Abstract

With the rapid development and application of medical sensor networks, the security has become a big challenge to be resolved. Trust mechanism as a method of “soft security” has been proposed to guarantee the network security. Trust models to compute the trustworthiness of single node and each path are constructed, respectively, in this paper. For the trust relationship between nodes, trust value in every interval is quantified based on Bayesian inference. A node estimates the parameters of prior distribution by using the collected recommendation information and obtains the posterior distribution combined with direct interactions. Further, the weights of trust values are allocated through using the ordered weighted vector twice and overall trust degree is represented. With the associated properties of Tsallis entropy, the definition of path Tsallis entropy is put forward, which can comprehensively measure the uncertainty of each path. Then a method to calculate the credibility of each path is derived. The simulation results show that the proposed models can correctly reflect the dynamic of node behavior, quickly identify the malicious attacks, and effectively avoid such path containing low-trust nodes so as to enhance the robustness.

1. Introduction

Nowadays, with the rapid development of wireless communication technology and wearable medical sensors, the wireless medical sensor network becomes a promising technology and is changing the way people seek medical treatment [1]. For electronic health, the development of medical sensor networks (MSNs) is very necessary. Patient health status can be remotely sensed, processed in real time, and transferred to the hospital or medical centre, which will take the place of face-to-face diagnosis [2]. There are many successful cases in real life, such as emergency electronic health, family monitoring, transmission of medical data, and remote surgery [3]. However, due to the sensitivity of the medical data and the openness of the wireless channel to communicate, medical sensor networks are exposed to many potential threats. Consequently, how to guarantee their security has become a big challenge to be resolved [4].

Owing to these unique characteristics of MSNs and vulnerability to a wide variety of abnormal node behaviours, the traditional cryptography techniques [5] cannot meet the requirements of security and credibility. As a consequence, medical data are extremely likely to be freely modified or discarded by the attackers; for instance, compromised nodes may inject error messages and malicious nodes probably intercept and modify information, inject false information, replay old messages, and send a large number of false packages to block communication channel. Accordingly, trust management as a kind of soft security mechanism [6] has been introduced for the sake of solving the aforesaid problems. TrE proposed by Boukerche and Ren [7] is the first trust evaluation model applied to medical sensor networks, which is put forward for secure multicast routing. In consideration of the unique operation and security requirements, combining the simple cryptographic mechanisms with dynamic trust management, He et al. suggested an application-independent and distributed trust evaluation model for MSNs to guarantee the security of medical sensor networks [8]. In addition, ReTrust, an attack-resistant and lightweight trust management protocol, was designed specifically for MSNs with a two-tier architecture [9].

Although the existing researches have made great progress, they are still in need of improvements in the following aspects. For one thing, these studies mainly focus on the establishment of trust models with regard to a single node, which are simple and coarse-grained. As is known to all, medical data are diverse and are of different importance. Thus they should be distinguished and the more important data should be transmitted through the more trustworthy nodes and paths. For this reason, it is very necessary to construct a fine-grained trust model according to the importance of medical data to investigate the credibility of a single node, which can effectively avoid the strategic attacks. In order to achieve this purpose, Bayesian inference is adopted to measure the credibility of a single node in each interval, in which the interactions from neighbour nodes are used to obtain the prior information and the direct interactions are used to get the posterior distribution to estimate the trust value.

For another aspect, these works did not specify the measurement of the trust about the paths with several intermediate nodes from the source master nodes to the base station. The aforementioned trust model of single node is the basis of the path trust model. Building trust relationship between network nodes can be used to develop high-level security solutions as auxiliary, such as security routing. Therefore, based on trust degrees of network nodes, a trust evaluation model with Tsallis entropy to measure the trustworthiness of each path is proposed in this paper. In the last respect, in the process of integrating several trust values into overall trust degree, the corresponding weights are obtained by using the ordered weighted vector twice, in which time sequence and relative size order are viewed as the induced factor, respectively. The medical data and packets are interchangeable hereinafter.

The structure of this paper is as follows. Section 2 simply reviews the two-layer architecture model for MSNs given in [9] and traditional cryptography techniques are introduced to guarantee the security of medical data. Based on Bayesian inference, a method to measure the credibility of single node with different importance is developed in Section 3. On this basis, with the properties of Tsallis entropy, path Tsallis entropy is defined to measure the uncertainty of each path from the source master nodes to the base station, and then the trustworthiness of each path is put forward in Section 4. Simulation experiments and result analysis are presented in Section 5.

2. The Architecture of MSNs and Involved Cryptography Techniques

2.1. The Two-Layer Architecture of MSNs

The two-layer architecture was proposed applicable to medical sensor networks [9]. The whole MSN is composed of several clusters, and each cluster comprises a master node and a certain amount of sensor nodes. Each sensor node is mainly responsible for perception to acquire relevant medical data, and then it delivers these data to the master node within its own cluster. All the master nodes have sufficient storage, computing, and energy resources. After gathering the medical data from some sensor nodes in the cluster, each master node takes charge of transmitting them to the base station through selecting the most trustworthy routing. Every sensor node only communicates with the master node in the cluster, while the master node can communicate and exchange information with the neighbour master nodes, and thus all the sensor nodes and master nodes constitute a two-layer and multihop network. It is specific as shown in Figure 1.

2.2. Involved Cryptography Techniques

As mentioned above, dynamic trust management must be combined with traditional cryptography techniques to ensure the security and credibility of MSNs. The proposed trust model is conducted based on some simple symmetric encryption/decryption algorithms and public key cryptography. These are described in detail as follows.(1)Due to some characteristics such as small capacity and limited resources, each sensor node employs the lightweight cryptography techniques [10] to encrypt medical data and then transmits them to the master node in its own cluster. Every master node is responsible for key distribution and update by adopting the public key techniques. All the sensor nodes in a cluster are with different keys.(2)Different from the sensor nodes, each master node contains adequate resources and capacity, so that it is able to take advantage of general symmetric cryptography techniques to encrypt/decrypt the data. There are additional three kinds of keys in each master node. Firstly, one key is distributed and updated by the base station, which is similarly generated through some public key technique. The medical data collected from sensor nodes are encrypted with this key and further delivered to the base station. Secondly, a multicast key is applied between a master node and its neighbor master nodes. When it wants to send request information to some neighbor nodes, the master node encrypts the information with this key. Finally, a pairwise key between master nodes is necessary. When the neighbors return information corresponding to the request information, the key is used to encrypt the reply information. The multicast key cannot be substituted for this key in order to prevent other neighbor nodes to hijack or tamper the reply messages.

3. Computing the Credibility of Master Nodes

3.1. The Representation and Storage of Interaction Information

In the MSNs, a database and a trust evaluation system are built in each master node . The database is used to store the interaction information with other neighbor master nodes and the trust evaluation system is established to measure the credibility of neighbor nodes and the paths from the master node to the base station. Denote as a set including all the neighbor master nodes of node . For any , after delivering the packets to , node can record the forwarding information of node with a quad in the database. The meaning of each symbol in the quad is specified as follows: the symbol indicates the importance grade of packets whose value space is , and the greater the value, the more important the packets; represents the forwarding result, and is the forwarding timestamp. Assuming that the current moment is and represents forwarding packets with importance , trust degree is defined as the probability that node expects that node will perform at the current moment. Therefore, the credibility of node from the perspective of node can be expressed by a multidimensional vector: Hereinafter, abbreviate , .

As we know, trust has the characteristics of time decay; that is, the interaction results farther from the current moment have the weaker influence on the current trust value. As a consequence, those interactions only in a certain period close to the current time are necessary to be analyzed so as to obtain the current trust degree. Given and , , the time range in which these interaction records are considered is specified as where . For convenience, set , , in which

Based on the above, node first calculates the corresponding trust value in each interval , and then are weighted to get the overall trust degree of node .

3.2. Computation of Based on Bayesian Inference

For any , the event represents that node forwards packets of importance successfully in the interval , whose probability is denoted by . Assume random variable is the number of occurrence in independent observations; obeys the binomial distribution . Denote and represents the common neighbor master nodes of nodes and . In order to derive , it is crucial that node combines with to deduce the estimation of . In the following, Bayesian inference [11] is adopted to obtain the estimation . Since the conjugate prior distribution of is Beta distribution , node views as the prior information to estimate the two hyper parameters and with the method of prior moment, integrates the direct interactions to acquire the posterior distribution, and computes its expectation as the estimation of . From the above mentioned, is derived based on Bayesian inference through the following steps.

Step 1. Master node checks whether there are common neighbor nodes with node; if , then skip to Step 4; else, it sends trust request information to all the common neighbors.

Step 2. For any , after receiving the request information, node looks over its own interaction records and calculates an estimation of in every interval : in which . In particular, if , denote . Then node returns this information to node .

Step 3. After receiving , node computes the estimation values of parameters about Beta distribution with the method of prior moment. Set then Therefore, the estimation values of hyper parameters and are

Step 4. When , set ; otherwise . Then Beta distribution is viewed as the prior distribution of . Node checks its own interaction information as the posterior information in each interval and obtains trust value . In the case that While , combining as the prior distribution with the interaction record , the posterior distribution of is Thus trust value is further given as

Although there are generally 3 kinds of Bayesian estimation based on the posterior distribution, the mean square error is minimized if the posterior mean is viewed as the Bayesian estimation. And in the case of the binomial distribution, the posterior mean value is more appropriate than maximum posterior estimation; therefore, formulas (9) and (11) both adopt the posterior mean values as the estimation . At this point, node obtains the trust values of node in all the intervals; that is, .

3.3. Weights Setting and Computation of Overall Trust Degree

Based on , node computes the overall trust degree of by allocating the corresponding weights described in the following.

Definition 1 (overall trust degree). In the view of node , the overall trust degree of node at the current moment is In formula (12), and .

The setting of weight coefficients is critical and two factors are mainly considered. On the one hand, due to the characteristics of time decay, the influence of on the overall trust degree dynamically attenuates as time evolves, so that far from the present moment should be assigned a lower weight. That is to say, the smaller the , the lower the corresponding weight. On the other hand, in order to punish the malicious behaviors, the lower trust value in the sequence should be given a higher weight. Based on the above two aspects, the weights are expressed twice using an ordered weighted vector. First of all, the induced ordered weighted averaging (IOWA) operator is introduced.

Definition 2 (IOWA operation [12]). Assume are two-dimensional arrays. Denote then the function is an -dimensional ordered weighted averaging operation induced by , where is the subscript of the th one among arranged in increasing order of size and is named as an ordered weighted vector.

Currently calculating the weighted vector based on maximum discrete degree is one better method, with which the vector is achieved as . In practice, choose a proper value for and then calculate according to formula (14).

For example, set ; the vector changes as varies, as detailed in Figure 2.

From Figure 2, the distributions of the corresponding weights are symmetric with and , and they strictly monotonically increase and descend when and , respectively. However, the rates of ascent or descent are different when takes different values.

Through the above analysis, the weights can be allocated twice using an ordered weighted vector. Set . To begin with, in consideration with time decay, the order of time corresponding to the sequence of trust values is regarded as the induced factor ; then the order value of is , . Secondly, are rearranged in descending order of size, and the induced factor is the relative sequence of trust values . If a few trust values are the same, they are carried out in accordance with the time order. It’s detailed as follows. For any , denote then the relative sequence value of is . Therefore, each trust value corresponds to a sequence array . From Figure 2, given and , can be computed from formula (14); then the corresponding weight of trust value is represented by

Substituting (16) into formula (12), the overall trust degree of node is

4. Routing Credibility Based on Tsallis Entropy

After a master node collects the data from some sensor nodes in the cluster, needs to transmit these data to the base station safely and credibly. Consequently how to select the most reliable path is a very critical problem. On the foundation of trust degrees between several intermediate master nodes, a method based on path Tsallis entropy is presented to measure the credibility of each path in this section.

4.1. Analysis of the Existing Research Methods

Assume that there are multiple paths from a source master node to the base station, in which the trust degrees of intermediate nodes can be obtained from Section 3. Then to select the most trustworthy path is usually by the following ways.

Method 1. Suppose that is a path; the minimum of trust degrees of all the intermediate nodes in path is viewed as the path trust degree: where . The method is mainly based on “Cannikin law”; that is to say, as long as one of the intermediate nodes fails in forwarding the data, then the whole path is not credible. However, this method has a certain disadvantage. For example, there are two disjoint paths from the source master node to the base station, denoted by , in which the trust degrees of all the intermediate nodes are and , respectively. From formula (18), the trust degree of each path is and separately, so the path is regarded as the most trustworthy path and will be selected to transmit the data. Nevertheless, considering trust degrees of the other two nodes, path is more credible than apparently.

Method 2. The most trustworthy path is chosen via the hop-by-hop way. The source master node first delivers the data to the most trustworthy neighbor node. After it receives, the neighbor node similarly chooses its own neighbor with the highest trust degree to transmit, and so on for all the intermediate nodes until the data reach the base station. However, the optimality of each hop does not necessarily make the whole path optimal. It can be verified still with the example in Method 1. Due to the fact that , the source delivers the data to node , and then the data only pass the intermediate nodes and successively to the base station. Obviously, and ; thus the probability that the data successfully go through and is far less than and .

From the above discussion, the trust degree of each path should be measured by comprehensive analysis of all the intermediate nodes, which ensures that the selected path is optimal at the most extent.

4.2. A Routing Trust Model Based on Path Tsallis Entropy

Through some associated properties of Tsallis entropy, path Tsallis entropy is put forward to measure the uncertainty of the whole path, which can synthesize the credibility of all the intermediate nodes. On that basis, trust degree of each path is calculated.

Definition 3 (Tsallis entropy [13]). Assume that is a discrete probability distribution; the Tsallis entropy is defined as
By simply computing, it is known that , the right side of which is the classical Shannon entropy. From [13], has the following property.

Property 1. The function is convex when and it is concave when .
Based on this, the path Tsallis entropy is proposed which is mainly to measure the uncertainty of each path.

Definition 4 (path Tsallis entropy). The path Tsallis entropy of is denoted by

Given and , the path Tsallis entropy varies when trust degrees of the two intermediate nodes take different values in the range shown in Figure 3.

From formula (20) and Figure 3, is a comprehensive value integrating trust degrees of all the intermediate master nodes with the length of each path. The calculation shows that and becomes smaller when trust degrees of all the intermediate nodes are higher, more uniformly distributed and the length of a path is shorter, which represents that a path has lower uncertainty.

Definition 5 (path trust degree). The trust degree of path is measured by

Due to the fact that , . The smaller the , the larger the , which shows that a path is more credible.

For example, suppose there are multiple paths: ,   , and    is the same as in Method 1. Given , the path Tsallis entropy and trust degree of each path are detailed in Figure 4.

To sum up, assume that there are paths from a source master node to the base station, denoted by ; then the most trustworthy path is Therefore, the source master node utilizes the most trustworthy path to transmit the medical data to the base station.

5. Simulation Experiment and Result Analysis

In this section, several experiments are carried out in order to verify the performance of the proposed trust models. Experiment 1 is conducted to test the accuracy and dynamic of the trust model of single node under the circumstance that the behavior of single node changes dynamically. The robustness of resisting the strategic malicious attack is analyzed in Experiment 2. Subsequently the performance of path trust model based on Tsallis entropy is compared with the other two routing ways mentioned in Section 4.1. The packets are assumed to be equally important in the former three experiments. In the end, the proposed trust models are evaluated with differently important packets. To begin with, the preset values of associated parameters involved are listed in Table 1.

5.1. Dynamic of Trust Model about Single Node

This experiment is carried out to verify the performance of trust model based on single master node . It is assumed that there is only a kind of packets with the same importance, and the accuracy and dynamic are investigated in the following settings. The experiment proceeds within 10 time units, and there are 500 packets going through node in each time unit. The probabilities that node forwards packets to the next node successfully are set as in the 10 time units, respectively. Then the trust degree of node varies with the change of the probabilities as in Figure 5.

When the probability varies dynamically from 1 to 0.6, the trust degrees descend obviously from the left part of Figure 5. The trust degree fluctuates near the corresponding probability in the first 5 time units. This result means that the proposed trust model of single node is adaptable dynamically and is able to quickly reflect the variation of node behavior in the downward trend. However, the trust degree increases very slowly when the node behaves from bad to good in the right part. This phenomenon justifies that it is necessary to take much more time for the purpose of accumulating the trust degree.

5.2. Robustness of Resisting Strategic Attacks

The strategic malicious attack is a type of threat that malicious nodes which are aware of the presence of trust models launch. A malicious node behaves very well in the first several time units to increase its trust degree, and then it launches some attacks in the subsequent time units, such as discarding the packets with a certain probability. In this experiment, assume that a malicious node is honest in every 6 time units and becomes bad in the following 2 time units; that is, it will discard packets with probability 0.3. The trust degree varies with the periodical change of node behavior in Figure 6.

In the first 6 time units, the node forwards the packets honestly; hence its trust degree is nearly equal to 1. But starting from the 7th unit, it behaves maliciously and cannot deliver packets with probability 0.3. It can be found that the trust degree has sunk to 0.76 at the end of the 7th time unit. In the case that this malicious node continues its bad behavior, trust degree further falls to 0.7 in the 8th unit. Therefore, this tendency indicates that the proposed trust model is very sensitive to respond to abnormal behaviors. However, when this node behaves from bad to well, the rising speeding of trust degree is relatively low from the 9th to 14th unit and trust degree achieves 1 until the 14th unit. A similar situation occurs among the subsequent 8 time units. From the foregoing, the proposed trust model is able to identify the malicious behavior quickly so as to avoid it and prevent the packet delivery failure.

5.3. Accuracy of Path Trust Model

In order to measure the accuracy of path trust model, 20 master nodes and a base station are deployed in the MSN. These master nodes send packets to the base station according to a certain rate, and the base station computes the average successful delivery rate in which denotes the total number of packets accepted by the base station and represents the total number of packets emitted by the 20 source master nodes. There are 10% and 30% malicious nodes in the experiment, which cannot deliver the packets successfully with probability 0.2. The comparison of between the proposed trust model (denoted by PTE model) and the other routing ways under these situations is shown in Figure 7.

In the left half of Figure 7, the SDRs are given when there are 10 percent malicious nodes. The SDR of PTE model is almost 0.9 and is much higher than the other two routing ways. Even when 30% malicious nodes exist in the MSN, the SDR of the PTE model still is able to achieve 70% as shown in the right of Figure 7, while the SDRs with the other ways have reduced to around 45%. Therefore, the PTE model is able to ensure that the packets are transmitted to the base station successfully with higher probability.

5.4. Efficiency of Trust Models with Differently Important Packets

In this experiment, the situation that there are 3 kinds of packets with importance 1, 2, and 3, respectively, is analyzed. Assume that there are two types of nodes which successfully forward packets of importance with probability : The trust degrees of the two types of nodes are presented in Figure 8.

In Figure 8, the corresponding curve of “type with none” represents trust degree of single node of type when there is no difference between packets, and hence it is an integrated value. The “type with imp ” curve shows the trustworthiness that a node of type successfully forwards the packets of importance , respectively. Obviously, the integrated trust degree of a node of type 1 is much higher than type 2. Therefore, the node of type 1 would be selected to deliver the packets if the importance of packets is not distinguished. There is no problem to transmit the packets with importance 1 and 2. Nevertheless, due to , the packets with importance 3 are likely to be discarded when going through a node of type 1 compared with type 2.

Additionally, suppose that there are two paths from a source master node to the base station. A node of type 1 is in a path and a node of type 2 is in the other path. Assume that the other intermediate nodes can deliver the packets successfully. The source master node randomly sends 300 packets with different importance to the base station. One way is that the source node selects the path with the node of type 1 to transmit the data, and the other is choosing the corresponding path according to the importance of packets. The successful packet delivery rates of the two ways are analyzed in Figure 9.

From Figure 9, the rate is higher when the importance of packets is considered. The path with a node of type 1 is selected when forwarding the packets with importance 1 and 2, and the other path is used for delivering the packets with importance 3. The most reliable path is found for differently important packets transmitted to the base station. Therefore, the successful packet delivery rate gets some improvement.

6. Conclusions

In this paper, a security and trust model is proposed as applicable to medical sensor networks. First of all, considering the importance of packets, the trust value of single node in each interval is derived based on Bayesian inference in which the interactions of neighbor nodes are viewed as prior information and then the posterior distribution is obtained, combined with direct interactions. The corresponding weights are further distributed through the ordered weighted vector twice to obtain the overall trust degree. On that basis, with the relevant properties of Tsallis entropy, path Tsallis entropy is defined to measure the uncertainty of each path and the trust degree of each path is shown. Subsequently, each source master node selects the most trustworthy path to forward it to the base station according to the importance of packets. The simulation results show that the proposed trust model is able to accurately reflect the dynamic of node behavior, identify quickly malicious behaviors, and achieve higher successful packets delivery rate so as to effectively improve the dynamic adaptability and robustness.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

The research work was supported by National Basic Research Program of China (973 Program) under Grant no. 2012CB315905.