A Secure Localization Approach Using Mutual Authentication and Insider Node Validation in Wireless Sensor Networks

1School of Computer Science and Engineering, Lovely Professional University, Phagwara, Punjab, India 2School of Electronics and Communication Engineering, Lovely Professional University, Phagwara, Punjab, India 3Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea 4School of Computer Applications, Lovely Professional University, Phagwara, Punjab, India


Introduction
Localization [1,2] defines the calculation of the location or position of sensor nodes in wireless sensor networks (WSNs).The dynamic need of the applications has made the deployment of WSNs extended from static to mobile.Such networks are dynamic and therefore the localization of nodes is also changeable and thus makes the process a critical factor in WSNs.The knowledge of the physical location of a network entity helps in different applications and services [3][4][5].The main consideration of location discovery is a set of special nodes known as anchor nodes, which are resource privileged having more storage and computational capacity.Using the location of anchor nodes, other unknown nodes compute their location in different ways.Therefore, it is critical that malicious anchor nodes need to be prevented from providing false location information as the unknown nodes completely depend on the anchor nodes for computing their own location [6].WSNs attract the adversaries in a very general way.Attacks are executed by the internal nodes as well as external nodes.Therefore, it is compulsory that the localization techniques should be secured enough [7].The secured localization process must prevent both malicious insider nodes from misrepresenting their location and outside entities from performing intrusion with the location determination process.The security requirements for localization techniques must include privacy of the location information, authorization for legitimate nodes and the integrity to identify any kind of deviation from true location.Further, information availability to compute proper location is also required for a secured localization process.The accuracy of nodes' locations can be considered on the basis of two aspects.On one hand, nodes (anchor or unknown) need to calculate their correct position depending upon some references, which is called localization estimation (Figure 1(a)).On the other hand, the Base Station (BS) also needs to ensure that the location estimations it has received are correct.Thus, we need to verify the locations received from the nodes.This is called location verification (Figure 1(b)).In this paper, we have introduced a secured localization process using mutual authentication and validation of insider nodes.The rest of the paper has been organized as follows.Section 2 explains the attack model, that is, the different attacks on localization systems in WSNs.Related work in this line of work has been cited in Section 3. The proposed algorithm is discussed in Section 4 along with the detailed network model and its related assumptions are in Section 5.The results of the simulation have been explained in Section 6.Finally, we have concluded the paper in Section 7.

Attack Model
Many attacks [8] have been studied on localization system.Attacks are executed in the information collection process in location estimation phase as well as location verification phase.There are several types of elementary and combinational attacks that can be executed in localization systems.Table 1 summarizes the layer wise attacks in WSNs localization process [9].

Elementary Attacks.
Elementary attacks are the prime attacks which have their own technical aspects of execution.Some of such attacks are discussed below.
Range Change Attack.In this attack an attacker changes the range or Angle of Arrival (AoA) measurements among nodes.This attack affects both localization estimation and location verification systems.For example, reducing or increasing the range measurement between node A and node B will lead to malicious estimation of locations of B shown by green dotted circles in Figure 2.
False Beacon Location Attack.In this attack an attacker makes the victim node receive false estimated locations.For example, an attacker gains control over a beacon or anchor node and then it make the node broadcast false location.
False reported location attack is generally executed in a location veri cation system where a malicious anchor node or unknown node reports false location.

Combinational Attacks.
Combinational attacks are those who merge different technicalities of elementary attacks and create overall malicious affect.Some of the important combinational attacks are listed below.
Impersonation.In this attack an attacker makes its identity be as a legitimate node in the network.For example, in localization systems, an attacker spoofs the anchor nodes' identity and broadcasts false locations.This leads to erroneous range measurements.In location verification systems, an attacker impersonates a victim node to make verifiers believe that the original node is at the attacker's location.
Sybil Attack.In this attack a malicious node has the capability of presenting itself as different identities in a network to function as distinct nodes.These multiple identities are called Sybil nodes.It sends false information like position of beacon nodes and erroneous strength of signal.By masquerading and disguising as multiple identities, this type of malicious node gains control over the network.
Location-Reference Attack.This attack is executed against the localization phase.Each common node gets a locationreference set ⟨loc  ,   ⟩ for localization where loc  is the location of beacon  and   is the distance between the beacon and the common node.In this attack the attacker makes the compromised beacons broadcast false locations and distorts the distance measurements between beacons and common nodes.The attack can be classified into three types:   green nodes represent beacon nodes, and the white nodes represent common nodes.
In uncoordinated attack, different false location references are provided to mislead the unknown node to different false locations, for example, P1 and P2 in Figure 3(a).In collusion attack, all false location references mislead the common node to the same randomly chosen false location, say P1 in Figure 3(b).In pollution attack, all false location references misguide the unknown node, to a specially chosen false location P1, as in Figure 3(c), which still conforms to some normal location references.This attack succeeds even when normal location references are in the majority.In all the categories as shown in Figure 3, P is the original location.

Related Work
Whenever we talk about the secure localization [10] several related problems emerge like location privacy and location reporting.To mitigate the attacks on location identification or location calculation many researchers have proposed different schemes and approaches.They are classified into two types, node-centric and infrastructure-centric.Nodecentric approaches deal with the calculation of information at node level.Based on their design goals, existing solutions can be further classified into three methods: (1) the prevention method, to prevent the adversaries from producing erroneous information, for example, HiRLOC [11], SeRLOC [12], ROPE [13], and SPINE [14]; (2) the detection method, to detect Mobile Information Systems  and revoke the nodes producing erroneous information, for example, DRBTS [15], TSCD [16], and LAD [17]; and (3) the filtering method, to filter the received erroneous information in the location computation step such as ARMMSE [18] and i-Multihop [19].On the other side, infrastructure-centric approaches emphasize the overall network structure for localization security, such as SLA [16] and SLS [20].If a localization system is infrastructure-centric, the infrastructure will trust the estimation locations and no verification is needed, because the locations are computed by the infrastructure itself.However, if a localization system is node-centric, the nodes may be compromised and may intentionally report false locations.So the infrastructure may not simply trust the reported locations.Thus, when localization system is node-centric, location verification is a sound method for the infrastructure to check the validity of nodes' reported estimation.Different types of secure location verification methods [21] have been introduced such as Sector [22] and Distance Bounding Protocol [23].
Some of the recent research works in this direction have been identified.A very recent collaborative approach for secure localization has been shown in [9].The proposed approach is based upon a trust model applied for under water wireless sensor networks.A cryptography based approach [24] is used for the secure localization using signature and encryption to provide confidentiality and integrity of the location information.It uses public key infrastructure along with Hash Message Authentication Code (HMAC) digest.Further, trilateration is used to calculate the coordinates of the unknown nodes.The proposed algorithm in [25] uses iterative gradient descent with selective pruning of inconsistent measurements to achieve high localization accuracy.The authors have also shown the accuracy of estimated location in mobile environment but have not emphasized the external nodes or elementary attacks.The proposed algorithm has not addressed the issue of false alarm.Different class of distance based localization algorithms have classified in [26].The authors have also proposed a polynomial-time algorithm and two heuristic-based algorithms using a threshold value of the compromised nodes.A novel approach of secure localization has been observed in [27].The authors have used Global Positioning System (GPS) systems and inertial guidance modules on special master node to provide the location accuracy.They have also used an efficient key distribution process in the algorithm.An encryption based secure localization algorithm is shown in [28].The proposed algorithm, based on Paillier cryptosystem, provides a multilateral privacy preserving solution for secured least square estimation.A novel approach of secured localization using Connected Dominating Set (CDS) is discussed in [29].Another secure localization technique is shown in [30].The proposed method uses triangle inequality to detect the attack and then applies localization process based upon some reference points.Both processes use voting mechanism.
A novel approach of using game theory has been applied in [31].The proposed algorithm combines two methods: Least Trimmed Square (LTS) algorithm is used in regression to identify and remove regression factors which are anomalous and Game Theoretic Aggregation (GTA) solves the problem of combining outputs from a number of predictors to generate a more accurate predictive model.To improve the performance of LTS, a single phase weight-based combination of factors is used by combining GTA with LTS, without any threshold specification.Another game based approach has been shown in [32].The proposed approach uses trust evaluation and optimal payoff calculation to identify the strategy space of the nodes.
The use of decentralized dynamic key generation for secure localization has been researched in [33].The proposed algorithm uses symmetric key encryption process with XOR operations and produces robustness with low overhead.A smart card based approach has been utilized in [34].The proposed algorithm implements a secure and lightweight authentication scheme for heterogeneous wireless sensor networks using smart cards dynamic identities to prevent threats to users' privacy.Mutual trust in wireless sensor network has been discussed in [35].The algorithm predistributes the random keys securely and uses identity based cryptography.Mutual trust is built up depending upon this identities and keys.A three-tier security framework is shown in [36].The proposed framework uses two polynomial pools: the mobile polynomial pool and the static polynomial pool.Authentication mechanism used between stationary access nodes and sensor nodes makes it more capable of withstanding to node replication attacks.The node capture attacks and flooding of packets in DV-hop localization are addressed in [37].The proposed approach has used broadcast authentication and weight-based computation for secure localization purpose.A secure localization algorithm against wormhole attack has been discussed in [38].The algorithm uses Round Trip Time (RTT) to collect information about the local subgraph.Ordinal Multidimensional Scaling (MDS) is used to adapt the topology changes.A verification method is also used here to minimize the false negatives.Another wormhole resistant localization solution has been observed in [39].The algorithm uses different labels for pseudoneighbors and identifies the forbidden links.The algorithm is efficient in preventing the attack with the limitation that the nodes must have the identical radii.A number of approaches have been identified in the literature review.Almost all the existing works deal with the static network scenario.They also have a number of drawbacks such as extra hardware usage, more beacons, and control message transmission and predefined knowledge of the network topology.As per the need of mobility in the network environment, the security services in a mobile resource constrained environment are somehow critical to provide and therefore have received a less consideration in the previous works of the researchers.In this paper, we have provided a solution to the problem using an efficient certificate distribution and validation of distance estimation by the Base Station using a very less number of control messages.This will help for the WSNs to provide less overhead, better throughput, and better security from different types of attacks.

Proposed Algorithm
Our proposed algorithm considers only the anchor nodes, unknown nodes, and Base Station where anchor nodes and unknown nodes are deployed randomly.The anchors are having a variable range of transmission with an average transmission range  avg given as where  is the number of anchor nodes in the network,  is an edge between two nodes,  is the set of the edges in the network, and (||) is the weighing function of a connection between an anchor node and an unknown node and interpreted as (||) ∼ ||  , 2 ≤  ≤ 4.
The algorithm starts with an initialization phase that deals with distribution of certificates by the BS.After the distribution of the certificates, distance estimation phase starts among the anchor nodes and the unknown nodes.Once the distances are estimated, the BS is able to localize the unknown nodes applying Minimum Mean Square Error (MMSE) method.The algorithm is summarized in Algorithm 1.
As we have used the speed of light, , to estimate the distance, the process shown above will prevent the generation of high speed link required to execute wormhole attack because there cannot be any high speed link in which the transmission speed will be more than that of the light.The utilization of mutual authentication with certificates provided by the BS will help to avoid or prevent any kind of authentication attack such as Sybil attack and impersonation attack executed by the outsider nodes.The encryption method will help to securely transmit the estimated distance to the BS.The  retransmit value will help to detect the jamming attack so that further the avoidance and detection process can applied following the methods as shown in [40].But it can be a fact that the insider nodes are compromised and can generate distance reduction or enlargement attacks.To prevent these attacks, we have to follow the further process.
Let us assume that the deviation of the true position of the unknown node due to measurement error and/or malicious distance estimates is  which is tolerable for the system.We know that the unknown node (   ,    ) must be in the intersection region of the anchor nodes' bound circles in the range.Therefore, in Algorithm 2 we can validate the distance estimation provided by the anchor nodes.

Network Model and Assumptions
The network model is considered to be self-organizing having no central control of deploying the sensor nodes in the network.For the ease of presentation, the wireless sensor network model N is considered to be in 2D and represented by a graph (, ) which consists of , a set of vertices, and  a set of edges.The size of the network can be given as where || is the size of anchor node set , || is the size of the unknown node set , and ,  ⊆ .
In the proposed algorithm, we have divided the network nodes in two categories of nodes.First, the anchor nodes,   ∈ , which are privileged in their storage capacity and computational capacity with additional energy resources.Secondly, the unknown nodes   ∈ , which are not privileged like the anchor nodes and are able to perform minimum computational tasks.Both types of nodes are randomly deployed in the network environment.The location estimation of an unknown node is calculated by using the location information of the anchor nodes in a WSN.Therefore, the integrity of location messages as well as the reliability of message origin is very important during the localization process.Confidentiality of estimated location is also required in some applications, to protect the privacy of the corresponding sensors.In this paper, an appropriate cryptographic scheme is presented to provide the security services.The assumptions for our proposed approach have been listed below.
(i) The unknown nodes and anchor nodes are mobile.(ii) Base Station (BS) is assumed to be trusted and is considered to be key distributor and certificate authority.(iii) Anchor nodes and unknown nodes are deployed with their private keys.
where ID   is the identity of an anchor node   ,    + is the public key of that anchor node, t is the timestamp when the certificate was created, and   is the expiry time of the certificate.This total certificate is digitally signed by BS − which is the private key of the Base Station.All anchor nodes must make them update themselves by having a fresh certificate as required.For an legitimate unknown node   , we can rewrite the above format in the following way: where ID   is the identity of an unknown node   ,    + is the public key of that unknown node, and   is the expiry time of the certificate.
Distance Estimation Phase.The anchor node   sends a random nonce , along with the certificate Cert   to all the one-hop neighborhood unknown nodes   in the range  avg and starts the timer on.When the unknown nodes receive the message, verify the certificate using the public key BS + given by BS.As, only legitimate anchor nodes are having the certificate to provide, by verifying the certificates, the authentication of the anchor nodes can be proved.Then, the unknown nodes   response back to the anchor node   with the same nonce , time duration between of receiving the last bit of message sent by anchor node and transmitting the first bit of message to the anchor node, given as time proc  encrypted with anchor node's public key    + along with its own certificate.
When   sends message to   , it waits for a bounded time value  retransmit to retransmit the message if no response starts arriving to the anchor in that bounded time.This value is precomputed at the starting of the network deployment assuming all the favourable conditions of the network environment with a noise effect of Δ and given as where time normal is the normal time duration of getting a response back from the unknown node.
When the anchor node receives the response back from the unknown nodes, it decrypts the message using its own private key    − , verifies the certificate of the unknown nodes, stops the timer, and calculates the signal propagation time as where time prop is the signal propagation time, time  is the timer interval at the anchor side, and time proc  is the time duration between receiving the first bit of the response and last bit of the response.The interaction between unknown node and anchor node is shown in Figure 4.
Once the propagation time is calculated, the estimated distance between anchor node   and unknown node   is calculated as where  is the speed of light.(8) Once the anchor node calculates this estimated distance, it is then forwarded to the BS encrypted with the public key of BS and along with the anchor node's certificate.
After receiving the message from the anchor nodes, BS decrypts the message with is private key and gets the estimated distances.Finally, it uses Minimum Mean Square Error (MMSE) [41] to estimate the location of an unknown node (   ,    ).One thing needs to remember is that we need at least three noncollinear anchor nodes to apply MMSE.Another important attribute of our proposed algorithm deals with the mobility of the nodes.We consider that the nodes (whether the anchor or the unknown) are mobile.The relative mobility between an unknown node   and anchor node   at a given time t is given by RM ,  is positive if node   is moving away from   and negative if   is coming closer to   .
Though the mobility is incorporated in the algorithm, nodes (both the anchor nodes and the unknown nodes) are assumed to be pseudostatic; that is, they are static for a very short time interval for the localization process and this does not incorporate any significant error in the estimation.
Handling Distance Estimation Error.Distance estimations in a wireless environment are very common to have error due to the noise or delay in the medium.Assume that the estimation error is  ∈ [− max ,  max ], where  max is a system parameter and given as 0 ≤  max ≤ 1.Therefore, the estimated distance can be given as where true

𝑎 𝑗 𝑢 𝑖
is the true distance between   and   and can be calculated by applying Euclidean method.
Further, the presence of compromised insider anchor nodes can create an error factor . Following this, the estimated distance between   and   in presence of malicious anchor node can be given as As we know that  ∈ [− max ,  max ], the value of  can create both the positive estimation error and negative estimation error.Positive estimation error will create multiple intersection points of the convex region of the anchor nodes' ranges leading to the distance enlargement attacks.On the other hand, negative estimation error creates an empty intersection region assuming that the location of the unknown node is in the intersection of bounds of anchors leading to the distance reduction attack.This concept is shown in Figure 5.The black solid circles are anchor nodes and green circle is the original estimated location.If the anchor nodes are compromised and provide reduced distance estimations, the intersection will be empty and if the malicious anchor nodes provide enlarged distance estimations, the position of the unknown node deviates from the original position shown as light blue circle.
Distance reduction is not a severe in WSN localization.If we find the empty intersection region R, the distance estimates can be increased with a factor of 1/(1− max ) to get a nonempty intersection region R  , where the unknown node must exist.To prevent distance enlargement situation, the BS need to follow the process summarized in Algorithm 2. The tolerable error parameter  can be derived from the following equation as where  is the system measurement error due to noise and  is the error included by malicious anchor nodes.We assume that the unknown nodes are error free and do not provide any false distance estimation. 1 ,  2 are used as weighing values for the errors depending upon the network conditions.This  will provide an upper bound and lower bound of the estimated distance in presence of error given as The algebraic centre  * in Algorithm 2 can be calculated using barrier method on the unconstrained optimization problem given as where  is the Lagrangian multiplier and true /(1 −  max ), that is, the increased distance estimation in case of negative estimation error.The radius of the intersection region R is initialized with 0 with an assumption that the unknown node is positioned at the intersection point itself and no convex region has been generated by the intersection.Moreover, the radius of the intersection region can be updated by verifying the distance between any point ] inside the region and the algebraic centre  * .Finally, we can detect the malicious insider anchor nodes depending upon the increased estimated distance.
So the attacks, those are identified in localization process as shown in Table 1, are addressed in the proposed model.The

Results and Discussion
In this section, we have evaluated the proposed algorithm based on the parameters as shown in Table 3.
We have compared the simulated results with the three recent algorithms: (1) Collaborative Secure Localization algorithm based on Trust model (CSLT) proposed by Han et al. [9], (2) Multilateral Privacy Algorithm (MPA) for secured localization proposed by Shu et al. [28], and (3) Authenticated Weight-based Secured (AWS) DV-hop proposed by Liu et al. [37].The performances of the algorithms are measured on the following three parameters: localization efficiency, localization accuracy, and malicious detection ratio.
The attacks described in Table 2 are also simulated to show the efficiency of the proposed algorithm.The localization ratio is defined as the percentage of successful location estimation of unknown nodes.The result in Figure 6(a) shows that, with the increasing malicious nodes' percentage, every algorithm in our comparison faces a significant decrease in successful localization of unknown nodes.However, the proposed algorithm still performs better as compared to others.Figure 6(b) shows that the proposed algorithm outperforms the other algorithms in the successful localization of unknown nodes with the increasing percentage of anchor nodes.Localization accuracy is a valuable metric for evaluating the efficiency of localization algorithms.
In the proposed work, the localization accuracy is defined by the relative error between the actual location and the calculated node position.In our simulation, we have varied the ratio of malicious nodes from 5% to 30% with increments of 5%.Simulation result, shown in Figure 7(a), shows that the relative error percentage of location estimation increases with the increasing number of malicious nodes.However, the proposed algorithm proves its efficiency in location estimation accuracy.Similarly, location accuracy is also tested by varying the anchor nodes' percentage.Result shown in Figure 7(b) signifies to the fact that the proposed algorithm significantly reduces the relative error percentage with the increasing number of anchor nodes.It is also seen in the result that the other algorithms also decrease the relative error with the increasing number anchor nodes, but the percentage of relative error is less in our proposed algorithm.Simulation time is defined as the time taken for the algorithms to detect a particular malicious attack.The result in Figure 8 shows that the proposed algorithm is efficient in detecting 90% of the malicious attack with less time as compared to the other algorithms in comparison.

Conclusion
Security in localization has always been a vital part of localization algorithms.Though there are a number of algorithms which are introduced with security aspects, but the algorithm designers have somehow overlooked the complexity issue of the algorithms in the resource constrained WSNs.In this paper, we have addressed this problem and provided a solution with our proposed algorithm.The proposed algorithm not only prevents a number of outsider attacks but also provides a check on the insider nodes.Moreover, the algorithm provides low overhead and major functionality is based on Base Station.The simulation results also prove the efficiency of the proposed algorithm in terms of localization efficiency, localization accuracy, and malicious detection ratio.The most important feature of our algorithm is that it supports mobility of the nodes and therefore it is suitable for dynamic network environments.

Figure 2 :
Figure 2: Effects of range change.

Figure 6 :Figure 7 :
Figure 6: Comparison of localization ratio: (a) impact of malicious nodes and (b) impact of anchor nodes.
Input.anchor node set , unknown node set  Step 1. BS creates identities ID   for all anchor nodes and identities ID   for all unknown nodes Step 2. BS provides certificates: Cert   , Cert   Step 3. ∀  ∈  do   sends   random nonce , Cert   ; for  = 1, 2, . . .,  and  =  = 1, 2, . . .,    waits for a threshold time  retransmit to retransmit the message Step 4. ∀  under  avg for    ∈    sends   : [, time proc  ]    + , Cert   Input.Set of anchor nodes A with locations (   ,    ), location estimate of an unknown node (   ,    ), error parameter  Step 1. ∀  ∈ ,  = 1, 2, . . .,  If (true  ≤ (   −    ) 2 + (   −    ) 2 ≤ (true  Step 2. calculate the algebraic centre  * of intersection region R Step 3. Initialize  * = 0 //radius of the intersection region R as Step 4. ∀V inside the region R do if ‖V −  Base Station (BS) provides the identity for all anchor nodes and unknown nodes as ID   and ID   where   is an anchor node and   is an unknown node.BS also provides certificates for each anchor node and unknown node as Cert   and Cert   .

Table 2 :
Prevention of attacks by the proposed model.