WO2021243629A1 - Secure positioning method and apparatus for wireless sensor network, device, and storage medium - Google Patents
Secure positioning method and apparatus for wireless sensor network, device, and storage medium Download PDFInfo
- Publication number
- WO2021243629A1 WO2021243629A1 PCT/CN2020/094284 CN2020094284W WO2021243629A1 WO 2021243629 A1 WO2021243629 A1 WO 2021243629A1 CN 2020094284 W CN2020094284 W CN 2020094284W WO 2021243629 A1 WO2021243629 A1 WO 2021243629A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attack
- receiver noise
- anchor point
- detection result
- response signal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/023—Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W64/00—Locating users or terminals or network equipment for network management purposes, e.g. mobility management
- H04W64/006—Locating users or terminals or network equipment for network management purposes, e.g. mobility management with additional information processing, e.g. for direction or speed determination
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Definitions
- the embodiments of the present application relate to the technical field of wireless network communication, for example, to a secure positioning method, device, device, and storage medium of a wireless sensor network.
- Wireless sensor networks have a wide range of applications in military and civilian fields.
- the location information of sensor nodes is very important for environmental monitoring and tracking of target nodes.
- the location information of sensor nodes can be provided through the Global Positioning System (GPS)
- GPS Global Positioning System
- the performance of GPS is very sensitive to the environment, and the cost is too high for low-cost sensor nodes. Therefore, in some applications, the system locates target nodes through wireless transmission between anchor target nodes, for example, based on Received Signal Strength (RSS), Time Of Arrival (ToA), and Time Of Arrival (Based on the target radiation source) and Angle of Arrival (AoA), etc.
- RSS Received Signal Strength
- ToA Time Of Arrival
- AoA Angle of Arrival
- the security of wireless sensor networks is an important issue, and the openness of wireless sensor networks causes security vulnerabilities, the distributed nature of sensor positioning schemes, and the possibility of multiple attackers (especially coordinated attackers), which make the wireless sensor network It is challenging to ensure the security of the positioning scheme in the medium.
- Attack defense schemes for positioning schemes often introduce higher communication overhead, and their security depends on the ability of the attacker.
- the high communication overhead of the traditional scheme has led to the following limitations. First, the battery life of all sensor nodes needs to be high enough; second, the storage space of each sensor node must be large enough; third, in the case of mobile sensor nodes, the timeliness is relatively high. Difference. In addition, if the attacker has enough energy to launch more attacks, even if a higher communication overhead is introduced, the traditional scheme will fail. To sum up, the wireless sensor network in the related technology cannot meet the requirements for ensuring positioning safety.
- the attack detection result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
- An embodiment of the present application also provides a secure positioning device for a wireless sensor network, including:
- An attack detection module configured to determine an attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold;
- the positioning module is configured to locate the target node according to the target distance if the attack detection result is that there is no ranging attack; otherwise, discard the target distance.
- An embodiment of the present application also provides a device, which includes:
- One or more processors are One or more processors;
- Storage device for storing one or more programs
- the one or more processors realize the secure positioning method of the wireless sensor network as described above.
- the embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the secure positioning method of the wireless sensor network as described above is realized.
- the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
- FIG. 1 is a flowchart of a secure positioning method for a wireless sensor network provided by an embodiment of this application;
- FIG. 2 is a schematic diagram of a secure positioning method for a wireless sensor network provided by an embodiment of this application;
- FIG. 3 is a schematic diagram of a related technology positioning method provided by an embodiment of this application.
- FIG. 4 is a schematic diagram of a range-finding reduction attack provided by an embodiment of this application.
- FIG. 5 is a schematic diagram of a range increase attack provided by an embodiment of the application.
- FIG. 6 is a schematic diagram of the location of a range-finding reduction attack provided by an embodiment of this application.
- FIG. 8 is a schematic diagram of a two-way positioning provided by an embodiment of this application.
- FIG. 10 is a schematic diagram of a wireless sensor network system provided by an embodiment of this application.
- FIG. 11 is a schematic diagram of a comparison between experiment and theory provided by the embodiments of this application.
- FIG. 12 is a schematic diagram of a relationship between detection performance and measurement times provided by an embodiment of this application.
- FIG. 14 is a schematic diagram of the relationship between communication overhead and the number of measurements provided by an embodiment of this application.
- FIG. 16 is a schematic structural diagram of a secure positioning device for a wireless sensor network provided by an embodiment of this application.
- the target node and the anchor point refer to the sensor node in the wireless sensor network.
- the anchor point is used to determine the location of the target node.
- the challenge signal is a signal sent by the anchor to the target node
- the response signal is a signal returned to the anchor after the target node receives the challenge signal.
- the first receiver noise is the receiver noise extracted when the target node receives the challenge signal
- the second receiver noise is the receiver noise extracted when the anchor point receives the response signal.
- the anchor can send a challenge signal to the target node.
- the target node After receiving the challenge signal, the target node extracts the first receiver noise at this time; the target node determines the first receiver noise variance based on the first receiver noise calculation Use a hash function to encrypt the message connection result of the challenge signal and the noise variance of the first receiver to obtain the encrypted information, and then connect the challenge signal, the noise variance of the first receiver and the encryption result to the message to obtain the response signal and send the response
- the signal is sent to the anchor point; after the anchor point receives the response signal, it can extract the message connection result of the challenge signal and the receiver noise variance from the response signal, as well as the encrypted information, and use the same hash function as the target node to determine the decryption of the message connection result Information, the above-mentioned encrypted information and decrypted information are the analysis results obtained by the anchor point analysis.
- the anchor point After the anchor point receives the response signal, it can record the time interval, and determine the target distance between the anchor point and the target node according to the actual interval.
- the secure positioning device of the wireless sensor network can also obtain the time interval recorded by the anchor point to determine the target distance between the anchor point and the target node.
- FIG. 2 is a schematic diagram of a secure positioning method for a wireless sensor network according to an embodiment of the application.
- the anchor point A in Figure 2 sends a challenge signal D composed of random numbers based on the set capacity to the target node S.
- the target node S receives the challenge signal D at time t 1 and estimates the noise of the first receiver
- the target node S generates a response signal
- represents the message concatenation operator, Yes
- the positioning method adopted in this embodiment is the two-way Time Of Arrival (ToA) algorithm.
- ToA Time Of Arrival
- Figure 4 is a schematic diagram of a ranging attack provided by an embodiment of this application
- Figure 5 is a schematic diagram of a ranging increase attack provided by an embodiment of this application
- Figures 6 and 7 respectively show the effects of the two attacks.
- Figure 6 is a schematic diagram of the location of a range reduction attack provided by an embodiment of this application
- Figure 7 is a range measurement increase attack provided by an embodiment of this application. Schematic diagram of positioning.
- S 1 is the actual position of the target node
- Is the estimated position of the target node
- a 1 represents the anchor point
- E 1 and E 2 represent malicious nodes
- the purpose of malicious nodes is to destroy the positioning process or reduce the positioning accuracy.
- E 2 In the range reduction attack, as shown in Figure 4, E 2 always sends an interference signal to S 1 to prevent receiving the challenge signal from A 1.
- a 1 sends a challenge signal E 1 received Due to the broadcasting characteristics of wireless media.
- the received signal is expressed in E 1 as and These are the channel response, the receiver noise from A 1 to E 1 and E 1 respectively.
- E 1 imitates S 1 to send a response message
- the signals received for A 1 and A 1 are expressed as Is the channel response from E 1 to A 1. If the distance from E 1 to S 1 is shorter than the distance from A 1 to S 1 , A 1 will get a shorter two-way ToA value than when there is no attack, so A 1 gets the estimated value of distance reduction, as shown in Figure 6. Shown. Finally, the error position of S 1 is estimated.
- E 2 has different functions in the two stages.
- E 1 when A 1 sends a challenge signal E 2 transmits the interference signal S 1 , and then E 1 receives Expressed as
- E 2 remains silent and E 1 sends directly Given S 1 , with a gain G E , the received signal is expressed in S 1 as Is the channel response from E 1 to S 1.
- S 1 sends a response signal Give A 1 . Therefore, it takes a longer time for A 1 to receive the response signal, and A 1 will obtain a longer two-way ToA value than when there is no attack. Therefore, A 1 gets the estimated value of the increase in distance, as shown in Figure 7.
- the error position of S 1 is estimated.
- Determining the attack detection result according to the analysis result of the anchor point on the response signal may include: determining the detection result of the ranging attack based on the comparison result of the decrypted information and the encrypted information in the analysis result, and the decrypted information is the anchor point using hash
- the function decrypts the message connection result of the challenge signal extracted from the response signal and the noise variance of the first receiver.
- determining the detection result of the range increase attack based on the comparison result of the variance value and the detection threshold may include: if the variance value is less than or equal to the detection threshold, the detection result of the range increase attack is There is no range increase attack; otherwise, the detection result of the range increase attack is that there is a range increase attack.
- the challenge signal received by the target node S is and Respectively expressed as and exist When the target node S uses the channel estimation algorithm and recovers the message Get estimated channel response Because the recovered error can be corrected by modulation and channel coding, it is assumed in this embodiment that the message can be completely recovered, namely The target node S extracts the receiver noise as The target node S calculates its variance exist When the target node S gets the channel response as The extracted receiver noise is The target node S calculates its variance After that, since it is assumed in this embodiment that there is an attack when the anchor point A sends a challenge signal to the target node S, and there is no attack when the target node S returns a response signal, the anchor point A gets the channel response as The extracted receiver noise is Anchor point A calculates its variance
- the variance value can be
- represents the absolute value operator, when ⁇ , it can be determined that the detection result of the range increase attack is that there is no range increase attack, otherwise, the detection result of the range increase attack is that there is a range increase attack attack.
- ⁇ represents the detection threshold, which can be preset based on experience and actual conditions.
- the target node and the anchor point can respectively determine the noise variance of the first receiver and the noise variance of the second receiver, and then send them to the secure positioning device of the wireless sensor network for subsequent attack detection and positioning, or directly send the first receiver
- the machine noise and the second receiver noise are sent to the safe positioning device of the wireless sensor network, and the safe positioning device of the wireless sensor network determines the first receiver noise variance and the second receiver noise variance respectively.
- each measurement includes two wireless transmissions.
- the communication overhead is 2N A , where N A is the number of anchor points in the wireless sensor network. Therefore, compared with traditional solutions, this solution saves communication overhead, especially in the case of large-scale wireless sensor networks or powerful external attackers.
- the two-way arrival time algorithm is used to locate the target node according to the target distance. If the attack detection result is that there is a range reduction attack or a range increase attack, the target distance is discarded. Optionally, after discarding the target distance, the wireless sensor network can be checked against malicious nodes to eliminate the attack, until the attack detection result is that there is no range reduction attack and range increase attack, then the target node can be located.
- N A anchor points expressed as N S target nodes, expressed as And malicious nodes N E, as represented by Where N A ⁇ 3.
- a 1 at times t 1 first transmits a challenge signal Give S 1 .
- RVs zero-mean complex Gaussian random variables
- d the distance between the transmitter and the receiver
- c the speed of light
- f c the carrier frequency of the transmitted signal.
- G t and G r are the transmit antenna gain and the receive antenna gain, respectively.
- the receiver noise is also modeled as a zero-mean complex Gaussian random variable, such as It is based on hardware.
- the received signal-to-noise ratio (Signal Noise Ratio, SNR) is
- FIG. 8 is a schematic diagram of a two-way positioning provided by an embodiment of the application. Estimate the distance between A 1 and S 1 as Similarly, other anchor points can also estimate the distance S 1 . Indicates that the two-dimensional positions of A j and S j are and Without loss of generality, assume that the first anchor point A 1 acts as the leader to collect all positioning information from other anchor points. Based on the positioning information of the three anchor points, A 1 establishes the following equation, Through this equation, the position is the intersection formed by the three circles, as shown in Figure 8.
- the secure positioning method of the wireless sensor network has the following advantages: MIC technology is used to defend against spoofing attacks and tampering attacks; it can resist range reduction attacks and range increase attacks; it has strong adaptability, because this solution guarantees sensors
- MIC technology is used to defend against spoofing attacks and tampering attacks; it can resist range reduction attacks and range increase attacks; it has strong adaptability, because this solution guarantees sensors
- the security of the node under harsh conditions, such as the limited battery life of the sensor node, the limited storage space of the sensor node, and the high mobility of the sensor node; no matter how many attacks launched by an external attacker, it will not affect the security of the proposed solution .
- the secure positioning solution for wireless sensors obtains the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal ; And determine the target distance between the anchor point and the target node; determine the attack detection result according to the anchor point’s analysis result of the response signal, the second receiver noise, the first receiver noise and the preset detection threshold; if the attack is detected The result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
- the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
- Fig. 9 is a flowchart of another secure positioning method for a wireless sensor network provided by an embodiment of the application.
- this embodiment optimizes the above-mentioned safe positioning method of the wireless sensor network.
- the method of this embodiment includes:
- S210, S221 and S222-S224 can be executed.
- the execution sequence is not limited in this embodiment, and can be set according to actual conditions.
- the detection result of the range reduction attack is that there is no range reduction attack; otherwise, the detection result of the range reduction attack is that there is a range reduction attack.
- S224 Determine the detection result of the range increase attack according to the comparison result of the variance value and the detection threshold.
- the detection result of the range increase attack is that there is no range increase attack; otherwise, the detection result of the range increase attack is that there is a range increase attack.
- S240 Use a two-way time-of-arrival algorithm to locate the target node according to the target distance.
- the positioning method is as described above, and will not be repeated here.
- the secure positioning method of the wireless sensor network provided in this embodiment is verified through experimental simulation and analysis.
- the final results of a set number of independent experimental schemes can be used for averaging, for example, the set number can be 60,000.
- the first indicator is detection probability/false alarm probability (PD/PFA).
- the second indicator is Area Under Curve (AUC).
- AUC Area Under Curve
- NP Neyman Pearson
- ROC Receiver Operating Characteristic
- the third indicator is communication overhead, which is defined as the total number of bits transmitted in a distance measurement. Due to the conflict between detection performance and overhead, the fourth indicator, Performance Overhead Ratio (POR), is used to compare various solutions, which is defined as the ratio of AUC to communication overhead.
- FIG. 15 is a schematic diagram of the relationship between the performance overhead ratio and the number of measurements provided by an embodiment of the application, and all the conditions are the same as those in FIG. 12.
- POR is defined as the ratio of AUC to communication overhead. It can be seen from Figure 15 that the POR value of this scheme is much better than that of the traditional scheme.
- the POR value of this scheme has nothing to do with L, while the POR value of the traditional scheme decreases as the value of L increases, even if L ⁇ 2M+1.
- Figure 15 highlights the superiority of this program in terms of POR.
- the attack detection module 320 includes: a first detection unit, and the first detection unit is configured to:
- the first detection unit is specifically configured to:
- the detection result of the range reduction attack is that there is no range reduction attack; otherwise, the detection result of the range reduction attack is that there is a range reduction attack.
- the attack detection module 320 includes a second detection unit, and the second detection unit is configured to:
- the second detection unit is specifically configured to:
- the detection result of the range increase attack is that there is no range increase attack; otherwise, the detection result of the range increase attack is that there is range measurement Increase the attack.
- the positioning module 330 is specifically configured to:
- attack detection result is that there is no range increase attack and range reduction attack. If the attack detection result is that there is no range increase attack and range reduction attack, then a two-way arrival time algorithm is used to locate the target node according to the target distance.
- the secure positioning device for the wireless sensor network provided by the embodiment of the present application can execute the secure positioning method for the wireless sensor network provided by any embodiment of the present application, and has functional modules and beneficial effects corresponding to the execution method.
- FIG. 17 is a schematic structural diagram of a device provided by an embodiment of this application.
- Figure 17 shows a block diagram of an exemplary device 412 suitable for implementing embodiments of the present application.
- the device 412 shown in FIG. 17 is only an example, and should not bring any limitation to the function and scope of use of the embodiments of the present application.
- the device 412 is represented in the form of a general-purpose device.
- the components of the device 412 may include, but are not limited to: one or more processors 416, a storage device 428, and a bus 418 connecting different system components (including the storage device 428 and the processor 416).
- the bus 418 represents one or more of several types of bus structures, including a storage device bus or a storage device controller, a peripheral bus, a graphics acceleration port, a processor, or a local bus using any bus structure among multiple bus structures.
- these architectures include, but are not limited to, Industry Standard Architecture (Industry Subversive Alliance, ISA) bus, Micro Channel Architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (Video Electronics Standards) Association, VESA) local bus and Peripheral Component Interconnect (PCI) bus.
- the device 412 typically includes a variety of computer system readable media. These media can be any available media that can be accessed by the device 412, including volatile and non-volatile media, removable and non-removable media.
- the storage device 428 may include a computer system readable medium in the form of a volatile memory, such as a random access memory (RAM) 430 and/or a cache memory 432.
- the device 412 may include other removable/non-removable, volatile/non-volatile computer system storage media.
- the storage system 434 can be used to read and write non-removable, non-volatile magnetic media (not shown in FIG. 17, and generally referred to as a "hard drive").
- a disk drive for reading and writing to a removable non-volatile disk (such as a "floppy disk”) and a removable non-volatile optical disk such as a compact disc (Compact Disc Read) can be provided.
- each drive can be connected to the bus 418 through one or more data media interfaces.
- the storage device 428 may include at least one program product, and the program product has a set of (for example, at least one) program modules, and these program modules are configured to perform the functions of the embodiments of the present application.
- a program/utility tool 440 having a set of (at least one) program module 442 may be stored in, for example, the storage device 428.
- Such program module 442 includes but is not limited to an operating system, one or more application programs, other program modules, and programs Data, each of these examples or some combination may include the realization of the network environment.
- the program module 442 generally executes the functions and/or methods in the embodiments described in this application.
- the device 412 can also communicate with one or more external devices 414 (such as a keyboard, a pointing terminal, a display 424, etc.), and can also communicate with one or more terminals that enable a user to interact with the device 412, and/or communicate with
- the device 412 can communicate with any terminal (such as a network card, modem, etc.) that communicates with one or more other computing terminals. This communication can be performed through an input/output (I/O) interface 422.
- the device 412 may also communicate with one or more networks (for example, a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 420. As shown in FIG.
- the network adapter 420 communicates with other modules of the device 412 through the bus 418. It should be understood that although not shown in the figure, other hardware and/or software modules can be used in conjunction with the device 412, including but not limited to: microcode, terminal drives, redundant processors, external disk drive arrays, and disk arrays (Redundant Arrays of Independent Disks, RAID) systems, tape drives, and data backup storage systems.
- the embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored.
- the program is executed by a processor, the method for secure positioning of a wireless sensor network as provided in the embodiment of the present application is implemented, and the method includes:
- the computer storage medium of the embodiment of the present application may adopt any combination of one or more computer-readable media.
- the computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium.
- the computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or a combination of any of the above.
- Examples of computer-readable storage media include: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
- the computer-readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or in combination with an instruction execution system, apparatus, or device.
- the computer program code used to perform the operations of this application can be written in one or more programming languages or a combination thereof.
- the programming languages include object-oriented programming languages-such as Java, Smalltalk, C++, and also conventional Procedural programming language-such as "C" language or similar programming language.
- the program code can be executed entirely on the user's computer, partly on the user's computer, executed as an independent software package, partly on the user's computer and partly executed on a remote computer, or entirely executed on the remote computer or terminal.
- the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (for example, using an Internet service provider to pass Internet connection).
- LAN local area network
- WAN wide area network
- Internet service provider for example, using an Internet service provider to pass Internet connection.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Position Fixing By Use Of Radio Waves (AREA)
Abstract
Disclosed are a secure positioning method and apparatus for a wireless sensor network, a device, and a storage medium. The method comprises: acquiring a first receiver noise extracted when a target node receives a challenge signal, a second receiver noise extracted when an anchor point receives a response signal, and an analytic result of the response signal obtained from the anchor point; determining a target distance between the anchor point and the target node; determining an attack detection result according to the analytic result of the response signal obtained from the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold value; and if the attack detection result indicates that there is no ranging attack, positioning the target node according to the target distance, otherwise, discarding the target distance.
Description
本申请实施例涉及无线网络通信技术领域,例如涉及一种无线传感器网络的安全定位方法、装置、设备和存储介质。The embodiments of the present application relate to the technical field of wireless network communication, for example, to a secure positioning method, device, device, and storage medium of a wireless sensor network.
无线传感器网络在军事和民用领域有着广泛的应用,传感器节点的位置信息对于环境监测和目标节点的跟踪非常重要。虽然可以通过全球定位系统(Global Positioning System,GPS)提供传感器节点的位置信息,但是GPS的性能对环境非常敏感,对于低成本的传感器节点来说成本过高。因此,在某些应用中,系统通过锚点目标节点之间的无线传输对目标节点进行定位,例如基于接收信号强度(Received Signal Strength,RSS)、到达时间(Time Of Arrival,ToA)、到达时差(基于目标辐射源)和到达角(Angle of Arrival,AoA)等。Wireless sensor networks have a wide range of applications in military and civilian fields. The location information of sensor nodes is very important for environmental monitoring and tracking of target nodes. Although the location information of sensor nodes can be provided through the Global Positioning System (GPS), the performance of GPS is very sensitive to the environment, and the cost is too high for low-cost sensor nodes. Therefore, in some applications, the system locates target nodes through wireless transmission between anchor target nodes, for example, based on Received Signal Strength (RSS), Time Of Arrival (ToA), and Time Of Arrival (Based on the target radiation source) and Angle of Arrival (AoA), etc.
无线传感器网络的安全是一个重要问题,而无线传感器网络中的开放性造成的安全漏洞、传感器定位方案的分布式特性以及可能存在多个攻击者(尤其是协同攻击者),使得在无线传感器网络中保证定位方案的安全性具有一定的挑战性。针对定位方案的攻击防御方案往往会引入较高的通信开销,其安全性依赖于攻击者的能力。而传统方案的高通信开销导致了以下限制,首先,所有传感器节点的电池寿命需要足够高;其次,各传感器节点的存储空间要足够大;第三,在移动传感器节点的情况下,时效性较差。此外,如果攻击者有足够的能量来发动更多的攻击,那么即使引入了较高的通信开销,也会导致传统方案失效。综上,相关技术中的无线传感器网络中保证定位安全的方案不能满足需求。The security of wireless sensor networks is an important issue, and the openness of wireless sensor networks causes security vulnerabilities, the distributed nature of sensor positioning schemes, and the possibility of multiple attackers (especially coordinated attackers), which make the wireless sensor network It is challenging to ensure the security of the positioning scheme in the medium. Attack defense schemes for positioning schemes often introduce higher communication overhead, and their security depends on the ability of the attacker. The high communication overhead of the traditional scheme has led to the following limitations. First, the battery life of all sensor nodes needs to be high enough; second, the storage space of each sensor node must be large enough; third, in the case of mobile sensor nodes, the timeliness is relatively high. Difference. In addition, if the attacker has enough energy to launch more attacks, even if a higher communication overhead is introduced, the traditional scheme will fail. To sum up, the wireless sensor network in the related technology cannot meet the requirements for ensuring positioning safety.
发明内容Summary of the invention
本申请实施例提供一种无线传感器网络的安全定位方法、装置、设备和存储介质,以优化无线传感器的安全定位方案,在保证安全定位的基础上减少通信开销。The embodiments of the present application provide a secure positioning method, device, equipment, and storage medium for a wireless sensor network to optimize the secure positioning scheme of the wireless sensor, and reduce communication overhead on the basis of ensuring secure positioning.
本申请实施例提供了一种无线传感器网络的安全定位方法包括:The embodiment of the present application provides a secure positioning method for a wireless sensor network, including:
获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the anchor point and the response signal. The target distance between the target nodes;
根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;Determine an attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold;
如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。If the attack detection result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
本申请实施例还提供了一种无线传感器网络的安全定位装置,包括:An embodiment of the present application also provides a secure positioning device for a wireless sensor network, including:
信息获取模块,用于获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;The information acquisition module is configured to acquire the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine The target distance between the anchor point and the target node;
攻击检测模块,用于根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;An attack detection module, configured to determine an attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold;
定位模块,用于如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。The positioning module is configured to locate the target node according to the target distance if the attack detection result is that there is no ranging attack; otherwise, discard the target distance.
本申请实施例还提供了一种设备,所述设备包括:An embodiment of the present application also provides a device, which includes:
一个或多个处理器;One or more processors;
存储装置,用于存储一个或多个程序;Storage device for storing one or more programs;
当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如上所述的无线传感器网络的安全定位方法。When the one or more programs are executed by the one or more processors, the one or more processors realize the secure positioning method of the wireless sensor network as described above.
本申请实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现如上所述的无线传感器网络的安全定位方法。The embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the secure positioning method of the wireless sensor network as described above is realized.
本申请实施例提供的无线传感器的安全定位方案,获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果;并确定锚点和目标节点之间的目标距离;根据锚点对响应信号的解析结果、第二接收机噪声、第一接收机噪声以及预设的检测阈值,确定攻击检测结果;如果攻击检测结果为不存在测距攻击,则根据目标距离对目标节点进行定位;否则,将目标距离丢弃。采用上述技术方案,通过在无线传输过程中提取接收机噪声,并根据接收机噪声通过一次测量即可实现测距攻击检测,基于该攻击检测结果对无线传感器节点进行定位,在保证安全定位的基础上节省了通信开销。The secure positioning solution for wireless sensors provided by the embodiments of the present application obtains the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal ; And determine the target distance between the anchor point and the target node; determine the attack detection result according to the anchor point’s analysis result of the response signal, the second receiver noise, the first receiver noise and the preset detection threshold; if the attack is detected The result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded. Using the above technical solution, by extracting the receiver noise in the wireless transmission process, and measuring the distance based on the receiver noise through one measurement, the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
图1为本申请实施例提供的一种无线传感器网络的安全定位方法的流程图;FIG. 1 is a flowchart of a secure positioning method for a wireless sensor network provided by an embodiment of this application;
图2为本申请实施例提供的一种无线传感器网络的安全定位方法的示意图;2 is a schematic diagram of a secure positioning method for a wireless sensor network provided by an embodiment of this application;
图3为本申请实施例提供的一种相关技术的定位方法的示意图;FIG. 3 is a schematic diagram of a related technology positioning method provided by an embodiment of this application;
图4为本申请实施例提供的一种测距缩小攻击的示意图;FIG. 4 is a schematic diagram of a range-finding reduction attack provided by an embodiment of this application;
图5为本申请实施例提供的一种测距增大攻击的示意图;FIG. 5 is a schematic diagram of a range increase attack provided by an embodiment of the application;
图6为本申请实施例提供的一种测距缩小攻击的定位示意图;FIG. 6 is a schematic diagram of the location of a range-finding reduction attack provided by an embodiment of this application;
图7为本申请实施例提供的一种测距增大攻击的定位示意图;FIG. 7 is a schematic diagram of the location of a range-finding augmentation attack provided by an embodiment of this application;
图8为本申请实施例提供的一种双向定位示意图;FIG. 8 is a schematic diagram of a two-way positioning provided by an embodiment of this application;
图9为本申请实施例提供的另一种无线传感器网络的安全定位方法的流程图;FIG. 9 is a flowchart of another method for secure positioning of a wireless sensor network according to an embodiment of the application;
图10为本申请实施例提供的一种无线传感器网络系统的示意图;FIG. 10 is a schematic diagram of a wireless sensor network system provided by an embodiment of this application;
图11为本申请实施例提供的一种实验和理论的对比示意图;FIG. 11 is a schematic diagram of a comparison between experiment and theory provided by the embodiments of this application;
图12为本申请实施例提供的一种检测性能与测量次数的关系示意图;FIG. 12 is a schematic diagram of a relationship between detection performance and measurement times provided by an embodiment of this application;
图13为本申请实施例提供的一种通信开销与锚点数量的关系示意图;FIG. 13 is a schematic diagram of a relationship between communication overhead and the number of anchor points according to an embodiment of this application;
图14为本申请实施例提供的一种通信开销与测量次数的关系示意图;FIG. 14 is a schematic diagram of the relationship between communication overhead and the number of measurements provided by an embodiment of this application;
图15为本申请实施例提供的一种性能开销比与测量次数的关系示意图;FIG. 15 is a schematic diagram of the relationship between the performance overhead ratio and the number of measurements provided by an embodiment of this application;
图16为本申请实施例提供的一种无线传感器网络的安全定位装置的结构示意图;FIG. 16 is a schematic structural diagram of a secure positioning device for a wireless sensor network provided by an embodiment of this application;
图17为本申请实施例提供的一种设备的结构示意图。FIG. 17 is a schematic structural diagram of a device provided by an embodiment of this application.
下面结合附图和实施例对本申请进行说明。此处所描述的具体实施例仅仅用于解释本申请,而非对本申请的限定。为了便于描述,附图中仅示出了与本申请相关的部分而非全部结构。The application will be described below with reference to the drawings and embodiments. The specific embodiments described here are only used to explain the application, but not to limit the application. For ease of description, the drawings only show a part of the structure related to the present application, but not all of the structure.
在讨论示例性实施例之前应当提到的是,一些示例性实施例被描述成作为流程图描绘的处理或方法。虽然流程图将各步骤描述成顺序的处理,但是其中的许多步骤可以被并行地、并发地或者同时实施。此外,各步骤的顺序可以被重新安排。当其操作完成时所述处理可以被终止,但是还可以具有未包括在附图中的附加步骤。所述处理可以对应于方法、函数、规程、子例程、子程序等等。It should be mentioned before discussing the exemplary embodiments that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowchart describes the steps as sequential processing, many of the steps can be implemented in parallel, concurrently, or simultaneously. In addition, the order of the steps can be rearranged. The processing may be terminated when its operation is completed, but may also have additional steps not included in the drawings. The processing may correspond to methods, functions, procedures, subroutines, subroutines, and so on.
图1为本申请实施例提供的一种无线传感器网络的安全定位方法的流程图,本实施例可适用于实现无线传感器的安全定位的情况,该方法可以由无线传感器网络的安全定位装置执行,该装置可以采用软件和/或硬件的方式实现,该装置可配置于电子设备中,例如服务器或终端设备等。如图1所示,该方法可以包 括:Figure 1 is a flowchart of a secure positioning method for a wireless sensor network provided by an embodiment of this application. This embodiment may be suitable for realizing the secure positioning of wireless sensors. The method can be executed by a secure positioning device of a wireless sensor network. The device can be implemented in software and/or hardware, and the device can be configured in an electronic device, such as a server or a terminal device. As shown in Figure 1, the method can include:
S110、获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果;并确定锚点和目标节点之间的目标距离。S110. Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the distance between the anchor point and the target node Target distance.
其中,目标节点和锚点是指无线传感器网络中的传感器节点,锚点用于确定目标节点的位置,本实施例中假设锚点的位置在任何时间和地点都可以通过GPS系统或其他方式预先确定。挑战信号为锚点发送给目标节点的信号,响应信号为目标节点接收到挑战信号之后返回给锚点的信号。第一接收机噪声为目标节点接收挑战信号时提取的接收机噪声,第二接收机噪声为锚点接收响应信号时提取的接收机噪声。Among them, the target node and the anchor point refer to the sensor node in the wireless sensor network. The anchor point is used to determine the location of the target node. Sure. The challenge signal is a signal sent by the anchor to the target node, and the response signal is a signal returned to the anchor after the target node receives the challenge signal. The first receiver noise is the receiver noise extracted when the target node receives the challenge signal, and the second receiver noise is the receiver noise extracted when the anchor point receives the response signal.
本实施例中,响应信号为目标节点通过对挑战信号、第一接收机噪声对应的第一接收机噪声方差和加密信息进行消息连接得到,加密信息为采用哈希函数对挑战信号和第一接收机噪声方差的消息连接结果进行加密得到。挑战信号可以基于设定容量的随机数组成,该设定容量可以根据实际情况进行设定。In this embodiment, the response signal is obtained by the target node through message connection of the challenge signal, the first receiver noise variance corresponding to the first receiver noise, and the encrypted information. The encrypted information is obtained by using a hash function to compare the challenge signal and the first receiver. The message concatenation result of the machine noise variance is encrypted. The challenge signal can be composed of random numbers based on the set capacity, and the set capacity can be set according to actual conditions.
本实施例中,锚点可以发送一个挑战信号给目标节点,目标节点接收到挑战信号之后,提取此时的第一接收机噪声;目标节点根据第一接收机噪声计算确定第一接收机噪声方差,采用哈希函数对挑战信号和第一接收机噪声方差的消息连接结果进行加密,得到加密信息,之后将挑战信号、第一接收机噪声方差和加密结果进行消息连接,得到响应信号并发送响应信号给锚点;锚点接收到响应信号之后,可以从响应信号中提取挑战信号和接收机噪声方差的消息连接结果,以及加密信息,采用与目标节点相同的哈希函数确定消息连接结果的解密信息,上述加密信息和解密信息为锚点解析得到的解析结果。In this embodiment, the anchor can send a challenge signal to the target node. After receiving the challenge signal, the target node extracts the first receiver noise at this time; the target node determines the first receiver noise variance based on the first receiver noise calculation Use a hash function to encrypt the message connection result of the challenge signal and the noise variance of the first receiver to obtain the encrypted information, and then connect the challenge signal, the noise variance of the first receiver and the encryption result to the message to obtain the response signal and send the response The signal is sent to the anchor point; after the anchor point receives the response signal, it can extract the message connection result of the challenge signal and the receiver noise variance from the response signal, as well as the encrypted information, and use the same hash function as the target node to determine the decryption of the message connection result Information, the above-mentioned encrypted information and decrypted information are the analysis results obtained by the anchor point analysis.
锚点接收到响应信号之后,可以记录时间间隔,并根据该实际间隔确定锚点和目标节点之间的目标距离。或者,无线传感器网络的安全定位装置也可以获取锚点记录的时间间隔,进而确定锚点和目标节点之间的目标距离。After the anchor point receives the response signal, it can record the time interval, and determine the target distance between the anchor point and the target node according to the actual interval. Alternatively, the secure positioning device of the wireless sensor network can also obtain the time interval recorded by the anchor point to determine the target distance between the anchor point and the target node.
示例性的,参见图2,图2为本申请实施例提供的一种无线传感器网络的安全定位方法的示意图。图2中锚点A发送一个基于设定容量的随机数组成的挑战信号D给目标节点S,目标节点S在时间t
1接收到的挑战信号D,估计第一接收机噪声
目标节点S生成响应信号
其中||表示消息连接操作符,
是
的方差,将
表示为一个设定容量的二进制序列,
为加密信息,本实施例中可以采用消息完整性代码(Messages Integrity Check,MIC)进行加密,表示为g
K(M),g(·)表示哈希函数和K是密钥,并将响应信号返回给锚点A;锚点A在t
2接收到响应信号,记录时间间隔为τ
AS=t
2-t
1,以备后续进行定位,并且锚点A从响应信号中提取
通过哈希函数计算解密信息
锚点A接收到响应信号之后,也估计第二接收机噪声
Exemplarily, refer to FIG. 2, which is a schematic diagram of a secure positioning method for a wireless sensor network according to an embodiment of the application. The anchor point A in Figure 2 sends a challenge signal D composed of random numbers based on the set capacity to the target node S. The target node S receives the challenge signal D at time t 1 and estimates the noise of the first receiver The target node S generates a response signal Where || represents the message concatenation operator, Yes The variance of Expressed as a binary sequence of set capacity, To encrypt information, the message integrity code (Messages Integrity Check, MIC) can be used for encryption in this embodiment, expressed as g K (M), g (·) represents the hash function and K is the key, and the response signal Return to anchor point A; anchor point A receives the response signal at t 2 and the recording time interval is τ AS =t 2 -t 1 for subsequent positioning, and anchor point A is extracted from the response signal Calculate decrypted information by hash function After anchor A receives the response signal, it also estimates the second receiver noise
传统方案中,是通过连续测量多个到达时间并存储中值来估计锚点与目标节点之间的距离,提出了一种安全定位方案,如图3所示。图3为本申请实施例提供的一种相关技术的定位方法的示意图,假设密钥K在所有的锚节点和目标节点之间共享,并使用消息完整性代码技术来保证安全性,MIC对信息M进行加密用g
K(M),g(·)表示哈希函数,K是密钥,外部攻击者可能知道的g(·)细节,但不知道密钥K,作用有两方面:一是确定M来源,二是要保证M完整来防御篡改攻击。
In the traditional scheme, the distance between the anchor point and the target node is estimated by continuously measuring multiple arrival times and storing the median value, and a safe positioning scheme is proposed, as shown in Figure 3. Figure 3 is a schematic diagram of a positioning method of a related technology provided by an embodiment of the application. It is assumed that the key K is shared between all anchor nodes and target nodes, and message integrity code technology is used to ensure security. MIC pairs information M is encrypted with g K (M), g(·) represents the hash function, K is the key, and the external attacker may know the details of g(·), but does not know the key K. The function has two aspects: one is To determine the source of M, the second is to ensure the integrity of M to defend against tampering attacks.
传统方案要求L次测量,每次测量由三个无线传输组成即L≥3,如图3所示。在每次测量中,首先锚点A发送由l-bit随机数D组成的挑战信号给目标节点S;目标节点S在时间t
1接收到挑战信号,然后提取随机数D,目标节点S发送2l-bit的D||B的响应信号给锚点A,锚点A在时间t
2接收到响应信号,||表示消息连接操作符,B也是一个l-bit的随机数;然后锚点A将流逝时间记录为τ
AS=t
2-t
1并计算了双向ToA的t
AS。与此同时,锚点A从接收到的响应信号中提取D||B,并计算v=g
K(D||B)的值;目标节点S发送MIC信号g
K(D||B)给锚点A。
The traditional scheme requires L times of measurement, and each measurement consists of three wireless transmissions, that is, L≥3, as shown in Figure 3. In each measurement, the anchor point A first sends a challenge signal composed of a 1-bit random number D to the target node S; the target node S receives the challenge signal at time t 1 , and then extracts the random number D, and the target node S sends 2l -bit D || B of the response signal to the anchor a, at time t 2 anchor a response signal is received, a message indicating || concatenation operator, B is a l-bit random number; and the anchor point a The elapsed time is recorded as τ AS =t 2 -t 1 and t AS of the two-way ToA is calculated. At the same time, the anchor point A extracts D||B from the received response signal, and calculates the value of v=g K (D||B); the target node S sends the MIC signal g K (D||B) to Anchor point A.
传统方案通过两个连续的步骤检测测距缩小攻击和测距增大攻击,在第一步中,如果接收到的MIC与v的值相同,测距缩小攻击的检测已经通过;在第二步中,在连续测量多个ToA后,先验方案以测量次数的中位数作为最终测量值,以抵御测距增大攻击。传统方案对测距增大攻击的抵抗依赖于发起攻击的次数M,如果M≤(L-1)/2,才能成功侦测到测距增大攻击;否则,其安全性就无法得到保证。虽然两种类型的攻击都通过了检测,锚点A可以接受t
AS作为合法的ToA,并将其存储为有用的定位信息,以获取目标节点的实际位置。对于一个包括N
A个锚点的无线传感器网络,传统方案的通信开销为3LN
A,数字3表示每次测量包含三个无线传输,L表示测量次数,因此当N
A或L增加时,传统方案的通信开销增加。基于上述技术问题,本实施例中考虑到当外部攻击者转发质询信号时,不可避免地会引入额外的接收机噪声,通过该接收机噪声进行安全定位前的攻击检测,基于攻击检测结果进行目标节点的安全定位,以减小通信开销。
The traditional scheme detects the range reduction attack and the range increase attack through two consecutive steps. In the first step, if the received MIC is the same value as v, the detection of the range reduction attack has been passed; in the second step In, after continuously measuring multiple ToAs, the a priori scheme uses the median of the number of measurements as the final measurement value to resist the range increase attack. The resistance of traditional schemes to increasing range attacks depends on the number of attacks M. If M≤(L-1)/2, the range increasing attack can be successfully detected; otherwise, its security cannot be guaranteed. Although both types of attacks have passed the detection, anchor point A can accept t AS as a legal ToA and store it as useful positioning information to obtain the actual location of the target node. For a wireless sensor network including N A anchor points, the communication overhead of the traditional scheme is 3LN A , the number 3 means that each measurement contains three wireless transmissions, and L means the number of measurements. Therefore, when N A or L increases, the traditional scheme Increased communication overhead. Based on the above technical problems, this embodiment takes into account that when an external attacker forwards a challenge signal, additional receiver noise will inevitably be introduced. The receiver noise is used to perform attack detection before safe positioning, and target based on the attack detection result. The safe positioning of nodes to reduce communication overhead.
S120、根据锚点对响应信号的解析结果、第二接收机噪声、第一接收机噪声以及预设的检测阈值,确定攻击检测结果。S120: Determine an attack detection result according to the analysis result of the anchor point on the response signal, the second receiver noise, the first receiver noise, and a preset detection threshold.
本实施例中采用的定位方法为双向到达时间(Time Of Arrival,ToA)算法,而在双向ToA技术中,存在测距缩小攻击和测距增大攻击两个漏洞,两个恶意节点协同发起攻击,如图4和图5所示,图4为本申请实施例提供的一种测距缩小攻击的示意图,图5为本申请实施例提供的一种测距增大攻击的示意图。而图6和图7分别展示了两次攻击的效果,图6为本申请实施例提供的一种测 距缩小攻击的定位示意图,图7为本申请实施例提供的一种测距增大攻击的定位示意图。在图4、图5、图6和图7中,S
1是目标节点的实际位置,
是目标节点的估计位置,A
1表示锚点,E
1和E
2表示恶意节点,恶意节点的目的是破坏定位过程或降低定位精度。
The positioning method adopted in this embodiment is the two-way Time Of Arrival (ToA) algorithm. In the two-way ToA technology, there are two vulnerabilities in the range reduction attack and the range increase attack, and two malicious nodes initiate an attack cooperatively. , As shown in Figures 4 and 5, Figure 4 is a schematic diagram of a ranging attack provided by an embodiment of this application, and Figure 5 is a schematic diagram of a ranging increase attack provided by an embodiment of this application. Figures 6 and 7 respectively show the effects of the two attacks. Figure 6 is a schematic diagram of the location of a range reduction attack provided by an embodiment of this application, and Figure 7 is a range measurement increase attack provided by an embodiment of this application. Schematic diagram of positioning. In Figure 4, Figure 5, Figure 6 and Figure 7, S 1 is the actual position of the target node, Is the estimated position of the target node, A 1 represents the anchor point, E 1 and E 2 represent malicious nodes, and the purpose of malicious nodes is to destroy the positioning process or reduce the positioning accuracy.
在测距缩小攻击中,如图4所示,E
2总是发送干扰信号给S
1用于防止接收来自A
1的挑战信号。当A
1发送挑战信号
E
1收到
由于无线媒体的广播特性。接收信号在E
1表示为
和
分别是信道响应,来自A
1分别到E
1和E
1的接收机噪声。然后,E
1模仿S
1发送响应消息
给A
1和A
1接收到的信号表示为
是来自E
1到A
1的信道响应。如果E
1到S
1的距离,比A
1到S
1的距离短,A
1与无攻击时相比,将得到更短的双向ToA值,因此A
1得到距离减少的估计值,如图6所示。最后,估计了S
1的错误位置。
In the range reduction attack, as shown in Figure 4, E 2 always sends an interference signal to S 1 to prevent receiving the challenge signal from A 1. When A 1 sends a challenge signal E 1 received Due to the broadcasting characteristics of wireless media. The received signal is expressed in E 1 as and These are the channel response, the receiver noise from A 1 to E 1 and E 1 respectively. Then, E 1 imitates S 1 to send a response message The signals received for A 1 and A 1 are expressed as Is the channel response from E 1 to A 1. If the distance from E 1 to S 1 is shorter than the distance from A 1 to S 1 , A 1 will get a shorter two-way ToA value than when there is no attack, so A 1 gets the estimated value of distance reduction, as shown in Figure 6. Shown. Finally, the error position of S 1 is estimated.
在测距增大攻击中,如图5所示,E
2在两个阶段有不同的作用。在第一阶段,当A
1发送挑战信号
E
2发射干扰信号S
1,然后E
1收到
表示为
在第二阶段,E
2保持沉默和E
1直接发送
给S
1,附带增益G
E,接收信号在S
1表示为
是来自E
1到S
1的信道响应。然后S
1发送响应信号
给A
1。因此A
1接收响应信号需要更长的时间,A
1与无攻击时相比,将获得更长的双向ToA值。因此A
1得到距离增大的估计值,如图7所示。最后,估计了S
1的错误位置。
In the range increase attack, as shown in Figure 5, E 2 has different functions in the two stages. In the first stage, when A 1 sends a challenge signal E 2 transmits the interference signal S 1 , and then E 1 receives Expressed as In the second stage, E 2 remains silent and E 1 sends directly Given S 1 , with a gain G E , the received signal is expressed in S 1 as Is the channel response from E 1 to S 1. Then S 1 sends a response signal Give A 1 . Therefore, it takes a longer time for A 1 to receive the response signal, and A 1 will obtain a longer two-way ToA value than when there is no attack. Therefore, A 1 gets the estimated value of the increase in distance, as shown in Figure 7. Finally, the error position of S 1 is estimated.
根据锚点对响应信号的解析结果,确定攻击检测结果,可以包括:根据解析结果中的解密信息和加密信息的比对结果,确定测距缩小攻击的检测结果,解密信息为锚点采用哈希函数对响应信号中提取的挑战信号和第一接收机噪声方差的消息连接结果解密得到。Determining the attack detection result according to the analysis result of the anchor point on the response signal may include: determining the detection result of the ranging attack based on the comparison result of the decrypted information and the encrypted information in the analysis result, and the decrypted information is the anchor point using hash The function decrypts the message connection result of the challenge signal extracted from the response signal and the noise variance of the first receiver.
一实施例中,根据解析结果中的解密信息和加密信息的比对结果,确定测距缩小攻击的检测结果,包括:如果加密信息和解密信息相同,则测距缩小攻击的检测结果为不存在测距缩小攻击;否则,测距缩小攻击的检测结果为存在测距缩小攻击。In one embodiment, according to the comparison result of the decrypted information and the encrypted information in the analysis result, the detection result of the range reduction attack is determined, including: if the encrypted information and the decrypted information are the same, the detection result of the range reduction attack is non-existent Range reduction attack; otherwise, the detection result of range reduction attack is that there is a range reduction attack.
可选的,根据第二接收机噪声、第一接收机噪声以及预设的检测阈值,确定攻击检测结果,可以包括:确定第一接收机噪声对应的第一接收机噪声方差以及第二接收机噪声对应的第二接收机噪声方差;确定第二接收机噪声方差和第一接收机噪声方差的方差差值;根据方差差值以及检测阈值的比对结果,确定测距增大攻击的检测结果。Optionally, determining the attack detection result according to the second receiver noise, the first receiver noise, and a preset detection threshold may include: determining the first receiver noise variance corresponding to the first receiver noise and the second receiver The second receiver noise variance corresponding to the noise; determine the variance value of the second receiver noise variance and the first receiver noise variance; according to the comparison result of the variance value and the detection threshold, determine the detection result of the range increase attack .
一实施例中,根据方差差值以及检测阈值的比对结果,确定测距增大攻击的检测结果,可以包括:如果方差差值小于或等于检测阈值,则测距增大攻击的检测结果为不存在测距增大攻击;否则,测距增大攻击的检测结果为存在测距增大 攻击。In an embodiment, determining the detection result of the range increase attack based on the comparison result of the variance value and the detection threshold may include: if the variance value is less than or equal to the detection threshold, the detection result of the range increase attack is There is no range increase attack; otherwise, the detection result of the range increase attack is that there is a range increase attack.
本实施例中,假设
表示不存在测距增大攻击的情况,
表示存在测距增大攻击的情况。目标节点S接收到的挑战信号在
和
时分别表示为
和
在
时,目标节点S通过信道估计算法和恢复消息
获得估计的信道响应
因为恢复的错误可以通过调制和信道编码来纠正,本实施例中假设消息可以完全恢复,即
目标节点S提取接收机噪声为
目标节点S计算它的方差
在
时,目标节点S得到信道响应为
提取的接收机噪声为
目标节点S计算它的方差
之后,由于本实施例中以假设锚点A发送挑战信号给目标节点S时有攻击,而目标节点S返回响应信号时无攻击,因此锚点A得到信道响应为
提取的接收机噪声为
锚点A计算它的方差
In this embodiment, it is assumed Indicates that there is no case of increasing the range finding attack, Indicates that there is a situation where the distance measurement increases the attack. The challenge signal received by the target node S is and Respectively expressed as and exist When the target node S uses the channel estimation algorithm and recovers the message Get estimated channel response Because the recovered error can be corrected by modulation and channel coding, it is assumed in this embodiment that the message can be completely recovered, namely The target node S extracts the receiver noise as The target node S calculates its variance exist When the target node S gets the channel response as The extracted receiver noise is The target node S calculates its variance After that, since it is assumed in this embodiment that there is an attack when the anchor point A sends a challenge signal to the target node S, and there is no attack when the target node S returns a response signal, the anchor point A gets the channel response as The extracted receiver noise is Anchor point A calculates its variance
一实施例中,方差差值可以为
|·|表示绝对值运算符,当δ<θ,则可以确定测距增大攻击的检测结果为不存在测距增大攻击,否则,测距增大攻击的检测结果为存在测距增大攻击。其中θ表示检测阈值,可以根据经验和实际情况预先设定。
In an embodiment, the variance value can be |·| represents the absolute value operator, when δ<θ, it can be determined that the detection result of the range increase attack is that there is no range increase attack, otherwise, the detection result of the range increase attack is that there is a range increase attack attack. Where θ represents the detection threshold, which can be preset based on experience and actual conditions.
本实施例中目标节点和锚点可以分别确定第一接收机噪声方差和第二接收机噪声方差之后,发送给无线传感器网络的安全定位装置进行后续攻击检测和定位,也可以直接将第一接收机噪声和第二接收机噪声发送给无线传感器网络的安全定位装置,无线传感器网络的安全定位装置分别确定第一接收机噪声方差和第二接收机噪声方差。In this embodiment, the target node and the anchor point can respectively determine the noise variance of the first receiver and the noise variance of the second receiver, and then send them to the secure positioning device of the wireless sensor network for subsequent attack detection and positioning, or directly send the first receiver The machine noise and the second receiver noise are sent to the safe positioning device of the wireless sensor network, and the safe positioning device of the wireless sensor network determines the first receiver noise variance and the second receiver noise variance respectively.
本实施例中,每次测量包括两个无线传输,通过适当地增加了挑战信号的最后一位到达目标节点的天线后直到第一比特的响应信号从目标节点的天线发射的持续时间的值,得到一个较大的常数,该常数足够大,可以完成所有的操作;并且本实施例中的攻击检测方法只需要一次测量。针对一个无线传感器网络,通信开销为2N
A,其中N
A为无线传感器网络中的锚点数量。因此,与传统方案相比,本方案节省了通信开销,特别是在大规模无线传感器网络或强大的外部攻击者的情况下。
In this embodiment, each measurement includes two wireless transmissions. By appropriately increasing the value of the duration of the first bit of the response signal from the antenna of the target node after the last bit of the challenge signal reaches the antenna of the target node, A relatively large constant is obtained, which is large enough to complete all operations; and the attack detection method in this embodiment only requires one measurement. For a wireless sensor network, the communication overhead is 2N A , where N A is the number of anchor points in the wireless sensor network. Therefore, compared with traditional solutions, this solution saves communication overhead, especially in the case of large-scale wireless sensor networks or powerful external attackers.
S130、如果攻击检测结果为不存在测距攻击,则根据目标距离对目标节点进行定位;否则,将目标距离丢弃。S130: If the attack detection result is that there is no ranging attack, locate the target node according to the target distance; otherwise, discard the target distance.
如果攻击检测结果为不存在测距增大攻击和测距缩小攻击,则根据目标距离采用双向到达时间算法对目标节点进行定位。如果攻击检测结果为存在测距缩小攻击或者存在测距增大攻击,则将目标距离丢弃。可选的,将目标距离丢弃之后,可以对无线传感器网络进行攻击恶意节点的排查以消除攻击,直到攻击检 测结果为不存在测距缩小攻击和测距增大攻击时再对目标节点进行定位。If the attack detection result is that there is no range increase attack and range reduction attack, the two-way arrival time algorithm is used to locate the target node according to the target distance. If the attack detection result is that there is a range reduction attack or a range increase attack, the target distance is discarded. Optionally, after discarding the target distance, the wireless sensor network can be checked against malicious nodes to eliminate the attack, until the attack detection result is that there is no range reduction attack and range increase attack, then the target node can be located.
其中,双向到达时间算法是一种在无线传感器网络中定位传感器节点的算法。无线传感器网络中可以包括三种类型的传感器节点:锚点、目标节点和恶意节点。锚点的作用是确定目标节点的位置,而恶意节点的目的是破坏定位过程或降低定位精度。为了确定目标节点的二维位置,锚点的数量应该大于3个。而锚点越多,对应的定位精度越高,但同时增加了通信开销,因此锚点的数量可以根据实际情况进行设定。Among them, the two-way arrival time algorithm is an algorithm for locating sensor nodes in wireless sensor networks. Three types of sensor nodes can be included in wireless sensor networks: anchors, target nodes, and malicious nodes. The role of the anchor point is to determine the location of the target node, and the purpose of the malicious node is to destroy the positioning process or reduce the positioning accuracy. In order to determine the two-dimensional position of the target node, the number of anchor points should be greater than 3. The more anchor points, the higher the corresponding positioning accuracy, but at the same time increased communication overhead, so the number of anchor points can be set according to the actual situation.
在无线传感器网络中,所有的传感器节点随机部署在一个平面上,目标节点的定位过程通常在网络初始化阶段完成。假设有N
A个锚点,表示为
N
S个目标节点,表示为
和N
E个恶意节点,表示为
其中N
A≥3。假设N
A=3,N
S=1和N
E=2,A
1在时间t
1首先发送一个挑战信号
给S
1。S
1收到的信号表示为
其中
和
分别是A
1到S
1的信道响应和S
1提取的接收端噪声,假设所有的信道响应都建模为零均值复高斯随机变量(RVs),即
其中
d是发射机和接收机之间的距离,λ=c/f
c是发射信号的波长,c是光速,f
c是发射信号的载波频率。G
t和G
r分别是发射天线增益和接收天线增益。假设接收机噪声也被建模为零均值复高斯随机变量,如
是基于硬件的。接收到的信噪比(Signal Noise Ratio,SNR)表示为
其中P
t表示传输功率。
In a wireless sensor network, all sensor nodes are randomly deployed on a plane, and the positioning process of the target node is usually completed in the network initialization phase. Suppose there are N A anchor points, expressed as N S target nodes, expressed as And malicious nodes N E, as represented by Where N A ≥3. Suppose N A = 3, N S = 1 and N E = 2, A 1 at times t 1 first transmits a challenge signal Give S 1 . The signal received by S 1 is expressed as in and They are the channel response from A 1 to S 1 and the receiver noise extracted by S 1 , assuming that all channel responses are modeled as zero-mean complex Gaussian random variables (RVs), namely in d is the distance between the transmitter and the receiver, λ=c/f c is the wavelength of the transmitted signal, c is the speed of light, and f c is the carrier frequency of the transmitted signal. G t and G r are the transmit antenna gain and the receive antenna gain, respectively. Suppose that the receiver noise is also modeled as a zero-mean complex Gaussian random variable, such as It is based on hardware. The received signal-to-noise ratio (Signal Noise Ratio, SNR) is expressed as Where P t represents the transmission power.
S
1发送响应信号
给A
1,接收信号在A
1表示为
其中
和
分别是S
1到A
1的信道响应和A
1的噪声,最后A
1计算双向ToA,
表示从挑战信号的最后一位发送到A
1响应信号完全解码的时间;
表示响应信号的最后一位到达A
1天线后直到响应信号被A
1完全解码的持续时间;
表示挑战信号的最后一位到达S
1天线后直到第一比特的响应信号从S
1天线发射的持续时间;t
tran表示传输时间。
和
是基于设备的,在定位过程中是常数,可以预先确定和预加载到A1用于校准时间测量到一定的精度。t
tran=2l/b,l是发射信号的长度和b为无线传感器网络的带宽。
S 1 sends a response signal Given to A 1 , the received signal in A 1 is expressed as in and Respectively, to channel S 1 A 1 A 1 response and noise, the last bi-A 1 calculating the ToA, Indicates the time from the last bit of the challenge signal to the complete decoding of the A 1 response signal; Indicates the duration after the last bit of the response signal reaches the A 1 antenna until the response signal is completely decoded by A 1; It represents the duration from the last bit of the challenge signal to the S 1 antenna until the response signal of the first bit is emitted from the S 1 antenna; t tran represents the transmission time. and It is equipment-based and constant during the positioning process. It can be pre-determined and pre-loaded to A1 for calibration time measurement to a certain accuracy. t tran = 2l/b, where l is the length of the transmitted signal and b is the bandwidth of the wireless sensor network.
图8为本申请实施例提供的一种双向定位示意图。估计A
1和S
1两者之间的距离为
同样,其他的锚点也可以估计到的距离S
1。表示A
j和S
j的二维位置为
和
在不失一般性的前提下,假定第一个锚点A
1作为领导者从其他锚点收集所有定位信息。基于三个锚点的定位信息,A
1建立下列方程,
通过该方程,得到其位置为三个圆形成的交点,如图8所示。
FIG. 8 is a schematic diagram of a two-way positioning provided by an embodiment of the application. Estimate the distance between A 1 and S 1 as Similarly, other anchor points can also estimate the distance S 1 . Indicates that the two-dimensional positions of A j and S j are and Without loss of generality, assume that the first anchor point A 1 acts as the leader to collect all positioning information from other anchor points. Based on the positioning information of the three anchor points, A 1 establishes the following equation, Through this equation, the position is the intersection formed by the three circles, as shown in Figure 8.
本实施例提供的无线传感器网络的安全定位方法,具有以下优势:利用MIC技术防御欺骗攻击和篡改攻击;可以抵御测距缩小攻击和测距增大攻击;适应性强,因为本方案保证了传感器节点在苛刻条件下的安全性,如传感器节点的电池寿命有限、传感器节点的存储空间有限以及传感器节点的移动性高等;无论外部攻击者发起多少次攻击,都不会影响所提方案的安全性。The secure positioning method of the wireless sensor network provided by this embodiment has the following advantages: MIC technology is used to defend against spoofing attacks and tampering attacks; it can resist range reduction attacks and range increase attacks; it has strong adaptability, because this solution guarantees sensors The security of the node under harsh conditions, such as the limited battery life of the sensor node, the limited storage space of the sensor node, and the high mobility of the sensor node; no matter how many attacks launched by an external attacker, it will not affect the security of the proposed solution .
本申请实施例提供的无线传感器的安全定位方案,获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果;并确定锚点和目标节点之间的目标距离;根据锚点对响应信号的解析结果、第二接收机噪声、第一接收机噪声以及预设的检测阈值,确定攻击检测结果;如果攻击检测结果为不存在测距攻击,则根据目标距离对目标节点进行定位;否则,将目标距离丢弃。采用上述技术方案,通过在无线传输过程中提取接收机噪声,并根据接收机噪声通过一次测量即可实现测距攻击检测,基于该攻击检测结果对无线传感器节点进行定位,在保证安全定位的基础上节省了通信开销。The secure positioning solution for wireless sensors provided by the embodiments of the present application obtains the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal ; And determine the target distance between the anchor point and the target node; determine the attack detection result according to the anchor point’s analysis result of the response signal, the second receiver noise, the first receiver noise and the preset detection threshold; if the attack is detected The result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded. Using the above technical solution, by extracting the receiver noise in the wireless transmission process, and measuring the distance based on the receiver noise through one measurement, the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
图9为本申请实施例提供的另一种无线传感器网络的安全定位方法的流程图。本实施例在上述实施例的基础上,优化了上述无线传感器网络的安全定位方法。相应的,本实施例的方法包括:Fig. 9 is a flowchart of another secure positioning method for a wireless sensor network provided by an embodiment of the application. On the basis of the above-mentioned embodiment, this embodiment optimizes the above-mentioned safe positioning method of the wireless sensor network. Correspondingly, the method of this embodiment includes:
S210、获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果;并确定锚点和目标节点之间的目标距离。S210. Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the distance between the anchor point and the target node Target distance.
S210之后,可以执行S221和S222-S224,执行顺序本实施例中不作限定,可以根据实际情况进行设定。After S210, S221 and S222-S224 can be executed. The execution sequence is not limited in this embodiment, and can be set according to actual conditions.
S221、根据解析结果中的解密信息和加密信息的比对结果,确定测距缩小攻击的检测结果。S221: Determine the detection result of the distance measurement and reduction attack according to the comparison result of the decrypted information and the encrypted information in the analysis result.
其中,解密信息为锚点采用哈希函数对响应信号中提取的挑战信号和第一接收机噪声方差的消息连接结果解密得到。Wherein, the decryption information is obtained by decrypting the message connection result of the challenge signal extracted from the response signal and the noise variance of the first receiver by the anchor point using a hash function.
如果加密信息和解密信息相同,则测距缩小攻击的检测结果为不存在测距缩小攻击;否则,测距缩小攻击的检测结果为存在测距缩小攻击。If the encrypted information and the decrypted information are the same, the detection result of the range reduction attack is that there is no range reduction attack; otherwise, the detection result of the range reduction attack is that there is a range reduction attack.
S222、确定第一接收机噪声对应的第一接收机噪声方差以及第二接收机噪声对应的第二接收机噪声方差。S222: Determine the first receiver noise variance corresponding to the first receiver noise and the second receiver noise variance corresponding to the second receiver noise.
S223、确定第二接收机噪声方差和第一接收机噪声方差的方差差值。S223. Determine a variance value of the noise variance of the second receiver and the noise variance of the first receiver.
S224、根据方差差值以及检测阈值的比对结果,确定测距增大攻击的检测结果。S224: Determine the detection result of the range increase attack according to the comparison result of the variance value and the detection threshold.
如果方差差值小于或等于检测阈值,则测距增大攻击的检测结果为不存在测距增大攻击;否则,测距增大攻击的检测结果为存在测距增大攻击。If the variance value is less than or equal to the detection threshold, the detection result of the range increase attack is that there is no range increase attack; otherwise, the detection result of the range increase attack is that there is a range increase attack.
S230、攻击监测结果是否为不存在测距增大攻击和测距缩小攻击,若是,则执行S240;否则执行S250。S230. Whether the attack monitoring result is that there is no range increase attack and range reduction attack, if yes, execute S240; otherwise, execute S250.
S240、根据目标距离采用双向到达时间算法对目标节点进行定位。S240: Use a two-way time-of-arrival algorithm to locate the target node according to the target distance.
定位方式如上所述,在此不进行赘述。The positioning method is as described above, and will not be repeated here.
S250、将目标距离丢弃。S250: Discard the target distance.
接下来通过实验仿真和分析对本实施例中提供的无线传感器网络的安全定位方法进行验证。本实施例研究了检测距离攻击性能的实验结果,这些结论也适用于安全定位方案的性能评估,这有两个原因,首先如果所有的距离测量都是合法的,那么最终的定位结果也是合法的;其次,如果每个距离测量中的通信开销很低,那么安全定位方案的总体开销也会很低。对于传感器节点数量的设置,提供了四个节点的简单情况下的实验结果,即锚点的数量N
A=1、目标节点的数量N
S=1和恶意节点的数量N
E=2。在设置各个传感器节点的位置时,假设所有的锚点和恶意节点都分布在同一个平面上,先设置四个节点的位置,如图10所示,图10为本申请实施例提供的一种无线传感器网络系统的示意图。然后让E
1在30m×30m平面上移动,设置传输功率P
t=1W和发射天线增益和接收天线增益G
t=G
r=8。
Next, the secure positioning method of the wireless sensor network provided in this embodiment is verified through experimental simulation and analysis. This embodiment studies the experimental results of detecting distance attack performance. These conclusions are also applicable to the performance evaluation of the secure positioning scheme. There are two reasons for this. First, if all distance measurements are legal, then the final positioning result is also legal. ; Secondly, if the communication overhead in each distance measurement is very low, the overall overhead of the safe positioning scheme will also be very low. For the setting of the number of sensor nodes, the experimental results in a simple case of four nodes are provided, that is, the number of anchor points N A =1, the number of target nodes N S =1, and the number of malicious nodes NE =2. When setting the position of each sensor node, assuming that all anchor points and malicious nodes are distributed on the same plane, first set the positions of four nodes, as shown in FIG. 10, which is a kind of example provided by this application. Schematic diagram of wireless sensor network system. Then let E 1 move on a 30m×30m plane, and set the transmission power P t =1W and the transmitting antenna gain and the receiving antenna gain G t =G r =8.
本实施例中,由于信道衰落和接收机噪声都引入了随机性,本实施例中可以采用设定数量的独立实验方案的最终结果进行平均,例如设定数量可以为60000。本实施例中以四个性能指标为例进行说明,第一个指标是检测概率/误报概率(PD/PFA)。第二个指标是曲线下面积(Area Under Curve,AUC),根据奈曼-皮尔逊(Neyman Pearson,NP)定理得出了接收机工作特性(Receiver Operating Characteristic,ROC)曲线,然后计算ROC曲线对应的AUC。第三个指标是通信开销,定义为在一次距离测量中传输的总比特数。由于检测性能和开销冲突,通过第四个指标即性能开销比(Performance Overhead Ratio,POR),以比较各种方案,其定义为AUC与通信开销的比值。In this embodiment, since channel fading and receiver noise both introduce randomness, in this embodiment, the final results of a set number of independent experimental schemes can be used for averaging, for example, the set number can be 60,000. In this embodiment, four performance indicators are taken as examples for description. The first indicator is detection probability/false alarm probability (PD/PFA). The second indicator is Area Under Curve (AUC). According to the Neyman Pearson (NP) theorem, the Receiver Operating Characteristic (ROC) curve is obtained, and then the ROC curve is calculated. AUC. The third indicator is communication overhead, which is defined as the total number of bits transmitted in a distance measurement. Due to the conflict between detection performance and overhead, the fourth indicator, Performance Overhead Ratio (POR), is used to compare various solutions, which is defined as the ratio of AUC to communication overhead.
通过第一个指标的对比进行举例说明。参见图11,图11为本申请实施例提 供的一种实验和理论的对比示意图,该方案的检测性能随恶意节点的接收噪声G
E值的增大而提高,如图11所示,设置信噪比γ=10dB,误报概率阈值ε=0.01,所采用的信道估计算法的性能α=5%和恶意节点的硬件性能β=100%。如图11所示,PD和PFA的封闭形式表达式与预期的仿真结果完全吻合。和但是,如果估计误差不能被忽略,那么随着G
E值的增加,该方案的检测性能会提高。G
E的值不能被外部攻击者设置得太小,否则目标节点接收到的信号就会很低,甚至目标节点也无法解码挑战信号,使得距离攻击变得没有意义。
An example is given through the comparison of the first indicator. Referring to Figure 11, Figure 11 is a schematic diagram of an experiment and a theoretical comparison provided by an embodiment of the application. The detection performance of this solution increases with the increase of the received noise G E value of the malicious node. As shown in Figure 11, the setting signal The noise ratio γ=10dB, the false alarm probability threshold ε=0.01, the performance of the adopted channel estimation algorithm α=5% and the hardware performance of the malicious node β=100%. As shown in Figure 11, the closed-form expressions of PD and PFA are in full agreement with the expected simulation results. And, if the estimation error cannot be ignored, then as the G E value increases, the detection performance of the scheme will improve. G E value of an external attacker can not be set too small, otherwise the target node receives the signal will be very low, and even challenge the target node can not decode the signal, so that the distance becomes meaningless attack.
本方案的检测性能随α值的增大而降低,α表示所采用的信道估计算法的性能,设置G
E=150,其余条件与图11相同进行分析。随着β值的增大,检测性能提高,β表示恶意节点的硬件性能,设置G
E=150,其余条件与图11相同进行分析。本方案α与β增大时,PD和PFA的封闭形式表达式与预期的仿真结果均完全吻合
The detection performance of this scheme decreases as the value of α increases, α represents the performance of the adopted channel estimation algorithm, set G E =150, and other conditions are the same as those in Fig. 11 for analysis. As the value of β increases, the detection performance improves. β represents the hardware performance of the malicious node. Set G E =150. The other conditions are the same as those in Figure 11 for analysis. When α and β increase in this scheme, the closed-form expressions of PD and PFA are completely consistent with the expected simulation results
随着目标节点与恶意节点距离的减小,检测性能提高,除G
E=150与E
1位置外,其余条件与图11相同进行分析。但是,如果估计误差不能被忽略,则随着目标节点与恶意节点距离的减小,该方案的检测性能提高。
As the distance between the target node and the malicious node decreases, the detection performance improves. Except for the positions of GE = 150 and E 1 , the other conditions are the same as those in Figure 11 for analysis. However, if the estimation error cannot be ignored, as the distance between the target node and the malicious node decreases, the detection performance of the scheme improves.
接下来通过将本实施例中提供的方案和传统方案进行对比,对本方案进行说明。本方案的检测性能与测量次数无关,如图12所示,图12为本申请实施例提供的一种检测性能与测量次数的关系示意图。除了G
E=150和M=3外其余条件与图11相同,L表示在传统方案中测量的次数。从图12可以看出,本方案的检测性能是独立的,而传统方案的检测性能随着L的值的增大而提高。当L≥2M+1,传统方案的检测性能较好,即AUC=1;否则,传统方案的检测性能较差,即AUC等于0.5,这相当于随机猜测。在有估计误差的情况下,方案的性能略有下降,即AUC=0.992。
Next, this solution will be described by comparing the solution provided in this embodiment with the traditional solution. The detection performance of this solution has nothing to do with the number of measurements, as shown in FIG. 12, which is a schematic diagram of the relationship between the detection performance and the number of measurements provided by an embodiment of this application. In addition to the same G E = 150 and M = 3 to rest outside the conditions of FIG 11, L represents the number of measurements in the conventional scheme. It can be seen from Figure 12 that the detection performance of this scheme is independent, while the detection performance of the traditional scheme increases as the value of L increases. When L≥2M+1, the detection performance of the traditional scheme is better, that is, AUC=1; otherwise, the detection performance of the traditional scheme is poor, that is, the AUC is equal to 0.5, which is equivalent to random guessing. In the case of estimation errors, the performance of the scheme drops slightly, that is, AUC=0.992.
对于不同数量的锚点,本方案比传统方案可以节省通信开销72.8%,且与L无关。首先,参见图13,图13为本申请实施例提供的一种通信开销与锚点数量的关系示意图,除L=3外其余条件与图11相同。从图13中可以看出,本方案和传统方案的通信开销均随着锚点数量N
A值的增加而增加。但与传统方案相比,本方案具有更低的通信开销。例如,如果采用IEEE 802.15.4标准,对于4个锚点的情况,本方案的通信开销比传统方案低1.067Kbytes;对于10个锚点的情况,本方案的通信开销比传统方案低2.666Kbytes。对于不同数量的锚点,与传统方案相比,本方案的通信开销节省了72.8%。
For different numbers of anchor points, this solution can save 72.8% of communication overhead compared with the traditional solution, and it has nothing to do with L. First, referring to FIG. 13, FIG. 13 is a schematic diagram of the relationship between communication overhead and the number of anchor points according to an embodiment of the application, and other conditions are the same as those in FIG. 11 except that L=3. As it can be seen from Figure 13, the present embodiment and the conventional scheme communication overhead increases as the number average value of N A anchor point increases. But compared with the traditional scheme, this scheme has lower communication overhead. For example, if the IEEE 802.15.4 standard is adopted, for the case of 4 anchor points, the communication overhead of this solution is 1.067Kbytes lower than that of the traditional solution; for the case of 10 anchor points, the communication overhead of this solution is 2.666Kbytes lower than that of the traditional solution. For different numbers of anchor points, compared with the traditional solution, the communication overhead of this solution is saved by 72.8%.
其次,参见图14,图14为本申请实施例提供的一种通信开销与测量次数的关系示意图,除N
A=1外其余条件与图11相同。从图14中可以看出,随着测量次数L增加,传统方案的通信开销明显增加,而本方案的通信开销则和L独立, 与传统方案相比,该方案具有更低的通信开销,特别是在较大L的情况下。例如L=3时,本方案的通信开销比原方案低0.267Kbytes;对于L=10,该方案的通信开销比原方案低1.121Kbytes。
Secondly, referring to Fig. 14, Fig. 14 is a schematic diagram of the relationship between communication overhead and the number of measurements provided by an embodiment of the application, and other conditions are the same as Fig. 11 except that N A =1. It can be seen from Figure 14 that as the number of measurements L increases, the communication overhead of the traditional solution increases significantly, while the communication overhead of this solution is independent of L. Compared with the traditional solution, this solution has lower communication overhead, especially It is in the case of a larger L. For example, when L=3, the communication overhead of this solution is 0.267Kbytes lower than the original solution; for L=10, the communication overhead of this solution is 1.121Kbytes lower than the original solution.
本方案的POR值比传统方案的POR值好得多,且POR值与L无关。如图15所示,图15为本申请实施例提供的一种性能开销比与测量次数的关系示意图,其中所有条件与图12相同。POR定义为AUC与通信开销的比值。从图15可以看出,本方案的POR值要比传统方案好得多。本方案的POR值与L无关,而传统方案的POR值随着L值的增大而减小,即使L≥2M+1。图15突出了本方案在POR方面的优越性。The POR value of this scheme is much better than that of the traditional scheme, and the POR value has nothing to do with L. As shown in FIG. 15, FIG. 15 is a schematic diagram of the relationship between the performance overhead ratio and the number of measurements provided by an embodiment of the application, and all the conditions are the same as those in FIG. 12. POR is defined as the ratio of AUC to communication overhead. It can be seen from Figure 15 that the POR value of this scheme is much better than that of the traditional scheme. The POR value of this scheme has nothing to do with L, while the POR value of the traditional scheme decreases as the value of L increases, even if L≥2M+1. Figure 15 highlights the superiority of this program in terms of POR.
综上,针对无线传感器网络中两个恶意节点协同发起攻击时节点定位的安全问题,本方案利用外部距离攻击的噪声特征,提出了一种轻量级的安全定位方案。与传统方案相比,本方案提供了更低的通信开销和更高的安全性,实验结果表明了本方案的优越性。In summary, in view of the security problem of node positioning when two malicious nodes in wireless sensor networks initiate an attack cooperatively, this scheme uses the noise characteristics of external distance attacks to propose a lightweight safe positioning scheme. Compared with the traditional scheme, this scheme provides lower communication overhead and higher security. The experimental results show the superiority of this scheme.
本申请实施例提供的无线传感器的安全定位方案,获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果,并确定锚点和目标节点之间的目标距离;根据解析结果中的解密信息和加密信息的比对结果,确定测距缩小攻击的检测结果;确定第一接收机噪声对应的第一接收机噪声方差以及第二接收机噪声对应的第二接收机噪声方差,确定第二接收机噪声方差和第一接收机噪声方差的方差差值,根据方差差值以及检测阈值的比对结果,确定测距增大攻击的检测结果;如果攻击检测结果为不存在测距增大攻击和测距缩小攻击,则根据目标距离对目标节点进行定位;否则,将目标距离丢弃。采用上述技术方案,通过在无线传输过程中提取接收机噪声,并根据接收机噪声通过一次测量即可实现测距攻击检测,基于该攻击检测结果对无线传感器节点进行定位,在保证安全定位的基础上节省了通信开销。The secure positioning solution for wireless sensors provided by the embodiments of the present application obtains the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal , And determine the target distance between the anchor point and the target node; determine the detection result of the range-finding attack according to the comparison result of the decrypted information and the encrypted information in the analysis result; determine the first receiver corresponding to the noise of the first receiver The noise variance and the second receiver noise variance corresponding to the second receiver noise, determine the variance value of the second receiver noise variance and the first receiver noise variance, and determine the measurement based on the comparison result of the variance value and the detection threshold. The detection result of the distance increase attack; if the attack detection result is that there is no range increase attack and range reduction attack, the target node is located according to the target distance; otherwise, the target distance is discarded. Using the above technical solution, by extracting the receiver noise in the wireless transmission process, and measuring the distance based on the receiver noise through one measurement, the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
图16为本申请实施例提供的一种无线传感器网络的安全定位装置的结构示意图,本实施例可适用于实现无线传感器的安全定位的情况。本申请实施例所提供的无线传感器网络的安全定位装置可执行本申请任意实施例所提供的无线传感器网络的安全定位方法,具备执行方法相应的功能模块和效果。该装置包括:FIG. 16 is a schematic structural diagram of a secure positioning device for a wireless sensor network provided by an embodiment of this application. This embodiment may be suitable for realizing secure positioning of wireless sensors. The secure positioning device for the wireless sensor network provided by the embodiment of the present application can execute the secure positioning method for the wireless sensor network provided by any embodiment of the present application, and has functional modules and effects corresponding to the execution method. The device includes:
信息获取模块310,用于获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;攻击检测模块320,用于根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;定位模块330,用 于如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。The information acquisition module 310 is configured to acquire the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and Determine the target distance between the anchor point and the target node; the attack detection module 320 is configured to analyze the response signal based on the anchor point, the second receiver noise, and the first receiver Machine noise and a preset detection threshold to determine the attack detection result; the positioning module 330 is configured to locate the target node according to the target distance if the attack detection result is that there is no ranging attack; otherwise, the The target distance is discarded.
本申请实施例提供的无线传感器的安全定位方案,获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及锚点对响应信号的解析结果;并确定锚点和目标节点之间的目标距离;根据锚点对响应信号的解析结果、第二接收机噪声、第一接收机噪声以及预设的检测阈值,确定攻击检测结果;如果攻击检测结果为不存在测距攻击,则根据目标距离对目标节点进行定位;否则,将目标距离丢弃。采用上述技术方案,通过在无线传输过程中提取接收机噪声,并根据接收机噪声通过一次测量即可实现测距攻击检测,基于该攻击检测结果对无线传感器节点进行定位,在保证安全定位的基础上节省了通信开销。The secure positioning solution for wireless sensors provided by the embodiments of the present application obtains the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal ; And determine the target distance between the anchor point and the target node; determine the attack detection result according to the anchor point’s analysis result of the response signal, the second receiver noise, the first receiver noise and the preset detection threshold; if the attack is detected The result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded. Using the above technical solution, by extracting the receiver noise in the wireless transmission process, and measuring the distance based on the receiver noise through one measurement, the detection of the ranging attack can be realized. Based on the detection result of the attack, the wireless sensor node is located, which is the basis for ensuring safe positioning. This saves communication overhead.
可选的,所述响应信号为所述目标节点通过对所述挑战信号、所述第一接收机噪声对应的第一接收机噪声方差和加密信息进行消息连接得到,所述加密信息为采用哈希函数对所述挑战信号和所述第一接收机噪声方差的消息连接结果进行加密得到。Optionally, the response signal is obtained by the target node through message connection of the challenge signal, the first receiver noise variance corresponding to the first receiver noise, and encrypted information, and the encrypted information is obtained by The Greek function encrypts the message connection result of the challenge signal and the noise variance of the first receiver to obtain it.
可选的,所述攻击检测模块320包括:第一检测单元,所述第一检测单元用于:Optionally, the attack detection module 320 includes: a first detection unit, and the first detection unit is configured to:
根据所述解析结果中的解密信息和所述加密信息的比对结果,确定测距缩小攻击的检测结果,所述解密信息为所述锚点采用所述哈希函数对所述响应信号中提取的所述挑战信号和所述第一接收机噪声方差的消息连接结果解密得到。According to the comparison result of the decrypted information in the analysis result and the encrypted information, the detection result of the ranging and reduction attack is determined, and the decrypted information is that the anchor point uses the hash function to extract from the response signal The message connection result of the challenge signal and the noise variance of the first receiver is obtained by decrypting.
可选的,所述第一检测单元具体用于:Optionally, the first detection unit is specifically configured to:
如果所述加密信息和所述解密信息相同,则所述测距缩小攻击的检测结果为不存在测距缩小攻击;否则,所述测距缩小攻击的检测结果为存在测距缩小攻击。If the encrypted information and the decrypted information are the same, the detection result of the range reduction attack is that there is no range reduction attack; otherwise, the detection result of the range reduction attack is that there is a range reduction attack.
可选的,所述攻击检测模块320包括第二检测单元,所述第二检测单元用于:Optionally, the attack detection module 320 includes a second detection unit, and the second detection unit is configured to:
确定所述第一接收机噪声对应的第一接收机噪声方差以及所述第二接收机噪声对应的第二接收机噪声方差;确定所述第二接收机噪声方差和第一接收机噪声方差的方差差值;根据所述方差差值以及所述检测阈值的比对结果,确定测距增大攻击的检测结果。Determine the first receiver noise variance corresponding to the first receiver noise and the second receiver noise variance corresponding to the second receiver noise; determine the variance of the second receiver noise variance and the first receiver noise variance Variance difference value; according to the comparison result of the variance difference value and the detection threshold value, the detection result of the ranging increase attack is determined.
可选的,所述第二检测单元具体用于:Optionally, the second detection unit is specifically configured to:
如果所述方差差值小于或等于所述检测阈值,则所述测距增大攻击的检测结果为不存在测距增大攻击;否则,所述测距增大攻击的检测结果为存在测距增 大攻击。If the variance value is less than or equal to the detection threshold, the detection result of the range increase attack is that there is no range increase attack; otherwise, the detection result of the range increase attack is that there is range measurement Increase the attack.
可选的,所述定位模块330具体用于:Optionally, the positioning module 330 is specifically configured to:
如果所述攻击检测结果为不存在测距增大攻击和测距缩小攻击,则根据所述目标距离采用双向到达时间算法对所述目标节点进行定位。If the attack detection result is that there is no range increase attack and range reduction attack, then a two-way arrival time algorithm is used to locate the target node according to the target distance.
本申请实施例所提供的无线传感器网络的安全定位装置可执行本申请任意实施例所提供的无线传感器网络的安全定位方法,具备执行方法相应的功能模块和有益效果。The secure positioning device for the wireless sensor network provided by the embodiment of the present application can execute the secure positioning method for the wireless sensor network provided by any embodiment of the present application, and has functional modules and beneficial effects corresponding to the execution method.
图17为本申请实施例提供的一种设备的结构示意图。图17示出了适于用来实现本申请实施方式的示例性设备412的框图。图17显示的设备412仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。FIG. 17 is a schematic structural diagram of a device provided by an embodiment of this application. Figure 17 shows a block diagram of an exemplary device 412 suitable for implementing embodiments of the present application. The device 412 shown in FIG. 17 is only an example, and should not bring any limitation to the function and scope of use of the embodiments of the present application.
如图17所示,设备412以通用设备的形式表现。设备412的组件可以包括但不限于:一个或者多个处理器416,存储装置428,连接不同系统组件(包括存储装置428和处理器416)的总线418。As shown in FIG. 17, the device 412 is represented in the form of a general-purpose device. The components of the device 412 may include, but are not limited to: one or more processors 416, a storage device 428, and a bus 418 connecting different system components (including the storage device 428 and the processor 416).
总线418表示几类总线结构中的一种或多种,包括存储装置总线或者存储装置控制器,外围总线,图形加速端口,处理器或者使用多种总线结构中的任意总线结构的局域总线。举例来说,这些体系结构包括但不限于工业标准体系结构(Industry Subversive Alliance,ISA)总线,微通道体系结构(Micro Channel Architecture,MAC)总线,增强型ISA总线、视频电子标准协会(Video Electronics Standards Association,VESA)局域总线以及外围组件互连(Peripheral Component Interconnect,PCI)总线。The bus 418 represents one or more of several types of bus structures, including a storage device bus or a storage device controller, a peripheral bus, a graphics acceleration port, a processor, or a local bus using any bus structure among multiple bus structures. For example, these architectures include, but are not limited to, Industry Standard Architecture (Industry Subversive Alliance, ISA) bus, Micro Channel Architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (Video Electronics Standards) Association, VESA) local bus and Peripheral Component Interconnect (PCI) bus.
设备412典型地包括多种计算机系统可读介质。这些介质可以是任何能够被设备412访问的可用介质,包括易失性和非易失性介质,可移动的和不可移动的介质。The device 412 typically includes a variety of computer system readable media. These media can be any available media that can be accessed by the device 412, including volatile and non-volatile media, removable and non-removable media.
存储装置428可以包括易失性存储器形式的计算机系统可读介质,例如随机存取存储器(Random Access Memory,RAM)430和/或高速缓存存储器432。设备412可以包括其它可移动/不可移动的、易失性/非易失性计算机系统存储介质。仅作为举例,存储系统434可以用于读写不可移动的、非易失性磁介质(图17未显示,通常称为“硬盘驱动器”)。尽管图17中未示出,可以提供用于对可移动非易失性磁盘(例如“软盘”)读写的磁盘驱动器,以及对可移动非易失性光盘,例如只读光盘(Compact Disc Read-Only Memory,CD-ROM),数字视盘(Digital Video Disc-Read Only Memory,DVD-ROM)或者其它光介质)读写的光盘驱动器。在这些情况下,每个驱动器可以通过一个或者多个数据介质接口与总线418相连。存储装置428可以包括至少一个程序产品,该程序产品具有 一组(例如至少一个)程序模块,这些程序模块被配置以执行本申请各实施例的功能。The storage device 428 may include a computer system readable medium in the form of a volatile memory, such as a random access memory (RAM) 430 and/or a cache memory 432. The device 412 may include other removable/non-removable, volatile/non-volatile computer system storage media. For example only, the storage system 434 can be used to read and write non-removable, non-volatile magnetic media (not shown in FIG. 17, and generally referred to as a "hard drive"). Although not shown in FIG. 17, a disk drive for reading and writing to a removable non-volatile disk (such as a "floppy disk") and a removable non-volatile optical disk such as a compact disc (Compact Disc Read) can be provided. -Only Memory, CD-ROM), Digital Video Disc-Read Only Memory (DVD-ROM) or other optical media) read and write optical disc drives. In these cases, each drive can be connected to the bus 418 through one or more data media interfaces. The storage device 428 may include at least one program product, and the program product has a set of (for example, at least one) program modules, and these program modules are configured to perform the functions of the embodiments of the present application.
具有一组(至少一个)程序模块442的程序/实用工具440,可以存储在例如存储装置428中,这样的程序模块442包括但不限于操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。程序模块442通常执行本申请所描述的实施例中的功能和/或方法。A program/utility tool 440 having a set of (at least one) program module 442 may be stored in, for example, the storage device 428. Such program module 442 includes but is not limited to an operating system, one or more application programs, other program modules, and programs Data, each of these examples or some combination may include the realization of the network environment. The program module 442 generally executes the functions and/or methods in the embodiments described in this application.
设备412也可以与一个或多个外部设备414(例如键盘、指向终端、显示器424等)通信,还可与一个或者多个使得用户能与该设备412交互的终端通信,和/或与使得该设备412能与一个或多个其它计算终端进行通信的任何终端(例如网卡,调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口422进行。并且,设备412还可以通过网络适配器420与一个或者多个网络(例如局域网(Local Area Network,LAN),广域网(Wide Area Network,WAN)和/或公共网络,例如因特网)通信。如图17所示,网络适配器420通过总线418与设备412的其它模块通信。应当明白,尽管图中未示出,可以结合设备412使用其它硬件和/或软件模块,包括但不限于:微代码、终端驱动器、冗余处理器、外部磁盘驱动阵列、磁盘阵列(Redundant Arrays of Independent Disks,RAID)系统、磁带驱动器以及数据备份存储系统等。The device 412 can also communicate with one or more external devices 414 (such as a keyboard, a pointing terminal, a display 424, etc.), and can also communicate with one or more terminals that enable a user to interact with the device 412, and/or communicate with The device 412 can communicate with any terminal (such as a network card, modem, etc.) that communicates with one or more other computing terminals. This communication can be performed through an input/output (I/O) interface 422. In addition, the device 412 may also communicate with one or more networks (for example, a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 420. As shown in FIG. 17, the network adapter 420 communicates with other modules of the device 412 through the bus 418. It should be understood that although not shown in the figure, other hardware and/or software modules can be used in conjunction with the device 412, including but not limited to: microcode, terminal drives, redundant processors, external disk drive arrays, and disk arrays (Redundant Arrays of Independent Disks, RAID) systems, tape drives, and data backup storage systems.
处理器416通过运行存储在存储装置428中的程序,从而执行各种功能应用以及数据处理,例如实现本申请实施例所提供的无线传感器网络的安全定位方法,该方法包括:The processor 416 executes various functional applications and data processing by running programs stored in the storage device 428, for example, to implement the secure positioning method of the wireless sensor network provided in the embodiment of the present application, the method includes:
获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the anchor point and the response signal. The target distance between the target nodes; determine the attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold; If the attack detection result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
本申请实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现如本申请实施例所提供的无线传感器网络的安全定位方法,该方法包括:The embodiment of the present application also provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the method for secure positioning of a wireless sensor network as provided in the embodiment of the present application is implemented, and the method includes:
获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻 击检测结果;如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the anchor point and the response signal. The target distance between the target nodes; determine the attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold; If the attack detection result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
本申请实施例的计算机存储介质,可以采用一个或多个计算机可读的介质的任意组合。计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本文件中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。The computer storage medium of the embodiment of the present application may adopt any combination of one or more computer-readable media. The computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium. The computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or a combination of any of the above. Examples of computer-readable storage media (non-exhaustive list) include: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In this document, the computer-readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or in combination with an instruction execution system, apparatus, or device.
计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。The computer-readable signal medium may include a data signal propagated in baseband or as a part of a carrier wave, and computer-readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. The computer-readable signal medium may also be any computer-readable medium other than the computer-readable storage medium. The computer-readable medium may send, propagate or transmit the program for use by or in combination with the instruction execution system, apparatus, or device .
计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括——但不限于无线、电线、光缆、RF等等,或者上述的任意合适的组合。The program code contained on the computer-readable medium can be transmitted by any suitable medium, including but not limited to wireless, wire, optical cable, RF, etc., or any suitable combination of the above.
可以以一种或多种程序设计语言或其组合来编写用于执行本申请操作的计算机程序代码,所述程序设计语言包括面向对象的程序设计语言-诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言-诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或终端上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LAN)或广域网(WAN)-连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。The computer program code used to perform the operations of this application can be written in one or more programming languages or a combination thereof. The programming languages include object-oriented programming languages-such as Java, Smalltalk, C++, and also conventional Procedural programming language-such as "C" language or similar programming language. The program code can be executed entirely on the user's computer, partly on the user's computer, executed as an independent software package, partly on the user's computer and partly executed on a remote computer, or entirely executed on the remote computer or terminal. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (for example, using an Internet service provider to pass Internet connection).
Claims (10)
- 一种无线传感器网络的安全定位方法,包括:A safe positioning method for wireless sensor network, including:获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;Obtain the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine the anchor point and the response signal. The target distance between the target nodes;根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;Determine an attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold;如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。If the attack detection result is that there is no ranging attack, the target node is located according to the target distance; otherwise, the target distance is discarded.
- 根据权利要求1所述的方法,其中,所述响应信号为所述目标节点通过对所述挑战信号、所述第一接收机噪声对应的第一接收机噪声方差和加密信息进行消息连接得到,所述加密信息为采用哈希函数对所述挑战信号和所述第一接收机噪声方差的消息连接结果进行加密得到。The method according to claim 1, wherein the response signal is obtained by the target node through message connection of the challenge signal, the first receiver noise variance corresponding to the first receiver noise, and encryption information, The encryption information is obtained by encrypting the message connection result of the challenge signal and the noise variance of the first receiver by using a hash function.
- 根据权利要求2所述的方法,其中,根据所述锚点对所述响应信号的解析结果,确定攻击检测结果,包括:The method according to claim 2, wherein determining the attack detection result according to the analysis result of the response signal by the anchor point comprises:根据所述解析结果中的解密信息和所述加密信息的比对结果,确定测距缩小攻击的检测结果,所述解密信息为所述锚点采用所述哈希函数对所述响应信号中提取的所述挑战信号和所述第一接收机噪声方差的消息连接结果解密得到。According to the comparison result of the decrypted information in the analysis result and the encrypted information, the detection result of the ranging and reduction attack is determined, and the decrypted information is that the anchor point uses the hash function to extract from the response signal The message connection result of the challenge signal and the noise variance of the first receiver is obtained by decrypting.
- 根据权利要求3所述的方法,其中,根据所述解析结果中的解密信息和所述加密信息的比对结果,确定测距缩小攻击的检测结果,包括:The method according to claim 3, wherein determining the detection result of the range-finding attack based on the comparison result of the decrypted information in the analysis result and the encrypted information comprises:如果所述加密信息和所述解密信息相同,则所述测距缩小攻击的检测结果为不存在测距缩小攻击;否则,所述测距缩小攻击的检测结果为存在测距缩小攻击。If the encrypted information and the decrypted information are the same, the detection result of the range reduction attack is that there is no range reduction attack; otherwise, the detection result of the range reduction attack is that there is a range reduction attack.
- 根据权利要求1所述的方法,其中,根据所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果,包括:The method according to claim 1, wherein determining an attack detection result according to the second receiver noise, the first receiver noise, and a preset detection threshold comprises:确定所述第一接收机噪声对应的第一接收机噪声方差以及所述第二接收机噪声对应的第二接收机噪声方差;Determine a first receiver noise variance corresponding to the first receiver noise and a second receiver noise variance corresponding to the second receiver noise;确定所述第二接收机噪声方差和第一接收机噪声方差的方差差值;Determine the variance value of the variance of the noise of the second receiver and the variance of the noise of the first receiver;根据所述方差差值以及所述检测阈值的比对结果,确定测距增大攻击的检测结果。According to the comparison result of the variance difference value and the detection threshold value, the detection result of the ranging increase attack is determined.
- 根据权利要求5所述的方法,其中,根据所述方差差值以及所述检测阈值的比对结果,确定测距增大攻击的检测结果,包括:The method according to claim 5, wherein determining the detection result of the range increase attack according to the comparison result of the variance value and the detection threshold value comprises:如果所述方差差值小于或等于所述检测阈值,则所述测距增大攻击的检测结果为不存在测距增大攻击;否则,所述测距增大攻击的检测结果为存在测距增大攻击。If the variance value is less than or equal to the detection threshold, the detection result of the range increase attack is that there is no range increase attack; otherwise, the detection result of the range increase attack is that there is range measurement Increase the attack.
- 根据权利要求1所述的方法,其中,如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位,包括:The method according to claim 1, wherein if the attack detection result is that there is no ranging attack, locating the target node according to the target distance includes:如果所述攻击检测结果为不存在测距增大攻击和测距缩小攻击,则根据所述目标距离采用双向到达时间算法对所述目标节点进行定位。If the attack detection result is that there is no range increase attack and range reduction attack, then a two-way arrival time algorithm is used to locate the target node according to the target distance.
- 一种无线传感器网络的安全定位装置,包括:A secure positioning device for a wireless sensor network, including:信息获取模块,设置为获取目标节点接收挑战信号时提取的第一接收机噪声,锚点接收响应信号时提取的第二接收机噪声以及所述锚点对所述响应信号的解析结果;并确定所述锚点和所述目标节点之间的目标距离;The information acquisition module is configured to acquire the first receiver noise extracted when the target node receives the challenge signal, the second receiver noise extracted when the anchor point receives the response signal, and the analysis result of the anchor point on the response signal; and determine The target distance between the anchor point and the target node;攻击检测模块,设置为根据所述锚点对所述响应信号的解析结果、所述第二接收机噪声、所述第一接收机噪声以及预设的检测阈值,确定攻击检测结果;An attack detection module, configured to determine an attack detection result according to the analysis result of the response signal by the anchor point, the second receiver noise, the first receiver noise, and a preset detection threshold;定位模块,设置为如果攻击检测结果为不存在测距攻击,则根据所述目标距离对所述目标节点进行定位;否则,将所述目标距离丢弃。The positioning module is configured to locate the target node according to the target distance if the attack detection result is that there is no ranging attack; otherwise, discard the target distance.
- 一种设备,包括:A device that includes:一个或多个处理器;One or more processors;存储装置,设置为存储一个或多个程序;Storage device, set to store one or more programs;当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如权利要求1-7中任一所述的无线传感器网络的安全定位方法。When the one or more programs are executed by the one or more processors, the one or more processors realize the secure positioning method of the wireless sensor network according to any one of claims 1-7.
- 一种计算机可读存储介质,存储有计算机程序,其中,所述程序被处理器执行时实现如权利要求1-7中任一所述的无线传感器网络的安全定位方法。A computer-readable storage medium storing a computer program, wherein when the program is executed by a processor, the secure positioning method for a wireless sensor network according to any one of claims 1-7 is realized.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2020/094284 WO2021243629A1 (en) | 2020-06-04 | 2020-06-04 | Secure positioning method and apparatus for wireless sensor network, device, and storage medium |
| CN202080002460.1A CN112205021B (en) | 2020-06-04 | 2020-06-04 | Secure positioning method, apparatus, device and storage medium for wireless sensor network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2020/094284 WO2021243629A1 (en) | 2020-06-04 | 2020-06-04 | Secure positioning method and apparatus for wireless sensor network, device, and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2021243629A1 true WO2021243629A1 (en) | 2021-12-09 |
Family
ID=74033208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2020/094284 WO2021243629A1 (en) | 2020-06-04 | 2020-06-04 | Secure positioning method and apparatus for wireless sensor network, device, and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112205021B (en) |
| WO (1) | WO2021243629A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115278867A (en) * | 2022-06-15 | 2022-11-01 | 深圳市人工智能与机器人研究院 | Wireless sensor network positioning method based on trust level evaluation |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116489694A (en) * | 2022-01-14 | 2023-07-25 | 华为技术有限公司 | Communication method and communication device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200568A (en) * | 2012-01-06 | 2013-07-10 | 西门子公司 | Method and device for node location in wireless sensor network and sensor nodes |
| WO2015172458A1 (en) * | 2014-05-14 | 2015-11-19 | 中国科学院沈阳自动化研究所 | Rssi positioning method based on frequency-hopping spread spectrum technology |
| CN108848459A (en) * | 2018-05-04 | 2018-11-20 | 广州杰赛科技股份有限公司 | 3-D positioning method, device and equipment based on wireless sensor network |
| CN108882225A (en) * | 2018-05-07 | 2018-11-23 | 中山大学 | Safe positioning method based on ranging in a kind of wireless sensor network |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103297955A (en) * | 2013-04-27 | 2013-09-11 | 天津工业大学 | Wireless sensor network safety positioning method |
| CN105491562B (en) * | 2015-11-30 | 2018-09-04 | 中北大学 | A kind of wireless sensor network attack resistance encryption localization method and device |
| US10447725B1 (en) * | 2017-01-24 | 2019-10-15 | Apple Inc. | Secure ranging wireless communication |
-
2020
- 2020-06-04 WO PCT/CN2020/094284 patent/WO2021243629A1/en active Application Filing
- 2020-06-04 CN CN202080002460.1A patent/CN112205021B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200568A (en) * | 2012-01-06 | 2013-07-10 | 西门子公司 | Method and device for node location in wireless sensor network and sensor nodes |
| WO2015172458A1 (en) * | 2014-05-14 | 2015-11-19 | 中国科学院沈阳自动化研究所 | Rssi positioning method based on frequency-hopping spread spectrum technology |
| CN108848459A (en) * | 2018-05-04 | 2018-11-20 | 广州杰赛科技股份有限公司 | 3-D positioning method, device and equipment based on wireless sensor network |
| CN108882225A (en) * | 2018-05-07 | 2018-11-23 | 中山大学 | Safe positioning method based on ranging in a kind of wireless sensor network |
Non-Patent Citations (1)
| Title |
|---|
| ZHANG LI; XIE NING; WANG HUI: "Distributed DOA Estimation in Wireless Sensor Networks Using Randomized Gossip Method", 2015 IEEE INTERNATIONAL CONFERENCE ON UBIQUITOUS WIRELESS BROADBAND (ICUWB), 4 October 2015 (2015-10-04), pages 1 - 5, XP032809294, DOI: 10.1109/ICUWB.2015.7324438 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115278867A (en) * | 2022-06-15 | 2022-11-01 | 深圳市人工智能与机器人研究院 | Wireless sensor network positioning method based on trust level evaluation |
| CN115278867B (en) * | 2022-06-15 | 2024-05-14 | 深圳市人工智能与机器人研究院 | Wireless sensor network positioning method based on trust evaluation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112205021A (en) | 2021-01-08 |
| CN112205021B (en) | 2023-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2011329272B2 (en) | Spot beam based authentication of a satellite receiver | |
| JP6728394B2 (en) | Wireless communication for angle of arrival determination | |
| US8949941B2 (en) | Geothentication based on network ranging | |
| WO2021243629A1 (en) | Secure positioning method and apparatus for wireless sensor network, device, and storage medium | |
| US20130010617A1 (en) | Relative position determination of wireless network devices | |
| Cheikhrouhou et al. | Blockloc: Secure localization in the internet of things using blockchain | |
| WO2021243628A1 (en) | Positioning optimization method and apparatus for wireless sensor network, and device and storage medium | |
| Niu et al. | Joint detection and localization in sensor networks based on local decisions | |
| Perazzo et al. | Secure positioning in wireless sensor networks through enlargement miscontrol detection | |
| CN114465646A (en) | System and method for phase-steered attack protection and detection in angle-of-arrival and angle-of-departure | |
| Liang et al. | Detection of global positioning system spoofing attack on unmanned aerial vehicle system | |
| Chowdhury et al. | Effect of sensor number and location in cross-correlation based node estimation technique for underwater communications network | |
| CN107040371B (en) | Method for generating a sequence of secret values in a device based on physical characteristics of a transmission channel | |
| JP2021148738A (en) | Communication device and location identification method | |
| US20230184879A1 (en) | Device positioning | |
| Ahmed et al. | A novel framework for abnormal behaviour identification and detection for wireless sensor networks | |
| Zhang et al. | Steering acoustic intensity estimator using a single acoustic vector hydrophone | |
| Qiu et al. | MAGIK: An efficient key extraction mechanism based on dynamic geomagnetic field | |
| Malaney | Securing Wi-Fi networks with position verification: extended version | |
| WO2022116202A1 (en) | Authentication method and device, and related products | |
| JP6378349B2 (en) | Key distribution in wireless systems | |
| Wang et al. | A low-complexity cooperative algorithm for robust localization in wireless sensor networks | |
| Yan et al. | Optimal local sensor decision rule for target detection with channel fading statistics in multi-sensor networks | |
| Liu et al. | Time‐of‐arrival estimation for smartphones based on built‐in microphone sensor | |
| NL2029052B1 (en) | Identifying and distance-measuring remote devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20939339 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27/03/2023) |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 20939339 Country of ref document: EP Kind code of ref document: A1 |