CN101765109A - Program dynamic updating method for wireless sensor network capable of resisting compromised node attack - Google Patents
Program dynamic updating method for wireless sensor network capable of resisting compromised node attack Download PDFInfo
- Publication number
- CN101765109A CN101765109A CN200910155041A CN200910155041A CN101765109A CN 101765109 A CN101765109 A CN 101765109A CN 200910155041 A CN200910155041 A CN 200910155041A CN 200910155041 A CN200910155041 A CN 200910155041A CN 101765109 A CN101765109 A CN 101765109A
- Authority
- CN
- China
- Prior art keywords
- program
- sensor node
- message
- base station
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a program dynamic updating method for a wireless sensor network capable of resisting compromised node attack, comprising the following steps: before deploying sensor nodes, a base station determines a Hash function, selects a Euclidean space, and decomposes the Euclidean space into a first subspace and a second subspace which are orthogonal to each other; the base station selects an identifier for each sensor node and a vector belonging to the first subspace; the vector, the identifier and the Hash function are respectively loaded into each sensor node; and after deploying the sensor nodes, when updating programs, the base station broadcasts a program updating message to the sensor network, and each sensor node verifies the effectiveness of the message after receiving the program updating message. The program dynamic updating method has the advantages that the programs on all the sensor nodes can be updated only by sending one broadcast message through the base station; operation is simple, and reliability is high; and even certain nodes are compromised, the safety of the wireless sensor network can still be ensured.
Description
Technical field
The present invention relates to a kind of program (be also referred to as: software, down with) dynamically update method, belong to wireless communication field.
Background technology
In recent years, wireless sensor network is subjected to academia and industrial quarters attention more and more widely because of its wide application prospect.In most of occasions, for new demand is provided, the program on all the sensors node need be upgraded in the base station.Yet, so far, a kind of update method of dynamic routine does not safely and effectively also appear.Some agreement use digital signature ensures the fail safe of program dynamic updating, but this method can consume a large amount of resources, is not useful on the resource-constrained sensor node; Some agreements adopts the matrix orthogonality principle to ensure the fail safe of program dynamic updating, though that this method is calculated cost is few, and the spoof attack that these agreements can't resisting compromised node be started.That is to say that in these agreements, the compromise node can successfully pretend the false program updating message of base station broadcast, and then control whole sensor network.
Summary of the invention
But-the object of the present invention is to provide a kind of method for dynamically updating wireless sensor network program of resisting compromised node attack.
The technical solution adopted for the present invention to solve the technical problems is as follows:
But the method for dynamically updating wireless sensor network program of resisting compromised node attack mainly comprises with the lower part:
1) before sensor node deployment,
A hash function is determined in the base station;
A base station selected Euclidean space, this Euclidean space is decomposed into first subspace and second subspace of quadrature, the dimension of described first subspace is k, the dimension of described second subspace is n-k, wherein, n is the dimension of described Euclidean space, and k is the quantity of sensor node in the described wireless sensor network;
The base station is selected an identification identifier for each sensor node and is belonged to the vector of first subspace;
Described vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node, the base station is to sensor network radio program updating message, this program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding cipher key Hash message authentication code of each sensor node, described cipher key Hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the described program updating message according to the following steps:
I. sensor node extracts the cipher key Hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii. if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Iii. sensor node obtains the cipher key Hash message authentication code according to the vector that is loaded, with the cipher key Hash message authentication code that extracts in this cipher key Hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Compared with prior art, the advantage that has of the present invention is:
(1) arbitrary sensor node m even the enemy has compromised, thus secret value C obtained
mBut the enemy issues false program updates information and the checking by other sensor nodes at the base station that can't disguise oneself as, even therefore some node is compromised, the fail safe of this wireless sensor network still can be protected;
(2) ensure (comprising hash function, matrix quadrature and cipher key Hash message authentication code) fail safe of wireless sensor network by simple calculations, therefore the reliability height is particularly suitable for resource-constrained wireless sensor network;
(3) in order to upgrade the program on all the sensors node, the base station only needs to send a broadcast just can upgrade program on all the sensors node.
Description of drawings
Fig. 1 is the workflow diagram of method for dynamically updating wireless sensor network program of the present invention.
Embodiment
Relevant technical term is as follows:
The M program
X
PidThe identifier of program M
X
VerThe version of program M
HMAC () cipher key Hash message authentication code (keyed hash message authentication code)
Xor operation
The dot product of AB matrix A and matrix B
A
TThe transposition of matrix A
|| polyphone connects operation
ID
iThe identifier of node i
Referring to Fig. 1, but the method for dynamically updating wireless sensor network program of the present invention's resisting compromised node attack is as follows:
A. before sensor node deployment, a hash function h is determined in the base station; And the Euclidean space V of base station selected n dimension is decomposed into the subspace of two quadratures, the i.e. first subspace V with V
1With the second subspace V
2, V wherein
1Be the k dimension, V
2Be the n-k dimension, wherein, k is the quantity of all the sensors node of this wireless sensor network.In addition, the base station is that each sensor node i selects an identification identifier ID
iWith one belong to V
1Vectorial C
i, i=1,2K, k, C
iLength should be enough this C to avoid guessing greatly with the method for exhaustion
i, C for example
iLength can be 512 bits.Vector C
i, hash function h and identification identifier ID
iBe installed in each sensor node.
B. behind sensor node deployment, when the base station need be upgraded the program on all the sensors node, the base station was to all sensor node broadcasts program updating message M
Adv (j),
ID
k, HMAC (C
k, (j||t
j|| M||ID
k|| X
Pid|| X
Ver)), j=1 wherein, 2Kk, the j representation program upgrades sequence number, t
jExpression sends message M
Adv (j)Timestamp, the program after M represents to upgrade.
C. work as arbitrary sensor node i and receive message M
Adv (j)The time, for this message is verified, need carry out following operation:
1) sensor node i is according to the identifier ID of oneself
i, extract oneself cipher key Hash message authentication code HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)).
2) validity of checking j is if j is less than or equal to the j that is stored in node
*The time, sensor node is refused this message; Otherwise sensor node thinks that j is fresh and replaces j with j
*(when initial, the j of node storage
*=0).And continuation checking t
jValidity, the current time of sensor node is Clock, if | Clock-t
j|<Δ t, enter next step, otherwise sensor node is refused this message.Here Δ t is the time delay threshold value of the program updating message that pre-sets.
3) sensor node is according to the C of oneself
iCalculate HMAC (C
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)), with the HMAC (C that calculates
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) with 1) and in the HMAC (C that extracts
i, (j||t
j|| M||ID
i|| X
Pid|| X
Ver)) compare, if equate that sensor node is accepted this broadcast and upgraded the program of self; Otherwise sensor node is refused this message;
Each sensor node carries out above a series of check to the program updates broadcast of being received, if this message can be by above whole check, then this sensor node is accepted this broadcast; Otherwise this sensor node is refused this broadcast.Suppose the enemy a certain sensor node m that compromised, thereby obtained the secret value C on this sensor node
mBut the enemy can't pretend the checking that the base station is issued false program updates information and passed through other sensor nodes.Therefore, even under the situation that sensor node is compromised, the present invention also can ensure the fail safe of the program dynamic updating of sensor network.
Claims (1)
1. but the method for dynamically updating wireless sensor network program of a resisting compromised node attack is characterized in that comprising with the lower part:
1) before sensor node deployment,
A hash function is determined in the base station;
A base station selected Euclidean space, this Euclidean space is decomposed into first subspace and second subspace of quadrature, the dimension of described first subspace is k, the dimension of described second subspace is n-k, wherein, n is the dimension of described Euclidean space, and k is the quantity of sensor node in the described wireless sensor network;
The base station is selected an identification identifier for each sensor node and is belonged to the vector of first subspace;
Described vector, identification identifier and hash function are loaded onto respectively in each sensor node;
2) behind sensor node deployment,
When the base station need be upgraded the program on all the sensors node, the base station is to sensor network radio program updating message, this program updating message comprises the timestamp that upgrades sequence number, message and send, the identification identifier of the program after upgrading, program version number, program identifier, each sensor node and with the corresponding cipher key Hash message authentication code of each sensor node, described cipher key Hash message authentication code with the vector of corresponding sensor node as key;
3) each sensor node is received the validity of verifying this message after the described program updating message according to the following steps:
I) sensor node extracts the cipher key Hash message authentication code of oneself according to the identification identifier of oneself from the program updating message that receives;
Ii) if the validity of the timestamp of renewal sequence number in the sensor node proving program updating message and message transmission all effective, is then carried out next step; Otherwise refuse this program updating message;
Iii) sensor node obtains the cipher key Hash message authentication code according to the vector that is loaded, with the cipher key Hash message authentication code that extracts in this cipher key Hash message authentication code and the step I relatively, if both equate, accept the program updating message line program of going forward side by side and upgrade; Otherwise refuse this program updating message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101550417A CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101765109A true CN101765109A (en) | 2010-06-30 |
| CN101765109B CN101765109B (en) | 2012-05-02 |
Family
ID=42496066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101550417A Expired - Fee Related CN101765109B (en) | 2009-12-14 | 2009-12-14 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101765109B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238603A (en) * | 2011-08-12 | 2011-11-09 | 苏州鼎汗传感网技术有限公司 | Wireless sensor network updating method |
| CN102547799A (en) * | 2010-12-22 | 2012-07-04 | 江苏联优信息科技有限公司 | Firmware management method of wireless sensing access multiplexing device |
| CN102665196A (en) * | 2012-04-28 | 2012-09-12 | 清华大学 | On-line progressive program updating method for wireless sensor network |
| CN103324501A (en) * | 2013-05-28 | 2013-09-25 | 大连理工大学 | Efficient remote updating method for node software of wireless sensor network |
| CN111614650A (en) * | 2020-05-14 | 2020-09-01 | 长沙学院 | Method and device for detecting compromised nodes in wireless sensor network |
| CN111614659A (en) * | 2020-05-19 | 2020-09-01 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277265B (en) * | 2008-05-07 | 2011-05-04 | 浙江大学 | Method for accelerating loading ELF document in wireless sensing network |
| CN101281479A (en) * | 2008-05-07 | 2008-10-08 | 浙江大学 | Method for dynamically allocating internal memory for wireless sensing network node operating system |
| CN101600198B (en) * | 2009-07-08 | 2012-02-08 | 西安电子科技大学 | Identity-based wireless sensor network security trust method |
-
2009
- 2009-12-14 CN CN2009101550417A patent/CN101765109B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102547799A (en) * | 2010-12-22 | 2012-07-04 | 江苏联优信息科技有限公司 | Firmware management method of wireless sensing access multiplexing device |
| CN102238603A (en) * | 2011-08-12 | 2011-11-09 | 苏州鼎汗传感网技术有限公司 | Wireless sensor network updating method |
| CN102665196A (en) * | 2012-04-28 | 2012-09-12 | 清华大学 | On-line progressive program updating method for wireless sensor network |
| CN102665196B (en) * | 2012-04-28 | 2014-11-05 | 清华大学 | On-line progressive program updating method for wireless sensor network |
| CN103324501A (en) * | 2013-05-28 | 2013-09-25 | 大连理工大学 | Efficient remote updating method for node software of wireless sensor network |
| CN103324501B (en) * | 2013-05-28 | 2015-12-23 | 大连理工大学 | Wireless sensor network node software Efficient Remote update method |
| CN111614650A (en) * | 2020-05-14 | 2020-09-01 | 长沙学院 | Method and device for detecting compromised nodes in wireless sensor network |
| CN111614650B (en) * | 2020-05-14 | 2022-02-01 | 长沙学院 | Method and device for detecting compromised nodes in wireless sensor network |
| CN111614659A (en) * | 2020-05-19 | 2020-09-01 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
| CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101765109B (en) | 2012-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101765109B (en) | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack | |
| CN102577462B (en) | Methods and apparatus for deriving, communicating and/or verifying ownership of expressions | |
| Conti et al. | Emergent properties: detection of the node-capture attack in mobile wireless sensor networks | |
| CN103595530A (en) | Software secret key updating method and device | |
| CN101785277A (en) | Method and system of communication using extended sequence number | |
| EP3878195A1 (en) | Apparatus and method | |
| WO2018205148A1 (en) | Data packet checking method and device | |
| CN101895388B (en) | Distributed dynamic keys management method and device | |
| WO2018213496A1 (en) | Regulatory domain security techniques for wireless devices | |
| Lee et al. | Flexicast: Energy-efficient software integrity checks to build secure industrial wireless active sensor networks | |
| CN108924827A (en) | A kind of fast access method and system of wireless network | |
| Spanghero et al. | Authenticated time for detecting GNSS attacks | |
| CN103209453B (en) | Trust routing algorithm of wireless sensor network based on topological structure | |
| EP2874423B1 (en) | Data transmission method, access point and station | |
| CN101742490B (en) | Safe and effective method for dynamically updating wireless sensor network program | |
| US11139982B2 (en) | Communication-efficient device delegation | |
| CN111527731A (en) | Method for restricting memory write access in an IOT device | |
| CN110545253B (en) | Information processing method, device, equipment and computer readable storage medium | |
| CN102421094B (en) | Distributed safety reprogramming method of wireless sensor network | |
| CN105141620A (en) | Small data distribution method enabling wireless sensor network security and denial of service attack defense | |
| KR101960583B1 (en) | Method for issuing a certificate | |
| CN111182548B (en) | Pseudo network equipment identification method and communication device | |
| Han et al. | Simulating denial of service attack using WiMAX experimental setup | |
| CN101350748B (en) | Method and system for accessing control terminal after being losing to obtain data summary calculation parameter | |
| KR100953068B1 (en) | Method for secure neighbor discovery in internet environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 Termination date: 20171214 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |