RESH: A Secure Authentication Algorithm Based on Regeneration Encoding Self-Healing Technology in WSN

. In the real application environment of wireless sensor networks (WSNs), the uncertain factor of data storage makes the authentication information be easily forged and destroyed by illegal attackers. As a result, it is hard for secure managers to conduct forensics on transmitted information in WSN. This work considers the regeneration encoding self-healing and secret sharing techniques and proposes an effective scheme to authenticate data in WSN. The data is encoded by regeneration codes and then distributed to other redundant nodes in the form of fragments. When the network is attacked, the scheme has the ability against tampering attack or collusion attack. Furthermore, the damaged fragments can be restored as well. Parts of fragments, encoded by regeneration code, are required for secure authentication of the original distributed data. Experimental results show that the proposed scheme reduces hardware communication overhead by five percent in comparison. Additionally, the performance of local recovery achieves ninety percent.


Introduction
In recent years, wireless sensor network (WSN) is widely used to human life in various areas. The protection for individual privacy becomes increasingly prominent. In the area of medical care, various sensors are attached to human body in order to collect information of patients. The identity and signs data of patients are regarded as privacy and need protection [1]. WSN as a new way for information collection and processing is an interdisciplinary field of sensor technology, network communication, biological medicine, computer technology, and so forth. Nowadays, WSN becomes a hotspot in academia and industry [2]. Due to its features of small size, high flexibility, and low power, WSN is rapidly used in pervasive computing and system on chip, as shown in Figure 1. In WSNs it is used to cluster member nodes that take part in long distance data transmission to a base station (BS). However, the secure transmission and distribution of sensitive data in WSN require deep investigation in confidentiality and integrity of data transmission.
In previous transmission technologies, the fault-tolerant ability and resistance against node capturing are much lower. In communication, if the transmitted data is attacked, the security will be hardly ensured. Existing network recovery aims at single node: that is, the data in only one fault node can be restored each time. Multiple fault nodes are common in real application. Obviously, healing of single node will cause high communication bandwidth. Because encoded information of nodes is correlated and the correlation of fault nodes is not used in recovery of single node. Recently, many researchers have conducted work on healing technology for multiple fault nodes. The problems including key management, message authentication, secure time synchronization, and intrusion detection are considered in their research. Consequently, secure communication of data in WSN has been widely concerned [3].
In secure transmission of WSN, Benenson et al. proposed a secure authentication scheme in WSN based on asymmetric encryption [4]. Inner encryption of wireless network is utilized for secure protection. After that, the scheme uses certificate authority for access control of the client. neighbor nodes are selected as verifier. In this case, it is possible to verify the users by using ( , ) secret sharing method. Wang et al. [5] deployed a private wireless sensor network to monitor the whole vehicle network. The vehicle-mounted communication mode and the position of communication event are available. Besides, they have also conducted plenty of meaningful work in secure wireless vehicle network. Goyal et al. [6] proposed an access control strategy by allowing secret key to express any monotonous control tree. A user applies to a credibly authorized party for a secret key. The authorized party decides which characteristic combination in cryptograph can be decrypted by user. This strategy has added the expressive ability of KP-ABE, but the secret key of a user should be assigned in advance. Sahai and Waters [7] firstly presented a characteristic based encryption method and used it for access control. The encrypting party connects data with a series of characteristics. The secret key, assigned to user by the credible third party, is related to access structure of the characteristic set. The secret key reflects the privilege of user. The message is encrypted by using the characteristic.
The key which satisfies the characteristic can only be used in decryption. However, this scheme cannot be popularized due to its lower expression of semantic. Bethencourt et al. [8] proposed another characteristic based encryption method. In this method, secret sharing is used in encryption stage to realize strict access control. The secret key is connected with related characteristic set. There is an access structure in the cryptograph. If the characteristic of secret key satisfies the access structure, it can be used in decryption. Otherwise, the decryption is rejected. The drawback of scheme in [9] is the requirement of polynomial interpolation to reconfigure the key. So, many complex operations of matching and exponentiation will be performed in decryption.
The authors in [9] have realized multiauthority attribute based encryption, which greatly reduced the computation overhead at stages of encryption and key generation. The security of encryption depends on hash function. Actually, no real random numbers are generated. In this case, the security of the proposed scheme is lower than that of SW scheme. Cheung and Newport utilized random elements instead of secret sharing to realize strict access control [10]. In this scheme, the sizes of cryptograph and key increase linearly with the growth of the number of characteristics. So, this scheme has lower efficiency. Carbunar et al. [11] investigated privacy content in WSN by query and proposed a SPYC protocol. This protocol considers that previous query mechanisms in WSN are lack of protection for user privacy, which may cause privacy leaking in transmission. Sheng and Li [12] presented a distributed data storage and query scheme to protect data and query range from being known by base station. But it cannot cope with collusion attack of sensor nodes and storage nodes. Subramanian et al. [13] introduced anonymous medium nodes to hide the incredible data origin. It can protect privacy of data type and query when a few normal nodes, storage nodes, and anonymous nodes are captured at the same time. However, selection of medium nodes is random and unpredictable. If the medium node is far away from the original node and destination node, it will cause unnecessary communication overhead. Additionally, data type is limit and there is one-to-one mapping between data type and conversion type. Attackers could find the mapping relationship by capturing a number of nodes. Finally, invalidation of medium node will make the path of data transmission lose efficacy.
Recently, researchers focus on secure encoding scheme with self-recovery. In these schemes, sensor nodes can receive important privacy data even when the data is attacked. Pawar et al. [14] proposed a secure scheme by restoring nodes dynamically. In this work, the authors list a few security threats of distributed storage system based on network encoding. On this basis, an eavesdropper model against illegal attacks is proposed. The scheme has good ability to resist collusion attacks. The authors in [15] proposed a faulttolerant encoding scheme, as shown in Figure 2. The scheme integrates ( , )-RS encoding with simple XOR operation. It mainly aims at high efficient restoration of single node. Actually, the scheme has improved immunity of data transmission from interference by decreasing the data transmission rate.
( > ) code words are generated by encoding original data and distributed to path for transmission. If there are multiple invalid paths, the destination node can restore original data with the received ( > ) code words.
The error correction coding has strong fault-tolerant ability and low data redundancy, which is suitable for secure data transmission. Kim et al. used linear block code to construct secure wireless data transmission [16]. Dulman et al. [17] developed an error correction coding (ECC) based data transmission scheme by making a balance between data reliability and communication overhead. Djukic and Valaee [18] proposed a secure protocol (DCDD) at transport layer in data collection oriented WSN. ECC is utilized in oriented diffused routing protocol, which improves reliability by ten percent and greatly reduces the delay. In [19], RDP coding mixed with redundancy is utilized to accelerate data restoration. Furthermore, diagonal redundancy based crossrecovery is used. A half is restored by using redundancy of counterdiagonal and the other is regarded as shared data. This scheme reduces overhead of restoring bandwidth in Journal of Sensors wireless nodes. The work of [20] proposed a method of combining scrambling technology with ECC to realize both confidentiality and reliability in wireless communication. The scheme overcomes burst error and has good security. But the communication overhead is large.
On the basis of the above studies, there are two issues on secure data transmission and data healing in WSN. On one hand, data storage in WSN is under security threat and can easily be attacked by dynamical tampering. Attackers could modify part of data content after capturing nodes. On the other hand, the usage rate of sensor nodes is limited. It may cause large performance overhead in transmission.
In this work, a secure fault-tolerant model in WSN is introduced. According to this model, the authors have designed an authentication scheme based on regeneration encoding self-healing technology. This scheme realizes secret dividing and content restoration of data on nodes in WSN. It can authenticate the integrality of data transmission without participation of original data. When wireless nodes suffered capture attack or tampering attack, the data can be restored with enough data fragments. After that, the secure authentication can be realized. The experimental results show that the proposed scheme has features of low complexity, high ability against capture attacks, and low overhead.

Preliminaries
In WSN, some nodes may lose efficacy if they are attacked. Thus, the invalid nodes will affect the reliability of data. In this work, we propose to solve data healing and security authentication by using regeneration code and secret sharing.

Regeneration Code.
Regeneration code is a local encoding technology by combing ( , )-RS code and simple XOR operation. It can restore arbitrary two missing data and has MDS feature to arbitrary and . By comparing with copying technology, regeneration code provides better efficiency of network storage and reliability of transmission. In traditional WSN, the operations of encoding and decoding are complex because computation is on the basis of finite field. So, large bandwidth overhead is required for node restoration.
We assume the restoration degree of invalid data in invalid node to be . As known from RS encoding, if a redundant data in WSN is invalid, other data blocks are required in order to restore the invalid one. Meanwhile, it causes communication overhead of times than that of the invalid block.
The increase of invalid data of nodes in WSN will enlarge overhead of data transmission and cause lots of instable security factors. To address the issues of communication overhead and security threat, Dimakis et al. proposed a scheme by using regeneration code [21]. The transmitted file is set to be . It is separated into two parts: = [ (1), (2)], ( ) ∈ 1× , ∈ {1, 2}. is finite field. (1) and (2) can, respectively, be encoded as a vector with the length of by using ( , )-RS code, = (1) ⋅ , and = (2) ⋅ . Here, ∈ × is a MDS matrix generated by ( , )-RS code. With any blocks encoded by regeneration code, a vector = + is calculated through XOR operation. The value of can be used to construct original data (1) and (2).
Firstly, the nodes in WSN should satisfy the ( , ) feature in encoding technology. In other words, encoded information is stored in nodes and can tolerate -faults. Generally, X regeneration code is required for distributed network storage. Regeneration code is an array to tolerate two faults. The simple structure is shown in Table 1. When one node (two nodes) is (are) invalid, the restoration can be realized through simple XOR operations. The decoding and update can achieve the optimal. So, it is called the optimal regeneration code because this regeneration code could correct a few faults in data transmission. The regeneration code combines multifaults-tolerant RS code and X encoding technology. It realizes the features of ( , ) and simple restoration. RS code offers a restoration for -faults. For single fault or double faults, the use of X encoding in RS code can achieve better performance in data healing.
X regeneration code is founded on polynomial, which has small local reparability [22]. Firstly, the generation rule based x 7 + y 7 + z 7 x 5 + y 7 + z 5 Figure 3: The structure of X regeneration code when = 8.
on leading diagonal is utilized to divide redundant blocks at the first row. After that, the redundant blocks at the second row are divided by using counterdiagonal. We use 8 sensor nodes for illustration, as shown in Figure 3. For node 1, the redundant block is generated by performing xor operation on 2.2. Thought of Secret Sharing. Shamir [23] proposed a secret sharing method based on Lagrange interpolation formula.
It utilizes expressiveness of coplanar points to construct a reconfigurable polynomial function. The subkey and secret data are correlated into a class with the same attribute. The content of any item can be restored with other items. The scheme has strong security. But several conditions are satisfied in use of this scheme.
(1) A large enough prime number and positive integer are selected, > .
; is the product of the top numbers of .
(4) The condition in (1) shows the secret data less than . But in (3), if / is greater than the product of selected − 1 numbers of , the random number is , 0 ≤ ≤ [ / ] − 1. The number of and can be made public.  WSN. According to (5), ≡ mod is calculated.  (1) and (2) are encoded by regeneration code with the production of 1 , 2 , 3 , 4 , and 5 . The information is further shared into fragments. In the receiving end, the reliability can be authenticated through several fragments. It mainly depends on regeneration code for data restoration. If several data blocks are damaged, it will be possible to restore the original (1) and (2).

Regeneration Code Based Authentication Scheme
In this section, we introduce the healing mechanism after encoding the transmitted data in WSN. This scheme is resilient to illegal attacks. In real WSN, nodes may face security threats in terms of storage and computation. The following attacks are assumed to be suffered. (1) Illegal attackers intercept information from the communication flow in WSN.
(2) Illegal attackers can randomly capture a few nodes. After that, they will get the key in these nodes and crack information in other nodes. (3) After capturing some nodes, the attackers could remove, modify, or forge the collected data in real WSN. The data is damaged. In this case, it is unable to trace the attacks.
To illustrate the security and reliability of the authentication scheme, we define some parameters in WSN in Notations. Here, the security involves confidentiality and completeness of data. The reliability is that some invalid or captured nodes will not affect normal running of the system. Furthermore, the ability of fault-tolerance represents that the damaged data could be restored through X regeneration encoding when random faults occur or some data blocks are modified.

Structure of Regeneration Code.
A WSN is deployed in area of 2 . The data is encoded by regeneration code. After that, the data in nodes is randomized. The regeneration encoding technology is fully utilized to get the encoded data. The procedure is described as follows.
(1) The information in wireless sensor node is encoded into binary string and divided into groups. On the basis of regeneration encoding model, each group is transformed into decimal number and fatherly encoded by (5, 3) RS code. In Galois Field GF (24), the bit number of each information symbol is set as = 4. (5, 3) RS code represents that five information symbols relate to two error correcting bits. In this case, three information symbols are a unit for RS encoding. is transformed into binary string with length of 12 (padding zero on left when the bits are insufficient).
(2) For ( ) = ( 1, 2, . . . , ), each four bits are transformed into an element in Galois Field GF (24). After that, a sequence in GF(24) is produced. Each row represents a sequence of elements for in Galois Field.
(4) The data in WSN is denoted by , which is transformed into encoded sequence with the length of after decoding. Let the length of a pseudorandom sequence be . We perform XOR operation on both the sequences. Finally, the distributed data fragments = { | 0 ≤ < } based on regeneration code are produced.

Implementation of Secret
Sharing. The encoded data fragments based on regeneration code are shared and then distributed. The threshold secret sharing [24] and regeneration encoding technology [25] are utilized in data encryption on nodes in WSN. The concrete implementation is described as follows.

Journal of Sensors
We assume nodes to form an undirected graph ( , ) in WSN. The collections of nodes and edges are, respectively, denoted by = {V 1 , V 2 , . . . , V } and = { 1 , 2 , . . . , }. Each node is denoted by V (1 ≤ ≤ ), which has neighbors. These nodes are organized as a collection NB . We produce a random session key for V and compute hash value ( , ). After that, and ( , ) are encoded by using . Furthermore, the session key is encrypted by public key . Finally, two parts of data are produced, respectively, and . After that, V utilizes ( , ) secret sharing technology and regeneration code and divides into fragments, denoted by (1 ≤ ≤ , 1 ≤ ≤ ). Meanwhile, is divided into parts in order to construct When V acquires fragments (1 ≤ ≤ ), the equation = ( ) is satisfied. Here, ≤ 2 − 1. Finally, V selects neighbor nodes from NB and realizes secret sharing to each neighbor node. The shared secret keys are denoted by and .

Distribution of Regeneration
Code. The data in original node is encoded into , which is fatherly shared into multiple blocks. We randomly select − 1 ( ≤ ) nodes as initial distribution nodes. For the ( + 1)th distribution node, the shared key , +1 could be calculated by asymmetrical secret key pair ID / and ID +1 [26]. The reserved data fragment of original node is , −1 . The encrypted data fragment is sent to the ( + 1)th node, 1 ≤ ≤ ⌈⌈ / ⌉/ ⌉, 0 ≤ ≤ − 2. The routing between original node and storage node cannot be determined in advance. When the ( + 1)th node receives the response, the related key , +1 is calculated by ID / and ID +1 . Thus, , +1 is produced. The above steps are repeated until all the data fragments are sent to the nodes.

Self-Healing Technology Based on Regeneration Code.
When a part of data in wireless sensor node is attacked, the authentication data is always damaged. In this section, we introduce a scheme to restore the damaged authentication data. Thus, the completeness of data in WSN can be ensured.
Let be the generation matrix of regeneration code. If a receiving end receives (0 ≤ ≤ ) blocks without errors, it is able to restore the original data. We assume the blocks from the th node. If there is no error, blocks in th group could be restored by solving the following equation: Here,̂= (3)̂i s established by element in primitive field and index of , 0 ≤ ≤ − 1.
The authentication of data in wireless sensor nodes is performed in stages. We assume there are errors at th stage. If decoding fails or the decoded data cannot pass verification of CRC, too many errors may occur. The regeneration code cannot correct all errors. Two redundant symbols are required to correct an error. So, + 2 symbols are required at th stage. The procedure of recovery is described as follows.
(2) Calculate =̂− 1 to produce the data blocks of th group. If passes verification of CRC, the CRC codes are removed to get original data 0 . Otherwise, go to step (3).
(3) Set = + 2. Select two symbols 1 and 2 from the nodes 1 and 2 that have not been accessed. They are added behind the received symbols to get a new code, ← −2 ∪ { 1 , 2 }. symbols are produced by decoding the new code. It repeats until a failure occurs or ≤ − 1.
(4) ≥ − 1 demonstrates too many errors and a failed decoding. In this case, it shows a message of failed decoding. Otherwise, it enters the next stage and performs step (2).
Recovery of data contents needs subkeys at least. So, exposure of ( ≤ − 1) subkeys will not leak the whole content. If the data of the nodes is lost or damaged, it can be successfully restored if there are valid fragments. According to the sharing mechanism in Section 2.2, ∀ ≥ number of 1 , . . . , in 1 , 2 , . . . , , we have ( | 1 , 2 , . . . , ) = 0. If 1 , . . . , are known, the uncertainty of is zero; that is, the content of can be completely determined.
(5) On the basis of the above steps, an authorized user could directly restore the authentication data ( ) from . After that, is restored with by using Lagrange interpolation. In other words, if fragments of authentication data ( ) are collected from nodes, we will effectively restore original data in transmission.

Authentication Based on Regeneration
Code. The participants of RC based authentication involve data distributer, data owner, and verifier. The distributer is responsible for encoding and sharing the data into independent redundant blocks. These blocks are distributed to data owners. The verifier takes charge of verifying completeness of data. Nodes in WSN can participate in authentication with both the identities of data owner and verifier.
The encoded data fragments are denoted by 1 , 2 , . . . , , ≤ 2 − 1. Each fragment has symbols, denoted by (1) ‖ ℎ is encrypted by symmetric key , which is the shared key of and ( ̸ = ). After that, the encrypted ‖ ℎ is sent to . The regeneration code based authentication includes the following steps.
(2) Distribution. Original node V distributes odd-even check numbers and data fragments to randomly selected neighbors in NB . For instance, original node selects ( ∈ [1, ]) in odd-even check numbers and ( ∈ [1, ]) in data fragments. After that, they are sent to a randomly selected neighboring node. Due to ≤ , some nodes may only receive the data fragments other than odd-even check numbers. But some other nodes may receive both of them, which can be the verifiers. There are verifiers among nodes. The data is encrypted to avoid interception.
(3) Inquiry. Assume that the data owner of fragment { , } wants to verify the data completeness. Firstly, an inquiry message { , , , } is forecasted to all of data owners. represents the number of required messages, ≤ 2 − 1. is a randomly selected element in GF(2 ). (6) Second Verification. The node needs to store the detected data during a period of time. Each node stores data packages from different origins or data fragments at various stages. Any node could perform the first verification to all data fragments from the same node at any time. At different periods, produces data fragments and . The verifier sends an inquiry message to verify both of the fragments. When the inquiry message at th round is received, the message Φ ( ‖ ) is returned to the verifier. The odd-even check numbers for the verifier are, respectively, and ,

Overhead.
In authentication of data in WSN, original node firstly calculates a hash value ℎ = mod , -order polynomial with degree of − 1, and hash values ℎ . data fragments are encrypted. Finally, the hash values and data fragments are randomly sent to other nodes in network. The whole computation overhead in authentication is caused by decoding and hashing. In storage, each node stores hash values. The communication cost is * | | because each authentication returns data fragments. So, data distribution and verification at each round require times of calculations. The overhead in communication is large.
Before generation of data fragments, original node needs to calculate a hash value and perform two symmetrical encryptions, respectively, ( , ) and { } . The generation of data fragments requires calculating two polynomials. ( , ) RS code is utilized to encode = { , ℎ( , )} into symbols. is the number of data fragments and is the number of selected neighbor nodes. Each data fragment is supposed to include symbols. So, there are operations on polynomial. The original node utilizes ( , ) threshold secret sharing to get symbols from { } . Finally, the check codes of all data fragments are produced. Let be the length of data before encoding. The computation overhead of the original node includes hash of data with length of , two symmetrical encryptions, ( + 1) operations on -order polynomial, and odd-even checks. The computation overhead for the owner of each fragment is one decryption.
The verification of data fragments is in the finite field GF(2 ), = 8. After generation of data fragments, the original node removes original data and sends fragments of {ID V ‖ ‖ ‖ ‖ } V, to neighbor node . Here, contains symbols. So, the communication overhead in distribution is almost (2 + 3) . Obviously, the storage overhead for each data owner is (2 + 3) . After all of the fragments are received, the owner of each fragment performs verification of completeness. This procedure needs to calculate odd-even check and message with length of . Suppose that data owner conducts completeness verification. Firstly, an inquiry message { , , , } is broadcasted to all of the owners. The communication overhead is 4 . Each data owner calculates a digest and returns it to the verifier after receiving the inquiry message. The length of this digest is same to that of a symbol. A symbol with length of is calculated. The response is Ω ( ). So, the communication overhead is .

Security.
Illegal users make security attacks by deploying sensor nodes or capturing nodes in WSN. The deployed nodes pretend to be the real nodes in WSN, steal confidential information, or launch false data injection. Besides, if multiple nodes are captured, the attackers could send plenty of false data. In this case, the network resource, such as energy, bandwidth, computation ability, and storage space, will be exhausted rapidly.
When the data is attacked, we need to restore and authenticate the damaged data through the proposed scheme. In this section, the security of the proposed scheme against attacks of forging, tampering, or collusion is analyzed.

Journal of Sensors
(1) Ability against Forging Attacks. The sender always sends data with his pseudonym to the receiver. Other nodes cannot counterfeit the pseudonym of . Otherwise, it is unable to pass verification of authenticator. The difficulty to counterfeit identity of equals that of attacking SHA-1 hash function.
(2) Ability against Tampering. On one hand, the key in encryption is generated by using regeneration code. The privilege of decoding is under control. So, it is unable for anyone, including the sender, to tamper the information. On the other hand, attackers know nothing about the key. So, they cannot counterfeit or tamper the contents. The key is generated in authentication for multiple nodes. A single node authentication cannot realize tampering.
(3) Ability against Collusion Attacks. WSN is self-organized. So, it is possible to realize collusion attack. The sensitive data is divided into parts and authenticated in nodes with high credibility. It reduces the dependency on the third party. To get the secret, attackers need to restore −1 order polynomial ( ). On the basis of Lagrange interpolation, a successful attack means enough interpolating points are required. In other words, nodes conspired at least. But the conclusion of so many nodes is much difficult. On the other hand, it makes the proposed scheme have ability against noncooperation of -nodes in procedure of recovery. So, the proposed scheme has high robustness in WSN.

Anonymity.
Usually, it is unable to connect each authentication to real identity of the node. The data sent to authenticator is pseudonym. If no anonymity is stolen, attackers know nothing about real identity of authentication nodes. Of course, the real information in the nodes cannot be traced. Each authentication request utilizes multicast. So, attackers cannot destroy communication anonymity of medium nodes. Furthermore, authentication does not expose real identity of nodes. So, the attacked nodes cannot get other information. It offers good protection to sensitive information of wireless nodes.

4.4.
Traceability. The data distribution system of nodes could trace behavior of attacks by using communication record. In other words, the nodes need to verify the key through cooperation of arbitration nodes before authentication. In this round of authentication, the arbitration nodes have sent the identity information to each node. The true identity is related to false identity. The relevance is kept all the time in authentication. Even if the attackers find resources in nonneighboring nodes through anonymous attack, the credentials could find the trace of attacks. In this case, the third institution can track out attackers on the basis of the information from the attacked nodes.

Stimulation.
The experiment is realized by C++ language and developed at visual C++ platform. In the secure network environment of this paper, the secret sharing mechanism is utilized to establish a secure recovery model based on regeneration code. Here, the initial threshold value is set as 0.5. The number of nodes is set at 500 in Network Simulator-2 (NS-2). These nodes are deployed within an area of 500 m × 500 m. Each node has initial energy of 2 J. In experiment, the dead nodes will exit network immediately [26]. The nodes are set at the highest level of protection in simulation. Illegal attackers are unable to perform successful attack on the signed nodes. Only the common nodes in network may be attacked. In this section, we have considered several common attacks and compared the performance against these attacks.

Security. Assume that
wireless sensor nodes are deployed within the area of 2 . denotes the transmission range. The positions of all nodes are supposed to obey twodimensional Poisson distribution. So, when the communication radius of node is denoted by , the probability to include −1 nodes within the area of ℎ hops could be nearly calculated as follows: Here, = 2 / 2 . ℎ is regarded as a probability less than the expected value; that is, Pr[ (ℎ) ≥ − 1]. The number of storage nodes is random, but the average value could be denoted by = ℎ 2 2 / 2 . The probability of data hiding is calculated as the following formula: Possibly, some common nodes in wireless network are selected as interception nodes. Illegal attackers attempt to intercept data package through decoding. In this experiment, the number of data packages is set as 500 at each time. Five illegal interception experiments are conducted for evaluation. Figure 5 shows the results. We observe the number of successful interception attacks in various schemes. The proposed RESH scheme has good ability against illegal interception by comparing to schemes in [27,28]. Figure 6 shows comparison of three schemes in overhead on storage and communication. The proposed scheme selects a few of key nodes for storage, which saves overhead on calculation and communication. The CADS scheme in [27] is based on discrete logarithm with complex calculation. Random walk in [28] has the highest communication cost because it utilizes broadcasting within the whole network. In the proposed scheme, the data in communication is compressed and has the ability of recovery due to the use of regeneration code. The results have verified effectiveness and availability in recovery. By analyzing, CADS scheme has higher detection rate, but the overhead on communication and calculation is much higher. For the proposed RESH scheme, it achieves higher detection rate, lower communication cost, and lower storage overhead.

Overhead.
We conduct experiments to evaluate time overhead. The downloading nodes and names of packages are randomly determined by system. The experiment considers the cases with different numbers of nodes. In Figure 7, we compare time cost of downloading data packages from nodes. The proposed scheme considers data communication based on regeneration code. It costs slightly more time by comparing to other schemes. But practically, it is valuable to exchange for privacy protection with less time cost.

Recovery Ability.
The performance of recovery in wireless communication is evaluated by the minimum Hamming distance min of any two code words based on regeneration code. Odd-even check is utilized to restore the fault data. It enhances security in data transmission and storage. Due to the expandability of distributed cloud storage system, linear locally repairable codes (LRC) could restore encoded data through extended code and shortened code [29]. This method reduces the locality of restoring nodes by local and global redundancy. RS code is based on polynomial calculation and has lower locality of restoration. In Figure 8, we have compared the recovery ability of the proposed scheme to that of schemes based on RS encoding [30] and LRC encoding. The proposed scheme has good ability to restore fault nodes. The security and reliability of data transmission in wireless network are encouraging. The scheme based on regeneration code realizes real-time local healing when faults occur in nodes. If two nodes are fault at the same time, LRC based scheme [29,31] needs to be transformed into RS encoding in restoration. It greatly decreases recovery ability of encoding algorithm. In our scheme, healing encoded information only requires connecting several local nodes. Once two nodes occurring faults, the recovery ability can also achieve 90 percent.

Conclusion and Prospect
This work considers secure transmission of data in WSN and proposes a model of completeness verification for WSN.  Before data authentication, the data is divided into data fragments and stored in various nodes. On this basis, a secure authentication scheme based on recovery technology and regeneration code is designed in WSN. The scheme can restore damaged data. Besides, it saves communication overhead and processing time. The main contributions are as follows. (1) Regeneration encoding and healing based on threshold scheme are combined to achieve good performance in self-healing. (2) The proposed scheme has good performance in local recovery. In future, we continue to study secure transmission of privacy data. The concentration is to find and protect contents that users are interested in. Fast and secure forensics of privacy data in WSN will be also investigated. Besides, we will focus on effective distribution