弱网的安全框架研究与实现

doi:10.3969/j.issn.1671-1122.2026.05.001

摘要/Abstract

摘要：

无线弱链路传感器网络（简称“弱网”）广泛部署于地下、深海、管道等极端环境中,其通信链路受强衰减、高噪声和间歇性连通等物理特性影响,长期处于高丢包、非对称、低带宽与易断连状态,导致传统无线传感器网络的安全机制在此类环境中难以维持有效性。外部攻击者可利用弱网链路的脆弱性实施身份伪造、中间人攻击和重放攻击,内部被攻陷的节点则可能通过伪装、选择性转发和协作攻击破坏网络稳定性。因此,构建适应弱网特性的安全机制是保障其可用性的核心问题。针对上述挑战,文章提出一个面向弱网环境的安全框架。在外部接入安全方面,文章设计了一种断连鲁棒型认证密钥协商协议（D-ADH）,通过固定协商公钥与单次安全广播显著减少交互开销,并采用轻量化的请求—重传机制提升高丢包环境下的协商成功率。在内部恶意节点检测方面,文章提出一种基于Type-2模糊逻辑的动态信任管理机制（FDTM）,融合通信成功率、数据一致性与流量行为等多源信任证据,引入环境感知与趋势式更新方法,使信任推断能够有效区分弱网噪声引起的异常与真实的恶意行为。该框架可在极端链路条件下同时实现稳定的外部认证能力与高精度的内部恶意节点识别,为弱网提供一种可部署、可扩展且高鲁棒性的安全解决方案。

关键词: 弱网, 身份认证, 信任管理, 恶意节点识别

Abstract:

Wireless weak-link sensor networks (abbreviated as “weak networks”) are widely deployed in extreme environments such as underground, deep sea, and pipelines. Affected by physical characteristics including strong attenuation, high noise, and intermittent connectivity, their communication links persistently suffer from high packet loss, asymmetry, low bandwidth, and frequent disconnections. As a result, the security mechanisms of traditional wireless sensor networks struggle to remain effective in such environments. External attackers can exploit the vulnerabilities of weak network links to carry out identity forgery, man-in-the-middle attacks, and replay attacks, while compromised internal nodes may undermine network stability through impersonation, selective forwarding, and collaborative attacks. Therefore, constructing a security mechanism tailored to the characteristics of weak networks is a core issue in ensuring their usability.To address the above challenges, this paper proposed a security framework for weak network environments. For external access security, a disconnection-robust authenticated key agreement protocol (D-ADH) is designed. It significantly reduced interaction overhead by using fixed negotiation public keys and a single secure broadcast, and employed a lightweight request-retransmission mechanism to improve the success rate of key negotiation in high packet loss environments. For internal malicious node detection, a dynamic trust management mechanism based on Type-2 fuzzy logic (FDTM) was proposed. It integrated multiple sources of trust evidence, including communication success rate, data consistency, and traffic behavior, and introduced environment-aware and trend-based update methods, enabling trust inference to effectively distinguish anomalies caused by weak network noise from real malicious behaviors. The proposed security framework can simultaneously achieve stable external authentication capabilities and high-precision internal malicious node identification under extreme link conditions, providing a deployable, scalable, and highly robust security solution for weak networks.

Key words: weak networks, authentication, trust management, malicious node detection

中图分类号:

TP309

刘光华, 王晨龙, 王连坤. 弱网的安全框架研究与实现[J]. 信息网络安全, 2026, 26(5): 667-683.

LIU Guanghua, WANG Chenlong, WANG Liankun. Research and Implementation of a Security Framework for Weak Networks[J]. Netinfo Security, 2026, 26(5): 667-683.

图/表 8

图1

图2

图3

图4

图5

图6

图7

图8

参考文献 47

[1]	LIU Guanghua. Data Collection in MI-Assisted Wireless Powered Underground Sensor Networks: Directions, Recent Advances, and Challenges[J]. IEEE Communications Magazine, 2021, 59(4): 132-138.
[2]	CHAUDHARY M. Underwater Wireless Sensor Networks: Enabling Technologies for Node Deployment and Data Collection Challenges[J]. IEEE Internet of Things Journal, 2022, 10(4): 3500-3524. doi: 10.1109/JIOT.2022.3218766 URL
[3]	YU Xiaoqing, HAN Wenting, ZHANG Zenglin. Path Loss Estimation for Wireless Underground Sensor Network in Agricultural Application[J]. Agricultural Research, 2017, 6(1): 97-102. doi: 10.1007/s40003-016-0239-1 URL
[4]	ZHANG Yixin, CHEN Da, LIU Guanghua, et al. Performance Analysis of Two-Hop Active Relaying for Dynamic Magnetic Induction Based Underwater Wireless Sensor Networks[J]. IEEE Transactions on Communications, 2022, 70(10): 6938-6949. doi: 10.1109/TCOMM.2022.3199348 URL
[5]	LIU Guanghua, WANG Chenlong, TANG Shuqi, et al. Security in Wireless Weak-Link Sensor Networks: Directions, Recent Advances, and Challenges[J]. IEEE Network, 2025, 40(1): 322-329. doi: 10.1109/MNET.2025.3580136 URL
[6]	WANG Chenlong, LIU Guanghua, JIANG Tao. Malicious Node Detection in Wireless Weak-Link Sensor Networks Using Dynamic Trust Management[J]. IEEE Transactions on Mobile Computing, 2024, 23(12): 12866-12877. doi: 10.1109/TMC.2024.3418826 URL
[7]	CHATTERJEE U, RAY S, ADHIKARI S, et al. An Improved Authentication and Key Management Scheme in Context of IoT-Based Wireless Sensor Network Using ECC[J]. Computer Communications, 2023, 209(9): 47-62. doi: 10.1016/j.comcom.2023.06.017 URL
[8]	LIU Guanghua. A Q-Learning-Based Distributed Routing Protocol for Frequency-Switchable Magnetic Induction-Based Wireless Underground Sensor Networks[J]. Future Generation Computer Systems, 2023(2), 139: 253-266. doi: 10.1016/j.future.2022.10.004 URL
[9]	GURA N, PATEL A, WANDER A, et al. Comparing Elliptic Curve Cryptography and RSA on 8-Bit CPUs[C]//Springer. International Workshop on Cryptographic Hardware and Embedded Systems. Heidelberg: Springer, 2004: 119-132.
[10]	WATRO R, KONG D, CUTI S, et al. TinyPK: Securing Sensor Networks with Public Key Technology[C]//ACM. The 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks. New York: ACM, 2004: 59-64.
[11]	MALAN D J, WELSH M, SMITH M D. A Public-Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography[C]//IEEE. IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks. New York: IEEE, 2004: 71-80.
[12]	LIU Zhe, SEO H, HU Zhi, et al. Efficient Implementation of ECDH Key Exchange for MSP430-Based Wireless Sensor Networks[C]//ACM. Symposium on Information, Computer and Communications Security. New York: ACM, 2015: 145-153.
[13]	VIJAYALAKSHMI V, SHARMILA R, SHALINI R. Hierarchical Key Management Scheme Using Hyper Elliptic Curve Cryptography in Wireless Sensor Networks[C]//IEEE.IEEE International Conference on Signal Processing, Communication and Networking. New York: IEEE, 2015: 1-5.
[14]	DU Xiaojiang, GUIZANI M, XIAO Yang, et al. A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor Networks[J]. IEEE Transactions on Wireless Communications, 2009, 8(3): 1223-1229. doi: 10.1109/TWC.2009.060598 URL
[15]	MISIC J. Traffic and Energy Consumption of an IEEE 802.15.4 Network in the Presence of Authenticated ECC Diffie-Hellman Ephemeral Key Exchange[J]. Computer Networks, 2008, 52(11): 2227-2236. doi: 10.1016/j.comnet.2008.04.006 URL
[16]	RAHMAN S M M, EL-KHATIB K. Private Key Agreement and Secure Communication for Heterogeneous Sensor Networks[J]. Journal of Parallel and Distributed Computing, 2010, 70(8): 858-870. doi: 10.1016/j.jpdc.2010.03.009 URL
[17]	WANG Jiuru, WANG Haifeng. Distributed Key Management Scheme Based on ECC for Heterogeneous Sensor Networks[C]//IEEE. IEEE International Conference on Advanced Cloud and Big Data. New York: IEEE, 2014: 235-239.
[18]	LIU Yi, DING Jinkou, WEN Qiaoyan. Key Management Scheme Based on Identity and Dual Cluster Heads for WSN[C]//IEEE. International Conference on Information and Network Security. New York: IEEE, 2013: 7-12.
[19]	SEO S H, WON J, SULTANA S, et al. Effective Key Management in Dynamic Wireless Sensor Networks[J]. IEEE Transactions on Information Forensics and Security, 2014, 10(2): 371-383. doi: 10.1109/TIFS.2014.2375555 URL
[20]	SAEED M E S, LIU Qunying, TIAN Guiyun, et al. AKAIoTs: Authenticated Key Agreement for Internet of Things[J]. Wireless Networks, 2019, 25(6): 3081-3101. doi: 10.1007/s11276-018-1704-5
[21]	LI Sensen, ZHANG Tikui, YU Bin, et al. A Provably Secure and Practical PUF-Based End-to-End Mutual Authentication and Key Exchange Protocol for IoT[J]. IEEE Sensors Journal, 2020, 21(4): 5487-5501. doi: 10.1109/JSEN.7361 URL
[22]	SUN Fajun, HE S, ZHANG Xiaotong, et al. TinyAKE: A More Practicable and Trustable Scheme for Authenticated Key Establishment in WSNs[EB/OL]. (2021-04-05)[2025-12-11]. https://arxiv.org/abs/2104.01907.
[23]	SUN Fajun, HE S, ZHANG Xiaotong, et al. A Fully Authenticated Diffie-Hellman Protocol and Its Application in WSNs[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1986-1999. doi: 10.1109/TIFS.2022.3173536 URL
[24]	DAS A K, WAZID M, YANNAM A R, et al. Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment[J]. IEEE Access, 2019, 7: 55382-55397.
[25]	LIN Huayi. Integrate the Hierarchical Cluster Elliptic Curve Key Agreement with Multiple Secure Data Transfer Modes into Wireless Sensor Networks[J]. Connection Science, 2022, 34(1): 274-300. doi: 10.1080/09540091.2021.1990212 URL
[26]	YANG Wei, HOU Chengqi, WANG Yu, et al. SAKMS: A Secure Authentication and Key Management Scheme for IETF 6TiSCH Industrial Wireless Networks Based on Improved Elliptic-Curve Cryptography[J]. IEEE Transactions on Network Science and Engineering, 2024, 11(3): 3174-3188. doi: 10.1109/TNSE.2024.3363004 URL
[27]	ALSHAMMARI M R, ELLEITHY K M. Efficient and Secure Key Distribution Protocol for Wireless Sensor Networks[J]. Sensors, 2018, 18(10): 3569-3578. doi: 10.3390/s18103569 URL
[28]	ZHANG Jiang, LIU Qi. New Key Management Scheme Lattice-Based for Clustered Wireless Sensor Networks[J]. PLoS ONE, 2023, 18(8): 323-342.
[29]	SAHINGOZ O K. Large Scale Wireless Sensor Networks with Multi-Level Dynamic Key Management Scheme[J]. Journal of Systems Architecture, 2013, 59(9): 801-807. doi: 10.1016/j.sysarc.2013.05.022 URL
[30]	SAHOO S K, SAHOO M N. An Elliptic-Curve-Based Hierarchical Cluster Key Management in Wireless Sensor Network[C]//Springer. Intelligent Computing, Networking, and Informatics. Heidelberg: Springer, 2014: 397-408.
[31]	TEGUIG E H, TOUATI Y, ALI-CHERIF A. ECC-Based Approach for Keys Authentication and Security in WSN[C]//IEEE. IEEE GCC Conference and Exhibition. New York: IEEE, 2017: 1-4.
[32]	NADIR I, ZEGEYE W K, MOAZZAMI F, et al. Establishing Symmetric Pairwise Keys Using Public-Key Cryptography in Wireless Sensor Networks[C]//IEEE.IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference. New York: IEEE, 2016: 1-6.
[33]	TARIQ Z, BATOOL N, NADIR I, et al. Towards Dynamic Hash-Based Key Establishment in Mobile Wireless Sensor Networking Nodes[C]//IEEE.IEEE International Multi-Topic Conference. New York: IEEE, 2020: 1-6.
[34]	OLIVEIRA L B, ARANHA D F, GOUVEA C P L, et al. TinyPBC: Pairings for Authenticated Identity-Based Non-Interactive Key Distribution in Sensor Networks[J]. Computer Communications, 2011, 34(3): 485-493. doi: 10.1016/j.comcom.2010.05.013 URL
[35]	SCIANCALEPORE S, PIRO G, BOGGIA G, et al. Public Key Authentication and Key Agreement in IoT Devices with Minimal Airtime Consumption[J]. IEEE Embedded Systems Letters, 2016, 9(1): 1-4. doi: 10.1109/LES.2016.2630729 URL
[36]	YANG Liu, LU Yinzhi, YANG S X, et al. A Secure Clustering Protocol with Fuzzy Trust Evaluation and Outlier Detection for Industrial Wireless Sensor Networks[J]. IEEE Transactions on Industrial Informatics, 2020, 17(7): 4837-4847. doi: 10.1109/TII.2020.3019286 URL
[37]	ALHUSSAIN A, KURDI H, ALTOAIMY L. Managing Trust and Detecting Malicious Groups in Peer-to-Peer IoT Networks[J]. Sensors, 2021, 21(13): 84-92. doi: 10.3390/s21010084 URL
[38]	LIANG Kun, SUN Shijie, HUANG Xiangdang, et al. A Trust-Based Malicious Detection Scheme for Underwater Acoustic Sensor Networks[C]//Springer.International Conference on Artificial Intelligence and Security. Heidelberg: Springer, 2022: 427-440.
[39]	YIN Xueqiang, LI Shining. Trust Evaluation Model with Entropy-Based Weight Assignment for Malicious Node Detection in Wireless Sensor Networks[J]. EURASIP Journal on Wireless Communications and Networking, 2019, 19(1): 198-207.
[40]	KUMAR A R, SIVAGAMI A. Fuzzy Based Malicious Node Detection and Security-Aware Multipath Routing for Wireless Multimedia Sensor Network[J]. Multimedia Tools and Applications, 2020, 79(19): 14031-14051.
[41]	RAM P V, LATHA P. Fuzzy Trust Protocol for Malicious Node Detection in Wireless Sensor Networks[J]. Wireless Personal Communications, 2017, 94(4): 2549-2559. doi: 10.1007/s11277-016-3666-1 URL
[42]	ZAWAIDEH F, SALAMAH M. An Efficient Weighted Trust-Based Malicious Node Detection Scheme for Wireless Sensor Networks[J]. International Journal of Communication Systems, 2019, 32(3): 38-48.
[43]	YANG Liu, YU Keping, YANG Simon X, et al. An Intelligent Trust Cloud Management Method for Secure Clustering in 5G Enabled Internet of Medical Things[J]. IEEE Transactions on Industrial Informatics, 2021, 18(12): 8864-8875. doi: 10.1109/TII.2021.3128954 URL
[44]	HONG Zhen, SHAO Qian, LIAO Xiaojing, et al. A Secure Routing Protocol with Regional Partitioned Clustering and Beta Trust Management in Smart Home[J]. Wireless Networks, 2019, 25(7): 3805-3823. doi: 10.1007/s11276-018-01916-1
[45]	LIU Liang, XU Xiangyu, LIU Yulei, et al. A Detection Framework against CPMA Attack Based on Trust Evaluation and Machine Learning in IoT Network[J]. IEEE Internet of Things Journal, 2021, 8(20): 15249-15258.
[46]	JIANG Jinfang, ZHU Xinyu, HAN Guangjie, et al. A Dynamic Trust Evaluation and Update Mechanism Based on C4.5 Decision Tree in Underwater Wireless Sensor Networks[J]. IEEE Transactions on Vehicular Technology, 2020, 69(8): 9031-9040. doi: 10.1109/TVT.2020.2999566
[47]	LIU Guanghua. Frequency-Switchable Routing Protocol for Dynamic Magnetic Induction-Based Wireless Underground Sensor Networks[J]. IEEE Journal of Selected Areas in Sensors, 2024, 1: 1-8. doi: 10.1109/JSAS.2024.3357792 URL