A New Digital Watermarking Method for Data Integrity Protection in the Perception Layer of IoT

Since its introduction, IoT (Internet of Things) has enjoyed vigorous support from governments and research institutions around the world, and remarkable achievements have been obtained.The perception layer of IoT plays an important role as a link between the IoT and the real world; the security has become a bottleneck restricting the further development of IoT. The perception layer is a self-organizing network system consisting of various resource-constrained sensor nodes through wireless communication. Accordingly, the costly encryption mechanism cannot be applied to the perception layer. In this paper, a novel lightweight data integrity protection scheme based on fragile watermark is proposed to solve the contradiction between the security and restricted resource of perception layer. To improve the security, we design a position random watermark (PRW) strategy to calculate the embedding position by temporal dynamics of sensing data. The digital watermark is generated by one-way hash function SHA1 before embedding to the dynamic computed position. In this way, the security vulnerabilities introduced by fixed embedding position can not only be solved effectively, but also achieve zero disturbance to the data. The security analysis and simulation results show that the proposed scheme can effectively ensure the integrity of the data at low cost.


Introduction
With the rapid development of computer technology, embedded technology, Internet, and mobile communication network, IoT emerges at a historic moment.The basic characteristic of IoT is the comprehensive perception, reliable transmission, and intelligent processing of information, and the key is to realize the information interaction between human and things or things and things [1].Since its introduction, IoT has caused great repercussions all over the world that a lot of manpower and material resources have been invested to support the research, and remarkable achievements have been obtained.The rapid growth of IoT has caused great changes in the industry, which is considered as the third wave of the world information industry following the computer and Internet [2].China Communications Standards Association (CCSA) defines the architecture of IoT as perception layer, network layer, and application layer [3], as shown in Figure 1.The perception layer consists of sensors, RFID reader, WebCam, and smart phone which is used to perceive and collect the information of objects and the environment.The network layer consists of Internet and wireless network such as 2G, 3G, 4G, and satellite network, which is responsible for transferring the sensed data to the application layer.The application layer consists of application platform and supporting platform such as distributed parallel computing, data mining, and cloud computing.The supporting platform provides the functions for the specific application, such as data processing, data storage, and security management.The IoT application has been widely used in smart city, telemedicine, smart home, and other fields.
The network layer and application layer both apply the mature technology which will ensure the security of the sensed data.However, the perception layer consisting of simple node will face the serious security problems which attracts the attention of the majority of scholars.The main function of the perception layer is information perception.The information perception is the basis of IoT applications that provides the information from the physical world, so the perception layer has become the main concern of the IoT related research.The communication mechanism of IoT perception layer is shown in Figure 2. The perception information plays a key role as a link between the IoT and the real world.It is composed of perception data and location data.The disclosure of perception data can lead to the disclosure of critical information across the whole network, resulting in immeasurable consequences.In this paper, we mainly consider the protection of perception data and regard the wireless sensor networks (WSNs) as the perception layer of the IoT.WSNs are self-organized by a large number of microsensors with limited computing power and small battery power to form a self-organizing network in wireless communication.The sensor data is collected from the sensor nodes and sent to the sink node by multihop relay.
The sink node processes the perceptual data and sends it to the application layer through the network layer.Compared with other sensor nodes, the sink node can be regarded as a powerful computer connected to the power supply, which has fast speed processor, huge storage capacity, high network bandwidth, and security assurance [4].
Compared with traditional networks, the WSNs have some special features: (1) WSNs are data-centric networks, which focus purely on detecting and collecting the perceptual data of the sensing area, and do not care about the origin of the data.(2) The urgent problem that WSNs need to solve is to reduce the energy consumption and extend the working hours of the sensor nodes.(3) The sensor nodes are required to dynamically adapt to the changes of the network since most of them are working in harsh environment and failures can occur at any time.(4) The sensor nodes cannot perform complex calculations due to the utterly limited processor and storage capacity.( 5) Security considerations should be comprehensive before focusing on the design of the WSNs, because the inherent vulnerabilities enable them easily to be attacked by various attacks, such as packet tampering attack, packet forgery attack, selective forwarding attack, packet replay attack, and transfer delay attack [5].The data security of WSNs becomes a bottleneck that affects the further development of WSNs.
Protecting the integrity of data in WSNs is the key issue of WSNs security.Malicious modification of data can cause serious consequences.The data integrity authentication of traditional network mainly makes use of cryptography and Message Authentication Code (MAC).Although the encrypted data is safe, the data can only be used after decryption, which brings an opportunity to attackers.In addition, in order to ensure security, the encryption algorithm takes advantage of complex computational instructions that require additional space to store the keys, which undoubtedly increases a significant challenge to computational load, energy consumption, and storage space of sensor nodes [6].The literature [7] first implements the link layer security protocol TinySec, which generates a 4-bit MAC to prevent data forgery and data tampering.Although TinySec is optimized based on the highly constrained resource of WSNs, there is still an additional payload that cannot be ignored for the sensor nodes.Considering the computing power, storage space and energy supply of sensor nodes are limited; the proposed strategies based on MAC and encryption are not applicable for the WSNs [8].
In order to solve the deficiencies of the traditional data integrity authentication method, researchers have introduced digital watermarking technology into WSNs to protect the data integrity [9].Digital watermarking technology is widely used to protect copyright information and content integrity of multimedia digital works (images, audio and video, etc.) [10].Compared with the traditional encryption technology, digital watermarking technology has the following four advantages: (1) the operation of watermark generation, watermark embedding, and watermark extraction uses lightweight calculations leading to low energy consumption; (2) the watermarks information is directly integrated into the carrier data without additional overhead for network communication and storage capacity of nodes in WSNs; (3) once the encrypted data is decrypted, the protection of the encryption technique loses its effect, but as the inseparable part of the host carrier, the watermarks can always guarantee the data security [11]; (4) the digital watermarking technology can significantly reduce the end-to-end delay caused by encryption technology.According to the antiattack characteristics, digital watermarking technology can be divided into fragile watermarking and robust watermarking [12].Robust watermarking is not sensitive to modifications and can be used for copyright protection.Fragile watermarking is extremely sensitive to tampering, and any modifications to the carrier can lead to the failed extraction of watermark, which can be used to verify the integrity of data [13].

Related Work
This paper first introduces some of the protection mechanisms for the security of the Internet of things.Then we mainly focus on the data integrity protection of perception layer (WSNs) of the IoT.The data integrity means that the data received by the recipient is consistent with the data sent by the sender in the transmission process.Various data integrity protection strategies in WSNs have been proposed, summarized as follows.
Li et al. [14] propose the RealAlert that is a security sensing strategy based on policy for IoT.The strategy applies the reporting history and the policy rules for data collection to ensure the trustworthiness of the data and the IoT devices.Li and Song [15] propose a trust scheme for the vehicular ad hoc networks (VANETs) to protect collected data and the node in the VANETs.The proposed model can appraise the trustworthiness of the data and the nodes, respectively.What is more, it can also locate the malicious node in the VANETs and own resistance to a variety of attacks.Anbuchelian et al. [16] apply the trust mechanism for the WSNs cluster head selection.The trust mechanism named Firefly based metaheuristic will improve the security while extending the life cycle of WSNs.
Feng and Potkonjak [17] implemented the first realtime digital watermarking system in WSNs to validate the integrity of sensed data.The proposed algorithm embedded the encryption code of digital signature into the sensed data collected by WSNs.Taking the advantage of the property of sensor nodes, which allowed the existence of certain error of various practical parameters, the watermark information was embedded by modifying the value of actual parameters within allowable range.Taking the positioning process of atomic triangulation as an example, it transformed the localization problem into the optimal solution of the nonlinear equation and embeds the encrypted signature of author into the coefficients of equation.However, the limitation of the optimal solution of nonlinear equations led to the fact that this method cannot be widely used.
Guo et al. [18] proposed a new fragile digital watermarking algorithm SGW, which could verify the integrity of the data stream from the application layer.The literature grouped the data according to the key and calculated the hash value of data from each group as the watermark.Then the watermark was directly embedded into the Least Significant Bit (LSB) of the data from each group to save bandwidth.The proposed method used watermark to link all groups, to detect deletion of the data and even the whole group.However, the design of the strategy did not take limited energy supply and computing power of WSNs node into account, so it could not be applied to WSNs directly.Kamel and Juma [19] proposed lightweight chained watermarking (LWC) to optimize the SGW and achieved high performance.It also applied dynamic group size and used the hash value of two consecutive groups of data as the watermark to save computational overhead significantly instead of calculating the hash value of each data element in the group.
Kamel and Juma [20] proposed FWC-D algorithm to address the inherent security vulnerabilities of the above two methods.The algorithm first divided the sensed data into groups of the same size according to the delimiter (the value that the sensed data could not reach).The algorithm generated a sequence number SN for each group and embedded it into the group to achieve the purpose of detecting the operation of deleting or adding group.Digital watermark was obtained by the hash function through the key K, group data, and group serial number.In order to avoid replay attacks, the algorithm embedded the watermark of current group into the previous group and then chained all groups with digital watermark.
Shi and Xiao [21] proposed a new data integrity authentication algorithm for WSNs based on reversible digital watermarking.The proposed algorithm effectively applied prediction-error expansion to avoid the loss of the sensed data due to embedding watermark.However, this algorithm required not only to calculate the size of the group according to the prediction function but also to calculate the hash value of each data item in the group, which greatly increased the computational complexity, so it is not suitable for the highly resource-constrained WSNs.In addition, the watermark embedding process that used the predictions of spread-error expansion might cause data underflow and overflow.
Wang et al. [22] proposed a multimarked fragile digital watermarking algorithm based on integrity of character data to detect the malicious tampering by an attacker.The algorithm used chain watermark of dynamic group size.It firstly transferred sensed data from numerical type into character type and then used the watermark embedding strategy based on blank characters.In this algorithm, the communication bandwidth and node storage capacity could be saved effectively while the data integrity was protected.However, the limited number of blank characters resulted in limited watermark capacity.
Kamel et al. [23] proposed a new lossless digital watermarking algorithm that was suitable for WSNs to verify the integrity of sensed data.Firstly, the algorithm divided the sensed data into fixed-size group and then used the variablebase factorial number system to rearrange the location of the sensed data.Secondly, it embedded the watermark information through the new order of sensed data in the group; finally, the sender and the receiver added a mapping string for each group to provide the basis for reconstructing the original data element and then extracted the watermark information.The algorithm did not bring any loss to the sensed data and could be applied to WSNs effectively due to its low computational complexity.
Sun et al. [24] proposed a lossless digital watermarking strategy which used redundant space of data to embed watermark information.The sensed data collected by the sensor nodes was repackaged; unlike the previous methods, the embedding of the watermark did not cause any modification to the original sensed data.However, this strategy still had a certain security vulnerability, because the initial value of reservation bit for watermark was zero, and the watermark embedding position was relatively fixed which could be used by the attacker to obtain the sensed data.
In conclusion, the existing WSNs data integrity verification algorithms are based on digital watermarking mostly by replacing the LSB of the sensed data with watermark data to achieve the goal of embedding watermark information.This kind of algorithm is easy to implement and has a low time complexity, which satisfies the requirements of highly resource-constrained WSNs to a certain extent.Besides, a large number of scholars put forward many improved LSB algorithms: the algorithm based on the LSB group, the algorithm based on distributed LSB, and the algorithm based on multiflag LSB.To a certain extent, although the improved algorithm enhances the security, the watermark embedding position can become a serious security vulnerability, which is prone to malicious use by the attacker.Besides, LSB will cause data damage to some extent, which is unacceptable in sensitive areas such as medical and military.What is more, in the existing algorithms, the data integrity can only be verified after the arrival of entire group of data, which leads to greater delay.In order to solve these problems, this paper presents a lightweight watermarking technique called position random watermark (PRW).The proposed algorithm calculates the embedding position of watermark dynamically by using the data collecting time from sensor nodes, which not only improves the security, but also saves energy and realizes real-time data authentication.

Attack Models and Proposed Scheme
3.1.The Attack Models.Compared to wired networks, the WSNs that deploy in the extreme environment face more threats, and what is more, the public communication protocol adopted by WSNs exacerbates the risk of physical tampering.The sensed node owns limited computational capabilities and energy resources which increase the difficulty of designing security protocols.We summarize the main attack models into five categories: (a) Packet tampering: a malicious node added to WSNs tampers with the value of the packets and forwards the tampered packets which can lead to extremely serious consequences in some special cases.(b) Packet forgery: a malicious node added to WSNs keeps sending the fake packets to other nodes, greatly increasing network traffic and resulting in wasting energy of the whole WSNs.(c) Selective forwarding: a malicious node added to WSNs deletes partial packets and forwards some packets to destination selectively.The data loss may cause the bad situation that the sink node fails to make the correct response.(d) Packet replay: a malicious node added to WSNs forwards the packets that have been forwarded, once more or repeatedly to other nodes which will cause the traffic congestion and energy waste.(e) Transfer delay: a malicious node added to WSNs forwards the packets later than the predetermined time which will lead to the fact that the sink node drops the packets due to the timestamp.watermarking to protect the sensed data from the above four categories of attack models.The proposed algorithm makes use of the characteristic that the fragile watermarking is sensitive to modification.Once the host data is modified, the watermark is destroyed.The malicious node without the prior knowledge of watermarking algorithms cannot effectively restore real data.Data tampering and data forgery are similar, which can be seen as malicious data generated by malicious nodes.The malicious sensed data generated by the malicious node cannot be verified by watermarking algorithm after reaching the sink node.The proposed algorithm introduces the packet sequence number SN which is used for positioning the added packet or deleted packet.The proposed watermarking algorithm includes three processes, namely, digital watermark generation, digital watermark embedding, and digital watermark extraction as shown in Figure 3: firstly, each sensing node collects the sensing data and generates the digital watermark according to the fragile watermarking algorithm.Secondly, the watermark is merged into the sensed data through the predefined rule to form a data packet that is transferred to the sink node through the transmission node.The packet may suffer from an unreliable transmission and face different kinds of attacks.Thirdly, the sink node receives the data and then extracts the watermark and restores the sensed data according to the predefined rule.The restored data is used to generate watermark according to the same algorithm.The data integrity is verified by comparing the regenerated watermark and the extracted watermark.If the regenerated watermark is not the same as the extracted watermark, the data is proved to be tempered during transmission.Otherwise, the data is proved safe.The digital watermark is copied with the copy of the digital media, and the process is hidden.If the predefined method is not known, the digital watermark is difficult to detect.

The Proposed
The WSNs are simplified in this paper, and only three types of nodes are considered: (i) Sensing node is responsible for collecting data of monitoring area.(ii) Transmission node is responsible for transferring the data to the sink node by multihop relay.(iii) Sink node is responsible for receiving the sensed data sent by sensor node.The given one-way hash function SHA-1 ‖ The concatenation operator rand() The random position function The data collecting time The time queue stored in the sink node The length of watermark embedding bits The secret key data The th sensed data element SN The serial number inserted in each packet  Watermark to be inserted    The extracted watermark The regenerated watermark This paper makes the following assumptions: the number of sensing nodes is ; the same sensing node defined as node exists near the sink node and uses the same protocol and parameter as the node in the sensing area; each sensing node collects sensed data at the same time in one working cycle.In order to improve the security, the collected time of the sensed data is not transmitted.The node near the sink node sends the time for collected sensed data to the sink node every working cycle.The sink node sets up a queue to save the time according to the receiving order.Table 1 shows the main notations and parameters used in the proposed algorithm.Definition 1.In WSNs, the sensed data is encapsulated as a package according to a predefined order before transmission.A series of sensed data collected at each working cycle is defined as   = {data 1 , data 2 , . . ., data  }, data  represents the value of one sensed data ( = 1, 2, . . ., ),  represents the working cycle of the sensing node ( = 1, 2, . . ., ), and the working cycle  is saved to the packet sequence number SN.

Watermark Generation Algorithm.
The watermark generation algorithm uses the SHA-1 hash function to calculate the hash value.SHA-1 hash function not only guarantees data integrity, but also has a lightweight feature that uses 65% less memory than other hash algorithms, such as the MD5 algorithm, which is more suitable for resource-constrained WSNs [25].The secret key K [26] is the specific information that is only known to the sender and the receiver.
The watermark generation process is described as follows: (i) Concatenate all the sensed data elements, collected time t, and secret key  to data: (ii) Calculate the hash value of the variable data denoted as  0 , based on SHA-1 hash function: (iii) Select  bits from most significant bits of  0 as the watermark , according to the actual needs.
The detailed operation steps of watermark generation algorithm are shown in Algorithm 1.

Watermark Embedding Algorithm. The proposed watermark embedding algorithm improves from the following two aspects:
(i) The packet is redesigned and added m bits for watermark to ensure that the watermark is transparently embedded in the packet.It does not cause any interference to the data and meets the high-precision requirements.
(ii) In order to solve the vulnerabilities brought by fixed embedding location, we introduce a new position random function to dynamically calculate the watermark embedding position which effectively solves potential vulnerabilities and greatly improves the security of the algorithm.
(iii) Calculate the arrays  and  according to the function rand().(iv) Obtain the watermark denoted as   and restore the packet represented as Packet  .(v) Recalculate the watermark   according to Algorithm 1 with Packet  , , , and .(vi) Compare   with   ; if   is equal to   , the data integrity is verified; otherwise the data is tampered.

Security Analysis
The malicious node added to the WSNs can launch various attacks based on the attack models mentioned before.Attacks usually happen during the transmission.One attack is supposed to be successful if the sink node cannot detect the modification of the sensed data.In this section, we discuss how the proposed watermarking algorithm resists various attacks.

Modification of One Data Element.
If the attacker just modifies one data element and the embedded watermark remains unchanged.The sink node can extract the right watermark information and restore the wrong data element according to the extraction algorithm.The modification of one data element can lead to the wrong hash value and the wrong recalculated watermark that does not match the extracted watermark.The sink node will reject the modified packet.If an attack modifies multiple data elements, the result is similar.

Modification of Embedded Watermark.
If the attacker just modifies the embedded watermark and the data elements remain unchanged, this may result in the wrong extracted watermark and the right recalculated watermark that lead to the failed authentication.

Insertion/Deletion of Element of Packet.
When the packet arrives, the sink node checks its length.No matter one element or multiple elements are inserted into the packet, the length of packet does not meet the requirement, which result in the rejection of this packet.The deletion of element is similar to the insertion, so it is not discussed here in detail.

Insertion/Deletion of Whole Packet.
The collected time and the secret key are known to the sender and receivers only but are not known to an attacker.If the attacker deletes one or more packets, the sink node may locate these packets according to the SN.Without the knowledge of collected time and secret key, the attacker can hardly get the correct embedded position and watermark, so the attack cannot generate the packets that meet the requirements.When the inserted packets arrive at the sink node, they cannot be authenticated successfully and are rejected.
The above analyses are sufficient to prove that the proposed algorithm can resist various attacks of WSNs, such as modification, insertion, and deletion.It also applies to a combination of scenes.It is proved that the algorithm can guarantee the integrity of data of the WSNs.

Experimental Results
The experimental data used in this paper is the real sensed data collected by the Intel Berkeley Research Laboratory, which contains humidity data, temperature data, light intensity data and voltage data, and the time to obtain these data.However, the collected time of different types of sensed data is not the same.In order to save the amount of computation, it is assumed that all types of data in the one working cycle use the same collected time.
We use the Network Simulator Ns-2 to implement simulation experiment that evaluates the performance of the proposed PRW algorithm.Ns-2 is the open source simulation platform that simulates discrete events.It is widely used in academia because of its scalable features.Table 2 shows the significant notations and parameters of the simulation.In order to better conserve energy, the designed experiment uses the S-MAC protocol.The S-MAC protocol is designed for the resource-constrained WSNs.It has energyefficient features because it implements the low-duty-cycle operations and periodically listening and sleeping.
In the simulation experiment, the coverage of WSNs is set to 100 m * 100 m.There are 1 sink nodes, 1 sensing node near the sink node, 8 sensing nodes, 80 transmission nodes, and 10 attacker nodes randomly distributed in the sensing area, and the total number of sensing nodes is 100.In each packet, there are 1-byte packet header, 2-byte packet SN, 1-byte redundant space, and 8 bytes for data elements.The duration of each simulation is set to 200 seconds.Each simulation randomly selects 200 packets as experimental samples.The average value of the 20 simulations is used as the result data.
We conduct two sets of experiments.In the experiment selection of , we aim to select the right parameter  to achieve the best experimental results with the minimum calculated load.In the experiment antiattack, we verify the antiattack ability of our method against five common attacks.The rest of the experiments compare the embedded capacity, energy consumption, delay, and detection rate with the existing LSB methods SGW [18], LWC [19], FWC-D [20], and multimark [22], respectively, to prove that our algorithm has better performance than the baseline.

The Selection of 𝑚.
The parameter  indicates the watermark bit.In order to select the appropriate parameter  that meets the safety requirements and does not lead to higher false positive rate, we select three values of the parameter  2, 4, and 8.The experiment introduces the detection rate, which is the probability that the algorithm successfully detects the tampered packet.It is defined as where   is the number of tampered packets that the extracted watermark does not match the recalculated watermark and  Total is the number of all packets arriving at the sink node.
The experimental results are shown in Figure 6.It can be concluded from the experimental results that the bigger value of parameter  corresponds to higher detection rate and the algorithm owns higher security.When the parameter  falls to 2, the detection rate falls rapidly because the watermark capacity is too small to detect the tampered packet effectively.The appropriate selection of the parameter  ensures both high security and high performance of the proposed watermark algorithm.

Antiattack.
The 10 attacker nodes take advantage of various attacks to verify the antiattack ability of our proposed algorithm.The five attacks, packet tampering, packet forgery, selective forwarding, packet replay, and transfer delay, are performed separately.The test of each attack is repeated 50 times, and the experimental results are showed in Table 3.
According to the experimental results, our proposed algorithm effectively resists several common attacks.For the first three attacks, packet tampering, packet forgery, selective forwarding, the attack will not calculate the correct watermark information, so our watermark strategy cannot extract the correct watermark information from the packet and the data integrity certification fails.The last two attacks, packet replay and transfer delay with concealment, can evade existing programs, but our algorithm associates the serial number and collected time effectively to detect these two attacks and achieves the desired results.

Embedding Capacity.
The experimental results are shown in Figure 7, whose clarity shows the superiority of the proposed algorithm in terms of embedding capacity compared to the LSB [18][19][20] and multimark [22].Embedding the watermark at the lowest bit (LSB) not only limits the watermark embedding capacity, but also disrupts the integrity of the data which is fatal for the high-precision applications.Multimark [22] can guarantee data accuracy, but the number of blank characters is limited which restricts the watermark capacity.

Energy Consumption.
The sensed node uses the battery for energy, and the energy consumption directly determines the life cycle of the sensed node.The main energy consumption of sensed node mainly includes data collection, watermark generation and embedding, and data forwarding, where data transmission costs the highest energy.
In this paper, the bits of data packets are fixed, so the embedding of the watermark does not increase the additional storage overhead and transmission overhead.The proposed method does not cause any disturbance to the original data because the watermark is embedded into the redundant positions.The experimental results are shown in Figure 8, which clearly shows that the proposed algorithm saves more energy than the algorithms LSB [18][19][20] and multimark [22].

Average Delay.
The delay caused by the algorithm to the WSNs mainly includes the calculation, embedding, extraction, and verification of the watermark.The proposed PRW applies the one-way hash function SHA-1 algorithm with lightweight features.Compared to other hash algorithms such as MD5, SHA-1 can calculate faster and save more storage space and energy.Therefore the watermark generation of PRW saves more time than previous watermarking schemes.Although [9] also uses SHA-1, it embeds 160 bits of data into the packet that greatly increase the transmission load.It not only consumes more energy, but also increases the transmission delay.The experimental results are shown in Figure 9, which clearly shows that the proposed algorithm reduces more delay than the algorithms proposed in LSB [18][19][20] and multimark [22] which will improve the response time of the network.affected involuntarily, and the integrity authentication may fail when the packet arrived without attacks at the sink node, which is called false positive detection.
We have conducted several simulation experiments to compare the detection rate between the PRW and previous algorithms LSB [18][19][20] and multimark [22].We measure the false positive detection rate with different number of alive nodes in the network.The experimental results are shown in Figure 10, which clearly shows that the proposed algorithm decreases the false positive rate than the existing algorithms.
We can see from Figure 10 that the false positive rate is around 0.8 percent when the 80 percent sensor nodes are alive and it to 0.2 percent if 20 percent of nodes are alive.So we need to adjust the alert threshold based on the number of alive nodes in the WSNs dynamically.

Conclusion
In this paper, an advanced random digital watermarking algorithm is proposed for the data integrity of IoT perceptual layer.The proposed algorithm can effectively prevent a variety of attacks, such as packet forgery attacks, packet forwarding attacks, packet tamper attacks, packet replay attacks, and packet delay transmission attacks caused by malicious nodes.Besides, the proposed algorithm effectively solves the shortcomings of the existing technologies.It not only simplifies the computational complexity and improves the authentication efficiency and security, but also ensures the reversible extraction of watermark and the lossless restoration of data.

Figure 3 :
Figure 3: The implementation model of the proposed fragile watermark algorithm.

( 8 )
Packet index = Packet  ; (9) return Packet; Algorithm 2: Watermark embedding algorithm.(i) Calculate the watermark information W according to Algorithm 1 and update the payload of the packet from  to . (ii) Acquire position arrays  and  through function rand() with collected time , secret key , and num of watermark bits .P and  represent the watermark embedding position and the sensed data embedding position, respectively. and  need to satisfy the formula 1 ≤   ≤ , 1 ≤  ≤ ;   ̸ =   ,  ̸ = ;   <   ,  <  1 ≤   ≤ , 1 ≤  ≤ ;   ̸ =   ,  ̸ = ;   <   ,  <   ∩  = 0,  ∪  = {1, 2, . . ., } Length () + Length () = .(4) (iii) Embed the watermark  according to the position array  and embed the sensed data according to the position array  to form a new packet PacketW.The detailed operation steps of watermark embedding algorithm are shown in Algorithm 2: 3.2.3.Watermark Extraction Algorithm.When the packet is transmitted to the sink node, the sink node extracts the digital watermark information and restore the sensed data.The received packet is denoted as Packet  .The sink node and the sensing node share the secret key .The restored packet is represented as Packet  .The extraction and verification process are described as follows:(i) Extract the serial number SN from received packet Packet  .(ii) Acquire the collected time  from the time queue stored in the sink node based on the SN.

Figure 4 :
Figure 4: The processes of generation and embedding.

Figure 5
Figure 5 illustrates the extraction and verification mechanism.The detailed operation steps of watermark extraction algorithm are shown in Algorithm 3:

4. 1 . 3 .
Modification of .We assume the attacker modifies the serial number SN.The changed SN leads to the wrong collected time in the sink node.It affects both extraction watermark and restored sensed data because the wrong collected time can result in the wrong embedding position.The recalculated watermark and the extracted watermark are inconsistent.The sink node will reject the modified packet.

Figure 5 :
Figure 5: The processes of extraction and verification.

Figure 6 :
Figure 6: The detection rate under different embedding parameters .

Table 1 :
Notations and parameters of algorithm.

Table 2 :
Notations and parameters of simulation.

Table 3 :
The detection rate under various attacks.