A UAV-Aided Cluster Head Election Framework and Applying Such to Security-Driven Cluster Head Election Schemes : A Survey

UAS (Unmanned Aerial Systems) are now drawing a lot of attention from academic and research fields as well as the general public. TheUAS is expected to providemany promising applications such as intelligent transportation system, disastermanagement, search and rescue, public safety, smart delivery, wild species monitoring, and wireless service area extension. More specifically, as a part of the wireless service extension, we deal with the information dissemination and collection using a UAV in this paper. In this application, because the UAV communicates with each CH (Cluster Head) to collect data from sensor nodes or to disseminate information to the sensor nodes, well-behaved and qualified nodes should be elected as CHs and their integrity should be preserved. Even though a UAVmakes the information dissemination and collection process efficient in aWSN, we canmake the UAV help the election of new CHs to mitigate the threat of compromised CHs. To this aim, we first propose a UAV-aided CH election framework where a UAV delivers the critical information collected from sensors to the sink, and the sink reselects a set of well-behaved and qualified CHs considering the information. Then, we classify the existing security-driven CH election schemes into several categories and explain the principle of each category and its representative schemes. For each representative scheme, we also explain how to adapt it into the UAV-aided CH election framework. Next, we identify some desirable security properties that a CH election scheme should provide and reveal the security level that each representative scheme reaches for the desirable security properties. Next, we compare communication and computation overhead of the security-driven CH election schemes in terms of the big O notation. In conclusion, we reveal what we have learned from this survey work and provide a future work item.


Introduction
Recently, UAVs or drones are drawing a lot of attention from academic and industrial fields as well as the general public as they have been widely used in our daily lives.Generally, a UAV carries some mission devices to fulfil its duties during a flight, and it is controlled by a pilot with a controller or in a GCS (Ground Control Station).To control the UAV, there is a communication system between the GCS (controller) and the UAV to exchange data between them [1,2].The UAV, the GCS, and the communication system comprise a UAS (Unmanned Aerial System).
With significant advancements in wireless networking and UAS-related technologies, UAVs have been employed for extension of wireless communication service such as UAVaided ubiquitous coverage [10][11][12][13][14], UAV-aided relaying [10], and UAV-aided information dissemination and collection [15][16][17][18] as shown in the bottom of Table 1.More specifically, the UAV-aided information dissemination and collection can be substantiated in the form of UAV-based WSN (Wireless Sensor Network) in real world.In the UAV-based WSN, UAVs fly over sensors deployed in the field to acquire data from them and often provide critical information to them.Papers [19,20] proposed a reliable and energy-efficient data collection scheme for a UAV-based WSN.Paper [19] jointly optimizes wake-up schedules of nodes and a UAV's trajectory to achieve reliable and energy-efficient data collection under fading channels while paper [20] determines optimal locations of multiple UAVs and their mobility patterns for achieving the same aims.However, both schemes are based on a flat network where a UAV communicates with a sensor in a P2P manner.In the UAV-aided information dissemination and collection, the communication between a UAV and the sensors should be performed not in a P2P manner but in a multicast or broadcast manner.This is because the number of UAVs is much smaller than the number of sensors, and the UAVs hover over the sensors, collecting information from the sensors or disseminating information to the sensors.Therefore, combining the network of sensor nodes into some logical groups and making only the group leaders communicate with a UAV are preferred for saving energy consumption of the sensor nodes and extending the network lifetime.Combining neighbouring sensors into a logical group is referred to as clustering.
Clustering is divided into cluster formation and cluster head election.Making a logical group of neighbouring nodes is called the cluster formation and the group is called a cluster.Contrarily, electing a leader in a cluster which plays as an information collector or disseminator is referred to as the cluster head election.The cluster formation and the cluster head election are complementary to each other.In some clustering schemes [21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40], cluster heads are first elected and the cluster formation is completed after a CH broadcasts a declaration message and its members respond to it via a join message.Hereafter, we refer to these cluster formation schemes as CH-first schemes.In other clustering schemes [41][42][43][44][45], clusters are first formed through exchange of some messages and CHs of the clusters are later elected on the basis of a criterion or multiple criteria.These cluster formation schemes are referred to as cluster-first schemes, hereafter.In a clustered WSN, if a compromised node is elected as a CH, this node can not only illegally obtain data from normal nodes but also forge data delivered to the sink.Furthermore, because attackers can grasp the control of the whole network by compromising a small number of CHs, compromising all CHs is a very attractive target for them [42].Because a UAV-based WSN also suffers from the same vulnerabilities, secure CH election for the UAV-based WSN is essential for its successful operation.Up to now, a lot of research works dealing with CH election security for general WSNs [26][27][28][29][30][31][41][42][43][44][45] have been proposed.However, to our best knowledge, there is no study dealing with CH election security for a UAVbased WSN.If a UAV has no impact on the secure CH election for the UAV-based WSN, we can choose one of a lot of secure CH election schemes which are employed for general WSNs.
However, in those schemes, compromised nodes declare themselves as CHs regardless of their qualification and no one can prevent them from doing so.If a UAV is employed for collecting critical data from nodes, it can deliver the collected data to the sink.Then, the sink decides which nodes should be removed from CH candidates and which nodes should be elected as CHs using the collected data.Because the election or the filtration result is broadcasted to the whole network, any CH declaration of a compromised node can be ignored by normal nodes.To this end, we devise a UAV-aided CH election framework and adapt existing security-driven CH election schemes into the framework in this paper.
The organization of this paper is as follows.We first propose a new UAV-aided CH election framework for the UAV-based WSN in Section 2. In Section 3, we classify the existing security-driven CH election schemes for the general WSN into some categories and select some representative schemes for each category.Next, we provide a brief review of each representative scheme and explain how to change each scheme in order to support the new UAV-aided CH election framework.In Section 4, we pick up some desirable security properties for CH election and compare all representative schemes of each category in terms of the properties.Then, we compare communication and computation overhead of all representative schemes.Section 5 deals with how to extend a UAV's fligth time in a UAV-based WSN.We conclude this survey paper in Section 6.

A UAV-Aided CH Election Framework for a UAV-Based WSN
2.1.Assumptions.Before describing the UAV-aided CH election framework, we assume the following to facilitate the quick comprehension of the framework.First of all, we assume that the position of all nodes is known to the sink in advance.A UAV also can get the position of a node with which it will communicate via the sink before flight.
Second, any communication between a member and its CH is protected by encryption and decryption with a pairwise key which was established between them.For the key establishment, some keys are predistributed from the sink to each node before the deployment of nodes, and they are employed when a pairwise key is required between any two nodes.That is, if any two nodes share at least one predistributed key, they can establish a pairwise key using those shared keys.Even if they share no predistributed keys, a pairwise key can be indirectly established through a proxy node which shares any predistributed key with both nodes.Up to now, a lot of research works dealing with key establishment for general WSNs  have been proposed.We can use one of them to find common predistributed keys or a proxy node and to establish a pairwise key between them.
Third, we assume that a cluster-first scheme is employed for generating clusters without a CH in the network.In a CHfirst scheme, whenever a new CH is elected, the cluster membership also changes accordingly.Once the cluster membership is changed, the new CH should establish a pairwise key with any other member to protect confidentiality and integrity of data exchanged between them.If these pairwise key establishments occur periodically, it is quite burdensome to an energy-constrained sensor node.Contrarily, a clusterfirst scheme makes all nodes in a cluster establish pairwise keys between them during or after the cluster formation.After the initial pairwise key establishments, even though a new CH is elected in the cluster, the cluster membership is never changed.That is, because a new CH election never triggers following key establishments between nodes, a clusterfirst scheme is efficient in terms of energy consumption.Up to now, some cluster formation schemes [31][32][33][34] were proposed to securely generate clusters and preserve the membership of the clusters against attackers trying to devastate the membership of the clusters.Among them, because Liu's scheme [32] assumes fixation of CH role nodes, it cannot be suited with our framework which facilitates periodic reselection of CHs.Remaining schemes only focus on formation and verification of cluster membership and never deal with pairwise key establishments for communication.Contrarily, because Wang's scheme [40] simultaneously attains the formation of clusters and the pairwise key establishments between members in each cluster, we choose it as the cluster formation scheme for our framework.After the initial cluster formation, member nodes in a cluster can generate a unique group key using common predistributed keys among them.A group key is employed for secure communication between members of a cluster and the sink.

A UAV-Aided CH Election
Framework.Now, we explain the operation timeline of a UAV-aided CH election framework.First, the operation of a UAV-aided CH election framework is divided into rounds.Each round starts with an election phase during which each CH is elected and ends with a transmission phase during which data is transferred from the member nodes to their CH and to the UAV.A transmission phase is divided into multiple frames, and a frame is divided into multiple transmission slots, one UAV tour period and one broadcast time of a node list.During a frame, each member node transmits its reading to its CH in its assigned transmission slot.During a UAV period, a UAV visits all clusters to obtain data from the CHs and submits the collected data to the sink.At the end of each frame, the sink generates a list of new CHs and advertises it to all nodes.At the end of the last frame, the sink generates a list of disqualified members and advertises it to all nodes.Figure 1 shows the operation timeline of the UAV-aided CH election framework.
Based on the operation timeline, we minutely describe the UAV-aided CH election framework in the following.First, during an election phase, member nodes in each cluster elect their CH according to their embedded CH election protocol, and a UAV visits each cluster to obtain the ID of its CH from a member node.To this aim, the UAV selects a member node with which it will communicate in each cluster, and they encrypt and decrypt any message exchanged between them using the pairwise key shared with the sink.Assuming the employment of Wang's scheme [40]   formation, the UAV should communicate with the sector manager in each cluster because only sector managers are known to the sink and consequently to the UAV.Here, a sector manager means a node which was elected as a CH during the initial cluster formation.Note that a sector manager can generate a pairwise key with the sink using all predistributed keys.Besides, a UAV can acquire the pairwise key shared between the sink and the sector manager from the sink before flight.
During each transmission phase, each member node transmits a pair of {data, attribute} to its CH during its assigned time slot in a frame.Note that the transmission of a pair is protected by encryption and decryption using the shared pairwise key.Here, the attribute is a criterion for CH election or a node's residual energy.If an attribute should be considered for election of new CHs during a whole round, each member should transmit the attribute to its CH along with its data in the first frame.In the rest frames, the residual energy of nodes should be delivered to their CH to consider the energy consumption status to the election of new CHs.If an attribute takes no effect on the election of new CHs throughout all frames, each member should transmit its residual energy to its CH during all frames to consider the energy consumption distribution for the election of new CHs.
During each UAV tour period of a transmission phase, the UAV visits CHs and receives the {data, attribute} pairs of all member nodes from CHs.After visiting all CHs, the UAV delivers the pairs to the sink, and the sink selects new CHs considering the attributes.The sink encrypts the ID of each new CH with the cluster's group key and broadcasts the encrypted CH list in which each encrypted ID is enumerated in the order of the cluster's spreading code.Note that the spreading code was assigned to each cluster when each sector manager registered itself to the sink.The way of assigning a spreading code is very straightforward.The first sector manager to register was assigned the first code on a predefined code list, and the second sector manager to register was assigned the second code.Nodes pick up their cluster's item from the list and decrypt it with their group key to know which member will become the CH in the next frame.When the sink notifies that this is the last UAV tour period of a transmission phase, it takes a different action except for collecting data from nodes through a UAV.After visiting all CHs, the UAV delivers the pairs to the sink, and the sink selects disqualified members considering the attribute of all nodes.For instance, if we select residual energy as the attribute, the lowest energy nodes are selected as disqualified members.
We have two types of attributes employed in the UAVaided CH election framework: a scheme-dependent attribute and a common attribute.The scheme-dependent attribute varies according to the election criterion of each scheme while the common attribute is fixed to the residual energy in this paper.If a scheme-dependent attribute has an impact on all frames, the sink considers the scheme-dependent attribute along with the residual energy to generate the list of new CHs or the list of disqualified members.Contrarily, if the scheme-dependent attribute has an impact on only the first frame, the sink considers the residual energy to generate the list of new CHs or the list of disqualified members.The list contains the IDs of the included members.Besides, because one list is generated for each cluster, the number of the lists is equal to the number of clusters.The sink first encrypts an ID list with the cluster's group key before appending the list to the network's list.Note that the network's list is the set of the encrypted ID lists, and each encrypted ID list is enumerated in the order of the cluster's spreading code.The sink distributes the network's list to the network in a broadcast manner.Upon receiving the network's list, nodes pick up their cluster's item from the list and decrypt it with their group key to know which member should be selected as a CH or which members should be removed from CH candidates in the next election.
Differences between the UAV-aided CH election framework and the general CH election framework are as follows.First, the UAV-aided CH election framework forces each node to transmit its attribute along with its data while the general CH election framework allows nodes to transmit its data only.Second, the aggregation period of the general CH election framework is replaced with the UAV tour period in the UAV-aided CH election framework.In each UAV tour period, a UAV visits all clusters to collect data from the CHs while the general framework makes the CHs collect data from members and deliver the collected data to the sink.The UAV tour period also forces the sink to select new CHs for the next frame using the information provided by a UAV.To this end, during a transmission slot of a frame, each node transmits its data and attribute which is helpful for the sink to judge the qualification as a CH.The residual energy of a node is one of such attributes.Note that the attributes are collected to each CH along with data, and they are delivered to the sink through a UAV.Third, due to the second difference, the UAVaided framework changes CH nodes after a frame period while the general framework changes CH nodes after a round period.The UAV-aided CH election framework yields the following benefits over the general CH election framework.First, because the sink selects the new CHs and advertises the new CH list to the network, an attacker can hardly predict or change any CH election result through compromised nodes.Second, because CH nodes are changed periodically even during a transmission phase, any damage caused by compromised CHs is diminished greatly.Third, because the periodic change of CH nodes is carried out by a UAV and the sink, the energy consumption of sensor nodes is greatly saved.

Review of Security-Driven CH Election
Schemes and Application to the UAV-Aided CH Election Framework

Classification of Security-Driven CH Election Schemes
for General WSNs.Because a lot of security-driven CH election schemes have been proposed up to now, we cannot review all of the schemes in this paper.For this reason, we categorize those schemes according to what they use to protect the CH elections and deal with each category and its representative schemes focusing on their adaption to the new UAV-aided CH election framework.We categorize the security-driven CH election schemes into predistributed key schemes [26,27], random number schemes [42,45], key chain schemes [28,44], and cryptographic schemes [31,41] in this paper.For each category of those schemes, we first reveal its basic operation and then explain some representative schemes.Then, we describe how to apply those schemes into the new UAV-aided CH election framework.First, we introduce an early CH election scheme which is called LEACH (Low-energy Adaptive Clustering Hierarchy) [21] to facilitate understanding of the following predistributed key schemes.In LEACH, all nodes have a CH winning probability and determine their CH role depending on this probability.The CH winning probability means a probability with which a node is elected as a CH.A node's CH winning probability increases whenever the node avoids a CH role during a given round.The probability becomes zero after the node became a CH in the previous round, and it increases again whenever the node avoids a CH role during a future round.Consequently, some nodes with a high CH winning probability declare themselves as CHs while the others join one of the declared CHs.

Predistributed Key Schemes. Ferreira et al. proposed F-LEACH [26] which protects a CH election in LEACH.
Prior to the deployment, a specific number of keys are predistributed to nodes from a key pool of the sink.Then, a node with a high CH winning probability declares itself as a CH using the predistributed keys shared with the sink, and the sink authenticates the declaration using the same keys.The sink then distributes the list of the authenticated CHs to nodes using a source authentication scheme such as TESLA [71].Nodes which fail in declaring themselves as CHs join one of the authenticated CHs.However, this scheme does not force the CHs to authenticate the joining members.
To resolve this problem, Oliveira et al. proposed SecLEACH [27] where normal nodes authenticate CH declarations using shared predistributed keys, and the CHs also authenticate the joining members using the same keys.We can easily make the predistributed key schemes [26,27] support the UAV-aided CH election framework by changing the following three things.First, in the transmission phase, each member transmits a pair of {data, attribute} instead of transmitting data only.In the predistributed key schemes, CH election results in the network depend on the CH winning probabilities of nodes.The reason why the predistributed key schemes choose the CH winning probability as the CH election criterion is to even energy consumption distribution among all members.That gives a rationale for us to choose the residual energy of each member as the CH election criterion in all frames.If we choose the residual energy of each member as the CH election criterion, there is no need to consider the CH winning probability in all frames.So, all members transmit their data and residual energy in their assigned time slot to reflect their energy consumption distribution.At the end of each frame, the sink considers residual energy of nodes to select a set of new CHs for the next frame.Second, a data aggregation period in the predistributed key schemes should be replaced with a UAV tour period to get benefits of the UAV-assisted CH election.That is, because the UAV visits all clusters and delivers the collected data to the sink on behalf of CHs, the CHs can avoid the energy-intensive long distant transmissions to the sink.Last, at the last UAV period of each transmission phase, the sink selects members with the lowest energy in a cluster as disqualified members to exclude them from the CH candidates.The sink securely informs each cluster of the disqualified members using encryption and decryption of a group key.

Random Number Schemes.
Figure 2 shows the general operation of a basic random number scheme.In the basic random number scheme, each member in a cluster generates a random number and broadcasts it to other members as shown in Figure 2(a).As a result, all members in the cluster have the same list of random numbers and sum them up to create a common sum as shown in Figure 2(b).Each member divides the common sum by the number of members and settles the remainder as the position of the CH.Sirivianos et al. proposed three variations [45] of the basic scheme.They are the commitment-based scheme, the seed-based scheme, and Merkle's puzzle based scheme.They differ from each other in terms of how to create the common sum.
In the commitment-based scheme, each member encrypts a generated random number using pairwise keys shared with other members and then delivers each encrypted random number to other members in a P2P manner.Each member then delivers its random number to other members to convince them of the origin of its encrypted random number, and the common sum is generated by summing up the verified random numbers.In the seed-based scheme, each member first shares its seed number with other members by broadcasting it once.For each CH election, each member participates in the election by broadcasting a message.The message indicates the election participation of the sender in the CH election.The random number of each participant is generated by putting the election round number and the participant's seed number into a pseudo random number generator.Note that all nodes share the same pseudo random number generator.The common sum is then generated by summing up the random numbers of all participants.In Merkle's puzzle based scheme, an active CH establishes pairwise keys with other members using Merkle's puzzle [45].Merkle's puzzle shows how any two nodes establish a pairwise key using predistributed keys without revealing the IDs of the predistributed keys.A member then generates a random number and encrypts it with a pairwise key shared with the active CH.Next, the member adds the encrypted random number to the common sum and delivers the common sum to one of other members.This procedure is repeated until all members add its encrypted random number to the common sum.The active CH then distributes the pairwise keys employed for the encryption of the random numbers to all members, and the members can transform the common sum (that is, the sum of the encrypted random numbers) into the sum of plain random numbers using only the pairwise keys.
Wang et al. proposed a scheme [42] in which the trust values of all members are evaluated, and nodes with the lowest trust value are excluded from the CH candidates.Hereafter, we refer Wang's scheme to as the trust-based scheme.For each round, each member broadcasts its random number and monitors packet delivery frequency and last packet reception time of other members.Each member computes direct reputation values of other members considering the delivery success frequency and the recent delivery trends and then distributes the direct reputation values to other members.When a member evaluates an indirect reputation value of a different member, each direct reputation value that the evaluator gives to the other members is multiplied by each direct reputation value that other members give to the evaluator, and the multiplication results are averaged.In the same way, the evaluator can compute all indirect reputation values of other members.Combined reputation values are generated by adding the direct reputation values and their corresponding indirect reputation values.Each member's real reputation value is then obtained by averaging the combined reputation values that other members give to it.Finally, members whose real reputation value is lower than the average of the real reputation values are excluded from the CH candidates.The CH is selected among the survived candidates by dividing the sum of their random numbers by their population, and the remainder indicates the CH position in the survived candidates.
We can make the random number schemes work on the UAV-aided CH election framework by changing the following three things.First, in the transmission phase, each member transmits its attribute as well as its data.In the random number schemes except the trust-based scheme [42], a CH election result in a cluster depends on the random number of members.However, the random numbers are never used for the election of new CHs in all frames of a transmission phase.Therefore, in all frames, members transmit their data and residual energy to even energy consumption distribution among members.At the end of each frame, the sink selects the node with the highest residual energy as a CH in a cluster.Last key of YES key chain Last key of NO key chain

CH selection among candidates
Select sequentially and select the best candidate Comparing residual energy and distance to the sink In the trust-based scheme, a CH election result in a cluster relies on trust values of members.Note that the trust values have an impact on the election of new CHs in all frames.So, in the first frame, members in each cluster transmit their data and trust value to their CH.The sink selects the member with the highest trust value as a CH for the second frame in a cluster.In the rest frames, the members transmit their data and residual energy to their CH in order to reflect energy consumption distribution as well.Note that there is no need to transmit the trust values again because they have been delivered to the sink in the first frame.So, in the rest frames, the trust value is first considered for the new CH election, and the residual energy plays as a tie breaker.Second, replacing the data aggregation period with the UAV tour period mitigates the damage caused by the compromise of CHs between two CH election periods because the CHs are changed even during a transmission phase.Because a UAV relays the data collected from CHs to the sink, it saves the precious energy of sensor nodes by preventing the long distant transmissions of CHs.Third, at the last UAV period of each transmission phase, the sink selects members with the lowest energy in each cluster as disqualified members in all schemes except the trust-based scheme.In the trust-based scheme, the sink selects nodes whose trust value or residual energy is lower than a specified threshold as disqualified members.Then, the sink securely notifies each cluster of the disqualified members using encryption and decryption with a group key.

Key Chain Schemes.
Before describing the key chain schemes, we reveal what a key chain is and how it is employed for secure communication.A key chain is a set of keys that are serially exploited to guarantee integrity or confidentiality of communication between any two nodes.Prior to communication, a sender first chooses a seed key   for a key chain and repeatedly applies a hash function  to the seed key.As a result, all other keys   are generated by computing ( +1 ).The sender then securely delivers the last key of the key chain ( 0 ) to the receivers.Among the other keys, a key   is employed at the -th transmission between the sender and the receivers to prove and verify the origin of a packet, respectively.That is, when   arrives at receivers, the receivers can verify if the packet's sender is the same as the originator of  0 by checking whether  0 =   (  ).
Figure 3 shows the general operation of a key chain scheme.Prior to deployment, each node i generates two key chains of   and   .Here,   is a YES key chain, and the -th key of the key chain ( , ) is used for expressing its participation intention in the -th CH election round.Contrarily,   is a NO key chain, and the single NO key ( ,1 ) is employed for requesting its exclusion from the CH candidates.Because the last keys of the two key chains ( ,0 and  ,0 ) are concatenated to create the ID of node , they are employed to verify the legality of each node in a CH election.First, each member advertises the last keys of the two key chains, as shown in Figure 3(a).In each election round, each member broadcasts the next YES key only when it wants to participate in the CH election.Otherwise, it broadcasts the single NO key.Members receiving the single NO key completely remove the sender from their CH candidates.If a member's message has not arrived at rest members during this election round, the rest of members temporarily exclude this member from the candidates.Note that the temporarily excluded member can join the next-round election unless its transmission failure exceeds a threshold.For example, even though a message from member 3 has not reached the rest members in the first round, it can participate in the second round by transmitting its next YES key ( 3,2 ), as shown in Figure 3(b).The selection of a CH among the candidates is implemented by two methods.Paper [44] picks up a CH node sequentially in the candidate list.We refer this scheme to as Dong's scheme hereafter.Contrarily, paper [28] considers the residual energy and the distances from members to the sink and picks up the best candidate as a CH.We refer this scheme to as Han's scheme in this paper.We can also make the key chain schemes work on the UAV-aided CH election framework by changing a few things.First, in a transmission phase, each member transmits its data and its attribute to its CH instead of transmitting its data only.In the key chain schemes, CH election results in the network depend on the election willingness of nodes, which is represented as a YES key in the original scheme.That is, the nodes which have transmitted a YES key are only selected as CH candidates.Therefore, in the first frame, members in each cluster transmit their data and election willingness indicator.The election willingness indicator can be represented as one bit (that is, one or zero).Among the CH candidates whose election willingness indicator is one, a CH is selected in a random manner by the sink at the end of the first frame.In the rest of frames, because the election willingness indicator plays the role of selecting CH candidates, we need to consider the indicators in later frames as well.However, there is no need to transmit them again because they have been delivered to the sink in the first frame.So, in the rest frames, members transmit their data and residual energy to even energy consumption distribution.At the end of each frame, the sink first picks up the CH candidates from members using the election willingness indicators and selects the node with the highest residual energy as a CH among the candidates.Second, replacing the data aggregation period with the UAV tour period facilitates the benefits of the UAVaided CH election.Last, at the last UAV tour period of each transmission phase, the sink selects the members whose willingness indicator is zero and the members with the lowest energy in a cluster as disqualified members.Then, the sink securely reports the disqualified members to their affiliated cluster using encryption and decryption of a group key.

Cryptographic Schemes.
In this paper, we classify cryptographic schemes into symmetric cryptography scheme [31] and discrete logarithm scheme [41].The symmetric cryptography scheme [31] hides a CH election from external observers, whereas the discrete logarithm scheme [41] hides a CH election from both members and external observers.
In the symmetric cryptography scheme, each member first establishes a group key with other members jointly and employs the group key to hide an election process from external observers.Figure 4 shows the operation of the symmetric cryptography scheme.First, all members in a cluster establish a group key jointly, as shown in Figure 4(a).Next, a member which received no CH declaration message encrypts a CH declaration message with the group key and broadcasts it, as shown in Figure 4(b).The CH election procedure follows the "first-come-first-served" rule.If a member first declares itself as a CH, any other member which hears the declaration becomes the member of the declarer.The members receiving the CH declaration message decrypt the message, and settle the broadcaster as the CH.Next, the receivers encrypt a dummy message with the group key and broadcast it to prevent external observers from recognizing the CH through the previous declaration message, as shown in Figure 4(b).However, this scheme hides the election process from only external observers, and thus the election process is disclosed to an internal compromised member.
The discrete logarithm scheme highly relies on the difficulty of the discrete logarithm problem as its name suggests.The discrete logarithm problem is to find an integer , if it exists, such that   = ℎ when we have a multiplicative group  and elements , ℎ ∈ .Under this group, the difficulty in the discrete logarithm problem means that computing an integer  is difficult.In the discrete logarithm scheme, each member declares itself as a CH depending on a probability of being a CH which is called the self-election probability.However, g y 2 x 2 = g x 1 x 2 −x 2 x 3 g y 3 x 3 = g x 1 x 3 +x 2 x 3 g y 1 c 1 = g −c 1 x 2 −c 1 x 3 P = g y 1 c 1 • g y 2 x 2 • g y 3 x 3 = g −c 1 x 2 −c 1 x 3 +x 1 x 2 −x 2 x 3 +x 1 x 3 because the CH declaration is never advertised outside of the node, both internal and external observers cannot know which node will be a CH, and they can check only if there is a CH declaration node.Figure 5 shows the procedure through which each member checks the existence of a CH in its cluster.During the procedure, whenever each member broadcasts a message, the message includes a knowledge proof that ensures the legal membership of the broadcaster in the cluster.However, we omit the real knowledge proof in each message for the sake of simplicity.First, each member  generates a random number (  ) and broadcasts the random number's public key (   ).Upon receiving it, a member computes the evidence of holding the public key (   ) using (1).Thus, after receiving all public keys, members 1, 2, and 3 have   1 ,   2 , and   3 as shown in Figure 5(a).Now, each member decides to elect itself as a CH or to give up a CH role according to its self-election probability.If it elects itself as a CH, it assigns a new random number to   as shown in Figure 5(b).Otherwise, it assigns the original random number (that is,   ) to   .Next, each member  computes      and broadcasts it as shown in Figure 5(b).After receiving all      , the members execute the determination equation of ( 2), and the result is not one if there is a CH as shown in Figure 5(b).We disclose the reason why a compromised member cannot know whether node 1 is a CH or not, even though it conforms to the protocol shown in Figure 5.If the compromised node wants to check whether node 1 declares as a CH or not, it should first extract  1 ,  2 , and  3 from   1 ,   2 , and   3 .Then, the compromised node can check whether node 1 declared as a CH by computing the value of   1  1 .In other words, if   1  1 is  − 1  2 - 1  3 , the node 1 did not declare as a CH.Otherwise, it means that the node 1 declared itself as a CH.However, extracting  1 ,  2 , and  3 from   1 ,   2 , and   3 is quite difficult owing to the difficulty of the discrete logarithm, as described earlier.
In the symmetric cryptography scheme, a CH election result in a cluster relies on the CH announcement probability of members.If a member obtains a chance to declare itself as a CH earlier than other members, it becomes a CH while other members become members of the CH.Because a CH is randomly selected by the CH announcement probabilities of members, the probabilities should have no impact on the election of new CHs in all frames.So, there is no reason to consider them again in all frames.For this reason, in all frames, members transmit their data and residual energy to even energy consumption distribution among them.At the end of each frame, the sink selects members with the highest residual energy in each cluster as CHs.
The discrete logarithm scheme determines a CH role considering the self-election probability of members in a cluster.If a node's self-election probability is higher than a threshold, it becomes a CH but never advertises its CH declaration.Therefore, in the first frame, members in each cluster transmit their data along with their self-election probability as an attribute.The sink selects the node with the highest self-election probability as a CH for the second frame.However, because the self-election probability relies on the randomness of the probability, it should have no impact on the election of new CHs in later frames.So, there is no reason to consider the self-election probability in later frames again.Therefore, in the rest frames, members send their data and residual energy to even energy consumption distribution over members.At the end of each frame, the sink selects the node with the highest residual energy as a CH among the members.For both cryptographic schemes, the data aggregation period is replaced with the UAV tour period to get various benefits of the UAV-assisted CH change.For both schemes, at the last UAV period of each transmission phase, the sink picks up members whose residual energy is lower than a specified threshold and designates them as disqualified members.Then, the sink securely notifies the disqualified members to each cluster using encryption and decryption with a group key.

Adaption into the UAV-Aided CH Election Framework.
In this we reveal the differences in adapting the security-driven CH election schemes into the UAVassisted CH election framework in Table 2. First of all, the attribute transmitted during the first frame varies in line with each scheme while the attribute transmitted during the rest frames (that is, residual energy) remains unchanged regardless of scheme.Even if an attribute affects all frames of a transmission phase, it is enough for members to transmit it only in the first frame.During the UAV tour period of the first frame, a UAV gets the attributes of all nodes visiting all CHs and delivers the attributes to the sink.Consequently, the sink repeatedly employs them to select new CHs for the next frame.Most of the schemes employ the residual energy as the criterion for selecting disqualified members while only a few schemes employ an extra attribute as well as the residual energy.The reason why they employ an extra attribute for selecting disqualified members is that the extra attribute has an impact on qualification of members as well.For instance, the trust-based scheme removes some members whose trust value is lower than a specified threshold while two key chain schemes (that is, Dong's scheme and Han's scheme) remove some members whose election willingness indicator is zero.Contrarily, because a probability or a random number never affects qualification of members in other schemes, the residual energy is enough for selecting disqualified members in those schemes.

Security Comparison
4.1.Desirable Security Properties for a CH Election.Desirable security properties for a CH election are independent from the type of a WSN.That is, desirable security properties for CH election in a general WSN can be also employed for a UAV-based WSN.This is because electing a CH in a cluster is finally to pick up the best member by comparing a specific attribute value among the cluster members.For this reason, we have identified some of the desirable security properties through a careful review of some previous work which were proposed for general WSNs [41,42,45,72].Considering these properties, we chose some essential properties that are employed in this survey according to the following criteria.First, we chose properties with commonalities out of all properties.Next, we excluded reliability-driven properties such as termination and completeness to focus on the security of CH elections.
First, unpredictability means that a member in a cluster cannot predict the winner of a CH election before the end of the election.Without this property, malicious nodes can compromise the predicted CHs during the election process.Besides, they can try to change a predicted CH or to make multiple CHs in a cluster.Next, nonmanipulability means that a member in a cluster cannot modify a CH election result.Without this property, malicious nodes can prevent a legitimate node from being a CH, or they can make one of the malicious nodes become a CH through their collusion.The agreement property expresses that all members in a cluster have the same CH election result.A cluster having multiple CHs damages the agreement property.If some members accept a new CH besides an existing CH, it also means that the nonmanipulability of their election result is paralyzed.Immunity against loss means that message losses during a CH election have little impact on the nonmanipulability and the agreement property.Without this property, a malicious node can hide its misbehaviour through the message losses.Finally, privacy means that the CH election process is hidden from observers within and around a cluster.Without this property, malicious nodes can identify an elected CH during an election process and try to compromise the identified CH during the transmission phase.Besides, because they know an anticipated CH, they try to manipulate the election result so that a different member becomes a CH, or multiple nodes play as CHs in the cluster.

Security Comparison of the Security-Driven CH Election
Schemes.In this subsection, we provide security comparison of the security-driven CH election schemes which we explained in the Section 3. We compare them considering how well they satisfy the desirable security properties for CH elections.

Predistributed Key Schemes.
In the predistributed key schemes, as long as a node shares at least one key with potential CHs, it can easily identify that the potential CHs will become a CH.Their unpredictability is therefore low.In addition, a malicious node can declare itself as a CH even though it has a CH within its vicinity.Thus, their agreement property is also low.Because they have no recovery mechanism when messages are often lost, their immunity against loss is also low.Finally, because a CH election process is revealed to nodes that have common keys, their privacy is low.

Random Number
Schemes.Among the random number schemes, the commitment-and the seed-based scheme provide a low level of unpredictability and nonmanipulability, whereas their agreement property is medium.The low unpredictability and nonmanipulability are caused by the fact that a compromised node can easily recognize which node will be a CH by delaying its message transmission.In other words, if a compromised node delays its message transmission to the last, it can predict the election result by summing up random numbers of all members and dividing the sum by the number of members.The compromised node may try to change the result by modifying its random number before transmitting it.If a malicious member transmits its message to only a part of members, the CH election result is split into two different results.However, if members share their received messages, such a malicious behaviour can be easily exposed to normal members.Then, the normal members can expel those malicious members from the cluster.That is the reason why we set their level of agreement property to medium.Furthermore, because the commitment-and the seed-based scheme have no mechanism to compensate for message losses, their immunity against message loss is low.Merkle's puzzle based scheme provides higher security than the commitment-and the seed-based scheme.This is because only the active CH knows a CH election result, and it is hard for the active CH to change the CH election result in such a short time.Because a CH election result is induced through an encrypted sum shared among members, it is hard to break the agreement property of the encrypted sum.Furthermore, because it has a mechanism to compensate consecutive reception failure of keys required for decryption of the encrypted sum, it provides better immunity against message loss than the commitment-and the seed-based scheme.In the trust-based scheme, compromised nodes trying to damage the nonmanipulability and the agreement property are given a low trust value, and they hardly get a chance to modify any CH election result.Because the scheme allows a delivery failure member to participate in the next election again, its immunity against message loss is high.However, because the trust values of members are distributed in plaintext, an observer can easily predict which node will be a CH node.In all random number schemes, because the election process is exposed to all members in a cluster, their privacy is low.4.2.3.Key Chain Schemes.In Dong's scheme, all members in a cluster have a common list of CH candidates, and a CH is selected sequentially from the list.Therefore, the scheme's unpredictability is low.In addition, a compromised node can even change a CH election result by avoiding its message transmission, and thus the scheme's nonmanipulability is also low.Dong's scheme lowers the agreement property because it allows a compromised node to split a CH election result into multiple results by selectively transmitting a message.Fortunately, it has an algorithm for merging multiple results into a single result to compensate its low agreement property.To deal with a message loss, Dong's scheme allows a transmission failure node to get a second chance to transmit its message.Because Han's scheme combines Dong's scheme into LEACH, it inherits the properties of both schemes.That is, Han's scheme allows a normal node to easily predict a CH node as in LEACH, and thus its unpredictability is also low.In addition, because Han's scheme allows a compromised node to change a CH election result by avoiding its message transmission as in Dong's scheme, its nonmanipulability is low as well.In terms of immunity against message loss, Han's scheme compensates a message loss through redundant message transmissions and providing multiple chances as in Dong's scheme.However, unlike Dong's scheme, Han's scheme has no election merge algorithm, and thus its agreement property is lower than that of Dong's scheme.Finally, the privacy of both schemes is low because the election process is open to all nearby observers in Dong's scheme and to the internal members in Han's scheme.

Cryptographic Schemes.
In the symmetric cryptography scheme, because a compromised member that holds a shared group key can easily predict which member will become a CH, the scheme's unpredictability is low.However, an internal member holding the group key as well as an attacker cannot modify a CH election result because the election result depends on the self-election probability of a member.Because a compromised member that holds a shared group key can illegally declare itself as a CH, the scheme's agreement property is also low.Moreover, because the scheme has no recovery mechanism when messages are lost, its immunity against message loss is low.The privacy of the symmetric cryptography scheme is low because its election process is revealed to all internal members.The discrete logarithm scheme offers the highest unpredictability over other schemes because the identity of a CH node is never revealed even to internal members.For the same reason, a compromised member cannot prevent a legal member from declaring itself as a CH, and thus its nonmanipulability is high.Contrarily, a compromised member can illegally declare itself as a CH without any permission, and thus it can easily break the agreement property.Moreover, because it has no compensation mechanism against message losses, its immunity against message loss is low.The privacy of the discrete logarithm scheme is high because it hides the election process not only from external observers but also from internal members.Table 3 summarizes the security comparison of the security-driven CH election schemes.

Overhead Comparison of the Security-Driven CH Election
Schemes.In this section, we provide overhead comparison of the security-driven CH election schemes which we explained in Section 3. The overhead of the security-driven CH election schemes is divided into the communication and the computation overhead.For the sake of convenience of comparison, the magnitude of any overhead is restricted to extent that each scheme causes during a CH election in a cluster.The communication overhead indicates the number of messages sent between members in a cluster during a CH election period, and it is represented as the big O notation.Note that the communication overhead includes only the communications caused during the election phase and excludes the communications caused during the transmission phase.This is because the communications caused during the transmission phase are equal over all schemes even though the size of a message which is sent to the CH may vary according to each scheme.The computation overhead indicates the number of computational operations caused by members in a cluster during an election, and it is also represented as the big O notation.Note that the computation overhead includes only computational operations performed by members during the election phase, and it excludes computational operations caused during the transmission phase.Before starting the comparison, we assume the following.First, a symmetric key encryption or decryption in this paper indicates the encryption or the decryption caused by a stream cipher such as RC4.Next, a hash operation in this paper indicates the hash operation caused by SHA-1.

Predistributed Key Schemes. F-LEACH causes the communication overhead of 𝑂(𝑛)
where  is the number of members in a cluster.SecLEACH brings about the same amount of communication overhead as F-LEACH.Concerning the computation overhead, both F-LEACH and SecLEACH induce () hash operations.

Random Number Schemes.
The commitment scheme induces ( 2 ) of communication overhead while other schemes of the same category down their communication overhead to ().In terms of computation overhead, the commitment scheme causes ( 2 ) symmetric key encryptions/decryptions and () random number generations while the seed-based scheme induces ( 2 ) arithmetic operations and ( 2 ) random number generations.The computation overhead of Merkle's puzzle based scheme consists of () symmetric key encryptions/decryptions, () arithmetic operations, and () random number generations.The trust-based scheme induces ( 2 ) arithmetical operations and () random number generations.

Key Chain
Schemes.Dong's scheme and Han's scheme cause the equal communication overhead of ().In terms of computation overhead, Dong's scheme causes ( 2 ) hash operations and ( 2 ) arithmetical operations while the overhead of Han's scheme consists of ( 2 ) hash operations, ( 2 ) symmetric key encryptions/decryptions, and () arithmetic operations.

Cryptographic Schemes.
The discrete logarithm scheme and the symmetric cryptography scheme cause the communication overhead of ().In terms of computation overhead, the symmetric cryptography scheme requires () symmetric key encryptions/decryptions while the overhead  of the discrete logarithm scheme consists of () modular exponentiations, () hash operations, and () arithmetic operations.Table 4 shows the communication overhead of securitydriven CH election schemes.As shown in Table 4, the commitment-based scheme induces much higher overhead than other schemes, and the overhead of other schemes is similar in terms of the big O notation.
Table 5 shows the computation overhead of securitydriven CH election schemes.We first take into account computation overhead that a single computational operation causes.Then, we consider the total computation overhead that each scheme causes.Note that the computation overhead of a modular exponentiation is significantly higher than that of a hash operation [41].Besides, the computation overhead of a hash operation such as SHA-1 is higher than that of a symmetric key encryption/decryption such as RC4 [41].In addition, the computation overhead of a symmetric key operation is higher than that of an arithmetic operation while the computation overhead of a random number generation is least compared to other computational operations.Thus, we have an inequality with respect to the computation overhead of the computational operations: modular exponentiation ≫ hash operation > symmetric key encryption/decryption > arithmetic operation ≫ random number generation.According to the inequality, the discrete logarithm scheme causes the highest computation overhead over other schemes, and other schemes compete with each other.Because a hash operation induces more overhead than a symmetric key encryption/decryption, Han's scheme, Dong's scheme, and the commitment-based scheme follow the discrete logarithm scheme serially.Even though F-LEACH and SecLEACH seem to induce the same amount of computation overhead, their real overhead is  hash operations and 2 − 2 hash operations, respectively.Therefore, SecLEACH causes more overhead than F-LEACH.It is very straightforward that the commitment-based scheme induces more overhead than the symmetric cryptography scheme and Merkle's puzzle based scheme.When it comes to the symmetric key encryptions/decryptions, Merkle's puzzle based scheme causes ((+ 3) −  − 1) encryptions/decryptions while the symmetric cryptography scheme causes 3 − 2 encryptions/decryptions.Because  is larger than one, Merkle's puzzle based scheme causes more overhead than the symmetric cryptography Security and Communication Networks scheme.In terms of the arithmetic operation, the seed-based scheme induces  2 arithmetic operations while the trustbased scheme causes (3 3 +5 2 −3) arithmetic operations.It makes the computation overhead of the trust-based scheme bigger than that of the seed-based scheme.

Extension of UAV Flight Time
Because a UAV's flight time is less than 60 minutes due to its high energy consumption and a limited battery power, extending the UAV's flight time is very important to a UAVbased WSN.One way to extend the UAV's flight time is to make an optimal flight plan of the UAV to save its precious energy.Papers [9,17] deal with this issue.Another way to extend a UAV's flight time is to make multiple UAVs serve for the UAV-based WSN simultaneously.Because each UAV's served area is reduced, it flight time and energy consumption also can be reduced.Paper [20] covers the use of multiple UAVs and impact of their mobility patterns on the performance.Besides above two solutions, deploying some recharging stations and making them recharge UAVs having a little amount of energy is an interesting alternative.Recently, paper [73] presents a scheme which deploys some recharging stations in a mission area and makes an optimal flight plan including those recharging stations.Employment of the recharging stations is also helpful when a UAV is suffering from a bad weather condition such as strong wind.

Conclusions
In this survey, we introduce UAS and its promising applications and reveal the importance of integrating the UAS into a WSN which is called the UAV-based WSN.Then, we explain the benefits of clustering in a UAV-based WSN and the necessity of secure CH election in such a network.Then, we propose a UAV-aided CH election framework to employ a UAV for securing the CH elections in the UAV-based WSN.First, we classify the security-driven CH election schemes for a general WSN into several categories and explain the principle of each category and some representative schemes of each category.Then, we deal with how to adapt them into the UAVaided CH election framework.We identify some desirable security properties that a CH election scheme should have and compare the security-driven CH election schemes in line with the desirable security properties.Last, we compare the communication and the computation overhead of the security-driven CH election schemes in terms of the big O notation.
According to the desirable security properties, we found that some schemes are not suitable in terms of security as shown in Table 3.More specifically, the commitment-and the seed-based scheme, Dong's scheme, and Han's scheme provide a low security level for almost all properties and a medium security level for just one or two properties.Alike, F-LEACH, SecLEACH and the symmetric cryptography scheme provide a low security level for almost all properties while guaranteeing a high level security for just one property.Consequently, Merkle's puzzle based scheme, the trust-based scheme, and the discrete logarithm scheme are remained, and they have respective superiority over other competitors.First, Merkle's puzzle based scheme and the trust-based scheme are superior to the discrete logarithm scheme in terms of the agreement property and the immunity against message loss.Contrarily, the discrete logarithm scheme is superior to Merkle's puzzle based scheme and the trust-based scheme in terms of the unpredictability and the privacy.Note that none of all schemes guarantees all desirable security properties at a high level.We therefore need to select an election scheme according to which security properties should be first considered in the environment where sensor nodes work.
As a future work item, we plan to implement the securitydriven CH elections schemes that we dealt with in this paper in a simulation environment and to do a series of simulations to compare their security and overhead rigorously.

Figure 1 :
Figure 1: Operation timeline of a UAV-aided CH election framework.

Figure 2 :
Figure 2: General operation of a basic random number scheme.(a) Broadcast of a random number.(b) Selection of a CH node.

Figure 3 :
Figure 3: General operation of a key chain scheme.(a) Sharing two last keys of all members.(b) CH election procedure in first two rounds.

Figure 4 :
Figure 4: General operation of the symmetric cryptography scheme.(a) Group key generation.(b) CH election procedure in each round.

Figure 5 :
Figure 5: CH declaration check in the discrete logarithm scheme.(a) Generating public keys and evidences of holding public keys.(b) Existence check of a CH node.
for initial cluster

Table 3 :
Security comparison of security-driven CH election schemes.

Table 4 :
Communication overhead of security-driven CH election schemes.

Table 5 :
Computation overhead of security-driven CH election schemes.