- Email: [email protected]
GSR: Geographic Secured Routing using SHA-3 algorithm for node and message authentication in wireless sensor networks
Accepted Manuscript GSR: Geographic Secured Routing using SHA-3 algorithm for node and message authentication in wireless sensor networks Prathusha Laxmi B, Chilambuchelvan A
PII: DOI: Reference:
S0167-739X(17)30986-X http://dx.doi.org/10.1016/j.future.2017.05.015 FUTURE 3463
To appear in:
Future Generation Computer Systems
Received date : 20 May 2016 Revised date : 19 April 2017 Accepted date : 10 May 2017 Please cite this article as: P.L. B, C. A, GSR: Geographic Secured Routing using SHA-3 algorithm for node and message authentication in wireless sensor networks, Future Generation Computer Systems (2017), http://dx.doi.org/10.1016/j.future.2017.05.015 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
*Revised Manuscript with source files (Word document) Click here to download Revised Manuscript with source files (Word document): Prathusha_GSR_Alg_FGCS.doc Click here to view linked Referenc
GSR: Geographic Secured Routing using SHA-3 Algorithm for Node and Message Authentication in Wireless Sensor Networks PRATHUSHA LAXMI B1, CHILAMBUCHELVAN A2 R.M.K. Engineering College, Anna University Chennai – India 1[e-mail: [email protected]] 2[e-mail: [email protected]] *Corresponding author: Prathusha Laxmi B
Abstract
Secured Two Phase geographic Greedy Forwarding (SecuTPGF) is a greedy geographic forwarding protocol. It is used for transmitting multimedia data streams in wireless multimedia sensor networks (WMSNs). For a secure and reliable multimedia transmission, cryptography and user defined message authentication code (MAC) mechanisms are used in SecuTPGF. SecuTPGF uses two different algorithms for node and message authentication that incur high computation overhead. To address this issue, this paper proposes a modified version of SecuTPGF called Geographic Secured Routing (GSR). Unlike SecuTPGF, GSR provides security using both node and message authentication with low computation power. Further, GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. The effectiveness of the GSR algorithm is confirmed via security analysis and simulation evaluation. Keywords: GSR, MAC, MD5, Routing, Security, SHA-3, WMSN 1.
INTRODUCTION
Traditional wireless sensor networks (WSNs) deliver information for events such as temperature monitoring, environmental application monitoring, body area networks, speed and pressure monitoring in automobiles, and target detection in the military. Multimedia sensor networks deliver additional information for multimedia events. The transmission of multimedia streams through wireless networks is an annoying task as WSNs are composed of miniature and low-cost sensor nodes with limited resources such as processing, memory, and energy. In general [14], WSNs are deployed in open and hostile environments to monitor and provide information regarding events. Because of the open WSN environments, sensor nodes are subject to different security attacks. The performance of the network can substantially decrease when adversary activities are present in the network. Cryptography mechanisms can be employed to avoid security attacks of adversary nodes in the network. Key management provides secure generation, distribution, and storage of keys for security purposes. However, the algorithms for key management involve expensive exponential operations. They cannot be used for encrypting messages; they can only be used for establishing a secret key. No security mechanisms incorporated in Two-Phase geographic Greedy Forwarding (TPGF) [9] routing algorithm, adversary nodes can perform any adversary attacks. Security mechanisms involved in the SecuTPGF [7] routing algorithm prevent adversary nodes from joining the network by verifying the origin and integrity of the data. The SecuTPGF routing algorithm uses cryptographic and a message authentication code (MAC) mechanism for the node and message authentication, respectively; however, this incurs high computation overhead. Cryptographic hash is used to retain document security and integrity. It creates a message digest. Systems can verify a document and determine if changes were made to the original document. Even a small change in the original message will be indicated as a change in the digest, making it easier to detect accidental or intentional changes to the original message.
This paper proposes a modified version of SecuTPGF called Geographic Secured Routing algorithm (GSR); this provides security via both node and message authentication with low computation power. GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. The organization of this paper is as follows: Section 2 discusses related works on routing algorithms in WSNs. Section 3 presents the network model, attacks, and performance metrics for routing algorithms in sensor nodes. Section 4 presents the GSR routing algorithm. Section 5 presents a security analysis for GSR. Section 6 presents the simulation study of the GSR routing algorithm. Section 7 concludes the paper with future work.
2. RELATED WORK WSNs can be depicted as a graph G(V, E) where V and E represents a set of sensor nodes and the links between these sensor nodes, respectively. Among the routing protocols, geographic routing provides guaranteed packet delivery in a dense network. Routing is performed in these protocols based on location information. A node forwards a packet to the intermediate node closest to the sink node. Malicious nodes present in the network modify or tamper the packet integrity such that a benign node drops the packets as invalid. 2.1 Secure Communication The TPGF routing protocol [9] can be used in wireless multimedia sensor networks (WMSNs). In this protocol, routing is performed in two phases. The first phase is the forwarding phase, responsible for determining the possible routing path from the source nodes to the base station. The second phase is the path optimization, responsible for optimizing the identified routing path with the least number of hops. Researchers have developed different techniques that can be employed for secured communication in sensor networks. Key management and cryptography-involved algorithms have a major role in secured communication [1]. If key management is involved in the secure communication, the system consumes more power and requires more processing time. In a wireless network, power conservation is a significant factor requiring consideration. Secure routing can be performed dynamically [11] to avoid untrusted paths and continue to route, even in the presence of attacks. It can be performed using rate control, packet scheduling, and probabilistic multipath routing combined with trust-based route selection. In this method, the implications of a multi-hop localization algorithm for secure localization have not been addressed. The Ambient Trust-based secured routing protocol [10] incorporates a distributed trust model to defend against routing attacks, which it efficiently detects and prevents from participating with nodes and providing incorrect trust information during the execution of the protocol, thereby providing an efficient method to address several attacks. This method does not address higher layer attacks such as intrusion detection attacks or Sybil attacks. Self-adaptive trust-based model secure communication [13] has been incorporated into greedy perimeter stateless routing (GPSR). It dynamically identifies adversary nodes and has demonstrated substantial improvement in packet delivery ratio, throughput, and the number of packets compared to a well-known trust-based GPSR protocol. The GPSR protocol uses face routing to bypass holes that cannot guarantee delivery with arbitrary connectivity under realistic conditions. Denial of service attacks are a challenging problem in WMSNs [3] and continue to be one of the main research challenges in WMSNs. SecuTPGF [7] provides security during the identification of 1-hop neighbours and route discovery. Authentication of the nodes is performed by a symmetric key establishment. Key exchange ID implemented between the communicating nodes by a method called identity-based non-interactive key distribution scheme. Message authentication is performed using a user-defined MAC algorithm. In this method, the security and reliability of the transmission is performed with high computation overhead owing to the use of two different algorithms for node and message authentication.
The Geographic Secured Two Phase Routing (GSTP) using MD5 algorithm [16] provides security via both node and message authentication with low computation power. A comparative analysis of MD5 and SHA-3 [15] with different parameters such as securities, message digest length, speed, and attacks depicts SHA-3 as more secure than MD5. Successful attacks have been reported to some extent in the case of MD5, whereas no such attacks have been reported in the case of SHA-3. MD5 is faster than SHA-3. Owing to reduced circuitry, SHA-3 can function better on small devices such as sensors. SHA-3 is intended for use with digital signature applications. 2.2 Performance Evaluation of Routing Protocols Sensor nodes have a limited transmission range, processing, storage capabilities, and energy resources. Evaluation parameters for the performance of a routing protocol [4] should be based on processor speed, memory utilized, routing methods involved, and energy conservation. The routing methods involved in the routing protocol should provide the minimum end-to-end delay. Maximum streaming data gathering and minimum transmission delay algorithms [8] should be executed during the initial stage of a routing; the node selects the appropriate transmission radius to provide the minimum end-to-end delay in the transmission. In WSNs, data is forwarded using multi-hop mechanisms. Research developers provide different metrics [2] that provide routing algorithms with high flexibility in the selection of the next path and offering a compromise between throughput, end-to-end delay, and energy consumption. 2.3 Simulator Performance In the selection of appropriate simulators for simulating the results, different simulator performance parameters must be considered. The simulator should provide accurate simulation results in real-time environments, the capability to run on different platforms, and capability to deploy large-scale simulation environments. The NetTopo simulator [5,6] is a platform independent tool. It has the capability of deploying large-scale simulation environments and provides accurate simulation results in real-time environments. Implementing new algorithms in the NetTopo simulator involves a three-step process: i) modifying a new node Java class; ii) modifying a new topology Java class and registering this class; and iii) developing a new algorithm with the support of the existing algorithm. An optimization technique improves network accuracy. The nonlinear autoregressive neural network [12] for calibration and testing of networks uses an optimization technique for the number of neurons present in the higher layer of the network to improve the network accuracy. This paper proposes GSR, a modified version of SecuTPGF. GSR provides security via both node and message authentication with low computation power. GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. For the evaluation of GSR, power-aware metrics such as end-to-end delay and path length are considered. Different security attacks such as spoofing and Sybil attack are considered. The NetTopo simulator is used for simulation to provide accurate results.
3.
NETWORK MODEL, ATTACKS, AND PERFORMANCE METRICS
In this section, we discuss: i) the network model proposed and various assumptions considered from previous works; ii) the security attacks considered, and iii) the performance metrics to evaluate the performance of the GSR routing algorithm. 3.1 Network Model and Assumptions
In the considered WSNs, all nodes are stationary and the links used for communication between the nodes are symmetrical. The base station is trustworthy and not resource-constrained. Sensor node GPS or localization algorithms are used to determine the geographic location of the sensor nodes. It is assumed that each node can sustain a certain time interval before it is compromised. Sensor nodes are not trusted, which is a common assumption in WSNs because it is relatively easy for an adversary to capture and compromise sensor nodes. Finally, we use a hash-based cryptography scheme in the GSR algorithm to increase the performance of the network, even when adversary activities are present in the network. 3.2 Security Attacks Adversary nodes present inside and outside of the network interfere in the routing protocol. In this subsection, the various attacks that GSR can expose are discussed.
Spoofing: A spoofing attack is a situation where an adversary node successfully masquerades as another by generating false data, thereby gaining an illegitimate advantage.
Sybil Attack: In a Sybil attack, an adversary node assumes multiple identities and forges locations, thereby corrupting the reputation system.
Wormhole attacks: This attack is used to fake a route that is shorter than the original route within the network; this influences the routing mechanism in the network.
Flooding: This is a denial of service (DoS) attack that is designed to bring a network or service down by flooding the network with large amounts of traffic.
Selective Forwarding: Adversary nodes selectively forward messages instead of forwarding all the received messages. In some cases, it completely drops all the messages it receives.
3.3 Network Performance Metrics The following network performance metrics are considered for evaluation of the proposed routing algorithm [7]: End-to-End Delay: This refers to the length of the time required to transmit information from the source node to the sink node. The average delay of each hop is Dhop + Dotherfactors. De2e = k * (Dhop + Dotherfactors)
(1)
where k is number of hops, Dhop is the delay in transmission, and Dotherfactor is the delay based on other factors. For each hop (Dhop + Dotherfactors), the average delay is a fixed value. Therefore,
De2e α k
(2)
From (2), the end-to-end delay is directly proportional to the number of hops, k. If the number of hops is less, the end-to-end delay, that is, the time required to transmit the information, is also reduced. Path length: This refers to the sum of the weights associated with each link visited. Some routing protocols use hop count, a metric that indicates the number of forwarding nodes that a packet must pass through from a source node to a destination node. PLength= k (Number of Hops) 4.
(3)
GEOGRAPHIC SECURED ROUTING USING SHA-3 ALGORITHM
The GSR algorithm comprises three phases: i) network setup; ii) discovering secured 1-hop nodes; iii) transmission through secured 1-hop nodes.
4.1 Network setup The WSN manager, an authenticated authority (base station), deploys the network and performs the initialization process using its own infrastructure to minimize the power consumption of the other nodes. After deploying the sensor network, the ID of each of the sensor node is processed by the base station. Initially, each of the sensor node’s ID hash value is computed using the SHA-3 algorithm and the computed hash value is stored as an attribute in the sensor node as indicated in Figure 1. The pseudocode for generating the hash value using SHA-3 is: Step1: Pad the original message length (in bits) to be congruent to 448, modulo 512 when padding bits are appended. To the original message, add the padding bits such that the length of the message is 64 bits and a multiple of 512. Step2: Divide the input message into 512-bit blocks. Step3: Initialize the five chaining variables of 32 bits each = 160 bits total. Step4: Process message in 512-bit blocks looping through padded and appended message in blocks (512 bits each). Each 512-bit block is divided into 16 sub-blocks. For each input block, four rounds containing 20 operations each are performed.
Figure 1: Flow graph of Network Setup Algorithm for Network Setup
Deploy_setup (nodes n, Area(x, y)) Step1: ‘n’ nodes are deployed in the area (x, y) Step 2: for (i=1; i<=n; i++) i) Get ith node ID. ii) Compute the hash value of the ID using the SHA-3 algorithm. (SHA_Hash(ID)) iii) Computed hash value of the ID is stored as an attribute in the sensor node. (Store_attribute(H_value,ID))
Upon completion of the deployment and setup phase, the next phase, discovering secured 1-hop nodes, is initiated by the source node of the network.
4.2 Discovering secured 1-hop nodes By discovering secured 1-hop nodes, adversary nodes are prevented from joining the WSN; only authentic nodes are allowed to join the network at the first stage. Using the SHA-3 algorithm, a hash value of each of the sensor node IDs is computed and used for authentication purposes. After the deployment of the sensor nodes in the network, each of the node attempts to discover its 1-hop nodes by broadcasting a message consisting of its Identity (ID), Geographic Location (GL), and a hash value attribute (HVA). It then waits for each 1-hop neighbour node to respond.
Figure 2: Flow graph of Discovering Secured 1-hop Nodes
Algorithm for discovering secured 1-hop nodes Discover_1_hop_secured_node (Forwarding node ID, Geographic Location, Hash Value) Step1: Each of the nodes broadcasts a message to the nodes in the network. Ex: Node A broadcasts as A *: HELLO (IDA, GLA, HVAA) (4) * Indicates all the nodes in the network. IDA - ID of the forwarding node. GLA - Geographic location of the forwarding node. HVAA - Hash value of the forwarding node. Step 2: Neighbouring nodes compute the hash value of the forwarding node ID. If (computed hash value = stored hash value) Send response to the forwarding node (Node A) with ID, GL, and VB authenticator. B A: (IDB, GLB, VB) (5) VB = H (IDB) (6) Step 3: After receiving response message from neighbouring node (Node B). Node A generates VB’. VB’ = Stored HVA (IDB) (7) Step 4: if (VB = VB’), update the neighbour list with the neighbouring node (Node B) Every node in the network verifies that the neighbouring node is a secured 1-hop node, establishes a secure link, and adds the node to its secured 1-hop neighbour list as indicated in Figure 2. 4.3 Transmission through secured 1-hop nodes The source node initiates the routing process and forwards a request to the secured 1-hop node nearest, of all its secured 1-hop neighbour nodes, to the base station. When the forwarding node receives the request, it verifies it has a secured 1-hop node to transmit. If it has a secured 1-hop node to transmit, it forwards a request to the next forwarding node or base station; otherwise, it is marked as a ‘block’ situation. To resolve this situation, it steps back to its previous secured 1-hop node and marks itself as a ‘block secured 1-hop node’. From the previous step, a secured node attempts to determine the next secured 1-hop neighbour node. As indicated in Figure 3, the step back
and mark are executed repeatedly to identify the next secured 1-hop node for greedy forwarding. A number-based label is given to the identified 1-hop secured node along with the path number.
Figure 3: Flow graph of Secured Forwarding and Transmission Algorithm for Secured Forwarding and Transmission
Transmission_Multimedia (source node S) Step 1: If (next 1-hop node is base station) Base station sends acknowledgment to the source node Optimizing the found path Step 2: If (next 1-hop node is not base station) If (forwarding node has secured 1-hop node) Select secured 1-hop node nearest to base station. Else i) Mark it as a Block situation. ii) Go to the previous step. Optimize (base station destination D) Step 1: while (not source node) If (path number of secured_1_hop_node = base station’s path number) and (node number > base station) Acknowledgment is sent back to that node. Step 2: Release the nodes that are not used for transmission. i)
An acknowledgment is returned to the source node from the base station when a routing path is determined. The acknowledgment is sent through the 1-hop secured nodes that possess the largest node number and the same path number. During the reverse transmission on the determined path, optimization is performed in the each of the intermediate nodes to eliminate path circles in such a manner that more than two nodes are neighbours of another sensor node in the path. After receiving the acknowledgment, with the pre-assigned path number, the source node
initiates the multimedia data transmission. A release command is executed to all the other 1-hop nodes not involved in the transmission.
5.
SECURITY ANALYSIS IN GSR
Adversary nodes present both inside and outside of the network interfere in the routing protocol. In this section, the GSR routing protocol is evaluated by considering the attacks that are addressed in the SecuTPGF routing protocol. The method implemented by GSR to prevent these attacks is discussed. 5.1 Outside Adversary: Using unauthorized nodes, outside adversaries attack communications in the network.
Impersonation: Because of the discovering secured 1-hop nodes function, adversaries cannot impersonate authorized nodes into WSNs. Only authenticated nodes having Trusted Authority (base station) clearance have mutual authentications.
Counterfeit and Tampering: Counterfeit objects may include routing requests, acknowledgments, and step back and mark messages generated by adversary nodes. These messages cannot be introduced into the network by unauthorized nodes because GSR receives routing messages from legitimate nodes that are in the neighbour table. If the adversary modifies any of the information present in the counterfeit object, it will be detected by the MAC algorithm.
Spoofing/Replay: In GSR, each node participating in the routing is authenticated by a trusted authority; therefore, impersonation is not feasible. Spoofing is also not possible because only authenticated nodes are allowed to join the network. If spoofing is launched on the network, it affects only the part of the network that is localized.
5.2 Inside Adversary: Physical protection of sensor nodes in a WSN is a challenging task. The sensor nodes in a WSN may be protected against tampering by tamper proofing the physical packages of the sensors. Detection and prevention of attacks that occur inside the network are more complicated and difficult. GSR cannot prevent these attacks completely; however, the impact of these attacks can be reduced in the entire network.
Wormhole Attacks: The Packet Leashes technique is used to mitigate this attack. In GSR’s discovering secured 1-hop node phase before including a neighbour into its neighbour table, a node can check the maximum distance of the node, which is approximately its transmission radius. A description of the wormhole is given below: WHATT (Network N, Transmission_Radius r) Check every node ‘n’ in N do If (node_max_radius < r) Include node n in its neighbor list Else Insert it into blacklist Sybil Attack: An adversary cannot insert nodes with false IDs into the network because nodes with false IDs do not have Trusted Authority clearance. This attack is not feasible. Node Replication Attack: By checking the base station regularly, the impact of this attack can be reduced. Because the entire determined routing path in TPGF are node-disjoint routing paths, if a node involved in the routing is in more than one path simultaneously, that node is a replicated node and the node ID is included in the blacklist and removed from the WSN.
Selective Forwarding: Monitoring the transmission behaviour of the next-hop neighbours can mitigate this attack. In a promiscuous mode situation, a node overhears the wireless transmission of its 1-hop neighbour node. If Node A is an authenticated previous hop node and decides that its next 1-hop Node B is an adversary node, it sends a routing failure message to the source node and includes Node B’s ID in the black list. Upon verification, the source node initiates alternate route discovery. If the next 2-hop neighbours are adversary nodes, the solution is an end-to-end acknowledgment from the base station. However, this solution may incur additional delay.
6.
SIMULATION STUDY
6.1 Simulation Setup The NetTopo simulator was used to simulate the GSR routing algorithm. The GSR routing algorithm was incorporated in the well-known geographic routing protocol called Two Phase geographic Greedy Forwarding (TPGF) [9] routing protocol. Because GSR uses the standard SHA-3 algorithm to provide security, its performance is compared with a secured-based TPGF (SecuTPGF) built with user defined security algorithms against various network metrics such as the number of routing paths and average path length. A source node was deployed at the geographic location (50,50) and the base station was deployed at the location (600,350). Adversary nodes were inserted to test the robustness of the GSR routing algorithm. Simulation parameters are detailed in Table 1. The simulations were conducted on a network size of 640 × 400 by changing the number of nodes deployed from 100 to 1000; average values of the results are displayed.
Table 1 Simulation Parameters
Parameter Network Size Number of Sensor Nodes Number of base station Number of source nodes Initial Energy of sensor nodes Transmission Radius Expected lifetime
Value 640 × 400 m 100 – 1000 1 1 10 J 60 – 120 m 1 – 14 h
6.2 Evaluation 6.2.1 Performance of Adversary Nodes in the Path Length during secured 1-hop node discovery Figure 4 plots the average number of hops before optimization. It can be observed from the graph that the number of hops was substantially decreased, even in the presence of 25 percent adversary nodes in the network, when the number of nodes deployed was in the range 100 to 800; it then gradually increased. This indicates that GSR is dynamic in identifying alternate paths as the number of nodes increases in the network. It can also be observed that the average number of hops for GSR with 25% adversary nodes was marginally greater than that of SecuTPGF as the number of nodes to be deployed increased. In the GSR routing algorithm, the hash value of the neighbouring node is computed for every forwarding node and is compared with the local hash value present in the base station to identify adversary nodes. It is because of the ability of GSR to identify the best-secured node for every forwarding node that routing is accomplished through a secured node.
Figure 4: Average Number of Hops with 25 percent adversary nodes - Before Optimization in SecuTPGF and SHA-3 Algorithm
Figure 5 plots the average number of hops after optimization. It can be observed that the number of hops has been decreased substantially in the network. This is because optimization is performed at each forwarding node to avoid path circles. Through optimization, the average number of hops was substantially reduced in the network.
Figure 5: Average Number of Hops with 25 percent adversary nodes –After Optimization SecuTPGF and SHA-3 Algorithm
6.2.2. Number of Paths found with Adversary nodes: In this section, we evaluate the probability of a node being selected in one of the paths generated by TPGF routing. The simulation was performed by deploying 500 sensor nodes and varying the number of adversary nodes. To increase the probability of an adversary node being selected in the routing path, we deployed the adversary nodes near the direct line between the source node (50, 50) and the base station (600, 350).
Figure 6: Average Number of Paths in SecuTPGF and GSR- SHA-3 Algorithm
Figure 6 plots the average number of paths by varying the number of malicious nodes. It can be observed from the graph that the number of paths found by the GSR algorithm was decreased substantially in the presence of 25 percent adversary nodes in the network when the number of nodes deployed was greater than 500. In GSR, the number of paths found was less than SecuTPGF in the environment where the adversary nodes could not perform attacks because GSR dynamically avoids adversary nodes for routing. In GSR, adversary nodes fail to authenticate and cannot participate in the network routing. Hence, the entire found path is free of adversary nodes.
Figure 7: Average End-to-End Delay vs Expected Life Time
Maximum transmission radius is an important parameter that affects the amount of information received at the base station. Figure 7 plots the average End-to-End Delay vs Expected Lifetime. It can be observed that the average
number of hops decreased substantially as the transmission radius increased from 60 to 120 m over a period of time. The number of nodes deployed was 500. The results are presented for different transmission radii. Tables 2 and 3 present a comparison of the routing protocols, SecuTPGF and GSR, based on attacks and design parameters. Table 2 Comparison based on Design Parameters
Parameters
SecuTPGF
GSR
Network Type
WSN
WSN
Overhead (computation Cost)
High
Low
Security
Limited (User Defined authentication method)
Good (Standard SHA-3 Algorithm)
Scalability
Good
Good
End-to-End Delay
High
Low
Table 3 Comparison based on Attacks
Parameters
SecuTPGF
GSR
Spoofing
Yes (computation is required)
Yes (No computation)
Sybil Attack
Yes (computation is required)
Yes (No computation)
Wormhole Attack
Yes
Yes
Flooding
Yes
Yes
Selective Forwarding
Yes
Yes
By comparing both cases regarding security and design parameters, it can be observed that GSR is the best in both cases. GSR was developed primarily for energy efficiency; however, it also provides the best security. GSR identifies adversary nodes with low computation power using the standard SHA-3 algorithm for authentication rather than user-defined authentication methods.
7.
CONCLUSION AND FUTURE WORK
SecuTPGF uses two different algorithms for node and message authentication that incur high computation overhead. A modified version of SecuTPGF, called Geographic Secured Routing (GSR), is a secured routing protocol proposed and implemented in this study. The proposed GSR was incorporated into Two Phase Geographic Forwarding routing protocol and demonstrated its performance against various design and security metrics. GSR identifies the adversary nodes with low computation power using the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. Simulation results confirm that GSR is robust against detecting adversary nodes. In a future work, we will consider duty-cycled GSR for energy conservation and develop security algorithms for avoiding various attacks on sleep scheduling algorithms.
8.
References
[1] Ajay Kakkar, M.L. Singh, P.K. Bansal, Comparison of various Encryption Algorithms and Techniques for Secured Data Communication in Multinode Network, International Journal of Engineering and Technology, Vol 2 No.1, pp. 87-92 , 2012. [2] EswarRao.K, K.Naresh Kumar, Performance Analysis of Routing Metrics for Wireless Sensor Networks, International Journal of Modern Engineering Research, Vol. 2, Issue 6, pp-4128 – 4132 , 2012 [3] Guerrero-Zapata, M., Zilan, R., Barcel-Ordinas, J., Bicakci, K., Tavli, B.: The Future of Security in Wireless Multimedia Sensor Networks, Telecommunication Systems, Vol.45, No.1, pp.77-91, 2010. [4] I. Khemapech, A. Miller, and I. Duncan, “Simulating wireless sensor networks,” Technical Reports, School of Computer Science, University of St Andrews, 2005. [5] L. Shu, C. Wu, M. Hauswirth, NetTopo: Beyond Simulator and Visualizer for Wireless Sensor Networks, Technical Report of Digital Enterprise Research Institute, July, 2008. [6] Lei shu, Manfred Hauswirth, Han-Chieh Chao, Min Chen, Yan Zhang, NetTopo: A framework of simulation and visualization for wireless sensor networks, Adhoc Networks, Vol. 9, pp. 799-820, 2011. [7] Mulugeta T., Shu, L., Hauswirth, M., Chen, M., Hara, T., Nishio, “Secure Two Phase geographic Forwarding Routing Protocol in Wireless Multimedia Sensor Networks”, IEEE Transactions on Information Theory, Vol.22, No.6, pp. 644-654, 2010. [8] Shu, L., Zhang, Y., Zhou, Z., Hauswirth, M., Yu, Z., Hynes, G.: Transmitting and Gathering Streaming Data in Wireless Multimedia Sensor Networks within Expected Network Lifetime. ACM/Springer Mobile Networks and Applications (MONET), Vol.13, No.34, pp.306-322 , 2008. [9] Shu, L., Zhang, Y., Yang, L.T., Wang, Y., Hauswirth, M., Xiong, N.X.: TPGF: Geographic Routing in Wireless Multimedia Sensor Networks, Telecommunication Systems, Vol.44, No.12, pp.79-95, 2010. [10] Mariano García-Otero, Theodore Zahariadis, Federico Álvarez, Helen C. Leligou, Adrián Población-Hernández, Panagiotis Karkazis and Francisco J. Casajús-Quirós, “Secure Geographic Routing in Ad Hoc and Wireless Sensor Networks” , EURASIP Journal on Wireless Communications and Networking, 2010. [11] K. D. Kang, K. Liu, and N. Abu-Ghazaleh, “Securing geographic routing in wireless sensor networks,” in Proc. 2006. [12] Mohammad Valipour, “Optimization of neural networks for precipitation analysis in a humid region to detect drought and wet year alarms”, Meteorological Applications, Volume 23, Issue 1, pp 91–100, January 2016. [13] P. Raghu Vamsi, Krishna Kant, “Self-Adaptive Trust Model for Secure Geographic Routing in Wireless Sensor Networks” , I.J. Intelligent Systems and Applications, Vol. 3, pp 21-28, February 2015. [14] I.F.Akyildiz, W.Su, Y Sankarasubramaniam, E. Cayirci,”Wireless Sensor Networks: A Survey”, Computer Networks, Elsevier, Volume 38, Issue 4, pp 393-422, 15 March 2002. [15] Piyush Gupta, Sandeep Kumar, “A Comparative Analysis of SHA and MD5 Algorithm”, International Journal of Computer Science and Information Technologies, Vol. 5, Issue 3, pp 4492-4495, 2014. [16] B. Prathusha Laxmi, A. Chilambuchelvan, “GSTP: Geographic Secured Two Phase Routing Using MD5 Algorithm”, Circuits and Systems, Vol. 07, No.08, June 2016.
*Biographies (Text)
Boddula Prathusha Laxmi Associate Professor, R.M.K. Engineering College, Chennai Ph.D. Student, Anna University, Chennai M.E. Anna University, Chennai Research Interests: Wireless Sensor Networks, Routing Algorithms
Chilambuchelvan Arul Gnanaprakasam Professor, R.M.K. Engineering College, Chennai M.E. Coimbatore Institute of Technology, Coimbatore Research Interests: Embedded System, VLSI design and soft computing
*Biographies (Photograph)
PII: DOI: Reference:
S0167-739X(17)30986-X http://dx.doi.org/10.1016/j.future.2017.05.015 FUTURE 3463
To appear in:
Future Generation Computer Systems
Received date : 20 May 2016 Revised date : 19 April 2017 Accepted date : 10 May 2017 Please cite this article as: P.L. B, C. A, GSR: Geographic Secured Routing using SHA-3 algorithm for node and message authentication in wireless sensor networks, Future Generation Computer Systems (2017), http://dx.doi.org/10.1016/j.future.2017.05.015 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
*Revised Manuscript with source files (Word document) Click here to download Revised Manuscript with source files (Word document): Prathusha_GSR_Alg_FGCS.doc Click here to view linked Referenc
GSR: Geographic Secured Routing using SHA-3 Algorithm for Node and Message Authentication in Wireless Sensor Networks PRATHUSHA LAXMI B1, CHILAMBUCHELVAN A2 R.M.K. Engineering College, Anna University Chennai – India 1[e-mail: [email protected]] 2[e-mail: [email protected]] *Corresponding author: Prathusha Laxmi B
Abstract
Secured Two Phase geographic Greedy Forwarding (SecuTPGF) is a greedy geographic forwarding protocol. It is used for transmitting multimedia data streams in wireless multimedia sensor networks (WMSNs). For a secure and reliable multimedia transmission, cryptography and user defined message authentication code (MAC) mechanisms are used in SecuTPGF. SecuTPGF uses two different algorithms for node and message authentication that incur high computation overhead. To address this issue, this paper proposes a modified version of SecuTPGF called Geographic Secured Routing (GSR). Unlike SecuTPGF, GSR provides security using both node and message authentication with low computation power. Further, GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. The effectiveness of the GSR algorithm is confirmed via security analysis and simulation evaluation. Keywords: GSR, MAC, MD5, Routing, Security, SHA-3, WMSN 1.
INTRODUCTION
Traditional wireless sensor networks (WSNs) deliver information for events such as temperature monitoring, environmental application monitoring, body area networks, speed and pressure monitoring in automobiles, and target detection in the military. Multimedia sensor networks deliver additional information for multimedia events. The transmission of multimedia streams through wireless networks is an annoying task as WSNs are composed of miniature and low-cost sensor nodes with limited resources such as processing, memory, and energy. In general [14], WSNs are deployed in open and hostile environments to monitor and provide information regarding events. Because of the open WSN environments, sensor nodes are subject to different security attacks. The performance of the network can substantially decrease when adversary activities are present in the network. Cryptography mechanisms can be employed to avoid security attacks of adversary nodes in the network. Key management provides secure generation, distribution, and storage of keys for security purposes. However, the algorithms for key management involve expensive exponential operations. They cannot be used for encrypting messages; they can only be used for establishing a secret key. No security mechanisms incorporated in Two-Phase geographic Greedy Forwarding (TPGF) [9] routing algorithm, adversary nodes can perform any adversary attacks. Security mechanisms involved in the SecuTPGF [7] routing algorithm prevent adversary nodes from joining the network by verifying the origin and integrity of the data. The SecuTPGF routing algorithm uses cryptographic and a message authentication code (MAC) mechanism for the node and message authentication, respectively; however, this incurs high computation overhead. Cryptographic hash is used to retain document security and integrity. It creates a message digest. Systems can verify a document and determine if changes were made to the original document. Even a small change in the original message will be indicated as a change in the digest, making it easier to detect accidental or intentional changes to the original message.
This paper proposes a modified version of SecuTPGF called Geographic Secured Routing algorithm (GSR); this provides security via both node and message authentication with low computation power. GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. The organization of this paper is as follows: Section 2 discusses related works on routing algorithms in WSNs. Section 3 presents the network model, attacks, and performance metrics for routing algorithms in sensor nodes. Section 4 presents the GSR routing algorithm. Section 5 presents a security analysis for GSR. Section 6 presents the simulation study of the GSR routing algorithm. Section 7 concludes the paper with future work.
2. RELATED WORK WSNs can be depicted as a graph G(V, E) where V and E represents a set of sensor nodes and the links between these sensor nodes, respectively. Among the routing protocols, geographic routing provides guaranteed packet delivery in a dense network. Routing is performed in these protocols based on location information. A node forwards a packet to the intermediate node closest to the sink node. Malicious nodes present in the network modify or tamper the packet integrity such that a benign node drops the packets as invalid. 2.1 Secure Communication The TPGF routing protocol [9] can be used in wireless multimedia sensor networks (WMSNs). In this protocol, routing is performed in two phases. The first phase is the forwarding phase, responsible for determining the possible routing path from the source nodes to the base station. The second phase is the path optimization, responsible for optimizing the identified routing path with the least number of hops. Researchers have developed different techniques that can be employed for secured communication in sensor networks. Key management and cryptography-involved algorithms have a major role in secured communication [1]. If key management is involved in the secure communication, the system consumes more power and requires more processing time. In a wireless network, power conservation is a significant factor requiring consideration. Secure routing can be performed dynamically [11] to avoid untrusted paths and continue to route, even in the presence of attacks. It can be performed using rate control, packet scheduling, and probabilistic multipath routing combined with trust-based route selection. In this method, the implications of a multi-hop localization algorithm for secure localization have not been addressed. The Ambient Trust-based secured routing protocol [10] incorporates a distributed trust model to defend against routing attacks, which it efficiently detects and prevents from participating with nodes and providing incorrect trust information during the execution of the protocol, thereby providing an efficient method to address several attacks. This method does not address higher layer attacks such as intrusion detection attacks or Sybil attacks. Self-adaptive trust-based model secure communication [13] has been incorporated into greedy perimeter stateless routing (GPSR). It dynamically identifies adversary nodes and has demonstrated substantial improvement in packet delivery ratio, throughput, and the number of packets compared to a well-known trust-based GPSR protocol. The GPSR protocol uses face routing to bypass holes that cannot guarantee delivery with arbitrary connectivity under realistic conditions. Denial of service attacks are a challenging problem in WMSNs [3] and continue to be one of the main research challenges in WMSNs. SecuTPGF [7] provides security during the identification of 1-hop neighbours and route discovery. Authentication of the nodes is performed by a symmetric key establishment. Key exchange ID implemented between the communicating nodes by a method called identity-based non-interactive key distribution scheme. Message authentication is performed using a user-defined MAC algorithm. In this method, the security and reliability of the transmission is performed with high computation overhead owing to the use of two different algorithms for node and message authentication.
The Geographic Secured Two Phase Routing (GSTP) using MD5 algorithm [16] provides security via both node and message authentication with low computation power. A comparative analysis of MD5 and SHA-3 [15] with different parameters such as securities, message digest length, speed, and attacks depicts SHA-3 as more secure than MD5. Successful attacks have been reported to some extent in the case of MD5, whereas no such attacks have been reported in the case of SHA-3. MD5 is faster than SHA-3. Owing to reduced circuitry, SHA-3 can function better on small devices such as sensors. SHA-3 is intended for use with digital signature applications. 2.2 Performance Evaluation of Routing Protocols Sensor nodes have a limited transmission range, processing, storage capabilities, and energy resources. Evaluation parameters for the performance of a routing protocol [4] should be based on processor speed, memory utilized, routing methods involved, and energy conservation. The routing methods involved in the routing protocol should provide the minimum end-to-end delay. Maximum streaming data gathering and minimum transmission delay algorithms [8] should be executed during the initial stage of a routing; the node selects the appropriate transmission radius to provide the minimum end-to-end delay in the transmission. In WSNs, data is forwarded using multi-hop mechanisms. Research developers provide different metrics [2] that provide routing algorithms with high flexibility in the selection of the next path and offering a compromise between throughput, end-to-end delay, and energy consumption. 2.3 Simulator Performance In the selection of appropriate simulators for simulating the results, different simulator performance parameters must be considered. The simulator should provide accurate simulation results in real-time environments, the capability to run on different platforms, and capability to deploy large-scale simulation environments. The NetTopo simulator [5,6] is a platform independent tool. It has the capability of deploying large-scale simulation environments and provides accurate simulation results in real-time environments. Implementing new algorithms in the NetTopo simulator involves a three-step process: i) modifying a new node Java class; ii) modifying a new topology Java class and registering this class; and iii) developing a new algorithm with the support of the existing algorithm. An optimization technique improves network accuracy. The nonlinear autoregressive neural network [12] for calibration and testing of networks uses an optimization technique for the number of neurons present in the higher layer of the network to improve the network accuracy. This paper proposes GSR, a modified version of SecuTPGF. GSR provides security via both node and message authentication with low computation power. GSR uses the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. For the evaluation of GSR, power-aware metrics such as end-to-end delay and path length are considered. Different security attacks such as spoofing and Sybil attack are considered. The NetTopo simulator is used for simulation to provide accurate results.
3.
NETWORK MODEL, ATTACKS, AND PERFORMANCE METRICS
In this section, we discuss: i) the network model proposed and various assumptions considered from previous works; ii) the security attacks considered, and iii) the performance metrics to evaluate the performance of the GSR routing algorithm. 3.1 Network Model and Assumptions
In the considered WSNs, all nodes are stationary and the links used for communication between the nodes are symmetrical. The base station is trustworthy and not resource-constrained. Sensor node GPS or localization algorithms are used to determine the geographic location of the sensor nodes. It is assumed that each node can sustain a certain time interval before it is compromised. Sensor nodes are not trusted, which is a common assumption in WSNs because it is relatively easy for an adversary to capture and compromise sensor nodes. Finally, we use a hash-based cryptography scheme in the GSR algorithm to increase the performance of the network, even when adversary activities are present in the network. 3.2 Security Attacks Adversary nodes present inside and outside of the network interfere in the routing protocol. In this subsection, the various attacks that GSR can expose are discussed.
Spoofing: A spoofing attack is a situation where an adversary node successfully masquerades as another by generating false data, thereby gaining an illegitimate advantage.
Sybil Attack: In a Sybil attack, an adversary node assumes multiple identities and forges locations, thereby corrupting the reputation system.
Wormhole attacks: This attack is used to fake a route that is shorter than the original route within the network; this influences the routing mechanism in the network.
Flooding: This is a denial of service (DoS) attack that is designed to bring a network or service down by flooding the network with large amounts of traffic.
Selective Forwarding: Adversary nodes selectively forward messages instead of forwarding all the received messages. In some cases, it completely drops all the messages it receives.
3.3 Network Performance Metrics The following network performance metrics are considered for evaluation of the proposed routing algorithm [7]: End-to-End Delay: This refers to the length of the time required to transmit information from the source node to the sink node. The average delay of each hop is Dhop + Dotherfactors. De2e = k * (Dhop + Dotherfactors)
(1)
where k is number of hops, Dhop is the delay in transmission, and Dotherfactor is the delay based on other factors. For each hop (Dhop + Dotherfactors), the average delay is a fixed value. Therefore,
De2e α k
(2)
From (2), the end-to-end delay is directly proportional to the number of hops, k. If the number of hops is less, the end-to-end delay, that is, the time required to transmit the information, is also reduced. Path length: This refers to the sum of the weights associated with each link visited. Some routing protocols use hop count, a metric that indicates the number of forwarding nodes that a packet must pass through from a source node to a destination node. PLength= k (Number of Hops) 4.
(3)
GEOGRAPHIC SECURED ROUTING USING SHA-3 ALGORITHM
The GSR algorithm comprises three phases: i) network setup; ii) discovering secured 1-hop nodes; iii) transmission through secured 1-hop nodes.
4.1 Network setup The WSN manager, an authenticated authority (base station), deploys the network and performs the initialization process using its own infrastructure to minimize the power consumption of the other nodes. After deploying the sensor network, the ID of each of the sensor node is processed by the base station. Initially, each of the sensor node’s ID hash value is computed using the SHA-3 algorithm and the computed hash value is stored as an attribute in the sensor node as indicated in Figure 1. The pseudocode for generating the hash value using SHA-3 is: Step1: Pad the original message length (in bits) to be congruent to 448, modulo 512 when padding bits are appended. To the original message, add the padding bits such that the length of the message is 64 bits and a multiple of 512. Step2: Divide the input message into 512-bit blocks. Step3: Initialize the five chaining variables of 32 bits each = 160 bits total. Step4: Process message in 512-bit blocks looping through padded and appended message in blocks (512 bits each). Each 512-bit block is divided into 16 sub-blocks. For each input block, four rounds containing 20 operations each are performed.
Figure 1: Flow graph of Network Setup Algorithm for Network Setup
Deploy_setup (nodes n, Area(x, y)) Step1: ‘n’ nodes are deployed in the area (x, y) Step 2: for (i=1; i<=n; i++) i) Get ith node ID. ii) Compute the hash value of the ID using the SHA-3 algorithm. (SHA_Hash(ID)) iii) Computed hash value of the ID is stored as an attribute in the sensor node. (Store_attribute(H_value,ID))
Upon completion of the deployment and setup phase, the next phase, discovering secured 1-hop nodes, is initiated by the source node of the network.
4.2 Discovering secured 1-hop nodes By discovering secured 1-hop nodes, adversary nodes are prevented from joining the WSN; only authentic nodes are allowed to join the network at the first stage. Using the SHA-3 algorithm, a hash value of each of the sensor node IDs is computed and used for authentication purposes. After the deployment of the sensor nodes in the network, each of the node attempts to discover its 1-hop nodes by broadcasting a message consisting of its Identity (ID), Geographic Location (GL), and a hash value attribute (HVA). It then waits for each 1-hop neighbour node to respond.
Figure 2: Flow graph of Discovering Secured 1-hop Nodes
Algorithm for discovering secured 1-hop nodes Discover_1_hop_secured_node (Forwarding node ID, Geographic Location, Hash Value) Step1: Each of the nodes broadcasts a message to the nodes in the network. Ex: Node A broadcasts as A *: HELLO (IDA, GLA, HVAA) (4) * Indicates all the nodes in the network. IDA - ID of the forwarding node. GLA - Geographic location of the forwarding node. HVAA - Hash value of the forwarding node. Step 2: Neighbouring nodes compute the hash value of the forwarding node ID. If (computed hash value = stored hash value) Send response to the forwarding node (Node A) with ID, GL, and VB authenticator. B A: (IDB, GLB, VB) (5) VB = H (IDB) (6) Step 3: After receiving response message from neighbouring node (Node B). Node A generates VB’. VB’ = Stored HVA (IDB) (7) Step 4: if (VB = VB’), update the neighbour list with the neighbouring node (Node B) Every node in the network verifies that the neighbouring node is a secured 1-hop node, establishes a secure link, and adds the node to its secured 1-hop neighbour list as indicated in Figure 2. 4.3 Transmission through secured 1-hop nodes The source node initiates the routing process and forwards a request to the secured 1-hop node nearest, of all its secured 1-hop neighbour nodes, to the base station. When the forwarding node receives the request, it verifies it has a secured 1-hop node to transmit. If it has a secured 1-hop node to transmit, it forwards a request to the next forwarding node or base station; otherwise, it is marked as a ‘block’ situation. To resolve this situation, it steps back to its previous secured 1-hop node and marks itself as a ‘block secured 1-hop node’. From the previous step, a secured node attempts to determine the next secured 1-hop neighbour node. As indicated in Figure 3, the step back
and mark are executed repeatedly to identify the next secured 1-hop node for greedy forwarding. A number-based label is given to the identified 1-hop secured node along with the path number.
Figure 3: Flow graph of Secured Forwarding and Transmission Algorithm for Secured Forwarding and Transmission
Transmission_Multimedia (source node S) Step 1: If (next 1-hop node is base station) Base station sends acknowledgment to the source node Optimizing the found path Step 2: If (next 1-hop node is not base station) If (forwarding node has secured 1-hop node) Select secured 1-hop node nearest to base station. Else i) Mark it as a Block situation. ii) Go to the previous step. Optimize (base station destination D) Step 1: while (not source node) If (path number of secured_1_hop_node = base station’s path number) and (node number > base station) Acknowledgment is sent back to that node. Step 2: Release the nodes that are not used for transmission. i)
An acknowledgment is returned to the source node from the base station when a routing path is determined. The acknowledgment is sent through the 1-hop secured nodes that possess the largest node number and the same path number. During the reverse transmission on the determined path, optimization is performed in the each of the intermediate nodes to eliminate path circles in such a manner that more than two nodes are neighbours of another sensor node in the path. After receiving the acknowledgment, with the pre-assigned path number, the source node
initiates the multimedia data transmission. A release command is executed to all the other 1-hop nodes not involved in the transmission.
5.
SECURITY ANALYSIS IN GSR
Adversary nodes present both inside and outside of the network interfere in the routing protocol. In this section, the GSR routing protocol is evaluated by considering the attacks that are addressed in the SecuTPGF routing protocol. The method implemented by GSR to prevent these attacks is discussed. 5.1 Outside Adversary: Using unauthorized nodes, outside adversaries attack communications in the network.
Impersonation: Because of the discovering secured 1-hop nodes function, adversaries cannot impersonate authorized nodes into WSNs. Only authenticated nodes having Trusted Authority (base station) clearance have mutual authentications.
Counterfeit and Tampering: Counterfeit objects may include routing requests, acknowledgments, and step back and mark messages generated by adversary nodes. These messages cannot be introduced into the network by unauthorized nodes because GSR receives routing messages from legitimate nodes that are in the neighbour table. If the adversary modifies any of the information present in the counterfeit object, it will be detected by the MAC algorithm.
Spoofing/Replay: In GSR, each node participating in the routing is authenticated by a trusted authority; therefore, impersonation is not feasible. Spoofing is also not possible because only authenticated nodes are allowed to join the network. If spoofing is launched on the network, it affects only the part of the network that is localized.
5.2 Inside Adversary: Physical protection of sensor nodes in a WSN is a challenging task. The sensor nodes in a WSN may be protected against tampering by tamper proofing the physical packages of the sensors. Detection and prevention of attacks that occur inside the network are more complicated and difficult. GSR cannot prevent these attacks completely; however, the impact of these attacks can be reduced in the entire network.
Wormhole Attacks: The Packet Leashes technique is used to mitigate this attack. In GSR’s discovering secured 1-hop node phase before including a neighbour into its neighbour table, a node can check the maximum distance of the node, which is approximately its transmission radius. A description of the wormhole is given below: WHATT (Network N, Transmission_Radius r) Check every node ‘n’ in N do If (node_max_radius < r) Include node n in its neighbor list Else Insert it into blacklist Sybil Attack: An adversary cannot insert nodes with false IDs into the network because nodes with false IDs do not have Trusted Authority clearance. This attack is not feasible. Node Replication Attack: By checking the base station regularly, the impact of this attack can be reduced. Because the entire determined routing path in TPGF are node-disjoint routing paths, if a node involved in the routing is in more than one path simultaneously, that node is a replicated node and the node ID is included in the blacklist and removed from the WSN.
Selective Forwarding: Monitoring the transmission behaviour of the next-hop neighbours can mitigate this attack. In a promiscuous mode situation, a node overhears the wireless transmission of its 1-hop neighbour node. If Node A is an authenticated previous hop node and decides that its next 1-hop Node B is an adversary node, it sends a routing failure message to the source node and includes Node B’s ID in the black list. Upon verification, the source node initiates alternate route discovery. If the next 2-hop neighbours are adversary nodes, the solution is an end-to-end acknowledgment from the base station. However, this solution may incur additional delay.
6.
SIMULATION STUDY
6.1 Simulation Setup The NetTopo simulator was used to simulate the GSR routing algorithm. The GSR routing algorithm was incorporated in the well-known geographic routing protocol called Two Phase geographic Greedy Forwarding (TPGF) [9] routing protocol. Because GSR uses the standard SHA-3 algorithm to provide security, its performance is compared with a secured-based TPGF (SecuTPGF) built with user defined security algorithms against various network metrics such as the number of routing paths and average path length. A source node was deployed at the geographic location (50,50) and the base station was deployed at the location (600,350). Adversary nodes were inserted to test the robustness of the GSR routing algorithm. Simulation parameters are detailed in Table 1. The simulations were conducted on a network size of 640 × 400 by changing the number of nodes deployed from 100 to 1000; average values of the results are displayed.
Table 1 Simulation Parameters
Parameter Network Size Number of Sensor Nodes Number of base station Number of source nodes Initial Energy of sensor nodes Transmission Radius Expected lifetime
Value 640 × 400 m 100 – 1000 1 1 10 J 60 – 120 m 1 – 14 h
6.2 Evaluation 6.2.1 Performance of Adversary Nodes in the Path Length during secured 1-hop node discovery Figure 4 plots the average number of hops before optimization. It can be observed from the graph that the number of hops was substantially decreased, even in the presence of 25 percent adversary nodes in the network, when the number of nodes deployed was in the range 100 to 800; it then gradually increased. This indicates that GSR is dynamic in identifying alternate paths as the number of nodes increases in the network. It can also be observed that the average number of hops for GSR with 25% adversary nodes was marginally greater than that of SecuTPGF as the number of nodes to be deployed increased. In the GSR routing algorithm, the hash value of the neighbouring node is computed for every forwarding node and is compared with the local hash value present in the base station to identify adversary nodes. It is because of the ability of GSR to identify the best-secured node for every forwarding node that routing is accomplished through a secured node.
Figure 4: Average Number of Hops with 25 percent adversary nodes - Before Optimization in SecuTPGF and SHA-3 Algorithm
Figure 5 plots the average number of hops after optimization. It can be observed that the number of hops has been decreased substantially in the network. This is because optimization is performed at each forwarding node to avoid path circles. Through optimization, the average number of hops was substantially reduced in the network.
Figure 5: Average Number of Hops with 25 percent adversary nodes –After Optimization SecuTPGF and SHA-3 Algorithm
6.2.2. Number of Paths found with Adversary nodes: In this section, we evaluate the probability of a node being selected in one of the paths generated by TPGF routing. The simulation was performed by deploying 500 sensor nodes and varying the number of adversary nodes. To increase the probability of an adversary node being selected in the routing path, we deployed the adversary nodes near the direct line between the source node (50, 50) and the base station (600, 350).
Figure 6: Average Number of Paths in SecuTPGF and GSR- SHA-3 Algorithm
Figure 6 plots the average number of paths by varying the number of malicious nodes. It can be observed from the graph that the number of paths found by the GSR algorithm was decreased substantially in the presence of 25 percent adversary nodes in the network when the number of nodes deployed was greater than 500. In GSR, the number of paths found was less than SecuTPGF in the environment where the adversary nodes could not perform attacks because GSR dynamically avoids adversary nodes for routing. In GSR, adversary nodes fail to authenticate and cannot participate in the network routing. Hence, the entire found path is free of adversary nodes.
Figure 7: Average End-to-End Delay vs Expected Life Time
Maximum transmission radius is an important parameter that affects the amount of information received at the base station. Figure 7 plots the average End-to-End Delay vs Expected Lifetime. It can be observed that the average
number of hops decreased substantially as the transmission radius increased from 60 to 120 m over a period of time. The number of nodes deployed was 500. The results are presented for different transmission radii. Tables 2 and 3 present a comparison of the routing protocols, SecuTPGF and GSR, based on attacks and design parameters. Table 2 Comparison based on Design Parameters
Parameters
SecuTPGF
GSR
Network Type
WSN
WSN
Overhead (computation Cost)
High
Low
Security
Limited (User Defined authentication method)
Good (Standard SHA-3 Algorithm)
Scalability
Good
Good
End-to-End Delay
High
Low
Table 3 Comparison based on Attacks
Parameters
SecuTPGF
GSR
Spoofing
Yes (computation is required)
Yes (No computation)
Sybil Attack
Yes (computation is required)
Yes (No computation)
Wormhole Attack
Yes
Yes
Flooding
Yes
Yes
Selective Forwarding
Yes
Yes
By comparing both cases regarding security and design parameters, it can be observed that GSR is the best in both cases. GSR was developed primarily for energy efficiency; however, it also provides the best security. GSR identifies adversary nodes with low computation power using the standard SHA-3 algorithm for authentication rather than user-defined authentication methods.
7.
CONCLUSION AND FUTURE WORK
SecuTPGF uses two different algorithms for node and message authentication that incur high computation overhead. A modified version of SecuTPGF, called Geographic Secured Routing (GSR), is a secured routing protocol proposed and implemented in this study. The proposed GSR was incorporated into Two Phase Geographic Forwarding routing protocol and demonstrated its performance against various design and security metrics. GSR identifies the adversary nodes with low computation power using the standard SHA-3 algorithm for authentication rather than user-defined authentication methods. Simulation results confirm that GSR is robust against detecting adversary nodes. In a future work, we will consider duty-cycled GSR for energy conservation and develop security algorithms for avoiding various attacks on sleep scheduling algorithms.
8.
References
[1] Ajay Kakkar, M.L. Singh, P.K. Bansal, Comparison of various Encryption Algorithms and Techniques for Secured Data Communication in Multinode Network, International Journal of Engineering and Technology, Vol 2 No.1, pp. 87-92 , 2012. [2] EswarRao.K, K.Naresh Kumar, Performance Analysis of Routing Metrics for Wireless Sensor Networks, International Journal of Modern Engineering Research, Vol. 2, Issue 6, pp-4128 – 4132 , 2012 [3] Guerrero-Zapata, M., Zilan, R., Barcel-Ordinas, J., Bicakci, K., Tavli, B.: The Future of Security in Wireless Multimedia Sensor Networks, Telecommunication Systems, Vol.45, No.1, pp.77-91, 2010. [4] I. Khemapech, A. Miller, and I. Duncan, “Simulating wireless sensor networks,” Technical Reports, School of Computer Science, University of St Andrews, 2005. [5] L. Shu, C. Wu, M. Hauswirth, NetTopo: Beyond Simulator and Visualizer for Wireless Sensor Networks, Technical Report of Digital Enterprise Research Institute, July, 2008. [6] Lei shu, Manfred Hauswirth, Han-Chieh Chao, Min Chen, Yan Zhang, NetTopo: A framework of simulation and visualization for wireless sensor networks, Adhoc Networks, Vol. 9, pp. 799-820, 2011. [7] Mulugeta T., Shu, L., Hauswirth, M., Chen, M., Hara, T., Nishio, “Secure Two Phase geographic Forwarding Routing Protocol in Wireless Multimedia Sensor Networks”, IEEE Transactions on Information Theory, Vol.22, No.6, pp. 644-654, 2010. [8] Shu, L., Zhang, Y., Zhou, Z., Hauswirth, M., Yu, Z., Hynes, G.: Transmitting and Gathering Streaming Data in Wireless Multimedia Sensor Networks within Expected Network Lifetime. ACM/Springer Mobile Networks and Applications (MONET), Vol.13, No.34, pp.306-322 , 2008. [9] Shu, L., Zhang, Y., Yang, L.T., Wang, Y., Hauswirth, M., Xiong, N.X.: TPGF: Geographic Routing in Wireless Multimedia Sensor Networks, Telecommunication Systems, Vol.44, No.12, pp.79-95, 2010. [10] Mariano García-Otero, Theodore Zahariadis, Federico Álvarez, Helen C. Leligou, Adrián Población-Hernández, Panagiotis Karkazis and Francisco J. Casajús-Quirós, “Secure Geographic Routing in Ad Hoc and Wireless Sensor Networks” , EURASIP Journal on Wireless Communications and Networking, 2010. [11] K. D. Kang, K. Liu, and N. Abu-Ghazaleh, “Securing geographic routing in wireless sensor networks,” in Proc. 2006. [12] Mohammad Valipour, “Optimization of neural networks for precipitation analysis in a humid region to detect drought and wet year alarms”, Meteorological Applications, Volume 23, Issue 1, pp 91–100, January 2016. [13] P. Raghu Vamsi, Krishna Kant, “Self-Adaptive Trust Model for Secure Geographic Routing in Wireless Sensor Networks” , I.J. Intelligent Systems and Applications, Vol. 3, pp 21-28, February 2015. [14] I.F.Akyildiz, W.Su, Y Sankarasubramaniam, E. Cayirci,”Wireless Sensor Networks: A Survey”, Computer Networks, Elsevier, Volume 38, Issue 4, pp 393-422, 15 March 2002. [15] Piyush Gupta, Sandeep Kumar, “A Comparative Analysis of SHA and MD5 Algorithm”, International Journal of Computer Science and Information Technologies, Vol. 5, Issue 3, pp 4492-4495, 2014. [16] B. Prathusha Laxmi, A. Chilambuchelvan, “GSTP: Geographic Secured Two Phase Routing Using MD5 Algorithm”, Circuits and Systems, Vol. 07, No.08, June 2016.
*Biographies (Text)
Boddula Prathusha Laxmi Associate Professor, R.M.K. Engineering College, Chennai Ph.D. Student, Anna University, Chennai M.E. Anna University, Chennai Research Interests: Wireless Sensor Networks, Routing Algorithms
Chilambuchelvan Arul Gnanaprakasam Professor, R.M.K. Engineering College, Chennai M.E. Coimbatore Institute of Technology, Coimbatore Research Interests: Embedded System, VLSI design and soft computing
*Biographies (Photograph)