雷欽隆臺灣大學:資訊網路與多媒體研究所陳立Chen, LiLiChen2010-05-052018-07-052010-05-052018-07-052008U0001-2107200816070700http://ntur.lib.ntu.edu.tw//handle/246246/180602無線感測網路一般都由數千個資源受限的節點所組成，並部屬在不具網路基礎架構的地點上。目前對於無線感測網路的主要研究都集中在如何安全建立兩兩節點之間的金鑰機制，但許多利用路由資訊，資源消耗，和竊取節點中秘密的攻擊行為可以很快的欺騙或癱瘓整個網路，攻擊者也不需使用太多的技術與機器。我們以LEAP+為基礎架構之下，提出一個結合LEAP+與節點位置資訊的金鑰建立機制，利用驗證節點身分與節點位置的真實性，我們有效的抑制了身分詐欺攻擊，節點複製攻擊的影響範圍。我們進一步提出一個認證節點的機制來防止可能的竊聽重送攻擊，以實作在NS2 的系統證明我們的機制與LEAP+相比能夠更防止惡意攻擊對網路所造成的影響。Sensor networks usually consist of thousands of resource-limited nodes and are deployed in a designated area without any fixed infrastructure. While the establishment of the pairwise keys between any pair of adjacent nodes to build a secure link remains the main concern in the design of key management protocols, malicious attacks aim at routing information, exhaust node’s resource, and compromised secrets can misdirect the data flow or denial the network service with relatively small effort. Many mission-critic sensor network applications demand an effective, light, and flexible algorithm yet robust under attacks. Based on the LEAP+ scheme, we propose an improved LEAP+ by adding location information into the key establishment phase. By identifying the correctness of the id-location pair, our scheme effectively limits the Sybil attack and mitigates the damage of HELLO flood attack and node cloning attack. We furthermore propose an authentication phase in our scheme to defend possible replay attacks. The analysis shows that our scheme is more robust than LEAP+ with only minor increase of computation overhead.Chapter 1 Introduction 1hapter 2 Related Work 4hapter 3 System Description 7.1. LEAP+ 7.2. Security Analysis 9hapter 4 Protocol Description 11.1. Network Model 11.2. Adversary Model 12.3. Key Establishment 13.3.1. Establishing Individual Keys 13.3.2. Establishing Pairwise Keys 14.3.3. Establishing Cluster Keys 16hapter 5 Security Analysis 17.1. Replay Attack 17.2. HELLO Flood Attack 18.3. Sybil Attack 20.4. Node Cloning Attack 21hapter 6 Performance Analysis 24.1. Memory Storage 25.2. Computation Overhead 27hapter 7 Conclusion 29eferences 30application/pdf312451 bytesapplication/pdfen-US感測網路金鑰建立機制路由攻擊身分詐欺攻擊sensor networklocation-based key establishmentHELLO flood attacknode cloningsybil attackthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/180602/1/ntu-97-R95944017-1.pdf