ieee 2014 secure and efficient data transmission for cluster based wsn.pdf

Secure and Efficient Data Transmissionfor Cluster-Based Wireless Sensor Networks

Huang Lu, Student Member, IEEE, Jie Li, Senior Member, IEEE, and Mohsen Guizani, Fellow, IEEE

Abstract—Secure data transmission is a critical issue for wireless sensor networks (WSNs). Clustering is an effective and practical way

to enhance the system performance of WSNs. In this paper, we study a secure data transmission for cluster-based WSNs (CWSNs),

where the clusters are formed dynamically and periodically. We propose two secure and efficient data transmission (SET) protocols for

CWSNs, called SET-IBS and SET-IBOOS, by using the identity-based digital signature (IBS) scheme and the identity-based online/

offline digital signature (IBOOS) scheme, respectively. In SET-IBS, security relies on the hardness of the Diffie-Hellman problem in the

pairing domain. SET-IBOOS further reduces the computational overhead for protocol security, which is crucial for WSNs, while its

security relies on the hardness of the discrete logarithm problem. We show the feasibility of the SET-IBS and SET-IBOOS protocols with

respect to the security requirements and security analysis against various attacks. The calculations and simulations are provided to

illustrate the efficiency of the proposed protocols. The results show that the proposed protocols have better performance than the

existing secure protocols for CWSNs, in terms of security overhead and energy consumption.

Index Terms—Cluster-based WSNs, ID-based digital signature, ID-based online/offline digital signature, secure data transmission

protocol

Ç

1 INTRODUCTION

A WIRELESS sensor network (WSN) is a network systemcomprised of spatially distributed devices using

wireless sensor nodes to monitor physical or environmentalconditions, such as sound, temperature, and motion. Theindividual nodes are capable of sensing their environments,processing the information data locally, and sending data toone or more collection points in a WSN [1]. Efficient datatransmission is one of the most important issues for WSNs.Meanwhile, many WSNs are deployed in harsh, neglected,and often adversarial physical environments for certainapplications, such as military domains and sensing taskswith trustless surroundings [2]. Secure and efficient datatransmission (SET) is, thus, especially necessary and isdemanded in many such practical WSNs.

1.1 Background and Motivations

Cluster-based data transmission in WSNs has been inves-tigated by researchers to achieve the network scalability andmanagement, which maximizes node lifetime and reducebandwidth consumption by using local collaborationamong sensor nodes [3]. In a cluster-based WSN (CWSN),every cluster has a leader sensor node, regarded as cluster-head (CH). A CH aggregates the data collected by the leafnodes (non-CH sensor nodes) in its cluster, and sends the

aggregation to the base station (BS). The low-energyadaptive clustering hierarchy (LEACH) protocol presentedby Heinzelman et al. [4] is a widely known and effective oneto reduce and balance the total energy consumption forCWSNs. To prevent quick energy consumption of the set ofCHs, LEACH randomly rotates CHs among all sensornodes in the network, in rounds. LEACH achievesimprovements in terms of network lifetime. Following theidea of LEACH, a number of protocols have been presentedsuch as APTEEN [5] and PEACH [6], which use similarconcepts of LEACH. In this paper, for convenience, we callthis sort of cluster-based protocols as LEACH-like proto-cols. Researchers have been widely studying CWSNs in thelast decade in the literature. However, the implementationof the cluster-based architecture in the real world is rathercomplicated [7].

Adding security to LEACH-like protocols is challengingbecause they dynamically, randomly, and periodicallyrearrange the network’s clusters and data links [8].Therefore, providing steady long-lasting node-to-node trustrelationships and common key distributions are inadequatefor LEACH-like protocols (most existing solutions areprovided for distributed WSNs, but not for CWSNs). Thereare some secure data transmission protocols based onLEACH-like protocols, such as SecLEACH [8], GS-LEACH[9], and RLEACH [10]. Most of them, however, apply thesymmetric key management for security, which suffers froma so-called orphan node problem [11]. This problem occurswhen a node does not share a pairwise key with others in itspreloaded key ring. To mitigate the storage cost of symmetrickeys, the key ring in a node is not sufficient for it to sharepairwise symmetric keys with all of the nodes in a network.In such a case, it cannot participate in any cluster, andtherefore, has to elect itself as a CH. Furthermore, the orphannode problem reduces the possibility of a node joining with aCH, when the number of alive nodes owning pairwise keys

750 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 25, NO. 3, MARCH 2014

. H. Lu is with the Department of Computer Science, University of Tsukuba,Tsukuba 3058573, Japan. E-mail: [email protected].

. J. Li is with the Faculty of Engineering, Information and Systems,University of Tsukuba, Tsukuba 3058573, Japan.E-mail: [email protected].

. M. Guizani is with Qatar University, Doha, Qatar.E-mail: [email protected].

Manuscript received 4 July 2012; revised 9 Jan. 2013; accepted 31 Jan. 2013;published online 15 Feb. 2013.Recommended for acceptance by K. Li.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference IEEECS Log Number TPDS-2012-07-0617.Digital Object Identifier no. 10.1109/TPDS.2013.43.

1045-9219/14/$31.00 � 2014 IEEE Published by the IEEE Computer Society

decreases after a long-term operation of the network. Sincethe more CHs elected by themselves, the more overall energyconsumed of the network [4], the orphan node problemincreases the overhead of transmission and system energyconsumption by raising the number of CHs. Even in the casethat a sensor node does share a pairwise key with a distantCH but not a nearby CH, it requires comparatively highenergy to transmit data to the distant CH.

The feasibility of the asymmetric key management hasbeen shown in WSNs recently, which compensates theshortage from applying the symmetric key management forsecurity [12]. Digital signature is one of the most criticalsecurity services offered by cryptography in asymmetrickey management systems, where the binding between thepublic key and the identification of the signer is obtainedvia a digital certificate [13]. The identity-based digitalsignature (IBS) scheme [14], based on the difficulty offactoring integers from identity-based cryptography (IBC),is to derive an entity’s public key from its identityinformation, for example, from its name or ID number.Recently, the concept of IBS has been developed as a keymanagement in WSNs for security. Carman [15] firstcombined the benefits of IBS and key predistribution setinto WSNs, and some papers appeared in recent years [16],[17], [18]. The IBOOS scheme has been proposed to reducethe computation and storage costs of signature processing.A general method for constructing online/offline signatureschemes was introduced by Even et al. [19]. The IBOOSscheme could be effective for the key management inWSNs. Specifically, the offline phase can be executed on asensor node or at the BS prior to communication, while theonline phase is to be executed during communication. SomeIBOOS schemes are designed for WSNs afterwards, such as[20] and [21]. The offline signature in these schemes,however, is precomputed by a third party and lacksreusability, thus they are not suitable for CWSNs.

1.2 Contributions and Organization

Recently, we have applied and evaluated the key manage-ment of IBS to routing in CWSNs [17]. In this paper, weextend our previous work and focus on providing anefficient secure data communication for CWSNs. Thecontributions of this work are as follows:

. We propose two Secure and Efficient dataT ransmission protocols for CWSNs, called SET-IBSand SET-IBOOS, by using the IBS scheme and theIBOOS scheme, respectively. The key idea of bothSET-IBS and SET-IBOOS is to authenticate theencrypted sensed data, by applying digital signaturesto message packets, which are efficient in commu-nication and applying the key management forsecurity. In the proposed protocols, secret keys andpairing parameters are distributed and preloaded inall sensor nodes by the BS initially, which overcomesthe key escrow problem described in ID-basedcryptosystems [22].

. Secure communication in SET-IBS relies on the ID-based cryptography, in which, user public keysare their ID information. Thus, users can obtain thecorresponding private keys without auxiliary data

transmission, which is efficient in communicationand saves energy.

. SET-IBOOS is proposed to further reduce the compu-tational overhead for security using the IBOOSscheme, in which security relies on the hardness ofthe discrete logarithmic problem. Both SET-IBS andSET-IBOOS solve the orphan node problem in thesecure data transmission with a symmetric keymanagement.

. We show the feasibility of the proposed protocolswith respect to the security requirements andanalysis against three attack models. Moreover, wecompare the proposed protocols with the existingsecure protocols for efficiency by calculations andsimulations, respectively, with respect to bothcomputation and communication.

The remainder of this paper is organized as follows:Section 2 describes the network architecture, securityvulnerabilities, and objectives. Section 3 introduces the IBSand IBOOS schemes for CWSNs. Sections 4 and 5 presentthe details of the proposed SET-IBS and SET-IBOOS,respectively, and Section 6 presents the protocol featuresand characteristics. Section 7 analyzes and evaluates theproposed SET-IBS and SET-IBOOS. The last section con-cludes this work.

2 SYSTEM DESCRIPTION AND PROTOCOL

OBJECTIVES

This section presents the network architecture, securityvulnerabilities, and protocol objectives.

2.1 Network Architecture

Consider a CWSN consisting of a fixed BS and a largenumber of wireless sensor nodes, which are homogeneousin functionalities and capabilities. We assume that the BS isalways reliable, i.e., the BS is a trusted authority (TA).Meanwhile, the sensor nodes may be compromised byattackers, and the data transmission may be interruptedfrom attacks on wireless channel. In a CWSN, sensor nodesare grouped into clusters, and each cluster has a CH sensornode, which is elected autonomously. Leaf (non-CH) sensornodes join a cluster depending on the receiving signalstrength and transmit the sensed data to the BS via CHs tosave energy. The CHs perform data fusion, and transmitdata to the BS directly with comparatively high energy. Inaddition, we assume that all sensor nodes and the BS aretime synchronized with symmetric radio channels, nodesare distributed randomly, and their energy is constrained.

In CWSNs, data sensing, processing, and transmissionconsume energy of sensor nodes. The cost of datatransmission is much more expensive than that of dataprocessing. Thus, the method that the intermediate node(e.g., a CH) aggregates data and sends it to the BS ispreferred than the method that each sensor node directlysends data to the BS [1], [3]. A sensor node switches intosleep mode for energy saving when it does not sense ortransmit data, depending on the time-division multipleaccess (TDMA) control used for data transmission. In thispaper, the proposed SET-IBS and SET-IBOOS are bothdesigned for the same scenarios of CWSNs above.

LU ET AL.: SECURE AND EFFICIENT DATA TRANSMISSION FOR CLUSTER-BASED WIRELESS SENSOR NETWORKS 751

2.2 Security Vulnerabilities and Protocol Objectives

The data transmission protocols for WSNs, includingcluster-based protocols (LEACH-like protocols), are vulner-able to a number of security attacks [2], [23]. Especially,attacks to CHs in CWSNs could result in serious damage tothe network because data transmission and data aggrega-tion depend on the CHs fundamentally. If an attackermanages to compromise or pretend to be a CH, it canprovoke attacks such as sinkhole and selective forwardingattacks, hence disrupting the network. On the other hand,an attacker may intend to inject bogus sensing data into theWSN, for example, pretend as a leaf node sending bogusinformation toward the CHs. Nevertheless, LEACH-likeprotocols are more robust against insider attacks than othertypes of protocols in WSNs [23]. It is because CHs arerotating from nodes to nodes in the network by rounds,which makes it harder for intruders to identify the routingelements as the intermediary nodes and attack them. Thecharacteristics of LEACH-like protocols reduce the risks ofbeing attacked on intermediary nodes, and make it harderfor an adversary to identify and compromise importantnodes (i.e., CH nodes).

The goal of the proposed secure data transmission forCWSNs is to guarantee the secure and efficient datatransmissions between leaf nodes and CHs, as well astransmission between CHs and the BS. Meanwhile, most ofexisting secure transmission protocols for CWSNs in theliterature [8], [9], [10], however, apply the symmetric keymanagement for security, which suffers from the orphannode problem that is introduced in Section 1. In this paper,we aim to solve this orphan node problem by using the ID-based cryptosystem that guarantees security requirements,and propose SET-IBS by using the IBS scheme. Furthermore,SET-IBOOS is proposed to reduce the computational over-head in SET-IBS with the IBOOS scheme.

3 IBS AND IBOOS FOR CWSNS

In this section, we introduce the IBS scheme and IBOOSscheme used in the paper. Note that the conventionalschemes are not specifically designed for CWSNs. We adaptthe conventional IBS scheme for CWSNs by distributingfunctions to different kinds of sensor nodes, based on [24] atfirst. To further reduce the computational overhead in thesigning and verification process of the IBS scheme, we adaptthe conventional IBOOS scheme for CWSNs, based on [21].

In a finite cyclic group GG of prime order q, there exists anelement g as the generator and elements gx 2 GG, such thatGG ¼ hgi ¼ fgx j x 2 ZZ�q ¼ f1; 2; . . . ; q � 1gg, where ZZ�q is amultiplicative group consisting of q � 1 integers, in which themultiplication operation in the group ends in the remainderon the division by q (mod q) [25]. The discrete logarithmproblem (DLP) [26] in the cyclic group GG is to compute x, inwhich the computational complexity is believed to be hard,where the security in the IBOOS scheme is based on the DLPin this work.

3.1 Pairing for IBS

For self-contained, we briefly review the characteristics ofpairing. Boneh and Franklin [22] introduced the firstfunctional and efficient ID-based encryption scheme basedon bilinear pairings on elliptic curves. Specifically,

randomly select two large primes p and q, and let E=Fp

indicate an elliptic curve y2 ¼ x3 þ axþ b (4a3 þ 27b2 6¼ 0)

over a finite field Fp. We denote by GG1 a q-order

subgroup of the additive group of points in E=Fp, and

GG2 a q-order subgroup of the multiplicative group in the

finite field F�p. The pairing is a mapping e : GG1 �GG1 !GG2, which is a bilinear map with the following properties:

1. Bilinear. 8 P;Q;R; S 2 GG1, eðP þQ;Rþ SÞ ¼ eðP;RÞeðP; SÞeðQ;RÞeðQ;SÞ. In the same way, 8 c; d 2ZZ�q ; eðcP ; dQÞ ¼ eðP; dQÞ

c¼ eðcP ;QÞd¼ eðP;QÞcd, etc.2. Nondegeneracy. If P is a generator of GG1, then eðP; P Þ

is a generator of GG2.3. Computability. There is an efficient algorithm to

compute eðP;QÞ in GG2, 8 P;Q 2 GG1.

The security in the IBS scheme is based on the bilinear

Diffie-Hellman Problem (DHP) in the pairing domain [13],

and the hardness of DHP is defined in [22]. A bilinear map e

is secure if, given g;G;H 2 GG1, it is hard to find h 2 GG1

such that eðh;HÞ ¼ eðg;GÞ [27]. Weil pairing [22] and Tate

pairing [28] are the examples of such bilinear mapping,

which present comprehensive descriptions of how pairing

parameters can be selected for security.

3.2 IBS Scheme for CWSNs

An IBS scheme implemented for CWSNs consists of the

following operations, specifically, setup at the BS, key

extraction and signature signing at the data sending nodes,

and verification at the data receiving nodes:

. Setup. The BS (as a trust authority) generates amaster key msk and public parameters param for theprivate key generator (PKG), and gives them to allsensor nodes.

. Extraction. Given an ID string, a sensor nodegenerates a private key sekID associated with theID using msk.

. Signature signing. Given a message M, time stamp tand a signing key �, the sending node generates asignature SIG.

. Verification. Given the ID, M, and SIG, the receivingnode outputs “accept” if SIG is valid, and outputs“reject” otherwise.

The detailed description of the original IBS scheme in

[24] is given in Appendix A.1

3.3 IBOOS Scheme for CWSNs

An IBOOS scheme implemented for CWSNs consists of

following four operations, specifically, setup at the BS, key

extraction and offline signing at the CHs, online signing at the

data sending nodes, and verification at the receiving nodes:

. Setup. Same as that in the IBS scheme.

. Extraction. Same as that in the IBS scheme.

. Offline signing. Given public parameters and timestamp t, the CH sensor node generates an offlinesignature SIGoffline, and transmit it to the leaf nodesin its cluster.


1. The appendices of this paper are separated, which are available online:http://doi.ieeecomputersociety.org/10.1109/TPDS.2013.43.

. Online signing. From the private key sekID, SIGoffline

and message M, a sending node (leaf node)generates an online signature SIGonline.

. Verification. Given ID, M, and SIGonline, the receivingnode (CH node) outputs “accept” if SIGonline isvalid, and outputs “reject” otherwise.

The detailed description of the original IBOOS scheme in

[21] is given in Appendix B.1

4 THE PROPOSED SET-IBS PROTOCOL

In this paper, we propose two novel SET protocols for

CWSNs, called SET-IBS and SET-IBOOS, by using the IBS

scheme and the IBOOS scheme, respectively. We first

present SET-IBS in this section.The proposed SET-IBS has a protocol initialization prior

to the network deployment and operates in rounds duringcommunication, which consists of a setup phase and asteady-state phase in each round. We introduce theprotocol initialization, describe the key management ofthe protocol by using the IBS scheme, and the protocoloperations afterwards.

4.1 Protocol Initialization

In SET-IBS, time is divided into successive time intervals as

other LEACH-like protocols. We denote time stamps by Tsfor BS-to-node communication and by tj for leaf-to-CH

communication. Note that key predistribution is an efficient

method to improve communication security, which has

been adapted in WSNs in the literature [8], [9], [10], [15],

[16], [17], [18]. In this paper, we adopt IDkt as user’s public

key under an IBS scheme [24], and propose a novel secure

data transmission protocol by using IBS specifically for

CWSNs (SET-IBS). The corresponding private pairing

parameters are preloaded in the sensor nodes during the

protocol initialization. In this way, when a sensor node

wants to authenticate itself to another node, it does not have

to obtain its private key at the beginning of a new round.

Upon node revocation, the BS broadcasts the compromised

node IDs to all sensor nodes, each node then stores the

revoked IDs within the current round. We adopt the

additively homomorphic encryption scheme in [29] to

encrypt the plaintext of sensed data, in which a specific

operation performed on the plaintext is equivalent to the

operation performed on the ciphertext. Using this scheme

allows efficient aggregation of encrypted data at the CHs

and the BS, which also guarantees data confidentiality. In

the protocol initialization, the BS performs the following

operations of key predistribution to all the sensor nodes:

. Generate an encryption key k for the homomorphicencryption scheme to encrypt data messages, wherek 2 ½m� 1�, m is a large integer.

. Generate the pairing parameters ðp; q;E=Fp;GG1;GG2; eÞ, as described in Section 3. Select a generatorP of GG1 stochastically.

. Choose two cryptographic hash functions: H, for thepoint mapping hash function which maps strings toelements in GG1, and h, for mapping arbitrary inputsto fixed-length outputs.

. Pick a random integer � 2 ZZ�q as the master key msk,set Ppub ¼ �P as network public key.

. Preload each sensor node with the system parametersparam ¼ ðk;m; p; q;E=Fp;GG1;GG2; e;H; h; P ; �Þ.

4.2 Key Management for Security

Assume that a leaf sensor node j transmits a message M toits CH i, and encrypts the data using the encryption key k

from the additively homomorphic encryption scheme [29].We denote the ciphertext of the encrypted message as C.We adapt the algorithms of the IBS scheme from [24] toCWSNs practically and provide the full algorithm in thesignature verification, where security is based on the DHPin the multiplicative group. The IBS scheme in the proposedSET-IBS consists of following three operations: extraction,signing, and verification.

Extraction. Node j first obtains its private key as sekj ¼�HðIDjktjÞ from msk and IDj, where IDj is its ID, and tj isthe time stamp of node j’s time interval in the current roundthat is generated by its CH i from the TDMA control.

Signature signing. The sensor node j picks a randomnumber �j 2 ZZ�q and computes �j ¼ eðP; P Þ�j . The sensornode further computes

cj ¼ hðCjktjk�jÞ: ð1Þ

Let

�j ¼ cjsekj þ �jP ; ð2Þ

where h�j; cji is the digital signature of node j on theencrypted message Cj. The broadcast message is nowconcatenated in the form of hIDj; tj; Cj; �j; cji.

Verification. Upon receiving the message, each sensornode verifies the authenticity in the following way. It checksthe time stamp of current time interval tj and determineswhether the received message is fresh. Then, if the timestamp is correct, the sensor node further computes

�0j ¼ eð�j; P ÞeðHðIDjktjÞ;�PpubÞcj ; ð3Þ

using the time stamp of current time interval tj. We willhave the formula below if the received message is authentic:

�0j ¼ eð�j; P ÞeðHðIDjktjÞ;�PpubÞcj

¼ eð�j; P ÞeðHðIDjktjÞ;��P Þcj

¼ eðcjsekj þ �jP ; P ÞeðHðIDjktjÞ; �P Þ�cj

¼ eðcjsekj þ �jP ; P Þeð�HðIDjktjÞ; P Þ�cj

¼ ðeðsekj; P ÞcjeðP; P Þ�jÞeð�HðIDjktjÞ; P Þ�cj

¼ eðsekj; P Þcj eðP; P Þ�jeðsekj; P Þ�cj

¼ eðP; P Þ�j ¼ �j:

ð4Þ

If hðCjktjk�0jÞ ¼ hðCjktjk�jÞ ¼ cj, which is equal to that inthe received message, the sensor node considers thereceived message authentic, and propagates the messageto the next hop or user. If the verification above fails, thesensor node considers the message as either bogus or areplaced one, even a mistaken one, and ignores it.

4.3 Protocol Operation

After the protocol initialization, SET-IBS operates in roundsduring communication. Each round consists of a setup


phase and a steady-state phase. We suppose that all sensor

nodes know the starting and ending time of each round

because of the time synchronization.The operation of SET-IBS is divided by rounds as shown

in Fig. 1, which is similar to other LEACH-like protocols.

Each round includes a setup phase for constructing clusters

from CHs, and a steady-state phase for transmitting data

from sensor nodes to the BS. In each round, the timeline is

divided into consecutive time slots by the TDMA control

[4]. Sensor nodes transmit the sensed data to the CHs in

each frame of the steady-state phase. For fair energy

consumption, nodes are randomly elected as CHs in each

round, and other non-CH sensor nodes join clusters using

one-hop transmission, depending on the highest received

signal strength of CHs. To elect CHs in a new round, each

sensor node determines a random number and compares it

with a threshold. If the value is less than the threshold, the

sensor node becomes a CH for the current round. In this

way, the new CHs are self-elected based by the sensor

nodes themselves only on their local decisions; therefore,

SET-IBS functions without data transmission with each

other in the CH rotations.Table 1 shows the full steps in one round of SET-IBS.

The setup phase consists of four steps, from Steps 1 to 4,

and the steady-state phase consists of the latter two steps.

In the setup phase, the time stamp Ts and node IDs are

used for the signature generation. Whereas in the steady-

state phase, the time stamp tj is used for the signature

generation securing the inner cluster communications, and

Ts is used for the signature generation securing the CHs-to-BS data transmission.

In Step 1, at the beginning of the setup phase of a new

round, the BS first broadcasts its ID, a nonce (number usedonce), and the denotation of the starting time Ts of the

current round to all sensor nodes, which is used for thesignature signing and verification in the setup phase.

In Step 2, a sensor node decides whether to become a CH

for the current round, based on the threshold T ðnÞcompared with numbers from 0 to 1, which is set as follows:

T nð Þ ¼ �

1� �� rmod 1�

j k� � � Ecur nð ÞEinit nð Þ

8n 2 Gn;

T nð Þ ¼ 0 8n 62 Gn:

ð5Þ

Equation (5) of computing the threshold T ðnÞ in node n

is based on the LEACH protocol [4]. Note that we improvethe dynamic clustering algorithm preferably with multi-

plying the ratio of residual energy of the current sensornode (i.e., EcurðnÞ

EinitðnÞ ) to increase the energy efficiency in the

clustering, where EcurðnÞ is the current energy, and EinitðnÞis the initial energy of the sensor node. � is a priori

determined value which stands for the desired percentageof CHs during one round (e.g., � ¼ 10%), r is the current

round number, and Gn is the set of sensor nodes that havenot been CHs in the last b1=�c rounds. If the value of

determined number is less than the threshold, the sensornode elects itself as a CH. The sensor node who decides to

become a CH broadcasts the advertisement message (adv) tothe neighboring nodes in the network, which is concate-nated with the signature h�i; cii.

In Step 3, the sensor node, which decides to be a leafnode, picks a CH to join based on the largest received signal

strength of adv messages. Then, it communicates with CH i

by sending a join_request (join) message, which is con-catenated with the destination CH’s ID IDi, its own ID IDj,

time stamp Ts, and the digital signature h�j; cji.


Fig. 1. Operation in the proposed secure data transmission.

TABLE 1Operations in SET-IBS

In Step 4, a CH i broadcasts an allocation message to itscluster members for communication during the steady-statephase, yet to be concatenated with the signature. Theallocation message include a time schedule hschedð. . . ;IDj=tj; . . .Þi from the TDMA control, which allocates a timestamp IDj=tj for a leaf node j.

Once the setup phase is over, the network system turnsinto the steady-state phase, in which sensed data aretransmitted from sensor nodes to the BS. In Step 5,according to the TDMA schedule from Step 4, each leafsensor node j transmits the encrypted data Cj in a packethIDj; tj; Cj; �j; cji to its CH, which is concatenated with adigital signature in a time slot tj, where the sender ID IDj

with tj is the destination identifier for the receiver CH. Inthis way, each CH collects messages from all members in itscluster, aggregates and fuses data.

In Step 6, CHs send the aggregated data F to the BS,yet to be concatenated with the digital signature. Thesteady-state phase consists of multiple reporting cycles ofdata transmissions from leaf nodes to the CHs, and isexceedingly long compared to the setup phase.

5 THE PROPOSED SET-IBOOS PROTOCOL

We present the SET protocol for CWSNs by using IBOOS(SET-IBOOS) in this section. The SET-IBOOS protocolis designed with the same purpose and scenarios forCWSNs with higher efficiency. The proposed SET-IBOOSoperates similarly to the previous SET-IBS, which has aprotocol initialization prior to the network deployment andoperates in rounds during communication. We firstintroduce the protocol initialization, then describe the keymanagement of the protocol by using the IBOOS scheme,and the protocol operations afterwards.

5.1 Protocol Initialization

To reduce the computation and storage costs of signaturesigning processing in the IBS scheme, we improve SET-IBSby introducing IBOOS for security in SET-IBOOS. Theoperation of the protocol initialization in SET-IBOOS issimilar to that of SET-IBS; however, the operations of keypredistribution are revised for IBOOS. The BS does thefollowing operations of key predistribution in the network:

. Generate an encryption key k for the homomorphicencryption scheme to encrypt data messages, wherek 2 ½m� 1�, m is a large integer.

. Let GG be a multiplicative finite cyclic group withorder q. The PKG selects a random generator g ofgroup GG generation, and chooses � 2 ZZ�q at randomas the master key msk.

. For each node j, randomly select rj 2 ZZ�q for itsprivate key generation, and let H be a hash function.

. Preload each sensor node j with the public para-meters, given by paramj ¼ ðk;m;GG; q; g; �; rj;HÞ.

5.2 Key Management for Security

Assume that a leaf sensor node j transmits a message M toits CH i, and we denote the ciphertext of the encryptedmessage as Cj, which is encrypted by the same encryptionscheme in SET-IBS. We adapt the algorithms from [21] to

construct an IBOOS scheme for CWSNs, where security isbased on the DLP in the multiplicative group. Thecorresponding private pairing parameters are preloadedin the sensor nodes during the protocol initialization. TheIBOOS scheme in the proposed SET-IBOOS consists offollowing four operations: extraction, offline signing, onlinesigning, and verification.

Extraction. Before the signature process, node j firstextracts the private key from the msk � and its identity ID,as sekj ¼ ðRj; sjÞ, where

Rj ¼ grj ;sj ¼ rj þHðRj; IDjÞ� modq:

ð6Þ

Offline signing. At the offline stage, node j generates theoffline value hb�ji with the time stamp of its time slot tj fortransmission, and store the knowledge for signing onlinesignature when it sends the message. Notice that, thisoffline signature can be done by the sensor node itself or bythe trustful third party, for example, the CH sensor node.Let X ¼ g� , then

gsj ¼ grjgHðRj;IDjÞ� modq ¼ RjXHðRj;IDjÞ modq:

b�j ¼ g�tj : ð7Þ

Online signing. At this stage, node j computes the onlinesignature h�j; zji based on the encrypted data Cj and theoffline signature b�j:

hj ¼ HðCj; IDjÞ;zj ¼ b�j þ hjsj modq;�j ¼ gb�j :

ð8Þ

Then, node j sends the message to its destination with tj,Rj, and the online signature, in the form of hIDj; tj; Rj;

�j; zj; Cji.Verification. Upon receiving the message, each sensor

node verifies the authenticity in the following way. It checksthe current time stamp tj for freshness. Then, if the timestamp is correct, the sensor node further computes thevalues of gzj and �jR

hjj X

hjHðRj;IDjÞ modq, then check if

gzj ¼? �jRhjj X

hjHðRj;IDjÞ modq: ð9Þ

For correctness, we will have the formula below if thereceived message is authentic:

�jRhjXhjHðRj;IDjÞ modq

¼ gb�jgrjhjg�hiHðRj;IDjÞ modq

¼ gb�jþhjðrjþðHðRj;IDjÞ� modqÞÞ

¼ gb�jþhjsj modq ¼ gzj :

ð10Þ

If the values of gzj and �jRhii X

hiHðRi;IDiÞ modq are equalfrom the received message, the node i considers thereceived message authentic, accepts it, and propagatesthe message to the next hop or user. If the verificationabove fails, the sensor node considers the message aseither bogus or a replaced one, even a mistaken one, thenrejects or ignores it.


5.3 Protocol Operation

The proposed SET-IBOOS operates similarly to that of SET-IBS. SET-IBOOS works in rounds during communication,and the self-elected CHs are decided based on their localdecisions, thus it functions without data transmission in theCH rotations. Table 2 shows the full steps of SET-IBOOS inone round, in which the setup phase is from Steps 1 to 4,and the steady-state phase consists of Steps 5 and 6.

Step 1 in Table 2 is similar to that in Table 1. However,the differences in Steps 2, 3, and 4 are the digital signaturesthat are changed from the ID-based signatures to the onlinesignatures h�i; zii of the IBOOS scheme.

Once the setup phase is over, the network system turnsinto the steady-state phase, in which data are transmitted tothe BS. The steady-state operates similarly to that in Steps 5and 6 of Table 1, where the ID-based signatures are changedinto the online signatures of the IBOOS scheme.

For convenience, we show a flowchart of the proposedsecure data transmission protocols in Appendix C.2

6 PROTOCOL FEATURES

The protocol characteristics and hierarchical clusteringsolutions are presented in this section. We first summarizethe features of the proposed SET-IBS and SET-IBOOSprotocols as follows:

. Both the proposed SET-IBS and SET-IBOOS proto-cols provide secure data transmission for CWSNswith concrete ID-based settings, which use IDinformation and digital signature for authentication.Thus, both SET-IBS and SET-IBOOS fully solve theorphan-node problem from using the symmetric keymanagement for CWSNs.

. The proposed secure data transmission protocolsare with concrete ID-based settings, which use IDinformation and digital signature for verification.

Comparing the SET-IBS, SET-IBOOS requires lessenergy for computation and storage. Moreover, theSET-IBOOS is more suitable for node-to-node com-munications in CWSNs, since the computation islighter to be executed.

. In SET-IBOOS, the offline signature is executed bythe CH sensor nodes; thus, sensor nodes do nothave to execute the offline algorithm before itwants to sign on a new message. Furthermore, theoffline sign phase does not use any sensed data orsecret information for signing. This is particularlyuseful for CWSNs because leaf sensor nodes do notneed auxiliary communication for renewing theoffline signature.

6.1 Protocol Characteristics

In this part, we summarize the characteristics of theproposed SET-IBS and SET-IBOOS protocols. Table 3 showsa general summary of comparison of the characteristics of


2. The appendices of this paper are separated, which are available online:http://doi.ieeecomputersociety.org/10.1109/TPDS.2013.43.

TABLE 2Operations in SET-IBOOS

TABLE 3Comparison of Characteristics of the Proposed Protocols with

Other Secure Data Transmission Protocols

SET-IBS and SET-IBOOS with prior ones, in which metricsare used to evaluate whether a security protocol isappropriate for CWSNs. We explain each metric as follows:

. Key management. the key cryptographies used inthe protocol to achieve secure data transmission,which consist of symmetric and asymmetric key-based security.

. Neighborhood authentication. used for secure accessand data transmission to nearby sensor nodes, byauthenticating with each other. Here, “limited”means the probability of neighborhood authentica-tion, where only the nodes with the shared pairwisekey can authenticate each other.

. Storage cost. represents the requirement of thesecurity keys stored in sensor node’s memory.

. Network scalability. indicates whether a securityprotocol is able to scale without compromising thesecurity requirements. Here, “comparatively low”means that, compared with SET-IBS and SET-IBOOS,in the secure data transmission with a symmetrickey management, the larger network scale increases,the more orphan nodes appear in the network, andvice versa [2].

. Communication overhead. the security overhead in thedata packets during communication.

. Computational overhead. the energy cost and compu-tation efficiency on the generation and verification ofthe certificates or signatures for security.

. Attack resilience. the types of attacks that securityprotocol can protect against.

6.2 Secure Data Transmission with HierarchicalClustering

In large-scale CWSNs, multihop data transmission is used

for transmission between the CHs to the BS, where the

direct communication is not possible due to the distance

or obstacles between them. The version of the proposed

SET-IBS and SET-IBOOS protocols for CWSNs can be

extended using multihop routing algorithms, to form

secure data transmission protocols for hierarchical clusters.

The solutions to this extension could be achieved by

applying the following two routing models:

1. The multihop planar model. A CH node transmits datato the BS by forwarding its data to its neighbornodes, in turn the data are sent to the BS. We haveproposed an energy-efficient routing algorithm forhierarchically clustered WSNs in [30], and it issuitable for the proposed secure data transmissionprotocols.

2. The cluster-based hierarchical method. The network isbroken into clustered layers, and the data packagestravel from a lower cluster head to a higher one, inturn to the BS, for example, [31].

7 PROTOCOL EVALUATION

In this section, we first introduce the three attack models ofthe adversaries, and provide the security analysis of theproposed protocols against these attacks. We then presentresults obtained from calculations and simulations. For the

network simulations, we use the network simulatorOMNeT++ 3.0 [32] to simulate SET-IBS and SET-IBOOS,and we focus on the energy consumption spent on messagepropagation and computation.

7.1 Security Analysis

To evaluate the security of the proposed protocols, we haveto investigate the attack models in WSNs that threaten theproposed protocols, and the cases when an adversary

(attacker) exists in the network. Afterwards, we detail thesolutions and countermeasures of the proposed protocols,

against various adversaries and attacks.

7.1.1 Attack Models

In this paper, we group attack models into three categoriesaccording to their attacking means as follows, and study howthese attacks may be applied to affect the proposed protocols:

. Passive attack on wireless channel. Passive attackers areable to perform eavesdropping at any point of thenetwork, or even the whole communication of thenetwork. Thus, they can undertake traffic analysis orstatistical analysis based on the monitored oreavesdropped messages.

. Active attack on wireless channel. Active attackers havegreater ability than passive adversaries, which cantamper with the wireless channels. Therefore, theattackers can forge, reply, and modify messages.Especially in WSNs, various types of active attackscan be triggered by attackers, such as bogus andreplayed routing information attack, sinkholeand wormhole attack, selective forwarding attack,HELLO flood attack, and Sybil attack [2], [23].

. Node compromising attack. Node compromising at-tackers are the most powerful adversaries againstthe proposed protocols as we considered. Theattackers can physically compromise sensor nodes,by which they can access the secret informationstored in the compromised nodes, for example, thesecurity keys. The attackers also can change theinner state and behavior of the compromised sensornode, whose actions may be varied from the premierprotocol specifications.

7.1.2 Solutions to Attacks and Adversaries

The proposed SET-IBS and SET-IBOOS provide differenttypes of security services to the communication for CWSNs,in both setup phase and steady-state phase. Both in SET-IBSand SET-IBOOS, the encryption of the message providesconfidentiality, the hash function provides integrity, thenonce and time stamps provide freshness, and the digitalsignature provides authenticity and nonrepudiation:

. Solutions to passive attacks on wireless channel. In theproposed SET-IBS and SET-IBOOS, the sensed dataare encrypted by the homomorphic encryptionscheme from [29], which deals with eavesdropping.Thus, the passive adversaries cannot decrypt theeavesdropped message without the decryption key.Furthermore, both SET-IBS and SET-IBOOS use thekey management of concrete ID-based encryption.Based on the DHP assumption mentioned in


Section 3, the ID-based key management in theproposed protocols is IND-ID-CCA secure (semanticsecure against an adaptive ID-based chosen cipher-text attack) and IND-ID-CPA secure (semanticsecure against an adaptive ID-based chosen plaintextattack). As a result, properties of the proposedsecure data transmission for CWSNs settle thecountermeasures to passive attacks.

. Solutions to active attacks on wireless channel. Focusingon the resilience against certain attacks to CWSNsmentioned in attack models, SET-IBS and SET-IBOOS works well against active attacks. Most kindsof attacks are pointed to CHs of acting as inter-mediary nodes because of the limited functions bythe leaf nodes in a cluster-based architecture. Sinceattackers do not have valid digital signature toconcatenate with broadcast messages for authentica-tion, attackers cannot pretend as the BS or CHs totrigger attacks. Therefore, SET-IBS and SET-IBOOSare resilient, and robust to the sinkhole and selectiveforwarding attacks because the CHs being attackedare capable to ignore all the communication packetswith bogus node IDs or bogus digital signatures.Together with round-rotating mechanism and digi-tal signature schemes, SET-IBS and SET-IBOOS areresilient to the HELLO flood attacks involving CHs.

. Solutions to node compromising attacks. In case ofattacks from a node compromising attacker, thecompromised sensor node cannot be trusted any-more to fulfill the security requirements by keymanagements. In the case that the node has beencompromised but works normally, the WSN systemneeds an intrusion detection mechanism to detectthe compromised node [33], and has to replace thecompromised node manually or abandon using it. Inthis part, we investigate the influence of theremaining sensor nodes, and evaluate the propertiesonly to that part of the network.

Since each round in the protocol operations terminates in

a predefined time, SET-IBS and SET-IBOOS satisfy the

property of protocol execution termination, depending on

the local timer of the sensor nodes. The CH nodes are

elected based only on their local decisions; therefore, both

SET-IBS and SET-IBOOS operate if there exists an active or

compromising attacker. To eliminate the compromised

sensor node in the network, all the revoked IDs of

compromised nodes will be broadcast by the BS at the

beginning of the current round. In this way, the compro-

mised nodes can be prevented from either electing as CHs

or joining clusters in this round. Furthermore, using either

the IBS scheme or the IBOOS scheme has at least two

advantages. First, it eliminates the utilization of certificates

and auxiliary authentication information. Therefore, the

message overhead for security can be reduced, especially

with IBOOS. Also, because only the compromised node IDs

have to be stored, it requires very small storage space for

the node revocation. Since the length of a user’s ID is

usually only 1�2 bytes, the storage of compromised user’s

IDs do not require much storage space.

7.2 Message Size of Data Transmission

In this part, we do the quantitative calculation of themessage packet size on data transmission in the steady state(main phase) of the different protocols for comparison. Inthe proposed SET-IBS, the message packet size on transmis-sion for node j is described in Section 4, which equals to

jIDij þ jIDjj þ jtjj þ jCjj þ j�jj þ jcjj:

cj ¼ jhðCjktjk�jÞj is a hash value, which is 20 bytes whenSHA-1 [34] is used. Although most of existing WSNsconstructed in real-world use no more than 200 nodes [1], alarge scale WSN could consist of hundreds of nodes ormore in the future. Thus in this paper, we set the length ofnode IDs as 2 bytes. In addition, the time stamp jtjj is verysmall like 1 byte, and jCjj is assumed as 20 bytes. The totalmessage size of a transmission packet is 44þ j�jj bytes,whereas j�jj is variable. For example, when using theTate pairing [28] for elliptic curve cryptography (ECC),the order q of GG1 and GG2 could be a 160-bit prime, if therequired security level of ECC is equivalent to RSA with1,024-bit keys (RSA-1,024) [35], which provides the cur-rently accepted security level. In this way, the totalmessage size of a data packet is 64 bytes in SET-IBS.Moreover, p could be a 512-bit prime to achieve higherlevel of security, where GG is a q-order multiplicativesubgroup of the finite field F�p2 [22].

In SET-IBOOS, the message packet size on transmissionfor node j is described in Section 5, which equals to

jIDij þ jIDjj þ jtjj þ jCjj þ jRjj þ j�jj þ jzjj;

the length of ID and t are same to that of SET-IBS, and jCjj isassumed as 20 bytes. In the online signature hRj; �j; zji, thelength of jzj ¼ jb�j þ ðhs modqÞj depends on the size of q,which is set to 160 bits long to achieve a similar securitylevel of SET-IBS, because the offline signature b�j is anegative exponential value of the cyclic group GG’sgenerator g (in (7)) that is very small. For the other partsof the signature h�j; zji, j�jj is the exponentiation to thepower b�j, from the negative exponential function (�tj, in(8)) of the generator g, thus its value is very small, which isassumed as 2 bytes at most in this paper. Similarly, thelength of Rj is assumed as 2 bytes. Therefore, the totalmessage size of a data packet is 48 bytes in SET-IBOOS.

We compare the proposed SET-IBS and SET-IBOOS withother secure protocols that use a symmetric key manage-ment, SecLEACH protocol [8] and multilevel �Tesla-basedprotocol [36]. We calculate the packet size in these protocolsin the same way, which equals to

jIDjj þ jIDCH j þ jnoncej þ jCjj þ jmackðIDjjIDCH jnoncejCjÞj;

in SecLEACH protocol, where mac is the message authen-tication code. And it equals to

jIDjj þ jtjj þ jCjj þ jSigSK hðIDjjtjjCjÞ� �

j þ jPKj þ jAIjj;

in multilevel �Tesla-based protocol, where Sig is thesignature based on the secret key, SK=PK is the public/private key pair for signing and verification, and AI isthe auxiliary information for security referred to thesensor node.


Fig. 2 shows the total message sizes in different protocolsfor data transmission, which achieve a similar security levelto RSA-1024, by concerning the number of sensor nodes. Wecan see that the proposed SET-IBS has smaller message sizethan multilevel �Tesla-based protocol. At the same time, itgenerates larger message size as compared to SecLEACH.However, the orphan node problem is fully solved in SET-IBS. We can also see that the proposed SET-IBOOS has thesmallest message size than all the other protocols. Wefurther do network simulations on energy consumption andcomputation cost in the next section.

7.3 Simulation Results

Comprehending the extra energy consumption by theauxiliary security overhead and prolonging the networklifetime are essential in the proposed SET-IBS and SET-IBOOS. To evaluate the energy consumption of thecomputational overhead for security in communication,we consider three metrics for the performance evaluation:Network lifetime, system energy consumption, and the number ofalive nodes. For the performance evaluation, we compare theproposed SET-IBS and SET-IBOOS with LEACH protocol[4] and SecLEACH protocol [8]:

. Network lifetime (the time of FND)—We use the mostgeneral metric in this paper, the time of first nodedies (FND), which indicates the duration that thesensor network is fully functional [1]. Therefore,maximizing the time of FND in a WSN means toprolong the network lifetime.

. The number of alive nodes—The ability of sensing andcollecting information in a WSN depends on the set ofalive nodes (nodes that have not failed). Therefore,we evaluate the functionality of the WSN dependingon counting the number of alive nodes in the network.

. Total system energy consumption—It refers to theamount of energy consumed in a WSN. We evaluatethe variation of energy consumption in secure datatransmission protocols.

In the network simulation experiments, 100 nodes arerandomly distributed in a 100 m � 100 m area, with a fixedBS located near part of the area, as shown in the figure inthe Appendix. All the sensor nodes periodically senseevents and transmit the data packet to the BS. We assume

that the sensor CPU is a low-power high-performance IntelPXA255 processer of 400 MHz, which has been widely usedin many sensor products, for example, Crossbow Stargate[37].

Table 4 lists up the parameter settings for the energyconsumption in the network simulations. In the simulations,we use the same radio energy model in [4], and the otherparameters are from [8], [21], [22], [24]. We assume that theBS has unlimited energy. For clustering, we properly setthe desired percentage of CH nodes � ¼ 10% during oneround. In addition, on simulating the SecLEACH protocol,we choose a security level sl ¼ 0:98 for a fixed length of a keyringm ¼ 100. Thus, the probability that two nodes will sharea key is Ps ¼ 0:87, which is also referred to as the expectedorphan rate of the orphan node problem.

Fig. 3 illustrates the time of FND using differentprotocols. We apply confidence intervals to the simulationresults, and a certain percentage (confidence level) is set to90 percent. Fig. 5 shows the comparison of system lifetimeusing SET-IBS and SET-IBOOS versus LEACH protocol andSecLEACH protocol. The simulation results demonstratethat the system lifetime of SET-IBOOS is longer than that ofSET-IBS and SecLEACH protocol. The time of FND in bothSET-IBS and SET-IBOOS is shorter than that of LEACHprotocol due to the security overhead on computation costof the IBS process.


Fig. 2. Message size for transmission compared to the number of nodes.

TABLE 4Parameter Settings for the Energy Consumption in Simulations

Fig. 3. Comparison of FND time in different protocols.

Fig. 4 illustrates the energy of all sensor nodesdisseminated in the network, which also indicates thebalance of energy consumption in the network. Fig. 5 showsthe comparison of alive nodes’ number, in which theproposed SET-IBS and SET-IBOOS protocols versus LEACHand SecLEACH protocols. The results demonstrate that theproposed SET-IBS and SET-IBOOS protocols consumeenergy faster than LEACH protocol because of the commu-nication and computational overhead for security of eitherIBS or IBOOS process. However, the proposed SET-IBOOShas a better balance of energy consumption than that ofSecLEACH protocol.

8 CONCLUSION

In this paper, we first reviewed the data transmission issuesand the security issues in CWSNs. The deficiency of thesymmetric key management for secure data transmissionhas been discussed. We then presented two secure andefficient data transmission protocols, respectively, forCWSNs, SET-IBS, and SET-IBOOS. In the evaluationsection, we provided feasibility of the proposed SET-IBSand SET-IBOOS with respect to the security requirementsand analysis against routing attacks. SET-IBS and SET-IBOOS are efficient in communication and applying the ID-based cryptosystem, which achieves security requirementsin CWSNs, as well as solved the orphan node problem inthe secure transmission protocols with the symmetric keymanagement. Lastly, the comparison in the calculation and

simulation results show that the proposed SET-IBS andSET-IBOOS protocols have better performance than existingsecure protocols for CWSNs. With respect to both computa-tion and communication costs, we pointed out the meritsthat using SET-IBOOS with less auxiliary security overheadis preferred for secure data transmission in CWSNs.

ACKNOWLEDGMENTS

The authors would like to thank the associate editor and theanonymous reviewers, for their valuable suggestions andcomments that improved this paper. This work waspartially supported by Grant-in-Aid for Scientific Researchof Japan Society for Promotion of Science (JSPS) andCollaboration Research Grant of National Institute ofInformatics (NII), Japan. J. Li is the corresponding author.

REFERENCES

[1] T. Hara, V.I. Zadorozhny, and E. Buchmann, Wireless SensorNetwork Technologies for the Information Explosion Era, Studies inComputational Intelligence, vol. 278. Springer-Verlag, 2010.

[2] Y. Wang, G. Attebury, and B. Ramamurthy, “A Survey of SecurityIssues in Wireless Sensor Networks,” IEEE Comm. Surveys &Tutorials, vol. 8, no. 2, pp. 2-23, Second Quarter 2006.

[3] A.A. Abbasi and M. Younis, “A Survey on Clustering Algorithmsfor Wireless Sensor Networks,” Computer Comm., vol. 30, nos. 14/15, pp. 2826-2841, 2007.

[4] W. Heinzelman, A. Chandrakasan, and H. Balakrishnan, “AnApplication-Specific Protocol Architecture for Wireless Microsen-sor Networks,” IEEE Trans. Wireless Comm., vol. 1, no. 4, pp. 660-670, Oct. 2002.

[5] A. Manjeshwar, Q.-A. Zeng, and D.P. Agrawal, “An AnalyticalModel for Information Retrieval in Wireless Sensor NetworksUsing Enhanced APTEEN Protocol,” IEEE Trans. Parallel &Distributed Systems, vol. 13, no. 12, pp. 1290-1302, Dec. 2002.

[6] S. Yi et al., “PEACH: Power-Efficient and Adaptive ClusteringHierarchy Protocol for Wireless Sensor Networks,” ComputerComm., vol. 30, nos. 14/15, pp. 2842-2852, 2007.

[7] K. Pradeepa, W.R. Anne, and S. Duraisamy, “Design andImplementation Issues of Clustering in Wireless Sensor Net-works,” Int’l J. Computer Applications, vol. 47, no. 11, pp. 23-28,2012.

[8] L.B. Oliveira et al., “SecLEACH-On the Security of ClusteredSensor Networks,” Signal Processing, vol. 87, pp. 2882-2895,2007.

[9] P. Banerjee, D. Jacobson, and S. Lahiri, “Security and PerformanceAnalysis of a Secure Clustering Protocol for Sensor Networks,”Proc. IEEE Sixth Int’l Symp. Network Computing and Applications(NCA), pp. 145-152, 2007.

[10] K. Zhang, C. Wang, and C. Wang, “A Secure Routing Protocol forCluster-Based Wireless Sensor Networks Using Group KeyManagement,” Proc. Fourth Int’l Conf. Wireless Comm., Networkingand Mobile Computing (WiCOM), pp. 1-5, 2008.

[11] S. Sharma and S.K. Jena, “A Survey on Secure HierarchicalRouting Protocols in Wireless Sensor Networks,” Proc. Int’l Conf.Comm., Computing & Security (ICCCS), pp. 146-151, 2011.

[12] G. Gaubatz et al., “State of the Art in Ultra-Low Power Public KeyCryptography for Wireless Sensor Networks,” Proc. IEEE ThirdInt’l Conf. Pervasive Computing and Comm. Workshops (PerCom),pp. 146-150, 2005.

[13] W. Diffie and M. Hellman, “New Directions in Cryptography,”IEEE Trans. Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov.1976.

[14] A. Shamir, “Identity-Based Cryptosystems and SignatureSchemes,” Proc. Advances in Cryptology (CRYPTO), pp. 47-53,1985.

[15] D.W. Carman, “New Directions in Sensor Network Key Manage-ment,” Int’l J. Distributed Sensor Networks, vol. 1, pp. 3-15, 2005.

[16] R. Yasmin, E. Ritter, and G. Wang, “An Authentication Frame-work for Wireless Sensor Networks Using Identity-Based Signa-tures,” Proc. IEEE Int’l Conf. Computer and Information Technology(CIT), pp. 882-889, 2010.


Fig. 4. Comparison of energy consumption in different protocols.

Fig. 5. Comparison of the number of alive nodes in different protocols.

[17] H. Lu, J. Li, and H. Kameda, “A Secure Routing Protocol forCluster-Based Wireless Sensor Networks Using ID-Based DigitalSignature,” Proc. IEEE GLOBECOM, pp. 1-5, 2010.

[18] J. Sun et al., “An Identity-Based Security System for User Privacyin Vehicular Ad Hoc Networks,” IEEE Trans. Parallel & DistributedSystems, vol. 21, no. 9, pp. 1227-1239, Sept. 2010.

[19] S. Even, O. Goldreich, and S. Micali, “On-Line/Off-Line DigitalSignatures,” Proc. Advances in Cryptology (CRYPTO), pp. 263-275,1990.

[20] S. Xu, Y. Mu, and W. Susilo, “Online/Offline Signatures andMultisignatures for AODV and DSR Routing Security,” Proc. 11thAustralasian Conf. Information Security and Privacy, pp. 99-110, 2006.

[21] J. Liu et al., “Efficient Online/Offline Identity-Based Signature forWireless Sensor Network,” Int’l J. Information Security, vol. 9, no. 4,pp. 287-296, 2010.

[22] D. Boneh and M. Franklin, “Identity-Based Encryption from theWeil Pairing,” Proc. 21st Ann. Int’l Cryptology Conf. Advances inCryptology (CRYPTO ’01), pp. 213-229, 2001.

[23] C. Karlof and D. Wagner, “Secure Routing in Wireless SensorNetworks: Attacks and Countermeasures,” Ad Hoc Networks,vol. 1, nos. 2/3, pp. 293-315, 2003.

[24] F. Hess, “Efficient Identity Based Signature Schemes Based onPairings,” Proc. Ninth Ann. Int’l Workshop Selected Areas inCryptography (SAC), pp. 310-324, 2003.

[25] J.J. Rotman, An Introduction to the Theory of Groups, fourth ed.Springer-Verlag, 1994.

[26] K.S. McCurley, “The Discrete Logarithm Problem,” Proc. Symp.Applied Math., Programming Computer Science, vol. 42, pp. 49-74,1990.

[27] D. Boneh, I. Mironov, and V. Shoup, “A Secure Signature Schemefrom Bilinear Maps,” Proc. RSA Conf. The Cryptographers’ Track(CT-RSA), pp. 98-110, 2003.

[28] P. Barreto et al., “Efficient Algorithms for Pairing-Based Crypto-systems,” Proc. 22nd Ann. Int’l Cryptology Conf. Advances inCryptology (CRYPTO), pp. 354-369, 2002.

[29] C. Castelluccia, E. Mykletun, and G. Tsudik, “Efficient Aggrega-tion of Encrypted Data in Wireless Sensor Networks,” Proc. SecondAnn. Int’l Conf. Mobile and Ubiquitous Systems: Networking andServices (MobiQuitous), pp. 109-117, 2005.

[30] H. Lu, J. Li, and G. Wang, “A Novel Energy Efficient RoutingAlgorithm for Hierarchically Clustered Wireless Sensor Net-works,” Proc. Fourth Int’l Conf. Frontier of Computer Science andTechnology (FCST), pp. 565-570, 2009.

[31] Y. Jia, L. Zhao, and B. Ma, “A Hierarchical Clustering-BasedRouting Protocol for Wireless Sensor Networks SupportingMultiple Data Aggregation Qualities,” IEEE Trans. Parallel &Distributed Systems, vol. 4, nos. 1/2, pp. 79-91, 2008.

[32] “OMNeT++,” OMNeT++ Community, http://www.omnetpp.org/,2013.

[33] B. Sun et al., “Intrusion Detection Techniques in Mobile Ad Hocand Wireless Sensor Networks,” IEEE Wireless Comm. Magazine,vol. 14, no. 5, pp. 56-63, Oct. 2007.

[34] Secure Hash Standard, Nat’l Inst. of Standards and Technology(NIST), Fed. Information Processing Standard Publication,vol. 180, no. 1, 1995.

[35] D. Hankerson, S. Vanstone, and A. Menezes, Guide to Elliptic CurveCryptography. Springer, 2004.

[36] D. Liu and P. Ning, “Multilevel �TESLA: Broadcast Authentica-tion for Distributed Sensor Networks,” ACM Trans. EmbeddedComputing Systems, vol. 3, pp. 800-836, 2004.

[37] “Crossbow Stargate,” Crossbow Technology, http://bullseye.xbow.com:81/Products/productdetails.aspx?sid=229, 2013.

Huang Lu (S’10) received the BS degree ininformation and network science from ChibaInstitute of Technology, Chiba, Japan, and theMS degree in computer science from theUniversity of Tsukuba, Tsukuba, Japan, in2007 and 2009, respectively. He studied inHarbin Institute of Technology, Harbin, China,before he went to Japan for overseas exchange.He is currently working toward the PhD degreeat the Department of Computer Science,

Graduate School of Systems and Information Engineering, Universityof Tsukuba, Tsukuba, Japan. His research interests include wireless adhoc and sensor networks, routing protocols, and network security. He isa student member of the IEEE.

Jie Li (M’96-SM’04) received the BE degreein computer science from Zhejiang University,Hangzhou, China, the ME degree in electronicengineering and communication systems fromChina Academy of Posts and Telecommuni-cations, Beijing, China. He received theDrEng degree from the University of Electro-Communications, Tokyo, Japan. He has beenwith the University of Tsukuba, Tsukuba,Japan, where he is a professor in the Faculty

of Engineering, Information and Systems. His research interests arein mobile distributed multimedia computing and networking, OS,network security, modeling and performance evaluation of informa-tion systems. He received the Best Paper Award from IEEENAECON’97. He has served as a secretary for Study Group onSystem Evaluation of IPSJ and on several editorial boards for IPSJJournal and so on, and on Steering Committees of the SIG ofSystem EVAluation (EVA) of IPSJ, the SIG of DataBase System(DBS) of IPSJ, and the SIG of MoBiLe computing and ubiquitouscommunications (MBL) of IPSJ. He has been a cochair of severalinternational symposia and workshops. He has also served on theprogram committees for several international conferences such asIEEE ICDCS, IEEE INFOCOM, IEEE GLOBECOM, and IEEEMASS. He is a senior member of the IEEE and ACM, and amember of Information Processing Society of Japan (IPSJ).

Mohsen Guizani (S’85-M’89-SM’99-F’09) re-ceived the BS (with distinction) and MS degreesin electrical engineering, the MS and PhDdegrees in computer engineering in 1984,1986, 1987, and 1990, respectively, fromSyracuse University, Syracuse, New York. Heis currently a professor and the associate vicepresident for Graduate Studies at Qatar Uni-versity, Doha, Qatar. He was the chair of theComputer Science Department at Western

Michigan University from 2002 to 2006 and the chair of the ComputerScience Department at University of West Florida from 1999 to 2002. Healso served in academic positions at the University of Missouri-KansasCity, University of Colorado-Boulder, Syracuse University and KuwaitUniversity. His research interests include computer networks, wirelesscommunications and mobile computing, and optical networking. Hecurrently serves on the editorial boards of six technical Journals and thefounder and EIC of “Wireless Communications and Mobile Computing,”Journal published by John Wiley (http://www.interscience.wiley.com/jpages/1530-8669/). He is the author of eight books and more than 300publications in refereed journals and conferences. He guest edited anumber of special issues in IEEE Journals and Magazines. He alsoserved as a member, a chair, and a general chair of a number ofconferences. He served as the chair of IEEE Communications SocietyWireless Technical Committee (WTC) and Chair of Transmission,Access and Optical Systems (TAOS) Technical Committee. He was anIEEE Computer Society distinguished lecturer from 2003 to 2005. He isa fellow of the IEEE and a senior member of the ACM.

. For more information on this or any other computing topic,please visit our Digital Library at www.computer.org/publications/dlib.


ieee 2014 secure and efficient data transmission for cluster based wsn.pdf

Documents

clusterbased wsns cwsns

setiboos protocols

practical wsns

data toone

information data

index termsclusterbased

set ofchs

efficient datatransmission