A Bilinear Pairing-Based Dynamic Key Management and Authentication for Wireless Sensor Networks

. In recent years, wireless sensor networks have been used in a variety of environments; a wireless network infrastructure, established to communicate and exchange information in a monitoring area, has also been applied in different environments. However, for sensitive applications, security is the paramount issue. In this paper, we propose using bilinear pairing to design dynamic key management and authentication scheme of the hierarchical sensor network. We use the dynamic key management and the pairing-based cryptography (PBC) to establish the session key and the hash message authentication code (HMAC) to support the mutual authentication between the sensors and the base station. In addition, we also embed the capability of the Global Positioning System (GPS) to cluster nodes to find the best path of the sensor network. The proposed scheme can also provide the requisite security of the dynamic key management, mutual authentication, and session key protection. Our scheme can defend against impersonation attack, replay attack, wormhole attack, and message manipulation attack.


Introduction
In recent years, wireless sensor networks have been used in a variety of environments; a wireless network infrastructure, established to communicate and exchange information in a monitoring area, has also been applied in different environments, including disaster relief operations, seismic data collecting, monitoring wildlife, and collecting battlefield information.
Due to their small size, the sensors can be spatially scattered to form an ad hoc network. The sensors have an inherent limitation. The wireless sensor network requires an appropriate encryption or decryption system to protect the collected information [1]. The high cost of an encryption/decryption mechanism (e.g., Diffie and Hellman key management [2] or Rivest et al. encryption [3]) is unsuitable for use in a wireless sensor network.
In addition, the topology of the network environment is another important issue. The hierarchical predistribution protocol [4] allows some of the cluster nodes to aggregate the events of the sensor nodes to communicate with the base station. The hierarchical predistribution protocol includes several cluster nodes, sensor nodes, and base station; the most common hierarchical networks are two-level, and the two classes of sensor are sensor node and cluster node. The advantage of this scheme is the easy management of the data aggregation [5][6][7]. The process of aggregating the data from multiple nodes involves eliminating redundant transmission and providing fused data to the base station. It is also considered as an effectual technique for wireless sensor networks to save energy [8]. The most popular data aggregation algorithms are cluster-based data aggregation algorithms, in which the nodes are grouped into clusters: each cluster consists of a cluster node and some sensors; each sensor transmits data to its cluster node; and each cluster node aggregates the collected data; it then transmits the fused data to the base station.
The key management scheme is divided into four types: the Random Key Predistribution Protocol (RKP), the Group-2 Journal of Sensors nodes share at least one common key, ensuring adequate storage space and the range of the network is a challenge. The PIKE scheme [10] addressed the problem of high density deployment requirements in RKP. But in this scheme the session key is segmented into many key fragments. Therefore, the combination of the session key is complex. However, the PIKE solved the storage problem of RKP. Cheng and Agrawal proposed an improved key distribution mechanism [11]. The IKDM established a session key which used the exchange information between sensors; it can easily generate a session key by the polynomial function. In recent years, the pairing-based cryptography [12], TinyPBC, is a tiny pairing-based protocol and its computation cost is lower than other corresponding bilinear pairing-based schemes. The pairing-based mechanism was used in the sensor network to accomplish the key management of the sensor's session key. It can use the sensors' identity for sensors to send data to each other via the sensor network. After the identity exchange, the sensors key can easily compute the session key via the bilinear pairing. In such design, the security can also be enhanced.
In this paper, we propose using bilinear pairing to design dynamic key management and authentication scheme of the hierarchical sensor network. We use the dynamic key management mechanism [13,14] and the pairing-based cryptography (PBC) [12,15,16] to establish the session key. We also use the hash message authentication code (HMAC) [15,17] to offer mutual authentication between the sensors and the base station. Moreover, we also involve the capability of the Global Positioning System (GPS) [18,19] to cluster nodes, in order to find the best path of the sensor network.
The remainder of this paper is organized as follows. The preliminaries are presented in Section 2. The proposed scheme is described in Section 3. The security analysis of our scheme is given in Section 4. And the discussions are offered in Section 5. Finally, conclusions are presented in the last section.

Preliminaries
2.1. Sensor Network Architecture. Categories of sensor networks significantly affect key establishment design [4]. The relative capabilities of different sensors are divided into the following two classes: (1) homogeneity: all sensors have the same capabilities; (2) heterogeneity: there is an inherent hierarchy of sensors with respect to their capabilities (with fewer sensors at higher, more "powerful" levels). The most common hierarchical networks are two-level, where there are two classes of sensors.
We choose the hierarchical sensors network's model, and the architecture is described as follows: a small number high class sensors (cluster node), large number low class sensors (sensor node), and a sink node (base station). High class sensors have more powerful ability, they have been equipped with tamper-resistant hardware and GPS capability, the cluster node with powerful ability can plan routing table and achieve more security of sensor network, and the low class sensors have not been equipped with tamper-resistant hardware and GPS capability.

Bilinear
Pairing. The bilinear map can be constructed on elliptic curves. Each operation for computing ( , ) is a pairing operation [8]. Let be a cyclic additive group, and let be a cyclic multiplicative group. Both groups and have the same prime order . Groups and are called bilinear groups. The security of the bilinear pairing-based scheme relies on the difficulty of the Discrete Logarithm Problem (DLP); that is, given the point = , no efficient algorithm exists to obtain given and . The mapping : × → is called a bilinear map if it satisfies the following properties: (2) nondegenerate: , ∈ exists such that ( , ) ̸ = 1 , an efficient algorithm exists to compute ( , ) for any , ∈ .

Hash Massage Authentication Code (HMAC).
We combine the message authentication code [20,21] and the bilinear pairing key to accomplish the hash-based message authentication code (HMAC); this is a specific construction for computing a message authentication code (MAC) using a cryptographic hash function in combination with a secret key. Both data integrity and authenticity of a message can be achieved by using a hash-based message authentication code in such a technique. We note HMAC (i.e., (⋅) is a HMAC which signifies a one-way hash function with pairing key ).

Pairing-Based Cryptography (PBC).
Since pairing-based cryptography (PBC), based on the identity-based cryptography (IBC) [22,23], is used in many environments of cryptographic protocols and applications [12], the IBC has some drawbacks; this method needs a private key generator (PKG); it is a trusted entity in charge of generating and escrowing user's private keys. In wireless sensor networks, if the sensors need to be deployed in an unattended environment, a sensor node should be a PKG, and this is difficult in a wireless sensor network. If we can easily generate a session key via a simple mechanism, it can reduce the complexity. PBC technology does not need a PKG and the sensors can authenticate themselves in the wireless sensor network. Therefore, the PBC is the best technology for key management.

The Proposed Scheme
In this paper, we propose a bilinear pairing-based scheme to design a dynamic key management for wireless sensor network. We first introduce the proposed protocol architecture as in Figure 1. (1) Base station broadcasts the starting message to cluster nodes.
(2) Cluster nodes respond the message authentication code to the base station.
(3) After authentication, the base station sends a response message to allow cluster nodes to rule its group members of the sensor nodes.
(4) Cluster node broadcasts the request message to find the members from the neighboring sensor nodes.
(5) Sensor nodes reply the request and respond the message authentication code to the cluster node.
(6) In order to get the sensor nodes' session key, if the cluster node can transmit to the base station, enter into Step 6.1; else if the cluster node needs to transmit the collected information via the next neighboring, enter into Step 6.2.
(7) After authentication, the base station sends the corresponding session key of sensor nodes to the cluster nodes.
(8) After receiving the session keys, the cluster nodes can verify the message authentication code from Step 5. After that, the cluster nodes send the updated identities to the sensor nodes.

Initialization Phase.
In this phase, the base station computes the parameters to predistribute into the sensor nodes and the cluster node. The overview of the initialization phase is shown in Figure 2. Step 1. First, the base station selects a random number and computes the sensor node identity SN : Then, the base station randomly selects a secret parameter and uses the secret parameter and sensor node identity SN to compute the secret parameter SP1 SN : The base station randomly computes a key pool 1 , where 1 = ( SN 1 , SN 2 , . . . , SN ), and distributes a session key SN to the th sensor node. It then stores the sensor node identity SN and the SN in the key list list SN : After that, the base station sends the parameters (SP1 SN , SN , SN ) to the corresponding sensor node.
Step 2. The base station selects a random number and computes the cluster node identity CN : Then the base station randomly selects a secret parameter and uses the random secret parameters ( , ) to compute the secret parameters (SP1 CN , SP2 CN ), respectively: The base station randomly computes a key pool 2 , where 2 = ( CN 1 , CN 2 , . . . , CN ), and distributes a session key CN to the th cluster node. It then stores the cluster node identity CN and the CN in the key list list CN : The base station sends the parameters (SP1 CN , SP2 CN , CN , CN ) to the cluster node. BS Randomly selects a number r 1 (Msg start , r 1 ) Randomly selects a number r 2 Figure 3: The overview of the starting cluster node.

The Starting Cluster Node Process.
After the sensors are deployed, we must start the cluster node and get the path routing. In Figure 3, we authenticate the cluster node to confirm the legality of the cluster node. Next, the cluster node can rely on the location-based routing to find the best routing path.
Step 1. First, the base station selects a random number 1 and broadcasts the message (Msg start , 1 ) to the sensor network.
Step 2. When the cluster node CN receives the message, it can select a random number 2 and compute the message authentication code with key CN : The cluster node CN then sends the message ( CN , 2 , MAC CN ) to the base station.
Step 3. Upon receiving the message, the base station can use identity CN to find key CN from the list CN : It then computes the message authentication code MAC CN and checks if it is equal to MAC CN : 3.3. Location-Based Routing Phase. The cluster nodes can establish the best route on the basis of receiving the broadcast location message in a monitoring area.
Step 1. After the initialization phase, the sensor nodes and cluster nodes store the operating parameters and then distribute the associated messages within their monitoring environment.
Figure 4: Each cluster node broadcasts its location to its neighbor cluster nodes.
Step 2. The base station broadcasts the starting message Msg start to the cluster nodes.
Step 3. Upon receiving the starting message, the cluster node (equipped with a GPS receiver) broadcasts the message Msg location concerning its location to the neighbor cluster nodes.
Step 4. After receiving the message Msg location , the cluster nodes know the location of the source of the neighboring cluster such that it can transmit the monitoring data to the cluster node which is the nearest node to the base station.
For example, in Figure 4, cluster nodes 1 , 2 , 3 , 4 , 5 ,  messages to select the nearest node from the base station and establish the multihop routing path to the cluster node 1 . The cluster node 1 will be used to relay communications to the base station, so the best path of the cluster node 5 will be established as follows: 5 → 1 → BS. On the basis of the shortest distance between the cluster node and the base station, each cluster node will establish the best routing path.
In Figure 5, the cluster node 9 can determine that the neighbor cluster node on the best path is 5 , and the cluster node 5 can determine the 1 and BS, respectively. The best path for the cluster node 9 can be established as follows: In the same way, the cluster node 3 can determine the best path: 3 → 2 → 1 → BS. Every pair of nodes along the resulting multihop path can establish a pairwise key for encrypted communication in such a way that each intermediate node can relay data towards the base station in a totally secure way. Location awareness also increases the probability that the geographically closest node pairs establish a pairwise session key along the best path to the BS, with the effect of saving energy on all the nodes involved in multihop routing.

The Authentication
Phase of the Cluster Node and the Sensor Node. The base station sends the broadcast message Msg start to the cluster nodes; when the cluster node receives the message, it will broadcast the request message Msg req to find the neighboring sensor node to join the group. The overview of the authentication phase of the cluster node and the sensor node is shown in Figure 6.
Step 1. When the cluster node CN receives the starting message Msg start , the cluster node CN selects a nonce 1 and sends ( CN , 1 , Msg req ) to the neighboring sensor nodes.
Step 2. Upon receiving the message, the sensor node SN selects a nonce 2 and uses ( 1 ‖ 2 ‖Msg rep ) to compute the message authentication code MAC 1 : The sensor node SN sends ( SN , 2 , Msg rep , MAC 1 ) to the th cluster node CN .
Step 3. The cluster node CN adds the sensor node's identity SN into the identity list SNID list : It then sends the cluster node's identity and the sensor node's identity list SNID list to the base station. If the cluster node is the nearest base station, then it directly enters into Section 3.4, the Authentication Phase of the Base Station and the Cluster Node. Otherwise, the cluster node needs to transmit the collected information via the next neighboring cluster node and enters into Section 3.5, the Authentication Phase of the Cluster Node and the Cluster Node.
After the authentication and obtaining the session key of the sensor node, the cluster node CN computes the message authentication code MAC 1 and checks if it is equal to MAC 1 or not: Then the cluster node CN selects a random integer number , computes the new parameter ( CN , SN ), and updates into ( CN , SN ), respectively: The cluster node CN uses the session key to encrypt the new parameter SN of the sensor node SN : The cluster node CN randomly selects a nonce 3 and computes the message authentication code MAC 2 : Then the cluster node CN sends the message ( CN , 1 , 3 , MAC 2 ) to the sensor nodes.
Step 4. The sensor node SN computes the message authentication code MAC 2 and checks if it is equal to MAC 2 : Journal of Sensors Randomly selects a nonce n 1 (P CN , n 1 , Msg req ) Randomly selects a nonce n 2 Sends SNID list to the base (P SN , n 2 , Msg rep , MAC 1 ) station to find the session key MAC 1 = H K SN (n 1 ‖ n 2 ‖ Msg rep ) Randomly selects an integer Updates P CN = P CN Updates P SN = P SN Randomly selects a nonce n 3 Figure 6: The overview of the authentication phase of the cluster node and the sensor node.
After authentication, the sensor node SN decrypts the encrypted message 1 : Then the sensor node updates parameter SN : 3.5. The Authentication Phase of the Base Station and the Cluster Node. In this phase, the cluster node sends the message to the base station to find the corresponding sensor node's session key. The overview of the authentication phase of the base station and the cluster node is shown in Figure 7.
Step 1. First, the cluster node CN collects the sensor nodes identity SN into the identity list SNID list : Then the cluster node CN uses the pairing function to compute the pairing session key CN −BS : It computes the message authentication code MAC CN −BS : Then the cluster node CN sends the message ( CN , CN , SNID list , MAC CN −BS ) to the base station.
Step 2. After receiving, the base station uses the pairing function to compute the pairing session key BS−CN : The base station computes the message authentication code MAC CN −BS : It checks if it is equal to MAC CN −BS : After authentication, the base station uses the identity list SNID list to find the corresponding session key SN , makes the key list list SN , and enters it into SN CN : The base station randomly selects a nonce BS and computes the message authentication code MAC BS−CN : Then, the base station uses the pairing session key to encrypt the sensor node's session key list SN CN : The base station sends the message ( BS , BS , 2 , MAC BS−CN ) to the corresponding cluster node CN .
Step 3. When the cluster node CN receives the message, it computes the message authentication code MAC BS−CN : Then, the cluster node CN decrypts the encrypted message 2 : In this phase, the cluster node CN obtains the sensor node's session key SN and finishes the mutual authentication with the base station.

The Authentication Phase of the th Cluster Node and the
th Cluster Node. When the cluster cannot directly transmit the message to the base station, it will enter into this phase. The overview of the authentication of the cluster node and the cluster node is shown in Figure 8.
Then, the cluster node CN sends the message ( CN , 1 , Msg collect , MAC CN −CN ) to the cluster node CN .
Step 2. When receiving the message, the cluster node CN computes the pairing session key CN −CN : Then, the cluster node CN uses the pairing session key CN −CN to compute the message authentication code MAC CN −CN and checks if it is equal to MAC CN −CN : The cluster node CN randomly selects a nonce 2 and computes the message authentication code MAC CN −CN : The cluster node CN sends the message ( CN , 2 , MAC CN −CN ) to the cluster node CN .   (36)

The Authentication between the Cluster Node and the Sensor Node
(1) The Cluster Node Authenticates Sensor Node. In the authentication phase of the cluster node and the sensor node, when the sensor node SN receives the message ( CN , 1 , Msg req , Msg location ), the sensor node SN selects a nonce 2 and uses ( 1 ‖ 2 ‖Msg rep ) to compute the message authentication code MAC 1 : After the authentication of the base station and cluster node, the cluster node CN obtains the session key of the sensor nodes. The cluster node CN computes the message authentication code MAC 1 and checks if it is equal to MAC 1 : (2) The Sensor Node Authenticates the Cluster Node. The cluster node CN uses the session key to encrypt the new parameter SN of the sensor node SN : The cluster node CN randomly selects a nonce 3 and computes the message authentication code MAC 2 : Then the cluster node CN sends the message ( CN , 1 , 3 , MAC 2 ) to the sensor nodes. When the sensor node SN receives the message, it computes the message authentication code MAC 2 and checks if it is equal to MAC 2 : Therefore, our schemes achieve the mutual authentication between the cluster node and sensor node.

The Authentication between the th Cluster Node and the th Cluster Node
(1) The th Cluster Node Authenticates the th Cluster Node. In the authentication phase of the cluster node and the cluster node, the cluster node CN computes the pairing session key CN −CN and randomly selects a nonce 1 to compute the message authentication code MAC CN −CN as follows: (46) Therefore, our scheme achieves mutual authentication among the cluster nodes.

The Authentication between the Base Station and the Cluster Node
Therefore, we complete the mutual authentication.

Dynamic Key Management.
Our scheme offers random pairwise keys predistribution. After completing the information transmission, the cluster nodes and the sensor nodes update the session key for each session. It can prevent the replay attack. We divide it into two parts to analyze this process: the cluster node to sensor node and the cluster node to cluster node.
(1) The Cluster Node to Sensor Node. For example, if the sensor node SN wants to communicate with the cluster node CN , it computes the dynamic key SN −CN : Then, it encrypts the collected data with the key SN −CN and sends the encrypted message SN −CN ( ) to the cluster node CN .
Upon receiving the message, the cluster node CN computes the session key CN −SN : 10

Journal of Sensors
Then, it decrypts the message SN −CN ( ) and gets the collected data.
After the transaction, the cluster node computes a new integer parameter new to update the identity of the cluster node and sensor nodes: So, our scheme updates a new session key in each section.
(2) The Base Station to Cluster Nodes. If the base station wants to update the session key, it can compute a new integer new to generate a new secret parameter SP2 new CN : Then, it encrypts the new secret parameter SP2 new CN with key BS−CN = ( BS , CN ) and sends to the corresponding cluster node CN . This mechanism can prevent the cluster node be captured. If a perceptible attacker gets the cluster node and intercepts the secret parameters in the sensor network, we can change the secret parameter via the base station.

Providing Session Key Protection (Elliptic Curve Discrete
Logarithm Problem). The security of our scheme relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP) concerning bilinear groups. We compute parameter SP SN ; given the point SP SN = SN , it is difficult to obtain the secret parameter by giving the secret parameter SP SN and the SN . If an attacker steals the transferred traffic information, the attacker cannot crack the session key to decrypt the ciphertext.

Impersonation Attack.
In the impersonation attack, if the attacker tries to steal the information between the sensors' communications, our scheme can defend against the information being used to conduct falsification, modification, replacement, and retransmission. In order to prevent the impersonation attack, the session key is generated by using mutual authentication. In the mutual authentication phase, we use CN −CN (⋅) and a one-way hash function with key CN −CN to implement message authentication; the key is difficult to crack and calculate. The related information is shown as follows: So, the attacker cannot accomplish the impersonation attack.

Replay Attack.
For the reply attack, we use dynamic key management to update the session key in each transaction, and we change the message authentication code in each If the attacker uses the message authentication code, the verifiers can verify the legality as follows: Therefore, the attacker cannot successfully achieve the replay attack.

Wormhole Attack.
In a wormhole attack, an attacker records a packet in one location of the network and sends it to another location, creating a tunnel between the attacker's nodes. The packet is retransmitted to the network under the attacker's control [24,25]. In the location-based routing determination phase of our scheme, the cluster nodes can establish the best route on the basis of the received broadcast location message in a monitoring area.
In Figure 9, if an attacker deploys a malicious cluster node , it can collect the message from the sensor nodes

Message Manipulation Attack.
In a message manipulation attack, an attacker may drop, modify, or even forge exchanged messages in order to interrupt the communication process [15]. In Figure 10, an attacker deploys a malicious cluster node and forges a fake cluster node; the malicious node can receive messages from the cluster nodes, and the attacker may drop, modify, or even forge exchanged messages in order to interfere with the normal communication process. If a malicious cluster node wants to interfere with a path among 1 , 2 , 4 , the cluster node 4 communicates with the malicious cluster node , and it cannot pass the mutual authentication successfully, because it is difficult to compute the HMAC's key. Moreover, the routing path is established in the location-based routing determination phase. It is impossible for an attacker to interfere with the routing path and message.

Discussions
In Table 1, our scheme can prevent more attacks than other related schemes. In Table 2, the cluster node only needs to store 1 session key and 2 identity parameters; we can use the bilinear pairing function to calculate the session key between the clusters or the session key between the cluster and the base station. We use the GPS to support the path planning agreements and use the location-based routing determination to build the network routing path. The dynamic key management protocol can update the session key to enhance the security.
The proposed scheme provides complete authentication. In Table 3, we make the computation cost of the session key agreement according to four stages.
(1) Sensor Node to Sensor Node. TinyPBC is a tiny pairingbased protocol and the computation cost is lower than the bilinear pairing-based protocol. In this stage, the scheme TinyPBC can use the cost 2 ℎ + 2 + 1 + 1 + 2 to generate a session key. We have more cost 2 ℎ + 2 than the TinyPBC scheme does. Our scheme inherits the advantage of the TinyPBC: we use the sensor level to build the hierarchical sensor network; that is, we use TinyPBC's topology (sensor node to sensor node) to our scheme (cluster node to cluster node), and it provides more powerful key management in WSN. It can also easily carry out message data aggregation and generate the session key between the cluster node and sensor nodes. So, our scheme can prevent more attacks, such as wormhole and message manipulation attacks. The computation cost of the pairing-based cryptography is  the same as the TinyPBC scheme, but our scheme has better performance and security.
(2) Cluster Node to Sensor Node. According to the comparison of the KMTD, the sensor network is more convenient, complete, and secure. In order to achieve more security and easy key management, we use the bilinear pairing to generate the session key. We need not use the encryption and decryption to generate the session key or the base station's help. The computation cost is reduced and 3 ℎ + + and 2 + + are added to help the session key generation. This method can defend against more attacks and also has the path planning agreement.
(3) Cluster Node to Cluster Node. According to the comparison of the IKDM, the computation cost is reduced to 2 + and added the bilinear pairing cost 2 + 2 + 2 . The polynomial function easily generates the session key between the cluster nodes. However, the IKDM generates a session key which is unsuitable for large scale sensor network.
The construction methods of the session key need more key material of the cluster node to combine, so we chose the bilinear pairing to generate the session key in the cluster nodes and enhance security. It can more easily complete the session key.
(4) Cluster Node to Base Station. According to the comparison of the KMTD, the computation cost is reduced to 2 ℎ + 2 + 3 and 2 is added. We combine the message authentication code and the bilinear pairing key to accomplish the HMAC. The security of our scheme relies on ECDLP; the attacker cannot compute the secret key, and this increases the security between the base station and the cluster node. The session key and the mutual authentication are generated by the bilinear pairing function. It has the characteristic of ECDLP; the attacker cannot compute the secret key and pass verification.
Based on these concepts, we use the hierarchical topology which has more power and can easily implement key management. We combine the message authentication code and the bilinear pairing key to accomplish the message authentication.

Conclusion
We used bilinear pairing to design a dynamic key management and authentication of the hierarchical sensor network. We used the dynamic key management, pairing-based cryptography, hash message authentication code, and the GPS capability's cluster nodes to establish the secure agreement of the wireless sensor network. Our scheme achieves the following goals: (1) proposing the dynamic key management to update the session key; (2) overcoming the sensor node inherent limitations. We use the hierarchical network protocol in the wireless sensor network. It is more suitable for the large monitoring range in a wireless sensor network; (3) providing the mutual authentication among the sensor nodes, cluster nodes, and the base station; (4) using the characteristics of the Discrete Logarithm Problem to generate the session key, so that its security could be enhanced. The identity of the base station , :

Notations
An integer number of secret parameters generated by the base station PUB : A public parameter, PUB = ⋅ SP1 SN , SP1 CN : A secret parameter using a secret number to compute the secret parameter for the th sensor node and cluster node, respectively SP2 CN , SP2 CN : A secret parameter using a secret number to compute the secret parameter for the th cluster node and the th cluster node, respectively , : An integer of the secret parameter generated by the cluster node and the base station, respectively The cluster node collects the sensor's identity to send to the base station : A nonce generated by MAC: The message authentication code Th eth encrypted message Msg start : The starting message which is used to start the cluster node which is dominated by the base station Msg location : Thelocationmessage Msg req : The request message generated by the cluster node to find the sensor node Msg rep : The response message generated by the sensor node to respond to the cluster node request Msg finish : Th efi n i s h e dm e s s a g e [: A s e c u r e c h a n n e l → : A ni n s e c u r ec h a n n e l .