臺灣博碩士論文加值系統

數位時代的來臨，帶來科技爆炸性的發展，與無線行動設備的廣泛應用，如智慧手機和平版電腦等，這些設備通常帶有多功能的感測器，像是GPS、數位指南針等，這些新技術可以從周邊環境收集感測資料，傳遞到中控器加以分析，進而發展出許多的應用。無線感測網路的資訊安全我們從中來探討，無線感測網路的安全威脅主要來自於各種攻擊，而感測器大多部署在非受控區域，且因無線通信網路的特性，使其容易受到攻擊，本研究針對無線感測網路最常見的女巫攻擊(Sybil Attack)來做進一步分析。女巫攻擊最早由微軟的研究人員J. R. Douceur所提出，是一種對網路造成巨大危害的攻擊方式，會透過偽裝身分節點的方式，傳送虛假資料給其他節點。本研究對於無線感測網路(Wireless Sensor Network)應用中的女巫攻擊，提出幾個方式來判斷，包括利用信號強度、流量分析與網路拓樸的資訊，來分析判斷某節點是否為女巫節點，通常女巫攻擊在無線感測網路中會創造出位置相同但多個身份(Identity, ID)的節點，並且女巫攻擊節點與正常的節點相比會有異常的流量產生，而且具有不同ID的兩個節點，不可能短時間出現在距離很遠但不同位置。因此本研究偵測方法如下，假設女巫攻擊節點是在一個固定位置下，因為節點的位置可利用傳遞資料的信號強度(RSSI)值計算出來，所以若一個節點有多個身分ID但卻是在一個固定的位置，則可以判斷為女巫攻擊節點；此外在網路的中控器可以收集記錄所有的流量資訊，我們透過計算得出平均流量值，如果某節點在一定的時間間斷中有不同流量值產生，我們可以判斷為女巫攻擊節點；再者網路中控器可以記錄追蹤位置節點，當發現兩節點有相同的ID，則該節點可以判斷為女巫攻擊節點。我們根據上面描述的三種方法進行模擬實驗，實驗結果證明所提出的方法可以有效地辨識出女巫攻擊，進一步達到降低女巫攻擊帶來網路效能的影響，進而提升無線感測網路的安全。

The advent of the digital age has brought explosive development of communication technologies and mobile computing devices, such as smart phone and tablet PC, are widely used. These devices are usually embedded with multiple sensors, such as GPS and digital compass sensors. These new technologies can be used to collect data from the surrounding environment to a central controller so as to develop different applications. Therefore, security is an important issue in wireless sensor networks. Wireless sensor network mainly suffers security threats from a variety of attacks. This is because that mostly the wireless sensor devices are deployed in a non-controlled area. Furthermore, the diverse nature of wireless communication makes it vulnerable to attacks. This study focuses on the detection and analysis of Sybil attacks in wireless sensor networks. Sybil attacks were first proposed by the Microsoft researcher J. R. Douceur. A Sybil attack node will disguise its identity and transmit false information to the other nodes or the central controller. The proposed Sybil attack detection scheme is based on the analysis of the received signal strength between nodes, the traffic volume and the network topology. Usually, there will be multiple nodes with different identities in the same position if there are Sybil attacks in the wireless Sensor network. Also, a Sybil attack node will have abnormal traffics in comparison with other regular nodes. Besides, a Sybil attack node may have a different position or network identity that have been recorded in the central controller, which has the knowledge about the topology of the network. Thus, the schemes for detecting Sybil attacks are developed as follows. Assume that a Sybil attack node stays in a fixed location. The location of a node in the network can be computed by utilizing the RSSI values between nodes. If a node with multiple identities but has a fixed location, then it is considered as a Sybil attack node. Besides, the central controller can record all the traffic of all nodes in the network and derive the average traffic volume of a node. If a certain node has different traffic volume for a certain period of time, it is considered as a Sybil attack node. Furthermore, since the central controller can record and track the location of a node in the network, if a data reporting node has the same ID as some previous one but is far away from that node, then this node is considered as a Sybil attack node. The above three schemes were verified by simulation experiments. The simulation results showed that the proposed schemes can effectively detect Sybil attacks. Thus, the detrimental effects of Sybil attacks on the network performance can be reduced and the security of the wireless sensor networks can be enhanced as well.

目錄
第一章 緒論 1
1.1 研究背景與動機 1
1.2 論文架構 5
第二章 背景與相關研究 6
2.1 區域網路的背景與標準 6
2.1.1 區域網路的特性 7
2.2 IEEE 802.11通訊協定標準 9
2.2.1 IEEE 802.11實體層規格 9
2.2.2 IEEE 802.11基本通訊協定 9
2.2.3 IEEE 802.11存取服務 10
2.2.4 IEEE 802.11網路基本架構 10
2.3 無線感測網路基本結構 12
2.3.1 無線感測網路節點定位簡介 14
2.3.2 節點定位基本原理 15
2.4 相關研究 16
2.4.1 RSSI基本原理 17
2.4.2 RSSI演算法特徵 17
2.4.3 基於RSSI演算的攻擊檢測方式 18
第三章 研究方法與步驟 20
3.1 研究方式 20
3.2 網路基本拓樸 20
3.3 流量分析 21
3.4 信號強度分析 22
第四章 模擬實驗與分析 23
4.1 實驗環境 23
4.2 實驗結果與分析 23
第五章 結論 26
參考文獻 27

表目錄
表 1、乙太網路規格表 8
表 2、參數圖 23

圖目錄
圖1、女巫攻擊模型 3
圖2、有基礎架構的無線區域網路（Infrastructure Wireless LAN） 11
圖3、Ad Hoc Wireless LAN 11
圖4、感測器節點體系結構 12
圖5、感測器網路協議 13
圖6、感測器網路中信標節點和未知節點圖 15
圖7、可疑女巫攻擊活動圖 20
圖8、可疑女巫攻擊活動流量示例圖 22
圖9、網路吞吐量比較圖 24
圖10、女巫攻擊檢測率 24
圖11、女巫攻擊檢測性能比較 25

[1]Warneke, B., Last, M., Leibowitz, B and Pister, K. S. J, 2001, Smart dust: Communicating with a cubic-millimeter computer, IEEE Computer, 34(1), 44–51.

[2]孫利民、李建忠(2005)，無線感測器網路[M]，北京:清華大學出版社。

[3] Shih, E., Cho, S., Ickes, N., et al., Physical layer driven protocol and algorithm design for energy-efficient wireless sensor networks, Proceedings of the ACM MobiCom 2001, pp. 272–286.

[4]Liu, D., Ning P., and Du, W. K., Attack-resistant location estimation in sensor networks, Proc. of IPSN, April 2005.

[5]Douceur, J., The Sybil Attack, In First IPTPS, March 2002.

[6]黃能富(1998)，區域網路與高速網路，維科出版社。

[7]IEEE Computer Society LAN MAN Standards Committee, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Standard 802.11-1997. The Institute of Electrical and Electronics Engineers, New York, 1997.

[8]Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., and Cayirci, E., A Survey on Sensor Networks, Proc. IEEE Communications Magazine, Aug. 2002, Vol. 40, No. 8, pp. 102-113.

[9]Karl, H., and Willig, A., Protocols Architectures for Wireless Sensor Networks, first ed., Topology Control, Wiley, 2005, June 24.

[10]Liu, C., Wu, K., and He, T., Sensor localization with ring overlapping based on comparison of received signal strength indicator, IEEE Trans, 2004.

[11]Demirbas, M., Song, Y., An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks, 2006 International Symposium on World of Wireless, Mobile and Multimedia Networks, 2006, pp. 564-570.

[12]Chang, S. H., Huang, T. S., A Fuzzy Knowledge Based Fault Tolerance Algorithm in Wireless Sensor Networks, International Conference on Advanced Information Networking and Applications Workshops, 2012 26th, pp.891-896.

[13]Piro, C., Shields, C., and Levine, B. N., Detecting the Sybil Attack in Ad hoc Networks, Proc. IEEE/ACM Intl Conf on Security and Privacy in Communication Networks (Secure Comm), August 2006.

[14]林俊良、方健安(2002)編譯，C#設計實務-徹底研究，美商麥格羅希爾國際股份有限公司。