Wireless sensor networks (WSNs) are open to false data injection attack when they are deployed in hostile scenarios. Attackers can easily deceive the sink by compromising sensing nodes or by injecting phoney data into the network. Such attacks can deplete the energy resources of the network by providing wrong information which in turn can affect the proper network functioning or sometimes can shut the network from further functioning. The existing schemes that deal with this problem focus on only a few aspects of the false data injection attack. To resolve this problem, we propose a Rank-based Report Filtering Scheme (RRFS), a holistic and group verification scheme for the identification of compromised nodes and the filtering of false data injected into the network. The proposed scheme verifies report among clusters, en-routers, and sink. Hence, the RRFS, a holistic scheme that is composed of three-tier verifications, successfully rejects the false data before the attackers falsify the whole environment, and this makes the system unique. Reliability Index (RI) is calculated by the nodes for fellow cluster members, and the cluster head (CH) provides the score for a node based on its RI. This, in turn, strengthens the scheme by assisting the en-routers to detect the compromised nodes. The RRFS scheme has been verified and validated by extensive simulation and meticulous performance evaluation of filtering efficiency and energy consumption against various schemes. The scheme gives high filtering efficiency against the multiple compromised nodes and also improves the network’s lifespan. The sustainability of RRFS against numerous attacks that are launched in the sensor environment is thoroughly investigated.
Wireless sensor network is a collection of sensor nodes that works together to sense various physical parameters by monitoring the given domain [
The major attacks launched against WSNs are Sybil attack [
Several verification schemes have been proposed for filtering the injected false data in the network [
Rank-based Report Filtering Scheme (RRFS) for verifying phoney reports in wireless sensor networks is proposed in this paper to filter the false data injected into the network. The methodology followed in RRFS are summarised as follows:
RRFS organizes the nodes of the network into multiple clusters, and the reports are forwarded through different paths that are provided by different clusters. Clusters are dynamic, i.e., cluster members and CH are different for every session, and the session corresponds to an event sensed by the nodes. RRFS ensures the reliable End-to-End (E2E) delivery of reports by forwarding the reports in multiple paths in a secure way to the sink Detecting nodes generate three different reports for the same event. Private Reports (PR) are generated using private keys for sink verification. Cluster members generate Intracluster Reports (IR) using a selfish key ( Another parameter that plays a major role in the proposed scheme is the score (
The proposed work is organized as follows. Section
Several verification schemes have been formulated for filtering the injected false data in WSN. Statistical En-Route Filtering (SEF) of injected false data [
Multipath Interleaved Hop-by-hop Authentication (MIHA) scheme works for disjoint and braided paths [
Dynamic En-route Filtering (DEF) scheme [
Grouping-enhanced Resilient Probabilistic En-route Filtering (GRPEF) [
Commutative Cipher-based En-route Filtering (CCEF) is a cipher-based en-route filtering scheme in which each sensor node has a unique ID and a secret key [
Yang et al. proposed a scheme which uses primitive polynomial [
Table
Pros and cons of various filtering schemes.
S. no. | Schemes | Significance | Pros | Cons |
---|---|---|---|---|
1 | SEF | (i) Nonoverlapping key partition | (i) Supports dynamic topology | (i) |
2 | IHA | (i) Hop-by-hop authentication | (i) Works on node failure | (i) Maintenance cost is high |
3 | STEF | (i) Query-based approach | (i) Verify the report validity | (i) The unnecessary dropping of reports due to route failure |
4 | BECAN | (i) CNR-based authentication | (i) Key independency | (i) Need prior knowledge about nodes in the path |
5 | CCEF | (i) Cipher-based authentication | (i) Works for dynamic networks | (i) Poor filtering |
6 | CAEFS | (i) Integrated with all the other schemes to provide security | (i) Compromised node isolation | (i) Energy consumption is high |
7 | ERF | (i) Extension for CCEF | (i) Key dissemination only to an intermediate node | (i) Need extra care for report dissemination |
8 | MIHA | (i) Multipath authentication | (i) Works for disjoint/braided path | (i) Node exploitation due to multiple paths |
9 | DEF | (i) Uses hill climbing approach for key distribution | (i) Works independently on dissemination | (i) Utilize more energy |
10 | LEDS | (i) Location-based filtering scheme | (i) No threshold limitation | (i) Need location-aware key |
11 | GRPEF | (i) Location-based filtering scheme | (i) Supports sink mobility | (i) Localization is complex |
12 | AEF | (i) Based on a fitness function | (i) Energy-aware scheme | (i) No key independency |
13 | NFFS | (i) Position-based filtering scheme | (i) No threshold limitation | (i) Not for dynamic networks |
14 | PCREF | (i) Uses MAP | (i) Does not have a fixed path | (i) |
15 | KAEF | (i) One-way authentication | (i) New keys for every session | (i) Need for key reinitiation |
16 | TICK | (i) Time-based filtering scheme | (i) No need for a key exchange | (i) Not for an uncontrolled environment |
The system model refers to the set of abstractions of the functional behavior of a system. The system model defined or assumed has a profound impact in simulation and analysis of the system. To simulate, analyze, and evaluate the scheme, we have included models for two entities, namely network and threat which are explained in Sections
Terms, abbreviations, and symbols.
Terminology | Description |
---|---|
RRFS | Rank-based Report Filtering Scheme |
Guest key | |
CH | Cluster head |
Selfish key | |
CS | Cluster Score |
ECDH | Elliptical curve Diffie-Hellmen |
ECDLP | Elliptic curve discrete logarithm problem |
Private key | |
Public key | |
Score | |
ECC | Elliptical Curve Cryptography |
DN | Downstream node |
UN | Upstream node |
MAC | Message Authentication Code |
IR | Intracluster Report |
ICR | Intercluster Report |
RI | Reliability Index |
ECH | En-routing cluster head |
Honesty | |
Kindness | |
Strength | |
PR | Private Report |
ECM | En-routing cluster member |
CM | Cluster member |
DHE | Diffie-Hellmen |
Timestamp | |
Threshold energy | |
Event area | |
Total number of nodes | |
Number of nodes in cluster | |
Number of compromised nodes in a cluster | |
Number of compromised nodes in forwarding area | |
Number of CHs in forwarding area | |
Number of compromised CHs in forwarding area | |
Total number of nodes in “ | |
Number of CHs in “ | |
Number of compromised nodes in “ | |
Number of compromised CHs in “ |
WSN are usually deployed in an unattended environment. We assume that the density of the nodes in the WSN is high, and they do not move. Every node has a unique identifier (ID). Every sensor node has a well-defined transmission range. Nodes are assumed to be bidirectional. The nodes reside in the nearby location of the event are grouped to form a cluster, and one among the node is chosen as the cluster head (CH). The role of CH is circulated among the members of the cluster to avoid depleting the energy available with a particular node. CH is selected dynamically based on the residual energy. Nodes are not allowed to join multiple groups in the same session. Clusters and CHs are dynamic based on the requirement. One of the major assumptions is that all nodes immediately after deployment remain uncompromised since it happens in a systematic and controlled way. The sink is assumed to have a sufficient amount of resource in terms of computing, communication, and energy. Sink has the information of keys and can detect the clusters which are responsible for report generation. The sink is trustworthy, and the decisions will be taken based on the sink’s reaction. Figure
Formation of cluster and forwarding of reports to the sink.
Nodes are secure up to the connection establishment. An adversary can compromise nodes only after detecting events in an environment, which means that nodes can be compromised only when communication between nodes begins in wireless mode. In addition, we assume that an adversary can compromise all the nodes in the network, including CH in the cluster. We further believe that one among the multiple clusters forwards the genuine reports to the sink. Once a node is compromised, the attacker can access all its keying materials that are currently stored in the node.
Strength of any cryptosystem depends on the size of the key, the larger the key, the more secure the scheme is, and it does not rely on the encryption algorithm used. However, in WSNs, this principle cannot be applied since the longer keys result in more processing overhead and thereby leading to quick depletion of the energy available with the nodes. Fortunately, Elliptical Curve Cryptography (ECC) provides an effective solution in protecting the network from the adversaries and intruders [ Existence of identity: ( Existence of inverse: Additive operation: (if
Slope is represented in equation (
Elliptical Curve Diffie-Hellmen (ECDH) is the secure key exchange algorithm in a nonsecure channel [
In the above equation,
A Message Authentication Code (MAC) is used to check the integrity of the message and assures that the message is from the intended sender [
The RRFS scheme proposed in this research work composes of six major phases, namely predeployment, postdeployment, event processing, Reliability Index (RI), Cluster Score (CS), and report verification. These phases are described in Sections
The sink chooses Elliptical Curve Cryptography for secure communication [
For point addition, we have to perform a projective form test (
Require: ENSURE: Install ( for each node Load Load a Select Compute public key Install ( end For
The postdeployment phase has two activities, namely the connection establishment and guest key generation. These two activities are described in Sections
After deployment, all the nodes are referred to as orphans. Communication takes place between nodes only when nodes are connected. The connection between report generating nodes and forwarding nodes should be made for forwarding the event details. Connection establishment begins with the sink by initiating beacon (relation) signals. The relationship signal is recursively sent to all nodes. After this signal has been received, the node will detect the ID of the nodes that are
Connection establishment.
Equation (
//SINK: the base station or the data collection unit SN: the set of all nodes in the sensor network-SINK ID ( Condition to be met: //index FOR relation-propagate ( //Function used to establish the families in the network. //index relation_propagate ( //if statement refers to the condition that must be met to terminate the family establishment process if ( terminate relation_propagate else for every node if establish relation between end if relation_propagate ( end for end if
After deployment and link setup, the connected nodes
SN: the set of all nodes in the sensor network-SINK DN and UN are the corresponding downstream node and upstream node. DN sends the initiate signal to the UN in RN for compute public key for calculate end for for DN multiplies its private key with the public key of UN UN multiplies its private key with the public key of DN The product computed by DN and UN is equal “ end for end for
Guest key generation process.
The activities that take place immediately after the occurrence of an event include dynamic group formation and report generation. These two activities are explained in Sections
Nodes sensing an event form multiple clusters with
CH is responsible for forwarding/receiving the reports to/from the en-routing group. After cluster formation, the key established within the group is called as selfish key (
CH validates the member nodes by asking a random value from “
CH broadcasts
SN: the set of all nodes in the sensor network-SINK CH sends the RREQ signal to “ for RREQ-propagate ( relation_propagate ( Node if CH sends RREP establish relationship between end if end for Let for end for
After an event occurs, it should be detected, and a report about an event should be generated and forwarded to the sink. CH is responsible for forwarding the message in the form of a tuple
Types of report.
CH receives the report from CM, and XOR then reports and the forwards the reports to sink. PR format is shown in equation (
REQUIRE: CH: cluster head ENSURE: return IC Step 1: CH broadcasts the message in the form of a tuple Step 2: CM receives the tuple Step 3: If <SENS DATA, Ts> is consistent//Private Report CM calculates CH calculates IR using CM calculates ICR using Else CH changes and go to Step 1. Step 4: End if Step 5: return
Once the MAC is computed, a node sends the IR as shown in equation (
Upon receiving an IR, a member node verifies the report by computing its MAC and compares it with the received MAC. A match or mistake between these two MACs plays a role in the computation of Reliability Index (RI), since the Reliability Index depends on the honesty parameter.
CM forwards ICR to CH for further verification in en-routing phase. CH gets IR and ICR from all CMs and checks the MAC of IR for RI calculation. CH forwards the reports to multiple ECH. En-routing group CH is referred to as en-routing CH (ECH). Algorithm
Reliability Index (RI) is a metric that is computed to determine the extent to which the node can be trusted in the transmission of the event report to the sink. This helps, in particular, the en-routing cluster to find out whether or not the downstream clusters are reliable. The trust established between the en-routing nodes is referred to as entrust. Entrust is of two types: direct en-trust between two directly connected nodes and third party entrust is determined through an intermediate node. Upstream nodes thwart node compromise attacks and false data injection attacks based on RI.
Honesty (
Let us assume that a node sends
Strength (
The value for strength of node
The kindness (
Let the number of packets received by node
The Reliability Index of node
After checking the IR, CM starts to calculate the RI against all the nodes in its group. The RI which ranges from 0 to 1 (malicious to trustworthy) is stated in equation (
After score calculation, CH calculates the Cluster Score (CS) for the cluster. CS is the average of the score of all the nodes in the group. It is stated in equation (
After calculating the metrics, nodes/clusters are identified as in equation (
ECH receives the report from downstream CH. ECH verification takes place only if the nodes are connected. Sink also verifies the report that escapes the en-router verification. En-router verification and sink verification are explained in Sections
After receiving ICR from downstream CH, ECH checks the integrity of the message and Ts. If it fails, ECH asks for CS and informs sink about CS. If the report is consistent, ECH notifies the group for message arrival by broadcasting the message and the report. En-routing cluster member (ECM) receives the reports and looks for its downstream connection node. If connected, ECM checks whether the already computed
REQUIRE: OUTPUT: ICR for en-routers, True, False Step 1: CH checks the integrity using Step 2: CH broadcasts ICR, Step 3: UN Step 4: Set Step 5: If ( If ( CM set Else Forward ICR to CH//Next hop verification Else Forward ICR to CH//no downstream connected nodes. Return value End if Step 6: Return value
ICR verification.
Sink receives the report from the detecting nodes which is encrypted using private key (
In RRFS, nodes sensing the event organize themselves as a cluster and report about the event to the sink. Let us assume that sensing nodes in the detecting area are represented as “
Attacker compromises “
Adversary compromises “
Shows the probability (FPA) of filtering false data within the cluster in “
Figure
After verifying the reports in the sensing area
Figure
The probability of filtering through en-routers. (a) Filtering through en-router (theoretical). (b) Filtering through en-router (simulation).
For injecting phoney reports, the attacker has to acquire at least (
FAR.
In the proposed scheme, CH collects the MAC from members. A CM encrypts the report with
CT is the time taken for transmitting the report within the hop,
We discuss the energy consumption of RRFS in terms of computation and communication, and this helps in analyzing the lifetime of WSN [
Simulation parameters.
Deployment parameters | Values |
---|---|
Area | |
Number of nodes | 1000 |
No. of normal nodes | 999 |
Sink | 1 |
Antenna | Omni directional antenna |
Radio propagation model | Two-way ground |
Network interface type | Wireless Phy/MICAZ |
Transmission range | |
MAC type | 802.15.4 MAC |
Node to sense | Any |
Node to receive | Sink |
Node initial energy | 100 J |
Average neighbours | ≤6 |
Energy consumption of RRFS mainly lies on session key establishment. The guest key is generated for every session in the network, which is represented as
Hence, the computation of
Let “
We already discussed the filtering probability of RRFS. Let hm be the no. of hop false data travels. Then, the average no of hops false data travels within
Adversary can compromise
Let
The overall communication includes both transmission and computation. Equation (
The overall consumption includes both transmission and computation. Equation (
We include the energy spent in computation also while calculating the energy required for communication. We are simulating the environment with MICAz mote. The data rate of MICAz is 38.4 kbps with a current requirement of 3 mA. Moreover, MICAz takes 0.28 ms for transmitting a byte. Energy consumed for sending/receiving a byte is 11.76
The energy consumption with respect to
Figure
Energy consumption of various schemes based on filtering efficiency.
Figure
Energy consumption of various schemes based on FPR.
Here, we analyze the capability of the RRFS scheme in sustaining the following four major attacks that are frequently launched in WSNs: (i) node compromise attack, (ii) false data injection attack, (iii) report disruption attack, and (iv) selective forwarding attack. We have found that the RRFS scheme is able to withstand all of the above attacks, and hence, we claim that RRFS is efficient. Table
Comparison of various schemes.
S. no. of schemes | Attacks | |||
---|---|---|---|---|
Node compromise attack | False data injection attack | Report disruption attack | Selective forwarding attack | |
SEF | Prone | Not completely secure | Prone | Prone |
IHA | Prone | Secure | Prone | Prone |
STEF | Prone | Prone | Prone | Not completely secure |
BECAN | Prone | Secure | Prone | Secure |
CCEF | Prone | Not completely secure | Prone | Prone |
Secure | Secure | Prone | Prone | |
ERF | Prone | Not completely secure | Prone | Prone |
MIHA | Secure | Secure | Secure | Prone |
DEF | Prone | Prone | Secure | Secure |
LEDS | Prone | Secure | Secure | Secure |
GRSEF | Prone | Not completely secure | Prone | Prone |
AEF | Prone | Not completely secure | Not completely secure | Prone |
NFFS | Secure | Secure | Prone | Prone |
PCREF | Secure | Not completely secure | Prone | Prone |
RRFS | Secure | Secure | Secure | Secure |
RRFS scheme is proficient in detecting node compromise attack.
Attackers capture the decisive materials (keys that are used for sending data) and compromise the node. Compromised nodes start sending a report on behalf of the adversaries. This is called node compromise attack [
RRFS scheme provides resiliency in false data injection attack.
To launch false data injection attack, the adversary has to compromise nodes in the cluster before the report is generated. Hence, RRFS prevents false data injection even if the attacker is able to compromise
RRFS is more efficient in detecting report disruption attack.
Member nodes broadcast IR between themselves to prove the legitimacy of clusters. Compromised member node in a cluster produces a false MAC using
RRFS is efficient in handling selective forwarding attack.
RRFS scheme ensures efficient forwarding by sending the reports in multiple paths to ensure that at least a single report about an event reaches the sink. Compromised intermediate nodes drop all legitimate reports passing through them purposefully, and this intentional dropping is called selective forwarding attack [
Developing verification schemes for filtering the false data injected either by the attackers or by the compromising nodes in WSNs is difficult due to the nature of communication and the unfriendly terrains in which they operate. RRFS proposed in this paper is able to overcome various difficulties of the existing schemes in filtering the injected false data. In the proposed scheme, the nodes are randomly deployed in the environment. Groups are formed in the sensing area for report generation. Scores are calculated for the individual nodes as well as clusters. This helps to filter the injected data as early as possible. En-routing group verification scheme helps to check all downstream nodes that are taking part in report forwarding. For every event, two reports are forwarded to the sink. PR is forwarded to the sink through CH. CH forwards the report through connected nodes. ICR is generated using the
Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.
All procedures performed in studies involving human participants were in accordance with the ethical standards of the institutional and/or national research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.
Informed consent was obtained from all individual participants included in the study.
The authors declare that they have no conflict of interest.