設計與實作無線微型感測網路攻擊偵測、防禦與高信賴度的安全傳輸機制

Abstract

本計畫探討對無線微型感測器網路系統(Wireless Sensor Network System, 簡稱WSN)之攻擊與安全漏洞偵測(Attack Detection)，配合自行設計 的可信賴容錯傳輸系統加以實作，並結合以上技術開發具有省電、安全等特 性的可信賴之攻擊偵測與防禦傳輸系統。無線微型感測器網路為近年來新興 的一個關鍵技術，其主要的元件即為感測器(Sensor)。感測器是個輕巧短小、 容易大量散佈的裝置，可利用來及時(real-time)收集相關物理性質的資料，舉 凡溫度、壓力、溼度、地震強度…等。除此之外，感測器具備有無線通訊的 能力，透過無線電的傳輸以及Ad-hoc routing 的機制可以將收集到的相關資 訊即時、動態的傳送至後端的數據中心做進一步的分析處理。然而，無線微 型感測器網路由於傳輸媒介為無線電波，只要在電波範圍內的使用者均可接 收到，竊聽比有線網路要容易，而且使用電池為主要的電力來源，使得感測 器在傳輸能力受到限制，有限的記憶體容量及處理器能力使得計算能力受到 限制。在如此限制的環境下，一些傳統的攻擊偵測系統對Sensor 而言的花費 都太高，於是，我們必須根據sensor node 的限制來設計發展一套安全服務。 在本計畫當中，我們將從安全漏洞收集、攻擊偵測、協定設計三個方面進行 研究與實作。有別於傳統的乙太網路，無線微型感測器在開放的無線頻率空 間中，大量佈放，缺乏保護機制，更易遭受攻擊，而所遭受的許多新的攻擊 模式仍不為人知，而傳統的網路入侵偵測機制多需要強大的CPU 執行大量的 分析運算與高速的擷取網路資料，因此傳統的偵測機制將不適用於WSN，其 解決方案仍有待深入研究。而為了能保護感測器，需要有新的安全架構，使 其能夠面臨各種攻擊威脅時能分析系統與網路進安全漏洞，並能偵測攻擊， 在有限的運算能力與記憶體儲存空間中採取應變措施。其次，為提高傳輸系 統的可信度，我們必須設計一個能夠配合攻擊偵測系統運作的容錯路由協 定。最後，擁有上述之技術後，我們將整合入侵偵測防禦系統與容錯路由機 制，設計出一個可信賴之無線微型感測網路攻擊偵測與防禦傳輸系統。

There is more and more emphasis on Wireless Sensor Network in recent years. 『Sensor』 is the main component in this kind of network. Sensor is a light-weight device composed of unsophisticated microprocessor and specific detector so that it is easy to be deployed and programmable to collect outward related information, such as temperature, pressure, strength of the earth quake, etc. Besides, the sensors also possessed the communication ability and transmitted the environmental information to the read-end data center through RF signaling and some ad-hoc routing methodology to make more advanced data analysis. Unfortunately, wireless embedded system applications contain security flaws both known and unknown attacks that take advantage of these flaws have become ubiquitous. A serious problem that limits the deployment and acceptance of wireless embedded system applications today is the lack of security services that are designed according to the unique properties of the computation and communication platform. Protecting wireless embedded system applications from attacks requires the development of a suite of security related services, which are designed according to the constraints of wireless embedded platforms. In this project, we plan to perform more progressive study about security issues in Wireless Sensor Network and identify the security challenges in WSN. First, we need to figure out a solution to the security problem among wireless environment. Therefore, we are required to do more research on the characteristics in the data mining and statistical learning theory and then try to design proper attack detection in the restricted computing power, small memory storage and some hardware-constrained environment. Second, inorder to improve the reliability of transmission, we will investigate a fault-tolerant, attack-resistant multipath information delivery scheme which can cooperate with the attack detection system. Finally, we will integrate these two schemes into an attack detection transmission system that meet the hardware limitation of sensor node, based on the above accomplishment of research.