www.ietdl.

org
Published in IET Wireless Sensor Systems Received on 25th October 2010 Revised on 7th February 2011 doi: 10.1049/iet-wss.2010.0086

ISSN 2043-6386

Secure data collection using mobile data collector in clustered wireless sensor networks
A.S. Poornima1 B.B. Amberker2
1 2

Department of Computer Science and Engineering, Siddaganga Institute of Technology, Tumkur, Karnataka, India Department of Computer Science and Engineering, National Institute of Technology, Warangal, Andhra Pradesh, India E-mail: aspoornima@sit.ac.in

Abstract: In wireless sensor network (WSN), lifetime of the network is determined by the amount of energy consumption by the nodes. To improve the lifetime of the network, nodes are organised into clusters, in which the cluster head (CH) collects and aggregates the data. A special node called mobile data collector (MDC) is used to collect the data from the CH and transfer it to the base station (BS). So far in the literature secure data collection in distributed WSN is considered. Here we propose and analyse three protocols for secure data collection in clustered WSN. The protocols use the tree-based key management scheme. The protocols authenticate the MDC and then transfer the encrypted data to MDC. The theoretical analysis shows that the protocols are invulnerable to the compromised MDC and replayed messages. The protocols show varying resiliency to compromised CH. Simulation results show that increased security incurs additional energy consumption in secure data collection.

Introduction

Wireless sensor networks (WSN) comprise mainly of small sensor nodes with limited resources and a base station (BS). The nodes in a network are deployed over a geographic area to sense and gather various types of data that includes temperature, humidity, intrusion detection, vehicular motion and so on [1]. In a distributed WSN the sensed data are generally transmitted to the BS over a multihop wireless network. The multihop transmission demands sensors to forward the the data for other nodes. Sensors that are near the BS forward more packets and drain their battery much more quickly. Also sensors have to continuously listen because they may have to forward data for other sensors. Listening consumes substantial energy. To address all these issues of multihop transmission and to elevate the network lifetime, the notion of mobile nodes is introduced in WSN [2 4]. The approach uses mobile data collection agents [2]. The mobile agent, called a mobile data collector (MDC) traverses in the network and collects the data from the nodes and dumps the data back at the BS. These MDCs can also help in data aggregation. Recently, researchers [5 7] have studied in detail the advantage of using MDC for data collection in WSN. The main advantage of using MDCbased data collection is the reduction in overall power consumption of the network and hence increases the network lifetime. This approach is also useful when the network is sparse or disconnected. In the methods proposed in [5 7] the data latency (average time taken by data to reach the BS from the time of generation) is usually high because of the low speed of the MDC and the large area that has to be covered.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

To ensure scalability and to increase the efciency of network operations, the sensors are often grouped into clusters. In clustered WSN, the nodes in a neighbourhood organise themselves into a cluster with one resource-rich node designated as cluster head (CH) [8 10]. The CH collects the data from the other nodes in its neighbourhood and uses an aggregation scheme to aggregate the information. It then sends the aggregated information to a neighbouring CH in the direction of the BS. In this type of data transmission, the CHs that are near the BS need to transmit more data resulting in reducing the networks lifetime. Instead of the CH forwarding the data if an MDC is used to collect the data from the CH we have two important advantages. First, it increases the overall lifetime of the clustered WSN. Second it improves the data latency. As an MDC is required to visit and collect the data only from the CH, the number of nodes visited by the, MDC are less which improves the data latency in clustered WSN. The use of MDC for data collection in clustered WSN is depicted in Fig. 1. The use of MDC in WSN introduces new security challenges. The security issues in MDC-based data collection is not explored extensively. Majority of the literature on data collection using MDC focuses towards improving the data latency and the use of different mobility models to increase the network coverage by the MDC. To the best of our knowledge security issues in clustered sensor networks with mobile data collection are not studied in detail. In MDC-based data collection, the sensor nodes store the generated data in their buffers. The MDC traverses the network periodically transmitting beacon signals. A beacon signal is the message transmitted by the MDC while traversing in the network. CHs that hear the MDCs beacon
85

& The Institution of Engineering and Technology 2011

www.ietdl.org
is explained in Section 9. In Section 10 we provide energy analysis of the protocols. We conclude in Section 11.

Related work

We classify the related work into two parts. In the rst part, we discuss the previous work that uses the concept of mobility for communication in WSN. Then in the second part, we briey review existing work on secure data collection using MDC. 2.1
Fig. 1 MDC collecting the aggregated data from CHs in a clustered sensor network

Mobility for communication

signal begins transferring its aggregated data to the MDC. Since the MDCs beacon signal received by sensor nodes is not authenticated, an adversary can attack the network by placing a malicious MDC. The secure data collection methods proposed in [11] and [12] are mainly designed to protect the data collected by the MDC in a distributed WSN. These methods do not provide a solution to identify a malicious node acting as MDC. Secure data collection in clustered WSN is discussed in [13]. This scheme is capable of identifying malicious MDC but is not resilient to CH compromise. In this paper, we consider the problem of providing security to MDC-based data collection in clustered WSN. Node compromise is the major and unique problem in sensor networks. An adversary obtains all the information including cryptographic secrets by compromising a node. In the context of secure data collection attractive targets for an adversary are MDC and CH. We mainly consider the following security issues: identifying malicious MDC, identifying replay messages and node compromise. In node compromise, we consider MDC compromise as well as CH compromise. Secure data collection protocols proposed in this paper are based on the tree-based key management scheme [14]. We propose three different protocols for secure data collection based on different assumptions and constraints, such as time stamp protocol (TSP), polynomial points sharing protocol (PPSP) and secret sharing protocol (SSP). The protocols are used to identify malicious MDC and to maintain condentiality of the collected data. The TSP protocol uses time stamps to identify replay messages and simple encryption/decryption operations are used by CH to authenticate MDC. The PPSP and SSP protocols use polynomial construction and evaluation to authenticate MDC. We study the impact of CH compromise and MDC compromise on data collection. In security analysis, we show that PPSP and SSP protocols provide better resiliency to node compromise attack. The energy analysis, shows that TSP is energy efcient compared to PPSP and SSP protocols. But the security against node compromise attack provided by PPSP and SSP is better compared to the TSP protocol. The rest of the paper is organised as follows: in Section 2 we elaborate on related work in detail. The network model, adversary model and notations used in the paper are discussed in Section 3. In Section 4, we explain cluster formation and the key management scheme used in designing the protocols. TSP protocol is explained in detail in Section 5. In Section 6 and 7 we explain PPSP and SSP protocols, respectively. A complete security analysis of all the proposed protocols is discussed in Section 8. Performance analysis of the protocols
86

Mobile data collectors are used in applications that utilise mobility for communication-based operations such as data relay, data collection and physical operations like replacement of defective sensor nodes. Some schemes depend on existing mobility in the environment like vehicles or animals present in the network eld [4, 5]. The concept of MDCs was rst introduced in [5] to connect sparse sensor networks. A scheme with multiple mobile collectors that traverse the sensor eld in straight lines is presented in [15]. In [16], the network is divided into clusters by a k-means clustering-based mechanism and a CH is placed in each cluster. Multiple MDCs are used and their mobility is modelled as a vehicle routing problem with time window. In [17], an obstacle avoiding collection scheme is described. Further analysis of other mobility schemes can be found in [5]. A new model of mobile data collection that reduces the data latency signicantly is proposed in [18]. The model uses a combination of a new touring strategy based on clustering and a data collection mechanism based on wireless communication to achieve better data latency. 2.2 Secure data collection

The MDC-based data collection is studied thoroughly in the literature in the context of various mobility models. However, the security aspect in MDC-based data collection is not studied in detail. In [11] key management for secure communication and data collection in distributed WSN is discussed. The scheme ensures only condentiality of the collected data. Identifying malicious MDC and attacks caused by malicious MDC are not considered. In [12], mobile sink is used for secure data collection. Here a xed path is used by the mobile sink and only the nodes in this path will be able to communicate with the mobile sink and transfer data. The nodes in the path are overloaded with data transfer function every time a mobile sink visits the nodes for data collection. Also, deterministic path used by MDC leads to various attacks.

3 Network model, adversary model and notations

In this section, we explain the preliminaries required to explain our protocols for secure data collection using MDC. First, we explain the network model considered in this paper. Here we consider hierarchical sensor network (HSN). Large-scale homogeneous networks suffer from high cost of communication, computation and storage requirements; hence HSNs are preferred as they provide better performance and security solutions. After the network model, the possible types of attacks on MDC data collection are explained in detail. Finally, the notations used in the paper are discussed.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95 doi: 10.1049/iet-wss.2010.0086

& The Institution of Engineering and Technology 2011

www.ietdl.org
3.1 Network model The network consists of a small number of powerful high-end nodes, which act as CHs and large number of low-end sensors, called sensing nodes (SN-sensors) that are used for basic sensor operations like sensing a particular type of data. CHs are more powerful nodes with more computation, communication, energy supply and storage capability. SNsensors are nodes with limited computation, communication, energy supply and storage capability. Every SN-sensor sends the sensed data to its CH, the CH aggregates the received data. The aggregated data are transferred to BS using the MDC. The MDCs considered in this paper are special nodes with higher memory and processing capability, which can move in the monitoring area. MDCs are deployed by BS to collect the data at regular interval. These MDCs travel in the monitoring area to collect the data and the collected data are carried to the BS for further processing. Here we consider a network consisting of N SN-sensors and l CHs. Table 1 shows the notations used in this paper. 3.2 Adversary model transmission range and multiple short-range communication nodes. Short-range malicious node hears the beacon message from the MDC and sends the message over a secret communication channel to a high-range malicious node, which in turn broadcasts the MDCs beacon message over the entire network causing the CHs that are not within the legitimate MDCs communication range to transmit their aggregated data. 3. Wormhole sinkhole attack: This is an attack on a network where the MDC uses a deterministic communication path. The attacker can launch a attack by placing number of static malicious nodes within the trusted MDCs deterministic communication path and one malicious MDC that moves along the deterministic communication path. When a static malicious node hears the MDCs beacon message, it sends the beacon message through a secret channel to a malicious MDC. The malicious MDC replays the beacon message on different parts of the network, causing the CHs to transmit their aggregated data to the malicious MDC. 4. Attack on controlled mobility: Sensor networks that use controlled mobility are also susceptible to a different type of attack. Here, adversary is capable of isolating the trusted MDCs collection path by forming its own communication path around it. CHs that are not within the trusted MDCs path transmit their data to those within the adversarys data collection path. 3.2.2 An adversary which compromises separately a CH and an MDC: Another important attack we consider here is node compromise attack. The adversary attempts to compromise the CH and the MDC as these two are the attractive targets in secure data-collection scenario. We consider separately the effect of a compromised CH and an MDC. If a node is compromised, the adversary obtains all the information including the cryptographic key material stored in the node.

We consider the following two types of adversaries: 3.2.1 An adversary which deploys a malicious MDC: Following are the different attacks that can be launched by the adversary [12]. 1. Unauthorised access: Adversary may deploy a node that acts as MDC and tries to collect the data from the CH. 2. Wormhole-hello ood attack: In this type of attack, the adversary makes use of one malicious node with powerful
Table 1
Notations Notations CH CHj BS U n N l CCHK Pki IDx Si POSSi CK ki ki2j {x}y SKi TSi Nonce Ki TSc tMDCi tx F f (x) fi(x) (xi , yi) h(x) cluster head jth Cluster head base station set of all sensor nodes in a cluster number of nodes in a cluster number of nodes in the network Number of CHs in the network Common cluster head key secret key shared between ith node and BS identication information of node x ith sensor node position information of node Si cluster key secret key shared between ith node and CH key k shared between the nodes from i to j encryption of x using key y session key for the ith round time stamp for the ith round random number selected by a node secret computed by ith node using polynomial shares current time value time at which ith round of MDC is started. time required by an adversary to compromise a node collision resistant one way function polynomials of degree d polynomial of degree t assigned to ith CH ith Point of a polynomial f (x) one-way hash function

4 Cluster formation and key management scheme

In this section, rst we explain the cluster formation. Then we explain key management scheme for secure communication and data collection in clustered WSN. 4.1 Cluster formation

We consider a network consisting of N SN-sensors and l CHs. Each SN-sensor Si , i = 1, . . . , N is preloaded with two secret keys Pki and ki , i = 1, . . . , N . The secret key Pki is used for condential communication with BS and ki is shared between SN-sensor and its corresponding CH. Each CH, CHj , j = 1, . . . , l, is preloaded with secret key ki , i = 1, . . . , N of all the SN-sensors in the network and Pkj , j = 1, . . . , l shared between CH and BS. After deployment, clusters are formed using the preloaded information. We assume that after deployment, all the nodes are localised and know their respective positions in the network. Clusters are formed as follows: CHs broadcast hello message CH U : IDCH POSCH hello On receiving the hello message from CHs, each SN-sensor decides which CH to select based on POSCH . Let jth CH be nearer to node Si . Now node Si sends the
87

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

& The Institution of Engineering and Technology 2011

www.ietdl.org
join request to CHj Si CHj : IDSi h(ki ) ki N once join CHj veries the join request using ki and if the node Si is authorised, accepts it as one of the cluster member. CHj sends the conrm message to node Si CHj Si : IDCH h(N once) confirm Now, CHj retains the information of SN-sensors in its cluster and erases the rest from its memory. After cluster formation, the network operates in two phases. In sensing phase, the SN-sensors within a cluster sense the data and send it securely to the CH. The CH upon receiving data from all the SN-sensors in its cluster, aggregates the data. In data collection phase, the BS deploys MDCs for data collection. MDCs traverse the entire monitoring area to collect the data. When an MDC visits the CH, the CH authenticates the MDC and then the aggregated data is transferred securely. After collecting the data the MDC returns to the BS to dump the collected data. We consider the algorithm proposed in [16] to determine the number of MDCs to be deployed for maximum coverage and also the route of MDCs. This algorithm considers a hybrid sensor network architecture with multiple MDCs. The data collection by the MDC is formulated as a vehicle routing problem with time window. The algorithm meets the needs of using minimal number of MDCs for data collection, with equitable load distribution on the MDCs and it also uses a priority-based model for attending the CH with critical data or limited lifetime. 4.2 Tree-based key management scheme keys that are shared by some subset of sensors. Key at the root of the tree is the cluster key (CK). CK is shared by all the nodes in the cluster. Nodes within a cluster can communicate securely using a CK. The intermediate keys and CKs are generated using pseudorandom number generator. Every SN-sensor will store all the keys along the path, from leaf to root of the tree. All CHs share a common key called as common cluster head key (CCHK). CHs can communicate securely with each other using the key CCHK. At regular interval once after the CCHK is changed to say CCHK secret keys Pk1 , Pk2 , . . . , Pkl of CHs are refreshed as follows: Pki F(Pki , CCHK ), where F is a collision resistant one-way function. CH uses these refreshed keys to encrypt the data before transferring it to the MDC. In [14] detailed description of the tree-based key management scheme is discussed. This scheme explains how efciently keys are changed when a node is compromised or new node is added.

Time stamp protocol

In this paper, we use the key management scheme proposed in [14]. Sensors within a cluster are organised as m-ary balanced tree [19] with SN-sensors at the leaf as shown in Fig. 2, where m is the degree of the tree. The tree is maintained by the CH. In Fig. 2. S0 , S1 , . . . , S8 represent SN-sensors within a cluster. Nodes within a cluster are again organised into smaller groups (called as subgroups) of xed size based on the m value. This type of grouping reduces rekey operation when a node is compromised. Every SN-sensor shares a key with the CH, called its secret key ki , which is used to communicate with the CH securely. Nodes k0 , k1 , . . . , k8 in Fig. 2 correspond to secret keys shared with CHs. The keys k02 , k35 , k68 represent the keys called as intermediate

Fig. 2 S0 S8 are sensor nodes in a cluster and k0 to k8 are pre loaded secret keys of sensors, k0 2 , k3 5 , k6 8 are auxiliary keys and CK is the cluster key
88

MDC are deployed by the BS at regular intervals to collect the aggregated data from the CH. After deployment MDC traverse in the monitoring area and return to the BS with the collected data. This traversal is called as one round. In this section, we present a simple authentication scheme called TSP. We use the tree-based key management scheme discussed in the previous section and time stamp for secure data collection. Our scheme not only identies the malicious MDC, but also prevents the replay attack. BS selects a session key SKi for the ith round of the MDC and constructs the following beacon message: {SKi TSi }CCHK h(SKi ) IDMDC . Before deployment MDC is preloaded with session key SKi and the beacon message. Here CCHK is shared by all the CHs and the BS, SKi is the session key and TSi is the time stamp assigned to the MDC for the ith round. Here time stamp TSi corresponds to current time, we assume that the clock value of all CHs and BS are synchronised. Also every CH maintains a table in which it stores information regarding the TSi along with unique ID of the MDC IDMDC . After deployment the MDC traverses in the monitoring area and establishes connection with the CH in the region. The MDC sends the beacon message {SKi TSi }CCHK h(SKi ) IDMDC to the CH. Now the CH decrypts the session key SKi and the time stamp TSi using the key CCHK. After obtaining the session key SKi and time stamp TSi , CH authenticates the MDC. The authentication and identication of the replay message is explained in the ow diagram shown in Fig. 3. The detailed protocol that explains the authentication is given in Fig. 9 of the Appendix. The CCHK is known only to the CHs, therefore only an authorised CH is able to authenticate the MDC. The time stamp associated with the message enables the CH to identify the replay messages. Once the MDC is authenticated using the above protocol, cluster head CHj transfers the aggregated data to the MDC by encrypting the data using its secret key Pkj . Only the BS which shares this key Pkj is able to decrypt the data. Therefore, if the MDC is compromised, the collected data is not exposed. Using the same secret key to encrypt the data every time may result in cryptanalysis of the corresponding key. To overcome this problem the secret keys CCHK and Pkj are refreshed at regular intervals. The key, Pkj is changed to Pkj using simple transformation: Pkj F(Pkj , CCHK ), where F is a collision-resistant one-way function.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95 doi: 10.1049/iet-wss.2010.0086

& The Institution of Engineering and Technology 2011

www.ietdl.org

Fig. 3 Flow diagram explaining the authentication process in TSP and SSP protocols

Polynomial points sharing protocol

Fig. 4 Flow diagram explaining the authentication process in PPSP

The TSP protocol uses time stamp values to identify replay messages. This demand synchronises the clock among the CHs and the BS. To eliminate the difculty of using synchronised clock, we propose a protocol based on sharing the polynomial points. The protocol is called as PPSP. The cluster formation and key management scheme used is same as that of TSP protocol. The authentication of MDC and identifying the replay messages is achieved in a different way. The BS chooses a random polynomial of degree d dened over a nite eld Fq , where q is a prime power. Then the BS chooses d distinct points (x1 , y1 ), . . . , (xd , yd ) where yi = f (xi ) and are stored in each CH before deployment as pre-positioned secret information. Here, d is a security parameter. During ith round of MDC the BS selects (d + 1)th point (xd+1 , yd+1 ), distinct from previous d points, called as activating share ASi . Using the ASi and d pre-positioned secret information, the BS constructs a polynomial f (x) of degree d, and computes session key SKi = f (0). The BS now constructs a beacon message IDMDC {h(SKi ) ASi }. Before deployment the MDC is preloaded with SKi and the beacon message. After deployment, the MDC traverses the monitoring area and establishes connection with a cluster head CHj . Now CHj extracts ASi from the beacon message received from MDC, constructs the polynomial f (x) of degree d with pre-positioned secret information using the Lagrange interpolation [20] and computes session key SKi = f (0). CHj authenticates MDC by computing h(SKi ) and comparing with that in beacon message. The ow diagram in Fig. 4 shows the authentication steps of the PPSP. After authentication, CHj encrypts the aggregated data with Pkj and transfers it to the
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

MDC. Here also Pkj is refreshed periodically as explained in TSP. The detailed PPSP that authenticates the MDC and identies replay messages is explained in Fig. 10 of the Appendix. The Fig. 10 protocol requires CH to perform polynomial construction and evaluation [20] to derive the session key used for authentication.

Secret sharing protocol

The SSP uses Shamirs secret sharing scheme [21]. Initially the BS chooses l polynomials {fi (x)}i=1,...,l of degree (t 1) over a nite eld Fq , where q is a prime power. Each polynomial is identied with the cluster head CHi . Before deployment, the BS assigns a polynomial to each CH. Every SN-sensor Sk is preloaded with one share (x, fi (x)) by randomly choosing x [ Fq , where 1 k N , 1 i l. After deployment, clusters are formed with cluster heads CHi , i = 1, . . . , l. The sensors corresponding to CHi , retains only one share of fi and delete all other shares. We assume that the size of each cluster is at least t. The BS constructs distinct beacon messages for each cluster head CHi as follows: the BS computes Ki = fi (0) and randomly chooses a session key SKi . The time stamp TSi and SKi are encrypted using Ki . The beacon message for each CH are preloaded to the MDC along with the ID of respective CH. During the sensing phase, the SN-sensor Sj sends sensed data along with its share to CHi . In the data collection phase, CHi constructs the polynomial fi (x) using the t shares and computes secret Ki = fi (0). When CHi receives the beacon message from the MDC, CHi obtains the session key SKi and time stamp TSi using Ki . CHi authenticates the
89

& The Institution of Engineering and Technology 2011

www.ietdl.org
MDC and then encrypts the aggregated data using Pki and transfers to MDC. Authentication of MDC is shown in ow diagram of Fig. 3. The detailed step-by-step authentication protocol is explained in Fig. 11 of the Appendix.

Security analysis

In this section, we analyse the security of the proposed protocols. Mainly we consider the following security issues: identifying malicious MDC, identifying replay messages and node compromise. In node compromise we consider MDC compromise as well as CH compromise. 8.1 Identifying malicious MDC and replay messages Malicious MDC is capable of launching various attacks as explained in Section 3. The adversary tries to collect the data using the malicious MDC from legitimate CHs. Now we discuss how the proposed protocols identify such malicious MDC to counter the attacks. In TSP Protocol, a malicious MDC obtains by eavesdropping, the beacon message IDMDC {SKi TSi }CCHK h(SKi ). But CCHK is known only to the CH and the BS. Hence, malicious MDC cannot decrypt the message. Further, replay of the message to the CH fails to authenticate the malicious MDC as every messages carries a unique time stamp TSi encrypted with CCHK. The information obtained by malicious MDC in PPSP protocol is the beacon message IDMDC {h(SKi ) ASi }. As the beacon message does not reveal the session key SKi the malicious MDC without SKi is unable to authenticate itself. The distinct ASi used in every round enables to identify replay messages. In SSP, the information obtained by a malicious MDC is IDMDC {SKi TSi }Ki h(SKi ). As the session key is encrypted by secret Ki known only to the CH and the BS, malicious MDC is unable to authenticate itself. Further, replay of the message to the CH fails to authenticate the malicious MDC as every messages carries a unique time stamp TSi encrypted with Ki . 8.2 Node compromise
Fig. 5 Time line representing secure and vulnerable communication when a CH is compromised for
a TSP b PPSP c SSP protocols

MDCs return to the BS and collected data are transferred to the BS. This we call as one round of MDC. The time required to complete one round is called round trip time and is denoted as tr . The BS does not refresh the CCHK during the round trip time tr , since this renders the verication of a legitimate MDC by a CH unsuccessful. Therefore the adversary can compromise a CH during the time tr . Let tMDCi be the time at which ith round of MDC started. After compromising a CH the adversary obtains all the information stored in it. By obtaining the stored information, the adversary may deploy malicious MDCs and try to collect the data from non-compromised CHs. The resiliency against CH compromise refers to the time required for an adversary to deploy malicious MDC to collect the data from non-compromised CHs during the interval tr . Analysis of CH compromise with respect to the proposed TSP, PPSP and SSP is given below: TSP Protocol: If a CH is compromised during the interval tr then adversary obtains CCHK. By eavesdropping it obtains the beacon message IDMDC {SKi TSi }CCHK h(SKi ) of legitimate MDCs. By knowing the CCHK and the beacon message IDMDC {SKi TSi }CCHK h(SKi ) the adversary is able to deploy a malicious MDC. Let the time required to compromise a CH and to deploy a malicious MDC be tx . Fig. 5, shows the time period for which the communication among CHs and MDCs is secure and when it becomes vulnerable to attacks by an adversary. PPSP Protocol: By compromising a CH during the interval tr , the adversary obtains d pre-positioned secret information of the polynomial f (x) and by eavesdropping obtains the beacon message IDMDC {h(SKi ) ASi }, which consists of the (d + 1)th share of f (x). Let ty be the time required for an adversary to compromise a CH. By knowing (d + 1)th share it is not possible for an adversary to immediately deploy a malicious MDC for data collection. It requires some time to evaluate the polynomial using the compromised shares and compute the session key SKi = f (0). At time tx , say, the adversary is able to deploy malicious MDC. As tx . ty , the resiliency to CH compromise for this protocol is better than TSP. SSP Protocol: In this protocol, by compromising a cluster head CHi the adversary obtains the sensed data along with the shares of the polynomial fi (x). Let ty be the time required for an adversary to compromise a CH. To deploy a malicious node, the adversary computes the secret Ki = fi (0). At time
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95 doi: 10.1049/iet-wss.2010.0086

We consider MDC compromise and CH compromise as these two are the attractive targets for an adversary. 8.2.1 MDC compromise: If the adversary compromises the MDC in ith round, then the adversary obtain the collected data, the beacon message and the session key SKi . The information revealed is same for TSP, PPSP and SSP. Now we discuss the impact of MDC compromise on collected data. Each cluster head CHj encrypts the aggregated data using the secret key Pkj before transferring the data to MDC. The secret key Pkj is known only to the CH and the BS. Also the secret key Pkj is changed at regular intervals. The collected data are in encrypted form. Therefore the compromised MDC will not reveal any data to an adversary. The beacon message consists of information required to authenticate the MDC. However, the adversary fails to decrypt the collected data from cluster head CHj as it does not know Pkj . Hence, the protocols are resilient to MDC compromise. 8.2.2 CH compromise: BS periodically releases MDCs into the network to collect the data. MDC moves in the network and in every region it establishes connection with the CH to collect the data. After visiting all the CHs the
90

& The Institution of Engineering and Technology 2011

www.ietdl.org
Table 2
Resiliency of the proposed protocols against CH compromise Protocol Communication Computation Malicious MDC deployment time during tr tx tx . ty tx . tz . ty

TSP PPSP SSP

1 Msg 1 Msg l Msgs

polynomial evaluation polynomial evaluation

tz it computes the secret Ki . Now by knowing the secret and eavesdropped beacon message it is not possible to deploy a malicious MDC. As this beacon messages is intended for particular cluster head CHi , to obtain the required beacon message the adversary has to wait until a legitimate MDC visits the compromised CH. At time tx it obtains the intended beacon message. Therefore the adversary can deploy malicious MDC for data collection only after tx , where tx . tz . ty . By increasing the time required by an adversary to compromise a CH and to deploy a malicious MDC for data collection during the interval tr , the number of noncompromised CHs visited by malicious MDCs can be reduced. Table 2 summarises the resiliency of the protocols against CH compromise. We also indicate the number of messages exchanged, computation and time required to deploy malicious node in a network of l CHs. To summarise the security analysis we list the following observations: The protocols are resilient to the following attacks; condentiality of the collected data, identication of malicious MDC, identication of replay messages, authentication of MDC, wormhole-hello ood attack, wormhole sinkhole attack and attack on controlled mobility. The protocols differ in resiliency to CH compromise. As the time required to compromise a node in SSP protocol is more compared to TSP and PPSP, SSP provides better resiliency to CH compromise.

each SN-sensor stores, one share of a polynomial, which is used to compute the secret key Ki . CH: For TSP and SSP protocols, storage at CH is as follows: the CH maintains m-ary tree consisting of all the SN-sensors in the cluster. Therefore storage required to m maintain the tree is (m1)n. Also each CH stores its secret key Pki for condential communication with the BS and CCHK to communicate with other CHs. In PPSP protocol each CH stores all the keys as discussed in TSP protocol. In addition to this each CH stores d points of a polynomial f (x) as prepositioned secret information, which are used to compute the session key SKi when MDC visits CH. MDC: In TSP and PPSP Protocol, MDC stores the session key SKi and the beacon message IDMDC {SKi TSi }CCHK h(SKi ), IDMDC {h(SKi ) ASi } respectively. The MDC stores a table of size l in SSP, where l is number of CHs in the network. Each entry consists of IDCH along with the corresponding beacon message IDMDC {SKi TSi }Ki h(SKi ). 9.2 Communication

The communication cost is measured in terms of number of messages exchanged between a CH and the MDC to complete authentication and transfer of data. The number of messages exchanged to authenticate the MDC in TSP and PPSP are six. After authentication a single message is exchanged between the CH and the MDC to transfer the encrypted data. The message exchanges are shown in Figs 9 and 10 of the Appendix, respectively. In SSP, the MDC rst sends a hello message to the CH. On receiving hello message the CH sends its ID to the MDC. Then the intended beacon message is sent by the MDC and authentication process begins. The entire authentication process here requires a total of ten messages to be exchanged between the CH and the MDC. After authentication, like other protocols, here also a single unicast message transfers the encrypted data to the MDC. The message exchanges are shown in Fig. 11 of the Appendix. 9.3 Computation

Performance analysis

In this section, we analyse the proposed protocols with respect to communication, computation and storage required to authenticate MDC. 9.1 Storage of storage required to store used for authentication and storage with respect to SNdiscussed for the proposed

Here we study the amount cryptographic key material encryption of the data. The sensor, CH and MDC are protocols.

SN-sensor: In TSP and PPSP, all the keys along the path of the tree for which the SN-sensor belongs to are stored in SNsensors. The number of keys of the tree each SN-sensor stores are logm n + 1 for a cluster of size n and degree of the tree m. In addition to this each SN-sensor stores secret key Pki used for condential communication with the BS. In SSP protocol the storage at SN-sensor is same as that of TSP and PPSP protocols discussed above. In addition to this
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

The computation cost is measured in terms of various operations that are performed to authenticate the MDC and to transfer the data. The TSP performs only encryption/ decryption operations and one way hash functions to authenticate the MDC and transfer data. Here CH performs one encryption and two decryption operations and a singlehash operation to authenticate the MDC. To transfer data CH performs a single encryption operation. The computations at MDC are one encryption and one decryption for authentication. The PPSP authenticates MDC by performing one encryption/decryption operation, and one hash function. In addition to the above operations CH constructs a d degree polynomial and evaluates the same to compute session key SKi used for authentication. The MDC performs one encryption and one decryption during authentication process. After authentication CH performs a single encryption operation before transferring the data to MDC. In SSP rst CH constructs a polynomial of degree d using the shares received by SN-sensors. By evaluating the constructed polynomial it obtains the secret Ki used to encrypt the authentication key SKi . It performs one encryption and two decryptions to authenticate MDC. To transfer the data to MDC, CH performs one encryption. Like in TSP and PPSP
91

& The Institution of Engineering and Technology 2011

www.ietdl.org
Table 3
Storage, communication and computation cost at CH for authentication of MDC and secure data transfer Storage SN-sensor TSP logm n + 1 Pki CH m n m1 CCHK Pki m n m1 CCHK Pki , d points m n m1 CCHK Pki , Share of fi (x)
a b

Communication MDC SKi 1 beacon msg Send 4 Receive 4 ENCa 2 DECb 2

Computation Other operations hash function

PPSP

logm n + 1 Pki

SKi 1 beacon msg

polynomial construction hash function

SSP

logm n + 1 Pki share of fi (x)

SKi l beacon msgs

polynomial construction hash function

ENC, encryption DEC, decryption

here also the computations at MDC are one encryption and one decryption to authenticate itself. From the performance analysis we can observe that the TSP protocol is efcient with respect to storage, communication and computation compared with PPSP and SSP protocols. Table 3 summarises the storage, communication and computation of TSP, PPSP and SSP protocols. We consider a network of l clusters each of size n. In the table computation cost is tabulated with respect to CH, because the computation at MDC is same for all the protocols.

10

Energy analysis

In this section we discuss the energy analysis of the proposed protocols. The experiments were conducted with PoweTOSSIM [22]. It is a scalable simulation environment for WSNs that provides an accurate, per-node estimate of power consumption. Simulations were conducted to study the energy utilisation of the proposed protocols. The TSP, PPSP and SSP are simulated, where we recorded the energy utilisation of the nodes on round basis. The energy shown in the simulations is for entire one round of the MDC including authentication and data transfer at each node. For our experiments we considered 10% of the nodes as CHs, for different sized network a same percentage of CHs is considered. The energy analysis for TSP, PPSP and SSP are shown in Figs. 6 8, respectively. The graphs represent energy utilisation for different rounds. If we observe the pattern of power consumption for varying cluster size, it reveals new things. The power utilisation of TSP is gradually stabilising, whereas in PPSP and SSP protocols it increases exponentially. This is because the computation in PPSP and SSP protocols intensies when there are more nodes in the network and these computations are higher than the TSP/protocol. Thus additional security provided by PPSP and SSP protocols requires higher energy. Therefore there is a tradeoff between energy and level of security being provided. 10.1 Discussion of the proposed protocols

Fig. 6 Energy utilisation of CH for different rounds of MDC visits in TSP protocol

Fig. 7 Energy utilisation of CH for different rounds of MDC visits in PPSP protocol

The proposed protocols are used for secure data collection. Here we discuss suitability of the protocol with respect to a type of application and performance. SSP protocol requires l
92

messages to be exchanged and one polynomial evaluation operation to deploy a malicious MDC as a result of CH compromise. In PPSP it requires one message to be exchanged and one polynomial evaluation operation. Whereas in TSP by exchanging a single message and
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95 doi: 10.1049/iet-wss.2010.0086

& The Institution of Engineering and Technology 2011

www.ietdl.org
3 Wu, Q., Rao, N., Barhen, J. et al.: On computing mobile agent routes for data fusion in distributed sensor networks, IEEE Trans. Knowl. Data Eng., 2004, 16, (6), pp. 740753 4 Jain, S., Shah, R.C., Brunette, W., Borriello, G., Roy, S.: Exploiting mobility for energy efcient data collection in wireless sensor networks, Mob. Netw. Appl., 2006, 11, (3), pp. 327 339 5 Shah, R., Roy, S., Jain, S., Brunette, W.: Data MULEs: modeling a three-tier architecture for sparse sensor networks. Proc. IEEE Workshop on Sensor Network Protocols and Applications (SNPA), Anchorage, Alaska, May 2003, pp. 30 41 6 Qi, H., Xu, Y., Wang, X.: Mobile agent based colobarative signal and information processing in sensor networks, Proc. IEEE, 2003, 91, (8), pp. 1172 1183 7 Chen, M., Kwon, T., Choi, Y.: Data dissemination based on mobile agent in wireless sensor networks. Proc. IEEE LCN 2005, 2005, pp. 527 529 8 Yarvis, M., Kushalnagar, N., Sing, H.: Exploitng heterogeneity in sensor networks. Proc. IEEE Infocom 2005, Miami, Fl, March 2005 9 Du, X., Xiao, Y.: Energy efcient chessboard clustering and routing in heterogeneous sensor networks, Int. J. Wirel. Mob. Comput., 2006, 1, (2), pp. 121 130 10 Duarte-Melo, E., Liu, M.: Analysis of energy consumption and lifetime of hetrogeneous wireless sensor networks. Proc. IEEE Globecom, Taipei, Taiwan, November 2002 11 Zhou, L., Ni, J., Ravishankar, C.V.: Supporting secure communication and data collection in mobile sensor networks. Proc. 25th IEEE Int. Conf. on Computer Communications (Infocom06), 2006, pp. 1 12 12 Rasheed, A., Mahapatra, R.: Secure data collection scheme in wireless sensor networks with mobile sink. Proc. of Seventh IEEE Int. Symp. on Network Computing Applications, 2008 13 Poornima, A.S., Amberker, B.B.: Agent based secure data collection in heterogeneous sensor networks. Proc. Second Int. Conf. on Machine Learning and Computing (ICMLC 2010), Bangalore, India, 9 11 February 2010 14 Poornima, A.S., Amberker, B.B.: Tree-based key management scheme for heterogeneous sensor networks. Proc. 16th IEEE Int. Conf. on Networks (ICON 2008), New Delhi, India, 12 14 December 2008 15 Jea, D., Somasundara, A.A., Srivastava, M.B.: Multiple controlled mobile elements (data mules) for data collection in sensor networks. IEEE Distributed Computing in Sensor Systems (DCOSS), Marina Del Ray, CA, July 2005, pp. 244 257 16 Shah, P., Sivalingam, K.M., Agrawal, P.: Efcient data gathering in distributed hybrid sensor networks using multiple mobile agents. Proc. Third Int. Conf. on Communication System Software and Middleware (COMSWARE), Bangalore, India, January 2008 17 Ma, M., Yang, Y.: SenCar: an energy-efcient data gathering mechanism for large-scale multihop sensor networks, IEEE Trans. Parallel Distrib. Syst., 2007, 18, (10) 18 Kumar, A.K., Sivalingam, K.M.: Energy-efcient mobile data collection in wireless sensor networks with delay reduction using wireless communication. Proc. Second Int. Conf. on Communication Systems and Networks (COMSNETS), Bangalore, India, 2010, pp. 1 10 19 Wong, C., Gouda, M., Lam, S.: Secure group communication using key graphs. Proc. ACM SIGCOMM98, October 1998 20 Lipson, J.D.: Elements of algebra and algebraic computing (AddisonWesly, Reading, HA, 1981) 21 Shamir, A.: How to share a secret, Commun. ACM, 1979, 22, (11), pp. 612613 22 Shnayder, Hempstead, V.M., Chen, B., Allen, G., Welsh, M.: Simulating the power consumption of large scale sensor network applications. Proc. Second ACM Int. Conf. on Embedded Networked Sensor Systems (SENSYS 2004), 2004, pp. 188200

Fig. 8 Energy utilisation of CH for different rounds of MDC visits in SSP protocol

compromising a CH an adversary is able to deploy malicious MDC for data collection. This analysis shows that SSP protocol is having higher resiliency to CH compromise compared to SSP and TSP protocols. Therefore applications where the collected data is more sensitive like military applications SSP protocol is suitable. The TSP and PPSP are energy efcient compared to SSP hence are suitable for resource constrained networks. The performance analysis of the protocols illustrate that communication and computation costs for authentication and secure data transfer is higher in SSP protocol compared with TSP and PPSP.

11

Conclusion

The data collection using MDC in clustered WSN is one of the important technique to increase the network lifetime. The secure data collection in clustered WSN using MDC is not explored in detail in the literature. We proposed three protocols TSP, PPSP and SSP for MDC-based secure data collection in clustered WSN. The protocols are designed using tree-based key management scheme. The designed protocols address some of the important security issues like identifying malicious MDC and replay messages. The detailed performance and security analysis of the proposed protocols along with energy analysis is explained. The analysis shows that the proposed protocols provide varying level of security against node compromise attack by imposing additional computation overhead.

12

References

1 Akyildiz, I.F., Su, W., Sankarasubramanian, Y., Cayirci, E.: A survey on sensor networks, IEEE Commun. Mag., 2002, 40, (8), pp. 102 114 2 Ekili, E., Gu, Y., Bozdag, D.: Mobility based communication in wireless sensor networks, IEEE Commun. Mag., 2006, 44, (7), pp. 5662

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

93

& The Institution of Engineering and Technology 2011

www.ietdl.org
13 Appendix

Fig. 9 Identication of malicious MDC and replay messages using TSP

Fig. 10 Identication of malicious MDC and replay messages using PPSP

94

& The Institution of Engineering and Technology 2011

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95 doi: 10.1049/iet-wss.2010.0086

www.ietdl.org

Fig. 11 Identication of malicious MDC and replay messages using SSP

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595 doi: 10.1049/iet-wss.2010.0086

95

& The Institution of Engineering and Technology 2011