CN102045887A - Access authorization device and method for wireless sensing network - Google Patents

Abstract

An access authorization device for a wireless sensor network includes at least one base node and a wireless sensor network formed by a plurality of sensor nodes. The at least one base node sends a request message to a target sensing node in the wireless sensing network after obtaining an access authorization of a user. The target sensing node requests to return the sensing data to at least one control node in the wireless sensing network according to the request message, and determines whether the access authorization of the user is met by referring to the sensing data returned by the control node, so as to serve as a basis for whether the multimedia data meeting the access authorization is returned.

Description

Access authorization device and method for wireless sensor network

technical field

The present invention relates to a wireless sensor network (Wireless Sensor Network, WSN) access authorization (access authorization) device and method.

Background technique

Wireless sensor networks include many tiny, distributed, low-power and low-complexity sensing nodes to cooperatively monitor physical environment information, such as environmental temperature, humidity, vibration, luminosity, pressure, gas, concentration, etc. Multimedia data, such as image or sound data, can also be collected and transmitted through the wireless sensor network. Most of the collected data is used to detect some events or trigger other actions. Applications of wireless sensing networks include building structure detection, seismic activity detection, security monitoring, forest fire detection, and battlefield monitoring.

FIG. 1 is a schematic diagram of an example of an application architecture of a wireless sensor network. Referring to FIG. 1 , the sensing nodes in the wireless sensor network 105 formed by a plurality of sensing nodes, such as the sensing node 131, transmit the sensed data to the base node (Base Station) with multi-hop (multi-hop). , BS) 110, the base node 110 collects sensing data and transmits it to a server (Server) 116 through the Internet 114, such as a web server. The user, such as 118 or 120, can remotely log in to the server 116 through the Internet 114, and after the server 116 verifies the user's identity and authority, the user can access the sensor in the wireless sensor network 110 according to its own authority. The sensor data of the measuring node.

In the application of wireless sensor networks, the collection of sensing data is usually sent back to the base node periodically or aggregated in a special processing way and then sent back to the base node, and the back-end server then collects the sensing data. Parse processing for consumer readability. The amount of multimedia data is much larger than that of general sensing data, and considering the communication capabilities of wireless sensor networks and the limitations of low-power sensors, most of this type of data is collected after the user gives an order. This data is collected back. The collection of multimedia data also involves privacy issues.

For example, when the wireless sensor network is used in security monitoring, the user hopes that when an intruder invades, the guard can watch the image to capture the appearance of the intruder as auxiliary information for supplementing the intruder, but they also hope that the privacy can be maintained normally , to prevent guards from viewing areas that require privacy. If the wireless sensor network continuously reports sensory information, it passes through the base node and then is transmitted to the server. The server can judge whether a specific event has occurred based on the sensory information, and then enable the security guard or a specific user to access the image data. That is to say, the user's access authorization conditions come from information provided by trusted components, and the judgment of access authorization is also completed in a safe and reliable environment or components that are isolated from attackers, such as the secure core , a trusted computing foundation or a secure computing device, so physical damage attacks are assumed to be impossible.

However, this method will speed up the power consumption of the adjacent nodes of the base node due to continuous routing packets. Therefore, how to control different access privileges for different users and at appropriate times, such as when an emergency occurs, allow some users to obtain the right to read multimedia data in real time, and design a The security access control technology suitable for the characteristics of wireless sensor network is also one of the key technologies of wireless sensor network.

An example of the data authorization method disclosed in Taiwan Patent Publication No. 200614767 in FIG. 2 is an authorization operation for data sharing between two mobile devices. As shown in the example process in Figure 2, a mobile device A sends a sharing packet to a mobile device B. The content of the packet includes the data to be shared and the corresponding data rules. Get the data shared in the packet, that is to say, a mobile device directly transmits the data to be shared to another mobile device, so that the other device judges whether it has the authority to read the shared data. Among them, this judges the access authorization rule Environmental awareness information does not contain any physical environment information.

The example of the Secure Wireless Authorization System (Secure Wireless Authorization System) disclosed in US Patent No. US7,447,494 in FIG. 3 is used for two devices to perform access authorization verification remotely through a server, so that a third-party device can access to another remote device. A user device, as shown in the system example of FIG. 3 , a user 310 logs in to an authorization server (authorization server) 312 in a secure manner and remains online, and then a remote third party device (remote third party entity) 320 initiates an authorization request, The authorization server 312 approves the remote third-party device to execute the program after verifying the authorization request and other related information. That is to say, the access authorization verification is completely performed by the authorization server 312 .

Contents of the invention

Embodiments of the present invention can provide an access authorization device and method for a wireless sensor network.

In an embodiment, the disclosed is related to an access authorization device for a wireless sensor network. The device includes at least one base node and a wireless sensing network formed by several sensing nodes. After obtaining an access authorization from a user, the at least one base node sends a request message to a target sensor node in the wireless sensor network. According to the request message, the target sensor node requests at least one control node in the wireless sensor network to send back its sensing data, and refers to the sensing data returned by the at least one control node to determine whether it is suitable for this application. The access authorization of the user is used as the basis for whether to return the multimedia data conforming to the access authorization.

In another embodiment, the disclosure relates to an access authorization method for a wireless sensor network. The method includes: obtaining a user's access authorization through at least one base node; selecting at least one control node from several sensor nodes in a wireless sensor network, and selecting the base node to a target sensor node at least one intermediate routing node; through the base node, send a request message to the target sensing node, the request message at least has verification information; the target sensing node sends at least one selected control node according to the request message Request to send back its sensing data, and refer to the returned sensing data to determine whether it meets the user’s access authorization, and send a corresponding response message; the at least one intermediate routing node according to the verification information, checking the response message to decide to discard or forward the response message; and verifying the forwarded response message through the base node.

The above and other objectives and advantages of the present invention will be described in detail below in conjunction with the following diagrams, detailed descriptions of implementation examples and scope of patent application.

Description of drawings

FIG. 1 is a schematic diagram of an example of an application architecture of a wireless sensor network.

Fig. 2 is an exemplary flow chart of a data authorization method.

FIG. 3 is a schematic diagram of an example of a secure wireless authorization system.

FIG. 4 is a schematic diagram of an example of a usage scenario of a wireless sensor network, which is consistent with certain disclosed embodiments.

FIG. 5 is a schematic diagram of an example of an attack model that affects delivery of messages.

FIG. 6 is a schematic diagram of an example of an attack model for destroying an attack target sensing node.

FIG. 7 is a schematic diagram of an example of an attack model for destroying an attack control node.

FIG. 8 is a schematic diagram of an example of an attack model of a moving object sensing node.

FIG. 9 is a schematic diagram of an example of an attack model of a mobile control node.

FIG. 10 is a schematic diagram of an example of an access authorization device for a wireless sensor network, which is consistent with certain disclosed embodiments.

FIG. 11 is an exemplary flowchart of an access authorization method for a wireless sensor network, which is consistent with certain disclosed embodiments.

FIG. 12 is an example schematic diagram of a base node, which is consistent with certain disclosed implementation examples.

FIG. 13 is a schematic diagram of an example of a control node, which is consistent with certain disclosed embodiments.

FIG. 14 is an exemplary schematic diagram of a target sensing node, consistent with certain disclosed embodiments.

FIG. 15 is a schematic diagram of an example of detecting that a node is moved, which is consistent with certain disclosed implementation examples.

FIG. 16 is a schematic diagram of an example of a general format of a request message, which is consistent with certain disclosed embodiments.

Fig. 17 is an exemplary schematic diagram illustrating the operation of the intermediate routing node for processing the request message, which is consistent with some disclosed embodiments.

FIG. 18 is an exemplary schematic diagram illustrating the operation of an intermediate routing node for processing a response message, which is consistent with certain disclosed embodiments.

[Description of main component labels]

105 wireless sensor network 110 base nodes

114 Internet 116 Server

118, 120 users 131 sensing nodes

310 user 312 authorization server

320 remote third-party device

400 Examples of Use Scenarios for Wireless Sensor Networks

402 base node 404 target sensing node

406 multi-hop 408 area

411-41m intermediate routing nodes 421-42k sensing nodes

410 delivery request message 420 response with multimedia data

504 target sensing node 505 attacker

521-525 control nodes

605 Attacker

610 The attacker destroys or attacks the target sensing node

620 returns the multimedia directly to the base node

705 attacker 721-724 control node

710 Send false sensing data to the target sensing node

805 Attacker 802 Area

804 other areas 810 moving target sensing node

905 attacker 906 other areas

904 another area 921, 922 control nodes

910, 920 mobile control nodes

1002 server 1004 base node

1006 wireless sensor network 1008 users

1004a request message 1008a access authorization

1010 target sensing nodes 1021-1024 sensing nodes

1110 Obtain the user's access authorization through the base node

1120 Select at least one control node from several wireless sensor nodes in the wireless sensor network, and select at least one intermediate routing node from the base node to the target sensor node

1130 Send a request message to the target sensing node through the base node, the request message is at least equipped with verification information

1140 The target sensing node requests at least one selected control node to return its sensing data according to the request message, and refers to the returned sensing data to determine whether the access authorization of the user is met, and sends a corresponding response message for

1150 The at least one intermediate routing node checks the response message according to the verification information to decide to discard or forward the response message

1160 base node verifies the forwarded response message

1210 storage unit 1220 central processing unit

1231 first communication interface 1232 second communication interface

1300 control nodes 1310 sensors

1310a sensing data 1320 communication interface

1330 central processing unit

1410 sensor 1410a multimedia data

1420 communication interface 1430 central processing unit

1510 nodes 1520 mobile

1531-1534 Neighbor Nodes 1540 Nodes After Moving Location

1550 attackers

MAC _L photometric message verification code MAC _T temperature message verification code

MAC _H Humidity Message Authentication Code SMAC Multimodal Message Authentication Code

Repl_message response message

Detailed ways

An embodiment of the present invention provides an access authorization technology for a wireless sensor network, which is designed to send the user's access authorization data to a target sensor node in the wireless sensor network, and then send the access authorization data to a target sensor node in the wireless sensor network. Other sensing nodes cooperate with each other to report the sensed physical environment information, such as environmental temperature, humidity, luminosity, vibration, pressure, gas, concentration and other information, in order to make distributed access authorization judgments, and then decide whether to send back The data is read by the user. The access authorization technology can be applied in a multi-mode wireless sensor network environment as an access authorization control for users to access multimedia data detected by the wireless sensor network, such as image or audio data.

FIG. 4 is a schematic diagram of an example of a usage scenario of a wireless sensor network, which is consistent with certain disclosed embodiments. In the usage scenario example 400 of FIG. 4 , it is assumed that there are m intermediate routing nodes (intermediate routing nodes) 411-41m between the base node 402 and the target sensor node 404, and the wireless sensor network 400 is multihop (multihop) 406 for data transmission from the base node 402 to the target sensor node 404 request message, as indicated by the arrow 410; there are multiple sensor nodes in the same area 408 of the target sensor node 404, and the same area 408 represents the target sensor The sensing node 404 and other sensing nodes can communicate with each other. There are several sensing nodes, such as sensing nodes 421-42k, which can provide other sensing data of the area 408 to the target sensing node 404 for user access. Judgment of authorization, this type of sensing node that can provide other sensing data in the same area to the target sensing node for user deposit and authorization judgment is called the controlling node of the area. After the target sensor node 404 determines that the access authorization is met, it responds with multimedia data, as indicated by the arrow 420 .

Since the judgment of access authorization is completed on the sensor node, the sensor node may be subject to entity destruction attacks (node compromised attacks). The goal of the attacker is to try to bypass the judgment of access authorization without effective access rights to obtain multimedia sensing data in certain areas, that is, the sensing data in a certain area does not meet the requirements of access authorization. Authorization conditions, and the implementation example of the present invention is to be able to prevent these attackers from attempting to bypass the judgment of access authorization. Figures 5 to 9 respectively list examples of five possible attack models. The five possible attack models include those who influence the message transmitter, those who destroy the attack target sensor node, those who destroy the attack control node, those who move the target sensor node, and those who move the control node.

The example of the attack model in Figure 5 is that the attacker influences or manipulates the message sent by the control node to the target sensing node in an attempt to pass the judgment of access authorization, for example, the attacker 505 modifies or resends the message sent by the control node 521-525 to the target The sensing data of the sensing node 404 conforms to the access authorization judgment. An example of the attack model of FIG. 6 is that the attacker 605 can destroy the attack target sensing node 504, as indicated by the arrow 610; then, as indicated by the arrow 620, the multimedia is directly returned to the base node without asking the surrounding control nodes It senses data to judge whether the environmental information meets the access authorization. An example of the attack model in FIG. 7 is that the attacker 705 can destroy or attack the control nodes 721 - 724 , and then send false sensing data to the target sensing node 504 to meet the access authorization decision, as indicated by the arrow 710 .

An example of the attack model in FIG. 8 is that if the attacker 805 has permission to access the target image or sound sensing data in an area 802, the attacker 805 can move the target sensing node 404 to other areas 804, as indicated by arrow 810; As a result, the attacker 805 can illegally obtain multimedia data in other areas 804 .

The example of the attack model of Fig. 9 is that the assailant moves the control node to other physical environment areas that meet the access authorization conditions, for example, the assailant 905 moves the control node 921 to other areas 906, as indicated by the arrow 910; the assailant 905 Move the control node 922 to another area 904, as indicated by the arrow 920; and an attacker can obtain multimedia data illegally.

Since the physical environment data detected by the sensor nodes, such as temperature, humidity, luminosity and vibration, etc., are used as the conditions for access authorization judgment, and the transmission of large amounts of data such as multimedia on the wireless sensor network with limited resources will It causes a certain burden, and it is also one of the factors that cause the communication burden to consume power. Therefore, the implementation example of the access authorization device for the wireless sensor network of the present invention is designed to have a certain impact on the error of physical environment data detection or the attack and destruction of the attacker. corresponding mechanism. For example, erroneous messages, such as tampered by attackers or illegal response messages in the above attack model, are filtered out and discarded in the middle process, and do not need to be discovered and discarded when they are sent back to the base node. Intermediate routing nodes can be avoided from expending resources to transmit this error message.

FIG. 10 is a schematic diagram of an example of an access authorization device for a wireless sensor network, which is consistent with certain disclosed embodiments. In the example of FIG. 10 , the access authorization device 1000 includes at least one base node 1004 and a wireless sensor network 1006 formed by several sensor nodes. After at least one base node 1004 obtains an access authorization 1008a of a user 1008, it sends a request message 1004a to a target sensor node 1010 in the wireless sensor network 1006, and the target sensor node 1010 sends a request message 1004a to the wireless network. At least one control node in the sensing network 1006 requests to send back its sensing data, and judges whether the access authorization 1008a of the user 1008 is met according to the sensing data returned by the at least one control node, as whether to send back Evidence for multimedia data in compliance with access authorization 1008a.

The at least one control node is all sensing nodes in the wireless sensing network 1006, such as sensing nodes 1021-1024, which can refer to at least one type of physical environment information, such as environmental temperature, humidity, luminosity, vibration and other information, whether The conditions marked in the access authorization of the user 1008 are met to determine whether to send back the sensing data to the target sensing node 1010 for the judgment of the access authorization 1008a. If the returned sensing data conforms to the access authorization 1008a of the user 1008, the target sensing node 1010 returns multimedia data conforming to the access authorization 1008a, such as image or audio data, to the base node 1004, and the base node 1004 transmits Return the multimedia data to the server to provide to the user. If the access authorization 1008a of the user 1008 is not met, the target sensor node 1010 sends back an access denied message.

Referring to the manner in which the sensing data is returned by the control node, it is possible to refer to the sensing data returned by at least one control node for one type of sensing data, and then calculate the statistics of the returned sensing data, such as the average (average), majority (majority), maximum (maximum) or minimum (minmum), etc., as the sensing data for the final reference.

The request message 1004a sent by the base node 1004 also includes a verification parameter, and this verification information is provided to each routing node of one or more routing nodes between the base node 1004 and the target sensing node 1010, which can be used as a verification response in the future A parameter of a message. For example, when a routing node can use this parameter to check out a response message that has been tampered with by an attacker or is illegal, the response message will be discarded in the middle process.

The user 1008 can provide an identity to the identification and password login server 1002, such as a web server, and then the server can send a request command to the base node 1004 after verifying the user's identity. According to the request command 1002a, the base node 1004 can obtain the access authorization 1008a of the user 1008 from the server 1002 through the Internet.

Based on the above, FIG. 11 is an exemplary flowchart of an access authorization method for a wireless sensor network, which is consistent with certain disclosed embodiments. In this exemplary process, firstly, the access authorization of the user 1008 is obtained through the base node 1004 , as shown in step 1110 . Select at least one control node from several wireless sensor nodes in the wireless sensor network 1006 , and select at least one intermediate routing node from the base node 1004 to the target sensor node 1010 , as shown in step 1120 . The base node 1004 sends a request message 1004 a to the target sensor node 1010 , the request message 1004 a has at least authentication information, as shown in step 1130 . The target sensing node 1010 requests at least one selected control node to return its sensing data according to the request message 1004a, and refers to the returned sensing data to determine whether it meets the access authorization 1008a of the user 1008, and sends A corresponding response message, as shown in step 1140 . The at least one intermediate routing node checks the response message according to the verification information to decide to discard or forward the response message, as shown in step 1150 . Then the base node 1004 verifies the forwarded response message, as shown in step 1160 .

Based on the above, the base node 1004 may include a storage unit, a central processing unit, and a first communication interface and a second communication interface. As shown in the example of FIG. 12 , the storage unit 1210 stores data, such as the access authorization of the user 1008 , the request message 1004 a, the response message, and the like. The central processing unit 1220 issues a transmission request message 1004a to the target sensor node 1010 through the second communication interface 1232 according to the user's access authorization, and transmits the multimedia data returned by the target sensor node 1010 through the first communication interface 1231 to the server 1002. The first communication interface 1231 is for two-way communication with the server 1002 . The second communication interface 1232 communicates with sensing nodes or intermediate routing nodes in the wireless sensing network.

Each control node 1300 may include at least one sensor, a communication interface and a central processing unit. As shown in the example of FIG. 13 , at least one sensor 1310 senses at least one type of physical environment information, such as temperature, humidity, luminosity, pressure, gas, concentration, and the like. The communication interface 1320 performs two-way communication with the base node 1004 and the target sensing node 1010 . The central processing unit 1330 can instruct the sensor 1310 to perform sensing, and can send back the sensing data 1310 a of the sensor 1310 to the target sensing node 1010 through the communication interface 1320 .

The target sensing node 1010 may include at least one sensor, a communication interface and a central processing unit. As shown in the example of FIG. 14 , the communication interface 1420 communicates bidirectionally with the base node 1004 and each control node. The central processing unit 1430 requests the sensing data from each control node through the communication interface 1420 according to the request message 1004a sent by the base node 1004, and judges whether to instruct at least one sensor 1410 to capture the multimedia data 1410a and transmit it back and forth according to the sensing data. Give the base node 1004.

The second communication interface 1232, the communication interface 1420, and the communication interface 1320 can adopt wireless transmission methods, such as IEEE 802.15.4 wireless sensor network and BlueTooth and other short-distance communication protocols with multiple hops. The first communication interface 1231 can adopt wired or wireless transmission methods, such as Ethernet, IEEE 802.11 wireless network, WiMax, 3G, 3.5G, and GPRS.

The request message 1004a sent by the base node 1004 includes authentication information. In the wireless sensor network access authorization technology of the present invention, all relevant response messages will also contain a proof to prove that the response message is authorized by access Verification, for example, proves that the control node does report the sensing data to the target sensing node, the target sensing node does have the access authorization of the verified user, and so on. The selected intermediate routing node can verify whether to route these response messages to the next node by transmitting different verification keys along with the request message, that is, randomly select some nodes from the intermediate routing nodes to enable early verification of the response message correctness.

When the base node sends a request message to read the multimedia data of the target sensor node, the base node will inform the target sensor node according to the user's access authorization, which control nodes in the area need to request sensor reading value. There are many examples of the selection of the control node and the calculation of the sensing reading value. For example, a certain control node is randomly or fixedly selected from multiple control nodes of the same type as a certain type of reading result, A part or all of the control nodes are randomly or fixedly selected from a plurality of control nodes of the same type, and the average reading value (average) or the majority reading value (majority) is calculated as a certain type of reading value result. If the system has a single control node and there are multiple types of sensors, it is also possible to randomly or fixedly select a single or part of the control nodes and then calculate the average or majority reading value as a certain type of reading value result. Control nodes are determined by random or fixed selection, which can reduce the impact caused by attackers destroying some control nodes, for example, destroying some control nodes to report false sensing messages or destroying attack intermediate routing nodes to fake responses news etc.

In the implementation example of the present invention, a node-movement detection protocol (Node-Movement Detection Protocol) is adopted to prevent nodes such as target sensing nodes or control nodes from being moved. This protocol can use the neighbor nodes of a node to monitor whether the relative distance of the node changes, and it can be used as a countermeasure to prevent the node from being moved or attacked. The initialization process of this protocol can be executed after the network deployment is completed without the intervention of an attacker. For example, each node broadcasts n beacon packets to neighbor nodes, and then each node calculates the distance to each neighbor node according to the beacon packets sent by each neighbor, and then records the calculation results down and labeled as the reference set {d1,d2,...,dn}. Once this protocol is initialized, a node can execute this protocol to check whether itself has been moved.

Instructions for performing this protocol follow. Each node broadcasts n beacon packets to neighbor nodes, and then each neighbor node calculates the distance from the node that sent the beacon packet according to the received beacon packets, records the calculation results and marks them as a test set{ d1', d2', ..., dn'}, each neighbor node compares the difference between the two sets. There are many ways to compare the difference. For example, when the difference is less than a threshold value of a tolerable error, the returned value indicates that the node has not been moved. Conversely, when the difference is greater than the threshold value of the tolerable error, the returned value indicates that the node has been moved.

As shown in the example of Figure 15, when a node 1510 is moved (as indicated by arrow 1520), the relative distance between this node and each neighbor node, such as neighbor nodes 1531-1534, will also change accordingly, where the dotted line is marked as The original distance between the node 1510 and the neighbor nodes, the solid line indicates the distance between the node 1540 and the neighbor nodes after the position is moved. Therefore, if a node receives a reported distance exceeding the threshold value, it indicates that it has been moved, and the node can determine that it has been moved by the attacker 1550 . In other words, by using the neighbor nodes to calculate the distance to its own node and comparing with the previously recorded distance, each node can be notified by the majority of neighbor nodes whether its location has been moved by the attacker. To reduce the error caused by the environment, for example, the number of n can be increased, or the number of neighbor nodes can be increased, or the threshold value can be adjusted appropriately.

Some symbols and their meanings are defined below, and a working example is used to describe the content of the present invention in detail.

A→B: M means that A sends a message M to B,

{M} _k indicates that message M is encrypted,

MAC(M, K) means to use the key K to calculate the message authentication code of the message M,

H( ) represents a one-way hash function,

M//N indicates that message M is connected to message N,

Indicates exclusive or XOR operation,

ID _i represents the identity of i,

R _i represents the sensing reading value of i,

K _i represents the peer-to-peer key shared by i with the base node, and

K _ij represents the point-to-point key shared by i and j.

Taking the usage scenario of the wireless sensor network terminal in Figure 4 as an example, assume that there is a user whose access authorization conditions are: to read image data, and its physical environment is that the temperature is higher than 30 degrees, the luminosity is higher than 200 lumens, and the humidity is low at 30%. When the base node 402 obtains the user access authorization, for example, when receiving a command from a server, it is assumed that the result selected by the base node 402 randomly or fixedly is the reading value of a photometric sensor (marked as SC1) in the reference area 408, The average reading values of three temperature sensors (marked as SC2, SC3, SC4) in the reference area 408 and the majority reading values of some four humidity sensors (marked as SC5, SC6, SC7, SC8) in the reference area 408, then An example of the general format of the request message sent by the base node 402 to the target sensor node 404 is shown in FIG. 13 , which is consistent with certain disclosed embodiments.

In the example of FIG. 16, the field content of the general format may include the identity QID of the request message, an authentication parameter C', the encrypted user's access authorization {acc_auth} _k , a random random number N, and The sensing data type of the node and its calculation method, the identity of the selected control node, and the valid range of the sensing data. Taking the result of random selection by the base node 402 as an example, the request message sent by the base node 402 to the target sensing node 404 may include QID, C', {acc_auth} _k , N, and three types, that is, the photometric sensor (SC1), three temperature sensors (SC2, SC3, SC4), four humidity sensors (SC5, SC6, SC7, SC8), the sensing data type and calculation method, the identity of these three types of sensors and their sensitivity The effective range valid_range of the measured data can be expressed as follows:

QID, C', {acc_auth} _k , N,

{photometric_average: id _sc1 , first valid range},

{temperature_average: ID _SC2 , ID _SC3 , ID _SC4 , second valid range},

{humidity_majority: ID _SC5 , ID _SC6 , ID _SC7 , ID _SC8 , third valid range),

Among them, the first valid range is the average result of the photometric readings of the photometric sensor SC1, the second valid range is the average result of the temperature readings of the three temperature sensors (SC2, SC3, SC4), and the third valid range is four The multi-value result of the humidity readings from each of the humidity sensors (SC5, SC6, SC7, SC8).

The verification parameter C' is given to each intermediate routing node from the base node 402 to the target sensing node 404 as a parameter for a future return message. Taking the above request message as an example, an example method of calculating the verification parameter C' is as follows:

i从1至8，make

i from 1 to 8,

则计算C’＝h(C_SC1)。and

Then calculate C'=h(C _SC1 ).

After the request message is sent, from the base node 402 to the target sensor node 404, each intermediate routing node of the intermediate routing nodes 411-41m stores the QID and C', and routes the request message to the next node, such as As shown in FIG. 17 , it is consistent with some disclosed implementation examples. These stored values can be automatically deleted by the node after the response message is sent back or after a certain period of time, so as to save the storage space of the node.

After the target sensing node 404 receives this message, it decrypts and takes out the user's access authorization acc_auth and can execute the node movement detection protocol to determine whether its position has been moved. If the target sensing node 404 finds that its position has been Move, then report this event to the base node 402 and terminate subsequent operations; otherwise, the target sensing node 404 performs the following operations to request the sensing reading value from the control node according to the request message:

Target Sensing Node → SC1:N, <luminosity>,

Target sensing node → SC2, SC3, SC4: N, <temperature>,

Target sensing node → SC5, SC6, SC7, SC8: N, <humidity>.

After the control node receives the message from the target sensing node 404, it can execute the node movement detection protocol to determine whether its position has been moved. If it finds that its position has been moved, it will report this event to the base node 402 for follow-up. processing; otherwise, the control node performs the following operations to report the sensing reading value requested by the target sensing node 404:

SCi→target sensing node: R _SCi , i is from 1 to 8.

After the target sensing node 404 receives the sensing reading value reported by the control node, it performs calculation (for example, average value or multi-value calculation), and then checks whether the calculation result is consistent with the user's access authorization acc_auth and valid range, if there is any One does not match, then report the second event to the base node 402 and terminate subsequent operations; otherwise, the target sensing node 404 multimedia data (image) and performs the following operations to transmit the encrypted multimedia data to each control node:

Target sensing node→SCi: h({multimedia data} _k ), i is from 1 to 8.

After receiving the above message, each control node SCi can use the random random number N and the key K _SCi shared with the base node 402 to calculate C _SCj , and then perform the following operations to encrypt h(C _SCi ) and transmit the encrypted h(C _SCi ) and a message authentication code i_MAC to the target sensing node 404:

SCi→target sensing node: {h(C _SCi )} _k , i_MAC, i from 1 to 8,

in,

i_MAC=MAC(R _SCi //h({multimedia data} _k ), h(C _SCi //K _SCi )).

The target sensing node 404 decrypts and extracts each h(C _SCi ) to calculate the C value, and also calculates the photometric message verification code MAC _L , the temperature message verification code MAC _T , and the humidity message verification code MAC _H , through MAC _L , MAC _T , MAC _H , and then calculate a multi-mode message authentication code SMAC value, each value is calculated as follows:

$\mathrm{<span\; class="notranslate">\; C</span>}<span\; class="notranslate">\; =</span>\mathrm{<span\; class="notranslate">\; h</span>}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; C</span>}}_{\mathrm{<span\; class="notranslate">\; SC</span>}\mathrm{<span\; class="notranslate">\; 1</span>}}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; \&CirclePlus;</span><span\; class="notranslate">\; .</span><span\; class="notranslate">\; .</span><span\; class="notranslate">\; .</span><span\; class="notranslate">\; \&CirclePlus;</span>\mathrm{<span\; class="notranslate">\; h</span>}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; C</span>}}_{\mathrm{<span\; class="notranslate">\; SC</span>}\mathrm{<span\; class="notranslate">\; 8</span>}}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; ,</span>$

$\mathrm{<span\; class="notranslate">\; SMAC</span>}<span\; class="notranslate">\; =</span>{\mathrm{<span\; class="notranslate">\; MAC</span>}}_{\mathrm{<span\; class="notranslate">\; L</span>}}<span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; MAC</span>}}_{\mathrm{<span\; class="notranslate">\; T</span>}}<span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; MAC</span>}}_{\mathrm{<span\; class="notranslate">\; h</span>}}<span\; class="notranslate">\; .</span>$

Then, the target sensing node 404 performs the following operations to transmit the response message Repl_message to the base node 402:

Target sensing node → base node: Reply_message, where,

The content of the response message Reply_message includes such as QID, C, pairing {ID _SCi : R _SCi }, MAC _L , MAC _T , MAC _H , {multimedia data} _k , {SMAC} _k , i from 1 to 8; pairing {ID _SCi : R _SCi } represents the identity of the control node SCi randomly selected by the base node 402 and the sensing reading value reported by the control node SCi.

When the response message is in the process of returning, each intermediate routing node verifies whether h(C) is equal to C' according to the QID, and if not, discards the response message; otherwise, routes the response message to the next node, as shown in Figure 18 It is consistent with some disclosed implementation examples.

After the response message is sent back to the base node 402, the base node 402 verifies whether h(C) is equal to C', whether all the read values conform to the user's access authorization acc_auth and the valid range, and whether the SMAC value is correct. If there is no problem, the image, namely {multimedia data} _k , will be decrypted and sent back to the server to provide to the user, otherwise, the response message will be discarded.

Next, MAC _L , MAC _T , and MAC _H , which can increase the authentication function of the intermediate routing node, will be described. When the base node 402 initially transmits the request message to the target sensor node 404, the base node 402 can randomly select some intermediate routing nodes and send different verification keys to these randomly selected intermediate routing nodes along with the request message, and these owning part The intermediate routing node that verifies the key has the ability to verify MAC _L , MAC _T , MAC _H .

For example, assume that the base node 402 transmits the authentication key h(C _SC2 //K _SC2 )//h(C _SC3 //K _SC3 )//h(C _SC4 //K _SC4 ) to a first intermediate router respectively node, and the verification key h(C _SC1 //K _SC1 ) to a second intermediate routing node, then when the target sensing node 404 returns an image message to the base node 402, the first intermediate routing node can verify the MAC _T , and the second intermediate routing node can verify MAC _L . In this way, the illegal response message can be filtered out by the intermediate routing node in advance during the intermediate transmission process, instead of being found when it is transmitted back to the base node, so as to save resources for transmitting illegal messages.

The access authorization technology of the wireless sensor network of the present invention can also resist the attack models shown in Figures 5 to 9, so that the attacker has no way to evade the control of access authorization or obtain undue access through these attacks authority. The security of the present invention is analyzed one by one below.

Since the target sensing node responds to the base node with a parameter C, and the parameter C is information that must be calculated by all randomly or fixedly selected control nodes, even if the target sensing node is destroyed by an attack, it cannot Before requesting the sensing readings of all control nodes, a response message is sent to the base node. The attacker cannot forge any message and send it back to the base node; in addition, each intermediate routing node will also verify the correctness of the parameter C, and the response message that does not contain the correct C will be discarded immediately.

Because each sensing reading value R _SCi sent back by the randomly or fixedly selected control node SCi uses the parameters composed of the key shared with the base node to calculate the message authentication code MAC, such as MAC _L , MAC _T , or MAC _H , and the randomly selected intermediate nodes and base nodes will verify the correctness of the MAC, and any response message that does not contain the correct MAC will be discarded immediately. Therefore, the target sensing node attacked by sabotage cannot forge the sensing read value conforming to the access authorization, and the attacker cannot modify the sensing read value.

Because when calculating the MAC key, the parameter C _SCi needs to be included, and the parameter C _SCi is calculated from the random number N generated by the base node every time, so the attacker cannot resend the sensing reading value and message verification code MAC.

Because any randomly selected intermediate routing node will verify part of the message authentication code MAC, such as MAC _L , MAC _T , or MAC _H , the tampered multimedia data will be verified by the intermediate routing node before it is returned to the base node To give up. Therefore, an attacker cannot tamper with the multimedia data returned by the target sensing node.

Although the implementation example of the present invention uses randomly selected intermediate routing nodes to verify the correctness of the message authentication code MAC in advance, an attacker still has some chances to attack and destroy the randomly selected intermediate routing nodes, and then forge the sensing reading value and its MAC. Because the randomly selected intermediate routing nodes have the key for verifying the MAC, the legal MAC can be calculated. However, when the base node receives the response message, it will decrypt and verify the SMAC, so any tampered MAC, such as MAC _L , MAC _T , or MAC _H , will be discovered at the base node by verifying the SMAC.

The moving target sensing node or any control node will be detected by the node movement detection protocol. Therefore, it can be ensured that the node position will not be moved to a location or environment that should not exist, and the detection accuracy can be determined by factors such as the surrounding environment and hardware sensitivity.

To sum up, the exemplary embodiments of the present invention can provide an access authorization device and method for a wireless sensor network. The response message contains a certification parameter C, representing the authenticity and validity of the response message. Random or fixed node selection, including the selection of control nodes and the selection of intermediate routing nodes for verifying requests or responding messages, plus referring to the sensing data reported by most sensing nodes, can reduce the impact of sabotage attacks by attackers. Wrong data will also be found by the intermediate routing nodes and filtered out early, which can save the resources of the wireless sensor network. The implementation examples of the present invention only use lightweight calculation methods, such as XOR, one-way hash function, symmetric key encryption and other calculation methods to implement security functions, so they are also very suitable for wireless sensor network environments.

In addition, each intermediate routing node only needs to store QID and C' (less than 10 bytes), and some randomly selected intermediate routing nodes only need to store a little more verification keys. For example, if AES-128 is used, store A key only needs 16 bytes of storage space, and these storage values can also be automatically deleted by the node after the response message is returned or after a period of time. The secure access control structure of the present invention can prevent nodes from being damaged or moved by various attack models, and can also be used for access authorization of multi-mode wireless sensor networks. Sensors in this multi-mode wireless sensor network are used for sensing Various types of environmental values such as temperature, humidity, luminosity, pressure, gas, concentration, etc.

However, what is described above is only an implementation example of the present invention, and should not limit the implementation scope of the present invention accordingly. That is, all equivalent changes and modifications made within the scope of the claims of the present invention should still fall within the scope covered by the claims of the present invention.

Claims (25)

1. An access authorization device for a wireless sensor network, the device comprising: at least one base node; and a wireless sensor network formed by several sensor nodes; Wherein, after obtaining an access authorization of a user, the at least one base node sends a request message to a target sensing node in the wireless sensing network, and the target sensing node sends a request message to the wireless sensing node according to the request message. At least one control node in the network requests to send back its sensing data, and refers to the sensing data responded by the at least one control node to determine whether the access authorization is met, so as to return the multimedia in compliance with the access authorization Basis for data. 2. The access authorization device according to claim 1, wherein the at least one control node is a wireless sensor node in the wireless sensor network, and provides sensing data of at least one type of physical environment information to transmit back and forth to the target sensing node. 3. The access authorization device according to claim 1, wherein the request message further includes authentication information provided to one or more intermediate routes from the at least one base node to the target sensor node Each routing node of the node, and as a parameter of the future verification response message. 4. The access authorization device according to claim 1, wherein the base node further comprises: a first communication interface and a second communication interface; a storage unit for storing data; and A central processing unit sends the access authorization to the target sensing node through the second communication interface, and transmits the multimedia data returned by the target sensing node to a server through the first communication interface. 5. The access authorization device according to claim 1, wherein each control node of the at least one control node further comprises: at least one sensor for sensing at least one type of physical environment information; a third communication interface for communicating with the base node and the target sensing node; and A second central processing unit directs the at least one sensor to perform sensing, and returns the sensing data of the at least one sensor through the third communication interface. 6. The access authorization device according to claim 1, wherein the target sensing node further comprises: at least one sensor for capturing the multimedia data; a fourth communication interface for communicating with the base node and the at least one control node; and A third central processing unit requests sensing data from the one less control node through the fourth communication interface according to the request message, and judges whether to return the multimedia data according to the sensing data. 7. The access authorization device according to claim 1, wherein the request message includes verification information for at least one intermediate routing node from the at least one base node to the target sensing node to verify that the target The message that the sensor node responds to. 8. The access authorization device according to claim 1, wherein the at least one control node executes a node movement detection protocol to determine whether its own location has been changed, and use it as a basis for whether to return its sensing data. 9. The access authorization device according to claim 1, wherein the target sensing node executes a node movement detection protocol to judge whether its own location has been changed, and use it as a basis for whether to send back its response message. 10. The access authorization device of claim 1, wherein the wireless sensor network is a multi-mode wireless sensor network. 11. The access authorization device according to claim 1, wherein several control nodes in the same area of the non-target sensing node provide the sensing data of the area to the non-target sensing node to perform the user's authentication. For the determination of the access authorization, the same area without the target sensor node represents the range where the target sensor node and other sensor nodes can communicate with each other. 12. An access authorization method for a wireless sensor network, the method comprising: Obtaining a user's access authorization through at least one base node; selecting at least one control node from a plurality of sensing nodes in a wireless sensing network, and selecting at least one intermediate routing node from the base node to a target sensing node; sending a request message to the target sensor node via the base node, the request message having at least verification information; The target sensing node requests the selected at least one control node to send back its sensing data according to the request message, and refers to the returned sensing data to determine whether the access authorization of the user is met, and then Send a corresponding response message; The at least one intermediate routing node checks the response message according to the verification information to decide to discard or forward the response message; and The forwarded response message is verified by the base node. 13. The access authorization method according to claim 12, wherein the at least one control node is a node selected in one of random selection and fixed selection. 14. The access authorization method according to claim 12, wherein there are several intermediate routing nodes from the at least one base node to the target sensing node, and the at least one intermediate routing node is selected randomly or fixedly. In this way, some nodes are selected from the several intermediate routing nodes. 15. The access authorization device according to claim 12, the method utilizes a majority of neighbor nodes of a node, wherein the node is a control node or both of the target sensing node, whether the node's location has been moved One of the nodes. 16. The access authorization method according to claim 12, the method is to refer to the sensing data returned by the at least one control node for a type of sensing data, and then calculate the value of the returned sensing data Statistics to determine whether the user's access authorization is met. 17. The access authorization method according to claim 12, wherein the request message at least includes the identity of the request message, an authentication parameter, encrypted access authorization of the user, a random random number, the selected The sensing data type and calculation method of the at least one control node, the identity of the selected at least one control node and the valid range of the sensing data. 18. The access authorization method according to claim 17, wherein the verification parameter is provided to the at least one intermediate routing node as a parameter of a message sent back in the future. 19. The access authorization method according to claim 17, wherein after the request message is sent, each intermediate routing node of the at least one intermediate routing node stores the identity of the request message and the verification parameter, and routes the request message Request message to next node. 20. The access authorization method according to claim 17, wherein after the target sensing node receives the request message, it decrypts and retrieves the user's access authorization, and judges whether its location has been moved. 21. The access authorization method according to claim 12, wherein when the at least one control node receives the request from the target sensing node, it judges whether its location has been moved, and if it is found that the location has been moved If it moves, it will report that the position of the base node has been moved; otherwise, it will report its sensing data. 22. The access authorization method according to claim 19, wherein after the target sensing node receives the sensing data returned by the at least one control node, the target sensing node and the at least one control node perform the following operations: The target sensing node calculates statistics of the returned sensing data to determine whether the access authorization of the user is met; and If so, the target sensor node returns encrypted multimedia data to each control node of the at least one control node; After receiving the encrypted multimedia data, each control node responds to the target sensor node with a corresponding encryption parameter and a corresponding message authentication code; and After the target sensing node decrypts the encrypted parameters, it calculates the verification information and a multi-mode message verification code in the request message. 23. The access authorization method according to claim 22, wherein the target sensing node sends back a response message to the at least one base node, the content of the response message at least includes the identity of the request message, the authentication information, the encrypted multimedia data, the multi-mode message verification code, and the identity of each control node and the sensing data returned by the control node. 24. The access authorization method according to claim 19, wherein when the response message is in the process of returning, each intermediate routing node verifies whether the encrypted verification information is equal to the verification parameter according to the identity of the request message , if not, the response message is discarded, otherwise, the response message is routed to the next node. 25. The access authorization method according to claim 22, wherein the at least one base node verifies whether the encrypted verification information is equal to the verification parameter, verifies whether the sensing data returned by the at least one control node conforms to the user The access authorization and the effective range of the sensing data are used to verify whether the multi-mode message verification code is correct, and if both are correct, the decrypted multimedia data is returned to provide to the user.

Images