The preparation method of ttl field and wireless sensor network safety routing method based on TTL
Technical field
The invention belongs to information security, the crossing domain of the next generation IP communication network and wireless sensor network technology, tools
Body is related to the preparation method of lifetime value (Time To Live, TTL) field and the safe road of wireless sensor network based on TTL
By method.
Background technique
Wireless sensor network (Wireless Sensor Networks, WSN) be concerned on today's society,
The research field of multi-crossed disciplines, the every aspect in the following human lives will play indispensable role.With wireless
The rapid development of the communication technology and the expansion in wireless application field, the wireless sensor network based on IP communication increasingly become interconnection
One of the hot spot of net area research.The appearance of IPv6 technology and the work of Zigbee alliance have been pushed energetically based on IP communication
The development of wireless sensor network.Wireless sensor network is being passed due to the external environment for being limited to the resource of itself and using
It is difficult to always obtain a balance well on the duration of the reliability of transmission of data, safety and work.Due to hardware condition
Limitation, wireless sensor node either energy or its processing capacity, storage capacity are all greatly restricted.In recent years
Coming, it is contemplated that wireless sensor network is in military affairs, medical treatment, traffic, the extensive utilization of exploitation of mineral resources etc., once data are cut
It obtains and is subject to malicious exploitation, it will seriously affect the security of the lives and property of people.Therefore, IP-based wireless sensor network
Safety problem and the relevant technologies increasingly obtain the concern of researchers.But wireless sensor network is limited to for resource
Rigors, encryption and decryption operation or digital signature are carried out using the key cryptosystem in conventional wireless network, will be disappeared too quickly
Consume the energy of sensing net node.In order to guarantee the working life of wireless sensor node, it should not advocate and further increase in addition to passing
Transformation task other than transmission of data itself.
Particularly, in wireless mobile sensor network, removable node itself has very big security breaches.Attacker
The local address of legal mobile node and the IP address of its own can be bound, so that network Central Plains should be sent
To the desired node of data flow attacker of certain legitimate node.When new node is added in network, attacker can also incite somebody to action oneself
Oneself IP address is claimed as Sink node address and notifies new node, so that new node all will accidentally attack during transmitting data
Relay node of the person of hitting as communication, so that attacker can successfully steal communication data.In addition, attacker can also be with thing
First and a very big server of flow (such as image server) establishes connection, in the data packet for then sending server
Destination address is revised as certain node address for needing to attack.Due to not verified, server can be unbearable by a large amount of nodes
Data traffic be sent to the node, so as to cause excessive energy is consumed by attack node, terminate in advance life cycle.Most
In the case where bad, which exits the interruption that may cause whole network.
In addition, the Routing Protocol in WSN is the main target of network attack, there are many problems in terms of safety.Allusion quotation
The Routing Security of type mainly has 3 aspects: 1, data are illegally accessed in transmission process;2, unwarranted node is situated between
Enter wireless network;3, the data transmitted on wireless channel are illegally modified.The method solved these problems mainly has: 1, encrypting, protect
Card attacker can not restore the information of intercepting and capturing under the premise of no key;2, authentication guarantees that the node of unauthorized is added
And use network;3, data integrity verifying guarantees whether receiving end can authenticate the data transmitted on wireless channel illegal
It modified, and message was accepted or rejected according to result.User can not receive and dispose one do not resolve it is safe and hidden
The sensing network of private problem, therefore when carrying out WSN agreement and software design, it is necessary to fully consider the safety that WSN may face
Problem, while it being accounted for the limited feature of its ability, safety precaution and testing mechanism are integrated into Routing Protocol by tradeoff
In design.
Summary of the invention
In order to carry out the transmission of highly effective and safe as far as possible under limited resource, seek between safety and efficiency very well
Balance, the present invention discloses a kind of preparation method of ttl field in data packet.
A kind of preparation method of ttl field distributes the memory of 1 byte for each node in cluster tree network topology structure
Space, for keeping records of the value i.e. level value of the locating network number of plies,
High four level of the level valuefRange be 0000~1111, the wherein level of Sink nodefValue is
0000, the level of every layer of child nodes of Sink nodefValue adds 1 as the locating network number of plies is incremented by;
Low four level of the level valuerRange be 1111~0000, every node layer since Sink node
levelrValue successively decreases with the locating network number of plies and subtracts 1, and the level value of every node layer is metIts
Middle W is a constant, and range is 0000~1111.
The network is wireless sensor network.
Second aspect, the invention discloses the method that the preparation method according to ttl field establishes topological network, including it is following
Step:
The level value of oneself is arranged in step 1, Sink node, and the ttl value of message is arranged, and broadcasts hello packet to week
It encloses node and carries out neighbours' discovery;
If step 2, node A receive levelfThe hello packet that value is 0000, then verify Sink node TTL word
SectionIt is whether true, if so, then A and Sink node establish neighborhood, and oneself level is arrangedf
It is 0001;If not, then abandon the hello packet;levelfValue plus 1;
All nodes that step 3, node A receive hello packet to it traverse.
When data packet jumps among the nodes, destination node sets the level value of source node to the level value of oneself.
The third aspect, the invention discloses the methods that the topological network interior joint based on TTL exits network, including following step
It is rapid:
Step 21, node A will exit all child nodes B=(Bs of the message transmission to A of topological network1、
B2,……);
Step 22, child nodes BiAfter receiving the message that A wants to exit out network, the TTL of oneself and id information are sent to A
Brotgher of node C=(C1、C2,……);
The brotgher of node C of step 23, AiReceive BiRequest, plan BiAs the child nodes of oneself, then one is returned
ACK message;
Step 24: if node CiThe ACK of sending is BiThe first ACK message received, then node BiBy the father node of oneself
Labeled as Ci, establish and CiNeighborhood;If BiAny ACK message is not received, then notifies the child node of oneself, allows it
Network is rejoined after exitting network;
Step 25, BiThe neighborhood of oneself and A is released, and returns to ACK message to A;
Step 26, A are obtained after all child nodes feed back to the ACK message of oneself, notify the father node of A, release from
The neighborhood of oneself and father node, exit network.
Fourth aspect, it is including following the invention discloses the method that the topological network based on TTL prevents malicious node from attacking
Step:
Step 31, malicious node carry out neighbours' discovery, broadcast hello packet, and the node D in network topology receives malice
The hello packet of node;
Ttl field in step 32, node D comparison neighbor discovery messages, finds itIt is invalid;
Step 33, node D ignore this neighbor discovery messages, malicious node attack failure.
5th aspect, the invention discloses the lightweights that data are transmitted between the topological network node based on ttl field to add
Decryption method, comprising the following steps:
(1) ciphering process
Step 41, source node E are by the ID value of oneself, the ID value of destination node F, the level value of source node E, destination node F
Level value be connected into the digital P of 6 bytes, be denoted as a47, a46 ... .a1, a0, enable i=1, i is for counting;
Step 42, s=(i-1) mod 3;
Step 43, by as, as+6, as+12, as+18, as+24, as+30, as+36, as+42 connects the binary system to be formed
I-th of byte of number and message carries out xor operation;
As+42, as+36, as+30, as+24, as+12, as+6, as are extracted from P, and are attached to P by step 44
It is last;
If step 45, i > k, k is communication length of the plaintext, then completes message encryption, otherwise enable i=i+1, return step
42;
(2) decrypting process
The ID value of source node E, the ID value of F, the level value of E, the level value of F are connected into 6 by step 51, destination node F
The digital Q of byte is denoted as a47, a46 ... .a1, a0;
Step 52 enables i=1, s=(i-1) mod 6;
Step 53, by as+42, as+36, as+30, as+24, as+12, i-th of byte of the number and message of as+6, as
Carry out xor operation;
As+42, as+36, as+30, as+24, as+12, as+6, as are extracted from P, and are attached to P by step 54
It is last;
If step 55, i are greater than k, message reduction is completed, and otherwise enables i=i+1, return step 52.
The present invention is based on the wireless sensor network security method for routing of ttl value, safety with higher and lower
Energy consumption:
Although 1, existing wireless sense network routing agreement supports the encryption of IP data packet, most of agreements use public key
The methods of encryption, needs the calculating of additional storing data and big number, and the energy consumption of node is too fast.This method uses IP number
According to the ttl field natively having in packet, the malicious node that additional communication data can detect and prevent unauthorized is not increased
Network is added, meets the characteristics of wireless sensor network is to power consumption sensitive, has reached preferable flat in energy consumption and secure context
Weighing apparatus.
Even if 2, attacker has intercepted and captured message, due to not knowing level value, the ID value of communication node, message can not be answered
As far as plaintext, therefore eavesdropping attack is resisted.Similarly, attacker can not distort the encryption data in channel, therefore resisted and distorted
Attack.After node receives message decryption, the ID value of sender can be correctly verified, ensure that reliable data source.
3, existing most of Routing Protocols for supporting IPV6 and the similar place of traditional routing are that intra-node needs to protect
Deposit and safeguard a routing table, creation and update including routing table.When network node reaches certain scale, routing table will lead to
Enormous amount increases storage overhead.And the level value of the invention patent determines level where node, it can be with according to level value
Simply judge the important informations such as its descendant nodes, father node, and be easily achieved, so as to preferably save memory space.
Detailed description of the invention
Fig. 1 is the topological network figure that the preparation method based on ttl field is established;
Fig. 2 is network attack schematic diagram.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
As shown in Figure 1, the ID value of each node accounts for 2 bytes in network, the height of network tree architecture is no more than 15, each
The memory headroom that sensor node occupies 1 byte saves value relevant with the number of plies oneself being currently located in network, is denoted as
level.Wherein high four level of levelfSince Sink node, until leaf node successively changes to 15 from 0:
Sink node is 0, and the child nodes B that the child nodes A of Sink node is 1, A is 2, and so on until reach 15 until.
Low four level of levelrInitial value be set as a specific value, be in the present embodiment 15, when the number of plies reduce by one
Layer, then the value subtracts one, until reducing to 0.Wherein the level value of Sink node is 00001111, the level of child nodes A
Value is 00011110, and the level value of the child nodes B of the child nodes is 00101101, and so on, the 15th layer of leaf node
Level value be 11110000. the present embodiment in all node level setting rule are as follows:
In addition, during data packet jumps among the nodes, often jump primary, then next-hop node is by data packet
Ttl value is set as the level value of oneself.When the abnormal nodes for non-this programme arrangement occur (are likely to the evil of attacker's arrangement
Meaning node) when, not there is above-mentioned rule since it sends the ttl value in data packet, therefore be easily detected out, and and existing
Some nodes are distinguish.
One, it establishes network topology structure and node exits
The level value of oneself is arranged to carry out neighbours' discovery, broadcast hello report to surroundings nodes in step 1:Sink node
Text, and the ttl value of message is set;
Step 2: if node A receives levelfFor 0 hello packet, then verifyWhether at
It is vertical.If so, then A and Sink node establish neighborhood, and oneself level is arrangedfIt is 1;If not, then abandoning should
Hello packet;
Step 3: node A repeats the above steps again to level aroundfNeighbours' discovery is carried out for 2 node, and so on.
After establishing complete topology, when A node needs to exit network:
The message that step 1:A will move out network is sent to all child nodes of A;
Step 2: after child nodes B receives the message that A wants to exit out network, the TTL of oneself and id information being sent to A's
The brotgher of node;
Step 3: if some brotgher of node C of A receives the request of B, planning the child nodes that oneself is added in B, and return
Return an ACK message;
Step 4: if the ACK of node C is first ACK message that B is received, the father node of oneself is labeled as by node B
C establishes the neighborhood with C;If B does not receive any ACK message, notifies the child node of oneself, it is allowed to rejoin
Network;
Step 5:B releases the neighborhood of oneself and A, and returns to ACK message to A;
Step 6:A is obtained after all child nodes feed back to the ACK message of oneself, notifies its father node, release oneself with
The neighborhood of father node, exits network.
Two, the method for preventing malicious node from attacking
As shown in Fig. 2,
Step 1: malicious node Z carries out neighbours' discovery, broadcasts hello packet, and the node D in network topology receives malice
The hello packet of node.
Step 2: node D compares the ttl field in neighbor discovery messages, in the hello packet for finding the Z receivedIt is invalid.
Step 3: node D ignores the discovery message of Z, malicious node attack failure.
Three, the lightweight encipher-decipher method of data is transmitted between node
As source node E destination node F that the k byte information being collected into is to be sent to, the mechanism of following lightweight is taken
Encrypt message:
Step 1:E is by the level value string of the ID value of oneself, the ID value of destination node E, the level value of oneself, destination node
It is unified into the digital P of 6 byte (48bit).It is denoted as a47,a46,….a1,a0, enable i=1;
Step 2:s=(i-1) mod 3;
Step 3: by as,as+6,as+12,…,as+42The number of totally 1 byte (8bit) carries out different with i-th of byte of message
Or operation;
Step 4: updating number P: by a of 8bits+42,…as+12,as+6,asIt extracts, and is attached to from original P
P's is last;
Step 5: if i is greater than k, completing message encryption, otherwise i=i+1, go to step 2 and continue to execute.
After destination node F receives the k byte message of source node E, it takes similar method to obtain the message of script:
Step 1: the ID value of E, the ID value of oneself, the level value of E, oneself level value are connected into one by destination node F
The digital P of a 6 byte (48bit).It is denoted as a47,a46,….a1,a0;
Step 2: enabling i=1, s=(i-1) mod 6;
Step 3: by as+42,…,as+12,as+6,asThe number of totally 1 byte (8bit) carries out different with i-th of byte of message
Or operation;
Step 4: updating number P: by a of 8bits+42,…as+12,as+6,asIt extracts, and is attached to from original P
P's is last;
Step 5: if i is greater than k, message reduction is completed, and otherwise i=i+1, goes to step 2 and continue to execute.
The technical means disclosed in the embodiments of the present invention is not limited only to technological means disclosed in above embodiment, further includes
Technical solution consisting of any combination of the above technical features.