- About this Journal ·
- Abstracting and Indexing ·
- Advance Access ·
- Aims and Scope ·
- Annual Issues ·
- Article Processing Charges ·
- Articles in Press ·
- Author Guidelines ·
- Bibliographic Information ·
- Citations to this Journal ·
- Contact Information ·
- Editorial Board ·
- Editorial Workflow ·
- Free eTOC Alerts ·
- Publication Ethics ·
- Reviewers Acknowledgment ·
- Submit a Manuscript ·
- Subscription Information ·
- Table of Contents

International Journal of Distributed Sensor Networks

Volume 2012 (2012), Article ID 929542, 11 pages

http://dx.doi.org/10.1155/2012/929542

## Low-Cost Monitoring and Intruders Detection Using Wireless Video Sensor Networks

^{1}FEMTO-ST Institute, University of Franche-Comté, Rue Engel-Gros, BP 527, 90016 Belfort Cedex, France^{2}LIUPPA Laboratory, University of Pau, Avenue de l'Université, BP 1155, 64013 Pau, France

Received 1 December 2011; Revised 14 February 2012; Accepted 28 February 2012

Academic Editor: Wensheng Zhang

Copyright © 2012 Jacques M. Bahi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

There is a growing interest in the use of video sensor networks in surveillance applications in order to detect intruders with low cost. The essential concern of such networks is whether or not a specified target can pass or intrude the monitored region without being detected. This concern forms a serious challenge to wireless video sensor networks of weak computation and battery power. In this paper, our aim is to prolong the whole network lifetime while fulfilling the surveillance application needs. We present a novel scheduling algorithm where only a subset of video nodes contributes significantly to detect intruders and prevent malicious attacker to predict the behavior of the network prior to intrusion. Our approach is chaos based, where every node based on its last detection, a hash value and some pseudorandom numbers easily compute a decision function to go to sleep or active mode. We validate the efficiency of our approach through theoretical analysis and demonstrate the benefits of our scheduling algorithm by simulations. Results show that in addition to being able to increase the whole network lifetime and to present comparable results against random attacks (low stealth time), our scheme is also able to withstand malicious attacks due to its fully unpredictable behavior.

#### 1. Introduction

Instead of using traditional vision systems built essentially from fixed video cameras, it is possible to deploy autonomous and small wireless video sensor nodes (WVSNs) [1] to achieve video surveillance of a given area of interest. Doing so leads to a much higher level of flexibility, therefore extending the range of surveillance applications that could be considered. More interestingly, this scenario can support dynamic deployment scenario even in so-called object and obstacle-rich environments or hard-to-access areas. Such wireless video sensor nodes can in addition be thrown in mass to constitute a large-scale surveillance infrastructure. In these scenarios, hundreds or thousands of video nodes of low capacity (resolution, processing, and storage) of the same or similar type can be deployed in an area of interest.

Surveillance applications have very specific needs due to their inherently critical nature associated to security [2–4]. The basic objective of video surveillance systems is to allow detection and/or identification of intruders. Therefore, in that context, the main goal of a video sensor network is to ensure the coverage of the whole area of interest at any time . Another issue of prime importance is related to energy considerations since the scarcity of energy does have a direct impact on coverage, as it is not possible to have all the video nodes in activity at the same time. Therefore, a common approach is to define a subset of the deployed nodes to be active while the other nodes can sleep. There are already some techniques that schedule video nodes to work alternatively while maintaining the complete coverage [5–7]. The main idea in these techniques is to turn off a redundant node. Here redundancy means that the covered area by a node is completely covered by its neighbors too. However, these techniques usually depend on location or directional information, which is costly in energy and complexity. Usually it is very difficult to determine the redundant nodes without the location information. Fortunately, not all applications need a complete coverage at anytime, and in most surveillance applications for intrusion detection, most sensor nodes can move to a so-called “idle mode’’ in the absence of intrusions. When an intruder is detected by a node, all the network will be alerted. In that context, it is critical to provide an effective scheme for turning off video nodes without degrading the surveillance quality.

In this paper, we present a solution to the scheduling problem in mission-critical surveillance applications using video sensor nodes. We provide a chaotic sleeping scheme and conduct a theoretical and simulation analysis of both performances and security. Until now, only random approaches have been extensively studied in the literature to turn off video nodes without degrading the surveillance quality. Even if such methods present good scores in detecting random intrusions while preserving the lifetime of the network, they do not encompass the situation of a malicious attacker. That is to say, the intruder is not supposed to know something about the surveillance scheme, he cannot observe the WVSN for a while, or he is not authorized to deduce anything from his possible knowledge. In this paper, we intend to tackle with situations where the attacker is not supposed passive: he is smart and does not necessarily choose a random way to achieve his intrusion. In addition to preserving the network lifetime and being able to face random attacks, we show that our scheme is also capable of withstanding attacks of a malicious adversary due to its unpredictable behavior.

The rest of the paper is organized as follows. In Section 2, related works related to surveillance applications with WVSNs are presented. Smart threats and malicious attackers are introduced in Section 3. Basic recalls and terminologies on the fields of the mathematical theory of chaos and chaotic iterations are given in Section 4, and the link unifying them is explained too. The surveillance scheme based on the chaos theory is detailed in Section 5. We show in Section 6 that our proposed scheme can be used against malicious attacks. Simulation results in Section 7 compare our scheme to the classical random schedule in terms of intruder’s stealth time, network lifetime, and energy repartition. The paper ends by a conclusion section, where our contribution is summed up, and planned future work is detailed.

#### 2. Related Works

In video sensor networks, minimizing energy consumption and prolonging the system lifetime are major design objectives. Due to the significant energy-saving when a node is sleeping, a frequently used mechanism is to schedule the sensor nodes such that redundant nodes go to sleep as often and for as long as possible. By selecting only a subset of nodes to be active and keeping the remaining nodes in a sleep state, the energy consumption of the network is reduced, thereby extending the operational lifetime of the sensor network.

In this context, the coverage problem for wireless video sensor networks can be categorized as(i)*known targets coverage problem* which seeks to determine a subset of connected video nodes that covers a given set of target locations scattered in a 2D plane,(ii)*region-coverage problem* which aims to find a subset of connected video nodes that ensures the coverage of the entire region of deployment in a 2D plane.

Most of the previous works have considered the known-targets coverage problem [8–11]. The objective is to ensure at all time the coverage of some targets with known locations that are deployed in a two-dimensional plane. For example, the authors in [11] organize sensor nodes into mutually exclusive subsets that are activated successively, where the size of each subset is restricted and not all of the targets need to be covered by the sensors in one subset. In [9], a directional sensor model is proposed, where a sensor is allowed to work in several directions. The idea behind this is to find a minimal set of directions that can cover the maximum number of targets. It is different from the approach described in [8] that aims to find a group of nondisjoint cover sets, each set covering all the targets to maximize the network lifetime.

Regarding the region-coverage problem in which this study takes place, existing works focus on finding an efficient deployment pattern so that the average overlapping area of each sensor is bounded. The authors in [12] analyze new deployment strategies for satisfying some given coverage probability requirements with directional sensing models. A model of directed communications is introduced to ensure and repair the network connectivity. Based on a rotatable directional sensing model, the authors in [13] present a method to deterministically estimate the amount of directional nodes for a given coverage rate. A sensing connected subgraph accompanied with a convex hull method is introduced to model a directional sensor network into several parts in a distributed manner. With adjustable sensing directions, the coverage algorithm tries to minimize the overlapping sensing area of directional sensors only with local topology information. Lastly, in [6], the authors present a distributed algorithm that ensures both coverage of the deployment area and network connectivity, by providing multiple cover sets to manage field of view redundancies and reduce objects disambiguation.

All the above algorithms depend on the geographical location information (position and direction) of video nodes. These algorithms aim to provide a complete-coverage network so that any point in the target area would be covered by at least one video node. However, this strategy is not as energy efficient as what we expect because of the following two reasons. Firstly, the energy cost and system complexity involved in obtaining geometric information may compromise the effect of those algorithms. Secondly, video nodes located at the edge of the area of interest must be always in an active state as long as the region is required to be completely covered. These video nodes will die after some time, and their coverage area will be left without surveillance. Thus, the network coverage area will shrink gradually from outside to inside. This condition is unacceptable in video surveillance applications and intrusion detection, because the major goal here is to detect intruders as they cross a border or as they penetrate a protected area.

One direction to solve these problems is to schedule a node to sleep following a probabilistic approach. Each node remains awake with a given probability so that the coverage of the area can be guaranteed. However the probability can be modeled by an observer, who can take benefits from his observations to predict the dynamic of the network. This is obviously a security flaw. These considerations lead us to the introduction of smart threats given in the next section.

#### 3. Smart Threats

##### 3.1. Introduction

Let us suppose that an adversary tries to reach a location into the area without being detected. We consider that this situation leads to two categories of attacks.(i)On the one hand, the attacker only knows that the area is under surveillance. He tries to take its chance, for example, by following the shortest way or by trying a random path. In this first category of attack that we call “blind elementary attacks,’’ the intruder does not know how the surveillance is achieved as he does not observe the WVSN.(ii)On the other hand, in the second category of attacks, called “malicious attacks’’ in this paper, the intruder is supposed to be intelligent. He can try to take benefits from his observations to understand the behavior of the WVSN. After having recorded the dynamic of the WVSN for a given time, the malicious intruder can try to determine when video nodes are turned on. This prediction can help the intruder to find a way to reach without being detected.

In our opinion, the most reasonable way to evaluate the consequences of a malicious attack is to suppose that the intruder has access to the surveillance scheme. With this supposition, our security model encompasses the case where an attacker can have a physical access to a given node, thus determining the embedded mechanism used for video surveillance. In this Kerckhoffs-based principle, the attacker knows all but the initial parameters of the nodes. Moreover, he can observe the WVSN for a while. To achieve his intrusion, he can use all of the acquired knowledge—the sole difficulty is his lack of a secret parameter (the secret key) used to initialize the surveillance process.

The context of blind elementary attacks is well-known and understood: it has been studied a lot in the last decade, and various solutions have yet been proposed (Section 2). On the contrary, to the best of our knowledge, the case of an intelligent intruder (smart threat) has not yet really been treated. In this paper, we intend to propose a scheme able to withstand attacks encompassing these malicious intrusions and thus to offer a first solution to the problem raised by the smart threats existence hypothesis.

Technically speaking, the proposed approach offers several benefits. Firstly, the node scheduling algorithm does not need location information. Therefore, the energy consumption is reduced because there is no need to locate the node itself and its neighbors. Secondly, we will show that it performs as well as a random scheduling, in terms of lifetime and intrusion detection against blind elementary attacks (see Section 7). Lastly, due to its chaotic properties, its coverage is unpredictable, and thus a malicious adversary has no solution to attack the network (Section 6).

##### 3.2. Classification of Malicious Attacks

When a malicious adversary attacks a WVSN, he can concentrate his efforts either on the global network or on some specific nodes. Depending on the considered situation, he can perform either an active attack, modifying the network architecture or a node, or a passive attack based only on observations. He can have access to several WVSNs using the same algorithm. Furthermore, he can build its own network to make some experiments. His objective is to find the secret key used in the targeted network: with this knowledge, the attacker will be able to predict the behavior of the video sensor nodes.

Active attacks have been already investigated several times in the literature. These studies encompass the cases where nodes can be added, moved, modified, or removed, where communications between nodes can be observed or modified, and where the global architecture of the network is attacked. However, some WVSN are such that any modification of the network is signaled, leading to the impossibility of such active attacks. On the contrary, passive observations and deductions of a malicious attacker are always possible. To the best of our knowledge, these threats have not yet been investigated.

The passive malicious attacks can be classified as follows.(i)In the *target only attack (TOA)*, the adversary can only observe targeted networks.(ii)In the *constant key attack (CKA)*, the adversary has access to several WVSNs using the same secret key. The areas under surveillance and the network architecture change from one WVSN to another, but the attacker knows that all these networks use the same algorithm with the same secret key.(iii)In the *known original attack (KOA)*, the attacker had previously accessed to the WVSNs and its area. He had the opportunity to test various keys in a previous access. He hopes that this knowledge will help him to determine a way to realize his intrusion when the WVSN is really launched.(iv)In the *chosen key attack (CKA)*, the adversary has access to an exact copy of the network and area under surveillance than the one he wants to attack. He has realized, for instance, a miniature model or a computer simulator having exactly the same behavior than the targeted network and its area. He can thus try several secret keys, and if he achieves to reproduce exactly the same behavior for the network, then he can reasonably suppose that the true secret key has been discovered.(v)Finally, in the *estimated original attack (EOA)*, the attacker has only an estimation, an approximation of the network and its area.

In each of these categories, the sole objective of the attacker is to obtain the value of the secret key. With this knowledge, he will able to determine the WVSN behavior, finding by doing so a way to achieve his intrusion.

##### 3.3. Security Levels in CKA

We now take place in the chosen key attack problem. Let be the secret key used to initiate the video surveillance. Denote by the probabilistic model that the attacker can build with his observations, and by the set of all possible keys.

*Definition 1 (Insecurity). *The WVSN is insecure against the target only attack if and only if , and for all , .

This is on the contrary with the following.

*Definition 2 (Security). *The WVSN is secure against the Target Only Attack if and only if for all , .

In that situation, it is easy to prove that the mutual information is equal to 0, which is often refered as *perfect secrecy*.

#### 4. Basic Recalls

##### 4.1. Devaney’s Chaotic Dynamical Systems

General notations used in this document are given in Table 1.

Consider a topological space , where is a set and a topology on , that is, a collection of subsets of , satisfying the following well-known axioms.(1)The empty set and are in .(2) is closed under arbitrary union.(3) is closed under finite intersection.

Let be a function continuous for this topology.

*Definition 3. * is said to be *topologically transitive* if, for any pair of open sets , there exists such that .

*Definition 4. *An element (a point) is a *periodic element* (point) for of period , if .

*Definition 5. * is said to be *regular* on if the set of periodic points for is dense in : for any point in , any neighborhood of contains at least one periodic point (without necessarily the same period).

*Definition 6. * is said to be *chaotic* on if is regular and topologically transitive.

Let us recall that a *metric space* is an ordered pair , where is a set and is a metric on , that is, a function such that for any , the following holds:(i) (non-negative),(ii)if and only if (identity of indiscernibles),(iii)(symmetry),(iv) (triangle inequality).

The chaos property is strongly linked to the notion of “sensitivity,’’ defined on a metric space by the following.

*Definition 7. * has sensitive dependence on initial conditions if there exists such that, for any and any neighborhood of , there exists and such that *. * is called the constant of sensitivity of .

Indeed, Banks et al. have proven in [14] that when is chaotic and is a metric space, then has the property of sensitive dependence on initial conditions (this property was formerly an element of the definition of chaos). To sum up, quoting Devaney in [15], a chaotic dynamical system “is unpredictable because of the sensitive dependence on initial conditions. It cannot be broken down or simplified into two subsystems which do not interact because of topological transitivity. And in the midst of this random behavior, we nevertheless have an element of regularity.’’ Fundamentally different behaviors are consequently possible and occur in an unpredictable way.

##### 4.2. Chaotic Iterations

Let us consider a *system* of a finite number of elements (or *cells*), so that each cell has a Boolean *state*. A sequence of length of Boolean states of the cells corresponds to a particular *state of the system*. A sequence whose elements are subsets of is called a *strategy*. The set of all strategies is denoted by .

*Definition 8. *The set denoting , let be a function and be a strategy. The so-called *chaotic iterations* (CIs) are defined by [16] (, the initial condition, is a chosen Boolean vector of size ) and

In other words, at the iteration, only the cell is “iterated.”

Note that in a more general formulation, can be a subset of components and can be replaced by , where , describing for example, delays transmission. For the general definition of such chaotic iterations, see, for example, [16].

The term “chaotic’’, in the name of these iterations, has *a priori* no link with the mathematical theory of chaos recalled previously. However, we have proven in [17] that in a relevant metric space , the vectorial negation satisfies the three conditions for Devaney’s chaos. This result is recalled in the next section.

##### 4.3. Chaotic Iterations and Devaney’s Chaos

Denote by the *discrete Boolean metric*: for all , . Given a function , define the function such that
where + and · are the Boolean addition and product operations and is the coordinate of the Boolean vector . The *shift* function is defined by , and the *initial function * is the map which associates to a sequence, its first term: .

Consider the phase space: and the map

The chaotic iterations can be described by the following iterations

Let us define a new distance between two points by where(i),(ii).

This new distance has been introduced in [17, 18] to satisfy the following requirements. When the number of different cells between two systems is increasing, then their distance should increase too. In addition, if two systems present the same cells and their respective strategies start with the same terms, then the distance between these two points must be small because the evolution of the two systems will be the same for a while. The distance presented above follows these recommendations. Indeed, if the floor value is equal to , then the systems differ in cells. In addition, is a measure of the differences between strategies and . More precisely, this floating part is less than if and only if the first terms of the two strategies are equal. Moreover, if the th digit is nonzero, then the th terms of the two strategies are different.

The following propositions are proven in [17, 18] by using the sequential continuity.

Proposition 9. *For all , for all is a continuous function on .*

It is then checked in [17, 18] that in the metric space , the vectorial negation satisfies the three conditions for Devaney’s chaos: regularity, transitivity, and sensitivity. This has led to the following result.

Proposition 10. *CIs are chaotic on as it is defined by Devaney.*

These chaotic iterations have been used to define in [17] a hash function and a pseudorandom number generator (PRNG) able to pass the stringent TestU01 battery of tests in [19].

#### 5. Chaos-Based Scheduling

##### 5.1. The General Algorithm

###### 5.1.1. Network Capabilities

The WVSN is supposed to be constituted by nodes , . If the number of nodes is not a power of two, then will be the smallest integer such that is greater than the number of nodes.

Each is able to wake-up on a specific signal, to survey a given area (and to detect intrusions), to send a wake up signal to another node , and to go to sleep when it is required. Furthermore, it is supposed that embeds the following.(i)The mechanisms required by the intrusion detection: a sensing function , such as a camera, which returns some digital data at each listening time, and a decision function which returns if an intrusion is detected in these sensing values () or not.(ii)An internal clock having the time as a reference. In other words, there exists a global minimal time interval such that the internal clock of frequency of each node is such that is a multiple of : , with .(iii)A vector of binary digits, called *the state of the system *, and the capability to swap each bit of this vector ().(iv)An integer , called *listening time*, initialized to 0.

In other words, each node can achieve CIs. Thus, each node can compute, easily and by using a few resources, a hash value and some pseudorandom numbers as it is recalled in Section 4.2. We will denote by the seed of the PRNG used in node , which is equal to a secret parameter at time . This secret parameter with bits has been generated by a cryptographically secure PRNG, and thus it is uniformly distributed into . The state is initialized to the binary decomposition of .

###### 5.1.2. Deploying the Network

The deployment of video sensor nodes in the physical environment is the first operation (step) in the network lifecycle. It may take several forms. Sensor nodes may be randomly deployed dropping them from a plane and placed one by one by a human or a robot. Deployment may be a one-time activity or a continuous process. These methods have been extensively studied in the literature. In our method, the sole requirement to satisfy is to guarantee the uniform repartition into the region of interest.

###### 5.1.3. Initialization of the WVSN

At time , a subset (or if the network has nodes, and if is not a power of 2) of nodes are woken up and for all .

###### 5.1.4. Surveillance

The principle of surveillance applications is defined as follows. At each time , .(1)If a sleeping node has received wake-up orders during the time interval , then it goes into active mode and sets its listening time to .(2)If an active node has received orders to wake up during the time interval , then it increments its listening time: .(3)For each node having a listening time .(i) ensures the surveillance of its area during .(ii)If, during this time interval, an intrusion is detected, then the WVSN is under alert.(iii)If is the first listening time of after having activated, then:(a)the hash value of the sensed value is computed (c.f. Section 4.2),(b)the seed of the PRNG of is set to , where + is the concatenation of the digits of and (thus even if , we have ),(c)the bits of the state of the system are set to , where is the binary decomposition of shown as a binary vector of length .(4) bits are computed with the PRNG of . These bits define an integer . Then the bit of in position is switched, which leads to a new state . By doing so, CIs are realized.(5)Each active node decreases its listening time: .(6)For each active node having its listening time :(i) sends the wake-up order to node , where is the integer whose binary decomposition is the last state of the system . If the number of nodes is not a power of 2, then tests first if before sending its signal.(ii) goes to sleep.

##### 5.2. Reducing Communication Overheads

###### 5.2.1. Avoiding Broadcast by Geographic Routing Waking up

In the previous section, the general algorithm requires in step 6 that for each active node having its listening time , sends a wake-up order to node , being determined by the chaotic iterations. Practically, if nodes’ position is random, this wake-up message needs to be broadcasted to the entire network with a high communication overhead. It is possible to significantly reduce this overhead by using a geographic routing approach and having each node knowing the geographic position of the other nodes. A preliminary phase of neighbor advertising/discovering is then needed at network initialization whose cost could be regarded as low when the network lifetime becomes longer. Geographic position could be obtained by node’s GPS capabilities or by a combination of GPS and other localization techniques. Figure 1(a) illustrates this method: node at coordinate needs to wake up node at coordinate . Using geographic routing, the best neighbor is selected hop by hop to reach .

It is also possible to reduce the constraints on the geographical coordinates of individual nodes by using geographic routing with area coordinates instead. The principle is to divide the area of interest in several smaller rectangular areas and to use the area’s index instead of a node’s index for the chaotic iterations. Once the area to wake-up is determined, we can use the geographic coordinates of the center of the area to propagate the wake up message without knowing the coordinate of individual nodes. Figure 1(b) illustrates this behavior where node at coordinate in area (2,1) has to wake up area (3,5). The coordinate of the center of area (3,5) could be computed/estimated by node which will then use geographic routing to reach this area represented by a virtual node of coordinates . The last step of the geographic routing will wake up a node (green dot) in the target area since this node is the closest to coordinates . Compared to the previous case, we can see that the wake-up node can be different. Note that it is not required that the estimation of an area’s center be accurate as local nodes are selected by local broadcast at the radio level.

###### 5.2.2. Neighborhood-Scoped Waking up

Another solution is to use neighbor-scoped waking up instead of considering the entire network. Since the network starts with a given number of active nodes, if each active node selects the next node to be woken up in their respective neighborhood, the chaotic iteration properties are still valid to make predictions of the future impossible for a smart intruder. Figure 2 illustrates this solution and shows 3 active nodes at step (red dots) selecting one of their neighbors (green dots) with chaotic iterations on the neighbor index which in turn will select at step another node (yellow dots) among their own neighbors. This solution has the advantage to avoid multi-hop transmissions and GPS coordinates.

##### 5.3. Relaxing the Global Synchronization Assumption

The chaos-based scheduling algorithm, as presented previously, assumes that the sensor network is globally synchronized (each node maintains an internal clock as a reference). However, this time synchronization can be costly or hard to maintain in various sensor networks. If so, this strong hypothesis can be relaxed as follows. can be replaced by , where is the smallest time interval between two operations in node . That is, , where is the CPU frequency of node .

The sentence at the beginning of Section 5.1.4 “At each time , ’’ can be changed in “For all node , for all time ,’’ and “ ensures the surveillance of its area during ’’ can be replaced by “ ensures the surveillance of its area during ’’ in step 3 of the surveillance algorithm.

The global synchronization assumption has been formulated initially to simplify the scheme description and because we need a common discrete time for all the network when establishing the proofs that makes the algorithm secure. In case where such a hypothesis cannot be supposed without loss of performances, we can obtain such a common discrete time by ordering and reindexing the set: and by considering the following order:

#### 6. Theoretical Study

##### 6.1. Scheduling as Chaotic Iterations

The scheduling scheme presented above can be described as CIs. The global state of the whole system is constituted by the reunion of each internal state of each node . This is an element of . The strategy at time is the subset of constituted by all of the strategies that are computed into the awakened nodes at time . More precisely, if the node has computed the strategy at time , then the global strategy will contain the value . Lastly, the iteration function is the vectorial negation defined: . A subsequence is extracted from , which determines the changes that occur in the network: nodes whose binary id is into are nodes that achieve the surveillance at the considered time. Let us remark that and depend both on the outside world, due to the fact that are regularly seeded with the digest of some sensed values.

##### 6.2. Complexity

Even if the hash function and the PRNG taken from [17, 19], respectively, can be replaced by any cryptographically secure hash function and PRNG, we do not recommend their substitution. Indeed, all of the operations used by our scheme can be achieved by CIs. Each iteration of CIs is only constituted by the negation of a few binary digits. Obviously, such an operation is fast and does not consume a lot of energy. By doing so, we thus obtain an efficient video surveillance scheduling scheme compliant with WVSN requirements. Section 7 will detail more quantitatively this fact.

##### 6.3. Coverage

The coverage of the whole area is guaranteed due to the following reasons.

Firstly, the scheduling process corresponds to CIs. These iterations are chaotic according to Devaney; thus they are transitive. This transitivity property is the formulation of an uniform distribution in terms of topology. It claims that the system will never stop to visit any subregion of the whole area, regardless of how tiny the region is.

Secondly, as the choice of the nodes to wake up at each time is done by using CIs, this selection corresponds to the returned value of our PRNG proposed in [19]. This “CI()-generator’’ takes two PRNGs , as input sequences, realizes CIs with as strategy, the vectorial negation as update function, and selects the states to publish as outputs by using the second PRNG . By such a combination, we improve the statistical properties of the input PRNG used as the strategy, and we add chaotic properties. The scheduling process corresponds to the -generator, with and . As is statistically perfect ( is CI(ISAAC, ISAAC), which can pass the whole NIST, DieHARD, and TestU01 batteries of tests), the uniform repartition of the states is then guaranteed.

Lastly, experiments in Section 7 will show that this intended uniform coverage is well obtained in practice.

##### 6.4. Security Study

###### 6.4.1. Qualitative Approach

Let us suppose that Oscar, an intruder, knows that the scheduling process is based on CIs, that is, he knows the whole algorithm, except the seeds that have been used to initiate the PRNGs of each node. By doing so, we respect the Kerckhoffs’ principle: the adversary has all except the secret key. Oscar’s desire is to reach a particular location of the area without being detected. To achieve his goal, he can choose two strategies. On the one hand, he can try a blind elementary attack, either by following a random way from its position to , or by choosing the shortest path. The next subsection and the experiments will show that such an attack cannot work. On the other hand, Oscar can try to take benefits both from his knowledge and his observations. However, if he can determine the nodes that are awakened at time , he cannot predict the awaken nodes at time . To do so, he should be able to obtain , which are computed from the digests of some values that will be sensed in the future. As our hash function satisfies the avalanche effect, due to its chaotic properties, any error on the sensed value leads to a completely different digest.

As Oscar cannot determine the sensed values of each node, at each time and with an infinite precision, he does not have the knowledge of the current state of the global system. He has only access to an approximation of this state. As the global scheduling process is chaotic, this error on the initial condition is magnified at each iteration, leading to the impossibility for Oscar to predict the scheduling process. This qualitative approach for security will be formalized in the second section below.

###### 6.4.2. Chaotic Properties

We now investigate the topological properties presented by the proposed video-surveillance scheme. First of all, let us recall two fundamental definitions from the mathematical theory of chaos.

*Definition 11. *A function is said to be expansive if , for all , such that .

*Definition 12. *A discrete dynamical system is said to be *topologically mixing* if and only if, for any pair of disjoint open sets ,, can be found so that for all , .

As proven in [20], chaotic iterations are expansive and topologically mixing when is the vectorial negation . Consequently, these properties are inherited by the WVSN presented previously, which induce a greater unpredictability. Any difference on the initial parameter of the WVSN is, in particular, magnified up to be equal to the expansivity constant.

Now, what are the consequences for a wireless sensor network to be chaotic according to Devaney’s definition? Firstly, the topological transitivity property implies indecomposability.

*Definition 13. *A dynamical system is *indecomposable* if it is not the union of two closed sets such that , .

Hence, reducing the observed area in order to simplify its complexity is impossible if is strongly connected. Moreover, under this hypothesis the surveillance scheme is strongly transitive.

*Definition 14. *A dynamical system is *strongly transitive* if for all , for all , , , .

According to this definition, for all pair of points , in the phase space, a point can be found in the neighborhood of such that one of its iterates is . Indeed, this result has been stated during the proof of the transitivity presented in [17]. Among other things, the strong transitivity leads to the fact that without the knowledge of the initial awakened nodes, all scheduling is possible. Additionally, no nodes of the output space can be discarded when studying the video-surveillance scheme: this space is intrinsically complicated and it cannot be decomposed or simplified.

Finally, these WVSNs possess the instability property.

*Definition 15. *A dynamical system is unstable if for all , the orbit is unstable; that means , for all , , , such that and .

This property, which is implied by sensitive point dependence on initial conditions, leads to the fact that in all neighborhoods of any point there are points that can be apart by in the future through iterations of the WVSN. Thus, we can claim that the behavior of these networks is unstable when is strongly connected.

###### 6.4.3. Cryptanalysis in CKA Framework

As stated in Section 6.1, the proposed video-surveillance scheme can be rewritten as where the phase space is , depends on a secret parameter whose binary digits are uniformy distributed, and stands for the vectorial negation on .

We will now show the following.

Proposition 16. *The videosurveillance scheme proposed in this document is secure when facing a chosen key attack.*

*Proof. *Let . We will prove by a mathematical induction that for all . The base case is immediate, as the initial state of the WVSN is initialized by (, which are produced by a cryptographically secure PRNG, so *.* Let us now suppose that the statement holds for some . Let and (the digit 1 is in position ). So . These two events are independent, thus . According to the inductive hypothesis, . The set of events for is a partition of the universe of possible, so .

Finally, , which leads to . This result is true for all ; we thus have proven that;

So the video surveillance defined in this paper is secure in CKA.

#### 7. Simulation Results

This section presents simulation results on comparing our chaotic approach to the standard C++ rand()-based approach with random intrusions. We use the OMNET++ simulation environment, and the next node selection will either use chaotic iterations or the C++ rand() function (rand() % ) to produce a random number between 0 and . For this set of simulations, 128 sensor nodes (therefore ) are randomly deployed in a 75 m * 75 m area. Unless specified, sensors have an 36° AoV, and sensor node captures at the rate of 0.2 fps. Each node starts with a battery level of 100 units, and taking 1 picture consumes 1 unit of battery. When a node is selected to wake up, it will be awake for seconds. We set all s. According to the behavior defined in Section 5, before going to sleep after an activity period of , will determine the next node to be woken up. It can potentially elect itself in which case stays active for at least another period. The elected node can be already active, in which case it simply increases its counter. We set about 50% of the sensor nodes to be active initially (each sensor draws a random value between 0 and 1 and if the value is greater than 0.5, it will be active). This initial threshold is tunable but we did not try to vary this parameter in this paper. The results presented here have been averaged over 10 simulation runs with different initial seeds. Figure 3 shows the percentage of active nodes. Both the chaotic and the standard rand() function have similar behavior: the percentage of active nodes progressively decreases due to battery shortage.

To compare both approaches in terms of surveillance quality, we record stealth time when intrusions are introduced in the area of interest. The stealth time is the time during which an intruder can travel in the field without being seen. The first intrusion starts at time 10 s at a random position in the field. The scan line mobility model is then used with a constant velocity of 5 m/s to make the intruder move to the right part of the field. When the intruder is seen for the first time by a sensor, the stealth time is recorded and the mean stealth time computed. Then a new intrusion appears at another random position. This process is repeated until the simulation ends (i.e., no more sensor nodes with energy). Figure 4(a) shows the mean stealth time over the whole simulation duration. Figure 4(b) shows the same data but with a sliding window averaging filter of 20 values. As the nodes are uniformly distributed in the area of interest, there is a strong correlation between the percentage of active nodes and the stealth time as it can be expected. The result we want to highlight here is that our chaotic node selection approach has a slightly better level of performance in presence of random intrusions than standard rand() function in addition to providing a formal proof of non-prediction by malicious intruders.

The last result we want to show is the energy consumption distribution. We recorded every 10 s the energy level of each sensor node in the field and computed the mean and the standard deviation. Figure 5 shows the evolution of the standard deviation during the network lifetime. We can see that the chaotic node selection provides a slightly better distribution of activity than the standard rand() function.

This better distribution of the node’s activity has the beneficial effect to increase the detection quality: as nodes are used more equally, there are less “holes” in the surveillance network due to some nodes having battery shortage earlier.

#### 8. Comparison with the Random Approach

Experiments show that the proposed algorithm is as good as random scheduling in case of random attacks. Lifetime of the network ant stealth time is quite similar for the two approaches. Under this point of view, when facing a random attack, there is no improvement compared to existing methods. However, in the case of a malicious attack, using the proposed chaos-based approach instead of a random one is of importance. Indeed, the random approach is either insecure or not realizable in that context. It is due to the constraints inherent to the wireless video sensor networks. The problem can be summarized as follows: either the generators embedded into each node in a random scheduling are cryptographically secure (as ISAAC or the Blum-Blum-Shub—BBS—generator e.g.), and thus they are very slow and need a lot of computational resources, which are two issues incompatible with the objectives and limitations of such networks or they are fast but insecure and thus not adapted when a high level of security is required.

Security of a pseudorandom generator is a characteristic that shows how hard it is to tell the difference between the pseudorandom sequences and truly random sequences. A pseudorandom generator is said to be provably secure if distinguishing these two classes of sequences is as difficult as solving a well-known and supposedly hard (typically number-theoretic) problem. For instance, the BBS pseudorandom generator is secure under the assumption that factoring large Blum integers are a difficult problem. Such a security level cannot be attained by fast and light PRNGs that are in common use in WVSN. These PRNGs are fast but insecure: either bias appears in their iterations, leading to the possibility to take benefits of this bias to predict the future evolution of the network, or they have been cryptanalyzed by more specific and refined attacks.

The approach we propose does not rely its security on the quality of the randomness but on topological properties of chaos, making the attacks described above inefficient to break the scheduling program. In that situation, chaotic properties reinforce the security of the scheme by making it impossible to forecast the future evolution of the network by using the knowledge acquired during previous observations. Furthermore, we have proven in Section 6.4.3 that the proposed scheme is secure when considering attacks in the CKA framework. To the best of our knowledge, it is not the case for the random approach. Therefore our approach has a solid and formally proven security foundation while the random approach has no such proofs.

#### 9. Conclusions and Perspectives

In this paper, a sleeping scheme for nodes has been proposed as an effective and secure solution to the scheduling problem in mission-critical surveillance applications using WVSNs. It has been evaluated through theoretical and practical aspects of performance and security. As opposed to existing works, this scheduling scheme is not based only on randomness but on the mathematical theory of chaos also. By doing so, we reinforce coverage and lifetime of the network, while obtaining a more secure scheme. We have considered in this paper the case where the intruder is smart and active. Furthermore, we have supposed that he can know the scheme and observe the behavior of the network. We have shown that, in addition to being able to preserve WVSN lifetime and to present comparable results against random attacks, our scheme is also able to withstand such malicious attacks due to its unpredictable behavior.

In future work, we intend to enlarge the security field in WVSN-based video surveillance, by making a classification of attacks that Oscar can achieve depending on the data he has access to. Our desire is to distinguish between several levels of security into each category of malicious attacks, from the weakest one to the strongest one. Additionally, we will study more precisely the topological properties of the scheduling scheme presented in this paper.

#### References

- I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A survey on sensor networks,”
*IEEE Communications Magazine*, vol. 40, no. 8, pp. 102–114, 2002. View at Publisher · View at Google Scholar · View at Scopus - T. He, S. Krishnamurthy, J. A. Stankovic et al., “Energy-efficient surveillance system using wireless sensor networks,” in
*Proceedings of the 2nd International Conference on Mobile Systems, Applications and Services (MobiSys '03)*, pp. 270–283, Boston, Mass, USA, 2004. - S. Oh, P. Chen, M. Manzo, and S. Sastry, “Instrumenting wireless sensor networks for real-time surveillance,” in
*Proceedings of the International Conference on Robotics and Automation (ICRA '06)*, pp. 3128–3133, Orlando, Fla,USA, May 2006. View at Publisher · View at Google Scholar · View at Scopus - Y. Zhu and L. M. Ni, “Probabilistic approach to provisioning guaranteed QoS for distributed event detection,” in
*Proceedings of the 27th IEEE Communications Society Conference on Computer Communications (INFOCOM '08)*, pp. 592–600, Phoenix, Ariz, USA, April 2008. View at Publisher · View at Google Scholar · View at Scopus - J. Wang, C. Niu, and R. Shen, “Randomized approach for target coverage scheduling in directional sensor network,” in
*Proceedings of the 3rd International Conference on Embedded Software and Systems (ICESS '07)*, vol. 4523 of*Lecture Notes in Computer Science*, pp. 379–390, 2007. - C. Pham, A. Makhoul, and R. Saadi, “Risk-based adaptive scheduling in randomly deployed video sensor networks for critical surveillance applications,”
*Journal of Network and Computer Applications*, vol. 34, no. 2, pp. 783–795, 2011. View at Publisher · View at Google Scholar · View at Scopus - C. Pham and A. Makhoul, “Performance study of multiple cover-set strategies for mission-critical video surveillance with wireless video sensors,” in
*Proceedings of the 6th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob '10)*, pp. 208–216, Niagara Falls, Canada, October 2010. View at Publisher · View at Google Scholar · View at Scopus - Y. Cai, W. Lou, M. Li, and X.-Y. Li, “Target-oriented scheduling in directional sensor networks,” in
*Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM '07)*, pp. 1550–1558, 2007. - J. Ai and A. A. Abouzeid, “Coverage by directional sensors in randomly deployed wireless sensor networks,”
*Journal of Combinatorial Optimization*, vol. 11, no. 1, pp. 21–41, 2006. View at Publisher · View at Google Scholar · View at Scopus - H. Liu, P. Wan, and X. Jia, “Maximal lifetime scheduling for sensor surveillance systems with K sensors to one target,”
*IEEE Transactions on Parallel and Distributed Systems*, vol. 17, no. 12, pp. 1526–1536, 2006. View at Publisher · View at Google Scholar · View at Scopus - M. X. Cheng, L. Ruan, and W. Wu, “Achieving minimum coverage breach under bandwidth constraints in wireless sensor networks,” in
*Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '05)*, pp. 2638–2645, March 2005. View at Scopus - H. Ma and Y. Liu, “Some problems of directional sensor networks,”
*International Journal of Sensor Networks*, vol. 2, no. 1-2, pp. 44–52, 2007. View at Scopus - D. Tao, H. Ma, and L. Liu, “Coverage-enhancing algorithm for directional sensor networks,” in
*Proceedings of the 2nd International Conference, Mobile Ad-Hoc and Sensor Network*, Lecture Notes in Computer Science, pp. 256–267, Springer, Hong Kong, 2006. - J. Banks, J. Brooks, G. Cairns, and P. Stacey, “On devaney's definition of chaos,”
*American Mathematical Monthly*, vol. 99, pp. 332–334, 1992. - L. R. Devaney,
*An Introduction to Chaotic Dynamical Systems*, Westview, 2nd edition, 2003. - F. Robert,
*Discrete Iterations: A Metric Study*, vol. 6 of*Computational Mathematics*, Springer, 1986. - J. M. Bahi and C. Guyeux, “Hash functions using chaotic iterations,”
*Journal of Algorithms & Computational Technology*, vol. 4, no. 2, pp. 167–181, 2010. - J. M. Bahi and C. Guyeux, “Topological chaos and chaotic iterations, application to hash functions,” in
*Proceedings of the IEEE World Congress on Computational Intelligence (WCCI '10)*, pp. 1–7, Barcelona, Spain, July 2010. - J. M. Bahi, C. Guyeux, and Q. Wang, “A pseudo random numbers generator based on chaotic iterations. application to watermarking,” in
*Proceedings of the International Conference on Web Information Systems and Mining*, pp. 202–211, 2010. - C. Guyeux, N. Friot, and J. M. Bahi, “Chaotic iterations versus spread-spectrum: chaos and stego security,” in
*Proceedings of the 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP '10)*, pp. 208–211, Darmstadt, Germany, October 2010.