Secure message transmission scheme in wireless sensor networks

Received Sep 29, 2020 Revised Feb 27, 2021 Accepted Mar 25, 2021 Wireless sensor networks (WSNs) have been the subject of intensive research in the past few years and the backbone of most maximum present information technology. WSNs have been employed in various applications such as track monitoring battlegrounds in military fields and patients’ medical requirements in the civilian field. The wireless sensor networks are always randomly distributed in an open area (hostile), pervasive environment, and open media channel. Thus, WSNs are vulnerable to several species of attacks. Moreover, messages may be easily intercepted or altered because the transmission is not secure, hence effective key management scheme is strongly needed to reduce the risks. Cryptography methods are a crucial aspect of WSNs to reach security goals. In this paper, we propose an efficient and secure message transmission scheme that combines the Knapsack algorithm with the Diffie-Hellmann process to encrypt messages. The results and analysis show that the proposed scheme is efficient and it achieves most of the security goals providing high privacy and security. It is also resilient against some of the well-known attacks.


LITERATURE REVIEW
The security requirement is a critical issue for network security. The network obligation ensures the delivery of messages among sensor nodes without alteration or modification. In this section, we will review some of the algorithms presented in the literature.
Jiang et al. [14] propose a distributed scheme for user authentication for WSNs that relies on the self-certified key cryptosystem (SCK). This SCK is then implemented using elliptic curve cryptography (ECC) to setup pair-wise keys for the sensor network. This scheme assumes there exist of a key distribution senter (KDC) which is in charge of secret information generation to construct pair-wise keys between users and nodes. In user authentication phase, when a user needs to join the network, he must obtain his own secret information (e.g. an identifier) from the KDC. Several researches in the literature proved that ECC is suitable in WSNs because of the discrete logarithm problem and small key sizes.
Diop et al. [15] propose an efficient and secure key management scheme for hierarchical wireless sensor network. This method presents a secure cluster formation operation which distributes the keys with each cluster head (CH) in the network to prevent the virulent nodes from joining the network, as a result sending fake messages is prevented. A lightweight scheme for user authentication that is adapted to WSNs is presented in [16]. This scheme allows establishing a session key without requiring an infrastructure. Participating members can be authenticated before gaining access to the WSN. This is because users are equipped with personal digital assistant. The security of the scheme depends on memorizing passwords which are secret keys.
Xinyang and Jidong [17] propose a secure efficient key management scheme in hierarchical wireless sensor networks. This scheme supports the establishment and updating of three kinds of keys as the following: first, a network key that all nodes share to encrypt messages and authenticate new nodes. Second, a group key that all nodes share in the same CH. Third, a pairwise key that a specific pair of nodes share in the network. This scheme is able to perform node revocation and addition in the network. The method depends on hierarchical structure which provides flexibility and scalability of the network.
A novel key management scheme which is based on the congruence property of modular arithmetic for heterogeneous WSNs is proposed in [18]. The network composes of many clusters wherein each CH is responsible of distributing key seeds to its member nodes. Then, each member uses the key seed to calculate the shared unique key with its CH and a group key that is shared in the same cluster with other nodes. The CH can keep forward secrecy via broadcasting a key update message. This method is based on ECC, therefore, it consumes more energy. However, the base station performs majority of the computations.
Gandino et al. [19] use a new key management scheme for WSNs which relies on public key cryptography (PKC) during key establishment. Each sensor node stores an authentication table wherein each row contains the information required to authenticate one node of the network. The authentication process ensures that only eligible nodes can join the WSN. This scheme uses PKC to protect the key establishment.

RESULTS AND DISCUSSION
Security requirement is a very essential aspect of protocols in WSNs. The goal of security requirements is to protect the data exchanges between nodes [20]. Also, there are several attacks presented in the literature that are needed to be considered. This section, in addition to the security requirements, presents some of the attacks presented in the literature. Some of the security requirements are presented below.

Security issues and goals
In this subsection, we present some of the security issues presented in the literature.

. Authentication, integrity, and confidentiality
One of the main challenging aspects for WSNs is authentication which verifies the identity of the source because it is used in open areas and uses the public wireless channel. Therefore, the destination node needs to ensure those messages are authenticated by identifying the source. The aforementioned process prevents the admittance of the data transmitted by the attacker or the adversary nodes [21], [22].
To get reliable and secure communications in wireless network, the received data by the target node ought to be consistent with that sent by the originating node. The information in the packets is supposed to remain intact and not altered by intermediate nodes such that virulent activity should not corrupt the data [22]. The data collected by nodes in WSNs is sensitive. Secrecy of the data should be maintained. So the message content must be concealed from every node other than the receiver. Users that have proper authorizations are supposed to have access to the information; however, illegitimate users must be declined from accessing the data [22].

Data freshness and scalability
Data freshness ensures that no outdated messages are replayed by malicious nodes. This can be done by applying time stamps or random numbers during encryption to maintain data freshness [22]. The ability of supporting expansion of network is known as network scalability. It is also known as increasing number of nodes, such that network performance is not affected. Also, scalability should be supported by wireless sensor networks' routing protocols. These routing protocols are supposed to keep their performance while the network grows larger, hence a good routing protocol has to be scalable and adaptive to changes [23]- [25].

Different attacks on WSNs
In this subsection, we present some of the attacks presented in the literature.

Eavesdropping attack and Sybil attack
Broadcasting feature of channels in wireless sensor networks makes it easier for intruders with strong receivers to eavesdrop and intercept transmitted data. This interception can gain access to different information carried by the data packets such as location of the nodes, message identifiers, node identifiers, timestamps, and application specific information [26]. In Sybil attacks, malicious nodes illegitimately assign several identities to the other nodes in the sensor network. Significant risks are posed which may decrease fault-tolerance effectiveness significantly. Authentication and encryption methods can avoid this attack [26].

Man-in-middle attack and replay attack
An attacker in Man-in-Middle attack sits between the source and destination node and sniffs any data that is exchanged between them. This enables the attacker to impersonate the sender such that it can communicate with the receiver. It can also impersonate the receiver to reply to the sender [27]. Replay attack is a security violation wherein a malicious node purposely retransmits the data packets. This retransmission process is done continuously and repeatedly such that it exhausts the victim's power supplies or buffers. As a result, it degrades the network's performance [28].

Denial of service attack
This attack attempts to separate a node from a network and exhaust its resources by keeping it busy. It continuously sends fake messages in order to prevent benign network users from accessing resources or services to which they are entitled [28].

INTRODUCTION OF THE DIFFIE-HELLMAN KEY EXCHANGE AND ITS ADVANTAGES
The Diffie-Hellman (DH) key exchange permits two parties to get a shared key through a communication channel that is public. An attacker, eavesdropping at the messages sent by both sender and receiver, will not be able to define what the shared key is. This is useful because the shared secret key can be used such that a secret session key can be created and used with symmetric key cryptography like MAC or data encryption standard (DES) [29]. Excellent scalability, low-storage memory, and communication overhead that does not need trusted third party are advantages of DH. This makes DH work for entities that do not possess a secret key and have never met in advance with a trusted third party [30].

Advantages of DH
It is assumed that the eavesdropper that has access to the public values is not able to find the shared secret key, this assumption is called the Diffie-Hellman assumption which is somehow related to the discrete log assumption. Discrete log assumption states that given a generator g of ZP* with an element public key (PUB) of ZP* is infeasible to calculate x in such a way that g x ≡PUB of ZP* [30].

THE NETWORK MODEL
In the proposed scheme, the network structure is considered to be hierarchical as shown in Figure 1. The network consists of BS and two different types of sensor nodes which are cluster head CHi and sensor nodes (Li). The sensor nodes are member nodes that are equipped with an amount of resources lower than that of the CHs. We make the following assumptions: a. BS is considered trustworthy and it performs at its highest capabilities in terms of computing power, energy, and storage capacity that are assumed. It can directly connect to all sensor nodes in the network. b. BS registers all nodes and saves a table of node ID, when a node joins the network, BS updates this table. c. All the sensor nodes in the network are static. d. CHs are in charge of data transfer, coordination, and nodes' management in the cluster which is reached by one hop to the BS. e. The sensor nodes Li can be reached by one or multi hops to the CH and they collect information about the surrounding location and transmit it to the CHs. f. Each CH is equipped with a global positioning system (GPS). g. Enemy requires at least T time capture to compromise any node. h. Each message that is exchanged has a timestamp called "T" which guarantees the information freshness.

THE PROPOSED SCHEME
The proposed scheme, presented in this section, is divided into seven phases: (i) Initialization; (ii) Node distribution; (iii) Cluster forming; (iv) Creating shared key; (v) Secure data transmission; (vi) Node removal; (vii) Updating shared key. In the following subsections, a description of each phase is presented in detail.

Initialization
In the initialization phase, the BS is responsible of generating the public key and private key needed for all nodes, CHs, and itself. All CHs are provided with tamper-resistant hardware. An adversary cannot get the keys even if it captures a CH. Thus, all CHs can use the same public key and private key (PUBCH, PRVCH). This process is depicted below, and the notations' descriptions that are used in the proposed scheme are shown in Table 1. -BS assigns an identity (ID) to itself and each sensor node and the CH.
-BS, CH, and each sensor node are pre-loaded with algorithms 1 and 2 that are shown later in this section.
-BS is preloaded with the public key of each cluster head (PUBCH) and its own public and private keys (PUBBS, PRVBS). -Each CH is preloaded with the private key, generator number, and prime number, a cyclic subgroup of large order, public key of base station (PUBBS) and the public key of all Li. -Each sensor Li is preloaded with its private key (PRVLi), generator number, and a cyclic subgroup of large order, prime number, and the public key of each CH (PUBCH).

Node distribution
An array of sensor nodes' IDs is generated by the BS in the network. Then, 100 nodes are distributed uniformly at random in the area of size (100×100) m 2 [17,18] as shown in Figure 2. The sensor nodes depend on their locations to obtain confidentially, communication and mutually authenticating each other.

Cluster forming
The clustering method is one of the main methods such that the lifetime of a sensor network is extended by reducing energy consumption. Scalability and life time can also be increased by clustering [12]. This phase starts after sensor deployment in the area where some of the nodes are selected as CH randomly whereas other nodes select their leaders based on some other parameters such as the strongest signal received from a CH [7], [31]. Between member nodes and the CH in the network, the communication is either single hop or multi-hop and the CHs communicate to the BS by single hop as shown in Figure 3. In order to reduce the energy consumption of a CH, new nodes are select as CH after certain interval of time [32]. Among sensors, energy consumption can be averaged by routing CHs [33], [34].

Creating the shared key
The DH process allows two nodes to jointly generate a shared key by directly exchanging messages with each other over an insecure communication channel [15], [19], [21]. Diffie-Hellman key exchange or key agreement does not include a third party to form a shared key between two nodes. This feature noticeably reduces the communication overhead. DH is a reliable algorithm in terms of consuming energy and overhead of communication of WSN. Here, they are using Diffie-Hellman key exchange algorithm to establish a shared key between the CH and nodes in its cluster or among nodes in the same cluster. This shared key is 1519 used by all the nodes and the CH combines the shared key with the result of the knapsack algorithm when nodes tend to send messages.

Secure data transmission
To make the data transfer secure, the message must be encrypted by the sending node when sending it to the destination. This prevents unauthorized access to the data being sent [1]. Data transmission in the hierarchical model includes two distinct parts. First, member nodes send data to their CH directly or via multi-hop technique. Second, the CHs send the data to the BS by one hop because CHs have higher resources when compared with other nodes. This phase consist of two procedures, which are described below.

Message encryption
Message encryption applies after cluster formation phase. Suppose that node LA wants to send a message "A" to node LB in the same CH. Applying this process is done as follows:  Initiate the connection with LA and LB.  Both LA and LB have private keys PRVA and PRVB consequently.  Both nodes LA and LB generate public keys as in (1) and (2) consequently, then they exchange their public keys through a secure channel.
 Next, LA and LB compute the shared key (SKAB) depending on Diffie-Hellman key exchange as shown in (3) and (4)

Message decryption
Message decryption is applied at the destination node LB. To decrypt the ciphered message in order to recover original message M, the following process is applied:  The receiver LB divides the cipher message MS into four parts.  The receiver now verifies the received message from the ID of the sender and destination by the table of ID it has. If the result verification is unsuccessful, then the message will be rejected. Otherwise the next step is applied in which the message is saved.

Removing nodes
The nodes can be easily captured and become compromised because they are deployed in an unattended environment, so they must be removed from the network. We assume that compromised nodes can be disclosed by the detection system that is used in the network, which is, after the network detects the compromised nodes and inform the CH about it. Then the cluster head broadcasts a message containing the IDs of the compromised nodes after being encrypted using the shared key. When a node receives a revocation message, first, it verifies the message's reliability that is sent by CH. Second, the node checks whether it is in communication with the node that is being compromised. If so, the node withdraws the keys that are shared with the compromised node and removes the ID from it.

Updating the shared key
To increase the efficiency of the proposed scheme and to decrease the danger of attacks, it is necessary to update the shared key. Hence the shared key of all the nodes are periodically updated. The shared key is only valid for a limited time that is less than the required time which is predicted for compromising a node. This time period depends on the environment of the network. After that time period, the BS selects a new integer modular and broadcasts it to the entire network. Every node, as well as the CHs is supposed to receive the message.

IMPLEMENTATION AND ANALYSIS OF THE PROPOSED METHOD
The proposed scheme is simulated on a PC with an Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz 2.20 GHz processer, A memory (RAM) of 8.00 GB, a 64-bit operating system Windows 10 Ultimate using C# programming language. The performance analysis of our proposed scheme is calculated based on different aspects including security requirement and security attacks, and then a comparison is made with the other schemes.

Security requirements analysis 7.1.1. Authentication and integrity
Authentication is available in this proposal because each node has a unique ID which is assigned by the BS as well as the use of MAC to achieve authentication in the secure data transmission phase. The integrity of the message is guaranteed by the verification procedure through calculating the MAC. The nodes send the messages by encrypting it using knapsack, then combine it with a shared key. The verification process fails if the message changed through the transmission. Hence, the receiving node is able to make a decision about whether a message has been infringed upon which it decides to accept or reject the message.

Scalability, confidentiality, and data freshness
The proposed scheme is fully scalable and secure because it is first based on the knapsack problem to encrypt message then it depends on the shared key. Moreover, the hierarchical topology optimizes resource consumption and confirms the scalability of the communication process. All the messages are 1521 encrypted using the knapsack algorithm in the proposed scheme. In the traditional cryptographies, the original message should be sent with the encrypted message when two nodes exchange the message. In this proposed scheme, only one message is sent after encryption. After provisioning confidentiality and integrity is assured, the freshness of all the messages is supposed to be provided. Informally, data freshness proposes that the data is recent such that stale data are not sent. In this proposed scheme, since share key between nodes are updated over time and a timestamp is added to every encrypted message sent. Subsequently, we guarantee the freshness of messages exchanged in the network.

Security attacks analysis 7.2.1. Replay attack, man-in-middle attack, and Sybil attack
Our proposal scheme is able to resist replay attack because the message sent contains the timestamp T which specifies the moment when the message was sent. This determines the difference in time which detects any attack in the replay phase. This scheme can endure man-in-middle attack even if an adversary intercepts the message transmitted between two nodes. No useful information about the shared key is revealed during a successful run. If an adversary intercepts g, it cannot compute share key as PUBA and PUBB rely on the PRVA and PRVB. To break this scheme, adversary needs to compute PRVA given g and g PRV A, which is assumed hard. Using a fake ID, the Sybil attack sends messages to the nodes in the network. Since this process is unsuccessful because the receiver checks the ID of the sender before decrypting the message using MAC.

Eavesdropping attack and stolen ID attack
The proposed scheme is able to resist eavesdropping attack because the contents of the message are a sequence of bits such that the original message is not sent. Moreover, the algorithm used in this proposed scheme makes the output not understandable because it is not repeated. Denial of Service attack tries to separate a node from a network and exhaust its resources by keeping it busy by sending fake messages. This process is only possible if the adversary is able to access the network and become its authentic member or through stealing the IDs of the nodes. Here this would not work because the adversary needs to know the shared key to encrypt the message after applying knapsack algorithm. Table 2 shows the comparison of the proposed method with other schemes in terms of security issues. Figure 4 shows the time it takes a node to send a packet from one node to another node (hop) for the purpose of message encryption and decryption.

CONCLUSION
In the applications of WSNs, data gathered by sensor nodes or CH is sensitive and important making providing proper data protection a must. Therefore, cryptography methods are necessary in order to maintain data integrity, confidentiality, and authenticity. In this paper, we proposed a method, SMTS, based on the DH key exchange such that it establishes a shared key to be used between a CH and nodes in a specific cluster or BS. The shared key is combined with the output of the knapsack algorithm when nodes tend to send messages. SMTS provides a periodical update of the shared key for all the nodes to avoid nodes from being captured and to ensure that only valid nodes send messages. Hence, it provides a continuous authentication of nodes in the network. The analyses show that our method is efficient achieves most of the security goals. Moreover, compared to other algorithms, it has an acceptable performance in terms of security issues and resistance against known attacks.