You are on page 1of 11

www.ietdl.

org
Published in IET Wireless Sensor Systems
Received on 25th October 2010
Revised on 7th February 2011
doi: 10.1049/iet-wss.2010.0086

ISSN 2043-6386

Secure data collection using mobile data collector


in clustered wireless sensor networks
A.S. Poornima1 B.B. Amberker2
1

Department of Computer Science and Engineering, Siddaganga Institute of Technology, Tumkur, Karnataka, India
Department of Computer Science and Engineering, National Institute of Technology, Warangal, Andhra Pradesh, India
E-mail: aspoornima@sit.ac.in

Abstract: In wireless sensor network (WSN), lifetime of the network is determined by the amount of energy consumption by the
nodes. To improve the lifetime of the network, nodes are organised into clusters, in which the cluster head (CH) collects and
aggregates the data. A special node called mobile data collector (MDC) is used to collect the data from the CH and transfer it
to the base station (BS). So far in the literature secure data collection in distributed WSN is considered. Here we propose and
analyse three protocols for secure data collection in clustered WSN. The protocols use the tree-based key management
scheme. The protocols authenticate the MDC and then transfer the encrypted data to MDC. The theoretical analysis shows
that the protocols are invulnerable to the compromised MDC and replayed messages. The protocols show varying resiliency
to compromised CH. Simulation results show that increased security incurs additional energy consumption in secure data
collection.

Introduction

Wireless sensor networks (WSN) comprise mainly of small


sensor nodes with limited resources and a base station (BS).
The nodes in a network are deployed over a geographic
area to sense and gather various types of data that includes
temperature, humidity, intrusion detection, vehicular motion
and so on [1]. In a distributed WSN the sensed data are
generally transmitted to the BS over a multihop wireless
network. The multihop transmission demands sensors to
forward the the data for other nodes. Sensors that are near
the BS forward more packets and drain their battery much
more quickly. Also sensors have to continuously listen
because they may have to forward data for other sensors.
Listening consumes substantial energy. To address all these
issues of multihop transmission and to elevate the network
lifetime, the notion of mobile nodes is introduced in WSN
[2 4]. The approach uses mobile data collection agents [2].
The mobile agent, called a mobile data collector (MDC)
traverses in the network and collects the data from the
nodes and dumps the data back at the BS. These MDCs can
also help in data aggregation. Recently, researchers [5 7]
have studied in detail the advantage of using MDC for data
collection in WSN. The main advantage of using MDCbased data collection is the reduction in overall power
consumption of the network and hence increases the
network lifetime. This approach is also useful when the
network is sparse or disconnected. In the methods proposed
in [5 7] the data latency (average time taken by data to
reach the BS from the time of generation) is usually high
because of the low speed of the MDC and the large area
that has to be covered.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595
doi: 10.1049/iet-wss.2010.0086

To ensure scalability and to increase the efciency of


network operations, the sensors are often grouped into
clusters. In clustered WSN, the nodes in a neighbourhood
organise themselves into a cluster with one resource-rich
node designated as cluster head (CH) [8 10]. The CH
collects the data from the other nodes in its neighbourhood
and uses an aggregation scheme to aggregate the
information. It then sends the aggregated information to a
neighbouring CH in the direction of the BS. In this type of
data transmission, the CHs that are near the BS need to
transmit more data resulting in reducing the networks
lifetime. Instead of the CH forwarding the data if an MDC is
used to collect the data from the CH we have two important
advantages. First, it increases the overall lifetime of the
clustered WSN. Second it improves the data latency. As an
MDC is required to visit and collect the data only from the
CH, the number of nodes visited by the, MDC are less which
improves the data latency in clustered WSN. The use of MDC
for data collection in clustered WSN is depicted in Fig. 1.
The use of MDC in WSN introduces new security
challenges. The security issues in MDC-based data
collection is not explored extensively. Majority of the
literature on data collection using MDC focuses towards
improving the data latency and the use of different mobility
models to increase the network coverage by the MDC. To
the best of our knowledge security issues in clustered
sensor networks with mobile data collection are not studied
in detail. In MDC-based data collection, the sensor nodes
store the generated data in their buffers. The MDC traverses
the network periodically transmitting beacon signals. A
beacon signal is the message transmitted by the MDC while
traversing in the network. CHs that hear the MDCs beacon
85

& The Institution of Engineering and Technology 2011

www.ietdl.org
is explained in Section 9. In Section 10 we provide energy
analysis of the protocols. We conclude in Section 11.

Related work

We classify the related work into two parts. In the rst part,
we discuss the previous work that uses the concept of
mobility for communication in WSN. Then in the second
part, we briey review existing work on secure data
collection using MDC.
2.1
Fig. 1 MDC collecting the aggregated data from CHs in a
clustered sensor network

signal begins transferring its aggregated data to the MDC.


Since the MDCs beacon signal received by sensor nodes is
not authenticated, an adversary can attack the network by
placing a malicious MDC.
The secure data collection methods proposed in [11] and
[12] are mainly designed to protect the data collected by the
MDC in a distributed WSN. These methods do not provide a
solution to identify a malicious node acting as MDC. Secure
data collection in clustered WSN is discussed in [13]. This
scheme is capable of identifying malicious MDC but is not
resilient to CH compromise. In this paper, we consider the
problem of providing security to MDC-based data collection
in clustered WSN. Node compromise is the major and
unique problem in sensor networks. An adversary obtains
all the information including cryptographic secrets by
compromising a node. In the context of secure data
collection attractive targets for an adversary are MDC and
CH. We mainly consider the following security issues:
identifying malicious MDC, identifying replay messages and
node compromise. In node compromise, we consider MDC
compromise as well as CH compromise.
Secure data collection protocols proposed in this paper are
based on the tree-based key management scheme [14]. We
propose three different protocols for secure data collection
based on different assumptions and constraints, such as time
stamp protocol (TSP), polynomial points sharing protocol
(PPSP) and secret sharing protocol (SSP). The protocols are
used to identify malicious MDC and to maintain
condentiality of the collected data. The TSP protocol uses
time stamps to identify replay messages and simple
encryption/decryption operations are used by CH to
authenticate MDC. The PPSP and SSP protocols use
polynomial construction and evaluation to authenticate MDC.
We study the impact of CH compromise and MDC
compromise on data collection. In security analysis, we show
that PPSP and SSP protocols provide better resiliency to node
compromise attack. The energy analysis, shows that TSP is
energy efcient compared to PPSP and SSP protocols. But the
security against node compromise attack provided by PPSP
and SSP is better compared to the TSP protocol.
The rest of the paper is organised as follows: in Section 2
we elaborate on related work in detail. The network model,
adversary model and notations used in the paper are discussed
in Section 3. In Section 4, we explain cluster formation and
the key management scheme used in designing the protocols.
TSP protocol is explained in detail in Section 5. In Section 6
and 7 we explain PPSP and SSP protocols, respectively. A
complete security analysis of all the proposed protocols is
discussed in Section 8. Performance analysis of the protocols
86

& The Institution of Engineering and Technology 2011

Mobility for communication

Mobile data collectors are used in applications that utilise


mobility for communication-based operations such as
data relay, data collection and physical operations like
replacement of defective sensor nodes. Some schemes
depend on existing mobility in the environment like vehicles
or animals present in the network eld [4, 5]. The concept of
MDCs was rst introduced in [5] to connect sparse sensor
networks. A scheme with multiple mobile collectors that
traverse the sensor eld in straight lines is presented in [15].
In [16], the network is divided into clusters by a k-means
clustering-based mechanism and a CH is placed in each
cluster. Multiple MDCs are used and their mobility is
modelled as a vehicle routing problem with time window. In
[17], an obstacle avoiding collection scheme is described.
Further analysis of other mobility schemes can be found in
[5]. A new model of mobile data collection that reduces the
data latency signicantly is proposed in [18]. The model
uses a combination of a new touring strategy based on
clustering and a data collection mechanism based on wireless
communication to achieve better data latency.
2.2

Secure data collection

The MDC-based data collection is studied thoroughly in


the literature in the context of various mobility models.
However, the security aspect in MDC-based data collection
is not studied in detail. In [11] key management for secure
communication and data collection in distributed WSN is
discussed. The scheme ensures only condentiality of the
collected data. Identifying malicious MDC and attacks
caused by malicious MDC are not considered. In [12],
mobile sink is used for secure data collection. Here a xed
path is used by the mobile sink and only the nodes in this
path will be able to communicate with the mobile sink and
transfer data. The nodes in the path are overloaded with
data transfer function every time a mobile sink visits the
nodes for data collection. Also, deterministic path used by
MDC leads to various attacks.

3 Network model, adversary model


and notations
In this section, we explain the preliminaries required to
explain our protocols for secure data collection using MDC.
First, we explain the network model considered in this
paper. Here we consider hierarchical sensor network (HSN).
Large-scale homogeneous networks suffer from high cost
of communication, computation and storage requirements;
hence HSNs are preferred as they provide better
performance and security solutions. After the network
model, the possible types of attacks on MDC data
collection are explained in detail. Finally, the notations used
in the paper are discussed.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95
doi: 10.1049/iet-wss.2010.0086

www.ietdl.org
3.1

Network model

The network consists of a small number of powerful high-end


nodes, which act as CHs and large number of low-end sensors,
called sensing nodes (SN-sensors) that are used for basic
sensor operations like sensing a particular type of data.
CHs are more powerful nodes with more computation,
communication, energy supply and storage capability. SNsensors are nodes with limited computation, communication,
energy supply and storage capability. Every SN-sensor sends
the sensed data to its CH, the CH aggregates the received
data. The aggregated data are transferred to BS using the
MDC. The MDCs considered in this paper are special nodes
with higher memory and processing capability, which can
move in the monitoring area. MDCs are deployed by BS to
collect the data at regular interval. These MDCs travel in the
monitoring area to collect the data and the collected data are
carried to the BS for further processing. Here we consider
a network consisting of N SN-sensors and l CHs. Table 1
shows the notations used in this paper.
3.2

Adversary model

We consider the following two types of adversaries:


3.2.1 An adversary which deploys a malicious MDC:
Following are the different attacks that can be launched by
the adversary [12].
1. Unauthorised access: Adversary may deploy a node that
acts as MDC and tries to collect the data from the CH.
2. Wormhole-hello ood attack: In this type of attack, the
adversary makes use of one malicious node with powerful
Table 1

Notations
Notations

CH
CHj
BS
U
n
N
l
CCHK
Pki
IDx
Si
POSSi
CK
ki
ki2j
{x}y
SKi
TSi
Nonce
Ki
TSc
tMDCi
tx
F
f (x)
fi(x)
(xi , yi)
h(x)

cluster head
jth Cluster head
base station
set of all sensor nodes in a cluster
number of nodes in a cluster
number of nodes in the network
Number of CHs in the network
Common cluster head key
secret key shared between ith node and BS
identification information of node x
ith sensor node
position information of node Si
cluster key
secret key shared between ith node and CH
key k shared between the nodes from i to j
encryption of x using key y
session key for the ith round
time stamp for the ith round
random number selected by a node
secret computed by ith node using polynomial shares
current time value
time at which ith round of MDC is started.
time required by an adversary to compromise a node
collision resistant one way function
polynomials of degree d
polynomial of degree t assigned to ith CH
ith Point of a polynomial f (x)
one-way hash function

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595


doi: 10.1049/iet-wss.2010.0086

transmission range and multiple short-range communication


nodes. Short-range malicious node hears the beacon
message from the MDC and sends the message over a
secret communication channel to a high-range malicious
node, which in turn broadcasts the MDCs beacon message
over the entire network causing the CHs that are not within
the legitimate MDCs communication range to transmit
their aggregated data.
3. Wormhole sinkhole attack: This is an attack on a network
where the MDC uses a deterministic communication path.
The attacker can launch a attack by placing number of static
malicious nodes within the trusted MDCs deterministic
communication path and one malicious MDC that moves
along the deterministic communication path. When a static
malicious node hears the MDCs beacon message, it sends
the beacon message through a secret channel to a malicious
MDC. The malicious MDC replays the beacon message on
different parts of the network, causing the CHs to transmit
their aggregated data to the malicious MDC.
4. Attack on controlled mobility: Sensor networks that use
controlled mobility are also susceptible to a different type
of attack. Here, adversary is capable of isolating the trusted
MDCs collection path by forming its own communication
path around it. CHs that are not within the trusted MDCs
path transmit their data to those within the adversarys data
collection path.
3.2.2 An adversary which compromises separately
a CH and an MDC: Another important attack we consider
here is node compromise attack. The adversary attempts to
compromise the CH and the MDC as these two are the
attractive targets in secure data-collection scenario. We
consider separately the effect of a compromised CH and an
MDC. If a node is compromised, the adversary obtains all
the information including the cryptographic key material
stored in the node.

4 Cluster formation and key management


scheme
In this section, rst we explain the cluster formation. Then we
explain key management scheme for secure communication
and data collection in clustered WSN.
4.1

Cluster formation

We consider a network consisting of N SN-sensors and l CHs.


Each SN-sensor Si , i = 1, . . . , N is preloaded with two secret
keys Pki and ki , i = 1, . . . , N . The secret key Pki is used
for condential communication with BS and ki is shared
between SN-sensor and its corresponding CH. Each CH,
CHj , j = 1, . . . , l, is preloaded with secret key ki ,
i = 1, . . . , N of all the SN-sensors in the network and Pkj ,
j = 1, . . . , l shared between CH and BS. After deployment,
clusters are formed using the preloaded information. We
assume that after deployment, all the nodes are localised
and know their respective positions in the network. Clusters
are formed as follows: CHs broadcast hello message
CH  U : IDCH POSCH hello
On receiving the hello message from CHs, each SN-sensor
decides which CH to select based on POSCH . Let jth
CH be nearer to node Si . Now node Si sends the
87

& The Institution of Engineering and Technology 2011

www.ietdl.org
join request to CHj
Si  CHj : IDSi h(ki )ki N oncejoin
CHj veries the join request using ki and if the node Si is
authorised, accepts it as one of the cluster member. CHj
sends the conrm message to node Si
CHj  Si : IDCH h(N once)confirm
Now, CHj retains the information of SN-sensors in its cluster
and erases the rest from its memory.
After cluster formation, the network operates in two
phases. In sensing phase, the SN-sensors within a cluster
sense the data and send it securely to the CH. The CH upon
receiving data from all the SN-sensors in its cluster,
aggregates the data. In data collection phase, the BS
deploys MDCs for data collection. MDCs traverse the entire
monitoring area to collect the data. When an MDC visits
the CH, the CH authenticates the MDC and then the
aggregated data is transferred securely. After collecting the
data the MDC returns to the BS to dump the collected data.
We consider the algorithm proposed in [16] to determine the
number of MDCs to be deployed for maximum coverage and
also the route of MDCs. This algorithm considers a hybrid
sensor network architecture with multiple MDCs. The data
collection by the MDC is formulated as a vehicle routing
problem with time window. The algorithm meets the needs
of using minimal number of MDCs for data collection, with
equitable load distribution on the MDCs and it also uses a
priority-based model for attending the CH with critical data
or limited lifetime.
4.2

Tree-based key management scheme

In this paper, we use the key management scheme proposed in


[14]. Sensors within a cluster are organised as m-ary balanced
tree [19] with SN-sensors at the leaf as shown in Fig. 2, where
m is the degree of the tree. The tree is maintained by the CH.
In Fig. 2. S0 , S1 , . . . , S8 represent SN-sensors within a
cluster. Nodes within a cluster are again organised into
smaller groups (called as subgroups) of xed size based on
the m value. This type of grouping reduces rekey operation
when a node is compromised. Every SN-sensor shares a
key with the CH, called its secret key ki , which is used to
communicate with the CH securely. Nodes k0 , k1 , . . . , k8 in
Fig. 2 correspond to secret keys shared with CHs. The keys
k02 , k35 , k68 represent the keys called as intermediate

Fig. 2 S0 S8 are sensor nodes in a cluster and k0 to k8 are pre


loaded secret keys of sensors, k0 2 , k3 5 , k6 8 are auxiliary keys
and CK is the cluster key
88

& The Institution of Engineering and Technology 2011

keys that are shared by some subset of sensors. Key at the


root of the tree is the cluster key (CK). CK is shared by
all the nodes in the cluster. Nodes within a cluster can
communicate securely using a CK. The intermediate keys
and CKs are generated using pseudorandom number
generator. Every SN-sensor will store all the keys along the
path, from leaf to root of the tree. All CHs share a common
key called as common cluster head key (CCHK). CHs can
communicate securely with each other using the key
CCHK. At regular interval once after the CCHK is changed
to say CCHK secret keys Pk1 , Pk2 , . . . , Pkl of CHs are
refreshed as follows: Pk i  F(Pki , CCHK ), where F is a
collision resistant one-way function. CH uses these
refreshed keys to encrypt the data before transferring it to
the MDC. In [14] detailed description of the tree-based
key management scheme is discussed. This scheme explains
how efciently keys are changed when a node is
compromised or new node is added.

Time stamp protocol

MDC are deployed by the BS at regular intervals to collect


the aggregated data from the CH. After deployment MDC
traverse in the monitoring area and return to the BS with
the collected data. This traversal is called as one round. In
this section, we present a simple authentication scheme
called TSP. We use the tree-based key management scheme
discussed in the previous section and time stamp for secure
data collection. Our scheme not only identies the
malicious MDC, but also prevents the replay attack.
BS selects a session key SKi for the ith round of the
MDC and constructs the following beacon message: {SKi 
TSi }CCHK h(SKi )IDMDC . Before deployment MDC is
preloaded with session key SKi and the beacon message.
Here CCHK is shared by all the CHs and the BS, SKi is the
session key and TSi is the time stamp assigned to the MDC
for the ith round. Here time stamp TSi corresponds to
current time, we assume that the clock value of all CHs and
BS are synchronised. Also every CH maintains a table in
which it stores information regarding the TSi along with
unique ID of the MDC IDMDC . After deployment the MDC
traverses in the monitoring area and establishes connection
with the CH in the region. The MDC sends the beacon
message {SKi TSi }CCHK h(SKi )IDMDC to the CH. Now the
CH decrypts the session key SKi and the time stamp TSi
using the key CCHK. After obtaining the session key SKi
and time stamp TSi , CH authenticates the MDC. The
authentication and identication of the replay message is
explained in the ow diagram shown in Fig. 3. The detailed
protocol that explains the authentication is given in Fig. 9
of the Appendix. The CCHK is known only to the CHs,
therefore only an authorised CH is able to authenticate the
MDC. The time stamp associated with the message enables
the CH to identify the replay messages.
Once the MDC is authenticated using the above protocol,
cluster head CHj transfers the aggregated data to the MDC
by encrypting the data using its secret key Pkj . Only the
BS which shares this key Pkj is able to decrypt the data.
Therefore, if the MDC is compromised, the collected data is
not exposed. Using the same secret key to encrypt the data
every time may result in cryptanalysis of the corresponding
key. To overcome this problem the secret keys CCHK and
Pkj are refreshed at regular intervals. The key, Pkj is changed
to Pk j using simple transformation: Pk j  F(Pkj , CCHK ),
where F is a collision-resistant one-way function.
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95
doi: 10.1049/iet-wss.2010.0086

www.ietdl.org

Fig. 3 Flow diagram explaining the authentication process in


TSP and SSP protocols

Polynomial points sharing protocol

The TSP protocol uses time stamp values to identify replay


messages. This demand synchronises the clock among the
CHs and the BS. To eliminate the difculty of using
synchronised clock, we propose a protocol based on sharing
the polynomial points. The protocol is called as PPSP. The
cluster formation and key management scheme used is
same as that of TSP protocol. The authentication of MDC
and identifying the replay messages is achieved in a
different way.
The BS chooses a random polynomial of degree d dened
over a nite eld Fq , where q is a prime power. Then the
BS chooses d distinct points (x1 , y1 ), . . . , (xd , yd ) where
yi = f (xi ) and are stored in each CH before deployment as
pre-positioned secret information. Here, d is a security
parameter. During ith round of MDC the BS selects (d + 1)th
point (xd+1 , yd+1 ), distinct from previous d points, called as
activating share ASi . Using the ASi and d pre-positioned
secret information, the BS constructs a polynomial f (x) of
degree d, and computes session key SKi = f (0). The BS now
constructs a beacon message IDMDC {h(SKi )ASi }. Before
deployment the MDC is preloaded with SKi and the beacon
message. After deployment, the MDC traverses the
monitoring area and establishes connection with a cluster head
CHj . Now CHj extracts ASi from the beacon message
received from MDC, constructs the polynomial f (x) of degree
d with pre-positioned secret information using the Lagrange
interpolation [20] and computes session key SKi = f (0). CHj
authenticates MDC by computing h(SKi ) and comparing with
that in beacon message. The ow diagram in Fig. 4 shows
the authentication steps of the PPSP. After authentication, CHj
encrypts the aggregated data with Pkj and transfers it to the
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595
doi: 10.1049/iet-wss.2010.0086

Fig. 4 Flow diagram explaining the authentication process in


PPSP

MDC. Here also Pkj is refreshed periodically as explained in


TSP. The detailed PPSP that authenticates the MDC and
identies replay messages is explained in Fig. 10 of the
Appendix. The Fig. 10 protocol requires CH to perform
polynomial construction and evaluation [20] to derive the
session key used for authentication.

Secret sharing protocol

The SSP uses Shamirs secret sharing scheme [21]. Initially


the BS chooses l polynomials {fi (x)}i=1,...,l of degree (t 1)
over a nite eld Fq , where q is a prime power. Each
polynomial is identied with the cluster head CHi . Before
deployment, the BS assigns a polynomial to each CH.
Every SN-sensor Sk is preloaded with one share (x, fi (x))
by randomly choosing x [ Fq , where 1 k N , 1 i l.
After deployment, clusters are formed with cluster heads
CHi , i = 1, . . . , l. The sensors corresponding to CHi ,
retains only one share of fi and delete all other shares. We
assume that the size of each cluster is at least t. The BS
constructs distinct beacon messages for each cluster head
CHi as follows: the BS computes Ki = fi (0) and randomly
chooses a session key SKi . The time stamp TSi and SKi are
encrypted using Ki . The beacon message for each CH are
preloaded to the MDC along with the ID of respective CH.
During the sensing phase, the SN-sensor Sj sends sensed
data along with its share to CHi . In the data collection
phase, CHi constructs the polynomial fi (x) using the t shares
and computes secret Ki = fi (0). When CHi receives the
beacon message from the MDC, CHi obtains the session
key SKi and time stamp TSi using Ki . CHi authenticates the
89

& The Institution of Engineering and Technology 2011

www.ietdl.org
MDC and then encrypts the aggregated data using Pki and
transfers to MDC. Authentication of MDC is shown in ow
diagram of Fig. 3. The detailed step-by-step authentication
protocol is explained in Fig. 11 of the Appendix.

Security analysis

In this section, we analyse the security of the proposed


protocols. Mainly we consider the following security issues:
identifying malicious MDC, identifying replay messages
and node compromise. In node compromise we consider
MDC compromise as well as CH compromise.
8.1 Identifying malicious MDC and replay
messages
Malicious MDC is capable of launching various attacks as
explained in Section 3. The adversary tries to collect the data
using the malicious MDC from legitimate CHs. Now we
discuss how the proposed protocols identify such malicious
MDC to counter the attacks. In TSP Protocol, a malicious
MDC obtains by eavesdropping, the beacon message
IDMDC {SKi TSi }CCHK h(SKi ). But CCHK is known only
to the CH and the BS. Hence, malicious MDC cannot
decrypt the message. Further, replay of the message to the
CH fails to authenticate the malicious MDC as every
messages carries a unique time stamp TSi encrypted with
CCHK. The information obtained by malicious MDC in
PPSP protocol is the beacon message IDMDC {h(SKi )ASi }.
As the beacon message does not reveal the session key SKi
the malicious MDC without SKi is unable to authenticate
itself. The distinct ASi used in every round enables to
identify replay messages. In SSP, the information obtained
by a malicious MDC is IDMDC {SKi TSi }Ki h(SKi ). As the
session key is encrypted by secret Ki known only to the CH
and the BS, malicious MDC is unable to authenticate itself.
Further, replay of the message to the CH fails to authenticate
the malicious MDC as every messages carries a unique time
stamp TSi encrypted with Ki .
8.2

Node compromise

We consider MDC compromise and CH compromise as these


two are the attractive targets for an adversary.
8.2.1 MDC compromise: If the adversary compromises
the MDC in ith round, then the adversary obtain the
collected data, the beacon message and the session key SKi .
The information revealed is same for TSP, PPSP and SSP.
Now we discuss the impact of MDC compromise on
collected data. Each cluster head CHj encrypts the
aggregated data using the secret key Pkj before transferring
the data to MDC. The secret key Pkj is known only to the
CH and the BS. Also the secret key Pkj is changed at
regular intervals. The collected data are in encrypted form.
Therefore the compromised MDC will not reveal any
data to an adversary. The beacon message consists of
information required to authenticate the MDC. However,
the adversary fails to decrypt the collected data from cluster
head CHj as it does not know Pkj . Hence, the protocols are
resilient to MDC compromise.
8.2.2 CH compromise: BS periodically releases MDCs
into the network to collect the data. MDC moves in the
network and in every region it establishes connection with
the CH to collect the data. After visiting all the CHs the
90

& The Institution of Engineering and Technology 2011

Fig. 5 Time line representing secure and vulnerable communication


when a CH is compromised for
a TSP
b PPSP
c SSP protocols

MDCs return to the BS and collected data are transferred


to the BS. This we call as one round of MDC. The time
required to complete one round is called round trip time
and is denoted as tr . The BS does not refresh the CCHK
during the round trip time tr , since this renders the
verication of a legitimate MDC by a CH unsuccessful.
Therefore the adversary can compromise a CH during the
time tr . Let tMDCi be the time at which ith round of MDC
started.
After compromising a CH the adversary obtains all the
information stored in it. By obtaining the stored
information, the adversary may deploy malicious MDCs
and try to collect the data from non-compromised CHs. The
resiliency against CH compromise refers to the time
required for an adversary to deploy malicious MDC to
collect the data from non-compromised CHs during the
interval tr . Analysis of CH compromise with respect to the
proposed TSP, PPSP and SSP is given below:
TSP Protocol: If a CH is compromised during the interval
tr then adversary obtains CCHK. By eavesdropping it
obtains the beacon message IDMDC {SKi TSi }CCHK h(SKi )
of legitimate MDCs. By knowing the CCHK and the
beacon message IDMDC {SKi TSi }CCHK h(SKi ) the
adversary is able to deploy a malicious MDC. Let the time
required to compromise a CH and to deploy a malicious
MDC be tx . Fig. 5, shows the time period for which the
communication among CHs and MDCs is secure and when
it becomes vulnerable to attacks by an adversary.
PPSP Protocol: By compromising a CH during the interval
tr , the adversary obtains d pre-positioned secret information of
the polynomial f (x) and by eavesdropping obtains the beacon
message IDMDC {h(SKi )ASi }, which consists of the
(d + 1)th share of f (x). Let ty be the time required for an
adversary to compromise a CH. By knowing (d + 1)th share
it is not possible for an adversary to immediately deploy a
malicious MDC for data collection. It requires some time to
evaluate the polynomial using the compromised shares and
compute the session key SKi = f (0). At time tx , say, the
adversary is able to deploy malicious MDC. As tx . ty , the
resiliency to CH compromise for this protocol is better than
TSP.
SSP Protocol: In this protocol, by compromising a cluster
head CHi the adversary obtains the sensed data along with the
shares of the polynomial fi (x). Let ty be the time required for
an adversary to compromise a CH. To deploy a malicious
node, the adversary computes the secret Ki = fi (0). At time
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95
doi: 10.1049/iet-wss.2010.0086

www.ietdl.org
Table 2

Resiliency of the proposed protocols against CH


compromise
Protocol

Communication

Computation

Malicious MDC
deployment
time during tr

TSP
PPSP

1 Msg
1 Msg

tx
tx . ty

SSP

l Msgs

polynomial
evaluation
polynomial
evaluation

tx . tz . ty

tz it computes the secret Ki . Now by knowing the secret and


eavesdropped beacon message it is not possible to deploy a
malicious MDC. As this beacon messages is intended for
particular cluster head CHi , to obtain the required beacon
message the adversary has to wait until a legitimate MDC
visits the compromised CH. At time tx it obtains the
intended beacon message. Therefore the adversary can
deploy malicious MDC for data collection only after tx ,
where tx . tz . ty .
By increasing the time required by an adversary to
compromise a CH and to deploy a malicious MDC for
data collection during the interval tr , the number of noncompromised CHs visited by malicious MDCs can be
reduced. Table 2 summarises the resiliency of the protocols
against CH compromise. We also indicate the number of
messages exchanged, computation and time required to
deploy malicious node in a network of l CHs.
To summarise the security analysis we list the following
observations: The protocols are resilient to the following
attacks; condentiality of the collected data, identication
of malicious MDC, identication of replay messages,
authentication of MDC, wormhole-hello ood attack,
wormhole sinkhole attack and attack on controlled
mobility. The protocols differ in resiliency to CH
compromise. As the time required to compromise a node in
SSP protocol is more compared to TSP and PPSP, SSP
provides better resiliency to CH compromise.

Performance analysis

In this section, we analyse the proposed protocols with


respect to communication, computation and storage required
to authenticate MDC.
9.1

Storage

Here we study the amount


cryptographic key material
encryption of the data. The
sensor, CH and MDC are
protocols.

of storage required to store


used for authentication and
storage with respect to SNdiscussed for the proposed

SN-sensor: In TSP and PPSP, all the keys along the path of
the tree for which the SN-sensor belongs to are stored in SNsensors. The number of keys of the tree each SN-sensor stores
are logm n + 1 for a cluster of size n and degree of the tree m.
In addition to this each SN-sensor stores secret key Pki
used for condential communication with the BS. In SSP
protocol the storage at SN-sensor is same as that of TSP
and PPSP protocols discussed above. In addition to this
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595
doi: 10.1049/iet-wss.2010.0086

each SN-sensor stores, one share of a polynomial, which is


used to compute the secret key Ki .
CH: For TSP and SSP protocols, storage at CH is as
follows: the CH maintains m-ary tree consisting of all
the SN-sensors in the cluster. Therefore storage required to
m
maintain the tree is (m1
)n. Also each CH stores its secret
key Pki for condential communication with the BS and
CCHK to communicate with other CHs. In PPSP protocol
each CH stores all the keys as discussed in TSP protocol. In
addition to this each CH stores d points of a polynomial
f (x) as prepositioned secret information, which are used to
compute the session key SKi when MDC visits CH.
MDC: In TSP and PPSP Protocol, MDC stores the session
key SKi and the beacon message IDMDC {SKi TSi }CCHK
h(SKi ), IDMDC {h(SKi )ASi } respectively. The MDC
stores a table of size l in SSP, where l is number of CHs
in the network. Each entry consists of IDCH along with
the corresponding beacon message IDMDC {SKi TSi }Ki 
h(SKi ).
9.2

Communication

The communication cost is measured in terms of number


of messages exchanged between a CH and the MDC to
complete authentication and transfer of data. The number of
messages exchanged to authenticate the MDC in TSP and
PPSP are six. After authentication a single message is
exchanged between the CH and the MDC to transfer the
encrypted data. The message exchanges are shown in Figs 9
and 10 of the Appendix, respectively. In SSP, the MDC rst
sends a hello message to the CH. On receiving hello
message the CH sends its ID to the MDC. Then the intended
beacon message is sent by the MDC and authentication
process begins. The entire authentication process here
requires a total of ten messages to be exchanged between the
CH and the MDC. After authentication, like other protocols,
here also a single unicast message transfers the encrypted
data to the MDC. The message exchanges are shown in
Fig. 11 of the Appendix.
9.3

Computation

The computation cost is measured in terms of various


operations that are performed to authenticate the MDC and
to transfer the data. The TSP performs only encryption/
decryption operations and one way hash functions to
authenticate the MDC and transfer data. Here CH performs
one encryption and two decryption operations and a
singlehash operation to authenticate the MDC. To transfer
data CH performs a single encryption operation. The
computations at MDC are one encryption and one
decryption for authentication.
The PPSP authenticates MDC by performing one
encryption/decryption operation, and one hash function. In
addition to the above operations CH constructs a d degree
polynomial and evaluates the same to compute session
key SKi used for authentication. The MDC performs one
encryption and one decryption during authentication process.
After authentication CH performs a single encryption
operation before transferring the data to MDC.
In SSP rst CH constructs a polynomial of degree d using the
shares received by SN-sensors. By evaluating the constructed
polynomial it obtains the secret Ki used to encrypt the
authentication key SKi . It performs one encryption and two
decryptions to authenticate MDC. To transfer the data to
MDC, CH performs one encryption. Like in TSP and PPSP
91

& The Institution of Engineering and Technology 2011

www.ietdl.org
Table 3

Storage, communication and computation cost at CH for authentication of MDC and secure data transfer
Storage

TSP

PPSP

SSP

Communication

Computation

SN-sensor

CH

MDC

Send

Receive

ENCa

DECb

Other operations

logm n + 1
Pki

 m 
n
m1

SKi
1 beacon msg

hash function

logm n + 1
Pki

CCHK
Pk
 mi 
n
m1

SKi
1 beacon msg

polynomial construction
hash function

logm n + 1
Pki share of fi (x)

CCHK
Pki , d points
 m 
n
m1

SKi
l beacon msgs

polynomial construction
hash function

CCHK
Pki , Share of fi (x)
a

ENC, encryption
DEC, decryption

here also the computations at MDC are one encryption and one
decryption to authenticate itself.
From the performance analysis we can observe that the TSP
protocol is efcient with respect to storage, communication
and computation compared with PPSP and SSP protocols.
Table 3 summarises the storage, communication and
computation of TSP, PPSP and SSP protocols. We consider
a network of l clusters each of size n. In the table
computation cost is tabulated with respect to CH, because
the computation at MDC is same for all the protocols.

10

Energy analysis

In this section we discuss the energy analysis of the


proposed protocols. The experiments were conducted with
PoweTOSSIM [22]. It is a scalable simulation environment
for WSNs that provides an accurate, per-node estimate of
power consumption. Simulations were conducted to study
the energy utilisation of the proposed protocols. The TSP,
PPSP and SSP are simulated, where we recorded the energy
utilisation of the nodes on round basis. The energy shown
in the simulations is for entire one round of the MDC
including authentication and data transfer at each node. For
our experiments we considered 10% of the nodes as CHs,
for different sized network a same percentage of CHs is
considered. The energy analysis for TSP, PPSP and SSP
are shown in Figs. 6 8, respectively. The graphs represent
energy utilisation for different rounds. If we observe the
pattern of power consumption for varying cluster size, it
reveals new things. The power utilisation of TSP is
gradually stabilising, whereas in PPSP and SSP protocols it
increases exponentially. This is because the computation in
PPSP and SSP protocols intensies when there are more
nodes in the network and these computations are higher
than the TSP/protocol. Thus additional security provided
by PPSP and SSP protocols requires higher energy.
Therefore there is a tradeoff between energy and level of
security being provided.
10.1

Discussion of the proposed protocols

The proposed protocols are used for secure data collection.


Here we discuss suitability of the protocol with respect to a
type of application and performance. SSP protocol requires l
92

& The Institution of Engineering and Technology 2011

Fig. 6 Energy utilisation of CH for different rounds of MDC visits


in TSP protocol

Fig. 7 Energy utilisation of CH for different rounds of MDC visits


in PPSP protocol

messages to be exchanged and one polynomial evaluation


operation to deploy a malicious MDC as a result of CH
compromise. In PPSP it requires one message to be
exchanged and one polynomial evaluation operation.
Whereas in TSP by exchanging a single message and
IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95
doi: 10.1049/iet-wss.2010.0086

www.ietdl.org

Fig. 8 Energy utilisation of CH for different rounds of MDC visits


in SSP protocol

compromising a CH an adversary is able to deploy malicious


MDC for data collection. This analysis shows that SSP
protocol is having higher resiliency to CH compromise
compared to SSP and TSP protocols. Therefore applications
where the collected data is more sensitive like military
applications SSP protocol is suitable. The TSP and PPSP
are energy efcient compared to SSP hence are suitable for
resource constrained networks. The performance analysis of
the protocols illustrate that communication and computation
costs for authentication and secure data transfer is higher in
SSP protocol compared with TSP and PPSP.

11

Conclusion

The data collection using MDC in clustered WSN is one of


the important technique to increase the network lifetime.
The secure data collection in clustered WSN using MDC is
not explored in detail in the literature. We proposed three
protocols TSP, PPSP and SSP for MDC-based secure data
collection in clustered WSN. The protocols are designed
using tree-based key management scheme. The designed
protocols address some of the important security issues like
identifying malicious MDC and replay messages. The
detailed performance and security analysis of the proposed
protocols along with energy analysis is explained. The
analysis shows that the proposed protocols provide varying
level of security against node compromise attack by
imposing additional computation overhead.

12

References

1 Akyildiz, I.F., Su, W., Sankarasubramanian, Y., Cayirci, E.: A survey


on sensor networks, IEEE Commun. Mag., 2002, 40, (8), pp. 102 114
2 Ekili, E., Gu, Y., Bozdag, D.: Mobility based communication in wireless
sensor networks, IEEE Commun. Mag., 2006, 44, (7), pp. 5662

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595


doi: 10.1049/iet-wss.2010.0086

3 Wu, Q., Rao, N., Barhen, J. et al.: On computing mobile agent routes
for data fusion in distributed sensor networks, IEEE Trans. Knowl.
Data Eng., 2004, 16, (6), pp. 740753
4 Jain, S., Shah, R.C., Brunette, W., Borriello, G., Roy, S.: Exploiting
mobility for energy efcient data collection in wireless sensor
networks, Mob. Netw. Appl., 2006, 11, (3), pp. 327 339
5 Shah, R., Roy, S., Jain, S., Brunette, W.: Data MULEs: modeling a
three-tier architecture for sparse sensor networks. Proc. IEEE
Workshop on Sensor Network Protocols and Applications (SNPA),
Anchorage, Alaska, May 2003, pp. 30 41
6 Qi, H., Xu, Y., Wang, X.: Mobile agent based colobarative signal and
information processing in sensor networks, Proc. IEEE, 2003, 91, (8),
pp. 1172 1183
7 Chen, M., Kwon, T., Choi, Y.: Data dissemination based on mobile
agent in wireless sensor networks. Proc. IEEE LCN 2005, 2005,
pp. 527 529
8 Yarvis, M., Kushalnagar, N., Sing, H.: Exploitng heterogeneity
in sensor networks. Proc. IEEE Infocom 2005, Miami, Fl, March
2005
9 Du, X., Xiao, Y.: Energy efcient chessboard clustering and routing in
heterogeneous sensor networks, Int. J. Wirel. Mob. Comput., 2006, 1,
(2), pp. 121 130
10 Duarte-Melo, E., Liu, M.: Analysis of energy consumption and lifetime
of hetrogeneous wireless sensor networks. Proc. IEEE Globecom,
Taipei, Taiwan, November 2002
11 Zhou, L., Ni, J., Ravishankar, C.V.: Supporting secure communication
and data collection in mobile sensor networks. Proc. 25th
IEEE Int. Conf. on Computer Communications (Infocom06), 2006,
pp. 1 12
12 Rasheed, A., Mahapatra, R.: Secure data collection scheme in wireless
sensor networks with mobile sink. Proc. of Seventh IEEE Int. Symp. on
Network Computing Applications, 2008
13 Poornima, A.S., Amberker, B.B.: Agent based secure data collection in
heterogeneous sensor networks. Proc. Second Int. Conf. on Machine
Learning and Computing (ICMLC 2010), Bangalore, India, 9 11
February 2010
14 Poornima, A.S., Amberker, B.B.: Tree-based key management
scheme for heterogeneous sensor networks. Proc. 16th IEEE Int.
Conf. on Networks (ICON 2008), New Delhi, India, 12 14 December
2008
15 Jea, D., Somasundara, A.A., Srivastava, M.B.: Multiple controlled
mobile elements (data mules) for data collection in sensor networks.
IEEE Distributed Computing in Sensor Systems (DCOSS), Marina
Del Ray, CA, July 2005, pp. 244 257
16 Shah, P., Sivalingam, K.M., Agrawal, P.: Efcient data gathering in
distributed hybrid sensor networks using multiple mobile agents.
Proc. Third Int. Conf. on Communication System Software and
Middleware (COMSWARE), Bangalore, India, January 2008
17 Ma, M., Yang, Y.: SenCar: an energy-efcient data gathering
mechanism for large-scale multihop sensor networks, IEEE Trans.
Parallel Distrib. Syst., 2007, 18, (10)
18 Kumar, A.K., Sivalingam, K.M.: Energy-efcient mobile data
collection in wireless sensor networks with delay reduction using
wireless communication. Proc. Second Int. Conf. on Communication
Systems and Networks (COMSNETS), Bangalore, India, 2010,
pp. 1 10
19 Wong, C., Gouda, M., Lam, S.: Secure group communication using key
graphs. Proc. ACM SIGCOMM98, October 1998
20 Lipson, J.D.: Elements of algebra and algebraic computing (AddisonWesly, Reading, HA, 1981)
21 Shamir, A.: How to share a secret, Commun. ACM, 1979, 22, (11),
pp. 612613
22 Shnayder, Hempstead, V.M., Chen, B., Allen, G., Welsh, M.:
Simulating the power consumption of large scale sensor network
applications. Proc. Second ACM Int. Conf. on Embedded Networked
Sensor Systems (SENSYS 2004), 2004, pp. 188200

93

& The Institution of Engineering and Technology 2011

www.ietdl.org
13

Appendix

Fig. 9 Identication of malicious MDC and replay messages using TSP

Fig. 10 Identication of malicious MDC and replay messages using PPSP

94

& The Institution of Engineering and Technology 2011

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 85 95


doi: 10.1049/iet-wss.2010.0086

www.ietdl.org

Fig. 11 Identication of malicious MDC and replay messages using SSP

IET Wirel. Sens. Syst., 2011, Vol. 1, Iss. 2, pp. 8595


doi: 10.1049/iet-wss.2010.0086

95

& The Institution of Engineering and Technology 2011