感測網路(sensor network)主要散佈在廣大的區域，且自動地建立路由，因此安全性的議題變得十分重要。現今有許多著名的叢聚式(clustering-based)路由協定，提供了聚集資料的方法以節省感測網路傳遞所需的電力。但是，沒有一種叢聚式路由協定在設計時加入安全性的考量。

　　在本篇論文中，我們分析一些常見攻擊用在叢聚式感測網路的可能行為，並且針對這些攻擊行為提出二個主要的方法來增加感測網路的安全性：一、基於認證機制的入侵預防二、節省能源的入侵偵測機制。在第一個方法中，我們針對叢集管理者(cluster-head)和成員節點(member node)使用二種不同的認證方式以節省成員節點在傳送大量資料時所需認證資訊的計算。在第二個方法中，我們也針對不同的節點角色使用不同的監控機制。在監控叢集管理者時，我們讓鄰近的節點來輪流監控叢集管理者。這樣可以節省每個節點在做監控的時間，進而節省能源。在監控成員節點時，叢集管理者有充分的權利去偵測和廢止惡意的成員節點，但只限於該叢聚時間。因為只有叢集管理者去監控成員節點，而不是讓所有鄰近的成員節點相互監控，這樣可以節省許多能源。

　　最後，我們利用數學論證及實驗模擬來證明我們的方法能在一定的安全程度下達到能源節省。

　　Security issues are important for the sensor network deployed in large area and automatically establishing the data route. Recently many famous clustering-based routing protocols provide energy-aware solutions for sensor network. However,the security related works are rare.

　　In this paper, we analyze some famous attack methods on clustering-based sensor networks and propose two methods to improve the security of sensor networks: authentication based intrusion prevention and energy saving intrusion detection mechanism. In the first method, we use two different authentications for cluster-head and member nodes to save the computation power of each node. In the second method, we also use two different mechanisms for monitoring cluster-head and member nodes. When monitoring cluster-head, we let neighbor nodes take turns to monitor
cluster-head. This can reduce the monitoring-time, and therefore save the energy of monitor nodes. When monitoring member nodes, cluster-head has the authority to detect and revoke malicious member nodes in the round time. It can save lots of energy because we using cluster-head to monitor member nodes instead of using all neighbors to monitor each other.

　　Finally, we demonstrate that our method is energy saving and has tolerance of certain intrusions with mathematical analysis and simulations

[1]I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, "Wireless sensor networks: a survey," Computer Networks, Elsevier Science, vol. 38, no. 4, pp.393-442, 2002.

[2]W. Heinzelman, A. Chandrakasan, and H. Balakrishnan, "Energy-efficient communication protocols for wireless microsensor networks," in Proceedings of Hawaiian International Conference on Systems Science, January 2000.

[3]A. Manjeshwar and D. P. Agrawal, "TEEN: a routing protocol for enhanced efficiency in wireless sensor networks," in 1st International Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile Computing, April 2001.

[4]A. Manjeshwar and D. P. Agrawal, "APTEEN: a hybrid protocol for efficient routing and comprehensive information retrieval in wireless sensor networks," in Proceedings of the International Parallel and Distributed Processing Symposium, pp. 48, April 2002.

[5]S. Lindsey and C. S. Raghavendra, "PEGASIS: power-efficient gathering in sensor information systems," in IEEE Aerospace Conference Proceedings, vol. 3, pp. 3-1125, March 2002.

[6]D. Wood and J. A. Stankovic, "Denial of service in sensor networks computer," IEEE JNL vol. 35, Issue 10, pp. 54 - 62, October 2002.

[7]A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar, "SPINS: Security protocols for sensor networks," in Proceedings of Seventh Annual ACM International Conference of Mobile Computing and Networks (MOBICOM 2001), July 2001.

[8]L. Eschenaure and V. D. Gligor, "A key-management scheme for distributed sensor networks," in Proceedings of ACM CCS 2002. Washington D.C., 2002.

[9]S. Zhu, S. Setia, and S. Jajodia, "LEAP: efficient security mechanisms for large-scale distributed sensor networks," in Proceedings of the 10th ACM conference on Computer and communication security, Washington, DC, USA., October 27-31, 2003.

[10]O. Goldreich, S. Goldwasser, and S. Micali, "How to construct random functions," Journal of the ACM, vol. 33, No. 4, pp. 792-807, October 1986.

[11]C. Karlof and D. Wanger, "Secure routing in wireless sensor networks: attacks and countermeasures," in Sensor Network Protocols and Applications, 2003. Proceedings of the First IEEE. 2003 IEEE International Workshop, May 11, 2003

[12]H. Yang, X. Meng, and S. Lu, "Self-organized network-layer security in mobile Ad Hoc networks," in ACM MOBICOM Wireless Security Workshop (WiSe'02), Atlanta, September, 2002

[13]MIT uAMPS project LEACH CAD tool http://www-mtl.mit.edu/research/icsystems/uamps/research/cad.shtml

[14]The Network Simulator - ns-2 http://www.isi.edu/nsnam/ns/

[15]R. Rivest, "The MD5 Message Digest Algorithm, " RFC 1321, 1992

[16]R. M. Davis, "The Data Encryption Standard in Persepective," Computer Security and the Data Encryption Standard, National Bureau of Standards Special Publication, February 1978.

[17]NBS FIPS PUB 46, "Data Encryption Standard," National Bureau of Standards, U.S. Department of Commerce, January 1977.

[18]NBS FIPS PUB 46-1, "Data Encryption Standard," National Bureau of Standards, U.S. Department of Commerce, January 1988.

[19]W. Heinzelman. "Applications-specific protocol architectures for wireless networks." PhD thesis, Massachusetts Institute of Technology, 2000.

[20]Adrian Perrig, Ran Canetti, J.D. Tygar, and Dawn Song. "Efficient authentication and signing of multicast streams over lossy channels." in Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 56-73, Oakland, CA, May 2000.