Novel Framework for Secure Data Aggregation in Precision Agriculture with Extensive Energy Efficiency

Precision agriculture (PA) is the next generation of a technological revolution in smart farming, where sensing technology is the core technological player. Energy-efcient data transmission in PA via sensing technology is possible only when additional security measures are synchronized. Nevertheless, security considerations often introduce additional overhead. Tus, it is necessary to develop an efcient mechanism to achieve an optimal trade-of between security and resource efciency. Te prime purpose of the proposed study is to introduce a lightweight communication protocol that can ensure an adequate balance between energy efciency and maximum-security demands to beneft the success of PA. Tis paper proposes a synchronized framework where unique public-key encryption has been used, unlike any existing approach to facilitate the participation of legitimate on-feld sensors in PA. On the other hand, an algorithm for energy efciency where unique structural management of routing is discussed concerning aggregator nodes. In contrast, the security algorithm discusses a uniquely progressive and noniterative mechanism to perform secure data aggregation with a parallel validation technique. Te proposed logic is scripted in MATLAB, considering a suitable PA environment where comparative assessment is carried out on a uniform testbed. Te study outcome exhibited the efectiveness of the proposed scheme concerning better energy efciency and higher resiliency from threats in contrast to existing schemes.


Introduction
The benefcial aspect of technological advancement has penetrated agriculture, leading to Precision Agriculture (PA) [1]. It can be discussed as exclusive management of farming, designed based on various external measurements associated with farming and the surrounding environment [2]. Te concept of PA mainly relates to making an appropriate decision so crop cultivation can be optimized without much dependency on the usage of resources [3]. Te conventional state of PA makes use of satellite-based information, e.g., Global Positioning System (GPS) and Global Navigation System (GNSS) [4]. Tis technology is also integrated with other sensing technology to make it more efective. Another conventional technology is variable rate technology (VRT), which was adopted to improve farming resource distribution. Apart from this, unmanned aerial vehicles, e.g., drone, is another frequently used technology to acquire imageries and other associated farming information [5]. Such information assists the farmers in deciding to adopt certain measures to resist upcoming environmental risks or improve production in PA. Out of all this, sensing technology is very cost-efective. It is easier to install in agricultural farms where the aggregated data could ofer more comprehensive information about the farming land [6]. In this perspective, existing studies show that Internet-ofthings (IoT) has been slowly adopted in smart/intelligent farming, which will accelerate the practical implementation of PA [7][8][9]. Te usage of IoT will demand three things, viz. (i) usage of IoT device (or on-feld sensors) to acquire direct data of plant, soil, or environment and forward to the sink node, (ii) a gateway node that ofers translation service to ease of the communication among diferent variants of sensors, and (iii) all the aggregated data being forwarded to distributed cloud-based storage unit called as datacenter [10]. Implementing and deploying this essential characteristic of IoT is not a difcult task. However, the challenges start next once IoT is deployed. Te conventional IoT network uses independent on-feld sensors, which could be extremely challenging to maintain both in terms of security and resource management. One efective solution is to implement a wireless sensor network (WSN) to create a compact network of on-feld sensors and imply the process of data aggregation in conventional WSN to assist in PA. However, due to the inherent characteristics and vulnerabilities associated with WSN, this brings a signifcant security concern regarding the data aggregation process in agricultural farms.
On the other hand, ensuring efcient use of network resources (energy) is another important concern towards the long-term sustainability of farm ecosystems in PA. However, owing to the developing practical usage of IoT and WSN, there are still greater issues with secure data transmission when IoT is integrated with WSN. Currently, many energyefcient protocols exist in both WSN [11] and IoT [12]. Tere are also many security protocols in WSN [13] and IoT [14]. However, they are not interoperable and cannot be directly implemented when two collaborative environments are used in PA. One of the essential problems identifed is developing a security approach applicable in the scenario of PA using WSN, ensuring a good balance with energy efciency. Hence, the proposed study aims to develop a novel yet simplifed computational scheme of secure energy efciency considering WSN deployment over the farming land. Te idea of the study is to ensure that every node properly identifes malicious nodes using an exclusive authentication policy. Te secondary idea of the proposed system is also to resist any form of an unknown attacker to the WSN deployed into the in-farming land.
Te organization of this manuscript is as follows: Section 2 discusses existing literature about energy efciency and security in WSN applicable for PA, and Section 3 highlights the essential limitation of existing studies. In contrast, Section 4 discusses the adopted methodology of the proposed study. Te algorithm is discussed in Section 5, and the result analysis is given in Section 6, while Section 7 concludes the paper.

Related Work
Various variants of literature emphasize energy efciency and security incorporation in WSN; however, as the proposed study is oriented towards investigating WSN concerning PA, only the studies where WSN is investigated concerning PA are considered in the study directly or indirectly.

Existing Approach to Energy
Efciency. Data aggregation potentially afects a network's lifespan [15]. Terefore, various schemes in this direction aim to connect network lifetime with energy efciency. Te approaches towards energy efciency mainly emphasize the routing scheme that targets saving energy and addressing other associated issues. Te most recent work of Azarhava and Niya [16] has implemented an energy harvesting mechanism for WSN, one of the frequently adopted schemes in PA. Tis work aims to develop a resource allocation model to minimize the cumulative consumption of energy to achieve higher energy efciency and optimized throughput. A similar direction toward the energy-harvesting scheme has also been carried out by Ait Aoudia et al. [17], where a reinforcement-based learning scheme has been utilized. Tis scheme performs energy management based on the temporal aspect of environment dynamics using linear approximation. Tis model can be directly used in PA. Te work by Zhang and Cai [18] has constructed a routing scheme using a double-hop probability approach considering a case study of underwater sensing. Te sustainable route is based on forwarding number, residual energy, and node depth. Along with energy efciency, the model ofers a better packet delivery ratio. Te existing system has also witnessed an optimization-based approach to achieve energy efciency. Te recent work of Wang et al. [19] has harnessed the hybrid ability of particle swarm optimization and ant colony optimization for addressing the network dissipation issues in WSN. PA has not witnessed much with a bio-inspired algorithm, but this approach could directly contribute to energy efciency. A smart environment is another better option in PA for intelligent data transmission. Hence, a recent study by Ammad et al. [20] used fog computing over an IoT-based environment to improve network lifetime. Zhao et al. [21] have implemented another bioinspired algorithm where the coverage issue is emphasized concerning energy problems. In addition, there is much literature on energy-aware approaches in WSNs-enabled agriculture systems. Deng et al. have established a model for energy collecting from several sources [22]. Te work performed by Yu et al. [23] designed a single-hop communication protocol for decentralized WSNs for energy harvesting. An approach of information fusion is considered in the work of El-Fouly and Ramadan [24] for enabling energy-aware routing operations in WSN. In addition, the application of solar energy is used in the work of Gulec et al. [25] for energy harvesting and extending network lifespan signifcantly. Apart from this, studies are also conducted considering using mobile agents for energy efciency during data aggregation (Mehmood et al. [26]). Further, the scheduling-based methodology is also witnessed to improve the energy efciency in WSN, as noted in the work of Khan et al. [27]. Tere is also usage of 3D printing by (Estrada-López et al. [28]), and the fuzzy logic mechanism by (Jamroen et al. [29]) for enabling higher energy efciency in the sensory network.

Existing
Approaches of Security. Diferent security approaches had evolved in times when the focus was on farming. Te recent work of Sontowski and Zhang [30] has presented a scheme to resist cyber-attack and denial of service. Using Raspberry Pi prototyping, the proposed system has developed a scheme for resisting deauthentication attacks owing to the adoption of the frequently used IEEE standard of 802.11 in PA. Another recent work by Astillo et al. [31] implemented a mechanism to model the misbehavior of attackers in a farming environment. Te study has developed rules for resisting attack environments in IoT using the Kalman flter. Another essential fnding of this study is that IoT is one of the best options for improving PA process management both on a small and large scale. However, the IoT itself is shrouded by various security loopholes. Iqbal et al. [32] discussed associated security issues in IoT, where the software-defned network ofers better decision-making while constructing countermeasures towards security threats in IoT. Te work carried out by Fu et al. [33] is the only study carried out in the present time where both security and energy factors are focused. Tis study focuses on the connectivity between the threats in the agricultural farm and power supply using a mathematical modeling approach. It should be noted that smart farming is an integral part of PA in upcoming times, and various security challenges are associated with it. Various threats such as those cyber-attacks, are consistent in various smart appliances; hence, smart farming is not an exceptional case. Tis fact was discussed in the study of Gupta et al. [34]. At the same time, the paper also discusses a multilayered architecture that focuses on retaining maximum privacy levels in smart farming. In this case, various smart devices (e.g., drones, on-feld sensors, machinery, and attached sensors over animals) communicate with an edge gateway to connect with the cloud services. Te existing system has also witnessed the increasing usage of blockchain to secure such smart and intelligent farming (Wu and Tsai [35]). Te adoption of blockchain increases the capability to defend against distributed denial-ofservice. A bilinear pairing is applied to construct network security, which can authenticate the sensor nodes' identity. It also ensures greater privacy as the data are chunked and stored over diferent distributed ledgers every time, making it nearly impossible for attackers to access. Te potential feature of blockchain for securing the communication environment in PA is also discussed by Ferrag et al. [36]. Further, the work carried out by Mehmood [37] has presented a session key design concerning healthcare applications. Te scheme is highly dynamic and performs key re-initiation in case of a positive threat event. According to this discussion, privacy is the prime target when applying blockchain in farming. Terefore, it can be seen that there are split versions of research work being carried out with highly scattered approaches to solving both energy and security problems.

Research Problem
After reviewing the objectives, problems addressed, the methodology adopted, and the outcome achieved in the existing system, a certain conclusion has been derived. Te open-end research problems associated with the existing approaches are as follows:

Less Emphasis on Energy Efciency.
Tere is no doubt about large archives of literature associated with improving energy efciency in WSN. However, these solutions are not much applicable when WSN is deployed in PA. Tere is a need for energy-efcient techniques which can work in a distributed manner with an extensive saving of resources without compromising the data quality. Hence, the primary issue is that existing energy-efcient approaches must be fne-tuned to work on a large scale and distributed environment of PA, adhering to its real-time constraints.

Complex Security Approaches.
Tere are some dedicated attempts where complex and sophisticated security mechanisms are implemented in smart/intelligent farming applications. Tis is highly benefcial for resisting potential threats such as cyber-physical attacks, but such security benefts come at the cost of resource consumption. A costefective security protocol must never afect communication performance by afecting the resources. Unfortunately, the existing state of work towards security in PA has never been carried out considering the energy aspect of it.

Attack-Specifc Scenario.
Te present study on security improvement highlights that they consider a predefned attack scenario. It will mean that the solution model has a well-aware defnition of the adversary and its launching strategy. Such security mechanisms are never applicable to diferent scenarios with diferent attack variants, making the existing security solution highly attack-specifc and computationally expensive.

Few Studies with Energy and Security
Together. Te tools and systems used in PA have diferent variants of types of machinery, actuators, and on-feld sensors, and out of all, sensing technology is commonly used in almost all the standard, conventional, and unconventional approaches. Hence, it is eventual that they will expend more energy to carry out a specifc operation. At the same time, machinery with two diferent sensors will be very hard to protect when exposed to the same threat, as the solution to resisting threats could depend upon the system parameter. In short, a combined study of energy and security issues can bridge this trade-of in WSN over PA.
Hence, the statement of the problem of the existing study will be "incorporating a higher degree of security resiliency along with maximum retention of energy over the on-feld sensors in PA is a challenging task."

Research Methodology
Developing a security approach for resource-constrainedonfeld sensors and ensuring a higher degree of energy efciency is a bigger challenge, especially if it is related to a large deployment area. Tis research challenge is addressed in the proposed study, where a combined emphasis on a resilient security approach and energy efciency is achieved. Te proposed research work considers an analytical modeling strategy to develop this framework for accomplishing security and energy efciency.
Te idea of an energy efciency security approach in the proposed system is designed based on the following foundation concept viz. (i) reducing a load of all the on-feld sensors to carry out data aggregation, (ii) developing the security approach using public-key cryptography, which ofers faster execution and lesser dependency of storage. Tis concept will have two benefts viz. (i) reduced memory consumption with reduced occurrence of key storage will lead to faster operation, and extensive residual energy, and (ii) absence of stored information about private key will lead the attacker with no information about the security variable being used. Te proposed study adopts an analytical approach and introduces the modeling of an energy-aware secure data aggregation scheme for PA. Te proposed scheme is implemented using a set of specifc network parameters and simplifed public-key encryption in PA. Te schematic representation of the methodology adopted in the system design is shown in Figure 1.
As shown in Figure 1, the main components of the proposed system are subjected to secure communication and data transmission. Te modeling of each component of the system is carried out phase-wise. Te system design assumes that a sensory device performs a progressive generation of security tokens to ensure multilayered security at each communication process. In contrast to existing approaches that use key management planning, the proposed system provides efcient and low-cost modeling of the security function that does not rely much on storing secret information and only emphasizes secret key generation.
It will mean that the secret key is generated only when requested, and the generated key is stored in a temporary bufer and instantly used for authentication. Once used, the secret key is disposed from the temporary bufer of the node, and thereby no information is fnally stored in node memory. Tis way, it does not pose memory overhead problems while executing security operations. Te ends of the system are connected to large cloud-based storage units that accept public keys, generate encryption keys for publickey operations, and generate private keys via sensors. Te proposed study also introduces an aggregator node mechanism for authenticating the fused and aggregated sensory information. Te core ideology is maintaining maximum safety and energy efciency on a single target. Te next section describes the implementation process that combines maximum safety features in an energy-efcient manner.

Algorithm Implementation
Tis section discusses the algorithm of the proposed system, which caters to the dual purpose of (i) energy efciency and (ii) security. An algorithm is a single unit for the proposed system; however, it is discussed concerning energy efciency and security consideration for better illustration. Following is the discussion of the proposed algorithm:

Energy-Efcient Data Aggregation in PA.
A large dimension of a farming area will possess a massive number of on-feld sensors, eventually dissipating the energy required to carry out data aggregation. If all sensors carry the sensed data and forward it to the sink node, most will need to bear this transmission load. Tis algorithm addresses this problem, classifying the complete farming area into a smaller subfarming area. Te core idea of this algorithm is to select a specifc node that is potentially capable of aggregating the sensed data from the respective subfarming area to the sink node in the farming land. Tis will reduce the data transmission load from all the sensors, leading to extensive energy conservation. Te signifcant steps for implementing energyefcient data aggregation in PA are discussed in Algorithm 1. Te algorithm takes the input of n (number of sensors), s x,y (position of sink), A (farming area), d x,y (datacenter position), E o (initial energy), and n ag (number of aggregator node) that after processing yields to an outcome of d (forward aggregated data). Te algorithm initializes a specifc number of on-feld sensors n in a farming area of A with a fxed position of sink node s x,y . Te position of the sink node can be changed to any position within A.
Te proposed algorithm disperses all the on-feld sensors in a random fashion where (x r , y r ) are random positions of the nodes within the coverage of the data center position d xy . Te complete farming area A is divided into a certain number of small areas called farming group f g , where each farming group consists of one aggregator node n ag . Te algorithm then declares its arbitrary number α o obtained by multiplying a random number a (core key) with prime number α, and it computes the public key of the distributed cloud-based storage unit α 2 by multiplying another random number b with prime number α.
It should be noted that the prime diference between the proposed and any existing public key encryption protocol is that the public key in the existing scheme is used as a default and is publicly accessible. In contrast, the public key of the proposed scheme is encrypted and still publicly available. Te interested node using this public key must confrm its identity frst to have access to it. Moreover, the proposed scheme generates a mechanism to perform node indexing which any attacker cannot replicate. Hence, an extra layer of security is formulated in the proposed public key encryption.
Te next process of this algorithm is to obtain two cyclic groups, η 1 and η 2, by applying an exclusive function f 1 (x), an arbitrary number generator. Te algorithm then computes the maximum number of the farming groups present in f g to obtain a structure of the total farming region T fr . Further, the algorithm applies a cut-of for opting for the proportion of nodes that will be considered aggregator nodes. It will mean that aggregator nodes are selected from the normal sensor nodes. An explicit function f 2 (x) is applied over the input argument of p and t, representing the probability of selecting a sensor node as an aggregator node and simulation time t.
It should be noted that parameters p and t are a part of the primary input for this algorithm, along with other input arguments. For all the total farming region T fr , the algorithm initially fnds if the sensor is a member of the subfarming region, followed by searching for only alive nodes. Nodes with a minimum of residual energy E th are considered alive nodes. Te algorithm then extracts the index ind of alive nodes nact where the variable ix represents the index of all nodes within a specifc subfarming region. Ix is a method formulated as a two-dimensional matrix that assigns a new index to the sender and receiving nodes as a ticket to perform legitimate communication.
Te algorithm then executes the second algorithm, which incorporates secure authentication of all the participating sensors for data aggregation. Once the security algorithm has performed its execution, the outcome of it results in identifying if the target node is regular or malicious. Once it is found to be a regular node, it performs the further operation. In this situation, all the index ind 2 of the candidate aggregator node is chosen where an arbitrary number arb of generated and compared with the threshold T 1 . Te variable ind 2 represents the index of the next aggregator node, i.e., the candidate node. Further, the aggregator nodes are selected from the candidate aggregator node N n , where G represents initialized values for all the nodes. Terefore, the statement G(and (ind 2 (j)) � N n will refer to the allocation of candidate aggregator node N n to the G matrix where the primary index ind matrix is accessed concerning the index for candidate aggregator node ind 2 . Further, in this line of action, it should be noted that the loops used for authorizing the participating sensor are highly energy-efcient. Apart from this, it should be noted that the proposed algorithm authenticates only the nodes actively participating in the data aggregation process. Nodes not in range will not be participating; however, this is unlike a case as the initial deployment of nodes is carried out in such a way that it is either connected by single or multihop to each other. Te simulation of node topology is highly interconnected with each other.
Finally, the aggregator node is confrmed in this algorithm. All the other nonaggregating on-feld sensors forward the sensed farming data to this aggregator node which further aggregates the data d agg that is fnally forwarded to the sink node. Tis completes the operation of forwarding the aggregated data. It is to be noted that the proposed system has also initialized E o along with other energy parameters to ensure that less energy is consumed while performing security operations in the proposed system. Hence, a cost-efective data aggregation process is implemented in the proposed system. A discussion of the security aspect follows next. (9) ind ← ix(n act ) (10) Apply Algorithm 2 (11) For j � 1:length(ind 2 ) (12) If arb < T 1 (13) G(ind(ind 2 (j)) � N n (14) selected_ag � 1 (15) d agg ⟶ fag forward data (16) End (17) End (18) End End ALGORITHM 1: Energy-efcient data aggregation.

Algorithm for Authenticating Aggregation.
Tis algorithm works as an intermediate process in the frst algorithm of data aggregation. Te complete construction of this algorithm is carried out on certain assumptions. Te frst assumption is the presence of a distributed cloud-based storage unit capable of processing the sensitive data forwarded by on-feld sensors and then forwarded via the sink node. Te design and development of the proposed security system are carried out using improved public key encryption. Unlike the existing system, where public keys are not emphasized, the proposed system ofers signifcant encoding of public keys to ofer extended security apart from computing private keys. Te study assumes that all the distributed cloud-based storage units obtain a public and secret key, i.e., α 2 and α 3, respectively. Te next assumption is about the aggregator node capable of authenticating messages. Tey are the only authorized node to have access to the public key α 2. Te aggregator node can also forward the aggregate validation token to the distributed cloud-based storage unit. However, for extended security toward identifying the legitimacy of the aggregator node, a trusted authority, along with system parameters, generates its private key. It should be noted that owing to multiple aggregator nodes, the trusted authority generates multiple private keys specifc to the aggregator node's respective identity. Te generated private keys are stored in the temporary bufer of the node. Terefore, the role of the trusted authority (sink node) is to bridge the connection between itself and all other sensor nodes, which gather all the aggregated data and further forward it to the user application. Apart from this, trusted authority also plays a role in developing the private key. Te aggregator node is embedded with the system parameter and private key while deployed in farming region A. Te steps of the algorithm are as follows: Tis algorithm takes the input of n (number of the sensor) that yields an outcome of Auth agg (authenticated aggregation) after processing. Further, taking sensor nodes n, the algorithm constructs a cryptographic function λ, which generates a group η 2 from η 1 . Te algorithm considers α to be a random value that is generated for η 1. It should be noted that α is not a function but a variable to hold a random number of secret keys. Te study also considers the hash function of c 1 , c 2 , and c where the values of the hash c 1 and c 2 are within the probability scope of [0, 1] for η 1 while the hash value of c is another natural number and associates with η 2. Te trusted authority considers selecting two random values, a and b (natural number). Te trusted authority performs the computation of α o � b. α and α 2 � b.α and α 3 � b. Te system parameters considered by the trusted authority is param � {λ, η 1, η 2, α, c 1 , c 2 , c, α o } where the variable a is considered to be the core key. Te distributed cloud-based storage units will be a pair of public and secret keys, which are (b.α) and b, respectively. Tis completes the confguration stage. Te second process of this algorithm is to carry out the secret key generation by the sensor node for data aggregation. Te computation of this key is carried out by β i � c 1 (iden i ), while the private key is pr � (a.β i ), as shown in Line 4. It should be noted that β and pr represent the secret key (a part of the encoded public key) for data aggregation and the private key for encryption as a standard procedure for secret key management, respectively. Tis algorithm's third process is embedding a validation token within the message msg i . Te sensor node computes three variables τ i, τ 2i, and τ 3i. Te equivalent computation for these variables is as follows: τ 1i � r i .α, τ 2i � c 1 (r i , iden i, msg i ), and τ 3i � (pr i + r i .τ 2i ) as shown in Line-5. Te generation of the security token st is fnally formed, as shown in Line 5. Te fourth process of this algorithm is about performing authentication to fnd the equivalency of two conditions, cond 1 and cond 2, concerning λ. Te frst condition, cond 1, is equivalent to (τ 1i, α), while the second condition, cond 2, is λ (α o , β i ). λ(τ 2i, τ 3i ). Te ffth process of this algorithm is to Auth agg ⟶ authenticated aggregation (13) End (14) End (15) End End ALGORITHM 2: Authenticating aggregation. 6 Journal of Computer Networks and Communications carry out farming data aggregation. During data aggregation, each sensor node with a specifc identity embeds the security token with the message. After obtaining the public key α o , the aggregator node computes a new variable χ and τ 1j. Te computation of the frst variable is carried out by applying function f 3 (x) using input attribute attr, which is equivalent to c(λ(τ 1j., α 2 ),. . .), . . . , (τ 1n , α 2 )) while the computation of the second variable is carried out as χ.Στ 1j . Finally, the algorithm executes authentication of aggregated information, where the original message msg i consists of an aggregated secret token s t, generated by the sensor within a specifc subfarming region. In such a situation, the distributed cloud-based storage units check for two conditions, i.e., cond 3 and cond 4, which are represented as λ(τ 1j, α) and λ(α o , β i ). λ(τ 2 , τ 3 ), respectively. If this condition is found to be valid, then the distributed cloud-based storage unit performs the computation of public key β i and hash function c i � c(τ 2j, iden i , msg i ). Terefore, the proposed authentication algorithm mainly ofers multiple dependencies where public and private keys undergo dependable information, e.g., arbitrary numbers consideration by a trusted authority, hash functions values, and identity information are only accessible by the authorized nodes. Any attacker attempting to have access will end up in denial towards accessing these resources resulting in primary resistance towards their participation with malicious intentions. A closer look into this algorithm shows that it ofers connectivity to each step where similar variables are continued with updates in every process, which makes sure that if any step of this algorithm is compromised, the attacker does not have any control or authority to decode the contents of message msg i which require secret token s t . An attacker cannot know the process of decoding secret tokens with higher dependencies of security variables.

Result Analysis
Te implementation of the proposed algorithm is carried out over MATLAB, where the idea of analysis is to assess the impact of the proposed security algorithm on energy efciency. Tis section discusses the result obtained from the simulation study concerning its accomplishment from both energy and security perspectives.

Simulation Environment.
Te simulation environment for the proposed system consists of 1000 on-feld sensors distributed over the farming land of 1100 × 1200 m 2 area. Te complete farming area is further divided equally into four subfarming areas. Each subfarming area consists of a specifc form of on-feld sensor and one aggregator node. A sink node (also represented as a trusted authority) could be positioned at any point in the farming area. Te study considers that each sensor possesses 10 meters of sensing range capable of forwarding 5000 bytes of the data packet. Te nominal size of the control message is kept at 30 bytes which are 50 nano-joules of the initial energy considered for all the nodes. Existing studies towards energy efciency have been evaluated using energy consumption parameters mainly, while literature on security have been evaluated using multiple parameters, viz. memory utilization [31], energy in the form of electric output [33], and execution time [35]. As the proposed scheme aims for energy efciency and security, therefore performance metrics opted for are mainly energy-based metrics, execution time, and security analysis.

Analysis of Energy Efciency.
Energy consumption is the standard performance metric to assess the efectiveness of any approaches claiming to achieve energy efciency. However, for better inference, the proposed system analyzes energy efciency concerning two performance parameters, i.e., alive nodes and residual energy of the on-feld sensors. For efective analysis, the study outcome is compared with a standard work of secure LEACH [38]. Te prime reason to consider this existing system is its target of achieving security and energy efciency together. In Figure 2, a comparative analysis is shown to evaluate the performance of the proposed scheme for the number of remaining active nodes in the progressive communication rounds. Te results show that the proposed scheme outperforms the existing systems.
Te design of the security function is based on a lightweight mechanism of encryption and hashing. Another important feature of the proposed scheme is the noniterative approach of verifcation token generation, which makes it suitable for energy conservation and highly responsive in execution. Furthermore, information aggregation is carried out only through aggregator nodes, which does not allow other nodes to waste their energy in data transmission. It is also observed that the existing technology, i.e., Secured Leach, is based on a complex cryptographic mechanism, making it unsuitable for WSN-based PA. Figure 3 highlights the comparative analysis of the proposed and existing system concerning residual energy. It can be seen that the proposed system maintains a better distribution of energy utilization and sustains nodes for the longer run.
On the other hand, Figure 4 highlights that if the same secured LEACH algorithm and proposed system are analyzed for two test environments of secured data aggregation (agg-existing and agg-proposed) and insecure data aggregation (unagg-existing and unagg-proposed). It is found that the proposed system with secured aggregation always excels in a better outcome in contrast to any other situation.

Analysis of Execution Time and Security.
As the proposed system claims of a novel public key encryption scheme, therefore, it is necessary to ofer sufcient evidence to claim its efectiveness in contrast to existing public key encryption approaches, e.g., digital signature algorithm (DSA), Rivest Shamir algorithm (RSA), elliptical curve digital signature algorithm (ECDSA), Dife-Hellman key agreement protocol (DHKAP). Te proposed scheme Prop is compared with all those mentioned above public key encryption standards concerning execution time, as highlighted in Figure 5. Te outcome in Figure 4 showcases that the proposed scheme ofers approximately 52% faster execution speed in contrast to existing schemes. Te execution time of the RSA algorithm is quite as due to its larger key size and its dependency on asymmetric only.
Apart from this, RSA also has higher dependencies on third parties to authenticate the legitimacy of public keys, which is not practically accepted in PA applications. However, these problems do not exist in DSA. Still, owing to the inclusion of a complex form of the remainder operator, the DSA algorithm performs better than RSA in a given test environment, although slightly increased in its execution time. Further adoption of ECDSA ofers signifcant control over the key size. Still, its dependencies towards signature computation in dual stages consume much time, although it is a better form of authentication.
Further, DHKAP sufers from a computationally intensive process of higher dependencies over CPU resources. Te proposed scheme exhibited none of the above-stated features, making the algorithm processing quite faster. Te authentication process has less inclusion of sophisticated empirical calculations and has more conditional operation resulting in faster operation. Further, it only uses hash for encoding, making it much more lightweight.
To talk about security architecture, it is essential to investigate and know the behavior of an attacker. No attacker will attempt to directly introduce an attack as it is unaware of the attack-resistance policy. So, let us illustrate this concerning possibility of mechanisms of attacks as follows: (i) forward fooding messages via some victim node (regular on-feld sensor with poor resources) (ii) introduce themselves as a regular node by overhearing the signal being exchanged (iii) attempt to perform eavesdropping by listening to the exchange of communication Such an attack can be launched by introducing a rogue sensor over the farming area or by even using the airborne vehicle in the vicinity of the sensing range of the sensor. Hence, keeping this scenario in mind, the frst thing common in all attack-introduction approaches is understanding the legitimacy of neighboring nodes and their message. A neighboring node's frst round of legitimacy can be carried out by assessing its identity and a public key generated by a trusted authority.
Te mechanism of resisting attacks by the proposed scheme will be as follows: if this node is malicious, the value of the core key, i.e., will never match, as it is a randomly     generated number by the distributed cloud-based storage unit. Hence, the authentication fails frsthand. Even on consecutive levels, if the attackers attempt to access any chunk of the message, they will never be able to decode them. To decode, they will be required to possess the system parameters param, which is possessed only by the trusted authority. Tey will not make the mistake of requesting trusted authority for this purpose, as they will have higher chances of being caught owing to the unmatched public key. Apart from this, the keys are generated and distributed by the trusted authority itself; however, the uniqueness is that generated secret keys are encrypted forms of public keys that cannot be accessible by any unauthorized nodes. Apart from this, the distributed keys are also subjected to hashing and followed by encrypting steps ensuring that they cannot be decomposed by any secondary member who is not authorized. Terefore, the proposed system does not emphasize identifying and capturing the malicious node. Still, it ensures that if an attacker compromises an encoded data packet, they should never be able to decode it. Hence, from this potential to resist illegitimate requests, the proposed system can be claimed to resist cyber-physical, sinkhole, worm, and distributed denial-of-service.
Tables 1 and 2 show that the proposed scheme ofers a better balance between energy efciency and security demands.

Conclusion
Te proposed study has introduced a solution to balance energy efciency and security. Te key contribution of the proposed work are (i) unlike existing public-key encryption, the proposed study does not make use of sophisticated encryption apart from hashing, (ii) diferent from existing approaches of public key encryption, the proposed system performs computation as well as encoding of the public key to be forwarded in the public channel to ofer an extra layer of security, (iii) diferent from existing key management techniques, proposed system doesn't store a private key, it rather generates it whenever the transaction is required in PA, (iv) the complete modeling is carried out considering that there is preapproved information about the adversary and hence the resistivity of the proposed system towards every form of dynamic attackers are increasing in its scope of resiliency, and (v) the proposed system ofers a signifcant saving of residual energy of a maximum number of nodes as all on-feld sensors are not required to communicate directly with the sink node. Hence, the proposed system ofers a cost-efective solution for balancing energy and security issues in PA. Te proposed scheme ofers approximately 35% more alive nodes as well as 32% of higher retention of residual energy in contrast to the existing aggregation scheme. Further, the proposed scheme ofers 52% faster execution than existing schemes.
Te future work of the proposed scheme is towards accomplishing further optimization of the secure data aggregation process, considering more potential threats. For this purpose, a complex adversarial model with multiple dynamic attackers who initiate the propagation of concurrent malicious codes will be constructed. Tis is followed by further developing an optimized model which can identify it.

Data Availability
Tis research does not use any preexisting dataset. However, the experimental data are available from the authors upon reasonable request.
Approaches Advantage Limitation Prototyping [30] Can resist deauthentication attack Hardware resource inclusion is not considered Rule-based attack resistance [31,33] Flexible formulation of attack-resisting rules Attack specifc solution Software defned network [32] Ofer more intelligence Cost-efectiveness is not assessed Privacy preservation [34] Ensure better data integrity and privacy Computationally extensive algorithm Blockchain [35,36] Robust security Consumes large energy Proposed (i) Can handle multiple forms of attack and threats in PA (ii) No sophisticated encryption is used (iii) Multiple layers of security in each step (iv) A higher degree of forward and backward secrecy (v) Ofers data security along with energy efciency