簡易檢索 / 詳目顯示

回結果列表
研究生: 林柏廷
Lin, Po-ting
論文名稱: 在無線感測網路上一個創新的分散式金鑰廢止機制
Novel Distributed Key Revocation Scheme in Wireless Sensor Networks
指導教授: 李忠憲
Li, Jung-shian
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2009
畢業學年度: 97
語文別: 英文
論文頁數: 44
中文關鍵詞: 分散式演算法金鑰管理安全金鑰廢止無線感測網路
外文關鍵詞: wireless sensor network, key revocation, security, key management, distributed algorithms
相關次數: 點閱:107下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 金鑰管理(key management)是無線感測網路(wireless sensor network)中安全的主要核心機制,其中又分成兩個部分,分別是金鑰分佈(key distribution)和金鑰廢止(key revocation),金鑰分佈主要是描述如何把秘密資訊分配到節點中,使節點可以安全的通訊;而金鑰廢止則是描述當節點中的秘密資訊有可能被洩漏時,如何移除這些祕密資訊。目前已經有許多研究專注在金鑰分佈方面,然而金鑰廢止仍算一個新興的議題。金鑰廢止的方法可以分為集中式和分散式兩大類,集中式的方法需要靠管理機構(authority)集中認證管理反應,分散式有反應快速的優點,但通常其機制較為複雜。
    目前所提出的分散式金鑰廢止機制,無法應用到一些金鑰會隨機重複分配的金鑰分配機制,然而這些機制卻是更需要快速的將金鑰廢止。因此本論文提出一種新的分散式金鑰廢止機制,除了保有分散式的優點外,同時能應用在上述所提的金鑰分配機制中,也就是說我們的機制可以廣泛的應用到所有的金鑰分佈機制,使金鑰能被有效率的廢止,同時我們也證明此機制可以防禦各種可能的攻擊模型,最後會與Chan等人所提出的金鑰廢止機制做效能的分析比較,可以看出我們的機制不論在所需的儲存空間、封包資訊量、計算複雜度都有更好的結果。

    Key management is the main secure mechanism in wireless sensor networks, and there are two part of it: key distribution and key revocation. The key distribution describes how to assign the secret key to each sensor node, and they can confidentially communicate with each other; the key revocation describes how to remove these secret keys when they are compromised. So far, there are many researches focusing on key distribution, and key revocation is still a new issue because it has little attention. There are two kinds of key revocation scheme: centralized scheme which has the central authority to perform authentic revocation, and distributed scheme has advantage of fast reaction and doesn’t have single point failure problem. However, the distributed scheme is more complex than centralized one.

    To the best of our knowledge, the existed distributed key revocation scheme can’t be applied to the key distribution schemes which have property of key duplication. Nevertheless, these schemes must remove compromised key quickly. In this thesis, we proposed a novel distributed key revocation scheme that can solve the above problem. That is, our scheme is a general case of distributed revocation scheme adopted any kind of key distribution scheme regardless. In addition, we proved that our scheme can prevent any possible attack model. Finally, we will analyze the performance of storage, communication, and computation overhead and our scheme has better result than the scheme proposed by Chan et al.

    Chapter 1 Introduction.................................1 Chapter 2 Related Works................................4 2.1 Key Distribution Scheme.........................5 2.1.1 Fully Pairwise Keys Scheme......................5 2.1.2 The Centralized Key Distribution Scheme.........5 2.1.3 The Eschenauer-Gligor (EG) Scheme...............6 2.1.4 Random Pairwise Keys Scheme.....................7 2.1.5 λ-Secure n × n Key Establishment Schemes.......7 2.1.6 Multispace Key Schemes..........................8 2.2 Random Graph Theorem............................8 2.3 Key Revocation Scheme..........................10 2.3.1 The Centralized Key Revocation Scheme..........11 2.3.2 The Distributed Key Revocation Scheme..........11 2.3.3 Basic Properties of Distributed Revocation.....15 Chapter 3 System Architecture.........................16 3.1 Definitions of Terms Used......................17 3.2 Definitions of Adversary Model.................18 3.3 Assumptions of Our Protocol....................19 3.4 Our Protocol for Distributed Sensor Node Revocation...............................................20 3.4.1 Offline Initialization.........................20 3.4.2 Connection Establishment.......................22 3.4.3 Stages of a Revocation Session.................23 3.4.4 Voting in a Revocation Session.................24 3.4.5 Completing the Revocation Process..............26 Chapter 4 Proofs of Distributed Revocation Properties.29 4.1 Property 1- Completeness.......................30 4.2 Property 2- Soundness..........................32 4.3 Property 3- Bounded Time Revocation Completion.32 4.4 Property 4- Unitary Revocation.................33 4.5 Property 5- Revocation Attack Resistance.......34 4.6 Property 6- Stale State Resistance.............35 Chapter 5 Performance Analysis........................36 Chapter 6 Conclusions.................................40 References...............................................42

    [1] W. Du, J. Deng, Y. S. Han and P. K. Varshney, “A Key Predistribution Scheme for Sensor Networks Using Deployment Knowledge,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 1, Jan.-March 2006.
    [2] L. Eschenauer and V.D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS 2002), pp. 41-47, 2002.
    [3] H. Chan, A. Perrig and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” Proc. IEEE Symp. Security and Privacy, May 2003.
    [4] D. Liu and P. Ning, “Establishing Pairwise Keys in Distributed Sensor Networks,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS 2003), pp. 52-61, Oct. 2003.
    [5] H. Chan, V.D. Gligor, A. Perrig and G. Muralidharan, “On the Distribution and Revocation of Cryptographic Keys in Sensor Networks,” IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 3, July-Sep. 2005.
    [6] Y. Wang, B. Ramamurthy, and X. Zou, “KeyRev: An Efficient Key Revocation Scheme for Wireless Sensor Networks,” in Proc. ICC’07, Glasgow, Scotland, U.K., June 2007.
    [7] S.P. Miller, C. Neuman, J.I. Schiller, and J.H. Saltzer, “Kerberos Authentication and Authorization System,” Project Athena Technical Plan, section E.2.1, 1987.
    [8] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proc. Seventh Ann. Int’l Conf. Mobile Computing and Networks (MobiCom 2001), pp. 189-199, July 2001.
    [9] R. Blom, “An Optimal Class of Symmetric Key Generation Systems,” Proceedings of EUROCRYPT ’84 on Advances in Cryptology, pp. 335-338, 1985.
    [10] C. Blundo, A.D. Santis, A. Herzberg, S. Kutten, U. Vaccaro and M.Yung, “Perfectly-Secure Key Distribution for Dynamic Conferences,” Lecture Notes in Computer Science, vol. 740, pp. 471-486, 1993.
    [11] W. Du, J. Deng, Y. Han, and P. Varshney, “A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS 2003), pp. 42-51, Oct. 2003.
    [12] J. Spencer, The Strange Logic of Random Graphs, Algorithms and Combinatorics 22, Springer-Verlag 2000, ISBN 3-540-41654-4.
    [13] R. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Research in Security and Privacy, pp. 122-134, Apr. 1980.
    [14] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil Attack in Sensor Networks: Analysis and Defenses,” Proc. Third Int’l Workshop Information Processing in Sensor Networks (IPSN), 2004.
    [15] B. Parno, A. Perrig, and V. Gligor, “Distributed Detection of Node Replication Attacks in Sensor Networks,” Proc. IEEE Symp. Security and Privacy, 2005.
    [16] D. Liu and P. Ning, “Location-Based Pairwise Key Establishments for Static Sensor Networks,” Proc. ACM Workshop Security in Ad Hoc and Sensor Networks (SASN ’03), Oct. 2003.
    [17] H. Chan and A. Perrig, “PIKE: Peer Intermediaries for Key Establishment in Sensor Networks,” Proc. 24th Conf. IEEE Comm. Society (Infocom 2005), Mar. 2005.
    [18] C.S. Laboratory, “Secure Hash Standard,” pp. 180-182, Aug. 2002.
    [19] S. Zhu, S. Setia, S. Jajodia, and P. Ning, “An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks,” in Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2004, pp. 259–271.
    [20] F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical En-Route Filtering of Injected False Data in Sensor Networks,” in Proceedings of IEEE INFOCOM, Hong Kong, 2004.
    [21] G. Wang, W. Zhang, C. Cao, and T. L. Porta, “On Supporting Distributed Collaboration in Sensor Networks,” in Proceedings of MILCOM, 2003.
    [22] A. Shamir, “How to Share a Secret,” Commun. ACM, vol. 22, no. 11, pp. 612–613, 1979.
    [23] J. Zhou, M. He, “An Improved Distributed Key Revocation Scheme in Wireless Sensor Networks” in Proceedings of IEEE ICCT, 2008.
    [24] I. Akyildiz, W. Su, Y. Sankarasubramaniam and E. Cayirci, “A survey on sensor networks,” IEEE Commun. Mag. 40 8 (2002), pp. 102–114.
    [25] L. Zhou, J. Ni, and C. Ravishankar, “Supporting Secure Communication and Data Collection in Mobile Sensor Networ,” In INFOCOM, 2006.
    [26] S. Capkun, J.-P. Hubaux, and L. Buttyan, “Mobility Helps Peer-to-Peer Security,” IEEE Transactions on Mobile Computing, 5(1):43–51, Jan 2006.
    [27] Grossglauser, M., and Tse, D.N.C., “Mobility Increases the Capacity of Ad Hoc Wireless Networks,” IEEE/ACM Transactions on Networking, 10(4), pp. 477-486, 2002.
    [28] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory, IT-22:644–654, November 1976.
    [29] R. Dutta, S. Mukhopadhyay, “Improved Self-Healing Key Distribution with Revocation in Wireless Sensor Network,” in Proceedings of IEEE WCNC 2007.
    [30] G. Dini and I. M. Savino, “An efficient key revocation protocol for wireless sensor networks,” in Proceedings of IEEE WOWMOM’06, Niagara-Falls, Buffalo-NY, 26–29 June 2006.

    下載圖示 校內:2010-07-31公開
    校外:2010-07-31公開
    QR CODE