分散無線感測網路總是有偵測和制止惡意節點的問題，所以感測網路對於節點身份和訊息傳輸必需提供認證服務。惡意節點的偵測與阻止的方案通常被整合於感測安全的應用，使得感測網路可以提高網路的安全性。此篇論文使用可調適的安全組件來發展叢集感測網路的安全通訊，在基本的安全組件中使用一個動態認證策略，使得已存在的感測節點能夠認證新部署進來的鄰近節點，並與其建立安全連線和廣播認證。基本安全組件的設計阻止了來自外來惡意節點的入侵。而為了進一步的安全設計，所提出的組件中透過一個入侵偵測的策略也可以逐出被感染的節點。這模組的功能含有警示回報、信賴評估、和黑名單/白名單等策略。當感測網路的生命週期被劃分成多次叢集循環時，此研究採用所提出的動態認證和入侵偵測模組來達到叢集感測網路的通訊安全。最後安全分析結果顯示本研究所提出的組件設計，透過節點的監控機制可以有很好的成功率來制止和偵測到惡意節點。根據所評估的效能結果，所提出的安全模組對於感測節點帶來低儲存、低計算、和低通訊的負荷。

Distributed wireless sensor networks have problems of detecting and preventing malicious nodes. Therefore, sensor networks need an authentication service for sensor identity and message transmission. Intrusion detection and prevention schemes are always integrated in sensor security appliances to enhance network security. My thesis develops secure communications in a cluster-based sensor network (SecCBSN) using adaptive security modules. A dynamic authentication scheme in the proposed primary security module enables existing nodes to authenticate new incoming nodes, triggering the establishment of secure links and broadcast authentication between neighboring nodes. This primary security design prevents intrusion from external malicious nodes. For advancing security, the proposed modules can also exclude internal compromised nodes using an intrusion detection module, which contains an alarm return, trust evaluation, and black and white lists. The two modules are adopted to achieve secure communication in cluster-based sensor networks when the network lifetime is divided into multiple cluster rounds. Finally, the security analysis results indicate that the proposed design can prevent and detect malicious nodes using monitor mechanisms with a high probability of success. According to the performance evaluation results, the proposed security modules result low storage, computation, and communication overhead in sensor nodes.

[1] D. Djenouri, L. Khelladi, and A.N. Badache, "A Survey of Security Issues in Mobile Ad Hoc and Sensor Networks", Communications Surveys & Tutorials, Fourth Quarter, vol. 7, no. 4, pp. 2-28, 2005.
[2] S. Tanachaiwiwat, P. Dave, R. Bhindwale, and A. Helmy, "Location-Centric Isolation of Misbehavior and Trust Routing in Energy-constrained sensor networks", IEEE International Conference on Performance, Computing, and Communications, pp. 463–469, 2004.
[3] E.J. Duarte-Melo, and M. Liu, "The Effect of Organization on Energy Consumption in Wireless Sensor Networks", In IEEE Global Ccommuncations Conference, 2002.
[4] M. Boghe, and W. Trappe, "An Authentication Framework for Hierarchical Ad Hoc Sensor Networks", Proc. of the 2003 ACM Workshop on Wireless Security, pp. 79-87, 2003.
[5] Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates, draft-ietf-pkix-ipki-ecdsa-02.txt.
[6] A. Perrig, R. Szewczyk, D. Tygar, V. Wen, and D. Culler, "SPINS: Security Protocols for Sensor Networks", Wireless Networks, vol. 8, no. 5, pp. 521-534, 2002.
[7] W. Du, J. Deng, Y. S. Han, and P. K. Varshney, "A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks", Proc. of the 10th ACM Conference on Computer and Communications Security, pp. 42–51, Oct. 2003.
[8] D. Huang, M. Mehta, and D. Medhi, "Source Routing Based Pairwise Key Establishment Protocol for Sensor Networks", Proc. of the 24th IEEE International Performance Computing and Communications Conference, pp. 177-183, Apr. 2005.
[9] S. Zhu, S. Setia, and S. Jajodia, "LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks", Proc. of the 10th ACM Conference on Computer and Communications Security, Oct. 2003.
[10] W. R. Heinzelman, A. Chandrakasan, and H. Balakrishnan, "Energy-Efficient Communication Protocol for Wireless Microsensor Networks", Proc. of the 33rd Annual Hawaii International Conference on System Sciences, pp. 3005-3014, Jan. 2000.
[11] H. Zhang, J.C. Hou, "Maintaining Sensing Coverage and Connectivity in Large Sensor Networks," Wireless Ad Hoc and Sensor Networks, vol. 1, no. 1, pp. 89-124, 2005.
[12] Y.C. Chang, Z.S. Lin, and J.L. Chen, "Cluster-Based Self-organization Management Protocols for Wireless Sensor Networks", IEEE Transactions on Consumer Electronics, vol.52, no.1, pp.75-80, Feb. 2006.
[13] L.B. Oliveira, H.C. Wong, Antonio A. F. Loureiro, and Ricardo Dahab, "On the Design of Secure Protocols for Hierarchical Sensor Networks", International Journal of Security and Networks, vol. 2, no.3/4, pp. 216-227, 2007.
[14] Q. Huang, J. Cukier, H. Kobayashi, B. Liu, J. Zhang, "Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks", Proc. of the 2th ACM International Workshop on Wireless Sensor Networks and Applications, 2003.
[15] A. Manjeshwar and D. P. Agrawal, "TEEN: A Routing Protocol for Enhanced Efficiency in Wireless Sensor Networks", the 1st International Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile Computing, Apr. 2001.
[16] A. Manjeshwar and D. P. Agrrawal, "APTEEN: A Hybrid Protocol for Efficient Routing and Comprehensive Information Retrieval in Wireless Sensor Networks", Proc. of the International Parallel and Distributed Processing Symposium, pp. 48, Apr. 2002.
[17] S. Lindsey and C. S. Raghavendra, "PEGASIS: Power-Efficient Gathering in Sensor Information Systems", IEEE Aerospace Conference Proceedings, vol. 3, pp. 3-1125, Mar. 2002.
[18] H. Chan, A. Perrig, and D. Song, "Random Key Predistribution Schemes for Sensor Networks", Proc. of 2003 IEEE Symposium on Security and Privacy, 2003.
[19] R. Kannan, L. Ray, and A. Durresi, "Efficient Key Predistribution Schemes for Sensor Networks", the 1st European Workshop on Security in Wireless and Ad-Hoc Sensor Networks, Germany, Aug. 2004.
[20] R. D. Pietro, L. V. Mancini, and A. Mei, "Random Key Assignment for Secure Wireless Sensor Networks", the 1st ACM workshop on Security of ad hoc and sensor networks, pp. 62-71, USA, 2003.
[21] Adrian C. Ferreira, et al., "On the Security of Cluster-Based Communication Protocols for Wireless Sensor Networks", Lecture Notes in Computer Science, vol. 3420, pp. 449-458, Apr. 2005.
[22] Loureiro, "SecLEACH - A Random Key Distribution Solution for Securing Clustered Sensor Networks", the 5th IEEE International Symposium on Network Computing and Applications, July 2006.
[23] C.C. Su, K.M. Chang, M.F. Horng, and Y.H. Kuo, "The New Intrusion Prevention and Detection Approaches for Clustering-based Sensor Networks", IEEE Wireless Communications and Networking Conference, Mar. 2005.
[24] S. Sanyal el etc, "Security Scheme for Distributed DoS in Mobile Ad Hoc Networks", Lecture Notes in Computer Science, vol. 3326, pp.541, 2004.
[25] J. Deng, R. Han, and S. Mishra, "INSENS: Intrusion-tolerant routing for wireless sensor networks", Computer Communications, vol. 29, no 2, pp. 216-230, 2006.
[26] I. Khalil, S. Bagchi, and N.B. Shroff, "LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Network", International Conference on Dependable Systems and Networks, 2005.
[27] B. Awerbuch et al., "An On Demand Secure Routing Protocol Resilient to Byzantine Failures", ACM Workshop Wireless Security, Georgia, Sep. 2002.
[28] P. Papadimitratos and Z. J. Haas, "Secure Data Transmission in Mobile Ad Hoc Networks", ACM Workshop Wireless Security, USA, Sep. 2003.
[29] S. Marti et al., "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks", Proc. of the Sixth Annual Intl.Conf.on Mobile Computing and Networking, pp. 255-265, 2000.
[30] F. Kargl et al., "Advanced Detection of Selfish or Malicious Nodes in Ad Hoc Networks", the 1st European Wksp. Security in Ad-Hoc and Sensor Networks, Aug. 2004.
[31] H. Yang, X. Meng, and S. Lu, "Self-organized Network Layer Security in Mobile Ad Hoc Networks", ACM MOBICOM Wireless Security Workshop, Sept. 2002.
[32] P. Michiardi and R. Molva, "Core: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks", the 6th IFIP Conference on Security Communications, and Multimedia, Sep. 2002.
[33] B. Awerbuch et al., "An On-Demand Secure Routing Protocol Resilient to Byzantine Failures", ACM Workshop on Wireless Security, Georgia, Sep. 2002.
[34] F. Kargl, A. Klenk, M. Weber, and S. Schlott, "Sensors for Detection of Misbehaving Nodes in MANETs", Proc. of Detection of Intrusion and Malware and Vulnerability Assessment, 2004.
[35] J.-P. Hubaux et al., "Towards Self-organized Mobile Ad Hoc Networks: the Terminodes Project", IEEE Communication Magazine, Jan. 2001
[36] L. Buttyan and J. Hubaux, "Stimulating Cooperation in Selforganizing Mobile Ad Hoc Networks", ACM/Kluwer Mobile Networks and Applications, vol. 8, no. 5, Oct. 2003.
[37] M. Rabin, "Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance", Journal of ACM, vol. 36, no. 2, pp. 335-348, Apr. 1989.
[38] S Yi, P. Naldurg, and R. Kravets. "Security-Aware Ad-Hoc Routing for Wireless Networks," Proc. of the 2nd ACM International Symposium on Mobile Ad Hoc Networking & Computing, Aug. 2001.
[39] S. Jin, C. Park, D. Choi, K. Chung, and H. Yoon, "Cluster-Based Trust Evaluation Scheme in an Ad Hoc Network", the Journal of Electronics and Telecommunication Research Institute, vol. 27, no. 4, pp. 465-468, Aug. 2005.
[40] J. Newsome, E. Shi, D. Song, and Adrian Perrig, "The Sybil Attack in Sensor Networks: Analysis & Defenses", Proc. of the 3rd IEEE/ACM Information Processing in Sensor Networks, pp. 259-268, 2004.
[41] H. Çam, S. Özdemir, P. Nair, D. Muthuavinashiappan, H.Ozgur "Energy-Efficient Secure Pattern Based Data Aggregation for Wireless Sensor Networks", Computer Communications, vol. 29, no. 4, pp. 446-455, 2006.
[42] G. Bianchi, "Performance analysis of the IEEE 802.11 Distributed Coordination Function", IEEE Journal on Selected Areas in Communications, vol. 18, no. 3, pp. 535-547, Mar. 2000.
[43] A. D. Wood and J. A. Stankovic, "Denial of Service in Sensor Networks", IEEE Computer, vol. 35, no. 10, pp. 54-62, Oct. 2002.
[44] M.Y. Hsieh and Y.M. Huang, "A Secure On-Demand Source Routing with Distributed Authentication for Trust-Based Ad Hoc Networks", Lecture Notes in Computer Science 3779, pp. 343-350, 2005.
[45] R.L. Rivest. "The RC5 encryption algorithm", In Bart Preneel, editor, Fast Software Encryption, pp. 86-96, Springer, 1995.
[46] L.B. Oliveira, H.C. Wang, A.A Loureiro, "LHA-SP: Secure Protocols for Hierarchical Wireless Sensor Networks", the 9th IFIP/IEEE International Symposium on Integrated Network Management, pp 31-44, May, 2005.
[47] C. Karlof, N. Sastry, and D.Wagner, "Tinysec: A Link Layer Security Architecture for Wireless Sensor Networks", the 2nd ACM Conference on Embedded Networked Sensor Systems, Nov. 2004.
[48] B. Arazi, I. Elhanany, O. Arazi, H. Qi, "Revisiting public-key cryptography for wireless sensor networks", Computer, vol. 38, no. 11, pp. 103-105, Nov. 2005.
[49] M. Aydos, T. Yan, and C.K. Koc. "A High-speed ECC-based Wireless Authentication Protocol on an ARM Microprocessor", the 16th Annual Computer Security Applications Conference, Dec. 2000.
[50] Certicom Research, Standard for efficient cryptography, SEC1: Elliptic Curve Cryptography. Version 1.0, September 20, 2000. Certicom Corporation. URL: www.secg.org.
[51] SECG, Elliptic Curve Cryptography, Standards for Efficient Cryptography Group, 2000. Available from http://www.secg.org/collateral/sec1.pdf.
[52] A. Perrig, R. Canneti, J. D. Tygar, and D. Song, "The TESLA Broadcast Authentication Protocol", RSA CryptoBytes, vol. 5, no. 2, pp. 2-13, 2002.
[53] Akyildiz, I.F., W. Su, Y. Sankarasubramaniam, and E. Cayirci, "A Survey on Sensor Networks", IEEE Communications Magazine, Aug. 2002.
[54] A. Perrig, R. Canetti, J.D. Tygar, and D. Song, "Efficient Authentication and Signing of Multicast Streams Over Lossy Channels", IEEE Symposium on Security and Privacy, May 2000.
[55] A. Perrig, R. Canetti, D. Song, and J. D. Tygar, "Efficient and Secure Source Authentication for Multicast", In Network and Distributed System Security Symposium, Feb. 2001.
[56] M. Jakobsson, “Fractal Hash Sequence Representation and Traversal", Proc. of the 2002 IEEE International Symposium on Information Theory, pp. 437-444, July 2002.
[57] C. Karlof, D. Wagner, "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures", the 1st IEEE International Workshop on Sensor Network Protocols and Applications, 2002.
[58] D. Culler, D. Estrin, and M. Srivastava, "Overview of Sensor Networks", IEEE Computer, Aug. 2004.
[59] C.L. Schuba et al., "Analysis of a Denial of Service Attack on TCP", IEEE Computer Society Symposium on Research in Security and Privacy, 1997.
[60] S. Schmidt, H. Krahn, S. Fischer, D. Wätjen, "A Security Architecture for Mobile Wireless Sensor Networks", Proc. of the 1st European Workshop on Security in Ad-Hoc and Sensor Networks, pp. 166-177, 2004.
[61] A. Perrig, E. Shi, “Designing Secure Sensor Networks", IEEE Wireless Communications, vol. 11, no. 6, pp. 38- 43, Dec. 2004.
[62] K.S.J. Pister, J.M. Kahn, B.E. Boser, “Smart dust: Wireless Networks of Millimeter-scale Sensor Nodes,” Proc. of the 5th annual ACM/IEEE International Conference on Mobile Computing and Network, pp. 271-278, 1999.
[63] A. Menezes, P. Oorschot, and S. Vanstone, "Handbook of Applied Cryptography", CRC Press, Boca Raton, 1996.
[64] NS-2: network simulator. http://www.isi.edu/nsnam/ns.
[65] Y.M. Huang, H.Y. Lin, and T. I. Wang, "Inter-Cluster Routing Authentication for Ad Hoc Networks by a Hierarchical Key Scheme", Journal of Computer Science and Technology, vol. 21, no. 6, pp. 997-1011, Nov. 2006.
[66] H.Y. Lin, Y.M. Huang, and T.I. Wang, "Resilient Cluster-Organizing Key Management and Secure Routing Protocol for Mobile Ad Hoc Networks", IEICE Transactions on Communications vol. E88-B, no.9, pp. 3598-3613, 2005.
[67] M.Y. Hsieh and Y.M. Huang, "Distributed Security and Reliable Routing for Cluster-Based Ad Hoc Network", International Computer Symposium, Dec. 2004.
[68] P. Ganesan, R. Venugopalan, P. Peddabachagari, A. Dean, F. Mueller, and M. Sichitiu, "Analyzing and Modeling Encryption Overhead for Sensor Network Nodes", Proc. of the 2nd ACM International Conference on Wireless Sensor Networks and Applications, pp. 151-159, 2003.
[69] V. Varadharajan, R. Shankaran, and M. Hitchens, "Security for Cluster Based Ad Hoc Networks", Computer Communications, vol. 27, pp. 488-501, 2004.
[70] D.G. Liu, and P. Ning, "Multi-Level μTESLA: A Broadcast Authentication System for Distributed Sensor Networks", ACM. Transactions in Embedded Computing Systems, vol. 3, no. 4, pp. 800-836 , Nov. 2004.
[71] L. Wang, Z.P. Chen, and X.H. Jiang, "Researches on Scheme of Pairwise Key Establishment for Distributed Sensor Networks", ACM Workshop on Wireless Multimedia Networking and Performance Modeling, Canada, 2005.
[72] G. Wang, and G. Cho, "Compromise-Resistant Pairwise Key Establishments for Mobile Ad Hoc Networks", the Journal of Electronics and Telecommunication Research Institute, vol. 177, no. 3, pp. 375-378, 2006.
[73] Q. Xue, and A. Ganz, "Runtime Security Composition for Sensor Networks", Proc. of IEEE Vehicular Technology Conference, Oct. 2003.
[74] C. Yin, S. Huang, P. Su, and C. Gao, "Secure Routing for Large-scale Wireless Sensor Networks," Proc. of International Conference on Communication Technology, Apr. 2003.
[75] B. Doyle, S. Bell, A. F. Smeaton, K. McCusker, and N. O'Connor., "Security Considerations and Key Negotiation Techniques for Power Constrained Sensor Networks," the Computer Journal, vol. 49, no. 4, pp. 443-453, 2006.
[76] W. Du, J. Deng, Y. S. Han, S. Chen and P. K. Varshney, "A Key Management Scheme for wireless Sensor Networks Using Deployment Knowledge", Proc. of IEEE INFOCOM, Mar. 2004.
[77] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, "Security in Mobile Ad Hoc Networks: Challenges and Solutions", IEEE Wireless Communications, vol.11, no. 1, pp. 38-47, Feb. 2004.
[78] A. Perrig, J Stankovic, and D. Wagner, "Security in Wireless Sensor Networks", Communications of the ACM, vol. 47, no 6, pp. 53-57, 2004.
[79] Y. P. Chen, A. L. Liestman, and J. Liu, "Clustering algorithms for ad hoc wireless networks”, in Ad Hoc and Sensor Networks, 2004.
[80] R. Perlman, "An Overview of PKI Trust Models", IEEE network magazine, vol. 3, no. 6, pp. 38-43, Nov. 1999.
[81] E. Ngai and M. Lyu, "Trust- and Clustering-Based Authentication Services In Mobile Ad Hoc Networks", Proc. of the 2nd International Workshop on Mobile Distributed Computing, pp. 582-587, Mar. 2004.