#### Abstract

Secure localization has become very important in wireless sensor networks. However, the conventional secure localization algorithms used in wireless sensor networks cannot deal with internal attacks and cannot identify malicious nodes. In this paper, a localization based on trust valuation, which can overcome a various attack types, such as spoofing attacks and Sybil attacks, is presented. The trust valuation is obtained via selection of the property set, which includes estimated distance, localization performance, position information of beacon nodes, and transmission time, and discussion of the threshold in the property set. In addition, the robustness of the proposed model is verified by analysis of attack intensity, localization error, and trust relationship for three typical scenes. The experimental results have shown that the proposed model is superior to the traditional secure localization models in terms of malicious nodes identification and performance improvement.

#### 1. Introduction

WSNs (wireless sensor networks) are composed of a large number of static or mobile sensors. Positioning technologies based on WSN [1] estimate the current location of unknown nodes using the cooperation of position nodes and localization algorithm. In the locating, the nodes whose positions are known are called anchor nodes, while the nodes whose positions are unknown are called unknown nodes. The information on distance of anchor nodes and unknown nodes can be obtained via cooperation. Afterwards, that information and the localization algorithm are used to determine the positions of unknown nodes.

Due to random deployment and network topology dynamicity, the locating in the WSN is more vulnerable to various attacks [2, 3]. On this basis, the secure localization algorithms are widely used. Namely, they can be divided into three categories [4]: () secure localization algorithms based on robust observation; () secure localization algorithms based on isolation of malicious beacon node; and () secure localization algorithms based on localization verification. In the first group, the upper-bound limitation of the nodes’ distance disables the attack node to reduce the measure distance. In the second group, the beacon nodes are used as checkpoints for mutual monitoring, in order to prevent the false localization. In the third group, a predetermined deployment location combined with a set of neighbor nodes is used to determine whether the localization process is attacked or not. However, these algorithms have different shortcomings [5]. The first group’s algorithms are unable to resist to the attack, which causes the increase of the measured distance. In addition, the algorithms can only roughly confirm whether the unknown node is in certain area or not. The second group relies too much on the base station node, which might cause the base station overload during the processing of a large amount of node information. Namely, the base station becomes the bottleneck of algorithm performance. The third group’s defense capability is greatly influenced by deployment of the nodes. In order to compensate the inadequacy of the above algorithms and to improve their resistance to various attacks, a secure localization model based on trust valuation is designed.

The remainder of the paper is organized as follows. Section 2 introduces related work. In Section 3, we detail the secure localization model and give the formal description. Section 4 makes some simulation and analysis on secure localization model based on trust valuation. Section 5 concludes the paper.

#### 2. Related Works

According to the usage of distance in the positioning, the positioning technologies can be divided into two main categories: distance-based (range-based) positioning technologies and distance-independent (range-free) positioning technologies. In the distance-based positioning algorithms, the absolute distance, or angle, between anchor node and unknown node is required. On the other hand, in distance-independent localization algorithms, there is no need to obtain the exact distance between anchor and unknown nodes. The distance-based localization algorithms usually consist of two steps: firstly, the distance (or angle) is measured, and, secondly, the measured distance is used to calculate the coordinates of unknown node. The distance measurement methods can be divided into following categories: methods based on time, methods based on signal arrival angle, and methods based on received signal strength.

The principle of distance-independent localization is simple and easy to implement, and it has advantages in terms of cost and power consumption. Besides, its performance is not affected by environmental factors. These algorithms can be divided into four categories: APTI algorithm, DV-Hop algorithm [6], Amorphous algorithm [7], and N-hop algorithm.

In the WSN, the localization algorithm can be attacked in many ways. The attacks can be divided into two categories: internal attacks and external attacks. Four types of external attacks are concerned: Sybil attack [8], selective forwarding attack, wormhole attack, and node capture attack [9–11].

Due to limitation on sensor nodes, it is impossible to have a well-integrated defense system in the traditional WSN. The secure localization algorithms intended for WSN need to balance availability and integrity. According to that, the security localization algorithms can be divided into three categories: secure localization algorithms based on robust observation, secure localization algorithms based on isolation of malicious beacon node, and secure localization algorithms based on localization verification.

The gradual application of WSN localization caused the appearance of various attack methods [12]. Nowadays, the main secure localization algorithm in the WSN has no ability to deal with the internal attacks and to identify the malicious nodes. Moreover, in the case of nodes compromising, the secure localization cannot be achieved. Thus, the trust management, which has been widely studied in various network environments, is considered as an effective complement to the traditional localization.

In 1994, Marsh proposed a model of trust and cooperation for the first time, which has been regarded for a long time as a scope of sociology and psychology. In addition, Marsh introduced the concept of trust relationship formalization. In 1996, Blaze et al. proposed the concept of trust model in order to solve the complex security problems in the Internet [13].

The trust management models can be roughly divided into two categories: objective trust management models and subjective trust management models. The objective trust management models abstract the trust value into Boolean value; thus, there are only two possibilities for trust value. Due to the aforementioned, the commonly used trust management models are subjective trust management models. The most popular subjective trust management models are presented in the following.

*(1) Pervasive Trust Management*. Pervasive Trust Management (PTM) represents a subresearch project of the UBISEC project, which defines a dynamic trust model based on a pervasive environment. The method of average weight is used for trust evaluation, and the evaluation result for two interactive entities can be expressed aswhere represents the trust value, indicates that trust increases when feedback is positive, and indicates that trust decreases when feedback is negative.

The disadvantage of this model is that the arithmetic mean is used to calculate the indirect trust degree. In addition, this method processes data roughly and cannot accurately reflect the characteristics of the fuzzy trust value.

*(2) Hassan’s Model*. Hassan’s model is based on vector mechanism. If there are entities, namely, , then, the relationship between entity and other entities can be represented as a trust vector: .

The disadvantage of this model is that it is not resistant to the collusion attacks. Namely, malicious nodes can give each other a high trust value.

*(3) Sun’s Model*. Sun’s model is based on entropy; namely, it uses to express trust relationship, while represents the probability that the agent nodes take action to the target nodes. The calculation process of trust value used in Sun’s model is shown aswhere represents the entropy function. Then, the trust value is defined bywhere represents the trust degree of node to node , denotes direct trust value of node to node , and denotes the recommendation trust value of node to node .

The convergence rate of Sun’s model is limited by the length of trust chain, and it is difficult to get the trust value when the trust chain length increases.

#### 3. Secure Localization Model Based on Trust Valuation

##### 3.1. Trust Valuation Basis

The concepts in trust valuation and roles of nodes are listed as follows.

*Definition 1. *Comprehensive trust value is based on the localization error and time consumption of the beacon nodes, and it refers to the adoption level of the information provided by the beacon nodes.

*Definition 2. *Direct trust value refers to the confidence of unknown node in the anchor node, which is directly involved in the localization process.

*Definition 3. *Indirect trust value refers to the confidence of unknown node in the anchor node based on recommendation from other nodes.

*Definition 4. *Recommended trust value refers to the confidence of unknown node in the recommended nodes.

*Definition 5. *Source node represents an unknown node in the localization process.

*Definition 6. *Target node represents an anchor node needed for the localization.

*Definition 7. *Recommended nodes represent all nodes used in the localization except source node and target node.

###### 3.1.1. Trust Valuation Framework

In the WSN localization, the unknown node sends the localization request,* Loc_req*, and the beacon node , which is within communication range of node , sends the response,* Loc_ack*, to node after receiving of its request. Then, calculates direct trust value for node using the valuation algorithm. Other beacon nodes, which are within the communication range of node , form the recommended node set defined as . In order to get indirect trust value of node , node calculates the recommended trust value of nodes in . Therefore, the indirect trust value of node for node is obtained and labeled as . According to all mentioned, the comprehensive trust value is defined aswhere and represent weight coefficients of direct and recommended trust values, respectively, and represents the comprehensive trust value. The frame diagram of trust validation is shown in Figure 1.

###### 3.1.2. Direct Trust

According to the multidimensional decision theory [14], the direct trust of source node for target node consists of attributes that form a set of attributes .

Each attribute value has different influence on calculation of direct trust value; thus, the weight vector is defined as (, ). Moreover, the time decay function, , defined by (5), is used to calculate the direct trust value:

Based on the above function, the calculation of direct trust value is obtained. The direct trust value function is defined by

All previous direct trust values are combined in order to obtain the final result:where indicates the direct trust value of the source node for target node . The difference between direct trust values of attack node and normal node is enlarged by this calculation method. In case of attack, the node is close to zero according to the calculated value, and the node will be abandoned.

###### 3.1.3. Indirect Trust and Recommended Trust

The trust model is composed of three types of nodes, the source node, the target node, and the recommended node, which form the trust chain as shown in Figure 2.

In Figure 2, , , and represent the source node, the recommended node, and the target node, respectively, while and indicate the recommended trust value and the direct trust value, respectively.

Received Signal Strength Indicator (RSSI) represents the strength of the received signal [15], with the RSSI signal attenuation model in WSN defined bywhere represents the signal strength at distance from the transmitter, indicates the signal strength reference value from the transmitter, and denotes the path loss factor.

Due to the influence of environmental noise, there may be errors when measuring RSSI. Thus, (8) can be modified towhere the measurement error follows the normal distribution defined bywhere is random variable changes depending on the existing environment [16].

Some experiments were carried out in article [17], in order to describe the relationship between the RSSI error and the corresponding distance. It adopts regular pattern as the communication model, and the communication radius of the nodes is 20 m. The distance between two nodes is fixed and RSSI values are observed 100 times. It repeats the observation of RSSI value as the distance between two nodes increases; it comes to the conclusion as shown in Figure 3.

As can be seen from Figure 3, the error of RSSI gradually increases with the increasing of distance within communication range. However, the error decreases gradually when distance is beyond the scope of communication. Since the distance is calculated according to the RSSI value, the variation law of distance error is coincident with RSSI error. Thus we get Theorem 8.

Theorem 8. *The error, that is, the difference between measured and actual distance values, increases with the increase of distance between nodes [18].*

According to Theorem 8, three anchor nodes that are closest to the target node will be selected as recommended nodes and labeled as , , and . Recommendation trust value is then defined aswhere denotes the total number of nodes that participate in the trust calculation and represents the Boolean value that indicates whether the node is being trusted in calculation of direct trust. The initial value of the recommended trust value is 1/2. After a certain period, the value fluctuates due to performance of recommended node.

Finally, the indirect trust value is obtained by

###### 3.1.4. Comprehensive Trust

Based on direct and indirect trust values, the comprehensive trust value of the source node for the target node is obtained, namely, . Similar to that in the ordinary trust valuation, and are generally considered as fixed values; thus, the trust model has no dynamic adaptability. Therefore, an adjustment method based on information entropy theory [19] is proposed.

In the calculation of comprehensive trust value, the information entropy of direct trust value is defined by

Similarly, the information entropy of indirect trust value is defined by

Through the calculation of direct and indirect trust values of information entropy, the certain information can be acquired. The weight distribution is obtained as

##### 3.2. Key Technologies

###### 3.2.1. Attribute Set Selection

*(1) Distance Measurement*. The difference between measured and actual distances in the WSN positioning obeys to the normal distribution [20]. Therefore, the error function can be defined bywhere refers to the Gaussian function of distance . When , the measurement error reaches its maximal value. In summary, the attribute of the measured distance value is defined as

*(2) Localization Performance*

*Definition 9. *The unknown node’s location reference set is defined as , , where () represents the coordinates set of the anchor node and is the distance between anchor node and unknown node.

*Definition 10. *The residual represents the deviation of observed distance value and real distance value, and the total localization residual is defined aswhere and represent the measured coordinates of unknown node, , and denote the coordinates of anchor node, and is measured distance between beacon node and unknown node.

In (18), the coordinates and are obtained by the least square method and the least squares regression model [21, 22], while the estimation function is defined bywhere is the measurement error and [23], while *ε* is the maximal measurement error defined as

The residuals are used to indicate the degree of each node’s deviation from its true location. The mean residual error is defined aswhere represents the number of anchor nodes involved in positioning. In order to define a threshold, value of is needed. When the mean residual error is smaller than the threshold value, the localization result is considered as consistent. Otherwise, the presence of malicious nodes is indicated. The attribute value of localization performance is defined as

*(3) Detection of Anchor Node Position*. Based on (22), the major attacks can be filtered by comprehensive trust value. Nevertheless, in the case of Sybil attack, the above attribute value is not enough to fight against the attack.

*Definition 11. *The concept of Sybil attack in the WSN indicates that a single node has a multiple identity.

The RSSI signal attenuation model in WSN environment is defined by (8).

According to the attenuation model, the distance ratio can be deduced aswhere is the distance between receiver and transmitter. From (23), it can be concluded that the distance ratio is related only to the RSSI difference. Therefore, (23) can be rewritten as

Based on the above analyses, we know that if the distance between receiver and transmitter is constant, the RSSI difference is stable. The positioning in the case of Sybil attack is presented in Figure 4.

In Figure 4, is an unknown node, is an auxiliary judgment node, and , , , and denote the false localization information, while the anchor node is the attacked node. The RSSI value is affected by environment; thus, the measured distance between node and node will change according to the RSSI fluctuation. Therefore, the auxiliary node is introduced. According to the above analysis, the difference between and is stable. Thus, according to (23), the value of remains stable.

The coordinates of are (), the coordinates of are (), and the coordinates of are ().

() When , (26) can be simplified as (23). According to the form of (27), it can be concluded that the equation represents a straight line.

() When , (26) can be simplified as (28).

The discriminant of circle defined as is substituted into (29).

When , the result is always greater than zero. In summary, the trajectory of is a circle or a straight line.

According to the above conclusions, the difference of RSSI is stable only when the faked nodes are distributed strictly in standard circle or straight line. Therefore the difference between and can be used against the witch attack.

At time moment , node is an unknown node, nodes and are the auxiliary nodes, and nodes , are the anchor nodes. In the following moments, and , RSSI is detected by these values.

*Definition 12. *

Thus, the definition of attribute value is defined as (30).

*(4) Transit Time Detection*. As it is well known, there are many attacks in the WSN [24, 25], which mainly consist of replayed attacks, Sybil attacks, and wormhole attacks. In these attacks, the certain time is needed to tamper the information. As a result, the time used for positioning will increase. Figure 5 represents the node communication process.

Node is the source node, while node is the target node. The observation time of the target node is . Before positioning, the group of experiment were conducted. In the experiments, a set of times was obtained. The maximum value was selected from the set.

Based on the experimental results, the definition of attribute value is obtained by

###### 3.2.2. Discussion on Threshold

In Section 3.2.1, the attribute set selection and calculation processes are presented. Equations (20), (21), and. (26) are all crucial for the threshold. According to (20), the threshold and the maximal measurement error should be discussed.

In the environment without obstacles, according to Definition 9, the localization error follows the normal distribution defined by

The second parameter of normal distribution is determined in the literature [26]. The relationship between the parameter and the distance can be fitted into the Gaussian function shown as

According to the above analysis, when distance between unknown node and anchor node is , the standard deviation of the distance error reaches the maximum. Therefore, the maximal deviation value between measured and calculated distances can be used as a threshold. The positioning in the presence of obstacles is presented in Figure 6.

In Figure 6, represents an obstacle between the anchor node and the unknown node . According to the trilateral localization algorithm principle, when the RSSI is much smaller than the normal value, the localization fails.

In the case of localization failure, the RSSI values of the nodes are , , , , , and . Because is much smaller than the normal value, the distance calculated by the distance attenuation model is larger than distance of .

If and , there is a barrier between node and node . In the environment with obstacles, the distance between two nodes, which are affected by the obstacles, is the maximal distance between the obstacles. The maximal measurement error can be obtained by derivations as

At the same time, (35) can be obtained:

According to the values of , and , can be obtained by

In an environment with obstacles, . is the distance value obtained by distance attenuation model.

In (21), , and threshold is a mean residual.

*Definition 13. *In the WSN positioning, the reference node set is* Loc_refer* = , and the information frame format of each reference node is (), wherein () are the reference node coordinates, and is the distance between reference node and unknown node.

According to Definition 13, the localization error of each reference node in the security localization can be obtained bywhere is the localization error of each reference node, and () refers to the actual position of the unknown node.

In (38), represents the average localization error, and obeys the normal distribution; thus also obeys the normal distribution. In the experimental environment, the mean and the variance of the were obtained by the actual measurement.

According to the central limit theorem [27], when , the distribution function of obeys the standard normal distribution, where , . If is equal to , then we may get

Based on the above conclusions, (40) can be obtained:

According to (40), the standard normal distribution can be obtained. Therefore, the standard normal distribution table can be used to set the appropriate threshold in different environments.

###### 3.2.3. Localization Process

According to the trust valuation model, the trust value of each anchor node can be obtained in the communication range of the unknown node. Three anchor nodes with the largest value of trust are used for computing.

Trilateral-centroid localization [28] is used for unknown node localization. The unknown node is , and the three beacon nodes are , , . Trilateral-centroid localization is shown in Figure 7.

The coordinates of three anchor nodes are (), (), and (). Unknown node coordinate is (). Measurement distance values are , , and . Equation (41) can be listed according to Figure 7:

According to (38) and the least square method, unknown node coordinates can be obtained as follows [29]:

In addition, due to the presence of measurement errors, in some cases, the equations may not be solvable (as shown in Figure 7). In this case, the center of triangle is formed by the intersection of all circles, taken as the coordinates of the unknown point.

There are six intersections among three circles in Figure 8. The coordinates of the three intersection points which are close to the unknown nodes are (), (), and (). The coordinates of the estimated position of the unknown node are (). Thus we can calculate () via

#### 4. Simulation and Analysis

##### 4.1. Experiment of Environment Selection and Parameter Setting

Matlab7.0 experimental platform is used as the simulation environment. In this simulation environment, 100 nodes are randomly deployed in the range of 100 m 100 m [30]. The number of anchor nodes and unknown nodes is 40 and 60, respectively. The communication radius of the nodes is 20 m, and the communication model is the regular pattern. The path loss factor is and the range standard deviation is .

##### 4.2. Simulation Experiment

In the simulation experiment, three types of nodes are listed as follows: attack node, anchor node, or unknown node. First of all, three groups of experiments are carried out under different environments. The experimental conditions are listed as follows: nonexisting attack nodes, attack nodes existing, and attack nodes existing under trust valuation model.

According to Figures 9, 10, and 11, it can be concluded that the localization error increases with the increasing of attack nodes. When the trust valuation model is added in the localization process, the localization error recovers to normal level.

In addition, the robustness of the model is also investigated. One is attack power and the other is the number of attack nodes.

As can be seen from Figure 12, when the number of attack nodes is less than 20, the localization error of secure localization model is much smaller than normal localization algorithm. However, when the number of attack nodes exceeds 20, the localization error increases sharply, since the attack node produces much fake information with consistency. The system cannot distinguish between malicious nodes and normal nodes through the consistency of the given information.

As can be seen from Figure 13, the localization error of secure localization model remains in a very low level and the localization error of normal localization algorithm increases with the increasing of attack power. The localization error of secure localization model increases with the increasing of attack power, in case the attack power is under 5, with the performance of malicious nodes being similar to normal nodes. However, the system can distinguish between malicious nodes and normal nodes from the values of each attribute with the increasing of attack power. Thus the localization error remains in a low level.

In addition, this algorithm is compared with other secure localization algorithm in localization error.

As can be seen from Figure 14, the overall localization error of this algorithm is smaller than AR-MMSE algorithm. In the AR-MMSE algorithm [31], the localization error becomes large when the number of malicious nodes exceeds 14. After that, with the increasing of the number of malicious nodes, the localization error is also growing. The algorithm proposed in this paper gets much larger localization error when the number of malicious nodes exceeds 20. AR-MMSE algorithm determines malicious nodes just by the consistency of the location information, while the proposed algorithm is capable of identifying malicious nodes via some additional attributes, such as distance measurement, detection of anchor node position, and detection of transition time.

As can be seen from Figure 15, the trust relationship network becomes tighter as the density of anchor nodes increases. Normal node does not build trust relationship with attack node, so the attack node is removed from the secure localization model.

#### 5. Conclusion

The problem of secure localization is closely related to the structure characteristics and application background in WSN. Traditional security algorithms in WSN are constrained by the limited resources of sensor nodes. Trust management can improve the security and reliability of the localization system with low system overhead. In this paper, a number of attributes related to the localization are adopted and the threshold of the attribute value is discussed to ensure that the method can deal with the internal attacks and a certain degree of collusion attack. This model is superior to the traditional secure localization algorithm based on WSN in the success rate of identifying malicious nodes and performance overhead.

#### Competing Interests

The authors declare that they have no competing interests.

#### Acknowledgments

The subject is sponsored by the National Natural Science Foundation of China (no. 61373017, no. 61572260, no. 61572261, no. 61672296, and no. 61602261), the Natural Science Foundation of Jiangsu Province (no. BK20140886 and no. BK20140888), Scientific & Technological Support Project of Jiangsu Province (no. BE2015702 and no. BE2016777, BE2016185), China Postdoctoral Science Foundation (no. 2014M551636 and no. 2014M561696), Jiangsu Planned Projects for Postdoctoral Research Funds (no. 1302090B and no. 1401005B), Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks Foundation (no. WSNLBZY201508).