RESH: A Secure Authentication Algorithm Based on Regeneration Encoding Self-Healing Technology in WSN

Liang, Wei; Ruan, Zhiqiang; Wang, Yuntao; Chen, Xiaoyan

doi:https://doi.org/10.1155/2016/2098680

Journal of Sensors

On this page

Abstract Introduction Preliminaries Conclusion Acknowledgments References Copyright Related Articles

Special Issue

Recent Advances in Security and Privacy for Wireless Sensor Networks 2016

View this Special Issue

Research Article | Open Access

Volume 2016 | Article ID 2098680 | https://doi.org/10.1155/2016/2098680

RESH: A Secure Authentication Algorithm Based on Regeneration Encoding Self-Healing Technology in WSN

Wei Liang,¹Zhiqiang Ruan,^2,3Yuntao Wang,⁴and Xiaoyan Chen¹

Academic Editor: Fei Yu

Received18 Mar 2016

Accepted11 May 2016

Published29 Jun 2016

Abstract

In the real application environment of wireless sensor networks (WSNs), the uncertain factor of data storage makes the authentication information be easily forged and destroyed by illegal attackers. As a result, it is hard for secure managers to conduct forensics on transmitted information in WSN. This work considers the regeneration encoding self-healing and secret sharing techniques and proposes an effective scheme to authenticate data in WSN. The data is encoded by regeneration codes and then distributed to other redundant nodes in the form of fragments. When the network is attacked, the scheme has the ability against tampering attack or collusion attack. Furthermore, the damaged fragments can be restored as well. Parts of fragments, encoded by regeneration code, are required for secure authentication of the original distributed data. Experimental results show that the proposed scheme reduces hardware communication overhead by five percent in comparison. Additionally, the performance of local recovery achieves ninety percent.

1. Introduction

In recent years, wireless sensor network (WSN) is widely used to human life in various areas. The protection for individual privacy becomes increasingly prominent. In the area of medical care, various sensors are attached to human body in order to collect information of patients. The identity and signs data of patients are regarded as privacy and need protection [1]. WSN as a new way for information collection and processing is an interdisciplinary field of sensor technology, network communication, biological medicine, computer technology, and so forth. Nowadays, WSN becomes a hotspot in academia and industry [2]. Due to its features of small size, high flexibility, and low power, WSN is rapidly used in pervasive computing and system on chip, as shown in Figure 1. In WSNs it is used to cluster member nodes that take part in long distance data transmission to a base station (BS). However, the secure transmission and distribution of sensitive data in WSN require deep investigation in confidentiality and integrity of data transmission.

In previous transmission technologies, the fault-tolerant ability and resistance against node capturing are much lower. In communication, if the transmitted data is attacked, the security will be hardly ensured. Existing network recovery aims at single node: that is, the data in only one fault node can be restored each time. Multiple fault nodes are common in real application. Obviously, healing of single node will cause high communication bandwidth. Because encoded information of nodes is correlated and the correlation of fault nodes is not used in recovery of single node. Recently, many researchers have conducted work on healing technology for multiple fault nodes. The problems including key management, message authentication, secure time synchronization, and intrusion detection are considered in their research. Consequently, secure communication of data in WSN has been widely concerned [3].

In secure transmission of WSN, Benenson et al. proposed a secure authentication scheme in WSN based on asymmetric encryption [4]. Inner encryption of wireless network is utilized for secure protection. After that, the scheme uses certificate authority for access control of the client. neighbor nodes are selected as verifier. In this case, it is possible to verify the users by using () secret sharing method. Wang et al. [5] deployed a private wireless sensor network to monitor the whole vehicle network. The vehicle-mounted communication mode and the position of communication event are available. Besides, they have also conducted plenty of meaningful work in secure wireless vehicle network. Goyal et al. [6] proposed an access control strategy by allowing secret key to express any monotonous control tree. A user applies to a credibly authorized party for a secret key. The authorized party decides which characteristic combination in cryptograph can be decrypted by user. This strategy has added the expressive ability of KP-ABE, but the secret key of a user should be assigned in advance. Sahai and Waters [7] firstly presented a characteristic based encryption method and used it for access control. The encrypting party connects data with a series of characteristics. The secret key, assigned to user by the credible third party, is related to access structure of the characteristic set. The secret key reflects the privilege of user. The message is encrypted by using the characteristic. The key which satisfies the characteristic can only be used in decryption. However, this scheme cannot be popularized due to its lower expression of semantic. Bethencourt et al. [8] proposed another characteristic based encryption method. In this method, secret sharing is used in encryption stage to realize strict access control. The secret key is connected with related characteristic set. There is an access structure in the cryptograph. If the characteristic of secret key satisfies the access structure, it can be used in decryption. Otherwise, the decryption is rejected. The drawback of scheme in [9] is the requirement of polynomial interpolation to reconfigure the key. So, many complex operations of matching and exponentiation will be performed in decryption.

The authors in [9] have realized multiauthority attribute based encryption, which greatly reduced the computation overhead at stages of encryption and key generation. The security of encryption depends on hash function. Actually, no real random numbers are generated. In this case, the security of the proposed scheme is lower than that of SW scheme. Cheung and Newport utilized random elements instead of secret sharing to realize strict access control [10]. In this scheme, the sizes of cryptograph and key increase linearly with the growth of the number of characteristics. So, this scheme has lower efficiency. Carbunar et al. [11] investigated privacy content in WSN by query and proposed a SPYC protocol. This protocol considers that previous query mechanisms in WSN are lack of protection for user privacy, which may cause privacy leaking in transmission. Sheng and Li [12] presented a distributed data storage and query scheme to protect data and query range from being known by base station. But it cannot cope with collusion attack of sensor nodes and storage nodes. Subramanian et al. [13] introduced anonymous medium nodes to hide the incredible data origin. It can protect privacy of data type and query when a few normal nodes, storage nodes, and anonymous nodes are captured at the same time. However, selection of medium nodes is random and unpredictable. If the medium node is far away from the original node and destination node, it will cause unnecessary communication overhead. Additionally, data type is limit and there is one-to-one mapping between data type and conversion type. Attackers could find the mapping relationship by capturing a number of nodes. Finally, invalidation of medium node will make the path of data transmission lose efficacy.

Recently, researchers focus on secure encoding scheme with self-recovery. In these schemes, sensor nodes can receive important privacy data even when the data is attacked. Pawar et al. [14] proposed a secure scheme by restoring nodes dynamically. In this work, the authors list a few security threats of distributed storage system based on network encoding. On this basis, an eavesdropper model against illegal attacks is proposed. The scheme has good ability to resist collusion attacks. The authors in [15] proposed a fault-tolerant encoding scheme, as shown in Figure 2. The scheme integrates ()-RS encoding with simple XOR operation. It mainly aims at high efficient restoration of single node. Actually, the scheme has improved immunity of data transmission from interference by decreasing the data transmission rate. () code words are generated by encoding original data and distributed to path for transmission. If there are multiple invalid paths, the destination node can restore original data with the received () code words.

The error correction coding has strong fault-tolerant ability and low data redundancy, which is suitable for secure data transmission. Kim et al. used linear block code to construct secure wireless data transmission [16]. Dulman et al. [17] developed an error correction coding (ECC) based data transmission scheme by making a balance between data reliability and communication overhead. Djukic and Valaee [18] proposed a secure protocol (DCDD) at transport layer in data collection oriented WSN. ECC is utilized in oriented diffused routing protocol, which improves reliability by ten percent and greatly reduces the delay. In [19], RDP coding mixed with redundancy is utilized to accelerate data restoration. Furthermore, diagonal redundancy based cross-recovery is used. A half is restored by using redundancy of counterdiagonal and the other is regarded as shared data. This scheme reduces overhead of restoring bandwidth in wireless nodes. The work of [20] proposed a method of combining scrambling technology with ECC to realize both confidentiality and reliability in wireless communication. The scheme overcomes burst error and has good security. But the communication overhead is large.

On the basis of the above studies, there are two issues on secure data transmission and data healing in WSN. On one hand, data storage in WSN is under security threat and can easily be attacked by dynamical tampering. Attackers could modify part of data content after capturing nodes. On the other hand, the usage rate of sensor nodes is limited. It may cause large performance overhead in transmission.

In this work, a secure fault-tolerant model in WSN is introduced. According to this model, the authors have designed an authentication scheme based on regeneration encoding self-healing technology. This scheme realizes secret dividing and content restoration of data on nodes in WSN. It can authenticate the integrality of data transmission without participation of original data. When wireless nodes suffered capture attack or tampering attack, the data can be restored with enough data fragments. After that, the secure authentication can be realized. The experimental results show that the proposed scheme has features of low complexity, high ability against capture attacks, and low overhead.

2. Preliminaries

In WSN, some nodes may lose efficacy if they are attacked. Thus, the invalid nodes will affect the reliability of data. In this work, we propose to solve data healing and security authentication by using regeneration code and secret sharing.

2.1. Regeneration Code

Regeneration code is a local encoding technology by combing ()-RS code and simple XOR operation. It can restore arbitrary two missing data and has MDS feature to arbitrary and . By comparing with copying technology, regeneration code provides better efficiency of network storage and reliability of transmission. In traditional WSN, the operations of encoding and decoding are complex because computation is on the basis of finite field. So, large bandwidth overhead is required for node restoration.

We assume the restoration degree of invalid data in invalid node to be . As known from RS encoding, if a redundant data in WSN is invalid, other data blocks are required in order to restore the invalid one. Meanwhile, it causes communication overhead of times than that of the invalid block.

The increase of invalid data of nodes in WSN will enlarge overhead of data transmission and cause lots of instable security factors. To address the issues of communication overhead and security threat, Dimakis et al. proposed a scheme by using regeneration code [21]. The transmitted file is set to be . It is separated into two parts: , , . is finite field. and can, respectively, be encoded as a vector with the length of by using ()-RS code, , and . Here, is a MDS matrix generated by ()-RS code. With any blocks encoded by regeneration code, a vector is calculated through XOR operation. The value of can be used to construct original data and .

Firstly, the nodes in WSN should satisfy the () feature in encoding technology. In other words, encoded information is stored in nodes and can tolerate - faults. Generally, X regeneration code is required for distributed network storage. Regeneration code is an array to tolerate two faults. The simple structure is shown in Table 1. When one node (two nodes) is (are) invalid, the restoration can be realized through simple XOR operations. The decoding and update can achieve the optimal. So, it is called the optimal regeneration code because this regeneration code could correct a few faults in data transmission. The regeneration code combines multi-faults-tolerant RS code and X encoding technology. It realizes the features of () and simple restoration. RS code offers a restoration for - faults. For single fault or double faults, the use of X encoding in RS code can achieve better performance in data healing.

X regeneration code is founded on polynomial, which has small local reparability [22]. Firstly, the generation rule based on leading diagonal is utilized to divide redundant blocks at the first row. After that, the redundant blocks at the second row are divided by using counterdiagonal. We use 8 sensor nodes for illustration, as shown in Figure 3. For node 1, the redundant block is generated by performing xor operation on . The same operation is performed on to get the second block. The data at the diagonal are collected as a redundant group: for example, . If a fault occurs in one node, the redundant group will be utilized to reconfigure the damaged data. For example, when a fault occurs in node 1, it is possible to restore by downloading from node 5, from node 4, and from node 3. It is the same case to damaged data in other nodes. For nodes from 1 to 8, the recovery only needs connecting several surviving nodes. In distributed storage system of wireless sensor nodes, the superiority of using X regeneration code will be more obvious if there are a large number of nodes.

2.2. Thought of Secret Sharing

Shamir [23] proposed a secret sharing method based on Lagrange interpolation formula. It utilizes expressiveness of coplanar points to construct a reconfigurable polynomial function. The subkey and secret data are correlated into a class with the same attribute. The content of any item can be restored with other items. The scheme has strong security. But several conditions are satisfied in use of this scheme.(1)A large enough prime number and positive integer are selected, .(2), : that is, cannot be the integral multiple of .(3); is the product of the top numbers of .(4)The condition in () shows the secret data less than . But in (), if is greater than the product of selected numbers of , the random number is , . The number of and can be made public.(5)Let calculation function for data distribution be . Due to , we have . Besides, , , we derive . So, there must be a and is a secret. The key can be calculated by solving the equation set , .(6)When is th subkey, the set of could construct a () secret sharing scheme in WSN. According to (), is calculated. Here, we have . is the unique solution of congruence equation modulus , , . So, is unique. The secret data is calculated through .

Figure 4 illustrates the thought of secret sharing. The transmitted data and are encoded by regeneration code with the production of , , , , and . The information is further shared into fragments. In the receiving end, the reliability can be authenticated through several fragments. It mainly depends on regeneration code for data restoration. If several data blocks are damaged, it will be possible to restore the original and .

3. Regeneration Code Based Authentication Scheme

In this section, we introduce the healing mechanism after encoding the transmitted data in WSN. This scheme is resilient to illegal attacks. In real WSN, nodes may face security threats in terms of storage and computation. The following attacks are assumed to be suffered. () Illegal attackers intercept information from the communication flow in WSN. () Illegal attackers can randomly capture a few nodes. After that, they will get the key in these nodes and crack information in other nodes. () After capturing some nodes, the attackers could remove, modify, or forge the collected data in real WSN. The data is damaged. In this case, it is unable to trace the attacks.

To illustrate the security and reliability of the authentication scheme, we define some parameters in WSN in Notations. Here, the security involves confidentiality and completeness of data. The reliability is that some invalid or captured nodes will not affect normal running of the system. Furthermore, the ability of fault-tolerance represents that the damaged data could be restored through X regeneration encoding when random faults occur or some data blocks are modified.

3.1. Structure of Regeneration Code

A WSN is deployed in area of . The data is encoded by regeneration code. After that, the data in nodes is randomized. The regeneration encoding technology is fully utilized to get the encoded data. The procedure is described as follows.(1)The information in wireless sensor node is encoded into binary string and divided into groups. On the basis of regeneration encoding model, each group is transformed into decimal number and fatherly encoded by () RS code. In Galois Field GF(24), the bit number of each information symbol is set as . () RS code represents that five information symbols relate to two error correcting bits. In this case, three information symbols are a unit for RS encoding. is transformed into binary string with length of 12 (padding zero on left when the bits are insufficient).(2)For , each four bits are transformed into an element in Galois Field GF(24). After that, a sequence in GF(24) is produced. Each row represents a sequence of elements for in Galois Field.(3)The elements of each row in are encoded and thus a matrix is produced. denotes the data block before RS encoding and is the error correction code of th group of data after encoding. Each row in is a RS block . These blocks are randomly distributed and stored in nodes of wireless network.(4)The data in WSN is denoted by , which is transformed into encoded sequence with the length of after decoding. Let the length of a pseudorandom sequence be . We perform XOR operation on both the sequences. Finally, the distributed data fragments based on regeneration code are produced.

3.2. Implementation of Secret Sharing

The encoded data fragments based on regeneration code are shared and then distributed. The threshold secret sharing [24] and regeneration encoding technology [25] are utilized in data encryption on nodes in WSN. The concrete implementation is described as follows.

We assume nodes to form an undirected graph in WSN. The collections of nodes and edges are, respectively, denoted by and . Each node is denoted by , which has neighbors. These nodes are organized as a collection . We produce a random session key for and compute hash value . After that, and are encoded by using . Furthermore, the session key is encrypted by public key . Finally, two parts of data are produced, respectively, and . After that, utilizes () secret sharing technology and regeneration code and divides into fragments, denoted by . Meanwhile, is divided into parts in order to construct When acquires fragments , the equation is satisfied. Here, . Finally, selects neighbor nodes from and realizes secret sharing to each neighbor node. The shared secret keys are denoted by and .

3.3. Distribution of Regeneration Code

The data in original node is encoded into , which is fatherly shared into multiple blocks. We randomly select () nodes as initial distribution nodes. For the distribution node, the shared key could be calculated by asymmetrical secret key pair and [26]. The reserved data fragment of original node is . The encrypted data fragment is sent to the node, , . The routing between original node and storage node cannot be determined in advance. When the node receives the response, the related key is calculated by and . Thus, is produced. The above steps are repeated until all the data fragments are sent to the nodes.

3.4. Self-Healing Technology Based on Regeneration Code

When a part of data in wireless sensor node is attacked, the authentication data is always damaged. In this section, we introduce a scheme to restore the damaged authentication data. Thus, the completeness of data in WSN can be ensured.

Let be the generation matrix of regeneration code. If a receiving end receives () blocks without errors, it is able to restore the original data. We assume the blocks from the node. If there is no error, blocks in th group could be restored by solving the following equation:Here, is established by element in primitive field and index of , .

The authentication of data in wireless sensor nodes is performed in stages. We assume there are errors at stage. If decoding fails or the decoded data cannot pass verification of CRC, too many errors may occur. The regeneration code cannot correct all errors. Two redundant symbols are required to correct an error. So, symbols are required at stage. The procedure of recovery is described as follows.

() Let , randomly select wireless sensor nodes, and detect the encoded data . Set .

() Calculate to produce the data blocks of th group. If passes verification of CRC, the CRC codes are removed to get original data . Otherwise, go to step ().

() Set . Select two symbols and from the nodes and that have not been accessed. They are added behind the received symbols to get a new code, . symbols are produced by decoding the new code. It repeats until a failure occurs or .

() demonstrates too many errors and a failed decoding. In this case, it shows a message of failed decoding. Otherwise, it enters the next stage and performs step ().

Recovery of data contents needs subkeys at least. So, exposure of subkeys will not leak the whole content. If the data of the nodes is lost or damaged, it can be successfully restored if there are valid fragments. According to the sharing mechanism in Section 2.2, number of in , we have . If are known, the uncertainty of is zero; that is, the content of can be completely determined.

() On the basis of the above steps, an authorized user could directly restore the authentication data from . After that, is restored with by using Lagrange interpolation. In other words, if fragments of authentication data are collected from nodes, we will effectively restore original data in transmission.

3.5. Authentication Based on Regeneration Code

The participants of RC based authentication involve data distributer, data owner, and verifier. The distributer is responsible for encoding and sharing the data into independent redundant blocks. These blocks are distributed to data owners. The verifier takes charge of verifying completeness of data. Nodes in WSN can participate in authentication with both the identities of data owner and verifier.

The encoded data fragments are denoted by , . Each fragment has symbols, denoted by . The length of a symbol is . All operations are performed in finite field . Completeness verification for node has the following steps.(1) is encrypted by symmetric key , which is the shared key of and . After that, the encrypted is sent to .(2)After receiving all of , decodes them with . The equation is verified. If not satisfied, there are some errors in data fragments from . Otherwise, the recovery continues to use Langrage interpolation to restore .

The regeneration code based authentication includes the following steps.

(1) Generation of Validation Information. Original node randomly selects elements in finite field . different odd-even check numbers are produced, .

(2) Distribution. Original node distributes odd-even check numbers and data fragments to randomly selected neighbors in . For instance, original node selects in odd-even check numbers and in data fragments. After that, they are sent to a randomly selected neighboring node. Due to , some nodes may only receive the data fragments other than odd-even check numbers. But some other nodes may receive both of them, which can be the verifiers. There are verifiers among nodes. The data is encrypted to avoid interception.

(3) Inquiry. Assume that the data owner of fragment wants to verify the data completeness. Firstly, an inquiry message is forecasted to all of data owners. represents the number of required messages, . is a randomly selected element in .

(4) Response. After receiving the inquiry message, the nodes with will calculate messages and replies to by broadcasting. The response message is encrypted to avoid interception.

(5) First Verification. With the returned , node verifies the equation , . There are equations. Any unsatisfied equation shows that modification or errors occur.

(6) Second Verification. The node needs to store the detected data during a period of time. Each node stores data packages from different origins or data fragments at various stages. Any node could perform the first verification to all data fragments from the same node at any time. At different periods, produces data fragments and . The verifier sends an inquiry message to verify both of the fragments. When the inquiry message at th round is received, the message is returned to the verifier. The odd-even check numbers for the verifier are, respectively, and , . If all responses are received, the verifier calculates and performs verification. The proposed scheme could perform the second verification to the stored data during a period of time. No matter what the number of fragments is, the produced messages have the same size. It has effectively saved storage and communication overhead in procedure of authentication.

4. Performance Analysis

4.1. Overhead

In authentication of data in WSN, original node firstly calculates a hash value , -order polynomial with degree of , and hash values . data fragments are encrypted. Finally, the hash values and data fragments are randomly sent to other nodes in network. The whole computation overhead in authentication is caused by decoding and hashing. In storage, each node stores hash values. The communication cost is because each authentication returns data fragments. So, data distribution and verification at each round require times of calculations. The overhead in communication is large.

Before generation of data fragments, original node needs to calculate a hash value and perform two symmetrical encryptions, respectively, and . The generation of data fragments requires calculating two polynomials. () RS code is utilized to encode into symbols. is the number of data fragments and is the number of selected neighbor nodes. Each data fragment is supposed to include symbols. So, there are operations on polynomial. The original node utilizes () threshold secret sharing to get symbols from . Finally, the check codes of all data fragments are produced. Let be the length of data before encoding. The computation overhead of the original node includes hash of data with length of , two symmetrical encryptions, operations on -order polynomial, and odd-even checks. The computation overhead for the owner of each fragment is one decryption.

The verification of data fragments is in the finite field , . After generation of data fragments, the original node removes original data and sends fragments of to neighbor node . Here, contains symbols. So, the communication overhead in distribution is almost . Obviously, the storage overhead for each data owner is . After all of the fragments are received, the owner of each fragment performs verification of completeness. This procedure needs to calculate odd-even check and message with length of . Suppose that data owner conducts completeness verification. Firstly, an inquiry message is broadcasted to all of the owners. The communication overhead is . Each data owner calculates a digest and returns it to the verifier after receiving the inquiry message. The length of this digest is same to that of a symbol. A symbol with length of is calculated. The response is . So, the communication overhead is .

4.2. Security

Illegal users make security attacks by deploying sensor nodes or capturing nodes in WSN. The deployed nodes pretend to be the real nodes in WSN, steal confidential information, or launch false data injection. Besides, if multiple nodes are captured, the attackers could send plenty of false data. In this case, the network resource, such as energy, bandwidth, computation ability, and storage space, will be exhausted rapidly.

When the data is attacked, we need to restore and authenticate the damaged data through the proposed scheme. In this section, the security of the proposed scheme against attacks of forging, tampering, or collusion is analyzed.

(1) Ability against Forging Attacks. The sender always sends data with his pseudonym to the receiver. Other nodes cannot counterfeit the pseudonym of . Otherwise, it is unable to pass verification of authenticator. The difficulty to counterfeit identity of equals that of attacking SHA-1 hash function.

(2) Ability against Tampering. On one hand, the key in encryption is generated by using regeneration code. The privilege of decoding is under control. So, it is unable for anyone, including the sender, to tamper the information. On the other hand, attackers know nothing about the key. So, they cannot counterfeit or tamper the contents. The key is generated in authentication for multiple nodes. A single node authentication cannot realize tampering.

(3) Ability against Collusion Attacks. WSN is self-organized. So, it is possible to realize collusion attack. The sensitive data is divided into parts and authenticated in nodes with high credibility. It reduces the dependency on the third party. To get the secret, attackers need to restore order polynomial . On the basis of Lagrange interpolation, a successful attack means enough interpolating points are required. In other words, nodes conspired at least. But the conclusion of so many nodes is much difficult. On the other hand, it makes the proposed scheme have ability against noncooperation of - nodes in procedure of recovery. So, the proposed scheme has high robustness in WSN.

4.3. Anonymity

Usually, it is unable to connect each authentication to real identity of the node. The data sent to authenticator is pseudonym. If no anonymity is stolen, attackers know nothing about real identity of authentication nodes. Of course, the real information in the nodes cannot be traced. Each authentication request utilizes multicast. So, attackers cannot destroy communication anonymity of medium nodes. Furthermore, authentication does not expose real identity of nodes. So, the attacked nodes cannot get other information. It offers good protection to sensitive information of wireless nodes.

4.4. Traceability

The data distribution system of nodes could trace behavior of attacks by using communication record. In other words, the nodes need to verify the key through cooperation of arbitration nodes before authentication. In this round of authentication, the arbitration nodes have sent the identity information to each node. The true identity is related to false identity. The relevance is kept all the time in authentication. Even if the attackers find resources in nonneighboring nodes through anonymous attack, the credentials could find the trace of attacks. In this case, the third institution can track out attackers on the basis of the information from the attacked nodes.

5. Experimental Result

5.1. Stimulation

The experiment is realized by C++ language and developed at visual C++ platform. In the secure network environment of this paper, the secret sharing mechanism is utilized to establish a secure recovery model based on regeneration code. Here, the initial threshold value is set as 0.5. The number of nodes is set at 500 in Network Simulator-2 (NS-2). These nodes are deployed within an area of 500 m × 500 m. Each node has initial energy of 2 J. In experiment, the dead nodes will exit network immediately [26]. The nodes are set at the highest level of protection in simulation. Illegal attackers are unable to perform successful attack on the signed nodes. Only the common nodes in network may be attacked. In this section, we have considered several common attacks and compared the performance against these attacks.

5.2. Analysis of Experimental Results

5.2.1. Security

Assume that wireless sensor nodes are deployed within the area of . denotes the transmission range. The positions of all nodes are supposed to obey two-dimensional Poisson distribution. So, when the communication radius of node is denoted by , the probability to include nodes within the area of hops could be nearly calculated as follows:Here, . is regarded as a probability less than the expected value; that is, . The number of storage nodes is random, but the average value could be denoted by . The probability of data hiding is calculated as the following formula:

Possibly, some common nodes in wireless network are selected as interception nodes. Illegal attackers attempt to intercept data package through decoding. In this experiment, the number of data packages is set as 500 at each time. Five illegal interception experiments are conducted for evaluation. Figure 5 shows the results. We observe the number of successful interception attacks in various schemes. The proposed RESH scheme has good ability against illegal interception by comparing to schemes in [27, 28].

5.2.2. Overhead

Figure 6 shows comparison of three schemes in overhead on storage and communication. The proposed scheme selects a few of key nodes for storage, which saves overhead on calculation and communication. The CADS scheme in [27] is based on discrete logarithm with complex calculation. Random walk in [28] has the highest communication cost because it utilizes broadcasting within the whole network. In the proposed scheme, the data in communication is compressed and has the ability of recovery due to the use of regeneration code. The results have verified effectiveness and availability in recovery. By analyzing, CADS scheme has higher detection rate, but the overhead on communication and calculation is much higher. For the proposed RESH scheme, it achieves higher detection rate, lower communication cost, and lower storage overhead.

(a) Storage overhead

(b) Communication overhead

We conduct experiments to evaluate time overhead. The downloading nodes and names of packages are randomly determined by system. The experiment considers the cases with different numbers of nodes. In Figure 7, we compare time cost of downloading data packages from nodes. The proposed scheme considers data communication based on regeneration code. It costs slightly more time by comparing to other schemes. But practically, it is valuable to exchange for privacy protection with less time cost.

5.2.3. Recovery Ability

The performance of recovery in wireless communication is evaluated by the minimum Hamming distance of any two code words based on regeneration code. Odd-even check is utilized to restore the fault data. It enhances security in data transmission and storage. Due to the expandability of distributed cloud storage system, linear locally repairable codes (LRC) could restore encoded data through extended code and shortened code [29]. This method reduces the locality of restoring nodes by local and global redundancy. RS code is based on polynomial calculation and has lower locality of restoration. In Figure 8, we have compared the recovery ability of the proposed scheme to that of schemes based on RS encoding [30] and LRC encoding. The proposed scheme has good ability to restore fault nodes. The security and reliability of data transmission in wireless network are encouraging. The scheme based on regeneration code realizes real-time local healing when faults occur in nodes. If two nodes are fault at the same time, LRC based scheme [29, 31] needs to be transformed into RS encoding in restoration. It greatly decreases recovery ability of encoding algorithm. In our scheme, healing encoded information only requires connecting several local nodes. Once two nodes occurring faults, the recovery ability can also achieve 90 percent.

6. Conclusion and Prospect

This work considers secure transmission of data in WSN and proposes a model of completeness verification for WSN. Before data authentication, the data is divided into data fragments and stored in various nodes. On this basis, a secure authentication scheme based on recovery technology and regeneration code is designed in WSN. The scheme can restore damaged data. Besides, it saves communication overhead and processing time. The main contributions are as follows. () Regeneration encoding and healing based on threshold scheme are combined to achieve good performance in self-healing. () The proposed scheme has good performance in local recovery. In future, we continue to study secure transmission of privacy data. The concentration is to find and protect contents that users are interested in. Fast and secure forensics of privacy data in WSN will be also investigated. Besides, we will focus on effective distribution and secure communication of secret key in wireless network when the encoded content in network could be restored.

Notations

:	Deployment area of wireless network
:	Session key
:	Encoded information
:	Content of original node
:	Authentication information
:	Edge collection
:	Secure hiding probability
:	Power consumption in communication.

Competing Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work is supported by the National Nature Science Foundation of China (Grant 61572188), the Natural Science Foundation of Fujian Province (Grant no. 2014J05079), the research project of Minjiang University (Grant no. MYZ14007), the research project of Fuzhou Science and Technology Office (Grant no. 2015-G-52), and the Research Project supported by Xiamen University of Technology (YKJ15019R).

References

I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A survey on sensor networks,” IEEE Communications Magazine, vol. 40, no. 8, pp. 102–105, 2002.
View at: Publisher Site | Google Scholar
Z. Chen, X. Li, B. Yang, and Q. Zhang, “A self-adaptive wireless sensor network coverage method for intrusion tolerance based on trust value,” Journal of Sensors, vol. 2015, Article ID 430456, 10 pages, 2015.
View at: Publisher Site | Google Scholar
S. R. Madden, M. J. Franklin, J. M. Hellerstein, and W. Hong, “TinyDB: an acquisitional query processing system for sensor networks,” ACM Transactions on Database Systems, vol. 30, no. 1, pp. 122–173, 2005.
View at: Publisher Site | Google Scholar
Z. Benenson, N. Gedicke, and O. Raivio, “Realizing robust user authentication in sensor networks,” in Proceedings of International Workshop on Realworld Wireless Sensor Networks (REALWSN '05), pp. 54–58, Stockholm, Sweden, 2005.
View at: Google Scholar
S. Wang, Q. Sun, H. Zou, and F. Yang, “Detecting SYN flooding attacks based on traffic prediction,” Security and Communication Networks, vol. 5, no. 10, pp. 1131–1140, 2012.
View at: Publisher Site | Google Scholar
V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), pp. 89–98, Alexandria, Va, USA, November 2006.
View at: Publisher Site | Google Scholar
A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances in Cryptology—EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22–26, 2005. Proceedings, vol. 3494 of Lecture Notes in Computer Science, pp. 457–473, Springer, Berlin, Germany, 2005.
View at: Publisher Site | Google Scholar
J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 321–334, Berkeley, Calif, USA, May 2007.
View at: Publisher Site | Google Scholar
M. Chase, “Multi-authority attribute based encryption,” in Proceedings of the 4th Theory of Cryptography Conference (TCC '07), pp. 515–534, Amsterdam, The Netherlands, 2007.
View at: Google Scholar
L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of 14th International Conference on Computer and Communications Security (CCS '07), pp. 456–465, Alexandria, Va, USA, November 2007.
View at: Publisher Site | Google Scholar
B. Carbunar, Y. Yu, L. Shi, M. Pearce, and V. Vasudevan, “Query privacy in wireless sensor networks,” in Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, pp. 203–212, IEEE, San Diego, Calif, USA, June 2007.
View at: Publisher Site | Google Scholar
B. Sheng and Q. Li, “Verifiable privacy-preserving range query in two-tiered sensor networks,” in Proceedings of the 27th IEEE Communications Society Conference on Computer Communications (INFOCOM '08), pp. 457–465, Phoenix, Ariz, USA, April 2008.
View at: Publisher Site | Google Scholar
N. Subramanian, K. Yang, W. Zhang, and D. Qiao, “ElliPS: a privacy preserving scheme for sensor data storage and query,” in Proceedings of the IEEE INFOCOM, pp. 936–944, IEEE, Rio de Janeiro, Brazil, April 2009.
View at: Publisher Site | Google Scholar
S. Pawar, S. El Rouayheb, and K. Ramchandran, “On secure distributed data storage under repair dynamics,” in Proceedings of the IEEE International Symposium on Information Theory (ISIT '10), pp. 2543–2547, IEEE, Austin, Tex, USA, June 2010.
View at: Publisher Site | Google Scholar
J. Luo, M. Shrestha, L. Xu, and J. S. Plank, “Efficient encoding schedules for XOR-based erasure codes,” IEEE Transactions on Computers, vol. 63, no. 9, pp. 2259–2272, 2014.
View at: Publisher Site | Google Scholar | MathSciNet
S. Kim, R. Fonseca, and D. Culler, “Reliable transfer on wireless sensor networks,” in Proceedings of the 1st Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks (SECON '04), pp. 449–459, Santa Clara, Calif, USA, October 2004.
View at: Google Scholar
S. Dulman, T. Nieberg, J. Wu, and P. Havinga, “Trade-off between traffic overhead and reliability in multipath routing for wireless sensor networks,” in Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC '03), pp. 1918–1922, New Orleans, La, USA, March 2003.
View at: Publisher Site | Google Scholar
P. Djukic and S. Valaee, “Reliable and energy efficient transport layer for sensor networks,” in Proceedings of 49th IEEE Global Telecommunication Conference (GLOBECOM '06), San Francisco, Calif, USA, December 2006.
View at: Publisher Site | Google Scholar
G. Wang, X. Liu, S. Lin, G. Xie, and J. Liu, “Generalizing RDP codes using the combinatorial method,” in Proceedings of the 7th IEEE International Symposium on Networking Computing and Applications (NCA '08), pp. 93–100, July 2008.
View at: Publisher Site | Google Scholar
M. Zhang, Z. Wang, and M. Guo, “A method of combining scrambling technology with error control coding to realize both confidentiality and reliability in wireless M2M communication,” KSII Transactions on Internet and Information Systems, vol. 6, no. 1, pp. 162–177, 2012.
View at: Publisher Site | Google Scholar
A. G. Dimakis, P. B. Godfrey, M. J. Wainwright, and K. Ramchandran, “Network coding for distributed storage systems,” in Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM '07), pp. 2000–2008, IEEE, Anchorage, Alaska, USA, May 2007.
View at: Publisher Site | Google Scholar
V. R. Cadambe and A. Mazumdar, “Bounds on the size of locally recoverable codes,” IEEE Transactions on Information Theory, vol. 61, no. 11, pp. 5787–5794, 2015.
View at: Publisher Site | Google Scholar | MathSciNet
A. Shamir, “How to share a secret,” Communications of the Association for Computing Machinery, vol. 22, no. 11, pp. 612–613, 1979.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
A. K. Das, P. Sharma, S. Chatterjee, and J. K. Sing, “A dynamic password-based user authentication scheme for hierarchical wireless sensor networks,” Journal of Network and Computer Applications, vol. 35, no. 5, pp. 1646–1656, 2012.
View at: Publisher Site | Google Scholar
A. Mazumdar, V. Chandar, and G. W. Wornell, “Update-efficiency and local repairability limits for capacity approaching codes,” IEEE Journal on Selected Areas in Communications, vol. 32, no. 5, pp. 976–998, 2014.
View at: Publisher Site | Google Scholar
I. S. Reed and G. Solomon, “Polynomial codes over certain finite fields,” Journal of the Society for Industrial and Applied Mathematics, vol. 8, no. 2, pp. 300–304, 1960.
View at: Google Scholar | MathSciNet
Z. Ruan, X. Sun, W. Liang, D. Sun, and Z. Xia, “CADS: co-operative anti-fraud data storage scheme for unattended wireless sensor networks,” Information Technology Journal, vol. 9, no. 7, pp. 1361–1368, 2010.
View at: Publisher Site | Google Scholar
Y. Lin, B. Liang, and B. Li, “Data persistence in large-scale sensor networks with decentralized fountain codes,” in Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM '07), pp. 1658–1666, IEEE, Anchorage, Alaska, USA, May 2007.
View at: Publisher Site | Google Scholar
G. M. Kamath, N. Prakash, V. Lalitha, and P. V. Kumar, “Codes with local regeneration,” in Proceedings of the IEEE International Symposium on Information Theory Proceedings (ISIT '13), pp. 1606–1610, IEEE, Istanbul, Turkey, July 2013.
View at: Publisher Site | Google Scholar
T. Ernvall, T. Westerback, R. Freij-Hollanti, and C. Hollanti, “Constructions and properties of linear locally repairable codes,” IEEE Transaction on Information Theory, vol. 62, no. 3, pp. 1129–1143, 2016.
View at: Publisher Site | Google Scholar
Z. Ruan, H. Luo, and Z. Chen, “Improving reliability of erasure codes-based storage paradigm under correlated failures for wireless sensor networks,” International Journal of Communication Systems, vol. 29, no. 5, pp. 992–1011, 2016.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2016 Wei Liang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1419

Downloads

1107

Citations