Sage Journals: Discover world-class research

Abstract

We propose a lightweight secure routing scheme for wireless sensor networks, which provides authenticity and integrity in the routing process with relative low overhead by extending directed diffusion protocol with secure measures. We analyze the security capabilities and performance of our scheme; besides, we execute a simulation and the performance results are encouraging.

1. Introduction

Routing protocol in data fusion is one of the key parts of wireless sensor networks (WSNs), while security problems challenge the routing of sensor networks. Since sensor nodes in real applications are often deployed in hostile environment such as battlefield, the adversaries may capture sensor nodes and pretend valid member inside the network to collect information or inject false messages into the network; it is necessary to design a secure routing protocol for WSNs, while many traditional security measures cost too much overhead of communication and computation for those sensor nodes which only have limited power and energy. Hence, traditional strong security methods such as asymmetric cryptographic schemes are not suitable for wireless sensor network because of their high computation and communication overhead. Naturally, lightweight security measures are much more popular in the routing protocols of WSNs.

In this paper we propose a lightweight secure routing scheme in data fusion for wireless sensor networks, which we call lightweight secure directed diffusion (LSDD). It mainly provides authenticity and integrity in the routing process with relative low overhead by extending a popular routing protocol-directed diffusion. We show how LSDD can effectively defend multiple attacks such as DOS attacks and sinkhole attacks. We have simulated LSDD in network simulator-NS2 [1] and the performance of LSDD is invigorating.

2. Background

Routing in WSNs is an important part, while it is also challenging because there are some particular characteristics (e.g., energy and power limitation) which other wireless networks do not possess. Because the number of deployed sensor nodes is commonly large, it definitely costs too much for maintaining ID table if ID-based routing system is employed. Therefore, traditional ID-based protocols may not be applicable to WSNs. Besides, in WSNs to some extent receiving data is more significant than getting the IDs of which nodes sent the data.

Considering a particular requirement of WSNs that receiving data is more significant than getting the IDs of which nodes sent the data, researchers have specifically designed some new algorithms for routing problems in WSNs. In order to reduce energy consumption, routing techniques proposed in the literature [2–7] for WSNs employ some well-known routing mechanisms as well as mechanism special to WSNs, for example, clustering, different node role assignment, data aggregation and in-network processing, and data-centric methods.

Among those protocols, several routing protocols became popular such as SPIN (sensor protocols for information via negotiation) [8] and directed diffusion [9]. In SPIN routing process, nodes name their data metadata. They remove the transmission of redundant data throughout the network by metadata negotiations. Moreover, SPIN nodes can decide how to communicate based on both knowledge of the data and knowledge of the available resources. While, directed diffusion (DD) is a data-centric routing protocol since all communication is for named data, it provides a mechanism to flood queries based on events or tasks and then sets up the route by establishing reverse gradients to send data back. DD involves several elements: interests, data messages, gradients, and reinforcements. An interest message is a query that describes user's needs. Each interest contains a sensing task description which is supported by a sensor network for querying data. Typically, data in sensor networks is the collected or processed information of a physical environment that can be a short description of event for the sensed environment. In DD, data is named by pairs of “attribute-value.” As shown in Figure 1, a sensing task is disseminated throughout the sensor network as an interest from sink to sources firstly. Then the dissemination sets up gradients within the network designed to retrieve events (the event can be retrieved by a form of data matching interests). Specially, a gradient is direction state created in each node that receives an interest. The steps of directed diffusion are shown in Figure 1.

Figure 1

Directed diffusion protocol.

3. Lightweight Secure Directed Diffusion (LSDD)

Lightweight secure directed diffusion scheme involves two parts, one is a secure directed diffusion protocol, which improves directed diffusion protocol by integrating delay-tolerant one-way hash chain authentication and black list techniques, and the other is lightweight key management service.

$H (t)$ is a one-way hash key chain which is employed to provide keys self-derivation. Message authentication code (MAC) [10] is an algorithm to construct secure message authentication codes by a key. Given k and a message m, we can compute $M A C_{k} (m)$ , but we cannot efficiently construct $M A C_{k} (m)$ given m without k. MAC is collision resistant. That means, with the knowledge of $M A C_{k} (m)$ , that it is computationally intractable to construct a message x such that $M A C_{k} (x) = M A C_{k} (m)$ .

The protocol includes an extra preload setup and the same set of phases as in the original $D D$ protocol: (a)

setup (see Algorithm 1),

(b)

compound interest propagation phase (see Algorithm 2),

(c)

gradients establishment phase (see Algorithm 3),

(d)

reinforcement phase (see Algorithm 4),

(e)

data propagation phase (see Algorithm 5).

Algorithm 1: Setup.

Actions: base station generates one key chain by repeatedly applying a one-way function H.

Each node also maintains its own one-way hash key chain. Base station sends out $k_{0}$

as a verifier $V_{0}$ to nodes in the network. t can be configured to be suitable times.

Keys: $H, {H (k_{t}), H (k_{t - 1}), H (k_{t - 2}), \dots, H (k_{1}), H (k_{0})}$

Result: where $k_{0} = H (k_{1}), k_{t - 1} = H (k_{t})$ , $k_{0}$ is a commitment to the entire one-way chain.

Algorithm 2: Compound interest propagation.

Action: When the sink sends out the interest, it floods a packet in the form

Protocol messages:

$S \to M$ : $〈 I n t e r e s t_{i}, B l a c k l i s t_{i}, M A C_{k_{i}} (I n t e r e s t_{i}, B l a c k l i s t_{i}) , k_{i} 〉$

Result: an intermediate node M performs the verification process up to λ times, after node M

verifies $k_{i}$ is correct one by $H^{i} (k_{i}) = k_{0}$ , and check if $M A C_{k_{i}} 〈 I n t e r e s t_{i}, B l a c k l i s t_{i} 〉 =$

${M A C}^{'}_{k_{i}} 〈 I n t e r e s t_{i}, B l a c k l i s t_{i} 〉$ , if result is OK, it accept $I n t e r e s t_{i}$ and $B l a c k l i s t_{i}$ .

Notes: It allows λ packets lost. An intermediate node performs the verification process up to

λ times.

Algorithm 3: Gradients Establishment.

Action: Each node M maintains an unique one-way hash chain

$H a s h M  : 〈 H a s h M_{i}, H a s h M_{i - 1}, \dots, H a s h M_{1}, H a s h M_{0} 〉$ ,

suppose M is the right source of the query request

Protocol messages:

$M \to M_{1}  : 〈 M e s s a g e_{i}, M A C_{H M i i} (M e s s a g e_{i}), 〈 M, \dots 〉〉$

$M_{1} \to M_{2}  : 〈 M e s s a g e_{i}, M A C_{H M i i} (M e s s a g e_{i}), 〈 M, M_{1}, \dots 〉〉$

⋮

$M_{n} \to S  : 〈 M e s s a g e_{i}, M A C_{H M i i} (M e s s a g e_{i}), 〈 M, M_{1}, \dots, M_{n} 〉〉$

Result: after multiple messages containing $M e s s a g e_{i}$ flow back to sink through

different paths, sink can check the data message and step into next one.

Algorithm 4: Path reinforcement.

Actions: the sink chooses a path based on lower delay or shorter hop

Protocol message:

$S \to M  : 〈 r e n f o r c e m e n t 1, 〈 M, M_{2} 〉 , b l a c k l i s t 2, M A C_{k_{2}} (r e n f o r c e m e n t 1, 〈 M, M_{2} 〉 , b l a c k l i s t 2), k_{2} 〉$

Result: after node M verifies $k_{i}$ is correct one by $H^{i} (k_{i}) = k_{0}$ , and check if

${M A C}_{k_{i}} 〈 I n t e r e s t_{i}, B l a c k l i s t_{i} 〉 = {M A C}^{'}_{k_{i}} 〈 I n t e r e s t_{i}, B l a c k l i s t_{i} 〉$ ,

if result is OK, it accept $I n t e r e s t_{i}$ and $B l a c k l i s t_{i}$ .

Algorithm 5: Data Routing Back.

Actions: After the F(t) is a one way hash key chain which is employed to prevent from,

source node M sends out data messages

Protocol messages:

$M \to S  : 〈 M e s s a g e_{i + 1}, M A C_{H a s h M_{i + 1}} (M e s s a g e_{i}), 〈 M, M_{1}, \dots, M_{n} 〉〉$

Result: M starts to send data back to sink along the established path on the appropriate gradient.

Base station (or sink) randomly chooses a seed ( $k_{t}$ ), and it generates a key chain until $k_{0}$ by $H (k_{t}), H (k_{t - 1}), \dots, H (k_{1})$ , where $k_{0} = H (k_{1})$ . Then each node in the network is preloaded by an initial verifier $v_{0} = k_{0}$ . Moreover, each node also maintains its own one-way hash key chain. Suppose that a node $N i$ maintains $H a s h N_{i 0}, H a s h N_{i 1}, \dots, H a s h N_{i m}$ , where $H a s h N_{i m - 1} = H (H a s h N_{i m})$ .

For every task, the sink broadcasts a compound interest message including authentication data and interest to each of its neighbors periodically. This initial compound interest message contains the specified interest, blacklist, and their $M A C$ value. The form of the compound message is $\begin{matrix} {{I n t e r e s t}_{i}, B l a c k l i s t_{i}, M A C_{k i} (I n t e r e s t_{i}, B l a c k l i s t_{i}), k_{i}} . \end{matrix}$ (1)

Intuitively, this initial interest functions like exploratory which means to call for what kind of data the sink wants.

Every node maintains an interest cache. Each item in the cache corresponds to a distinct interest. For any node who receives interest, the pseudocode of the step is as shown in Pseudocode 1.

Pseudocode 1

If (sender's ID is included in the blacklist)

then {drop the message};

else

If $(H (k_{i}) = v_{0})$ and

$(M A C_{k_{1}} (I n t e r e s t_{1}$ , $B l a c k l i s t_{1})$ = $(M A C_{k_{1}} (I n t e r e s t_{1}$ , $B l a c k l i s t_{1}))$ ,

then

{check the cache to store the interest entry and forward it to next hops;

$v_{0} = k_{i}$ ;};

else {drop the message}

Each node M maintains a unique one-way hash chain $H a s h M : 〈 H a s h M_{i}, H a s h M_{i - 1}, \dots, H a s h M_{1}, H a s h M_{0} 〉$ . When M sends data to the sink, it includes a value number from $H a s h M$ in the packet.

For any node who receives interest, the pseudocode of the step is as shown in Pseudocode 2.

Pseudocode 2

If (sender's ID is included in the blacklist entry)

then {drop the message};

else

If (Message.type = initial.type)

then {send out it to next hops};

else {drop the message};

After the reinforcement, node $M_{6}$ sends out ${M e s s a g e_{i}, M A C_{H a s h M i 2} (M e s s a g e_{i}), {M_{6}}}$ on the established path by the appropriate gradient.

A node that receives the above packet from its neighbor firstly checks if the $M e s s a g e_{2}$ is from node $M_{6}$ and has not been tampered within the diffusion. Then the node attempts to find out a matching interest entry and corresponding appropriate gradients in its cache. At last the node forwards the packet to the appropriate neighbors.

4. Key Management Services for LSDD

Since keys in our protocol originate from one-way hash key chain (OWH), the key management scheme is mainly based on OWH life cycle. In this work, we focus on addressing two problems: bootstrapping a new one-way hash chain and refreshing a hash chain for maintenance.

4.1. Bootstrapping of OWH

Since in this $O W H$ scheme we mainly protect authenticity, not confidentiality, we do not need to integrate costly cryptographic encryption or decryption. We require the fact that every intermediate node is configured with the initial $O W H$ number ( $V_{0} = O W H_{k 0}$ ) before communication can begin. To bootstrap the initial $O W H$ number, we can employ a lightweight public key scheme based on elliptic curve cryptography. The base station has a private key $P K s$ and every node has the corresponding public key $P K p$ . To bootstrap $O W H_{k 0}$ , the base station sends a packet containing a signature of $O W H_{k 0}$ signed with $P K s$ to the nodes along the path. When a node $n_{k}$ receives this packet, it can use $P K_{p}$ to verify the authenticity of $O W H_{k 0}$ and forwards the packet to the next node if the verification is passed. An elliptic curve public key scheme is implemented [11] on Berkeley motes and the cost is relatively low to perform one encryption or decryption process. To some extent, the public key approach is slow. So, we employ elliptic curve public key cryptographic method only when bootstrapping is performed.

4.2. Maintenance of OWH

4.2.1. Packets Loss

Since the packets pass through wireless channel, it is possible that packets loss. Actually, it is necessary for a routing protocol to allow the packets loss. In one message dissemination of our protocol, it is allowed for λ times of packet losses. If current message is not verified, the node will perform verification process up to λ times by a sequence of verification key $H^{λ} (k_{i})$ . But, if more than λ packets are lost, the node will drop them since these later packets cannot be verified. Thus there may be an attack that is jamming the communication medium around an intermediate node for a sufficient time period so that it will result in more than λ packet losses. Hence, the attacker is able to block the communication between a source node and a sink by only launching jamming attacks in a short time. A natural idea for defending against this attack is increasing the value of λ, but it does not work since there may be a large amount of jamming messages. To address this problem, we propose a mechanism of periodical bootstrapping a new $O W H$ number (the $O W H$ number most recently sent by the source node) in the intermediate nodes. Through this way, even if more than λ packets are lost, intermediate nodes can still set up a new value for the commitment value $V_{0}$ using this periodic bootstrapping mechanism and validate subsequent packets. Therefore, the jamming attack affections can be weakened.

4.2.2. Path Changes

Routing path could be changed for some radio transmission problems; for example, by monitoring routing information broadcast by its neighbor nodes, a node $n_{k}$ may detect the fact that it cannot reach $n_{k + 1}$ , but it can reach $n_{k + 2}$ via another node C. When a routing path changes, new nodes joining the path will need to securely receive the $O W H$ number and initialize their verifier $V_{0}$ .

When there is a path change, one natural way to handle it is to rebootstrap $O W H$ every time the path changes. But, it is very costly. Moreover, it induces new DOS attacks: a compromised node may be able to cause the path to change. Thus rebootstrapping a new $O W H$ for all nodes on the path will be executed. Once the malicious node repeats the action, it causes repeatedly rebootstrap to make the communication congested.

In order to defend against this kind of DOS attacks, we need to rebootstrap $O W H s$ . But the frequency of bootstrapping is the main problem. Commonly, there is a high redundancy in WSNs which can repair a path by finding some nodes near the failed nodes [12]. So it is unnecessary to bootstrap and refresh the $O W H$ every time the path is changed. When sink S and nodes along the designated path $n_{1}$ to $n_{m}$ bootstrap the initial $O W H$ number, their neighbor nodes can receive these packets and receive the authenticated initial $O W H$ number. Similarly, these nodes can also receive the refreshed $O W H$ number. As one example shown in Figure 2, node $B 1$ fails and the previous path from $n_{1}$ to $n_{m}$ has to change. Some neighbor node of $B 1$ can be chosen for a new path and will be able to authenticate $O W H$ numbers from the source node without rebootstrapping.

Figure 2

Path changes when node B1 fails.

4.2.3. Joining of New Node(s)

There are two scenarios we need to handle. One scenario is when only one new node is added in the path, there is no need to bootstrap the $O W H$ in the new node immediately. This is because the extent of an attack will be limited to only the new node(s). Other nodes that have $V_{0}$ already set up can still verify packets and hence are still resilient to stop the attacks.

The other scenario is when there are multiple new nodes added at same time, the bootstrapping process can be performed periodically or when the sink finds that the number of new nodes in the path exceeds some threshold, the bootstrapping process should be performed immediately. For example, when three new nodes (A, B, and C) just join the path, an adversary can try to only attack some of these nodes (A and B) but cannot attack the other nodes which are divided by old nodes. Hence, one observation is that not all nodes joining do require immediate rebootstrapping.

4.2.4. Leaving of Node(s)

It is possible for some nodes to leave from the path. Considering the situation of possible leaking of $O W H$ , it is necessary to the rebootstrapping process. We can also adopt the strategy that when the length of a path formed by the leaving nodes decreases to be lower than some threshold number, the rebootstrapping $O W H$ process can be executed.

4.2.5. Compromised Node(s)

When there are some nodes compromised by adversaries, the $O W H$ should be rebootstrapped immediately on the path. To detect the malicious nodes, the details will be given in Section 5.2.

5. Security Analysis

5.1. Security Capabilities Analysis

Our scheme can effectively guarantee the authenticity and integrity of data transferred in the network. Once the data is modified, the receiver can detect it. And it can effectively defend bogus routing attack and sinkhole attack by data authentication and blacklist. Table 1 shows the comparison of the defending capabilities of $L S D D$ with other routing protocols [13–18].

Table 1

Defending capabilities comparison of several routing protocols for WSN.

Attack	GR	CB	RR	DD	LSDD
Bogus routing	×	✓	×	×	✓
DOS	✓	×	×	×	✓
Sinkholes	✓	✓	×	×	✓
Selective forwarding	×	✓	✓	×	✓
Wormholes	✓	×	×	×	✓
Flow suppression	✓	✓	×	×	✓
Path influence	×	×	✓	×	✓

GR: geographic Routing.

CB: cluster based.

RR: rumor routing.

DD: directed diffusion.

SDD: secure directed diffusion.

× represents that it can be attacked by it.

✓ represents that it can prevent from this attack.

Because we adopt authentication combining with blacklist broadcasting, each node who receives the blacklist can judge whether the nodes around it are in the blacklist. According to the timely blacklist and authentication, nodes can effectively detect malicious nodes and behaviors, which is able to be against multiple attacks such as sinkhole attacks and wormhole attacks.

5.1.1. Defending against Altered, Replayed Routing Information

In $L S D D$ , since authentication is employed in the routing protocol of $L S D D$ , nodes are unwilling to accept an identity of an adversary. Thus nodes cannot verify any altered message. At the same time, one-way hash keys are used in the message and any replayed messaged can be considered illegitimate.

5.1.2. Defending against Sybil Attack

Identity fraud is central to the Sybil attack [19]. However, many compromised nodes still participate in the network for communication. It is very difficult to distinguish between the compromised node and legitimate node. Fortunately, in our protocol, because we adopt blacklist notification scheme, the malicious or abnormal behaviors can be detected by voting-based detection ( $VBD$ ) technique and be reported in blacklist. Once some node is detected as a malicious node, the other nodes can stop accepting message from it by blacklist.

5.1.3. Defending against Selective Forwarding

In selective forwarding, after receiving the data messages from the neighbor node, the adversary does not forward all the messages. The adversary can modify the data message or inject its own data message to the subsequent nodes. In Figure 3, the adversary has been in the path of A→ B→ C. Let us consider that the data flows from A→ adversary to → B→ C. Then the adversary can drop some data message from A and then sends some others to B. B further forwards the false data message to the base station.

Figure 3

Defending against selective forwarding attacks.

However, in our protocol, since we adopt blacklist technique and voting-based detection scheme, thus, nodes can monitor their neighbors to observe whether messages are being forwarded correctly. The correct forwarding ratio can be used to vote for the node. Once the votes for one node are lower than the threshold, messages from the node would be unaccepted by other neighbor nodes.

5.1.4. Defending against Sinkhole Attacks

In sinkhole attacks, adversary firstly compromises one node in the network and makes the compromised node attractive to the surrounding neighbors by presenting good routing capabilities. Thus most traffic around this node is led to pass through the compromised node [20]. The goal of sinkhole attacks is to prevent the sink or base station from receiving correct data sent out from the source.

However, in $L S D D$ , since we adopt $M A C$ authentication for each message, it is very hard for the adversary to successfully launch sinkhole attacks because the malicious nodes cannot be authenticated to pass through.

5.1.5. Defending against Wormholes Attacks

In a wormhole attack, adversaries cooperate to provide a low-latency side-channel for communication to make a false image of routing. For example, two distant malicious nodes may communicate with each other by a powerful side-channel such as a direct low-latency communication link. All the packets received at one malicious node are relayed to the other by the low-latency side-channel, where they are transmitted as if there is a malicious node very near from the original source. Thus the neighbors of these two malicious nodes may get false routing information that the nodes in that area are very close (actually they are far). Subsequently, it may disrupt the network routing.

However, in our protocol, since we adopt message authentication and blacklist scheme. All the compromised nodes can be detected in time and excluded from the network. In other words, the malicious nodes cannot be trusted as a valid intermediate forwarder. Thus the wormhole attacks can be effectively blocked.

5.1.6. Defending against DOS Attacks

A typical DOS attack is to exhaust resources such as memory or bandwidth by extremely injecting a large number of messages into the network in a very short time [21]. Commonly, in WSN, a DOS attacker possesses a powerful device, such as a laptop, so it is not difficult for the attacker to inject large amount of messages in a very short time. For example, an attacker can pretend to be some other node (node i) in the network and flood a lot of the same request messages to the network. All nodes receiving the request reply back to the node i. Hence, it results in the fact that the communication link between node i and others is congested and the power of node i is exhausted.

However, in $S D D$ , all the messages need to be authenticated firstly. So it is not applicable for the adversary to fake the address. Moreover, since every packet sent by one end point contains a unique $O W H$ key. Even if a packet is retransmitted, the retransmitted version of the packet has a new distinct $O W H$ key. This allows an intermediate node to distinguish between a packet retransmitted by the source and a retransmitted packet replayed by an adversary, because the adversary cannot attach a valid $O W H$ key in the replayed packet. Once the packet has an invalid $O W H$ key, the packet would be dropped. Besides, there is a blacklist scheme; once the malicious node is detected, all the messages sent out from it would be discarded. Therefore, our protocol can effectively defend against DOS attack.

5.1.7. Defending against Flow Suppression Attacks

Flow suppression is a variant of denial of service attack. The attacker can listen to the negative reinforcement messages and sends the negative reinforcement to the node which is delivering data at a high rate.

In Figure 4, the data flow path is A→ B→ C. When the path between A and B or B and C is congested for a time, the adversary can pretend to be node B and send a negative reinforcement to node A. When node A receives this information, it changes the data rate value. Thus a good path is suppressed for illegal negative reinforcement.

Figure 4

Flow suppression attacks.

However, in our protocol, since, in the message of negative reinforcement of our protocol, we also employed $M A C$ as authentication measure, it is difficult for the adversary to predict next $O W H$ key without the original seed. Each negative reinforcement message should be verified firstly. Thus the flow suppression attack can be prevented.

5.1.8. Defending against Path Influence Attacks

Let us consider the node A as the source and node C as the base station Figure 5. If the adversary knows the $O W H$ key before other nodes, it might try to attract all the nodes in the network by sending a fake announcement to B. After receiving the message, B will forward it to all its neighbors. The nodes will reply everything to the attacker. The adversary can use it to influence the data path.

Figure 5

Defending against path influence attacks.

However, in our protocol, if the adversary sends an announcement to a neighbor, the receiving node will find out whether the node is a malicious one or not by the blacklist. So it is not applicable.

5.2. Detection of Malicious Node (Blacklist Technique)

As we all know, sensor nodes in sensor networks are usually deployed in hostile environments such as battlefields. Consequently a sensor node may be compromised or out of function. When an adversary has compromised certain sensor node(s), he may not launch direct attacks against the network immediately since once the misbehavior is detected, the sink may abandon these compromised nodes and put these nodes $I D (s)$ into blacklist. Instead, the attacker lets those compromised nodes behave normally but reports false data to the data collector. The purpose of the attacker is to mislead the higher layer with falsified data. The aggregator in higher layer may make a wrong aggregation result due to the effect of the malicious node. This kind of attacks may lead to many serious consequences; for instance, in the battlefield, a false report for the operations of the enemy may lead to extra casualties. It is therefore an important issue in sensor networks to detect these malicious nodes in spite of such problems.

In our work, we proposed a voting-based detection ( $VBD$ ) method to detect the compromised nodes by monitoring its reported data and giving the proper reputations of the sensor nodes according to their behavior patterns. Since all the voting messages are within other normal in-network communication messages, it would incur only little extra overhead without increasing extra communications.

As the first step toward the solution to the problem, we model it into a weight-based network. Each node can vote on its neighbor nodes as the value 1 or 0. These votes can be delivered to the sink or base station. The sink collects all information (including the votes for each node in the network) provided by sensor nodes and calculates an aggregation result using the votes for each sensor node: $\begin{matrix} E_{i} = \frac{\sum_{k = 0}^{n} v_{i k}}{n} . \end{matrix}$ (2)

$V_{i k}$ is the vote for the current node i from neighbor node k. $E_{i}$ is the evaluation result calculated by the sink. n is the number of nodes who vote for the node i. When the $E_{i}$ is lower than one threshold number (our default threshold number is 0.6), the node i will be considered malicious.

6. Simulation and Performance Analysis

To evaluate the feasibility of our mechanism in current $W S N s$ platforms, we need to measure the resource consumption of computation and storage. We have simulated $L S D D$ and $O W H$ generation and verification algorithm on network simulator $N S 2$ (Table 3).

Our basic simulation network topology is a regular $n \times n$ grid with $n^{2}$ sensor nodes. The communication radius is set to $\sqrt{2}$ which allows the nearest eight neighbors to be reached. The base station is placed at the right bottom, and the source node is at the left top.

Besides, we designed a voting-based detection mechanism to generate blacklist which is able to show the nodes that are malicious around them. Broadcasting blacklist has two methods, one is that sink broadcasts blacklist periodically, and another is that sink broadcasts blacklist with interests’ data broadcasting. According to the protocol situation, we adopt the latter one; thus the protocol “lightweight secure directed diffusion” has the same communication rounds with the original directed diffusion protocol.

6.1. Structure of the Simulation

The simulation follows the process and steps of the original directed diffusion. Based on the codes of directed diffusion, we modified some parts to make them able to authenticate the messages. Here we discuss the principle and details of the simulation for the $L S D D$ .

6.1.1. API for Subscription and Publishing

Since the directed diffusion adopts publishing-subscription mechanism to establish the communication among nodes, the following is the API for the publishing-subscription process:

handle NR:: subscribe (NRAttrVec * subscribeAttrs, const NR:: Callback * cb);

int NR:: unsubscribe (handle subscription_handle);

handle NR:: publish (NRAttrVe c * publishAttrs);

int NR:: unpublish (handle publication_handle).

When users subscribe one set of particular attributes and send out the request for data needed, we define them as data receiver (sinks). Since the sensors sense the data and send the data back, we define them as source. Subscriber and publisher both employ the naming mechanism based on attribute. The data diffusion algorithm guarantees the data transfers from source to sink on an efficient way.

6.1.2. Naming Mechanism

$L S D D$ also follows the naming mechanism of $D D$ , which is based on attribute. The design of this kind of naming mechanism is very flexible for the protocol. Firstly, this naming mechanism is data-centric which allows applications to focus on the data, not on the nodes. Secondly, the method not only supports end-to-end communication but also supports the communication between multiple sources and receivers. Thirdly, the connection between sources and receivers is done by attribute matching. Once the attributes match with the cache interests, the source sends out the corresponding data back to the subscriber subsequently.

6.1.3. The Algorithm of Secure Directed Diffusion

Publishing-subscribing model provides us with the standard interface for coding the applications for $W S N s$ ; attribute-based naming mechanism can point out which source the sink should communicate. The establishment of the communication link between both is the algorithm of directed diffusion. Since we do not change the algorithm of diffusion, $L S D D$ basically follows the original directed diffusion steps. Now there are three algorithms of DD available for simulation (the sequence is shown in Figure 6), one is two-phase pull diffusion, another is one-phase pull diffusion, and the other is one-phase push diffusion.

Figure 6

Interaction between sink and source in several diffusion algorithms.

In two-phase pull diffusion, receivers (sink) create one interests set with special attribute. Every node who receives the interest caches it and forwards it to the neighbors and establishes the gradient relation with the neighbors. The gradient can guide the data transmission direction and speed. The intermediate node receives and forwards the interests to the neighbor nodes. The data sent out in the first time by the source is called exploratory data; the exploratory data is flooded to all the neighbors along the gradients. After the sink receives the first exploratory data, it chooses one path and sends out the positive reinforcement message. Therefore, all the subsequent data will be transfered on the reinforced path.

In one-phase pull diffusion, sink is passive while the source is active; the data is flooded to the sink from the source. It also needs to establish the gradient like the two-phase pull diffusion.

In one-phase push diffusion, when the source receives the interest, it obeys the first-come-best-path. It is different from the previous algorithms since there is no exploratory data and there is no reinforcement message.

We choose two-phase pull diffusion as the rule of following the original design of directed diffusion.

6.1.4. Components of the Simulation

In our simulation, several key components work together to achieve one objective. The process and relations among the components are shown in Figure 7.

Figure 7

The sequence graph showing how the components handle the messages.

(i) Filter Component. Filter component defines the self-handle data attribute, while the diffusion algorithm defines the method how to solve the packets.

(ii) Diffusion Core Agent. Diffusion core agent responds to how to disseminate the packets. Diffusion core agent records all the configured filters in the network and charges for forwarding the packets to the filters and handling the subsequent packets. At the same time, Diffusion core agent charges for disseminating the solved data into the network or sends them to the local application layer.

(iii) Agent Component. Agent component represents the terminal point that generates and consumes the data packet of network layer. In the implementation of $L S D D$ , we implement two kinds of agents, Diffusion routing agent and diffusion application agent. Routing agent charges for receiving the message on the network or the messages that local application agent sends and forwards the message to diffusion core component to confirm the direction of transmission. Application agent charges for receiving the message from the routing agent and forwards the messages to filter to handle according to the message attribute. Figure 4 gives one example of the sequence graph for the components handling the messages.

(iv) Call Back Object. We realize the binding with data attribute and corresponding execute codes by call back object. Users subscribe an interest by giving a set of attributes and a call back object. The object includes the execution method of matched data. When users configure the filter, they need to give a set of attributes and a call back object.

6.2. Performance

Table 2 shows the communication and computation comparison of $L S D D$ with the original directed diffusion scheme. Table 2 shows our basic configuration of this simulation.

Table 2

Comparison with original directed diffusion scheme.

Protocol	LSDD	DD
Communication rounds	4	4
Overhead	34 bytes + data size	Data size
Node computation	1 hmac	0 hmac

Table 3

Configuration of NS2 simulator.

Parameter	Value
Total area	10 m × 10 m~100 m × 100 m
Number of nodes	10~200
Initial energy	5 joule/node
Data rate	300 kbps
Transmission range	30 m
Packet size	48 bytes
Data sources	1~5
Packet loss rate	0~10%
Offered load	4~6 packets per sec

We set up multiple test configurations; for example, the simulation duration time is set to 5 seconds, 20 seconds, and 50 seconds. And we set packet loss rate as 5% and 10%. We believe that, in the real environment, routing in WSNs with 5% or 10% packets loss rate is normal.

Because the steps of $L S D D$ are the same as the communication steps of original directed diffusion, the communication rounds of $L S D D$ are the same as $D D$ . The only extra overhead is that the size of transmitted data of $L S D D$ is bigger than $D D$ ; one-way hash key chains should be managed.

We adopt one-way sequence number generation algorithm to generate one-way hash key chain with relative small storage overhead and computation overhead. In our simulation, we use 30 bytes data as original interest test data since the default packet size is 30 bytes. A $L S D D$ interest packet involves interest, blacklist, $H M A C$ output of the packet, and the key of $H M A C$ . We adopt $S H A - 1$ [11] as $H M A C$ function and key length is 32 bits (4 bytes). The output size of $H M A C$ of $S H A - 1$ is 20 bytes. The blacklist is 10 bytes default. So the complete packet size is 64 bytes, and this is the communication overhead. Figure 8 is the result of average delays of packets transmission of $L S D D$ comparison with $5 %$ packets loss rate. From the results, we can see that the cost increases about 0.01 second on average when the network size is 50 and it increases about 0.03 second on each node average when the network size is 200.

Figure 8

Average delay of each node with 5% packets loss rate.

And with $10 %$ packets loss rate (Figure 9), $L S D D$ has only a little extra overhead than with $5 %$ packets loss rate. In both scenarios, $L S D D$ almost saves half of communication of $A D D$ . Considering that the common speed of wireless links is 19.2 kbps, the time delay of the $L S D D$ message is quite reasonable for providing security.

Figure 9

Average delay of each node with 10% packets loss rate.

6.3. Storage Performance of OWH

Since a single $O W H$ number ( $H M A C$ Key) is included in each packet, without counting setup overhead, the original message overhead is 30 bytes per packet. We use 4 bytes for end-to-end security $M A C$ key. And we can use 10 bytes for blacklist. Plus the output (20 bytes) of $M A C$ , the total security overhead is 34 bytes. It is less than SEF protocol [22] with end-to-end security overhead.

The method of generating and storing a long $O W H$ in a sensor node is not straightforward. Traditional algorithms require either too much memory to store every $O W H$ number or too much time to compute the next $O W H$ number. None of these algorithms are practical on resource-constrained sensor nodes. Some efficient $O W H$ generation algorithms for resource-constrained platforms have been proposed [23, 24]. After a comparison of their performance, we adopt the fractal graph traversal algorithm [25]. This algorithm stores only some of the intermediate numbers, of an OWH, and uses them to compute other numbers. If the size of an OWH is n (there are total n numbers in this $O W H$ ), the algorithm performs approximately $(\log_{2} n) / 2$ one-way function operations to compute the next $O W H$ number and requires little more than $\log_{2} n$ units of memory to save these intermediate numbers.

Another important factor is the length of an $O W H$ that is needed for a source node. The typical length is between 2¹¹ and 2²². If the length of an $O W H$ is 2²² and a node uses one $O W H$ number per second, it will take more than a month to exhaust all numbers from this chain. With the fractal traversal algorithm, the maximum time for generating an $O W H$ is approximately equal to $(μ \log_{2} n) / 2$ , where n is the size of the $O W H$ and μ is the time for performing a one-way function.

When the size of the OWH is 2²², it requires about 15.18 ms on average to generate an $O W H$ (shown in Figure 10). Considering that it takes about 40 to 50 ms to send a 48-byte packet, we believe that this computing time for generating an $O W H$ number is practical.

Figure 10

Time expense for generation of one-way hash chain.

6.4. Comparison with Other Secure Protocols

We compare our scheme with other 2 secure routing protocols STEF [26] and IPD [27] in node energy consumption and detection ratios for captured nodes. The initial energy of a node is set to be 2J.

We mainly compare the overhead by time of energy consumption. From the experiments, we can find out that all energy of the nodes of IPD and STEF is consumed at time of 512 seconds and 423 seconds, while the whole energy of the nodes of our scheme remains exhausting until 662 seconds, as shown in Figure 11.

Figure 11

Node energy consumption.

The detection of captured nodes represents the effectiveness of the secure protocol to some extent. We found that commonly the capture ratio of nodes is higher; the detection of captured nodes would be lower since more captured nodes would lure others together. We set the biggest value of the capture ratio of nodes to be 0.5. From the experiment, we can find out that there is no big difference when the capture ratio of nodes is less than 0.1. However, when the capture ratio is bigger than 0.1, our scheme has better detection ratio than IPD and STEF, as shown in Figure 12.

Figure 12

Detection ratio of captured nodes.

7. Conclusion

We propose a lightweight secure routing scheme in data fusion for wireless sensor networks which provides authenticity and integrity in the routing process with relative low overhead. The security performance of the scheme is analyzed in the paper. Besides, a simulation was run and the result shows that the performance is acceptable for wireless sensor networks.

Footnotes

Notations

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This research was supported in part by the National Natural Science Foundation of China (no. 61100192),Research Fund for the Doctoral Program of Higher Education of China (no. 20112302120074),Guangdong Province Natural Science Foundation Grant no. 10451805707004183,and Shenzhen Strategic Emerging Industries Program under Grants nos. JCYJ20120613151032592 and ZDSY20120613125016389. The authors thank the reviewers for their comments.

References

Singh

Dua

R. L.

Mathur

Network simulator NS2-2. 35

International Journal of Advanced Research in Computer Science and Software Engineering 2012 2 5

Singh

S. K.

Singh

M. P.

Singh

D. K.

Routing protocols in wireless sensor networks: a survey

Proceedings of the International Journal of Computer Science and Engineering Survey (IJCSES ′10)

November 2010

Singh

S. K.

Singh

M. P.

Singh

D. K.

A survey of energy-efficient hierarchical cluster-based routing in wireless sensor networks

International Journal of Advanced Networking and Applications 2010 2 2 570 580

Pham

N. N.

Youn

Won

A comparison of wireless sensor network routing protocols on an experimental testbed

Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing

June 2006

276 281

2-s2.0-33845437541

10.1109/SUTC.2006.1

Misra

Dias Thomasinous

A simple, least-time, and energy-efficient routing protocol with one-level data aggregation for wireless sensor networks

Journal of Systems and Software 2010 83 5 852 860

2-s2.0-77549086505

10.1016/j.jss.2009.12.021

Zhu

Y.-H.

W.-D.

Leung

V. C. M.

Energy-efficient tree-based message ferrying routing schemes for wireless sensor networks

Mobile Networks and Applications 2011 16 1 58 70

2-s2.0-79751535932

10.1007/s11036-009-0211-4

Al-Karaki

J. N.

Kamal

A. E.

Routing techniques in wireless sensor networks: a survey

IEEE Wireless Communications 2004 11 6 6 27

2-s2.0-11144277843

10.1109/MWC.2004.1368893

Kulik

Heinzelman

Balakrishnan

Negotiation-based protocols for disseminating information in wireless sensor networks

Wireless Networks 2002 8 2-3 169 185

2-s2.0-0036499227

10.1023/A:1013715909417

Intanagonwiwat

Govindan

Estrin

Directed diffusion: a scalable and robust communication paradigm for sensor networks

Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (MOBICOM ′00)

August 2000

56 67

2-s2.0-0034539015

10.

Bellare

Canetti

Krawczyk

Keying Hash functions for message authentication

Advances in Cryptology—CRYPTO ’96 1996 1109 1 15 Lecture Notes in Computer Science

11.

Kim

Lee

D. G.

Ryou

Compact and unified hardware architecture for SHA-1 and SHA-256 of trusted mobile computing

Personal and Ubiquitous Computing 2012 17 5

12.

Shah

Rabaey

Energy aware routing for low energy ad hoc sensor networks

Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC ′02)

March 2002

Orlando, Fla, USA

13.

Zhang

Varadharajan

Wireless sensor network key management survey and taxonomy

Journal of Network and Computer Applications 2010 33 2 63 75

2-s2.0-75149127612

10.1016/j.jnca.2009.10.001

14.

Zhou

M. X.

An improved distributed key management scheme in wireless sensor networks

Proceedings of the 9th International Workshop on Information Security Applications

September 2008

Cheju Isl, Republic of Korea

15.

Arazi

Rose

A public key cryptographic method for denial of service mitigation in wireless sensor networks

Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON ′07)

June 2007

San Diego, Calif, USA

51 59

2-s2.0-48049118360

10.1109/SAHCN.2007.4292817

16.

Hou

H.-F.

Liu

X.-W.

H.-Y.

Minimum energy consumption routing algorithm based on geographical location information for wireless sensor networks

Journal of Electronics and Information Technology 2007 29 1 177 181

2-s2.0-33947290059

17.

Nguyen

H. T. T.

Guizani

Huh

E.-N.

An efficient signal-range-based probabilistic key predistribution scheme in a wireless sensor network

IEEE Transactions on Vehicular Technology 2009 58 5 2482 2497

2-s2.0-66449127121

10.1109/TVT.2008.2008191

18.

Tsai

S.-C.

Tzeng

W.-G.

Zhou

K.-Y.

Key establishment schemes against storage-bounded adversaries in wireless sensor networks

IEEE Transactions on Wireless Communications 2009 8 3 1218 1222

2-s2.0-62949134817

10.1109/TWC.2009.081048

19.

Karlof

Wagner

Secure routing in wireless sensor networks: attacks and countermeasures

Ad Hoc Networks 2003 1 2-3 293 315

2-s2.0-2942656255

10.1016/S1570-8705(03)00008-8

20.

Xiao

Greenstein

L. J.

Mandayam

N. B.

Trappe

Channel-based detection of sybil attacks in wireless networks

IEEE Transactions on Information Forensics and Security 2009 4 3 492 503

2-s2.0-69749083720

10.1109/TIFS.2009.2026454

21.

Krontiris

Giannetsos

Dimitriou

Launching a sinkhole attack in wireless sensor networks; the intruder side

Proceedings of the 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communication (WiMob ′08)

October 2008

526 531

2-s2.0-56749178548

10.1109/WiMob.2008.83

22.

Luo

Zhang

Statistical en-route filtering of injected false data in sensor networks

IEEE Journal on Selected Areas in Communications 2005 23 4 839 850

2-s2.0-17144429277

10.1109/JSAC.2005.843561

23.

Eldefrawy

M. H.

Khan

M. K.

Alghathbar

Cho

E.-S.

Broadcast authentication for wireless sensor networks using nested hashing and the chinese remainder theorem

Sensors 2010 10 9 8683 8695

2-s2.0-77958003482

10.3390/s100908683

24.

Tan

Zic

Jha

Ostry

Secure multihop network programming with multiple one-way key chains

IEEE Transactions on Mobile Computing 2011 10 1 16 31

2-s2.0-77958574444

10.1109/TMC.2010.140

25.

Yum

D. H.

Seo

J. W.

Lee

P. J.

Energy-efficient hash chain traversal

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2011 E94-A 3 955 963

2-s2.0-79952162838

10.1587/transfun.E94.A.955

26.

Krauß

Schneider

Bayarou

Eckert

STEF: a secure ticket-based en-route filtering scheme for wireless sensor networks

Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES ′07)

April 2007

310 317

2-s2.0-34548186480

10.1109/ARES.2007.144

27.

Jiana

A secure and energy-efficient rooting protocol for WSN

Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA ′13)

2013

Lightweight Secure Directed Diffusion for Wireless Sensor Networks

Abstract

1. Introduction

2. Background

3. Lightweight Secure Directed Diffusion (LSDD)

Algorithm 1: Setup.

Algorithm 2: Compound interest propagation.

Algorithm 3: Gradients Establishment.

Algorithm 4: Path reinforcement.

Algorithm 5: Data Routing Back.

Pseudocode 1

Pseudocode 2

4. Key Management Services for LSDD

4.1. Bootstrapping of OWH

4.2. Maintenance of OWH

4.2.1. Packets Loss

4.2.2. Path Changes

4.2.3. Joining of New Node(s)

4.2.4. Leaving of Node(s)

4.2.5. Compromised Node(s)

5. Security Analysis

5.1. Security Capabilities Analysis

5.1.1. Defending against Altered, Replayed Routing Information

5.1.2. Defending against Sybil Attack

5.1.3. Defending against Selective Forwarding

5.1.4. Defending against Sinkhole Attacks

5.1.5. Defending against Wormholes Attacks

5.1.6. Defending against DOS Attacks

5.1.7. Defending against Flow Suppression Attacks

5.1.8. Defending against Path Influence Attacks

5.2. Detection of Malicious Node (Blacklist Technique)

6. Simulation and Performance Analysis

6.1. Structure of the Simulation

6.1.1. API for Subscription and Publishing

6.1.2. Naming Mechanism

6.1.3. The Algorithm of Secure Directed Diffusion

6.1.4. Components of the Simulation

6.2. Performance

6.3. Storage Performance of OWH

6.4. Comparison with Other Secure Protocols

7. Conclusion

Footnotes

Notations

Conflict of Interests

Acknowledgments

References