降低node-compromised攻擊法衝擊性

Abstract

無線感測器網路(Wireless Sensor Network)是近年來學術界越來越重視的技術；它可以應用在許多方面，例如：軍事方面、安全監控、醫療管理、…等等。無線感測器網路是由眾多的感測器所組成的，屬於低耗電與低數據量的短距離無線傳輸網路。因此無線感測器網路有一些先天特性與限制，例如:(1)感測器的記憶體、能量、傳輸距離、計算能力是有限的。(2)無線感測器網路是由大量感測器所組成，因此網路監控者考量成本後，通常不會監控所有的感測器。(3)感測器通常放置在易接觸的地方，因此是暴露在不安全的環境。(4)感測器主要是以低成本考量來設計的，所以不具有防竄改的硬體保護。…等等。由於以上的特性與限制，確保無線感測器網路安全是個重要的議題。然而，低成本的硬體元件限制了感測器的計算能力甚至能源，因此公共鑰匙基礎結構與許多已經成熟的安全機制是不適用於無線感測器網路。如何提供省能源的網路安全機制成為一個很大的挑戰。而無線感測器網路環境最難解決的其中之ㄧ安全議題就是node-compromised attack。為了解決此問題，本論文提出一個方法可以緩和此攻擊所造成的衝擊。 本論文提出一個利用「完美雜湊族」(Perfect Hash Families)的方式來實現(k, n)秘密分享機制，將私密的金鑰分散給在網路上的每個節點。當節點偵測到某事件發生，必須由k個節點使用到Threshold MAC機制來共同簽章該訊息，而負責傳遞的節點可用簡單的機制來驗證該訊息是否正確、是否要繼續傳遞；Base station收到此訊息亦可驗證該訊息的正確性。因此可以緩和Compromise node攻擊。然而我們提出的方法，最複雜的運算是one-way hash function，該運算速度快與不耗能源，因此該機制適合於無線感測器網路。

In recent years, academics are paying increasing attention to the technology of Wireless Sensor Network. The technology can be used in many areas, such as military, security monitoring and control, and medical management. Wireless sensor network is composed of a large number of sensors, and it belongs to low-power, low-data and low-distance wireless transmission networks. Therefore, there are some characteristics and restrictions in wireless sensor networks. For example, (1) the memory, the power, the transmitting distance, the computing capability of sensors is limited. (2) Although the wireless sensor network consists of a large quantity of sensors, the network monitoring personnel usually do not monitor all sensors as they consider the cost. (3) Many sensor systems lay aside in places where are easy to contact, and they are therefore exposed in rather insecure environments. (4) For economic reasons, sensors are lack of tamper-resistant hardware. Due to the abovementioned characteristics and restrictions, guaranteeing the security of wireless sensor networks is an important subject. In addition, the low-cost sensor has a slow-speed processor and limited energy. Therefore, the public key infrastructure and many mature security mechanisms are not suitable for wireless sensor networks. How to provide the power-saving security mechanism for wireless sensor networks becomes a difficult challenge. The node-compromised attack is the most difficult challenge related to security in the wireless sensor network. In order to solve this problem, this thesis proposes a mechanism to mitigate the impact of the node-compromise attacks. Specifically, this thesis proposes a mechanism using the perfect hash families to implement the (k, n) threshold secret sharing. We distribute the private keys to every node in the network. When the sensors detect an event occurred, k sensors of them can sign the message using Threshold MAC mechanism. The forwarding nodes use simple method to verify whether this message correct, and to determine whether they should continue with the transmission process. When the base station receives this message, it can also confirm the validity of this message. In our mechanism, the most complicated operation is one-way hash function, which has a fast speed and does not consume much energy. Therefore, our mechanism can mitigate the node-compromised attack, and it is suitable for wireless sensor network.