * 2008-05-29 2009-12-03 Agency For Science, Technology And Research A method of signing a message
CN102006165A (en) * 2010-11-11 2011-04-06 西安理工大学 Ring signature method for anonymizing information based on multivariate public key cryptography
CN102547694A (en) * 2012-02-20 2012-07-04 上海电力学院 Chinese-remainder-theorem-based group key creation method for sensor network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009145732A1 (en) * 2008-05-29 2009-12-03 Agency For Science, Technology And Research A method of signing a message
CN102006165A (en) * 2010-11-11 2011-04-06 西安理工大学 Ring signature method for anonymizing information based on multivariate public key cryptography
CN102547694A (en) * 2012-02-20 2012-07-04 上海电力学院 Chinese-remainder-theorem-based group key creation method for sensor network

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111587557A (en) * 2017-12-11 2020-08-25 空客防务和空间简易股份有限公司 Secure communication method
CN108833098A (en) * 2018-07-05 2018-11-16 西北大学 A kind of key management method of wireless sensor network based on Solution for System of Linear Equations
CN108833098B (en) * 2018-07-05 2021-08-03 西北大学 Wireless sensor network key management method based on linear equation block solution
CN109818739A (en) * 2019-01-24 2019-05-28 中国人民武装警察部队工程大学 A kind of production image latent writing method based on confrontation network
CN109818739B (en) * 2019-01-24 2022-02-25 中国人民武装警察部队工程大学 Generation type image steganography method based on countermeasure network
CN112995935A (en) * 2021-02-05 2021-06-18 中国电力科学研究院有限公司 Management method and device for remote communication terminal key of electric power wireless private network

Also Published As

Publication number Publication date
CN106507347B (en) 2019-05-10

Similar Documents

Publication Publication Date Title
Zhong et al. An efficient and outsourcing-supported attribute-based access control scheme for edge-enabled smart healthcare
Su et al. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things
Li et al. Privacy-aware attribute-based encryption with user accountability
CN104363215B (en) A kind of encryption method and system based on attribute
CN106507347A (en) A kind of key generation method for protecting wireless sensor network security
Ali et al. Lightweight revocable hierarchical attribute-based encryption for internet of things
CN107276766B (en) Multi-authorization attribute encryption and decryption method
CN105100083A (en) Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
CN106022167A (en) Social privacy protection method of multi-level attribute management center based on characteristic encryption
Zhang et al. Enabling proxy-free privacy-preserving and federated crowdsourcing by using blockchain
Ning et al. Traceable CP-ABE with short ciphertexts: How to catch people selling decryption devices on ebay efficiently
CN106817217A (en) A kind of dynamic password AES of interrupted aging
CN109510707A (en) Group key management method based on tree model
Chen et al. Blockchain/abe-based fusion solution for e-government data sharing and privacy protection
Si et al. KP-ABE based verifiable cloud access control scheme
Yang et al. Improved privacy-preserving Bayesian network parameter learning on vertically partitioned data
Wang et al. Secure and Efficient Data-Privacy-Preserving Scheme for Mobile Cyber–Physical Systems
Meng Directly revocable ciphertext-policy attribute-based encryption from lattices
Xu et al. Graph encryption for all‐path queries
CN104780174A (en) Safe content access method
Zhu et al. Privacy-enhanced multi-user quantum private data query using partial quantum homomorphic encryption
Zhang et al. Efficient cloud-based private set intersection protocol with hidden access attribute and integrity verification
Wang et al. A Blockchain-Based fine-grained access data control scheme with attribute change function
Nayudu et al. Dynamic Time and Location Information in Ciphertext-Policy Attribute-Based Encryption with Multi-Authorization.
Liu et al. Sharing and privacy in PHRs: Efficient policy hiding and update attribute-based encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant