- 學位論文
無線感測網路之安全資料聚集與資料搜尋方法設計
The Design of Secure Data Aggregation and Data Searching for Wireless Sensor Networks
摘要
無線感測網路中感測器(Sensor Node)之間的通訊方式則是採用無線通訊方式,每個感測器持續的傳送感測器的讀值(Reading),並將讀值傳到無線資料收集器上再加以處理,因此在同一時間內會有大量的資料在無線感測網路中傳送,造成網路雍塞及感測器耗損大量的電力,並進而減損整個網路的使用時效(Lifetime)。為了克服這個問題,有許多研究便以「資料聚集」(Data Aggregation)的方式來減少資料的傳遞量,但由於Sensor是隨意地散佈於環境四周,因此資料在聚集或傳送時極易遭到監聽,入侵或修改,因此如何在Sensor彼此之間建立起認證的管道,以確保資料是正確的傳遞到接收端便是一個重要的議題。 本篇論文所探討的主題為無線感測網路裡資料聚集的安全機制。第一章中我們會深入的介紹目前常見的資料聚集方法,並針對不同的資料聚集方法在安全上的漏洞加以整理分析,並針對目前的防護方式加以整理與討論。第二章著重於無線網路的資料聚集方法,在第二章我們提出了一個安全的資料聚集方法,資料可以在不被第三者知悉且資料是加密的情形下,將重複的資料剔除。本論文所提出之方法可適用於低成本且低算能力的無線感測器上,並只需要 的金鑰空間,可實作在無線感測器上,進而強化無線感測器的安全能力。 第三章中我們提出了在可感知RFID之無線感測網路中認證及輕量(lightweight)的資料搜尋方法。我們提出一個混合RFID及感測器所構成的無線感測網路架構(ARIES),以及在這個架構下的相互認證方法(Mutual Authentication),及一個提供使用者可以在資料是加密且不須解密的情形下,可以搜尋密文中是否有特殊的字串的搜尋方法。本章所提出的可感知RFID之無線感測網路結合了RFID與無線感測網路,可解決無線感測網路中的距離限制問題。本章所提出的認證方法可以適用於無線感測網路並減少重新認證的次數。本章所提出的資料搜尋方法可以在資料不須解密的情形下搜尋特定字串,藉此,可以避免資料在無線網路中傳送遭到竊取或破壞。 而受制於無線感測器的硬體限制,可以儲存金鑰的空間極少,因此第四章中我們提出了一個金鑰建佈(Key Distribution)的方法,我們利用了Hash Chain建立Pair-wise金鑰,使得每個Node所需要的金鑰儲存空間更少,但仍保存相同的Network Connectivity,及藉此建立起點與點的金鑰,達到點與點的安全性。 藉由本論文提出的方法,可以建立起無線感測網路的安全防禦機制。首先,藉由我們所提出的金鑰建佈方法,可以建立起點與點的安全溝通管道(Secure Communication Channel)且只需要較少的儲存空間。而第三章提出的資料搜尋方法,提供了一個在加密資料的搜尋機制,除了確保資料安全外,更加上搜尋的功能。而第二章提出的資料聚集方法,除了維持資料的安全性及完整性(Integrity)外,讓感測器可以濾掉由不同的感測器且每個感測器有不同的加密金鑰的情形下,濾掉重複的資料,除了可以避免資料遭到破壞或竄改外,更可以延長無線感測網路的整體平均壽命。本論文除了考慮安全性外,更考慮了省電性,且相關設計都以可以在無線感測上實現為優先,可以做為無線感測網路的安全基礎建設(Security Infrastructure)。
並列摘要
Wireless Sensor Networks (WSNs) are formed by a set of small devices, called nodes, with limited computing power, storage space, and wireless communication capabilities. Most of these sensor nodes are deployed within a specific area to collect data or monitor a physical phenomenon. Data collected by each sensor node needs to be delivered and integrated to derive the whole picture of sensing phenomenon. To deliver data without being compromised, WSN services rely on secure communication and efficient key distribution. This paper focuses mainly on establishing security protection in WSNs. The first part of the paper proposes a secure encrypted-data aggregation scheme for wireless sensor networks. Our design for data aggregation eliminates redundant sensor readings without using encryption and maintains data secrecy and privacy during transmission. Conventional aggregation functions operate when readings are received in plaintext. If readings are encrypted, aggregation requires decryption creating extra overhead and key management issues. In contrast to conventional schemes, our proposed scheme provides security and privacy, and duplicate instances of original readings will be aggregated into a single packet. Our scheme is resilient to known-plaintext attacks, chosen-plaintext attacks, ciphertext-only attacks and man-in-the-middle attacks. Our experiments show that our proposed aggregation method significantly reduces communication overhead and can be practically implemented in on-the-shelf sensor platforms. The second part of the paper investigates authentication and secure data retrieval issues in RFID-aware wireless sensor networks. To cope with the problems, we proposes a network architecture (ARIES) consisting of RFIDs and wireless sensor nodes, a mutual authentication protocol (AMULET), and a secret search protocol (SSP). ARIES utilizes RFID-aware sensor nodes to alleviate the distance limitation problem commonly seen in RFID systems. AMULET performs mutual authentication and reduces the cost of re-authentication. SSP solves the privacy problem by offering a lightweight secret search mechanism over encrypted data, thereby preventing data disclosure during communication and query processes. The proposed scheme only uses symmetric cryptosystems, and does not need to decrypt encrypted data files while searching for specific data. In this way, fewer decryption and encryption operations are needed, and the performance of secret search and data retrieval is greatly improved. In last part, we proposed two key distribution schemes for WSNs, which require less memory than existing schemes for the storage of keys. The Adaptive Random Pre-distributed scheme (ARP) is able to authenticate group membership and minimize the storage requirement for the resource limited sensor nodes. The Uniquely Assigned One-way Hash Function scheme (UAO) extends ARP to mutually authenticate the identity of individual sensors, and can resist against the compromise of sensor nodes. The two proposed schemes are very effective for the storage of keys in a wireless sensor network with a large number of sensors.
參考文獻
被引用紀錄
延伸閱讀
- Wang, C. H. (2009). 一個於無線感測網路中即時且安全的資料聚合機制之研究 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-1111200916111337
- Hsiao, Y. K. (2007). 安全的網格架構感測網路資料傳輸技術之研究 [master's thesis, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2007.00501
- 陳憲廷(2010)。無線感測網路於即時結構安全監測系統之研發〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2010.10547
- 林偉聖、黃仁俊、陳潤賢(2007)。無線感測網路中安全可靠的資料傳輸技術之簡介。資訊安全通訊,13(4),58-68。https://doi.org/10.29614/DRMM.200710.0005
- Chen, C., Lee, K., Park, J. S., & Baek, S. J. (2015). Minimum Cost Data Aggregation for Wireless Sensor Networks Computing Functions of Sensed Data. Journal of Sensors, 2015(), 883-899-086. https://doi.org/10.1155/2015/506909