| Wireless sensor networks integrate three important technologies --wireless networks,sensor technology and embedded system.WSNs offer new opportunities and solutions to directly interact with the physical environment.WSNs are widely used in both civilian and military contexts,such as automatic monitoring,object tracking,etc.Such environments may have adverse conditions(e.g.,in a chemical plant) or can be quite hostile(e.g.,in a battlefield).Therefore,security is a critical and indispensable component for any deployed sensor network to operate in an unattended fashion in reality.In this thesis,we will address a fundamental security problem for wireless sensor networks:adversaries launch attacks using either its own nodes or compromised nodes.Sensor nodes deployed by adversaries are able to impersonate valid nodes in order to extract senseing data or launch false data injection attacks.Except for deploying their own nodes,adversaries could capture sensor nodes in the network and obtain all the information stored in them. Compromised nodes could be used to send a lot of forged packets in order to exhaust network resources(e.g.,energy,bandwidth,storage space).The method to solve the above problem is called technique of countering malicious nodes,which could be divided into two parts:node identity authentication and malicious node localization.A novel node authentication mechanism based on distributed BBS is brought up,which guarantees nodes' authenticity.Malicious nodes deployed by adversaries cannot do more harm to the network.A practical and efficient trace back mechanism is proposed in order to localize compromised nodes injecting large amounts of bogus packets to exhaust networks resources.The objective of the research is that sensor nodes deployed by adversaries won't be accepted by the network and compromised nodes will be located and eliminated quickly.Proposed solutions and their novelties are as follows:(1) A novel distributed node authentication mechanism is proposed. Conventional authentication mechanisms are based on centralized or distributed certified servers.The conventional approaches have two major limitations.First, they incur large computation overhead.Second,certified servers should be well protected.A node authentication mechanism without trusted certification servers is proposed in this thesis.Our proposed solution adopts a design similar to distributed BBS used in the Internet,which incurs less computation overhead and ensures the safety of the network.(2) A basic trace back mechanism based on marking is proposed and the marking method is thoroughly analyzed.A number of solutions have been proposed to cope with false data injection attacks;however,most of them adopt an en-route filtering mechanism.A trace back mechanism based on probabilistic packet marking is proposed in this thesis.When a data report is delivered toward the sink,some fixed domains of the report are probabilistically marked by intermediate sensor nodes.With the marks are available at the sink,the sink can reconstruct the route mesh and trace back the source location of the forged data. Meanwhile,we analyze the performance of the basic marking method.Based on the analysis,we present two different improved marking methods(3) A hierarchical trace back mechanism is proposed.In order to locate source nodes more quickly,a hierarchical trace back mechanism is brought up.A sensor field is divided into some levels,and in every step of trace back process the source node is located in a smaller level.The performance of the mechanism is thoroughly analyzed and evaluated,and the results show that only O(lgn) packets are needed to locate a source node(n means the number of nodes in the network).The security framework designed in this thesis could effectively defeat malicious nodes and lay a solid foundation for large-scale applications of wireless sensor networks. |