Secure and Efficient Data Transmission for Cluster-Based Wireless Sensor Networks

Secure data transmission is a critical issue for wireless sensor networks (WSNs). Clustering is an effective and practical way to enhance the system performance of WSNs. In this paper, we study a secure data transmission for cluster-based WSNs (CWSNs), where the clusters are formed dynamically and periodically. We propose two secure and efficient data transmission (SET) protocols for CWSNs, called SET-IBS and SET-IBOOS, by using the identity-based digital signature (IBS) scheme and the identity-based online/offline digital signature (IBOOS) scheme, respectively. In SET-IBS, security relies on the hardness of the Diffie-Hellman problem in the pairing domain. SET-IBOOS further reduces the computational overhead for protocol security, which is crucial for WSNs, while its security relies on the hardness of the discrete logarithm problem. We show the feasibility of the SET-IBS and SET-IBOOS protocols with respect to the security requirements and security analysis against various attacks. The calculations and simulations are provided to illustrate the efficiency of the proposed protocols. The results show that the proposed protocols have better performance than the existing secure protocols for CWSNs, in terms of security overhead and energy consumption.


I
A  sensor network (WSN) is a network system comprised of spatially distributed devices using wireless sensor nodes to monitor physical or environmental conditions, such as sound, temperature, and motion.The individual nodes are capable of sensing their environments, processing the information data locally, and sending data to one or more collection points in a WSN [1].Efficient data transmission is one of the most important issues for WSNs.Meanwhile, many WSNs are deployed in harsh, neglected and often adversarial physical environments for certain applications, such as military domains and sensing tasks with trustless surroundings [2].Secure and efficient data transmission is thus especially necessary and is demanded in many such practical WSNs.

Background and Motivations
Cluster-based data transmission in WSNs, has been investigated by researchers in order to achieve the network scalability and management, which maximizes node lifetime and reduce bandwidth consumption by using local collaboration among sensor nodes [3].In a cluster-based WSN (CWSN), every cluster has a leader sensor node, regarded as cluster-head (CH).A CH aggregates the data collected by the leaf nodes (non-CH sensor nodes) in its cluster, and sends the aggregation to the base station (BS).The LEACH (Low-Energy Adaptive Clustering Hierarchy) protocol presented by Heinzelman et al. [4] is a widely known and effective one to reduce and balance the total energy consumption for CWSNs.In order to prevent quick energy consumption of the set of CHs, LEACH randomly rotates CHs among all sensor nodes in the network, in rounds.LEACH achieves improvements in terms of network lifetime.Following the idea of LEACH, a number of protocols have been presented such as APTEEN [5] and PEACH [6], which use similar concepts of LEACH.In this paper, for convenience, we call this sort of cluster-based protocols as LEACH-like protocols.Researchers have been widely studying CWSNs in the last decade in the literature.However, the implementation of the cluster-based architecture in the real world is rather complicated [7].
Adding security to LEACH-like protocols is challenging, because they dynamically, randomly and periodically rearrange the network's clusters and data links [8].Therefore, providing steady long-lasting node-to-node trust relationships and common key distributions are inadequate for LEACH-like protocols (most existing solutions are provided for distributed WSNs, but not for CWSNs).There are some secure data transmission protocols based on LEACH-like protocols, such as SecLEACH [8], GS-LEACH [9] and RLEACH [10].Most of them, however, apply the symmetric key management for security, which suffers from a so-called orphan node problem [11].This problem occurs when a node does not share a pairwise key with others in its preloaded key ring.In order to mitigate the storage cost of symmetric keys, the key ring in a node is not sufficient for it to share pairwise symmetric keys with all of the nodes in a network.In such a case, it cannot participate in any cluster, and therefore, has to elect itself as a CH.Furthermore, the orphan node problem reduces the possibility of a node joining with a CH, when the number of alive nodes owning pairwise keys decreases after a longterm operation of the network.Since the more CHs elected by themselves, the more overall energy consumed of the network [4], the orphan node problem increases the overhead of transmission and system energy consumption by raising the number of CHs.Even in the case that a sensor node does share a pairwise key with a distant CH but not a nearby CH, it requires comparatively high energy to transmit data to the distant CH.
The feasibility of the asymmetric key management has been shown in WSNs recently, which compensates the shortage from applying the symmetric key management for security [12].Digital signature is one of the most critical security services offered by cryptography in asymmetric key management systems, where the binding between the public key and the identification of the signer is obtained via a digital certificate [13].The Identity-Based digital Signature (IBS) scheme [14], based on the difficulty of factoring integers from Identity-Based Cryptography (IBC), is to derive an entity's public key from its identity information, e.g., from its name or ID number.Recently, the concept of IBS has been developed as a key management in WSNs for security.Carman [15] first combined the benefits of IBS and key pre-distribution set into WSNs, and some papers appeared in recent years [16][17][18].The IBOOS scheme has been proposed in order to reduce the computation and storage costs of signature processing.A general method for constructing online/offline signature schemes was introduced by Even et al. [19].The IBOOS scheme could be effective for the key management in WSNs.Specifically, the offline phase can be executed on a sensor node or at the BS prior to communication, while the online phase is to be executed during communication.Some IBOOS schemes are designed for WSNs afterwards, such as [20] and [21].The offline signature in these schemes, however, is precomputed by a third party and lacks reusability, thus they are not suitable for CWSNs.

Contributions and Organization
Recently, we have applied and evaluated the key management of IBS to routing in CWSNs [17].In this paper, we extend our previous work and focus on providing efficient secure data communication for CWSNs.The contributions of this work are as follows.
• We propose two Secure and Efficient data Transmission (SET) protocols for CWSNs, called SET-IBS and SET-IBOOS, by using the IBS scheme and the IBOOS scheme, respectively.The key idea of both SET-IBS and SET-IBOOS is to authenticate the encrypted sensed data, by applying digital signatures to message packets, which are efficient in communication and applying the key management for security.In the proposed protocols, secret keys and pairing parameters are distributed and preloaded in all sensor nodes by the BS initially, which overcomes the key escrow problem described in ID-based crypto-systems [22].• Secure communication in SET-IBS relies on the ID-based cryptography, in which, user public keys are their ID information.Thus, users can obtain the corresponding private keys without auxiliary data transmission, which is efficient in communication and saves energy.• SET-IBOOS is proposed in order to further reduce the computational overhead for security using the IBOOS scheme, in which security relies on the hardness of the discrete logarithmic problem.Both SET-IBS and SET-IBOOS solve the orphan node problem in the secure data transmission with a symmetric key management.
• We show the feasibility of the proposed protocols with respect to the security requirements and analysis against three attack models.Moreover, we compare the proposed protocols with the existing secure protocols for efficiency by calculations and simulations respectively, with respect to both computation and communication.The remainder of this paper is organized as follows.Section 2 describes the network architecture, security vulnerabilities and objectives.Section 3 introduces the IBS and IBOOS schemes for CWSNs.Section 4 and 5 present the details of the proposed SET-IBS and SET-IBOOS, respectively, and Section 6 presents the protocol features and characteristics.Section 7 analyzes and evaluates the proposed SET-IBS and SET-IBOOS.The last section concludes this work.

S D  P O
This section presents the network architecture, security vulnerabilities and protocol objectives.

Network Architecture
Consider a CWSN consisting of a fixed base station (BS) and a large number of wireless sensor nodes, which are homogeneous in functionalities and capabilities.We assume that the BS is always reliable, i.e., the BS is a trusted authority (TA).Meanwhile, the sensor nodes may be compromised by attackers, and the data transmission may be interrupted from attacks on wireless channel.In a CWSN, sensor nodes are grouped into clusters, and each cluster has a cluster-head (CH) sensor node, which is elected autonomously.Leaf (non-CH) sensor nodes, join a cluster depending on the receiving signal strength and transmit the sensed data to the BS via CHs to save energy.The CHs perform data fusion, and transmit data to the BS directly with comparatively high energy.In addition, we assume that, all sensor nodes and the BS are time synchronized with symmetric radio channels, nodes are distributed randomly, and their energy is constrained.
In CWSNs, data sensing, processing and transmission consume energy of sensor nodes.The cost of data transmission is much more expensive than that of data processing.Thus, the method that the intermediate node (e.g., a CH) aggregates data and sends it to the BS is preferred, than the method that each sensor node directly sends data to the BS [1,3].A sensor node switches into sleep mode for energy saving when it does not sense or transmit data, depending on the TDMA (time division multiple access) control used for data transmission.In this paper, the proposed SET-IBS and SET-IBOOS are both designed for the same scenarios of CWSNs above.

Security Vulnerabilities and Protocol Objectives
The data transmission protocols for WSNs, including clusterbased protocols (LEACH-like protocols), are vulnerable to a number of security attacks [2,23].Especially, attacks to CHs in CWSNs could result in serious damage to the network, because data transmission and data aggregation depend on the CHs fundamentally.If an attacker manages to compromise or pretend to be a CH, it can provoke attacks such as sinkhole and selective forwarding attacks, hence disrupting the network.

www.redpel.com +917620593389
On the other hand, an attacker may intend to inject bogus sensing data into the WSN, e.g., pretend as a leaf node sending bogus information towards the CHs.Nevertheless, LEACHlike protocols are more robust against insider attacks than other types of protocols in WSNs [23].It is because CHs are rotating from nodes to nodes in the network by rounds, which makes it harder for intruders to identify the routing elements as the intermediary nodes and attack them.The characteristics of LEACH-like protocols reduce the risks of being attacked on intermediary nodes, and make it harder for an adversary to identify and compromise important nodes (CH nodes).
The goal of the proposed secure data transmission for CWSNs is to guarantee a secure and efficient data transmission between leaf nodes and CHs, as well as transmission between CHs and the BS.Meanwhile, most of existing secure transmission protocols for CWSNs in the literature [8][9][10], however, apply the symmetric key management for security, which suffers from the orphan node problem that is introduced in Section 1.In this paper, we aim to solve this orphan node problem by using the ID-based crypto-system that guarantees security requirements, and propose SET-IBS by using the IBS scheme.Furthermore, SET-IBOOS is proposed to reduce the computational overhead in SET-IBS with the IBOOS scheme.

IBS  IBOOS  CWSN
In this section, we introduce the IBS scheme and IBOOS scheme used in the paper.Note that the conventional schemes are not specifically designed for CWSNs.We adapt the conventional IBS scheme for CWSNs by distributing functions to different kinds of sensor nodes, based on [24] at first.In order to further reduce the computational overhead in the signing and verification process of the IBS scheme, we adapt the conventional IBOOS scheme for CWSNs, based on [21].
In a multiplicative finite cyclic group G of prime order q, there exists an element g as the generator and elements g x ∈ G, such that, G = g = g x | x ∈ Z * q = {1, 2, . . ., q−1} , where, Z * q is a multiplicative group consisting of q−1 integers, in which the multiplication operation in the group ends in the remainder on the division by q (mod q) [25].The Discrete Logarithm Problem (DLP) [26] in the cyclic group G is to compute x, in which the computational complexity is believed to be hard, where the security in the IBOOS scheme is based on the DLP in this work.

Pairing for IBS
Boneh and Franklin [22] introduced the first functional and efficient ID-based encryption scheme based on bilinear pairings on elliptic curves.Specifically, randomly select two large primes p and q, and let E/F p indicate an elliptic curve y 2 = x 3 +ax+b (4a 3 + 27b 2 0) over a finite field F p .We denote by G 1 a q-order subgroup of the additive group of points in E/F p , and G 2 a q-order subgroup of the multiplicative group in the finite field F * p .The pairing is a mapping e : G 1 × G 1 → G 2 , which is a bilinear map with the following properties.
2) Non-degeneracy: If P is a generator of G 1 , then e (P, P) is a generator of G 2 .3) Computability: There is an efficient algorithm to compute e (P, The security in the IBS scheme is based on the bilinear Diffie-Hellman Problem (DHP) in the pairing domain [13], and the hardness of DHP is defined in [22].A bilinear map e is secure if, given g, G, H ∈ G 1 , it is hard to find h ∈ G 1 such that e (h, H) = e (g, G) [27].Weil pairing [22] and Tate pairing [28] are the examples of such bilinear mapping, which present comprehensive descriptions of how pairing parameters can be selected for security.
The notations used in the following are listed in Table I. signing key used for signature signing and verification SIG digital signature generated from an IBS scheme SIG offline offline digital signature generated from an IBOOS scheme SIG online online digital signature generated using the SIG offline

IBS Scheme for CWSNs
An IBS scheme implemented for CWSNs consists of the following operations, specifically, setup at the BS, key extraction and signature signing at the data sending nodes, and verification at the data receiving nodes.
• Setup: The BS (as a trust authority) generates a master key msk and public parameters param for the private key generator (PKG), and gives them to all sensor nodes.
• Extraction: Given an ID string, a sensor node generates a private key sek ID associated with the ID using msk.
• Signature signing: Given a message M, time-stamp t and a signing key θ, the sending node generates a signature SIG.
• Verification: Given the ID, M and SIG, the receiving node outputs "accept" if SIG is valid, and outputs "reject" otherwise.
The detailed description of the original IBS scheme in [24] is given in Appendix A. 1

IBOOS Scheme for CWSNs
An IBOOS scheme implemented for CWSNs consists of following four operations, specifically, setup at the BS, key extraction and offline signing at the CHs, online signing at the data sending nodes, and verification at the receiving nodes.
• Setup: Same as that in the IBS scheme.
• Extraction: Same as that in the IBS scheme.
• Offline signing: Given public parameters and time-stamp t, the CH sensor node generates an offline signature SIG offline , and transmit it to the leaf nodes in its cluster.
• Online signing: From the private key sek ID , SIG offline and message M, a sending node (leaf node) generates an online signature SIG online .
• Verification: Given ID, M and SIG online , the receiving node (CH node) outputs "accept" if SIG online is valid, and outputs "reject" otherwise.
The detailed description of the original IBOOS scheme in [21] is given in Appendix B. 1

T P SET-IBS P
In this paper, we propose two novel Secure and Efficient data Transmission (SET) protocols for CWSNs, called SET-IBS and SET-IBOOS, by using the IBS scheme and the IBOOS scheme, respectively.We first present SET-IBS in this section.
The proposed SET-IBS has a protocol initialization prior to the network deployment and operates in rounds during communication, which consists of a setup phase and a steady-state phase in each round.We introduce the protocol initialization, describe the key management of the protocol by using the IBS scheme, and the protocol operations afterwards.

Protocol initialization
In SET-IBS, time is divided into successive time intervals as other LEACH-like protocols.We denote time-stamps by T s for BS-to-node communication and by t j for leaf-to-CH communication.Note that key pre-distribution is an efficient method to improve communication security, which has been adapted in WSNs in the literature [8-10, 15-18, 29].In this paper, we adopt ID||t as user's public key under an IBS scheme [24], and propose a novel secure data transmission protocol by using IBS specifically for CWSNs (SET-IBS).The corresponding private pairing parameters are preloaded in the sensor nodes during the protocol initialization.In this way, when a sensor node wants to authenticate itself to another node, it does not have to obtain its private key at the beginning of a new round.Upon node revocation, the BS broadcasts the compromised node IDs to all sensor nodes, each node then stores the revoked IDs within the current round.We adopt the additively homomorphic encryption scheme in [30] to encrypt the plaintext of sensed data, in which a specific operation performed on the plaintext is equivalent to the operation performed on the ciphertext.Using this scheme allows efficient aggregation of encrypted data at the CHs and the BS, which also guarantees data confidentiality.In the protocol initialization, the BS performs the following operations of key pre-distribution to all the sensor nodes.
• Generate an encryption key k for the homomorphic encryption scheme to encrypt data messages, where k ∈ as described in Section 3. Select a generator P of G 1 stochastically.• Choose two cryptographic hash functions: H, for point mapping hash function which maps strings to elements in G 1 , and h, for mapping arbitrary inputs to fixed-length outputs.
• Pick a random integer τ ∈ Z * q as the master key msk, set P pub = τP as network public key.

Key management for security
Assume that a leaf sensor node j transmits a message M to its CH i, and encrypts the data using the encryption key k from the additively homomorphic encryption scheme [30].We denote the ciphertext of the encrypted message as C. We adapt the algorithms of the IBS scheme from [24] to CWSNs practically and provide the full algorithm in the signature verification, where security is based on the DHP in the multiplicative group.The IBS scheme in the proposed SET-IBS consists of following three operations, extraction, signing and verification.Extraction: Node j first obtains its private key as sek j = τH(ID j ||t j ) from msk and ID j , where ID j is its ID, and t j is the time-stamp of node j's time interval in the current round that is generated by its CH i from the TDMA (time division multiple access) control.
Signature signing: The sensor node j picks a random number α j ∈ Z * q and computes θ j = e(P, P) α j .The sensor node further computes Let where σ j , c j is the digital signature of node j on the encrypted message C j .The broadcast message is now concatenated in the form of ID j , t j , C j , σ j , c j .Verification: Upon receiving the message, each sensor node verifies the authenticity in the following way.It checks the time-stamp of current time interval t j and determines whether the received message is fresh.Then, if the time-stamp is correct, the sensor node further computes, θ ′ j = e σ j , P e H( ID j t j ), −P pub c j , using the time-stamp of current time interval t j .We will have the formula below if the received message is authentic.
θ ′ j = e σ j , P e H( ID j t j ), −P pub c j = e σ j , P e H( ID j t j ), −τP c j = e c j sek j + α j P, P e H( ID j t j ), τP −c j = e c j sek j + α j P, P e τH( ID j t j ), P −c j = e(sek j , P) c j e(P, P) α j e τH( ID j t j ), P −c j = e(sek j , P) c j e(P, P) α j e(sek j , P) −c j = e(P, P) If h C j t j θ ′ j = h C j t j θ j = c j , which is equal to that in the received message, the sensor node considers the received message authentic, and propagates the message to the next hop or user.If the verification above fails, the sensor node considers the message as either bogus or a replaced one, even a mistaken one, and ignores it.

Protocol operation
After the protocol initialization, SET-IBS operates in rounds during communication.Each round consists of a setup phase and a steady-state phase.We suppose that, all sensor nodes www.redpel.com+917620593389  The operation of SET-IBS is divided by rounds as shown in Figure 1, which is similar to other LEACH-like protocols.Each round includes a setup phase for constructing clusters from CHs, and a steady-state phase for transmitting data from sensor nodes to the BS.In each round, the timeline is divided into consecutive time slots by the TDMA (time division multiple access) control [4].Sensor nodes transmit the sensed data to the CHs in each frame of the steadystate phase.For fair energy consumption, nodes are randomly elected as CHs in each round, and other non-CH sensor nodes join clusters using one-hop transmission, depending on the highest received signal strength of CHs.In order to elect CHs in a new round, each sensor node determines a random number and compares it with a threshold.If the value is less than the threshold, the sensor node becomes a CH for the current round.In this way, the new CHs are self-elected based by the sensor nodes themselves only on their local decisions, therefore, SET-IBS functions without data transmission with each other in the CH rotations.
Table II shows the full steps in one round of SET-IBS.The setup phase consists of four steps, from Step 1 to 4, and the steady-state phase consists of the latter two steps.In the setup phase, the time-stamp T s and node IDs are used for the signature generation.Whereas, in the steady-state phase, the time-stamp t j is used for the signature generation securing the inner cluster communications, and T s is used for the signature generation securing the CHs-to-BS data transmission. In Step 1, at the beginning of the setup phase of a new round, the BS first broadcasts its ID, a nonce (number used once), and the denotation of the starting time T s of the current round to all sensor nodes, which is used for the signature signing and verification in the setup phase.
In Step 2, a sensor node decides whether to become a CH for the current round, based on the threshold T (n) compared with numbers from 0 to 1, which is set as follows: Equation ( 5) of computing the threshold T (n) in node n is based on the LEACH protocol [4].Note that we improve the dynamic clustering algorithm preferably with multiplying the ratio of residual energy of the current sensor node (i.e., (n) ) to increase the energy efficiency in the clustering, where, E cur (n) is the current energy, and E init (n) is the initial energy of the sensor node.ρ is a priori determined value which stands for the desired percentage of CHs during one round (e.g., ρ = 10%), r is the current round number, and G n is the set of sensor nodes that have not been CHs in the last ⌊1/ρ⌋ rounds.If the value of determined number is less than the threshold, the sensor node elects itself as a CH.The sensor node who decides to become a CH broadcasts the advertisement message (adv) to the neighboring nodes in the network, which is concatenated with the signature σ i , c i .
In Step 3, the sensor node, which decides to be a leaf node, picks a CH to join based on the largest received signal strength of adv messages.Then, it communicates with CH i by sending a join request (join) message, which is concatenated with the destination CH's ID ID i , its own ID ID j , time-stamp T s , and the digital signature σ j , c j .
In Step 4, a CH i broadcasts an allocation message to its cluster members for communication during the steady-state phase, yet to be concatenated with the signature.The allocation message include a time schedule sched(. . ., ID j /t j , . ..) from the TDMA control, which allocates a time-stamp ID j /t j for a leaf node j.
Once the setup phase is over, the network system turns into the steady-state phase, in which sensed data is transmitted www.redpel.com+917620593389 from sensor nodes to the BS.In Step 5, according to the TDMA schedule from Step 4, each leaf sensor node j transmits the encrypted data C j in a packet ID j , t j , C j , σ j , c j to its CH, which is concatenated with a digital signature in a time slot t j , where the sender ID ID j with t j is the destination identifier for the receiver CH.In this way, each CH collects messages from all members in its cluster, aggregates and fuses data.
In Step 6, CHs send the aggregated data F to the BS, yet to be concatenated with the digital signature.The steady-state phase consists of multiple reporting cycles of data transmissions from leaf nodes to the CHs, and is exceedingly long compared to the setup phase.

T P SET-IBOOS P
We present the Secure and Efficient data Transmission (SET) protocol for CWSNs by using IBOOS (SET-IBOOS) in this section.The SET-IBOOS protocol is designed with the same purpose and scenarios for CWSNs with higher efficiency.The proposed SET-IBOOS operates similarly to the previous SET-IBS, which has a protocol initialization prior to the network deployment and operates in rounds during communication.We first introduce the protocol initialization, then describe the key management of the protocol by using the IBOOS scheme, and the protocol operations afterwards.

Protocol initialization
In order to reduce the computation and storage costs of signature signing processing in the IBS scheme, we improve SET-IBS by introducing IBOOS for security in SET-IBOOS.The operation of the protocol initialization in SET-IBOOS is similar to that of SET-IBS, however, the operations of key predistribution are revised for IBOOS.The BS does the following operations of key pre-distribution in the network: • Generate an encryption key k for the homomorphic encryption scheme to encrypt data messages, where k ∈ [m − 1], m is a large integer.• Let G be a multiplicative finite cyclic group with order q.The PKG selects a random generator g of group G generation, and chooses τ ∈ Z * q at random as the master key msk.
• For each node j, randomly select r j ∈ Z * q for its private key generation, and let H be a hash function.
• Preload each sensor node j with the public parameters, given by param j = (k, m, G, q, g, τ, r j , H).

Key management for security
Assume that a leaf sensor node j transmits a message M to its CH i, and we denote the ciphertext of the encrypted message as C j , which is encrypted by the same encryption scheme in SET-IBS.We adapt the algorithms from [21] to construct an IBOOS scheme for CWSNs, where security is based on the DLP in the multiplicative group.The corresponding private pairing parameters are preloaded in the sensor nodes during the protocol initialization.The IBOOS scheme in the proposed SET-IBOOS consists of following four operations, extraction, offline signing, online signing and verification.
Extraction: Before the signature process, node j first extracts the private key from the msk τ and its identity ID, as sek j = (R j , s j ), where R j = g r j , s j = r j + H(R j , ID j )τ modq. (6) Offline signing: At the offline stage, node j generates the offline value σ j with the time-stamp of its time slot t j for transmission, and store the knowledge for signing online signature when it sends the message.Notice that, this offline signature can be done by the sensor node itself or by the trustful third party, e.g., the CH sensor node.Let X = g τ , then, Online signing: At this stage, node j computes the online signature σ j , z j based on the encrypted data C j and the offline signature σ j .
Then node j sends the message to its destination with t j , R j and the online signature, in the form of ID j , t j , R j , σ j , z j , C j .
Verification: Upon receiving the message, each sensor node verifies the authenticity in the following way.It checks the current time-stamp t j for freshness.Then, if the time-stamp is correct, the sensor node further computes the values of g z j and σ j R h j j X h j H(R j ,ID j ) modq , then check if For correctness, we will have the formula below if the received message is authentic.σ j R h j X h j H(R j ,ID j ) modq = g σ j g r j h j g τh i H(R j ,ID j ) modq = g σ j +h j (r j +(H(R j ,ID j )τ modq)) = g σ j +h j s j modq = g z j .(10) If the value of g z j and σ j R h i i X h i H(R i ,ID i ) modq are equal from the received message, the node i considers the received message authentic, accepts it, and propagates the message to the next hop or user.If the verification above fails, the sensor node considers the message as either bogus or a replaced one, even a mistaken one, then rejects or ignores it.

Protocol operation
The proposed SET-IBOOS operates similarly to that of SET-IBS.SET-IBOOS works in rounds during communication, and the self-elected CHs are decided based on their local decisions, thus it functions without data transmission in the CH rotations.Table III shows the full steps of SET-IBOOS in one round, in which the setup phase is from Step 1 to 4, and the steady-state phase consists of Step 5 and 6.
Step 1 in Table III is similar to that in Table II.However, the differences in Steps 2, 3 and 4 are the digital signatures www.redpel.com+917620593389 which are changed from the ID-based signatures to the online signatures σ i , z i of the IBOOS scheme.
Once the setup phase is over, the network system turns into the steady-state phase, in which data is transmitted to the BS.The steady-state operates similarly to that in steps 5 and 6 of Table II, where the ID-based signatures are changed into the online signatures of the IBOOS scheme.
For convenience, we show a flowchart of the proposed secure data transmission protocols in Appendix C. 1

P F
The protocol characteristics and hierarchical clustering solutions are presented in this section.We first summarize the features of the proposed SET-IBS and SET-IBOOS protocols as follows.
• Both the proposed SET-IBS and SET-IBOOS protocols provide secure data transmission for CWSNs with concrete ID-based settings, which use ID information and digital signature for authentication.Thus, both SET-IBS and SET-IBOOS fully solve the orphan-node problem from using the symmetric key management for CWSNs.• The proposed secure data transmission protocols are with concrete ID-based settings, which use ID information and digital signature for verification.Comparing the SET-IBS, SET-IBOOS requires less energy for computation and storage.Moreover, the SET-IBOOS is more suitable for node-to-node communications in CWSNs, since the computation is lighter to be executed.• In SET-IBOOS, the offline signature is executed by the CH sensor nodes, thus, sensor nodes do not have to execute the offline algorithm before it wants to sign on a new message.Furthermore, the offline sign phase does not use any sensed data or secret information for signing.This is particularly useful for CWSNs, because leaf sensor nodes do not need auxiliary communication for renewing the offline signature.

Protocol Characteristics
In this part, we summarize the characteristics of the proposed SET-IBS and SET-IBOOS protocols.Table IV shows a general summary of comparison of the characteristics of SET-IBS and SET-IBOOS with prior ones, in which metrics are used to evaluate whether a security protocol is appropriate for CWSNs.We explain each metric as follows.Passive and active attacks on wireless channel • Key management: the key cryptographies used in the protocol to achieve secure data transmission, which consist of symmetric and asymmetric key based security.
• Neighborhood authentication: used for secure access and data transmission to nearby sensor nodes, by authenticating with each other.Here, "limited" means the probability of neighborhood authentication, where only the nodes with the shared pairwise key can authenticate each other.
• Storage cost: represents the requirement of the security keys stored in sensor node's memory.
• Network scalability: indicates whether a security protocol is able to scale without compromising the security requirements.Here, "comparative low" means that, compared with SET-IBS and SET-IBOOS, in the secure data transmission with a symmetric key management, the larger network scale www.redpel.com+917620593389 increases, the more orphan nodes appear in the network, and vice versa [2].
• Communication overhead: the security overhead in the data packets during communication.
• Computational overhead: the energy cost and computation efficiency on the generation and verification of the certificates or signatures for security.
• Attack resilience: the types of attacks that security protocol can protect against.

Secure Data Transmission with Hierarchical Clustering
In large scale CWSNs, multi-hop data transmission is used for transmission between the CHs to the BS, where the direct communication is not possible due to the distance or obstacles between them.The version of the proposed SET-IBS and SET-IBOOS protocols for CWSNs can be extended using multi-hop routing algorithms, to form secure data transmission protocols for hierarchical clusters.The solutions to this extension could be achieved by applying the following two routing models.
1) The multi-hop planar model: A CH node transmits data to the BS by forwarding its data to its neighbor nodes, in turn the data is sent to the BS.We have proposed an energy efficient routing algorithm for hierarchically clustered WSNs in [31], and it is suitable for the proposed secure data transmission protocols.2) The cluster-based hierarchical method: The network is broken into clustered layers, and the data packages travel from a lower cluster head to a higher one, in turn to the BS, e.g., [32].

P E
In this section, we first introduce the three attack models of the adversaries, and provide the security analysis of the proposed protocols against these attacks.We then present results obtained from calculations and simulations.For the network simulations, we use the network simulator OMNeT++ 3.0 [33] to simulate SET-IBS and SET-IBOOS, and we focus on the energy consumption spent on message propagation and computation.

Security Analysis
In order to evaluate the security of the proposed protocols, we have to investigate the attack models in WSNs which threaten the proposed protocols, and the cases when an adversary (attacker) exists in the network.Afterwards, we detail the solutions and countermeasures of the proposed protocols, against various adversaries and attacks.

Attack Models
In this paper, we group attack models into three categories according to their attacking means as follows, and study how these attacks may be applied to affect the proposed protocols.
• Passive attack on wireless channel: Passive attackers are able to perform eavesdropping at any point of the network, or even the whole communication of the network.Thus, they can undertake traffic analysis or statistical analysis based on the monitored or eavesdropped messages.
• Active attack on wireless channel: Active attackers have greater ability than passive adversaries, which can tamper with the wireless channels.Therefore, the attackers can forge, reply and modify messages.Especially in WSNs, various types of active attacks can be triggered by attackers, such as bogus and replayed routing information attack, sinkhole and wormhole attack, selective forwarding attack, HELLO flood attack, and Sybil attack [2,23].
• Node compromising attack: Node compromising Attackers are the most powerful adversaries against the proposed protocols as we considered.The attackers can physically compromise sensor nodes, by which they can access the secret information stored in the compromised nodes, e.g., the security keys.The attackers also can change the inner state and behavior of the compromised sensor node, whose actions may be varied from the premier protocol specifications.

Solutions to Attacks and Adversaries
The proposed SET-IBS and SET-IBOOS provide different types of security services to the communication for CWSNs, in both setup phase and steady-state phase.Both in SET-IBS and SET-IBOOS, the encryption of the message provides confidentiality, the hash function provides integrity, the nonce and time-stamps provide freshness, and the digital signature provides authenticity and non-repudiation.
• Solutions to passive attacks on wireless channel: In the proposed SET-IBS and SET-IBOOS, the sensed data is encrypted by the homomorphic encryption scheme from [30], which deals with eavesdropping.Thus, the passive adversaries cannot decrypt the eavesdropped message without the decryption key.Furthermore, both SET-IBS and SET-IBOOS use the key management of concrete ID-based encryption.Based on the DHP assumption mentioned in Section 3, the ID-based key management in the proposed protocols is IND-ID-CCA secure (semantic secure against an adaptive ID-based chosen ciphertext attack) and IND-ID-CPA secure (semantic secure against an adaptive ID-based chosen plaintext attack).As a result, properties of the proposed secure data transmission for CWSNs settle the countermeasures to passive attacks.
• Solutions to active attacks on wireless channel: Focusing on the resilience against certain attacks to CWSNs mentioned in attack models, SET-IBS and SET-IBOOS work well against active attacks.Most kinds of attacks are pointed to CHs of acting as intermediary nodes, because of the limited functions by the leaf nodes in a cluster-based architecture.Since attackers do not have valid digital signature to concatenate with broadcast messages for authentication, attackers cannot pretend as the BS or CHs to trigger attacks.Therefore, SET-IBS and SET-IBOOS are resilient, and robust to the sinkhole and selective forwarding attacks, because the CHs being attacked are capable to ignore all the communication packets with bogus node IDs or bogus digital signatures.Together with round-rotating mechanism and digital signature schemes, SET-IBS and SET-IBOOS are resilient to the hello flood attacks involving CHs. www.redpel.com+917620593389 • Solutions to node compromising attacks: In case of attacks from a node compromising attacker, the compromised sensor node cannot be trusted anymore to fulfil the security requirements by key managements.In the case that the node has been compromised but works normally, the WSN system needs an intrusion detection mechanism to detect the compromised node [34], and has to replace the compromised node manually or abandon using it.In this part, we investigate the influence of the remaining sensor nodes, and evaluate the properties only to that part of the network.
Since each round in the protocol operations terminates in a pre-defined time, SET-IBS and SET-IBOOS satisfy the property of protocol execution termination, depending on the local timer of the sensor nodes.The CH nodes are elected based only on their local decisions, therefore, both SET-IBS and SET-IBOOS operate if there exists an active or compromising attacker.In order to eliminate the compromised sensor node in the network, all the revoked IDs of compromised nodes will be broadcast by the BS at the beginning of the current round.In this way, the compromised nodes can be prevented from either electing as CHs or joining clusters in this round.Furthermore, using either the IBS scheme or the IBOOS scheme has at least two advantages.First, it eliminates the utilization of certificates and auxiliary authentication information.Therefore, the message overhead for security can be reduced, especially with IBOOS.Also, because only the compromised node IDs have to be stored, it requires very small storage space for the node revocation.Since the length of a user's ID is usually only 1∼2 bytes, the storage of compromised user's IDs do not require much storage space.

Message Size of Data Transmission
In this part, we do the quantitative calculation of the message packet size on data transmission in the steady-state (main phase) of the different protocols for comparison.In the proposed SET-IBS, the message packet size on transmission for node j is described in Section 4, which equals to | is a hash value, which is 20 bytes when SHA-1 [35] is used.Although most of existing WSNs constructed in real world use no more than 200 nodes [1], a large scale WSN could consist of hundreds of nodes or more in the future.Thus in this paper, we set the length of node IDs as 2 bytes.In addition, the time-stamp |t j | is very small like 1 byte, and |C j | is assumed as 20 bytes.The total message size of a transmission packet is 44 + |σ j | bytes, whereas, |σ j | is variable.For example, when using the Tate pairing [28] for elliptic curve cryptography (ECC), the order q of G 1 and G 2 could be a 160-bit prime, if the required security level of ECC is equivalent to RSA with 1024-bit keys (RSA-1024) [36], which provides the currently accepted security level.In this way, the total message size of a data packet is 64 bytes in SET-IBS.Moreover, p could be a 512-bit prime to achieve higher level of security, where G is a q-order multiplicative subgroup of the finite field F * p 2 [22].
In SET-IBOOS, the message packet size on transmission for node j is described in Section 5, which equals to the length of ID and t are same to that of SET-IBS, and |C j | is assumed as 20 bytes.In the online signature R j , σ j , z j , the length of |z| = | σ j +(hsmodq)| depends on the size of q, which is set to 160 bits long to achieve a similar security level of SET-IBS, because the offline signature σ j is a negative exponential value of the cyclic group G's generator g (in Equation 7) that is very small.For the other parts of the signature σ j , z j , |σ j | is the exponentiation to the power σ j , from the negative exponential function (−t j , in Equation 8) of the generator g, thus its value is very small, which is assumed as 2 bytes at most in this paper.Similarly, the length of R j is assumed as 2 bytes.Therefore, the total message size of a data packet is 48 bytes in SET-IBOOS.
We compare the proposed SET-IBS and SET-IBOOS with other secure protocols which use a symmetric key management, SecLEACH protocol [8] and multi-level µTesla based protocol [37].We calculate the packet size in these protocols in the same way, which equals to in SecLEACH protocol, where mac is the message authentication code.And it equals to in Multi-level µTesla based protocol, where Sig is the signature based on the secret key, SK/PK is the public/private key pair for signing and verification, and AI is the auxiliary information for security referred to the sensor node.Figure 2 shows the total message sizes in different protocols for data transmission, which achieve a similar security level to RSA-1024, by concerning the number of sensor nodes.We can see that the proposed SET-IBS has smaller message size than multi-level µTesla based protocol.At the same time, it generates larger message size as compared to SecLEACH.However, the orphan node problem is fully solved in SET-IBS.We can also see that the proposed SET-IBOOS has the smallest message size than all the other protocols.We www.redpel.com+917620593389 further do network simulations on energy consumption and computation cost in the next subsection.

Simulation Results
Comprehending the extra energy consumption by the auxiliary security overhead and prolonging the network lifetime are essential in the proposed SET-IBS and SET-IBOOS.In order to evaluate the energy consumption of the computational overhead for security in communication, we consider three metrics for the performance evaluation: Network lifetime, system energy consumption and the number of alive nodes.For the performance evaluation, we compare the proposed SET-IBS and SET-IBOOS with LEACH protocol [4] and SecLEACH protocol [8].
• Network lifetime (the time of FND) -We use the most general metric in this paper, the time of FND (first node dies), which indicates the duration that the sensor network is fully functional [1].Therefore, maximizing the time of FND in a WSN means to prolong the network lifetime.
• The number of alive nodes -The ability of sensing and collecting information in a WSN depends on the set of alive nodes (nodes that have not failed).Therefore, we evaluate the functionality of the WSN depending on counting the number of alive nodes in the network.
• Total system energy consumption -It refers to the amount of energy consumed in a WSN.We evaluate the variation of energy consumption in secure data transmission protocols.
In the network simulation experiments, 100 nodes are randomly distributed in a 100m × 100m area, with a fixed BS located near part of the area, as shown in Figure 3.All the sensor nodes periodically sense events and transmit the data packet to the BS.We assume that the sensor CPU is a low-power high-performance Intel PXA255 processer of 400 MHz, which has been widely used in many sensor products, e.g., Crossbow Stargate [38].Table V lists up the parameter settings for the energy consumption in the network simulations.In the simulations, we use the same radio energy model in [4], and the other parameters are from [8,21,22,24].We assume that the BS has unlimited energy.For clustering, we properly set the desired percentage of CH nodes ρ = 10% during one round.In addition, on simulating the SecLEACH protocol, we choose a security level sl = 0.98 for a fixed length of a key ring m = 100.Thus, the probability that two nodes will share a key is P s = 0.87, which is also referred to as the expected orphan rate of the orphan node problem.protocol.The simulation results demonstrate that the system lifetime of SET-IBOOS is longer than that of SET-IBS and SecLEACH protocol.The time of FND in both SET-IBS and SET-IBOOS is shorter than that of LEACH protocol due to the security overhead on computation cost of the IBS process.
Figure 5 illustrates the energy of all sensor nodes disseminated in the network, which also indicates the balance of energy consumption in the network.Figure 6 shows the comparison of alive nodes' number, in which the proposed SET-IBS and SET-IBOOS protocols versus LEACH and SecLEACH protocols.The results demonstrate that the proposed SET-IBS and SET-IBOOS protocols consume energy faster than LEACH protocol, because of the communication and computational overhead for security of either IBS or IBOOS process.However, the proposed SET-IBOOS has a better balance of energy consumption than that of SecLEACH protocol.

C
In this paper, we first reviewed the data transmission issues and the security issues in CWSNs.The deficiency of the symmetric key management for secure data transmission has been discussed.We then presented two secure and efficient data transmission protocols respectively for CWSNs, SET-IBS and SET-IBOOS.In the evaluation section, we provided feasibility of the proposed SET-IBS and SET-IBOOS with respect to the security requirements and analysis against routing attacks.SET-IBS and SET-IBOOS are efficient in communication and applying the ID-based crypto-system, which achieves security requirements in CWSNs, as well as solved the orphan node problem in the secure transmission protocols with the symmetric key management.Lastly, the comparison in the calculation and simulation results show that, the proposed SET-IBS and SET-IBOOS protocols have better performance than existing secure protocols for CWSNs.With respect to both computation and communication costs, we pointed out the merits that, using SET-IBOOS with less auxiliary security overhead is preferred for secure data transmission in CWSNs.

Fig. 1 .
Fig. 1.Operation in the proposed secure data transmission μ

Fig. 2 .
Fig. 2. Message size for transmission compared to the number of nodes

Figure 4 Fig. 6 .
Figure 4  illustrates the time of FND using different protocols.We apply confidence intervals to the simulation results, and a certain percentage (confidence level) is set to 90%.Figure6shows the comparison of system lifetime using SET-IBS and SET-IBOOS versus LEACH protocol and SecLEACH

TABLE I :
List of notations in IBS and IBOOS procedure

TABLE II :
Operations in SET-IBS ID j , t j , C j , σ j , c j /* A leaf node j transmits the sensed data to its CH i. */ ID i , T s , F i , σ i , c i /* A CH i transmits the aggregated data to the BS.*/ CH i , G s : A leaf node, a cluster head, and the set of sensor nodes in the network.T s , t j: Time-stamps denoting the time slot for transmission in setup and steady-state phases.ID i , ID bs : The IDs of a sensor node i and the BS.C j , F i : The encrypted sensed data of node j and the aggregated data of CH i.adv,join,sched : Message string types which denote the advertisement, join request, and schedule messages.σi , c i : The ID-based digital signature concatenated with data from node i.
s : ID bs , T s , nonce /* The BS broadcasts its information to all nodes.*/ Step 2. CH i ⇒ G s : ID i , T s , adv, σ i , c i /* The elected CHs broadcast their information.*/ Step 3. L j → CH i : ID i , ID j , T s , join, σ j , c j /* A leaf node joins a cluster of the CH i. */ Step 4. CH i ⇒ G s : ID i , T s , sched(. . ., ID j /t j , . ..), σ i , c i /* A CH i broadcasts the schedule message to its members.*/

TABLE III :
Operations in SET-IBOOS ID j , t j , C j , R j , σ j , z j /* A leaf node j transmits the sensed data to its CH i. */ ID i , T s , F i , R i , σ i , z i /* A CH i transmits the aggregated data to the BS.*/ CH i , G s : A leaf node, a cluster head, and the set of sensor nodes in the network.T s , t j: Time-stamps denoting the time slot for transmission in setup and steady-state phases.ID i , ID bs : The IDs of a sensor node i and the BS.C j , F i : The encrypted sensed data of node j and the aggregated data of CH i.adv, join, alloc : Message string types which denote the advertisement, join request, and allocation messages.R i , σ i , z i : The online signature of node i concatenated with data.
s : ID bs , T s , nonce /* The BS broadcasts its information to all nodes.*/ Step 2. CH i ⇒ G s : ID i , T s , adv, R i , σ i , z i /* The elected CHs broadcast their information.*/ Step 3. L j → CH i : ID i , ID j , T s , join, R j , σ j , z j /* A leaf node joins a cluster of CH i. */ Step 4. CH i ⇒ G s : ID i , T s , alloc(. . ., ID j /t j , . ..), R i , σ i , z i /* A CH i broadcasts the allocation message.*/

TABLE IV :
Comparison of characteristics of the proposed protocols with other secure data transmission protocols

TABLE V :
Parameter settings for the energy consumption in simulations Node initial energy E init 1J Energy consumption on data aggregation E aggr 5nJ/bit Energy consumption on transmission amplifier E amp 100pJ/bit/m 2 Energy consumption on signature signing and verification for SET-IBS E sig 77.4µJ/signature