[go: up one dir, main page]

CN111918229A - Method, device and storage medium for transmitting information by wireless sensor - Google Patents

Method, device and storage medium for transmitting information by wireless sensor Download PDF

Info

Publication number
CN111918229A
CN111918229A CN201910382376.6A CN201910382376A CN111918229A CN 111918229 A CN111918229 A CN 111918229A CN 201910382376 A CN201910382376 A CN 201910382376A CN 111918229 A CN111918229 A CN 111918229A
Authority
CN
China
Prior art keywords
key
message
sensor node
generation function
univariate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910382376.6A
Other languages
Chinese (zh)
Inventor
刘道斌
冯绍鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Information Technology Co Ltd
Original Assignee
Potevio Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Potevio Information Technology Co Ltd filed Critical Potevio Information Technology Co Ltd
Priority to CN201910382376.6A priority Critical patent/CN111918229A/en
Publication of CN111918229A publication Critical patent/CN111918229A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请公开了一种无线传感器传输信息的方法、装置和存储介质,具体为每个传感器节点随机配置多变量密钥生成函数,为每个基站端随机配置单变量密钥生成函数;在任意相邻的两个传感器节点之间根据交换的节点标识符和多变量密钥生成函数,生成当前成对密钥;根据单变量密钥生成函数,在基站端生成包含当前会话密钥的广播消息,并将广播消息发送给每个传感器节点,以解析出当前会话密钥;根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。本申请实施例通过轻量级的密钥分配方法在处理能力较低的传感器节点和基站端生成对应的密钥,提升了安全性。

Figure 201910382376

The present application discloses a method, device and storage medium for wireless sensors to transmit information. Specifically, a multivariate key generation function is randomly configured for each sensor node, and a single-variable key generation function is randomly configured for each base station; The current pairwise key is generated between two adjacent sensor nodes according to the exchanged node identifier and the multivariate key generation function; according to the univariate key generation function, a broadcast message containing the current session key is generated at the base station side, Send the broadcast message to each sensor node to parse out the current session key; according to the current pairwise key and the current session key, generate a message encryption key and a message authentication key in the sensor node, and encrypt the message through the message encryption key The key and the message authentication key encrypt the service message to be sent. The embodiments of the present application use a lightweight key distribution method to generate corresponding keys at the sensor nodes and base stations with low processing capabilities, thereby improving security.

Figure 201910382376

Description

一种无线传感器传输信息的方法、装置和存储介质A method, device and storage medium for wireless sensor to transmit information

技术领域technical field

本申请涉及通信技术领域,尤其涉及一种无线传感器传输信息的方法、装置和存储介质。The present application relates to the field of communication technologies, and in particular, to a method, a device and a storage medium for transmitting information by a wireless sensor.

背景技术Background technique

无线传感器网络(Wireless Sensor Networks,WSN)是一种分布式传感网络,它的末梢是可以感知和检查外部世界的传感器。WSN中的传感器通过无线方式通信,因此网络设置灵活,设备位置可以随时更改,还可以跟互联网进行有线或无线方式的连接。通过无线通信方式形成的一个多跳自组织网络。Wireless Sensor Networks (WSN) is a distributed sensor network whose extremities are sensors that can sense and inspect the outside world. Sensors in WSN communicate wirelessly, so network settings are flexible, device locations can be changed at any time, and wired or wireless connections to the Internet are possible. A multi-hop self-organizing network formed by wireless communication.

WSN作为一种很有前途的解决方案,广泛应用于安全监控、智能交通、智能家居、环境监测等需要多媒体信息的场合。随着WSN网络中部署的传感器节点的增加,一个基站无法很好地保证网络服务质量。因此,通过在WSN网络中部署多个基站,以减少传感器节点和基站之间的距离,降低传感器节点能耗,并提高传感器网络的性能。但在多基站和多传感器节点的情况下,当前使用的密钥管理协议无法直接使用,不能保证WSN网络的安全性。同时,现有的生成密钥的算法较为复杂,无法在处理能力较低的传感器节点上使用。As a promising solution, WSN is widely used in security monitoring, intelligent transportation, smart home, environmental monitoring and other occasions that require multimedia information. With the increase of sensor nodes deployed in the WSN network, a base station cannot guarantee the network service quality well. Therefore, by deploying multiple base stations in the WSN network to reduce the distance between sensor nodes and base stations, reduce the energy consumption of sensor nodes, and improve the performance of sensor networks. However, in the case of multiple base stations and multiple sensor nodes, the currently used key management protocol cannot be used directly and cannot guarantee the security of the WSN network. At the same time, the existing algorithms for generating keys are relatively complex and cannot be used on sensor nodes with low processing capabilities.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供了一种无线传感器传输信息的方法,该方法通过预先设置的轻量级密钥分配方法在每个传感器节点和基站端分别生成成对密钥和会话密钥,并根据成对密钥和会话密钥对需要传输的业务信息进行加密,提升了在WSN网络中传输信息的安全性。The embodiment of the present application provides a method for transmitting information by a wireless sensor. The method generates a pairwise key and a session key at each sensor node and a base station through a preset lightweight key distribution method, and generates a pair key and a session key according to the The key and session key are encrypted for the service information to be transmitted, which improves the security of information transmission in the WSN network.

该方法包括:The method includes:

在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数;Before each transmission of service information, randomly configure a multivariate key generation function for each sensor node, and randomly configure a univariate key generation function for each base station;

在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的所述节点标识符和所述多变量密钥生成函数,生成所述任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,所述当前成对密钥用于为对应的所述两个传感器之间传输的业务消息进行加密;The respective node identifiers are exchanged between any two adjacent sensor nodes, and according to the exchanged node identifiers and the multi-variable key generation function, a shared applicability between the any two sensor nodes is generated. The current paired key for this service information transmission, wherein the current paired key is used to encrypt the corresponding service message transmitted between the two sensors;

根据所述单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将所述广播消息发送给每个所述传感器节点,以在所述传感器节点中解析出所述当前会话密钥;According to the univariate key generation function, a broadcast message containing the current session key suitable for this service information transmission is generated at the base station, and the broadcast message is sent to each of the sensor nodes to The current session key is parsed out of the sensor node;

根据所述当前成对密钥和所述当前会话密钥,在所述传感器节点中生成消息加密密钥和消息认证密钥,并通过所述消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密。Generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and use the message encryption key and the message authentication key to be sent business messages are encrypted.

可选地,基于由各个所述基站端共享的组密钥,生成所述当前会话密钥,其中,所述会话密钥由第一单变量密钥生成函数和第二单变量密钥生成函数组成;Optionally, the current session key is generated based on the group key shared by each of the base stations, wherein the session key is generated by a first univariate key generation function and a second univariate key generation function composition;

根据所述第一单变量密钥生成函数和所述第二单变量密钥生成函数生成所述广播消息。The broadcast message is generated according to the first univariate key generation function and the second univariate key generation function.

可选地,为所述各个基站端预先配置撤销函数,其中,所述撤销函数用于判断所述传感器节点是否被撤销;Optionally, a revocation function is pre-configured for each base station, wherein the revocation function is used to determine whether the sensor node is revoked;

将所述撤销函数与所述第一变量密钥生成函数的乘积,以及所述撤销函数和所述第二变量密钥生成函数的乘积组成所述广播消息。The broadcast message is composed of the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function.

可选地,基于所述撤销函数,在未撤销的所述传感器节点中解析出由所述第一单变量密钥生成函数和所述第二单变量密钥生成函数组成的所述当前会话密钥。Optionally, based on the revocation function, the current session encryption composed of the first univariate key generation function and the second univariate key generation function is parsed in the unrevoked sensor node. key.

可选地,统计所述传感器节点中解析出的相同的所述当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的所述当前会话密钥。Optionally, count the number of the same current session keys parsed in the sensor node, and determine the same current session keys whose number exceeds a preset value as the valid current session keys.

可选地,在所述传感器节点中,根据所述消息加密密钥对所述待发送的业务消息进行加密,生成待发送的密文;Optionally, in the sensor node, the service message to be sent is encrypted according to the message encryption key to generate a ciphertext to be sent;

根据所述消息认证密钥,在所述传感器节点中为所述待发送的密文生成消息认证码;generating, in the sensor node, a message authentication code for the ciphertext to be sent according to the message authentication key;

将携带所述消息认证码和标识所述密文的发送时间的发送时间戳的所述待发送的密文发送给目标传感器节点。The to-be-sent ciphertext carrying the message authentication code and a sending timestamp identifying the sending time of the ciphertext is sent to the target sensor node.

可选地,所述目标传感器节点在接收到所述携带所述消息认证码和所述发送时间戳的所述密文后,基于所述消息认证密钥生成所述消息认证码,并通过所述消息认证码对所述密文进行完整性认证;Optionally, after receiving the ciphertext carrying the message authentication code and the sending timestamp, the target sensor node generates the message authentication code based on the message authentication key, and passes the The message authentication code performs integrity authentication on the ciphertext;

计算通过完整性认证的所述密文的发送时间戳与当前时间的差值,并在所述差值小于预设阈值时,基于所述加密密钥对所述密文进行解密,获取所述业务消息。Calculate the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time, and when the difference is less than a preset threshold, decrypt the ciphertext based on the encryption key, and obtain the business message.

可选地,基于所述撤销函数,将确定被撤销的所述传感器节点的所述节点标识符和所述基站端的基站标识符添加至撤销列表,并将所述撤销列表向全网广播。Optionally, based on the revocation function, the node identifier of the sensor node determined to be revoked and the base station identifier of the base station end are added to a revocation list, and the revocation list is broadcast to the entire network.

在本发明的另一个实施例中,提供了一种无线传感器传输信息的装置,该装置包括:In another embodiment of the present invention, an apparatus for transmitting information from a wireless sensor is provided, the apparatus comprising:

配置模块,用于在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数;The configuration module is used to randomly configure a multivariate key generation function for each sensor node before each transmission of service information, and randomly configure a single variable key generation function for each base station;

第一生成模块,用于在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的所述节点标识符和所述多变量密钥生成函数,生成所述任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,所述当前成对密钥用于为对应的所述两个传感器之间传输的业务消息进行加密;The first generation module is used for exchanging the respective node identifiers between any two adjacent sensor nodes, and generating the any two according to the exchanged node identifiers and the multivariate key generation function The current pairwise key that is shared between the sensor nodes and is suitable for this service information transmission, wherein the current pairwise key is used to encrypt the corresponding service messages transmitted between the two sensors;

第二生成模块,用于根据所述单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将所述广播消息发送给每个所述传感器节点,以在所述传感器节点中解析出所述当前会话密钥;The second generation module is configured to generate a broadcast message including the current session key suitable for this service information transmission at the base station according to the univariate key generation function, and send the broadcast message to each of the a sensor node, to resolve the current session key in the sensor node;

加密模块,用于根据所述当前成对密钥和所述当前会话密钥,在所述传感器节点中生成消息加密密钥和消息认证密钥,并通过所述消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密。an encryption module, configured to generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and use the message encryption key and the message The authentication key encrypts the service message to be sent.

可选地,第二生成模块包括:Optionally, the second generation module includes:

第一生成单元,用于基于由各个所述基站端共享的组密钥,生成所述当前会话密钥,其中,所述会话密钥由第一单变量密钥生成函数和第二单变量密钥生成函数组成;The first generating unit is configured to generate the current session key based on the group key shared by each of the base stations, wherein the session key is composed of a first univariate key generation function and a second univariate encryption function. The key generation function consists of;

第二生成单元,用于根据所述第一单变量密钥生成函数和所述第二单变量密钥生成函数生成所述广播消息。A second generating unit, configured to generate the broadcast message according to the first univariate key generation function and the second univariate key generation function.

可选地,第二生成单元包括:Optionally, the second generating unit includes:

配置子单元,用于为所述各个基站端预先配置撤销函数,其中,所述撤销函数用于判断所述传感器节点是否被撤销;a configuration subunit, configured to preconfigure a revocation function for each base station, wherein the revocation function is used to determine whether the sensor node is revoked;

构建子单元,用于将所述撤销函数与所述第一变量密钥生成函数的乘积,以及所述撤销函数和所述第二变量密钥生成函数的乘积组成所述广播消息。A subunit is constructed, configured to form the broadcast message by the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function.

可选地,第二生成模块还用于:Optionally, the second generation module is further used for:

基于所述撤销函数,在未撤销的所述传感器节点中解析出由所述第一单变量密钥生成函数和所述第二单变量密钥生成函数组成的所述当前会话密钥。Based on the revocation function, the current session key composed of the first univariate key generation function and the second univariate key generation function is parsed in the sensor node that is not revoked.

可选地,该装置进一步包括:Optionally, the device further includes:

确定模块,用于统计所述传感器节点中解析出的相同的所述当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的所述当前会话密钥。A determination module, configured to count the number of the same current session keys parsed out in the sensor node, and determine the same current session keys whose number exceeds a preset value as the legal current session keys.

可选地,加密模块包括:Optionally, the encryption module includes:

第三生成单元,用于在所述传感器节点中,根据所述消息加密密钥对所述待发送的业务消息进行加密,生成待发送的密文;a third generating unit, configured to encrypt the service message to be sent in the sensor node according to the message encryption key, and generate a ciphertext to be sent;

第四生成单元,用于根据所述消息认证密钥,在所述传感器节点中为所述待发送的密文生成消息认证码;a fourth generating unit, configured to generate a message authentication code for the ciphertext to be sent in the sensor node according to the message authentication key;

发送单元,用于将携带所述消息认证码和标识所述密文的发送时间的发送时间戳的所述待发送的密文发送给目标传感器节点。A sending unit, configured to send the ciphertext to be sent carrying the message authentication code and a sending time stamp identifying the sending time of the ciphertext to a target sensor node.

可选地,该装置进一步包括:Optionally, the device further includes:

认证模块,用于所述目标传感器节点在接收到所述携带所述消息认证码和所述发送时间戳的所述密文后,基于所述消息认证密钥生成所述消息认证码,并通过所述消息认证码对所述密文进行完整性认证;an authentication module, used for the target sensor node to generate the message authentication code based on the message authentication key after receiving the ciphertext carrying the message authentication code and the sending time stamp, and pass The message authentication code performs integrity authentication on the ciphertext;

解密模块,用于计算通过完整性认证的所述密文的发送时间戳与当前时间的差值,并在所述差值小于预设阈值时,基于所述加密密钥对所述密文进行解密,获取所述业务消息。A decryption module, configured to calculate the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time, and when the difference is less than a preset threshold, perform a decryption process on the ciphertext based on the encryption key. Decrypt to obtain the service message.

可选地,该装置进一步包括:Optionally, the device further includes:

添加模块,用于基于所述撤销函数,将确定被撤销的所述传感器节点的所述节点标识符和所述基站端的基站标识符添加至撤销列表,并将所述撤销列表向全网广播。The adding module is configured to add the node identifier of the sensor node determined to be revoked and the base station identifier of the base station to a revocation list based on the revocation function, and broadcast the revocation list to the whole network.

在本发明的另一个实施例中,提供了一种非瞬时计算机可读存储介质,所述非瞬时计算机可读存储介质存储指令,所述指令在由处理器执行时使得所述处理器执行上述一种无线传感器传输信息的方法中的各个步骤。In another embodiment of the present invention, a non-transitory computer-readable storage medium is provided, the non-transitory computer-readable storage medium storing instructions that, when executed by a processor, cause the processor to perform the above-described Steps in a method for a wireless sensor to transmit information.

在本发明的另一个实施例中,提供了一种终端设备,包括处理器,所述处理器用于执行上述一种无线传感器传输信息的方法中的各个步骤。In another embodiment of the present invention, a terminal device is provided, which includes a processor, and the processor is configured to execute each step in the above-mentioned method for transmitting information by a wireless sensor.

如上可见,基于上述实施例,首先在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数,其次,在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的节点标识符和多变量密钥生成函数,生成任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,当前成对密钥用于为对应的两个传感器之间传输的业务消息进行加密,然后,根据单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将广播消息发送给每个传感器节点,以在传感器节点中解析出当前会话密钥,最后,根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。本申请实施例通过轻量级的密钥分配方法分别在传感器节点和基站端生成成对密钥和会话密钥,并根据成对密钥和会话密钥生成消息加密密钥和消息认证密钥,并对待发送的业务消息进行加密,提升了WSN网络中信息传输的安全性。同时,使用简单的密钥生成方法在处理能力较低的传感器节点和基站端生成对应的密钥,节约了成本。As can be seen above, based on the above embodiment, first, before each transmission of service information, a multi-variable key generation function is randomly configured for each sensor node, and a single-variable key generation function is randomly configured for each base station. The respective node identifiers are exchanged between the two adjacent sensor nodes, and according to the exchanged node identifiers and the multivariate key generation function, the current data shared between any two sensor nodes and suitable for this service information transmission is generated. Paired keys, where the current paired key is used to encrypt the business message transmitted between the corresponding two sensors, and then, according to the univariate key generation function, the base station generates information including information applicable to this business. The broadcast message of the current session key is transmitted, and the broadcast message is sent to each sensor node to resolve the current session key in the sensor node. Finally, according to the current pairwise key and the current session key, at the sensor node The message encryption key and the message authentication key are generated in the message encryption key and the message authentication key, and the service message to be sent is encrypted by the message encryption key and the message authentication key. In this embodiment of the present application, a lightweight key distribution method is used to generate pairwise keys and session keys at the sensor node and base station, respectively, and generate message encryption keys and message authentication keys according to the paired keys and session keys. , and encrypt the service message to be sent, which improves the security of information transmission in the WSN network. At the same time, a simple key generation method is used to generate corresponding keys at the sensor nodes and base stations with low processing capabilities, which saves costs.

附图说明Description of drawings

为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to illustrate the technical solutions of the embodiments of the present application more clearly, the following drawings will briefly introduce the drawings that need to be used in the embodiments. It should be understood that the following drawings only show some embodiments of the present application, and therefore do not It should be regarded as a limitation of the scope, and for those of ordinary skill in the art, other related drawings can also be obtained according to these drawings without any creative effort.

图1示出了本申请实施例10所提供的一种无线传感器传输信息的方法的流程示意图;FIG. 1 shows a schematic flowchart of a method for a wireless sensor to transmit information provided in Embodiment 10 of the present application;

图2示出了本申请实施例20提供的一种无线传感器传输信息.的方法的具体流程的示意图;2 shows a schematic diagram of a specific flow of a method for a wireless sensor to transmit information provided in Embodiment 20 of the present application;

图3示出了本申请实施例30还提供一种无线传感器传输信息的装置的示意图;FIG. 3 shows a schematic diagram of an apparatus for transmitting information by a wireless sensor according to Embodiment 30 of the present application;

图4示出了本申请实施例40所提供的一种终端设备的示意图。FIG. 4 shows a schematic diagram of a terminal device provided by Embodiment 40 of the present application.

具体实施方式Detailed ways

为使本申请的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明进一步详细说明。In order to make the objectives, technical solutions and advantages of the present application clearer, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

安全性是WSN网络目前面临的主要问题,而在WSN网络的所有安全问题中,密钥管理是保证网络服务安全的核心机制,承担着保证WSN网络安全性的职责。现有的无线传感器网络密钥管理协议都是假定基站可信。同时,假定每个传感器节点都预加载了主密钥,由传感器网络中的所有节点共享,而且加载了与基站共享的成对密钥。在考虑基于多个基站的WSN网络的安全性时,当前提议的密钥管理协议无法直接使用。假设所有基站都使用相同的主密钥或相同的成对密钥,那么基站可以验证来自传感器节点的消息,但是,传感器节点无法验证来自基站的消息。另外,当一个基站被捕获或被破坏,整个WSN网络的主密钥和成对密钥都会暴露,任何具有此密钥集的攻击者都可以接入该WSN网络。Security is the main problem facing the WSN network at present, and among all the security problems of the WSN network, key management is the core mechanism to ensure the security of network services, and it is responsible for ensuring the security of the WSN network. Existing wireless sensor network key management protocols all assume that the base station is trusted. At the same time, it is assumed that each sensor node is preloaded with a master key, shared by all nodes in the sensor network, and loaded with a pairwise key shared with the base station. When considering the security of a WSN network based on multiple base stations, the currently proposed key management protocol cannot be used directly. Assuming that all base stations use the same master key or the same pairwise key, the base station can verify the messages from the sensor nodes, however, the sensor nodes cannot verify the messages from the base station. In addition, when a base station is captured or compromised, the master key and pairwise key of the entire WSN network will be exposed, and any attacker with this key set can access the WSN network.

基于现有技术中的问题,本申请实施例提供了一种无线传感器传输信息的方法,通过为传感器节点和基站端配置轻量级的密钥生成函数,并在每次传输业务信息前,通过密钥生成函数分别生成成对密钥和会话密钥,并根据成对密钥和会话密钥生成消息加密密钥和消息认证密钥,为待发送的业务消息进行加密。Based on the problems in the prior art, the embodiments of the present application provide a method for wireless sensors to transmit information, by configuring a lightweight key generation function for the sensor node and the base station, and before each transmission of service information, through The key generation function generates a pair key and a session key respectively, and generates a message encryption key and a message authentication key according to the pair key and the session key, and encrypts the service message to be sent.

本申请的应用领域主要是在通信技术领域中。如图1所示,为本申请实施例10所提供的一种无线传感器传输信息的方法的流程示意图。其中,详细步骤如下:The application field of this application is mainly in the field of communication technology. As shown in FIG. 1 , it is a schematic flowchart of a method for transmitting information by a wireless sensor according to Embodiment 10 of the present application. The detailed steps are as follows:

S11,在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数。S11, before each transmission of service information, randomly configure a multivariate key generation function for each sensor node, and randomly configure a single-variable key generation function for each base station.

本步骤中,WSN网络一般由多个基站端和多个传感器节点共同组成,其中,基站端的个数远远少于传感器节点的个数,如WSN网络中有M个基站端和N个传感器节点组成,而M远小于N。每个传感器节点都至少有γ(γ<M)个基站端单跳可达。In this step, the WSN network is generally composed of multiple base stations and multiple sensor nodes. The number of base stations is far less than the number of sensor nodes. For example, there are M base stations and N sensor nodes in the WSN network. composition, and M is much smaller than N. Each sensor node is reachable by at least γ (γ<M) base stations in a single hop.

在部署传感器器节点之前,配置服务器随机生成多变量密钥生成函数。具体的,多变量密钥生成函数为在有限域Fq上的元t阶多项式

Figure BDA0002052613680000051
其中,f(x,y)=f(y,x)。另外,为基站端随机配置单变量密钥生成函数。具体的,单变量密钥生成函数为随机配置的t阶多项式pj(x)。Before deploying a sensor node, the configuration server randomly generates a multivariate key generation function. Specifically, the multivariate key generation function is an element-t-order polynomial over a finite field F q
Figure BDA0002052613680000051
where f(x,y)=f(y,x). In addition, a univariate key generation function is randomly configured for the base station. Specifically, the univariate key generation function is a randomly configured t-order polynomial p j (x).

在每次传输业务信息前,在每个基站端和每个传感器节点上分别重新随机配置单变量密钥生成函数和多变量密钥生成函数。Before each transmission of service information, the univariate key generation function and the multivariate key generation function are re-randomly reconfigured on each base station and each sensor node respectively.

S12,在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的节点标识符和多变量密钥生成函数,生成任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,当前成对密钥用于为对应的两个传感器之间传输的业务消息进行加密。S12: Exchange respective node identifiers between any two adjacent sensor nodes, and generate a shared node identifier shared between any two sensor nodes suitable for this service according to the exchanged node identifiers and the multivariate key generation function The current paired key for information transmission, where the current paired key is used to encrypt the service message transmitted between the corresponding two sensors.

本步骤中,节点标识符为每个传感器节点的唯一身份信息。另外,成对密钥为每个传感器节点和它的一个相邻传感器节点之间共享的密钥。在每次传输业务信息前,根据配置服务器为传感器节点重新配置的多变量密钥生成函数,生成在相邻的传感器节点之间进行本次业务信息传输的当前成对密钥。具体的,对于任意的传感器i,配置服务器根据多变量密钥生成函数f(x,y)计算得f(i,y),并将单变量多项式f(i,y)加载到传感器i。对于任意一个传感器节点i和它的相邻传感器节点j,传感器节点i通过单变量多项式f(i,y)可以计算出与传感器节点j的共享密钥为f(i,j);同样的,通过交换节点标识符,传感器节点j通过单变量多项式f(j,y)可以计算出与传感器节点i的共享密钥为f(j,i),由于f(i,j)=f(j,i),传感器节点i和j之间就共享了成对密钥。In this step, the node identifier is the unique identity information of each sensor node. In addition, the pairwise key is a key shared between each sensor node and one of its neighboring sensor nodes. Before each service information transmission, the current pairwise key for this service information transmission between adjacent sensor nodes is generated according to the multivariable key generation function reconfigured by the configuration server for the sensor nodes. Specifically, for any sensor i, the configuration server calculates f(i, y) according to the multivariate key generation function f(x, y), and loads the univariate polynomial f(i, y) into the sensor i. For any sensor node i and its adjacent sensor node j, the sensor node i can calculate the shared key with sensor node j through the univariate polynomial f(i, y) as f(i, j); similarly, By exchanging node identifiers, sensor node j can calculate the shared key with sensor node i as f(j, i) through the univariate polynomial f(j, y). Since f(i, j)=f(j, i), the pairwise key is shared between sensor nodes i and j.

S13,根据单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将广播消息发送给每个传感器节点,以在传感器节点中解析出当前会话密钥。S13, according to the univariate key generation function, generate a broadcast message containing the current session key suitable for the current service information transmission at the base station, and send the broadcast message to each sensor node, so as to parse out the current session key in the sensor node session key.

本步骤中,会话密钥是WSN网络中所有传感器节点共享的全局密钥。预先认定各基站端共享组密钥,会话密钥可以从组密钥导出并动态分配到各个传感器节点。确定组密钥为Kg,第i次会话的会话密钥

Figure BDA0002052613680000061
可通过伪随机函数ψ导出:
Figure BDA0002052613680000062
In this step, the session key is a global key shared by all sensor nodes in the WSN network. It is pre-determined that each base station shares the group key, and the session key can be derived from the group key and dynamically allocated to each sensor node. Determine the group key as K g , the session key of the i-th session
Figure BDA0002052613680000061
It can be derived by the pseudorandom function ψ:
Figure BDA0002052613680000062

进一步地,根据单变量密钥生成函数pj(x),确定

Figure BDA0002052613680000063
然后,基站端根据单变量密钥生成函数pj(x)和qj(x)生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将该广播消息共享给每个传感器节点。传感器节点在收到基站共享的广播消息后,对广播消息中携带的pj(x)和qj(x)进行计算,并解析出当前会话密钥。Further, according to the univariate key generation function p j (x), determine
Figure BDA0002052613680000063
Then, the base station generates a broadcast message containing the current session key suitable for this service information transmission according to the univariate key generation functions p j (x) and q j (x), and shares the broadcast message with each sensor node. After receiving the broadcast message shared by the base station, the sensor node calculates p j (x) and q j (x) carried in the broadcast message, and parses out the current session key.

S14,根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。S14: Generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and encrypt the service message to be sent by using the message encryption key and the message authentication key.

本步骤中,在获取了上述当前成对密钥和当前会话密钥以后,在传感器节点中会根据上述密钥生成用于加密本次待发送的业务消息的消息加密密钥和消息认证密钥。传感器节点之间可以根据生成的消息加密密钥和消息认证密钥对业务消息进行加密并进行传输。In this step, after the current pairing key and the current session key are obtained, the sensor node will generate a message encryption key and a message authentication key for encrypting the service message to be sent this time according to the key. . The service messages can be encrypted and transmitted between the sensor nodes according to the generated message encryption key and message authentication key.

基于本申请的上述实施例,首先在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数,其次,在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的节点标识符和多变量密钥生成函数,生成任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,当前成对密钥用于为对应的两个传感器之间传输的业务消息进行加密,然后,根据单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将广播消息发送给每个传感器节点,以在传感器节点中解析出当前会话密钥,最后,根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。本申请实施例通过轻量级的密钥分配方法分别在传感器节点和基站端生成成对密钥和会话密钥,并根据成对密钥和会话密钥生成消息加密密钥和消息认证密钥,并对待发送的业务消息进行加密,提升了WSN网络中信息传输的安全性。同时,使用简单的密钥生成方法在处理能力较低的传感器节点和基站端生成对应的密钥,节约了成本。Based on the above embodiments of the present application, first, before each transmission of service information, a multivariate key generation function is randomly configured for each sensor node, and a single-variable key generation function is randomly configured for each base station. The respective node identifiers are exchanged between the two adjacent sensor nodes, and according to the exchanged node identifiers and the multivariate key generation function, the current data shared between any two sensor nodes and suitable for this service information transmission is generated. Paired keys, where the current paired key is used to encrypt the business message transmitted between the corresponding two sensors, and then, according to the univariate key generation function, the base station generates information including information applicable to this business. The broadcast message of the current session key is transmitted, and the broadcast message is sent to each sensor node to resolve the current session key in the sensor node. Finally, according to the current pairwise key and the current session key, at the sensor node The message encryption key and the message authentication key are generated in the message encryption key and the message authentication key, and the service message to be sent is encrypted by the message encryption key and the message authentication key. In this embodiment of the present application, a lightweight key distribution method is used to generate pairwise keys and session keys at the sensor node and base station, respectively, and generate message encryption keys and message authentication keys according to the paired keys and session keys. , and encrypt the service message to be sent, which improves the security of information transmission in the WSN network. At the same time, a simple key generation method is used to generate corresponding keys at the sensor nodes and base stations with low processing capabilities, which saves costs.

如图2所示,为本申请提供的实施例20中一种无线传感器传输信息的方法的具体流程的示意图。其中,该具体流程的详细过程如下:As shown in FIG. 2 , it is a schematic diagram of a specific flow of a method for transmitting information by a wireless sensor in Embodiment 20 provided by the present application. The detailed process of the specific process is as follows:

S201,配置服务器为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数。S201 , the configuration server randomly configures a multivariate key generation function for each sensor node, and randomly configures a univariate key generation function for each base station.

S202,在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的节点标识符和多变量密钥生成函数,生成任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥。S202 , exchange respective node identifiers between any two adjacent sensor nodes, and generate a shared node identifier shared between any two sensor nodes suitable for this service according to the exchanged node identifiers and the multivariate key generation function The current pairwise key for the information transfer.

S203,基于由各个基站端共享的组密钥,生成由第一单变量密钥生成函数和第二单变量密钥生成函数组成的当前会话密钥。S203, based on the group key shared by each base station, generate a current session key composed of a first univariate key generation function and a second univariate key generation function.

这里,预先认定各基站端共享组密钥,会话密钥可以从组密钥导出并动态分配到各个传感器节点。确定组密钥为Kg,第i次会话的会话密钥

Figure BDA0002052613680000071
可通过伪随机函数ψ导出:
Figure BDA0002052613680000072
同时根据第一单变量密钥生成函数pj(x),确定第二单变量函数
Figure BDA0002052613680000073
会话密钥由第一单变量密钥生成函数pj(x)和第二单变量密钥生成函数qj(x)组成。Here, it is pre-determined that each base station shares a group key, and the session key can be derived from the group key and dynamically allocated to each sensor node. Determine the group key as K g , the session key of the i-th session
Figure BDA0002052613680000071
It can be derived by the pseudorandom function ψ:
Figure BDA0002052613680000072
At the same time, according to the first univariate key generation function p j (x), the second univariate function is determined
Figure BDA0002052613680000073
The session key consists of a first univariate key generation function p j (x) and a second univariate key generation function q j (x).

另外,本步骤以及后续至解析出会话密钥的步骤与上述步骤S202可以同时进行,不区分先后顺序。In addition, this step and the subsequent steps to parse out the session key and the above-mentioned step S202 may be performed at the same time, and the sequence is not distinguished.

S204,根据第一单变量密钥生成函数和第二单变量密钥生成函数生成广播消息。S204: Generate a broadcast message according to the first univariate key generation function and the second univariate key generation function.

这里,为各个基站端预先配置撤销函数,其中,撤销函数用于判断传感器节点是否被撤销。具体的,撤销函数可以为多项式g(x)=(x-r1)(x-r2)…(x-rv)。基于撤销函数,将确定被撤销的传感器节点的节点标识符和基站端的基站标识符添加至撤销列表,并将撤销列表向全网广播。Here, a revocation function is preconfigured for each base station, wherein the revocation function is used to determine whether the sensor node is revoked. Specifically, the undo function can be a polynomial g(x)=(xr 1 )(xr 2 )...(xr v ). Based on the revocation function, the node identifier of the sensor node determined to be revoked and the base station identifier of the base station side are added to the revocation list, and the revocation list is broadcast to the whole network.

另外,将撤销函数与第一变量密钥生成函数的乘积,以及撤销函数和第二变量密钥生成函数的乘积组成广播消息。具体的,在预分配阶段,配置服务器随机选择在有限域Fq上的2t阶多项式hj(x)=hj,0+hj,1x+...+hj,2tx2t,1≤j≤m。同时,每个传感器节点u都预加载了个人秘密Su={hj(u)|1≤j≤m},每个基站bj都预加载多项式hj(x)。In addition, the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function constitute a broadcast message. Specifically, in the pre-allocation phase, the configuration server randomly selects a 2t-order polynomial h j (x)=h j,0 +h j,1 x+...+h j,2t x 2t ,1 on the finite field F q ≤j≤m. At the same time, each sensor node u is preloaded with a personal secret S u ={h j (u)|1≤j≤m}, and each base station b j is preloaded with a polynomial h j (x).

当给定一组已经撤销的传感器节点R={r1,r2,...,rv},v≤t后,基站端将pj(x)和qj(x)共享给未撤销的传感器节点,生成广播消息M,如下所示:When given a set of revoked sensor nodes R={r 1 , r 2 ,...,r v }, v≤t, the base station shares p j (x) and q j (x) with the unrevoked sensor nodes The sensor node of , generates a broadcast message M as follows:

M={R}∪{Pj(x)=g(x)pj(x)+hj(x)}∪{Qj(x)=g(x)qj(x)+hj(x)}M={R}∪{P j (x)=g(x)p j (x)+h j (x)}∪{Q j (x)=g(x)q j (x)+h j ( x)}

S205,在传感器节点解析出当前会话密钥。S205, the current session key is parsed at the sensor node.

本步骤中,基于撤销函数,在未撤销的传感器节点中解析出由第一单变量密钥生成函数和第二单变量密钥生成函数组成的当前会话密钥。具体的,如果有任何未撤销的传感器节点Su收到广播消息M。传感器节点通过计算M中的多项式Pj(x)和Qj(x),得到Pj(u)=g(u)pj(u)+hj(u),Qj(u)=g(u)qj(u)+hj(u)。由于传感器节点Su知道hj(u)且g(u)≠0,于是可计算出

Figure BDA0002052613680000081
最后,Su可以得到新的会话密钥
Figure BDA0002052613680000082
Figure BDA0002052613680000083
对于撤销的传感器节点,由于g(x)=0,因此,无法恢复出会话密钥。In this step, based on the revocation function, the current session key composed of the first univariate key generation function and the second univariate key generation function is parsed in the sensor nodes that are not revoked. Specifically, if any unrevoked sensor node Su receives the broadcast message M. The sensor node obtains P j (u)=g(u)p j (u)+h j (u) by calculating the polynomials P j (x) and Q j (x) in M, and Q j (u)=g (u) qj (u)+ hj (u). Since the sensor node S u knows h j (u) and g(u)≠0, it can be calculated
Figure BDA0002052613680000081
Finally, Su can get the new session key
Figure BDA0002052613680000082
Figure BDA0002052613680000083
For the revoked sensor node, since g(x)=0, the session key cannot be recovered.

S206,统计传感器节点中解析出的相同的当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的当前会话密钥。S206: Count the number of the same current session keys parsed in the sensor node, and determine the same current session keys whose number exceeds a preset value as legal current session keys.

本步骤中,由于每个传感器节点至少有γ(γ<m)基站单跳可达,所以一个未撤销的传感器节点可以恢复出多个会话密钥副本,只有当传感器节点获得数量的预设值至少为γ个会话密钥副本,该会话密钥才能被确定为合法的当前会话密钥。In this step, since each sensor node is at least reachable by a single hop of γ(γ<m) base station, an unrevoked sensor node can recover multiple session key copies, only when the sensor node obtains the preset value of the number There must be at least γ copies of the session key before the session key can be determined to be a valid current session key.

S207,根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。S207: Generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and encrypt the service message to be sent by using the message encryption key and the message authentication key.

本步骤中,在传感器节点中,根据消息加密密钥对待发送的业务消息进行加密,生成待发送的密文,然后根据消息认证密钥,在传感器节点中为待发送的密文生成消息认证码,最后将携带消息认证码和标识密文的发送时间的发送时间戳的待发送的密文发送给目标传感器节点。具体的,假设KA,B是传感器节点A和目标传感器B节点之间共享的成对密钥,

Figure BDA0002052613680000084
是当前会话密钥,那么消息加密密钥Kenc和消息认证密钥Kmac可以通过如下公式求得:In this step, in the sensor node, the service message to be sent is encrypted according to the message encryption key to generate the ciphertext to be sent, and then according to the message authentication key, the sensor node generates a message authentication code for the ciphertext to be sent , and finally send the ciphertext to be sent carrying the message authentication code and the sending timestamp identifying the sending time of the ciphertext to the target sensor node. Specifically, it is assumed that K A, B is a pairwise key shared between sensor node A and target sensor B node,
Figure BDA0002052613680000084
is the current session key, then the message encryption key K enc and the message authentication key K mac can be obtained by the following formulas:

Figure BDA0002052613680000085
Figure BDA0002052613680000085

传感器A发送给传感器B的完整信息是:

Figure BDA0002052613680000086
消息M和发送时间的发送时间戳Ts由消息加密密钥Kenc加密,再附上由消息认证密钥Kmac对待发送密文
Figure BDA0002052613680000087
形成的消息认证码。The complete information sent by sensor A to sensor B is:
Figure BDA0002052613680000086
The message M and the sending time stamp T s of the sending time are encrypted by the message encryption key K enc , and then the ciphertext to be sent by the message authentication key K mac is attached.
Figure BDA0002052613680000087
The formed message authentication code.

S208,目标传感器节点解析接收到的密文,获取业务消息。S208, the target sensor node parses the received ciphertext to obtain service messages.

这里,目标传感器节点在接收到携带消息认证码和发送时间戳的密文后,基于消息认证密钥生成消息认证码,并通消息认证码对密文进行完整性认证。具体的,将目标传感器节点自身生成的消息认证码和接收的密文的消息认证码进行对比,当两个消息认证码相同时视为通过完整性认定。其次,计算通过完整性认证的密文的发送时间戳与当前时间的差值,并在差值小于预设阈值时,基于加密密钥对密文进行解密,获取业务消息。具体的,如目标传感器节点B收到完整消息后,先用自己产生的消息认证密钥Kmac对密文

Figure BDA0002052613680000091
进行完整性认证,认证通过后,再用产生的消息加密密钥Kenc对密文
Figure BDA0002052613680000092
进行解密得到业务消息M。Here, after receiving the ciphertext carrying the message authentication code and the sending time stamp, the target sensor node generates the message authentication code based on the message authentication key, and performs integrity authentication on the ciphertext through the message authentication code. Specifically, the message authentication code generated by the target sensor node itself is compared with the message authentication code of the received ciphertext, and when the two message authentication codes are the same, the integrity verification is deemed to be passed. Second, the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time is calculated, and when the difference is less than the preset threshold, the ciphertext is decrypted based on the encryption key to obtain the service message. Specifically, after receiving the complete message, the target sensor node B first uses the message authentication key K mac generated by itself to verify the ciphertext
Figure BDA0002052613680000091
Perform integrity authentication. After the authentication is passed, use the generated message encryption key K enc to encrypt the ciphertext.
Figure BDA0002052613680000092
Decryption is performed to obtain the service message M.

另外,本申请实施例还涉及到三种密钥撤销的情况:基站受损,传感器节点受损以及基站和传感器节点都受损。每个传感器节点维护一个节点撤销列表,节点撤销列表中包括WSN网络中所有已失效实体(基站端或传感器节点)的标识符。撤销列表最初为空,随着时间的推移会不断增加。具体的,当基站端受损时,基站端需要从WSN网络中删除。在WSN网络中通信的安全性由消息加密密钥和消息认证密钥来保证,而消息加密密钥和消息认证密钥均由会话密钥产生的,如果受损的基站端无法产生当前会话密钥,将从WSN网络中删除。为此,受损的基站端将被强制离开组并生成新的组密钥,再由新的组密钥生成新的当前会话密钥。因为一个传感器节点只有获得至少预设值如γ个会话密钥副本,该当前会话密钥才能被接受,攻击者必须同时控制γ个基站才能发动攻击。In addition, the embodiment of the present application also involves three situations of key revocation: the base station is damaged, the sensor node is damaged, and both the base station and the sensor node are damaged. Each sensor node maintains a node revocation list, and the node revocation list includes the identifiers of all failed entities (base stations or sensor nodes) in the WSN network. The revocation list is initially empty and grows over time. Specifically, when the base station is damaged, the base station needs to be deleted from the WSN network. The security of communication in the WSN network is guaranteed by the message encryption key and the message authentication key, and both the message encryption key and the message authentication key are generated by the session key. If the damaged base station cannot generate the current session encryption key key, will be removed from the WSN network. For this reason, the damaged base station will be forced to leave the group and generate a new group key, and then generate a new current session key from the new group key. Because a sensor node can only accept the current session key if it obtains at least a preset value such as γ copies of the session key, an attacker must control γ base stations at the same time to launch an attack.

若发现传感器节点受损,则可以使用会话密钥分配方案删除受损的传感器节点。对于一个受损的传感器节点,其节点标识符将被添加到节点撤销列表中。由于g(x)=0,撤销的传感器节点无法恢复当前会话密钥。因此,撤销的传感器节点也无法解析出新的消息加密密钥和消息认证密钥。尽管撤销的传感器节点仍有与相邻传感器节点的成对密钥,但无法解密和认证网络中的所有业务消息。If the sensor node is found to be damaged, the session key distribution scheme can be used to delete the damaged sensor node. For a compromised sensor node, its node identifier will be added to the node revocation list. Since g(x)=0, the revoked sensor node cannot recover the current session key. Therefore, the revoked sensor node cannot resolve the new message encryption key and message authentication key. Although a revoked sensor node still has pairwise keys with neighboring sensor nodes, it cannot decrypt and authenticate all traffic messages in the network.

一旦基站端和传感器节点被破坏,首先需要撤销基站端,然后撤销传感器节点,详细步骤同上所述。Once the base station and the sensor node are destroyed, the base station needs to be deactivated first, and then the sensor node needs to be deactivated. The detailed steps are the same as above.

本申请实施例提出的一种无线传感器传输信息的方法,通过预先设置的轻量级密钥分配方法在每个传感器节点和基站端分别生成成对密钥和会话密钥,并根据成对密钥和会话密钥对需要传输的业务信息进行加密,提升了在WSN网络中传输信息的安全性。同时,使用简单的密钥生成方法在处理能力较低的传感器节点和基站端生成对应的密钥,节约了成本。另外,通过上述密钥生成、分配和撤销方法,使得基站端和传感器节点可以验证彼此的身份信息,以使任何基站端或者任何传感器节点被捕获或破坏不影响整个传感器网络的安全。A method for transmitting information from a wireless sensor proposed by an embodiment of the present application generates a pairwise key and a session key at each sensor node and a base station through a preset lightweight key distribution method, and generates a pairwise key and a session key according to the paired key distribution method. The key and session key encrypt the service information that needs to be transmitted, which improves the security of information transmission in the WSN network. At the same time, a simple key generation method is used to generate corresponding keys at the sensor nodes and base stations with low processing capabilities, which saves costs. In addition, through the above key generation, distribution and revocation methods, the base station and sensor nodes can verify each other's identity information, so that any base station or any sensor node is captured or destroyed without affecting the security of the entire sensor network.

基于同一发明构思,本申请实施例30还提供一种无线传感器传输信息的装置,其中,如图3所示,该装置包括:Based on the same inventive concept, Embodiment 30 of the present application further provides an apparatus for transmitting information by a wireless sensor, wherein, as shown in FIG. 3 , the apparatus includes:

配置模块31,用于在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数;The configuration module 31 is used to randomly configure a multivariate key generation function for each sensor node before each transmission of service information, and randomly configure a single-variable key generation function for each base station;

第一生成模块32,用于在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的节点标识符和多变量密钥生成函数,生成任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,当前成对密钥用于为对应的两个传感器之间传输的业务消息进行加密;The first generation module 32 is used for exchanging respective node identifiers between any two adjacent sensor nodes, and generating a shared between any two sensor nodes according to the exchanged node identifiers and the multivariate key generation function. The current paired key that is applicable to this business information transmission, wherein the current paired key is used to encrypt the business message transmitted between the corresponding two sensors;

第二生成模块33,用于根据单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将广播消息发送给每个传感器节点,以在传感器节点中解析出当前会话密钥;The second generation module 33 is configured to generate a broadcast message including the current session key suitable for this service information transmission at the base station according to the univariate key generation function, and send the broadcast message to each sensor node to The current session key is parsed from the sensor node;

加密模块34,用于根据当前成对密钥和当前会话密钥,在传感器节点中生成消息加密密钥和消息认证密钥,并通过消息加密密钥和消息认证密钥对待发送的业务消息进行加密。The encryption module 34 is used to generate a message encryption key and a message authentication key in the sensor node according to the current paired key and the current session key, and perform the operation on the service message to be sent by the message encryption key and the message authentication key. encryption.

本实施例中,配置模块31、第一生成模块32、第二生成模块33和加密模块34的具体功能和交互方式,可参见图1对应的实施例的记载,在此不再赘述。In this embodiment, the specific functions and interaction methods of the configuration module 31 , the first generation module 32 , the second generation module 33 , and the encryption module 34 can be referred to the description of the embodiment corresponding to FIG. 1 , which will not be repeated here.

可选地,第二生成模块33包括:Optionally, the second generation module 33 includes:

第一生成单元,用于基于由各个基站端共享的组密钥,生成当前会话密钥,其中,会话密钥由第一单变量密钥生成函数和第二单变量密钥生成函数组成;a first generating unit, configured to generate a current session key based on the group key shared by each base station, wherein the session key is composed of a first univariate key generation function and a second univariate key generation function;

第二生成单元,用于根据第一单变量密钥生成函数和第二单变量密钥生成函数生成广播消息。The second generating unit is configured to generate a broadcast message according to the first univariate key generation function and the second univariate key generation function.

可选地,第二生成单元包括:Optionally, the second generating unit includes:

配置子单元,用于为各个基站端预先配置撤销函数,其中,所述撤销函数用于判断所述传感器节点是否被撤销;a configuration subunit, configured to preconfigure a revocation function for each base station, wherein the revocation function is used to determine whether the sensor node is revoked;

构建子单元,用于将所述撤销函数与第一变量密钥生成函数的乘积,以及撤销函数和第二变量密钥生成函数的乘积组成广播消息。A subunit is constructed for composing a broadcast message with the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function.

可选地,第二生成模块还用于:Optionally, the second generation module is further used for:

基于撤销函数,在未撤销的传感器节点中解析出由第一单变量密钥生成函数和第二单变量密钥生成函数组成的当前会话密钥。Based on the revocation function, the current session key composed of the first univariate key generation function and the second univariate key generation function is parsed in the sensor nodes that are not revoked.

可选地,该装置进一步包括:Optionally, the device further includes:

确定模块35,用于统计传感器节点中解析出的相同的当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的当前会话密钥。The determining module 35 is configured to count the number of the same current session keys parsed in the sensor node, and determine the same current session keys whose number exceeds a preset value as legal current session keys.

可选地,加密模块34包括:Optionally, encryption module 34 includes:

第三生成单元,用于在传感器节点中,根据消息加密密钥对待发送的业务消息进行加密,生成待发送的密文;a third generating unit, configured to encrypt the service message to be sent according to the message encryption key in the sensor node, to generate the ciphertext to be sent;

第四生成单元,用于根据消息认证密钥,在传感器节点中为待发送的密文生成消息认证码;a fourth generating unit, configured to generate a message authentication code for the ciphertext to be sent in the sensor node according to the message authentication key;

发送单元,用于将携带消息认证码和标识密文的发送时间的发送时间戳的待发送的密文发送给目标传感器节点。The sending unit is configured to send the ciphertext to be sent carrying the message authentication code and the sending timestamp identifying the sending time of the ciphertext to the target sensor node.

可选地,该装置进一步包括:Optionally, the device further includes:

认证模块36,用于目标传感器节点在接收到携带所述消息认证码和发送时间戳的密文后,基于消息认证密钥生成消息认证码,并通过消息认证码对密文进行完整性认证;The authentication module 36 is used for the target sensor node to generate a message authentication code based on the message authentication key after receiving the ciphertext carrying the message authentication code and the sending time stamp, and to perform integrity authentication on the ciphertext through the message authentication code;

解密模块37,用于计算通过完整性认证的密文的发送时间戳与当前时间的差值,并在差值小于预设阈值时,基于加密密钥对密文进行解密,获取业务消息。The decryption module 37 is configured to calculate the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time, and when the difference is less than a preset threshold, decrypt the ciphertext based on the encryption key to obtain the service message.

可选地,该装置进一步包括:Optionally, the device further includes:

添加模块38,用于基于撤销函数,将确定被撤销的所述传感器节点的节点标识符和所述基站端的基站标识符添加至撤销列表,并将撤销列表向全网广播。The adding module 38 is configured to add the node identifier of the sensor node determined to be revoked and the base station identifier of the base station to the revocation list based on the revocation function, and broadcast the revocation list to the whole network.

如图4所示,本申请的又一实施例40还提供一种终端设备,包括处理器40,其中,处理器40用于执行上述一种无线传感器传输信息的方法的步骤。As shown in FIG. 4 , another embodiment 40 of the present application further provides a terminal device, including a processor 40, wherein the processor 40 is configured to execute the steps of the above-mentioned method for transmitting information by a wireless sensor.

从图4中还可以看出,上述实施例提供的终端设备还包括非瞬时计算机可读存储介质41,该非瞬时计算机可读存储介质41上存储有计算机程序,该计算机程序被处理器40运行时执行上述一种无线传感器传输信息的方法的步骤。It can also be seen from FIG. 4 that the terminal device provided in the above embodiment further includes a non-transitory computer-readable storage medium 41 , and a computer program is stored on the non-transitory computer-readable storage medium 41 , and the computer program is executed by the processor 40 . When executing the steps of the above method for transmitting information by a wireless sensor.

具体地,该存储介质能够为通用的存储介质,如移动磁盘、硬盘和FLASH等,该存储介质上的计算机程序被运行时,能够执行上述的一种无线传感器传输信息的方法。Specifically, the storage medium can be a general storage medium, such as a removable disk, a hard disk, and a FLASH, etc. When the computer program on the storage medium is run, the above-mentioned method for transmitting information by a wireless sensor can be executed.

最后应说明的是:以上所述实施例,仅为本申请的具体实施方式,用以说明本申请的技术方案,而非对其限制,本申请的保护范围并不局限于此,尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,其依然可以对前述实施例所记载的技术方案进行修改或可轻易想到变化,或者对其中部分技术特征进行等同替换;而这些修改、变化或者替换,并不使相应技术方案的本质脱离本申请实施例技术方案的精神和范围,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。Finally, it should be noted that the above-mentioned embodiments are only specific implementations of the present application, and are used to illustrate the technical solutions of the present application, rather than limit them. The embodiments describe the application in detail, and those of ordinary skill in the art should understand that: any person skilled in the art can still modify the technical solutions described in the foregoing embodiments within the technical scope disclosed in the application. Or can easily think of changes, or equivalently replace some of the technical features; and these modifications, changes or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions in the embodiments of the application, and should be covered in this application. within the scope of protection. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims (18)

1.一种无线传感器传输信息的方法,其特征在于,包括:1. a method for wireless sensor transmission information, is characterized in that, comprises: 在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数;Before each transmission of service information, randomly configure a multivariate key generation function for each sensor node, and randomly configure a univariate key generation function for each base station; 在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的所述节点标识符和所述多变量密钥生成函数,生成所述任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,所述当前成对密钥用于为对应的所述两个传感器之间传输的业务消息进行加密;The respective node identifiers are exchanged between any two adjacent sensor nodes, and according to the exchanged node identifiers and the multi-variable key generation function, a shared applicability between the any two sensor nodes is generated. The current paired key for this service information transmission, wherein the current paired key is used to encrypt the corresponding service message transmitted between the two sensors; 根据所述单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将所述广播消息发送给每个所述传感器节点,以在所述传感器节点中解析出所述当前会话密钥;According to the univariate key generation function, a broadcast message containing the current session key suitable for this service information transmission is generated at the base station, and the broadcast message is sent to each of the sensor nodes to The current session key is parsed out of the sensor node; 根据所述当前成对密钥和所述当前会话密钥,在所述传感器节点中生成消息加密密钥和消息认证密钥,并通过所述消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密。Generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and use the message encryption key and the message authentication key to be sent business messages are encrypted. 2.根据权利要求1所述的方法,其特征在于,所述在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息的步骤,包括:2. The method according to claim 1, wherein the step of generating a broadcast message containing a current session key suitable for this service information transmission at the base station side comprises: 基于由各个所述基站端共享的组密钥,生成所述当前会话密钥,其中,所述会话密钥由第一单变量密钥生成函数和第二单变量密钥生成函数组成;generating the current session key based on the group key shared by each of the base stations, wherein the session key is composed of a first univariate key generation function and a second univariate key generation function; 根据所述第一单变量密钥生成函数和所述第二单变量密钥生成函数生成所述广播消息。The broadcast message is generated according to the first univariate key generation function and the second univariate key generation function. 3.根据权利要求2所述的方法,其特征在于,所述根据所述第一单变量密钥生成函数和所述第二单变量密钥生成函数生成所述广播消息的步骤,包括:3. The method according to claim 2, wherein the step of generating the broadcast message according to the first univariate key generation function and the second univariate key generation function comprises: 为所述各个基站端预先配置撤销函数,其中,所述撤销函数用于判断所述传感器节点是否被撤销;Preconfiguring a revocation function for each base station, wherein the revocation function is used to determine whether the sensor node is revoked; 将所述撤销函数与所述第一变量密钥生成函数的乘积,以及所述撤销函数和所述第二变量密钥生成函数的乘积组成所述广播消息。The broadcast message is composed of the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function. 4.根据权利要求3所述的方法,其特征在于,所述在每个传感器节点中解析出所述当前会话密钥的步骤,包括:4. The method according to claim 3, wherein the step of parsing out the current session key in each sensor node comprises: 基于所述撤销函数,在未撤销的所述传感器节点中解析出由所述第一单变量密钥生成函数和所述第二单变量密钥生成函数组成的所述当前会话密钥。Based on the revocation function, the current session key composed of the first univariate key generation function and the second univariate key generation function is parsed in the sensor node that is not revoked. 5.根据权利要求1所述的方法,其特征在于,所述在传感器节点中解析出所述当前会话密钥的步骤和所述在传感器节点中生成消息加密密钥和消息认证密钥的步骤之间,所述方法进一步包括:5. The method according to claim 1, wherein the step of parsing out the current session key in the sensor node and the step of generating a message encryption key and a message authentication key in the sensor node In between, the method further includes: 统计所述传感器节点中解析出的相同的所述当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的所述当前会话密钥。The number of the same current session keys parsed from the sensor node is counted, and the number of the same current session keys exceeding a preset value is determined as the legal current session keys. 6.根据权利要求5所述的方法,其特征在于,所述通过消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密的步骤,包括:6. The method according to claim 5, wherein the step of encrypting the service message to be sent by the message encryption key and the message authentication key comprises: 在所述传感器节点中,根据所述消息加密密钥对所述待发送的业务消息进行加密,生成待发送的密文;In the sensor node, encrypt the service message to be sent according to the message encryption key, and generate a ciphertext to be sent; 根据所述消息认证密钥,在所述传感器节点中为所述待发送的密文生成消息认证码;generating, in the sensor node, a message authentication code for the ciphertext to be sent according to the message authentication key; 将携带所述消息认证码和标识所述密文的发送时间的发送时间戳的所述待发送的密文发送给目标传感器节点。The to-be-sent ciphertext carrying the message authentication code and a sending timestamp identifying the sending time of the ciphertext is sent to the target sensor node. 7.根据权利要求6所述的方法,其特征在于,在所述通过所述消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密的步骤之后,所述方法进一步包括:7. The method according to claim 6, wherein after the step of encrypting the service message to be sent by the message encryption key and the message authentication key, the method further comprises: 所述目标传感器节点在接收到所述携带所述消息认证码和所述发送时间戳的所述密文后,基于所述消息认证密钥生成所述消息认证码,并通过所述消息认证码对所述密文进行完整性认证;After receiving the ciphertext carrying the message authentication code and the sending time stamp, the target sensor node generates the message authentication code based on the message authentication key, and passes the message authentication code. Perform integrity authentication on the ciphertext; 计算通过完整性认证的所述密文的发送时间戳与当前时间的差值,并在所述差值小于预设阈值时,基于所述加密密钥对所述密文进行解密,获取所述业务消息。Calculate the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time, and when the difference is less than a preset threshold, decrypt the ciphertext based on the encryption key, and obtain the business message. 8.根据权利要求4所述的方法,其特征在于,在所述传感器节点中解析出所述当前会话密钥的步骤和所述在传感器节点中生成消息加密密钥和消息认证密钥的步骤之间,所述方法进一步包括:8. The method according to claim 4, wherein the step of parsing out the current session key in the sensor node and the step of generating a message encryption key and a message authentication key in the sensor node In between, the method further includes: 基于所述撤销函数,将确定被撤销的所述传感器节点的所述节点标识符和所述基站端的基站标识符添加至撤销列表,并将所述撤销列表向全网广播。Based on the revocation function, the node identifier of the sensor node determined to be revoked and the base station identifier of the base station side are added to a revocation list, and the revocation list is broadcast to the whole network. 9.一种无线传感器传输信息的装置,其特征在于,包括:9. A device for transmitting information from a wireless sensor, comprising: 配置模块,用于在每次传输业务信息前,为每个传感器节点随机配置多变量密钥生成函数,以及为每个基站端随机配置单变量密钥生成函数;The configuration module is used to randomly configure a multivariate key generation function for each sensor node before each transmission of service information, and randomly configure a single variable key generation function for each base station; 第一生成模块,用于在任意相邻的两个传感器节点之间交换各自的节点标识符,并根据交换的所述节点标识符和所述多变量密钥生成函数,生成所述任意两个传感器节点之间共享的适用于本次业务信息传输的当前成对密钥,其中,所述当前成对密钥用于为对应的所述两个传感器之间传输的业务消息进行加密;The first generation module is used for exchanging the respective node identifiers between any two adjacent sensor nodes, and generating the any two according to the exchanged node identifiers and the multivariate key generation function The current pairwise key that is shared between the sensor nodes and is suitable for this service information transmission, wherein the current pairwise key is used to encrypt the corresponding service messages transmitted between the two sensors; 第二生成模块,用于根据所述单变量密钥生成函数,在基站端生成包含适用于本次业务信息传输的当前会话密钥的广播消息,并将所述广播消息发送给每个所述传感器节点,以在所述传感器节点中解析出所述当前会话密钥;The second generation module is configured to generate a broadcast message including the current session key suitable for this service information transmission at the base station according to the univariate key generation function, and send the broadcast message to each of the a sensor node, to resolve the current session key in the sensor node; 加密模块,用于根据所述当前成对密钥和所述当前会话密钥,在所述传感器节点中生成消息加密密钥和消息认证密钥,并通过所述消息加密密钥和所述消息认证密钥对待发送的业务消息进行加密。an encryption module, configured to generate a message encryption key and a message authentication key in the sensor node according to the current pairwise key and the current session key, and use the message encryption key and the message The authentication key encrypts the service message to be sent. 10.根据权利要求9所述的装置,其特征在于,所述第二生成模块包括:10. The apparatus according to claim 9, wherein the second generation module comprises: 第一生成单元,用于基于由各个所述基站端共享的组密钥,生成所述当前会话密钥,其中,所述会话密钥由第一单变量密钥生成函数和第二单变量密钥生成函数组成;The first generating unit is configured to generate the current session key based on the group key shared by each of the base stations, wherein the session key is composed of a first univariate key generation function and a second univariate encryption function. The key generation function is composed; 第二生成单元,用于根据所述第一单变量密钥生成函数和所述第二单变量密钥生成函数生成所述广播消息。A second generating unit, configured to generate the broadcast message according to the first univariate key generation function and the second univariate key generation function. 11.根据权利要求10所述的装置,其特征在于,所述第二生成单元包括:11. The apparatus according to claim 10, wherein the second generating unit comprises: 配置子单元,用于为所述各个基站端预先配置撤销函数,其中,所述撤销函数用于判断所述传感器节点是否被撤销;a configuration subunit, configured to preconfigure a revocation function for each base station, wherein the revocation function is used to determine whether the sensor node is revoked; 构建子单元,用于将所述撤销函数与所述第一变量密钥生成函数的乘积,以及所述撤销函数和所述第二变量密钥生成函数的乘积组成所述广播消息。A subunit is constructed, configured to form the broadcast message by the product of the revocation function and the first variable key generation function, and the product of the revocation function and the second variable key generation function. 12.根据权利要求11所述的装置,其特征在于,所述第二生成模块还用于:12. The apparatus according to claim 11, wherein the second generation module is further configured to: 基于所述撤销函数,在未撤销的所述传感器节点中解析出由所述第一单变量密钥生成函数和所述第二单变量密钥生成函数组成的所述当前会话密钥。Based on the revocation function, the current session key composed of the first univariate key generation function and the second univariate key generation function is parsed in the sensor node that is not revoked. 13.根据权利要求9所述的装置,其特征在于,所述装置进一步包括:13. The apparatus of claim 9, wherein the apparatus further comprises: 确定模块,用于统计所述传感器节点中解析出的相同的所述当前会话密钥的数量,并将数量超过预设值的相同的当前会话密钥确定为合法的所述当前会话密钥。A determination module, configured to count the number of the same current session keys parsed out in the sensor node, and determine the same current session keys whose number exceeds a preset value as the legal current session keys. 14.根据权利要求13所述的装置,其特征在于,所述加密模块包括:14. The apparatus according to claim 13, wherein the encryption module comprises: 第三生成单元,用于在所述传感器节点中,根据所述消息加密密钥对所述待发送的业务消息进行加密,生成待发送的密文;a third generating unit, configured to encrypt the service message to be sent in the sensor node according to the message encryption key, and generate a ciphertext to be sent; 第四生成单元,用于根据所述消息认证密钥,在所述传感器节点中为所述待发送的密文生成消息认证码;a fourth generating unit, configured to generate a message authentication code for the ciphertext to be sent in the sensor node according to the message authentication key; 发送单元,用于将携带所述消息认证码和标识所述密文的发送时间的发送时间戳的所述待发送的密文发送给目标传感器节点。A sending unit, configured to send the ciphertext to be sent carrying the message authentication code and a sending time stamp identifying the sending time of the ciphertext to a target sensor node. 15.根据权利要求14所述的装置,其特征在于,所述装置进一步包括:15. The apparatus of claim 14, wherein the apparatus further comprises: 认证模块,用于所述目标传感器节点在接收到所述携带所述消息认证码和所述发送时间戳的所述密文后,基于所述消息认证密钥生成所述消息认证码,并通过所述消息认证码对所述密文进行完整性认证;an authentication module, used for the target sensor node to generate the message authentication code based on the message authentication key after receiving the ciphertext carrying the message authentication code and the sending time stamp, and pass The message authentication code performs integrity authentication on the ciphertext; 解密模块,用于计算通过完整性认证的所述密文的发送时间戳与当前时间的差值,并在所述差值小于预设阈值时,基于所述加密密钥对所述密文进行解密,获取所述业务消息。A decryption module, configured to calculate the difference between the sending timestamp of the ciphertext that has passed the integrity authentication and the current time, and when the difference is less than a preset threshold, perform a decryption process on the ciphertext based on the encryption key. Decrypt to obtain the service message. 16.根据权利要求12所述的装置,其特征在于,所述装置进一步包括:16. The apparatus of claim 12, wherein the apparatus further comprises: 添加模块,用于基于所述撤销函数,将确定被撤销的所述传感器节点的所述节点标识符和所述基站端的基站标识符添加至撤销列表,并将所述撤销列表向全网广播。The adding module is configured to add the node identifier of the sensor node determined to be revoked and the base station identifier of the base station to a revocation list based on the revocation function, and broadcast the revocation list to the whole network. 17.一种非瞬时计算机可读存储介质,其特征在于,所述非瞬时计算机可读存储介质存储指令,所述指令在由处理器执行时使得所述处理器执行如权利要求1至8任一项所述的无线传感器传输信息的方法中的各个步骤。17. A non-transitory computer-readable storage medium, characterized in that the non-transitory computer-readable storage medium stores instructions that, when executed by a processor, cause the processor to perform any one of claims 1 to 8. Various steps in a method for transmitting information of a wireless sensor. 18.一种终端设备,其特征在于,包括处理器,所述处理器用于执行如权利要求1至8中任一项所述的无线传感器传输信息的方法中的各个步骤。18. A terminal device, characterized by comprising a processor, wherein the processor is configured to execute each step in the method for transmitting information by a wireless sensor according to any one of claims 1 to 8.
CN201910382376.6A 2019-05-08 2019-05-08 Method, device and storage medium for transmitting information by wireless sensor Pending CN111918229A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910382376.6A CN111918229A (en) 2019-05-08 2019-05-08 Method, device and storage medium for transmitting information by wireless sensor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910382376.6A CN111918229A (en) 2019-05-08 2019-05-08 Method, device and storage medium for transmitting information by wireless sensor

Publications (1)

Publication Number Publication Date
CN111918229A true CN111918229A (en) 2020-11-10

Family

ID=73242119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910382376.6A Pending CN111918229A (en) 2019-05-08 2019-05-08 Method, device and storage medium for transmitting information by wireless sensor

Country Status (1)

Country Link
CN (1) CN111918229A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080292105A1 (en) * 2007-05-22 2008-11-27 Chieh-Yih Wan Lightweight key distribution and management method for sensor networks
CN101951602A (en) * 2010-10-13 2011-01-19 上海电力学院 Key distribution method with self-healing and head node revoking functions
CN103731825A (en) * 2013-12-20 2014-04-16 北京理工大学 Bridge-type-based wireless sensing network key management scheme

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080292105A1 (en) * 2007-05-22 2008-11-27 Chieh-Yih Wan Lightweight key distribution and management method for sensor networks
CN101951602A (en) * 2010-10-13 2011-01-19 上海电力学院 Key distribution method with self-healing and head node revoking functions
CN103731825A (en) * 2013-12-20 2014-04-16 北京理工大学 Bridge-type-based wireless sensing network key management scheme

Similar Documents

Publication Publication Date Title
US11265709B2 (en) Efficient internet-of-things (IoT) data encryption/decryption
US20220141004A1 (en) Efficient Internet-Of-Things (IoT) Data Encryption/Decryption
US8254581B2 (en) Lightweight key distribution and management method for sensor networks
CN101610510B (en) Node legitimacy multiple-authentication method in layer cluster type wireless self-organization network
JP6764753B2 (en) Systems and methods for efficient and confidential symmetric encryption on channels with limited bandwidth
US12250325B2 (en) Method and architecture for securing and managing networks of embedded systems with optimised public key infrastructure
US9923720B2 (en) Network device configured to derive a shared key
KR20110004870A (en) How to distribute cryptographic means
CN108183791A (en) Applied to the Intelligent terminal data safe processing method and system under cloud environment
Yildiz A PUF-based lightweight group authentication and key distribution protocol;-.
Khan et al. Energy efficient partial permutation encryption on network coded MANETs
Raad et al. Secure data in lorawan network by adaptive method of elliptic-curve cryptography
CN101317357B (en) Key management
Alzahrani et al. [Retracted] An Identity‐Based Encryption Method for SDN‐Enabled Source Routing Systems
Sudheeradh et al. Efficient and secure group key management scheme based on factorial trees for dynamic iot settings
CN111918229A (en) Method, device and storage medium for transmitting information by wireless sensor
Jilna et al. A key management technique based on elliptic curves for static wireless sensor networks
Leshem et al. Probability based keys sharing for IOT security
Azarnik et al. Lightweight authentication for user access to Wireless Sensor networks
CN119012189B (en) Key management method and system
Narayanan et al. TLS cipher suite: Secure communication of 6LoWPAN devices
Dhanasekaran Hierarchical Hash-based Mutual Trust Authentication Framework for Secure and Scalable Vehicular Cloud Communication in Dynamic Environments.
Patalbansi Secure Authentication and Security System for Mobile Devices in Mobile Cloud Computing
Ragavi et al. A Novel Hybridized Cryptographic Genetic Algorithm with Opportunistic Routing for Secured Data Transmission in Wireless Sensor Networks
Esfahani et al. An efficient MAC-signature scheme for authentication in XOR network coding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20201110