Wireless sensor networks (WSNs) are increasingly used in smart cities which involve multiple city services having quality of service (QoS) requirements. When misbehaving devices exist, the performance of current delivery protocols degrades significantly. Nonetheless, the majority of existing schemes either ignore the faulty behaviors’ variability and time-variance in city environments or focus on homogeneous traffic for traditional data services (simple text messages) rather than city services (health care units, traffic monitors, and video surveillance). We consider the problem of fault-aware multiservice delivery, in which the network performs secure routing and rate control in terms of fault activity dynamic metric. To this end, we first design a distributed framework to estimate the fault activity information based on the effects of nondeterministic faulty behaviors and to incorporate these estimates into the service delivery. Then we present a fault activity geographic opportunistic routing (FAGOR) algorithm addressing a wide range of misbehaviors. We develop a leaky-hop model and design a fault activity rate-control algorithm for heterogeneous traffic to allocate resources, while guaranteeing utility fairness among multiple city services. Finally, we demonstrate the significant performance of our scheme in routing performance, effective utility, and utility fairness in the presence of misbehaving sensors through extensive simulations.

1. Introduction

Wireless sensor networks (WSNs) have been integrated with smart cities and play an important role in smart city by providing versatile applications through sensors. With the demands for living and security standard of a city, it has become necessary for WSNs to support a series of city services, such as health monitoring, electricity consumption, intelligent transportation, visual target tracking, and multicamera surveillance [1, 2]. Sensors that are randomly distributed in a network cooperate with each other to deliver service data via multihop routing and rate control to the sink, which can communicate with conventional networks, for instance, the Internet.

Built upon open wireless medium, multiple city services in WSNs are particularly vulnerable to attackers which are attracted by sensitive information, less infrastructure, privacy, and so forth. Many service delivery protocols have been proposed and evaluated for countering different types of misbehaving nodes [3, 4]; however, most studies largely ignored the uncertainties and variabilities in the city environment. It is not an easy job to characterize the dynamics of dynamic ongoing or unknown attacks in an intuitionist way. Moreover, recent works in [5, 6] have demonstrated that the attackers with fixed strategy cannot disguise themselves as members of a city and are then marked as the adversaries. Inconsistent behaviors may exist in an intelligent misbehaving sensor or adapt its strategy under random attacks in smart grids [7], stealthy attacks in WSN-based IoT [8], and dynamic ongoing attacks in smart cities [9]. Hence, the impact of misbehaving sensors is probabilistic and time-varying in many cases.

In order to characterize the effect of faulty behaviors on routing and throughput, we propose an impact collecting-based approach, which formulates the dynamics of faulty behaviors. A popular approach is to collect information about the direct impact of the misbehaviors, such as energy and delivery quality inside a sensor. Besides that, the delivery for city services is affected by some indirect impacts. For example, the vehicle misleads network routine and causes bandwidth consumption by announcing its various fake position simultaneously or the frequent time interval [10]. To defend against this type of misbehavior, a sensor needs to obtain trust verification from other sensors. The aim of our method is first to identify the state of a faulty sensor by, on direct impact and on indirect impact, gathering verification information received from its neighboring nodes. Then we model the state of being faulty at each sensor as a random process. Since the effect of faulty behaviors is probabilistic, the state of being faulty will also be nondeterministic and must be studied by applying a stochastic framework. Accordingly, we make each sensor establish novel metrics fault activity (FA) for modeling the stochastic state of being faulty in terms of statistical information about the probabilistic faulty nodes, which is also utilized to select next forwarding candidates for each hop and to allocate resource for each service.

Geographic opportunistic routing (GOR) is considered an effective and flexible way to improve network performance with the help of WSN localization and exploiting spatial diversity [1114]. Moreover, GOR maintains high efficiency and scalability since each sensor only needs the local one-hop connectivity. In this paper, our FAGOR uses more candidates as backups and integrates fault activity model into the process of the forwarding candidate selection. For example, as shown in Figure 1, based on distance, energy, trust verification, and delivery quality inside a sensor, each sensor filter is prioritizing to choose a candidate sensor set of the neighbors. These candidates follow the priorities to deliver the packet opportunistically. Malicious sensors (node A and node B) have very low priorities or are even not included in the candidate set according to their direct impacts and indirect impacts.

Network service performance becomes lower when inside intrusions are present since the effective flow gets thinner when misbehaving nodes are on its routines [15, 16]. Therefore, it is necessary to apply rate-control design to complement secure routing and guarantee performance. A popular approach for reliable resource allocation is to design improved optimal flow control (OFC) algorithms, which solve network utility maximization (NUM) problems with constraints on fixed reliability requirements [1719]. However, these approaches are unable to adopt their resource allocation and fairness dynamically according to the actual-receive rate of each service. We develop a FA-leaky-hop model in which each faulty sensor has potential effects on the resulting data throughput and incorporate the actual-receive rate at wireless hops into OFC approach.

Moreover, when multiple city services, for example, camera monitoring, health surveillance, email, and smart home, are run over a network as shown in Figure 1, the existing OFC approaches usually lead to a serious unfair resource allocation in terms of rates [20]. For example, real-time traffic which has its minimum required rate may get almost zero utility, despite nonzero rates. The utility function conditions of OFC need be relaxed to describe different services regarding heterogeneous traffic types. Based on FA-leaky-hop model, we formulate the problem of allocating rate among multiple services as a lossy flow optimization problem, namely, fault activity utility OFC, through maximizing the sum of relaxed utilities subject to the network constraints. Considering the existence of faulty sensors, our FA-UOFC algorithm allocates traffic to various services and achieves fairness in terms of actual-receive utility, rather than that in terms of rate or utility. In particular, we define the utility fairness index which could measure the degree of fairness performance based on the achieved throughput in lossy networks and seek to gain its considerable value under our service delivery strategies.

In this article, we investigate multiple city service delivery of joint routing and rate-control that can minimize performance degradation in the event of misbehaving nodes. To the best of our knowledge, we are the first work to address both routing and rate-control for multiple services in WSNs via a fault-dynamic model-based approach. The main contributions of this paper are outlined as follows:(i)We design a distributed framework of fault activity information at each sensor to locally characterize the impact of the nondeterministic and dynamic faulty behaviors and to incorporate fault activity information into data delivery for multiple city services.(ii)We propose a fault activity-based geographic opportunistic routing protocol, FAGOR, which combines the direct and indirect impacts of faulty behaviors, to protect against a wide range of attacks.(iii)We formulate the problem of allocating resources among multiple services in the presence of misbehaving nodes as a lossy flow optimization problem along leaky-hop model. A distributed algorithm, FA-UOFC, is developed to allocate the effective rate properly within the sensor networks and to achieve lossy utility fairness by sources with different traffic types.(iv)We define a novel index, index of utility fairness, that quantitatively measure the degree of utility fairness among multiple city services in distributed systems.

The rest of the paper is organized as follows. Related work is described in Section 2. We depict our system model in Section 3, and we present methods that allow sensors to establish novel metrics fault activity (FA) according to the impact of misbehaviors in Section 4. In Section 5, we introduce the formulation of a GOR protocol based on FA metrics. In Section 6, we describe the leaky-hop model and formulate the optimal rate-control for multiple services in the presence of misbehaving nodes. The performance of our algorithm is evaluated in Section 7. Finally, we conclude the paper and give directions for future work in Section 8.

Over the past few years, literatures investigated the multiple city service delivery over wireless networks. A resource management scheme is proposed in [21] to offer the delivery of various city services in the Internet of Things. Tang et al. [22] propose a cross-layer resource allocation model for guaranteeing the QoS requirements of elastic service (audio and video surveillance, habitat monitoring, and real-time traffic monitoring) based on the optimal achievable rate in Cloud Radio Access Network. Spachos et al. [23] design an energy-aware dynamic routing scheme to improve the QoS-aware routing of multimedia traffic by optimizing the selection of the forwarding candidate set. The feasibility of the schemes mentioned above does not consider the existence of malicious nodes, and there is no policy given to defend the misbehaviors of wireless nodes. There exist works that study particular misbehaviors of node-selfishness for multiservice delivery. Luo et al. [24] design an algorithm to select relay nodes in terms of residual energy metrics in WSN-based IoT. The “ground truth” status of each node in [25] is served as virtual credit to encourage data delivery according to its social and QoS behavior. The work in [26] presents a dynamic trust management for secure routing to deal with selfish behaviors and trust-related attacks. Our fault-aware routing and resource allocation scheme extends from these solutions with consideration given to a wider range of misbehaviors on the multiservice delivery in WSNs from the perspectives of both direct-impact factors and indirect impact factors.

Due to the misbehaving nodes’ effect on network performance, various defense strategies dealing with the nodes’ misbehaviors have been studied for wireless networks. However, most of these works only present countermeasure analysis for different types of faulty nodes and have not considered the uncertainties and dynamics of real environments. Most of the studies assume that the faulty nodes employ a constant strategy that will not change with time. In fact, a faulty node can adopt variable misbehaviors to maximize its intrusion strength [27]. Malicious nodes can be equipped with cognitive technology and can adapt their attacking strategy according to the legitimate users’ actions [28]. The attackers decrease their attacks in frequency to disguise themselves and to avoid being detected [29]. Mitchell and Chen [30] characterize a malicious attacker by its capacity to perform random attacks. Similar to [30], our approach works against misbehaving behaviors which may exhibit inconsistent behaviors; a misbehaving node acts as a good node and does not launch attacks at first, in order to gain the trust of other nodes, or, it may perform on-off attacks with a random probability. Our work characterizes the impact of potential dynamic faults and incorporates statistical information into the resource allocation and routing protocols. This assumption not only provides efficient defense against stationary failures but also is suitable for mobile attacks and the uncertain losses from the various environments.

In the reliable routing of WSNs, geographic routing is an attractive approach since no end-to-end route is determined before data delivery [31]. A QoS-aware geographic opportunistic routing, QGOR, is explored in [14] for delivering packets with both time delay and reliability constraints in WSNs. Using location information, Wu et al. [32] design an efficient routing and load balancing algorithm in hybrid VANET. These studies, however, do not consider and respond to location-related attacks. Liu et al. [33] consider the use of the location verification such that neighbors exchange their location information to address a series of location-related attacks. One main limitation of this scheme is that if the localization mechanism is separated from the routing protocol, the protocol will fail. FAGOR is similar to those schemes in terms of security requirements. FAGOR differs from them in that it uses RSS to detect location information and the verification from the other sensors to identify this type of misbehaviors with possibility.

An optimization problem is first applied to formulate the rate-control stack design of the wireline context by Kelly et al. [34]. This pioneering work was further advanced by studies in cellular wireless networks [35], ad hoc networks [36], and wireless sensor networks [37]. The fundamental assumption of the above research is that each application attains concave utility function and, thus, is only suitable for elastic traffic. It cannot deal with the resource allocation of multiple services in sensor networks where both elastic and inelastic traffic are commonly engaged. Lee et al. [38] show that instability and high network congestion may be caused by the mixing of inelastic and elastic traffic in the absence of appropriate rate controllers. Hande et al. [39] have further derived the sufficient and necessary conditions of system optimality in a mixed-traffic scenario and have proposed a link provisioning method which could potentially be used during the network-planning stage. Alternatively, Wang et al. [20] have developed a new rate-control framework that is able to deal with both elastic and inelastic traffic of multiple services such that the resulting utility is proportional fair. However, these works do not consider the existence of misbehaving nodes and assume that each wireless node is cooperative and well-behaved.

Recently, numerous protocols which maximize the sum of each application’s utility by setting fixed reliability constraints have been proposed to allocate the resources of multiple services to provide reliable wireless transmissions [16]. Their works, however, are unable to adapt fairness dynamically in terms of the actual-receive resource of each application. Li et al. [19] incorporate rate, in addition to delay and reliability, into the utility function to support different QoS requirements of various traffic. In our paper, we take a similar approach that the utility is defined to be a function of effective utility received at destination nodes. By means of embodying QoS objectives in the extended utility function, our FA-UOFC is applicable for various services addressing their real utility requirements and improves the utility performance both of inelastic sources and elastic sources.

3. System Model and Assumptions

This section presents the network and the misbehaving-node model handled in this article, as well as the assumptions made in order to design the proposed architecture.

3.1. Network Model

In a smart city, a wireless sensor network involves tiny devices, called sensor nodes , which have ability to cater to different applications. These devices are randomly deployed in a city area with a constant size, for example, a smart community containing residential buildings, hospitals, schools, shopping malls, cafes, and banks. Two SNs within the wireless transmission range can send data and communicate with each other, and any two nodes with a distance greater than would require a multihop to communicate with each other. A link is denoted as a pair as nodes , where is the transmitter and is the receiver. The data collected by sensors is sent to sinks which process data locally or through core networks such as the Internet.

The location of sinks as data, computation, and control center are known in the network. Each sensor knows the geographic coordinate of itself using one of secure localization algorithms [40]. Meanwhile, a sensor can adapt its location information with the help of some trusted mobile anchor nodes in neighbor set, for example, vehicle nodes equipped with GPS.

Due to the broadcast nature of the wireless medium, the transmitters contend in wireless channel capacity for the shared wireless medium if they are within the interference range of each other. Considering the protocol model [41] for successful transmission, the interference among the transmissions is characterized by the interference sets. Since the transmitters included in the interference set share the same common channel capacity, only one of the sensors may transmit over a channel in a time slot. Moreover, since energy is a major concern in WSNs, we assume that sinks are powerful services for collecting data and that other sensors have limited and unreplaceable batteries. We build a power dissipation model to guarantee the operational lifetime of the sensor network in Section 6.

3.2. City Services

WSNs provide a variety of services to city users that will force networks to support heterogeneous traffic. More generally, utilities of multiple city services in a smart city can be categorized as follows in terms of performance goal perspectives [20]:(i)Elastic utility for traditional data services such as file transfer, mail, and ftp(ii)Inelastic utility including real-time utility, rate-adaptive utility, and stepwise utility such as video surveillance, real-time monitoring, and teleconferencing

Figure 1 illustrates an example network with five flows to of source rates to , respectively. There are different types of sensors embedded to support city services with different QoS requirements. The utility types of source nodes are given as follows: inelastic utility for the first four source nodes and elastic utility for the fifth source node. Note that, in comparison with other data delivery for elastic traffic, the assumption of mixed traffic in our rate-control model is practical for many smart city applications, such as water consumption, electricity consumption, target tracking, health surveillance, and smart home appliance.

3.3. Fault Activity Information

In this article, we assume that the source nodes have no prior knowledge of the abnormal behaviors of nodes being performed. That is, we make no assumption about the malicious nodes’ strategies, misbehaviors’ goals, or mobility patterns. We assume that the types of misbehaviors, like failure of internal components or external faults, are unknown to the network.

In order to characterize the effect of nodes’ misbehaviors on the multiservice delivery, each source must collect information on the impact of the misbehaviors in city parts of networks. However, due to the distributed characteristic of wireless sensor nodes, no central network entity collects the information on the misbehaviors’ impact of all sensors and a fully distributed solution is required. Every source/SN should have its own fault activity information (FAI) for both its neighbors’ and its own faulty behavior impact. The node FAI at each SN obtains the faulty activity impact of its neighbors and of itself in terms of direct and indirect impacts recommended by the SNs around it. Meanwhile, the direct and indirect impacts are affected by SNs’ factors, that is, energy, trust verification, and delivery quality inside a sensor.

When sensor node delivers multiservices to the sink via multihop communication, there are some candidates based on node ’s knowledge of available forwarding neighbors. Nevertheless, since the node misbehaviors may degrade the reliability of the routing path, each hop selects the most reliable one of these candidates in terms of their FAI. Additionally, each sensor node tries to maximize the benefit by sending the feedback signal, the “resource price” determines the cost of consuming limited resources by competing services, to the source. Accordingly, each source is charged the resource price and is then allocated a certain amount of resources for delivering its service. For various types of services or applications, each source is associated with a utility function that reflects how much QoS benefit that source obtains at the allocated transmission rate. Here, the network model of the distributed framework of the candidate selection and rate allocation of the sources is shown in Figure 2.

4. Characterizing the Impact of Faulty Activities

In this section, we propose techniques for sensor node estimation and characterization of the impact of faulty activities and for obtaining misbehavior information. Under the distributed framework of the fault activity information (FAI), the FAI of each sensor node consists of two parts: direct impact and indirect impact of misbehaviors on multiservice delivery. Based on FAI, we determine the node-faulty state and get the estimation of FA metric. Each relay sensor should incorporate its neighbors’ estimates into its candidate selection for next-hop from its neighbor set. In order for a source node to incorporate the misbehavior impact in the rate-control problem, its own estimation of FA must be recorded in the data packets when the packets arrive at this intermediate sensor and be sent back to the source node when the packets arrive at the sinks.

4.1. Direct-Impact Model
4.1.1. Delivery Quality inside a Sensor

In a smart city, sensors with heterogeneous nature support and forward a mix of elastic and inelastic traffic. With the existence of misbehaving sensors along routing paths, the data rate of a flow gets thinner and thinner and the actual-receive rate at the sink is considerably lower than that at the source. Figure 3 shows the utility obtained by elastic and inelastic applications at different actual-receive rates. If an elastic service gets a rate slightly greater or lower than their minimum required rate, inelastic applications get zero utility. Therefore, the quality of delivery inside a sensor is a significant factor for utility of multiple services.

Although a faulty node may perform various behaviors, any good node exhibits the same behavior: delivering packets correctly. Similar to the approach in [42], we use the ratio of packets successfully delivered compared to those sent (packets may be corrupt even if received) in order to characterize the delivery quality inside a sensor. During a certain period , each node (sender) enters the promiscuous mode and checks whether the packet is actually forwarded by its selected nodes. Additionally, it can record in the neighbor list the running average number of packets sent to node and the running average number of valid packets. Each sensor is aware of the delivery quality values of any node and of its one-hop neighbors for the period [,], denoted as :

4.1.2. Energy

If some sensors malfunction due to the lack of energy, this degrades the overall network efficiency and performance. is denoted as the remaining energy of node . Let , , and be the energy consumed in the sensing, transmitting, and receiving for one data packet per unit time.

In order to update the direct-impact metric, the location beacon of one-hop neighbors is extended to apply an additional field of remaining energy . We can use and to update the estimate at the end of the time interval. In order to balance the stability and the accuracy of the estimation results, we update the estimation through iterations:where is the parameter that controls the preference between current and historic samples and .

4.2. Indirect Impact Model
4.2.1. Trust Verification

In smart environments, the network also has one or more malicious users that control a number of malicious colluders. All colluders may cooperate with each other and turn their partner into an inside faulty node. During the initial stage or under a random attack strategy, these malicious nodes do not immediately launch packet dropping behaviors, and they modify their transmission power to disguise themselves. Hence, the impact of the disguised nodes’ misbehavior is indirect on packet delivery from the perspective of the network, and a validation metric can be applied to distinguish malicious nodes with the voting-based scheme.

To keep consistency, we follow the assumption and variable definitions about GOR in [43]. Each node periodically broadcasts the location beacon with the location information to its one-hop neighbors. After receiving the beacon from node A, a neighbor B verifies the location information in terms of the received signal strength. RSS is given by the following [44]:where is the node’s transmission power in dBm and is the path loss factor. Here, is the path loss at the reference distance and is a random variable. However, if the RSS is susceptible, the above approach will lead to high false negatives against location-related attacks. Based on (4), the distance is estimated as , where is the measurement error. To reduce the effect of the disguised nodes, node A requires collecting more RSS value from the information of its common neighbors. We denote as the intersection of A’s neighbor set and B’s neighbor set. A neighbor node is selected by to find the difference of the RSS value of the sender in (e.g., node ). Even though the transmission power may be modified, the difference is found to be constant [45]:

As either the node or the chosen neighbor node may use forged information of this distance value, or are used to replace the value of and . We can get the inequality from (5):

Following this method, we can obtain for other nodes in set . In this round, two disguised nodes and are identified with , provided that

With node ’s neighbor nodes as reference nodes, each belonging to can be identified using this method. During the time period , there are disguised nodes that are faked by actually one node in a round and rounds of the entire rounds in the calculation. The estimate value of the possible disguiser can be obtained by

An attacker can launch a spoofing attack by sending forged location beacons to attract SNs to choose one of them as the next-hop. In this paper, the FAI management makes use of the RSS to verify SNs’ location and to address the location-related attacks by offering nodes the location with possibility. Based on the collected RSS values, we can compute the values for the set whose size is , where . Then the following inequality can be provided to decide whether node is marked as a successful validation:where and are the position announced in the received location beacon. If the inequality is satisfied, it means that node A with one neighbor can be marked as a successful validation, and . Otherwise, . We can obtain the ratio of successful validation of node A:

Furthermore, we introduce the indirect impact metric to address issues of location-related attacks. In order to gain the trust of other nodes, some malicious sensors claim themselves as legitimate nodes but transmit beacon messages containing false location information to confuse other sensors. Each network node may obtain the verification information of its candidates indirectly received from its neighboring nodes. Additionally, the impact of these disguised nodes’ misbehavior which pollutes the network system with bogus information is indirect on packet delivery from the perspective of the network. We get the expression of indirect impact metric of node A:where and which is the coefficient factor. The indirect impact metric of each node’s one-hop neighbors can be calculated in terms of information in the beacon. To reduce the bandwidth consumption caused by beacon exchange, it is not necessary to contain the neighbor information in the beacon unless the information is changed.

4.3. Fault Activity Metric Based on Determining Node State

Due to the uncertainty in the faulty impact, we model the direct impact and the indirect impact as random processes and allow the sensor nodes to collect empirical data for characterizing the process. In order to identify the faulty state of each node, we design an impact metric which enables each node to measure faulty impact for both its own faulty impact and its neighbors’ faulty impact based on its knowledge of available one-hop neighbors. The total impact value for node can be given bywhere is the factor with . Then we define the novel faulty state and FA metric as follows.

Definition 1 (the node-faulty state). denotes the faulty status in node at time , where indicates that the node is faulty where ; otherwise, indicates that node is not faulty.

To determine the node-faulty state, we can use a heuristic approach to test whether the current node is experiencing “being faulty condition” in which the impact metric drops below a certain threshold. Any node whose impact metric is below the threshold can be regarded as a faulty node since we are unable to accomplish our objectives efficiently. We suppose that each node updates and after each update period of seconds and estimates the FA metric after each update calculation period of seconds. Next, we define the FA which is the time that faulty nodes spend in each state per unit time.

Definition 2. The FA for node-faulty state denoted by is the fraction of time during period for which the node is in the state , that is, .

To facilitate observation, we illustrate an example of converting the impact value of a sensor node A (as shown in Figure 4) into the faulty state with being 0.6 in Figure 5 and the value of fault activity in Figure 6. Once we obtain the estimation of FA, we can get the fault-statistical information for routing path selection and resource allocation.

5. Fault Activity Geographic Opportunistic Routing Algorithm

In this section, a geographic routing protocol on fault activity metric is presented, providing methods for sensors to choose the candidates based on impact caused by faulty behaviors. FA-GOR selects more forwarding candidates based on the routing metric of available next-hop forwarders.

Before presenting our routing algorithm, we first discuss an intrinsic nature of WSNs that can support our idea: network connectivity. When sensors are distributed in area randomly, the process that there are sensors in an arbitrary area is modeled according to Poisson distribution [40]:where denotes node density, is the cardinality of , and . In order to describe the full connection probability , we first calculate the probability that no link exists between sensor and other nodes:

In terms of the isolation probability , the full connection probability is given by the following [46]:

Figure 7 shows that when and are set as proper values, the expected fully connected can be achieved in a WSN.

Assuming that is denoted as the distance from sending node to the sink (denoted as ) and is denoted as the distance from its neighbor to the sink, we have the routing metric for the forwarding candidates as follows:where is the constant weight indicating the relative preference between distance and fault impact value . Each next-hop forwarder is assigned with its priority based on the metric value of (16).

We introduce the FAGOR algorithm to select the next relay node following the assigned priority in forwarder set to relay the packets. Algorithm 1 depicts the pseudocode of FAGOR algorithm.

Require: , the neighbor set of node
Ensure: the next forwarder
() start a retransmission timer;
() select the forwarding set including candidates from
neighbor nodes ;
() for each node do
() if and
() add to ; ;
() end if
() end for
() prioritize the forwarder set using metric;
() broadcast the data packets;
() for each node do
() receive the data packet;
() check the sender ID and start a timer and ,
where is a constant;
() end for
() if node which obtains the highest priority receives the data
packet correctly then
() reply an ACK to notify the sender as well as other candidates
to cancel their timers;
() else
() if the priority timer expire then
() set , node has the lower-priority;
() goto 14;
() end if
() end if
() if no forwarding candidate has successfully received the packet
() if the retransmission timer does not expire then
() goto 2;
() end if
() end if
() return

Our FAGOR could defend against a wide range of misbehaviors. For example, in Figure 8, as one candidate of node ’s next-hops, node lies about its location and associates with disguisers () as its colluders. The mutual neighbors of and , , need to report their RSS values related to to and work based on majority voting. could choose reference nodes from to verify the validity of the voters. Node sends the estimate value about to node by (8). Node calculates to incorporate it into indirect value of node . Finally, node is found as being faulty state during a period and could not be selected into the routing path.

6. Fault Activity Utility-Based Optimal Flow Control Approach

In this section, we present a leaky-hop model which explicitly takes account of faulty activities and then present fault activity-based utility optimal flow control (FA-UOFC) based on the leaky-hop model. One underlying assumption in the utility framework of rate control is that the same flow is present at all the hops along the route. In hostile environments, however, the data rate of a given flow becomes thinner along its path. Due to potential faulty behaviors on each node, all data deliveries are not successful.

6.1. Leaky-Hop Model

In Section 4, is denoted as the fraction of time during the unit period for which node exhibits misbehavior, while is the time fraction during which node accomplishes its communication effectively as a good node. characterizes the probability of faulty behaviors over single hop. At a link with transmission rate , since data is only received correctly on from hop , the correctly received data rate at hop is presented by

For path traversing multiple hops, the end-to-end packet success ratio for path is given by

is denoted as the subpath of between source and the intermediate node , and is denoted as the subpath of between the intermediate node and the sink node of . For subpath of a data flow, the data delivery probability at leaky-hop is given by . It can be seen that the data rate of a given flow becomes “thinner and thinner” at each hop along its routing path, and we call the flow traversing every potential misbehaving hop to be a leaky-hop flow. We define goodput of flow as the data rate received correctly at the sink [47]. Therefore, in the presence of misbehaving nodes, .

An example leaky-hop model is described in Figure 9. Flow traverses along four leaky-hops: , , , and . Flow traverses along three leaky-hops: , , and . The goodput of flow at the destination is . It can be seen that the data rate of a flow becomes lower and lower along multiple hops. For example, . There may exist different data delivery probabilities at a leaky-hop for different data flows. The leaky-hop for flow and flow has different data delivery probabilities: . We call a potential faulty node on the routing path of flow to be a leaky-hop for flow .

The resource allocation problem in WSNs gives rise to many new challenges. Among the many unique characteristics of WSNs, we focus on two constraints in our formulation. Due to the broadcast nature of the wireless medium, all transmissions are not successful and the transmitters contend with each other in the broadcast domain. To apply the constraint of contention regions, we use the contention set concept from [48]. The contention set is denoted as the subset of links belonging to a contention region that, at most, one link in can transmit in each time slot successfully. Let be the contention link set of link . If user transmits over link , other flows in the contention set cannot transmit packets simultaneously. Let be the capacity of link . We incorporate the node-faulty activity statistics into the link capacity constraint generation. Due to leaky-hops along the routing path, the flow rate is potentially reduced at each of the receiving hops as packets are lost. The availability metric in Definition 2 means the fraction of time for which the immediate sensor delivers packets correctly. The stochastic capacity constraint on the total flow rate traversing a link is given by

Another major point in WSNs is the energy constraint caused by the energy consumption of sensing, transmitting, receiving, and relaying data. Let denote the initial amount of initial battery (energy) at node , .

We also incorporate the FA statistics into the energy constraint, in which the power consumption of each node should not exceed the maximum allowed power generation :where , if flow starts from sensor node ; otherwise, . For a prespecified lifetime, , the maximum node power consumption , where and are the duty cycle and energy consumed in the idle state per unit time.

6.2. FA-UOFC for Multiple Services

For wireless sensor networks in a smart city, many different types of sensor are emerging to present numerous applications that exhibit different utility behaviors. Similar to [20], we observe that the operations of the data gathering involve both inelastic and elastic traffic. In order to support the multiple types of traffic, the flow control strategy should have the ability to allocate traffic rates properly in order to balance the performance for different applications. We will adopt the rate-control protocol, newly developed by Wang et al. [20], for handling elastic and inelastic traffic. When each source transmits at rate , it attains a utility . The utility function is assumed to be continuous, strictly increasing, and bounded in the interval . We define a “pseudoutility” as

In order to provide a good performance balance for different applications in sensor networks, the flow control can be generalized to obtain new problem formulations, namely, utility optimal flow control (UOFC), which maximizes the sum pseudoutility under the contention constraint [41] and the energy constraint.

At the sink of flow , the correctly received data rate can be represented as . The optimization problem introduced previously can be presented as a new formulation:

Since the objective function is nonnegative, continuous, and strictly increasing (not concave), the “pseudoutility” must be a strictly increasing concave function. Therefore, with linear, separable, convex, and compact constraints, the optimization problem in (22) has a unique optimal solution.

In the following, we use Lagrangian dual method and develop a rate-control algorithm. First, we form the Lagrangian as follows:where , , and are all nonnegative. , assuming flow starts from node . The objective function of dual problem is given by

We use the gradient method to solve the above dual problem. The Lagrangian multipliers for the dual can be updated as follows at each iteration :where is a small step size, and . Here, , , can be considered the price for using the resource of contention set . Similarly, , , can be interpreted as the price for using energy at sensor node . Given these two prices, each flow , , adopts its rate according towhere , is the inverse of , and (27) can be replaced as follows:where . Hence, we propose Algorithm 2 based on the problem formulation of fault activity-based utility optimal control.

() Update source rate: Each source node calculates the
source rate for the next period according to
Eq. (28);
() Update resource prices: Using the information of
aggregated transmission rate, link computes a new sole
contention price according to Eq. (25) and
node computes a new energy price according to
Eq. (26);
() Deliver information towards the sink: Sensor node
adapts the contention price and the energy
price along the path, and propagates towards the
() Feedback message from the sink: The sink feedbacks
the FA parameter and the aggregated resource price to
the source via the reverse path.

Our algorithm can be carried out in a distributed manner by message exchange in the network, as shown in Figure 10. To implement our scheme, no node in the network needs to know global information nor the individual variables of algorithm. The information needs to be updated by the receiving node and to be sent via piggybacking.

First, each sensor node estimates and updates the resource price locally, the fault activity information of its neighbors, and its own fault activity information; then we apply two additional header fields, mean field and price field, to both data packets and control packets. When a new packet arrives, the updated FAI is multiplied together and the local prices are added to the price of the packets that arrive from the upstream node. When the packet arrives at the sink, values of the two fields will be feedback to the source node by the acknowledgement packet.

Second, when the packet arrives at the sink, the aggregated FAI and resource prices will be piggybacked to the source node in the acknowledgement packet.

Third, each node can construct its local contention set by exchanging information from neighbors instead of knowing the entire network topology.

Hence, the total number of additional exchange operations is within , where is the number of source routing paths and is the number of network’s links. The proposed fault activity utility optimal flow control algorithm is practical and realizable in WSNs.

6.3. Utility Fairness

The goal of our rate-control approach is to able to maintain an acceptable level of service degradation, including effective network throughput and fairness, in the presence of misbehaving nodes. In this section, we establish the existence and uniqueness of a utility fair solution with the presence of misbehaving nodes and define a novel index, utility fairness index, which quantitatively measures the degree of utility fairness in distributed systems.

Considering the performance of different services, the utility OFC (UOFC) with the resource constraints in WSNs allocates flow rates of different applications according to their utility requirements, and, what is more, the optimization approach yields utility fairness [20]. In WSNs without faulty nodes, the set of goodput rate vector for each flow that satisfies the resource constraints in problem (22) with for is called the rate region . In hostile environments, the set of goodput vector that follows from problem (22) with is denoted as . It is clear that and that .

When the rate-control Algorithm 2 with leads to equilibrium at convergence, the pseudoutility function is maximized within the feasible solution. Here we can employ both a utility proportional fairness as described in [20] and utility max-min fairness proposed in [48]. For any other feasible allocation , if , the source rate allocation is utility proportionally fair. is the strictly concave function; the strict inequality holds and meets the utility proportional fairness definition. Therefore, the source rate allocation in Algorithm 2 with is utility proportionally fair. To achieve utility max-min fairness, we give a new distributive flow control algorithm. If the aggregate price of Algorithm 2 is replaced with , which is the maximum of the contention prices and the energy prices along the path, the updated algorithm could provide a utility max-min fair allocation among all data flows.

6.3.1. Utility Fairness of

We relate the arguments on utility OFC based on the leaky-hop model to a case without leaky-hop by proving a continuity property of fair allocation as approaches 1. Let the ratio of node-faulty activities drop to zero: . Then the rate regions in WSNs containing faulty nodes converge the rate regions in the corresponding WSNs without faulty nodes, and utility fair solution converges to the corresponding utility fair solution without faulty nodes [47].

The goal of our rate-control approach is to be able to maintain an acceptable level of service degradation, including effective network throughput and fairness, in the presence of misbehaving nodes. In this section, we establish the existence and uniqueness of a utility fair solution with the presence of misbehaving nodes and define a novel index, utility fairness index, which quantitatively measures the degree of utility fairness in distributed systems.

In the homogeneous traffic context, Jain et al. [49] propose a quantitative measure called Index of Fairness to tell how far the resource allocation is from equality. With considering QoS requirements of different applications, it may be undesirable to allocate resources simply according to conventional measurements such as Index of Fairness [49]. Hence, we define a novel index, index of utility fairness , which measures the utility fairness of various applications and addresses their utility requirements:where is the goodput of flows and is the number of flows in WSNs. This index measures the “equality” of user utility allocation. If all sources get the same amount of utility, that is, if are all equal, then the utility fairness index is 1. As the disparity increases, the utility fairness decreases and is near 0 as only a selected few users will be favored. A higher value of means a higher degree of utility fairness.

7. Performance Evaluations

In this section, we conduct simulation experiments to evaluate the performance of the proposed FAGOR protocol and FA-UFOC scheme when misbehaving nodes exist in the network. We first describe the simulation setup and then compare the simulation results with GPSR [12], DWSIGF [13], QGOR [14], and our proposed FAGOR protocol in a variety of experiments. Next, we illustrate the advantage of the FA-UOFC over the traditional OFC approach without considering misbehavior of faulty nodes. Finally, we show the effectiveness of our proposed FAGOR protocol combined with our FA-UOFC algorithm for WSNs in adversarial environments, and we simulate the fairness of our proposed scheme in terms of utility fairness index and the convergence discussed in Section 6.3.1.

The extensive simulations have been conducted in OPNET and C++ simulator. The OPNET simulator is designed for the network design and performance test. It is further enhanced to support for wireless sensor networks in city environments. In original OPNET, the calculation of received power only considers the propagation model of free space. In the urban communication environment, wireless channel is affected by the diffraction of signals by various buildings and trees. A Rician model is used as a channel fading model to illustrate effects due to buildings, obstacles, and trees in the city. We incorporate Rician distribution into the receiver power module in OPNET in accordance with radio wave propagation model in practical scenarios.

We consider static WSNs for a smart city. Therefore, mobility is not considered in experiments. As shown in Figure 11, 100 to 400 wireless sensors, which include both misbehaving sensors and well-behaved sensors, are randomly deployed in an area of . The percentage of misbehaving nodes to all the nodes which is a simulation parameter is varied from 0 to 0.4 in different experiments. Each sensor has IEEE 802.15.4 based technology. The sources send data to 10 sinks which have sufficient power. The initial power of each sensor is set to 9 mW. The parameters for energy consumption are set to  nJ/bit,  nJ/bit, and  nJ/bit, respectively [50]. Each simulation runs 3000 iterations, and the default simulation parameters are listed in Table 1.

7.1. The Effectiveness of FAGOR

In this section, we show how our FAGOR protocol can provide effective routing with the existence of an arbitrary number of misbehaving nodes. The proposed FAGOR protocol is benchmarked against other three routing protocols: () DWSIGF, () GPSR, and () QGOR (a QoS-aware GOR which provides routing service based on the end-to-end QoS metric [22]). The following two metrics are used to compare the performance of the protocols:(i)PDR: the ratio of the total number of data packets by the sink packet delivery to the total amount of data packets sent by the source(ii)End-to-end delay: the time interval for the data packet to be transmitted from the source node to the sink

We simulate Sybil attacks with 4 Sybil nodes which perform random attacks with a configurable probability. The Sybil nodes create more virtual locations by altering their transmission power, which is similar to location spoofing attackers. We model randomly distributed misbehavior nodes such as black holes, gray holes, and nodes in jamming regions which drop data packets with variable possibility. The routing protocol is simulated attacking with varied probabilities to evaluate performance under various misbehaviors.

First we show the effectiveness of FAGOR under varied the number of misbehaving nodes. Figure 12(a) reports the packet delivery ratio of FAGOR in comparison with the other three routing protocols. We have the following observations: (a) the PDR of FAGOR is consistently higher than GPSR and DWSIGF with the existence of a varied number of misbehaving nodes, and (b) the PDR of FAGOR declines more slowly than GPSR and DWSIGF as the percentage of misbehaving nodes increases. The reason is that the misbehaving nodes are more likely to be chosen as the next-hop nodes in GPSR and DWSIGF, while FAGOR incorporates faulty impacts for choosing more reliable candidates to set up the routing paths.

The PDR in QGOR is higher than in other routing protocols except FAGOR. This can be explained as follows. QGOR also selects more reliable relays according to the QoS priority of neighboring nodes. However, without the ability to identify location-related attacks, QGOR may select a Sybil node as the next-hop relay. Our FAGOR gives low reliability values to Sybil nodes based on majority voting and to other misbehaving nodes based on direct-impact values. In terms of the compound of reliability value by the proposed FA metric, FAGOR transmits packets with faulty hops, and the impact of misbehaviors on the network performance is stable.

As the number of misbehaving nodes increases, the end-to-end delay of GPSR and DWSIGF plotted in Figure 12(b) decreases. For hostile sensor networks, misbehaving nodes in the routing path would cause links to break. The decline of the end-to-end delay means that only the data packets from the nodes that are closer to the sink can be successfully delivered to the sink in GPSR and DWSIGF, while it is hard to successfully transmit the data packets to a distant destination with more hops. However, FAGOR and QGOR encourage suboptimal candidates to collaboratively relay data packets that the delay of such packets raises. As the number of misbehaving nodes increases, FAGOR and QGOR spend more time maintaining uninterrupted communication, and higher end-to-end delays are consequently achieved.

Furthermore, FAGOR gets a lower end-to-end delay than QGOR because of the existence of Sybil nodes among misbehaving nodes. Since the reliability of neighbors is unknown at the beginning, FAGOR uses majority voting to decrease the probability of location attacks. Compared to QGOR which operates without identifying location attacks, FAGOR mitigates Sybil attacks in advance and saves the network delay time.

We further study the effect of on the performance of FAGOR. The packet delivery ratio under varied values of is shown in Figure 13(a). In this simulation, we find out that underestimating the parameter will lead to imprecise next-hop choosing results and will affect the performance of FAGOR. On the other hand, overestimating as shown in Figure 13(b) may make the routing algorithm yield less feasible next-hops, lead to repeated candidate discovery, and result in higher delay. This result illustrates that there is trade-off between the PDR and time delay and choosing a proper value of gives better performance of FAGOR.

Figure 14 compares the performance of four protocols for different network size by increasing the numbers of nodes from 100 to 400. Compared with GPSR and DWSIGF, our FAGOR improves the delivery ratio by approximately 40% and keeps stable with the different random topologies.

In order to evaluate the number of candidates of the performance of FAGOR, we consider network scenarios with different numbers of misbehaving nodes. From Figure 15(a), we see that PDR increases and the gap of PDR between , , and gets smaller as the number of candidates increases. Thus more candidates in FAGOR can relieve the performance degradation under more misbehaving nodes. Figure 15(b) shows that the transmission delay decreases when . This is because, in FAGOR, when packet dropping ratio is high, there will be fewer hop counts which means that the data delivery would not last long. As the number of candidates increases, transmission time delay when increases faster than when due to a long one-hop delay in the presence of more misbehaving nodes. The simulation results show that there is a trade-off between the time delay and robustness on the selection of the candidates’ numbers.

One object of FAGOR is to ensure the ability to operate effectively under dynamic misbehaving networks. In our simulation study, we set up a configurable probability of misbehaving nodes which behave well at the beginning of the experiment. They change to misbehaving nodes at random points of time. In Figure 16, we show the PDR performance of four protocols with a varied percentage of behavior-changing nodes. The following observations can be obtained from these figures. First, the packet delivery ratio of FAGOR is consistently higher than that of the other three protocols with different percentages of changing misbehaving nodes. Second, since FAGOR selects faulty nodes in the routing path, the impact of misbehaviors on the network performance is stable.

7.2. The Effectiveness of FA-UOFC

In this subsection, we use numerical examples to illustrate the advantage of FA-UOFC algorithm over the OFC with same resource constraints. In the simulation, the sensor nodes turn to misbehaving nodes with probability 0.35. The network topology for one sink is depicted in Figure 17. We assume a link capacity of 4 kbps and a maximum node power consumption of 4 mW. In smart cities, there are various types of sensors embedded in networks to support multiple services with different QoS requirements. Therefore, we set utility functions consisting of elastic and inelastic traffic. The utility function of each source node is given as , , , . All the sources have their maximum rates at 10 Mbps.

We compare the effectiveness of two flow control strategies: () NE-OFC (OFC with noneffective utility functions and constraints); () FA-UOFC (our improved OFC approach). NE-OFC approach subject to contention and energy constraints for WSNs is with utility functions of allocated flow rate without considering the faulty impact caused by misbehaving nodes. Figure 18 shows the comparison of the goodput for each flow at sink between our proposed FA-UOFC and NE-OFC. The proposed FA-UOFC can be seen to have achieved higher performance in terms of effective throughput compared to the conventional flow control method. Obviously this is due to the introduction of the faulty activity metric. The source adjusts its flow rate on its route adaptively to compensate for data loss in our FA-UOFC algorithm, which takes into account the effect of misbehaving nodes in utility function and constraints.

According to Section 6, is denoted as the injection rate at the source node and is denoted as the goodput at the sink. Figure 19 verifies that the rate-control algorithm in NE-OFC converges and is able to provide utility proportional fairness (we use the sum of contention price and energy price) among four source nodes according to the utilities of on the source nodes. Without considering faulty nodes, the source algorithm controls the flow rates to provide a utility fair resource allocation in which achieves a utility and , , and then share the remaining network resources with an equal utility of 0.52.

In fact, the goodputs of four flows cannot maintain the utility fairness at their sink nodes after traveling along the leaky-hops. The utilities of goodputs for four flows in the NE-OFC approach and FA-UOFC approach are shown in Figure 20. It can be seen that FA-UOFC yields higher utilities of goodput for four flows than NE-OFC. In Figure 19, three flows share a fair utility allocation that is equal to and . However, the utility fairness is broken due to different faulty effects on three paths consisting of misbehaving nodes. and of goodputs at the sinks both from NE-OFC and FA-UOFC in Figure 20 are lower than those of rates at the source nodes in Figure 19. Meanwhile, of goodput from FA-UOFC increases, yet from NE-OFC decreases. We calculate two indexes of utility fairness, 0.7 and 0.86, according to (29) for NE-OFC and FA-OFC, respectively. It demonstrates that better utility fairness is attained among flows by FA-UOFC. Our proposed algorithm effectively adjusts the resource allocation by explicitly taking into account the faulty effects in utility functions and constraints. Clearly, the network performance under misbehaving nodes is improved by our proposed FA-UOFC algorithm through both better utility fairness and higher effective throughput.

7.3. The FAGOR Protocol Combined with FA-UOFC Algorithm

In the following, we investigate the performance of our proposed FAGOR protocol combined with FA-UOFC algorithm for WSNs in adversarial environments. The proposed FAGOR + FA-UOFC scheme is benchmarked against the scheme with only FAGOR which does not employ any optimal flow control algorithm. Figures 21 and 22 plot the goodputs and the goodputs’ utilities obtained by FAGOR and FAGOR + FA-UOFC while increasing the percentage of misbehaving nodes in the network from 5% to 40%. Clearly, our proposed method significantly outperforms FAGOR in terms of the goodputs and goodputs’ utilities obtainable under a varied percentage of misbehaving nodes. The benefit of our proposed method over FAGOR increases as the number of misbehaving nodes increases. The result demonstrates that the FA-UOFC complements secure routing and alleviates the performance degradation caused by the misbehaving nodes along the routing paths.

We also take a closer look at Flow 2 and Flow 3 in Figure 22. As the number of the misbehaving nodes increases, the goodputs’ utilities of Flow 2 and Flow 3 in our scheme increase, whereas they decrease in FAGOR. Accordingly, our scheme achieves higher goodputs’ utilities for Flow 2 and Flow 3 than FAGOR. This is due to the source nodes in our scheme, which are able to compensate for faulty nodes in the allocation of traffic based on the real performance requirements of services and which can achieve utility fairness among the goodputs.

To demonstrate the fairness of FAGOR and FAGOR + FA-UOFC, we point to the variation of in (29). With various values for the percentage of misbehaving nodes and the probability of dropping packets in Figure 23, our proposed scheme can be seen to achieve a higher degree of utility fairness in terms of utility fairness index for goodput than the FAGOR scheme. This is because our proposed scheme explicitly takes into account the loss feature of faulty nodes and embodies the utility fairness objectives in the utility function that are concerned with the goodputs.

For a sequence of networks with decreasing impact with misbehaving nodes, we can see in Figure 23 that the utility fairness index converges to 0.92. As discussed in Section 6, the rate allocation and utility fairness in our scheme converge to those of the corresponding lossless networks when the ratios of nodes’ faulty activities drop to zero. Figure 23 shows the trends of utility fairness for goodput in adversarial environments.

8. Conclusion

In this paper, we studied the problem of routing and rate control for multiple city services over wireless sensor networks in the presence of misbehaving nodes whose effect can be characterized statistically. We presented methods for each sensor to probabilistically characterize the impact of a variable fault. To address how to maintain an acceptable level of network performance degradation, we utilized fault activity information in the next-hop selection of each sensor and incorporated this information into the rate-control algorithm for data sources. An improved, fault-aware version of the routing algorithm FAGOR is proposed, and we explicitly added fault activity information into the routing metric. We formulated resource allocation for multiple services as a lossy network flow optimization problem using relaxed utility functions. In addition, we developed a distributed rate-control algorithm called FA-UOFC which can achieve the lossy utility fairness among sources with different traffic types. Through comprehensive performance comparisons, we demonstrate that FAGOR protocol achieves a better performance with an acceptable overhead and that FA-UOFC algorithm achieves a higher effective utility and better utility fairness when various misbehaving nodes exist in a WSN. Finally, we show that our proposed FAGOR protocol combined with FA-UOFC algorithm proves effective in improving effective utility and utility fairness compared to the scheme with only FAGOR protocol.

Even through the development of our research is based on the wireless sensor network setting, the framework can generally be extended to other energy-constrained wireless ad hoc network models. In the future, mobility aspects can be considered in order to model more realistic wireless networks in smart cities. We also plan to model smart malicious behaviors and study their effects on data delivery.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.


This work was supported by the National Natural Science Foundation of China (Grants nos. 61373154, 61672239, and 61632012) and Shanghai High Technology Field Project (Grant no. 16511101400).