计算机科学

计算机科学 ›› 2019, Vol. 46 ›› Issue (9): 169-175.doi: 10.11896/j.issn.1002-137X.2019.09.024

• 信息安全 • 上一篇    下一篇

一种面向WSN的双向身份认证协议及串空间模型

刘静1,2, 赖英旭1,2,3, 杨胜志4, Lina Xu5   

  1. (北京工业大学信息学部 北京100124)1;
    (可信计算北京市重点实验室 北京100124)2;
    (信息保障技术重点实验室 北京100072)3;
    (北京工业大学信息化建设与管理中心 北京100124)4;
    (爱尔兰都柏林大学计算机学院 都柏林999014)5
  • 收稿日期:2018-08-22 出版日期:2019-09-15 发布日期:2019-09-02
  • 通讯作者: 刘 静(1978-),女,博士,助理研究员,CCF会员,主要研究方向为网络安全、可信计算,E-mail:jingliu@bjut.edu.cn(
  • 作者简介:赖英旭(1973-),女,博士,教授,主要研究方向为网络安全、可信计算;杨胜志(1982-),男,硕士,工程师,主要研究方向为网络安全;Lina Xu(1986-),女,博士,主要研究方向为物联网。
  • 基金资助:
    青海省自然科学基金(2017-ZJ-912),北京工业大学国际科研合作种子基金(2018-B9),信息保障技术重点实验室基金(614211204031117),北京市自然科学基金(4162006),国防科技实验信息安全实验室对外开放项目(2015XXAQ09)

Bilateral Authentication Protocol for WSN and Certification by Strand Space Model

LIU Jing1,2, LAI Ying-xu1,2,3, YANG Sheng-zhi4, Lina XU5   

  1. (Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China)1;
    (Beijing Key Laboratory of Trusted Computing,Beijing 100124,China)2;
    (National Engineering Laboratory for Critical Technologies of Information Security Classified Protection,Beijing 100072,China)3;
    (Information Technology Support Center,Beijing University of Technology,Beijing 100124,China)4;
    (School of Computer Science,University College Dublin,Dublin 999014,Ireland)5
  • Received:2018-08-22 Online:2019-09-15 Published:2019-09-02

PDF (PC)

704

摘要: 随着工业互联网、智慧农业、智能家居等领域的发展,无线传感网络(WSN)得到了更广泛的应用,但安全问题也随之凸显。针对无线传感网络中传感器节点易失效、能量和计算存储能力受限等问题,构建了一种基站与传感器节点间的基于状态信息的双向身份认证协议,其能在满足无线传感网络轻量级和低成本要求的同时确保安全性。协议首先在节点接入阶段基于可信网络连接进行平台可信情况的认证,以验证节点的可信情况并实现节点的加密注册。然后在运行阶段通过重要数据双向认证过程对重要数据的传输过程进行保护,利用定时更新认证确认传感器节点的状态和可靠性。协议允许基站定时检测节点的运行状态信息,及时监测到节点的物理损坏,并利用节点的运行状态信息进行认证,以进一步增强协议的安全性。同时,该协议还引入了报警机制,该机制可以区分通信错误、节点的物理损坏以及攻击者攻击。本协议降低了认证过程的通信量,引入的报警消息可以增强排障能力。利用串空间模型对协议进行形式化分析,证明了协议的安全性。最后通过实验验证了设计的双向身份认证协议能提供较好的安全性,而且发送数据增加的延迟时间在可接受的范围内,网络可扩展性好。所提方案能够加强网络接入安全并且有效防御来自节点系统内部的攻击,具有较好的应用价值。

关键词: 报警机制, 串空间模型, 身份认证协议, 无线传感器网络

Abstract: With the development of industrial Internet,smart agriculture,smart home and other fields,wireless sensor networks (WSN) have been more widely used.However,its security issues have become prominent.Aiming at the problems of the vulnerability to failure as well as the limited capacity of energy and computational storage of sensor nodes in the wireless sensor networks (WSN),this paper constructed a two-way identity authentication protocol based on state information between base station and sensor nodes,which can ensure safety while meeting the requirements of lightweight and low cost of wireless sensor networks.First,the protocol authenticates the trusted situation of the platform based on the trusted network connection in the node access phase,verifies the trusted condition of the node and implements its encrypted registration.Then,during the operation phase,the transmission process of the important data is protected by the two-way authentication process of the data,and the status and reliability of the sensor nodes are confirmed by the timing update authentication.Meanwhile,the protocol allows the base station to periodically detect the running state information of the node,which is used for authentication to further enhance the protocol security,and to timely monitor the physical damage of the node.The proposed protocol reduces the communication process of the authentication process,while the introduced alarm message can enhance the troubleshooting capability,and the serial space model is used to formally analyze the protocol,proving the security of the protocol.Finally,the experimental results show that under a reasonable safety condition,the designed two-way identity authentication protocol has a good network scalability,and the increased delay time of sending data is within an acceptable range.The solution can enhance network access security and effectively defend against attacks from the inside node system,having good application value.

Key words: Alert mechanism, Authentication protocol, Strand space model, Wireless sensor networks

中图分类号: 

  • TP309
[1]QIAN Z H,WANG Y J.Internet of Things-oriented WirelessSensor Networks Review[J].Journal of Electronics & Information Technology,2013,35(1):215-227.(in Chinese)钱志鸿,王义君.面向物联网的无线传感器网络综述[J].电子与信息学报,2013,35(1):215-227.
[2]BOUBICHE D E,PATHAN A S K,LLORET J,et al.Advanced industrial wireless sensor networks and intelligent iot[J].IEEE Communications Magazine,2018,56(2):14-15.
[3]STOJKOSKA B L R,TRIVODALIEV K V.A review of Internet of Things for smart home:Challenges and solutions[J].Journal of Cleaner Production,2017,140:1454-1464.
[4]PAWAR M,AGARWAL J.A literature survey on security issues of WSN and different types of attacks in network[J].IndianJournal of Computer Science and Engineering,2017,8(2):80-83.
[5]BAUER K,LEE H.A distributed authentication scheme for a wireless sensing system [J].ACM Transactions on Information and System Security,2008,11(3):1-35.
[6]AXELM,DARTIESB,BARILJ L.Blockchain based trust & authentication for decentralized sensor networks[J].arXiv:1706.01730,2017.
[7]KANG B Y,WANG J Q,SHAO D Y,et al.A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks[J].Netinfo Security,2018,18(1):23-30.(in Chinese)亢保元,王佳强,邵栋阳,等.一种适用于异构Ad Hoc无线传感器网络的身份认证与密钥共识协议[J].信息网络安全,2018,18(1):23-30.
[8]TAI W L,CHANG Y F,LI W H.An IoT Notionbased Authent icat ion a nd Key Ag reement Scheme Ensur ingUser Anonymit y for Heterogeneous Ad Hoc Wireless Sensor Networks[J].Journal of Information Security and Applications,2017,34(2):133-141.
[9]HAMMI M T,LIVOLANT E,BELLOT P,et al.A lightweight mutual authentication protocol for the IoT[C]//Proceedings of International Conference on Mobile and Wireless Technology.Singapore:Springer,2017:3-12.
[10]HAMMI M T,LIVOLANT E,BELLOT P,et al.A lightweight IoT security protocol[C]//Proceedings of Cyber Security in Networking Conference (CSNet).Rio de Janeiro:IEEE Press,2017:1-8.
[11]WANG Y.Reserch on Secure Authentication Scheme For Re-souce-constrained Environments[D].Taiyuan:Taiyuan University of Technology,2016.(in Chinese)王颖.资源受限环境安全身份认证方案研究[D].太原:太原理工大学,2016.
[12]WANG C D,BAI Y,MO X L,et al.Identity of Two-way Authentication Mechanism Research Based on the Internet of Things[J].Acta Scientiarum Naturalium Universitatis Nankaiensis,2016,49(2):22-28.(in Chinese)王春东,白仪,莫秀良,等.基于物联网的身份双向认证机制研究[J].南开大学学报(自然科学版),2016,49(2):22-28.
[13]LIU T,XIONG Y,HUANG W C,et al.Node behavior and identity-based trusted authentication in wireless sensor networks[J].Journal of Computer Applications,2013,33(7):1842-1845,1857.(in Chinese)刘涛,熊焰,黄文超,等.无线传感器网络中基于节点行为和身份的可信认证[J].计算机应用,2013,33(7):1842-1845,1857.
[14]FOUCHAL H,BIESA J,ROMERO E,et al.A Security Scheme for Wireless Sensor Networks[C]//Proceedings of Global Communications Conference (GLOBECOM).Washington:IEEE Press,2016:1-5.
[15]YEIN A D,LIN C H,HSIEH W S.A secure mutual trustscheme for wireless sensor networks[C]//Proceedings of Industrial Electronics (ISIE),2017 IEEE 26th International Symposium.Edinburgh:IEEE Press,2017:1369-1375.
[16]刘静,刁子朋,庄俊玺,等.一种软件定义网络中安全的可信接入方法:中国,CN105933245A[P].2016-09-07.
[17]THAYER F J,HERZOG J C,GUTTMAN J D.Strand Spaces:Proving Security Protocols Correct[J].Journal of Computer Security,1999,7(2/3):191-230.
[18]XU F,GAO X C,HUANG H.Design and Correctness Proof of a Security Protocol for Mobile Computing[J].Compuer Science,2008,35(11):74-77.(in Chinese)许峰,高晓春,黄皓.基于Strand Space的移动计算安全协议设计与正确性证明[J].计算机科学,2008,35(11):74-77.
[19]LIU J,LAI Y X,DIAO Z P,et al.A trusted access method in software-defined network[J].Simulation Modelling Practice and Theory,2017,74(5):28-45.
[1] 范星泽, 禹梅.
改进灰狼算法的无线传感器网络覆盖优化
Coverage Optimization of WSN Based on Improved Grey Wolf Optimizer
计算机科学, 2022, 49(6A): 628-631. https://doi.org/10.11896/jsjkx.210500037
[2] 王国武, 陈元琰.
基于跳数修正和遗传模拟退火优化DV-Hop定位算法
Improvement of DV-Hop Location Algorithm Based on Hop Correction and Genetic Simulated Annealing Algorithm
计算机科学, 2021, 48(6A): 313-316. https://doi.org/10.11896/jsjkx.201000101
[3] 王栋, 王虎, 姜迁里.
基于6LoWPAN的低功耗长距离海洋环境监测系统
Low Power Long Distance Marine Environment Monitoring System Based on 6LoWPAN
计算机科学, 2020, 47(6A): 596-598. https://doi.org/10.11896/JsJkx.190900194
[4] 刘宁宁,樊建席,林政宽.
基于地址空间的树型网络地址分配
Address Assignment Algorithm for Tree Network Based on Address Space
计算机科学, 2020, 47(2): 239-244. https://doi.org/10.11896/jsjkx.190400130
[5] 苏凡军,杜可怡.
WSNs中基于信任度的节能机会路由算法
Trust Based Energy Efficient Opportunistic Routing Algorithm in Wireless Sensor Networks
计算机科学, 2020, 47(2): 300-305. https://doi.org/10.11896/jsjkx.190100172
[6] 周文祥, 乔学工.
基于能量优化的无线传感器网络任播路由算法
Anycast Routing Algorithm for Wireless Sensor Networks Based on Energy Optimization
计算机科学, 2020, 47(12): 291-295. https://doi.org/10.11896/jsjkx.190900069
[7] 李正阳, 陶洋, 周远林, 杨柳.
基于能量获取的能耗均衡多跳分簇路由协议
Energy-balanced Multi-hop Cluster Routing Protocol Based on Energy Harvesting
计算机科学, 2020, 47(11A): 296-302. https://doi.org/10.11896/jsjkx.200300002
[8] 侯明星,亓慧,黄斌科.
基于分布式压缩感知的无线传感器网络异常数据处理
Data Abnormality Processing in Wireless Sensor Networks Based on Distributed Compressed Sensing
计算机科学, 2020, 47(1): 276-280. https://doi.org/10.11896/jsjkx.180901667
[9] 王改云, 王磊杨, 路皓翔.
基于混合群智能算法优化的RSSI质心定位算法
RSSI-based Centroid Localization Algorithm Optimized by Hybrid Swarm Intelligence Algorithm
计算机科学, 2019, 46(9): 125-129. https://doi.org/10.11896/j.issn.1002-137X.2019.09.017
[10] 王静, 仇晓鹤.
基于分簇和融合补偿策略的多维标度定位算法
Advanced MDS-MAP Localization Algorithm with Clustering and Fusion Compensation Strategy
计算机科学, 2019, 46(8): 145-151. https://doi.org/10.11896/j.issn.1002-137X.2019.08.024
[11] 叶娟, 陈元琰, 王明, 尼迎波.
多通信半径与角度修正的凸规划改进定位算法
Optimized Convex Localization Algorithm Using Multiple Communication Radius and Angle Correction
计算机科学, 2019, 46(6A): 317-320.
[12] 梁平元, 李杰, 彭娇, 王会.
基于协作MIMO的UWSN三维动态分簇路由算法研究
Research on 3D Dynamic Clustering Routing Algorithm Based on Cooperative MIMO for UWSN
计算机科学, 2019, 46(6A): 336-342.
[13] 李秀琴, 王天荆, 白光伟, 沈航.
基于压缩感知的两阶段多目标定位算法
Two-phase Multi-target Localization Algorithm Based on Compressed Sensing
计算机科学, 2019, 46(5): 50-56. https://doi.org/10.11896/j.issn.1002-137X.2019.05.007
[14] 孙博文, 韦素媛.
基于自适应调整策略灰狼算法的DV-Hop定位算法
DV-Hop Localization Algorithm Based on Grey Wolf Optimization Algorithm with
Adaptive Adjutment Strategy
计算机科学, 2019, 46(5): 77-82. https://doi.org/10.11896/j.issn.1002-137X.2019.05.012
[15] 杨莺, 杨武德, 吴华瑞, 缪祎晟.
基于移动sink的农田无线传感器网络数据收集策略
Mobile Sink Based Data Collection Strategy for Farmland WSN
计算机科学, 2019, 46(4): 106-111. https://doi.org/10.11896/j.issn.1002-137X.2019.04.017
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发