Sage Journals: Discover world-class research

Abstract

The unique characteristics of wireless sensor networks make them susceptible to the attacks. The secure scheme is considered in designing the routing protocol and algorithm. The cryptography and authentication secure technology can defend the external attacks but have no way to protect the network when the internal attacks occur. However, the trust management scheme with attack-resistance and robustness can efficiently detect the internal attack. On the condition of defending the attacks, it is also an issue that the trust management scheme aids routing algorithm to improve the security and performance. In this paper, we proposed a Trusted Tree-based trust management for secure routing in wireless sensor networks. The common attacks are firstly analyzed. And then the dynamic time window is designed in the distributed trust model with the detection of direct trust and indirect trust. Based on the trusted nodes, Trusted Tree is constructed. And the path quality of nodes in Trusted Tree is used as the gradient for routing. Finally, we add Trusted Tree-based trust management into the QoS based routing protocol and algorithm. Experimental results show that the QoS based routing algorithm with Trusted Tree has better performance and security.

1. Introduction

Wireless sensor networks are the most important elements in Internet of Things [1–4] and playing more and more key role in a wide range of application domains, such as habitat monitoring, disaster prevention, automation control, and infrastructural security [5–7]. These network nodes are equipped with the sensor and collect the data from the monitored environments.

Since the communication range and computing ability of node are limited, the ad hoc routing protocol is used in wireless sensor networks [8, 9]. The traditional network protocol is not suitable for wireless sensor networks, and their security protocol can not be directly used to defend against the attacks in wireless sensor networks [10–12]. Many routing protocols and algorithms are designed for the efficient transmission of data in wireless sensor networks. The network threat is considered, such as flooding attack and eavesdropping attack. These attacks are divided into two types: internal attacks and external attacks [13, 14]. The cryptography and authentication are usually applied to the routing protocols to defend the external attacks, because the malicious nodes have no right to access the network. When the nodes are compromised and launch the internal attacks, the secure techniques with cryptography and authentication fail to protect the network security. For the internal attacks, the trust management is the effective method. The trust management can identify the malicious node by monitoring and evaluating their behavior. However, the trust management is also vulnerable to the attack, and some intelligent behavior can trick the trust management schemes, such as on-off attack and bad-mouthing attack. Therefore, robustness issue is also considered in the trust management scheme. The distributed trust mode with direct trust and indirect trust is used to enhance the robustness in the trust management.

The trust management scheme is usually seen as the service for the network routing protocol and algorithm. The trust evaluation in the trust management does not only detect the trust value of the nodes; but it is also one of the metrics in the routing algorithm. By accumulating the trust value in the routing path to evaluate the security of routing path, the secure route can be reasonably established. Therefore, based on distributed trust mode, how to design an efficient trust management scheme is a critical issue in enhancing the performance of secure routing.

In this paper, we propose a Trusted Tree-based trust management scheme for routing in wireless sensor networks, which can implement the routing security and improve network performance. The attacks are firstly analyzed. And then the trust computing model and Trusted Tree are established and maintained. Furthermore, our scheme is applied to the QoS based secure routing protocols and algorithms and guides the process of the routing establishment. The major contributions of this paper are threefold which are listed as follows. (i)

Dynamic time window: the fixed size of sliding time window is changed into the dynamic size, so as to detect the malicious nodes with the low proportional bad behavior.

(ii)

Trusted Tree: based on the computed trust value of node, the Trusted Tree is established. The secure key of node is generated. The topology path quality in Trusted Tree is used as the gradient to guide the routing building.

(iii)

Aiding Routing: the QoS based routing protocol using Trusted Tree is implemented. The simulation results show that the QoS based routing protocol with Trust Tree can not only efficiently detect and exclude the malicious nodes, but also significantly enhance the network performance.

The remainder of this paper is organized as follows: Section 2 discusses the related works. The attacks, computing of trust value, and Trusted Tree are proposed in Section 3. The simulation results are presented in Section 4, and Section 5 concludes the paper.

2. Related Work

The trust management can ensure the security of data transmission in wireless sensor networks [15]. The trust management model in secure routing protocol and algorithms can be divided into the two classes: centralized trust model and distributed trust mode [16, 17].

2.1. Centralized Trust Model

The trust value of nodes is computed by the particular trusted centre or base station. CENTER [18] is a centralized trust based efficient routing protocol for wireless sensor networks. The base station is used to observe the behavior information from the nodes and deduce the global network view. The nodes’ trust value and the best routes are calculated for excluding the malicious nodes. Improving on the previous CENTER, CENTERA [19] includes an appropriate authentication scheme, and the base station gathers minimal neighbor trust information from the nodes. Although the base station can calculate and evaluate the trust value of the nodes by the global view of the network, the accuracy of trust metrics about the distributed nodes needs to be improved.

TCFL [20] uses the nodes’ trust value to select the routing path with highest trust value. The fuzzy logical deduction is used to quantize the uncertain and imprecise data. The proper transmitting path can be established from the source to the destination. However, the high energy is consumed in the TCFL.

2.2. Distributed Trust Model

The sensor nodes calculate the trust value by themselves. TQOS [21] obtains the secure routing by combining the trustworthiness of the nodes and the QoS of the link along a route. Based on the trustworthiness-based QoS metrics, the secure routing is discovered and set up. The trust value of nodes is gained by computing the ratio of the number of messages verified and received, but this simple statistics model is vulnerable to attack. ReTrust [22] is an attack-resistant and lightweight trust management approach. The sliding time window is used to calculate the trust value of nodes. ReTrust is a typical instance that uses direct trust and indirect trust. But this fixed size of sliding time window makes it difficult to detect the malicious nodes with low proportional behavior.

FTPR [23] proposes a fuzzy-based trust prediction model for routing. Based on the historical behavior and the fluctuations in trust value over a period of time, FTPR operates the trust prediction model to predict the future behavior of the neighbor nodes. However, the wireless link is unstable, and then the link temporary errors can result in the fluctuation of the trust value. For FTPR, it is difficult to discriminate them.

PLUS [24] uses the personal reference information and recommendation information to build the reasonable trust relationship among the sensor nodes. The personal reference value is gained based on the ratio of correct packets, and the recommendation value is computed by the neighbor nodes’ trust value. The trust value of suspect node is decided by the integrity check of the packet. Consequently, the suspect node may get unfair penalty and be regarded as the malicious node. In [25], considering the vulnerability of trust establishment to different attacks and the unique features of sensor nodes, a lightweight and robust trust establishment scheme is proposed. The trust value of the nodes is computed based on the rate of misbehavior. Although the frequency of misbehavior is used to check the on-off attack, this method fails to detect the attack with the low percentage of bad behavior.

Another interesting distributed trust model is proposed in ATSR [26]. ATSR also implements the trust mode by the direct and indirect trust information and adopts the location-based approach to reduce the routing protocol storage and cost. However, ATSR needs to rely on the location information. GTMS [27] is a group-based trust management scheme for clustered wireless sensor networks. GTMS has three levels: the node level, the cluster head level, and the base station level. Although the timing window mechanism is used to calculate the trust value of the node, GTMS is designed for the clustered network.

The cryptography and authentication technology are also used in the centralized and distributed trust model [28, 29]. In centralized trust model, CENTERA uses RC5 and PBC. In distributed trust model, TQOS contains authentication between two nodes.

By analyzing the above instances of trust management mode, it is found that the centralized trust mode has high energy consumption and low accuracy. The distributed trust mode is used in the massive routing protocol and much more suitable for wireless sensor networks.

3. Trusted Tree-Based Trust Management

In this section, the threats are firstly analyzed, and then the computing method of trust value and Trust Tree are designed. At last, the Trust Tree-based trust management is added into the QoS based routing protocol.

3.1. Threats Analysis

Two types of attacks could occur in wireless sensor networks. The first type is the external attack. Wireless sensor networks are generally deployed in the unattended environment. The malicious nodes make it easy to launch the external attacks, such as denial of service (DoS) attack, sniffing attack, and replay attack [30]. DoS attacker can flood the massive hello message or redundant information. The normal and legitimate communication between nodes is disrupted. Although the sniffing attacker has no key materials about communication, it can passively eavesdrop on the transmitted data between legitimate nodes. The replay attacker can simply retransmit the earlier packets to the neighbor nodes, since it can receive the packets by wireless link. These external attacks can be defended by some cryptographic algorithms and authentication mechanisms.

However, the cryptography and authentication fail to defend the internal attacks. When the node is compromised to be the malicious node, it is changed to be the internal attacker. The second type is the internal attacks that the compromised nodes launch. These malicious nodes can participate in the routing or collude with other malicious nodes. Wireless sensor networks are more vulnerable to the internal attacks as compared to the external attacks. There are usually some internal attacks including Blackhole, Greyhole, Sinkhole, and Wormhole [31]. The Blackhole attacker drops all the messages when it receives them from the neighborhood nodes. The Greyhole attacker forwards a part of the received message or discards parts of them. The Sinkhole attacker likes the Blackhole attacker, but it deceives the nodes in its near area and disguises itself as the Sink node and then attracts all the data from this area. The two malicious nodes tunnel the messages and replay them from one part of network to another part. This attack is called Wormhole attack. The trust mechanism is a widely used technology in aiding the nodes to deal with the uncertainties and malfunctions of the internal attacker nodes. By observing the behavior of the nodes in the network for a certain period, the normal node calculates the trust value and then justifies if the observed node is trusted.

Although the trust based security mechanism can continuously monitor nodes’ behavior to detect the malicious and compromised nodes, the trust mechanism itself is also easy to be attacked. Before the malicious and misbehaved nodes are not detected, they launch some attacks on the trust management system in the network, such as on-off attack and bad-mouthing attack. In the on-off attack, the malicious nodes avoid being found by alternatively good and bad behavior, hoping that they remain in the trusted nodes set. The bad-mouthing attacker forges the recommendation of nodes, in which they frame up the recommendation of normal nodes and boost the trust recommendation of malicious nodes. They impair the trust management system by this kind of different behavior. These malicious nodes trick and attack the trust management system by the intelligent misbehavior. When the proportion of malicious behavior is lower, the detection of malicious nodes is more difficult to achieve. The current trust mechanisms have seldom effective methods to detect the low proportional malicious behavior. In this paper, the dynamic sliding window is used to solve this issue.

3.2. Computing of Trust Value

By observing the weight of neighborhood nodes’ misbehavior, the node usually computes their trust value. The sliding time window is used to estimate the trust value of nodes. The time window $W_{n}$ contains the n time units, as is shown in Figure 1. The $S_{k}$ and $F_{k}$ are the numbers of successful and failed transactions for each observation time unit. After each unit of time, the window slides to the right, recording the new experience and dropping experience recorded earlier.

Figure 1

Sliding time window.

Based on the observed information in the time window, the direct trust value is estimated. The direct trust value of node B for node A is denoted by $V_{D T} (A, B)$ :

\begin{matrix} V_{D T} (A, B) = λ \times \frac{\sum_{k = 0}^{n - 1} α_{k} P_{k} (A, B)}{\sum_{k = 0}^{n - 1} α_{k}}, \\ P_{k} (A, B) = \frac{S_{k} + 1}{S_{k} + F_{k} + 2}, \end{matrix}

(1)

where

P_{k}

is the trust value in each time unit; n is the number of units; λ scales the computed trust value.

α_{k}

is the aging factor parameter and is defined as

α_{k} = μ^{n - k}

, where

0 < μ < 1

The direct trust value is computed by the observed number of misbehavior. Since the on-off attacker behaves well and badly alternatively to get the high trust value, calculating the period of misbehavior is adopted to detect the on-off attack. Based on the units in sliding time window, the time interval of good and bad behavior is estimated. When the proportion of misbehavior is higher, the smaller size of sliding time window can detect the misbehavior. However, when the proportion of misbehavior is lower, the size of sliding time window needs to be enlarged to cover the enough observed behavior. The current sliding time window adopts the fixed size that is previously set, before the nodes are deployed. If the fixed size is larger, it is a waste of storage resource. On the other hand, if the fixed size is smaller, it is not effective for detecting the low proportion of misbehavior. Therefore, in this paper, the sliding time window is changed into a kind of dynamic sliding time window. When the trust evaluation value is lower than the trust threshold of behavior, this window unit is considered as an on attacking unit and is temporarily stored in time window by prolonging the size of sliding time window. The fourth on window unit is reserved, as shown in Figure 2(a).

Figure 2

Size of dynamic time window.

In sliding time window, node A observes the behavior of node B and finds that $P_{k} (A, B)$ is lower than the trust threshold. So node A suspects that node B launches a four-good-one-bad on-off attack. And then node A prolongs the size of sliding time window to 8 as shown in Figure 2(b). The window monitoring value of node B for node A is denoted by $V_{S W} (A, B)$ :

\begin{matrix} V_{S W} (A, B) = \frac{\sum U n i t s_{o n}}{\sum U n i t s_{o n} + \sum U n i t s_{o f f}} . \end{matrix}

(2)

Node A normally sets a reasonable and secure value low bang $V T_{l b}$ and high bang $V T_{h b}$ for the dynamic window. If $V_{S W}$ is larger than $V T_{h b}$ , the size of sliding window is prolonged to observe more behavior of node in added window units. With the number of good behavior increasing, $V_{S W}$ is reduced. When $V_{S W}$ is lower than $V T_{l b}$ , the number of window units is gradually decreased to the normal size.

Recommendation consistency is used to estimate the recommendation trust. The outlier detection scheme is a tool for detecting recommendation consistency. After receiving the recommendations from the neighboring nodes, node A firstly computes the mean $M_{V_{R}}$ and then deduces the variance $σ_{R}$ . The recommendation is good as long as the variance of recommendation is lower than $σ_{R}$ . Furthermore, the commendation trust value $V_{R T}$ is calculated by adopting previous method of computing direct trust. The bad recommendation can be detected and avoided. So the node defends the bad-mouthing attack based on it.

The indirect trust is calculated by employing trust chain, on the condition of legitimate recommendation trust. Node $C_{i}$ is the neighborhood nodes of node A, and every node $C_{i}$ has the trust value $V_{D T} (C_{i}, B)$ for the observed node B. Indirect trust is computed by the trust propagation. With the recommendation trust from the trusted nodes, one way to calculate the indirect trust of node B for A is

\begin{matrix} V_{I T} (A, B) = \frac{\sum_{i = 1}^{m} V_{R T} (A, C_{i}) \times V_{D T} (A, C_{i}) \times V_{D T} (C_{i}, B)}{m}, \end{matrix}

(3)

where m is the number of good commendations.

The trust value of node B for node A is obtained according to the direct and indirect trust value:

\begin{matrix} V_{T} (A, B) = β \cdot V_{D T} (A, B) + (1 - β) \cdot V_{I T} (A, B) . \end{matrix}

(4)

The computing process of node trust value is detailed as follows.

Node A firstly broadcasts the Trust Computing Request (TCR) message to the neighbor nodes in the communication range. The TCR message contains the following fields:

\begin{matrix} 〈TCR  identifier, s e q_{A}, B〉, \end{matrix}

(5)

where TCR identifier stands for the TCR message;

s e q_{A}

is the sequence number of TCR message that node A sends; B is the observed node. Node A sets the timer for the reply of neighbors and then waits for the recommendation messages from them.

Upon receiving the TCR message, the neighbor node $C_{i}$ takes $V_{D T} (C_{i}, B)$ into the Trust Computing Reply (TRE) message and unicasts TCR message back to node A. The TCR message consists of the following fields:

\begin{matrix} 〈TRE  identifier, s e q_{A}, B, C_{i}, V_{D T} (C_{i}, B)〉 . \end{matrix}

(6)

After node A receives the recommendations, it can compute the trust value of node B and decide if node B is reserved in its trusted neighbors set.

3.3. Model of Trusted Tree

Each node sends or forwards the data to the Sink in wireless sensor networks. The communication link is wireless channel, which is easily influenced by the environment. The quality of wireless link is usually measured by the number of data packets transmitted successfully [32–34]. The wireless link is a bidirection channel with ACK message. By using EWMA method, the nodes set time interval to compute the success probability of packet acceptance in the wireless link. The ETX is used to calculate the link quality. $d_{f}$ and $d_{r}$ are, respectively, indicated as the packet reception successful rate of the forward and reverse link. The wireless link quality is denoted by $E T X_{l i n k} = 1 / (d_{f} \times d_{r})$ . The smaller the ETX is, the better the data reception and link quality are. Suppose the ETX of Sink is 0; the path quality of the other node is equal to the accumulation of single hop link quality. Consider

\begin{matrix} P Q_{A} = \min \{P Q_{B} + L Q_{A, B} ∣ B \in N S (A)\}, \end{matrix}

(7)

where

L Q_{A, B}

stands for the link quality from node A to node B;

P Q_{B}

represents the path quality of node B; the path quality

P Q_{A}

of node A is the minimum value that the function

\min {*}

returns;

N S (A)

is the neighbor set of node A.

According to the accumulation process of path quality, the network topology can form a tree, and the root is Sink, as shown in Figure 3. To some extent, the path quality in this tree reflects the distance to the Sink, which is seen as the gradient information for routing.

Figure 3

Trusted Tree.

3.4. Establishment of Trusted Tree

Since the bilinear pairing technology has been implemented on the sensor node platform, identity-based cryptography is used in wireless sensor networks [35]. The public key is derived based on the public information, such as the ID of node. The steps of key distribution and authentication between nodes are decreased. The complexity of computing and communication load is effectively controlled. In recent years, there have been many solutions put in wireless sensor networks, such as TinyTate [36], TinyPBC [37], and TinyParing [38]. Based on cryptography technology and trust management, Trusted Tree is constructed.

3.4.1. Key Predeployment

The data is forwarded to the Sink in wireless sensor networks. It is assumed that the Sink is secure and trusted, which is equipped with trusted computing module. Therefore, the Sink is trustworthy and unassailable and is seen as the trusted authority. All of the key materials are stored in the Sink. However, the normal nodes are not tamper-resistant and can be compromised easily. The key and data of node can be extracted, because the hardware of node is cost constraint.

Before the network nodes are deployed, the initial key and the necessary part of key materials are stored in the normal nodes. The five steps are listed as follows: (i)

Each node A has a unique, integer-valued ID, denoted by ${I D}_{A}$ .

(ii)

Choose the hash function $H : {\{0,1\}}^{*} \to G_{1}$ , mapping arbitrary strings to the elements in $G_{1}$ , and bilinear pairing $e l : G_{1} \times G_{1} \to G_{2}$ , and master secret $k \in Z_{q}$ .

(iii)

Choose the hash function $h : {\{0,1\}}^{*} \to {\{0,1\}}^{N}$ , mapping arbitrary strings to the fixed length string.

(iv)

Set the path quality of node A to the initial value $P Q_{i n i t}$ and compute its public key $P K_{A} = H (I D_{A} ∥ P Q_{i n i t})$ and private key $T K_{A} = k H ({I D}_{A} ∥ P Q_{i n i t})$ .

(v)

Store the relative parameter $(G_{1}, G_{2}, e l, q, H, h)$ and $T K_{A}$ in node A.

Since the Discrete Logarithm Problem is too difficult to be solved, it is infeasible to deduce k from the ID and public key. In other words, although some nodes are captured and compromised, and relative key materials are extracted from them, the adversaries have no way to compute the critical key of other nodes.

3.4.2. Authentication between Neighborhood Nodes

The neighborhood authentication is the foundation of the data transmission between neighborhood nodes. When the legitimate node only forwards/receives data to/from the authenticated nodes, the bogus message is not injected into the network, and the secure data is not swindled by the external attackers. The detailed procedure of neighborhood authentication is the following.

Before the node communicates with the neighbor, the nodes should firstly perform the mutual authentication. Node A broadcasts the neighborhood authentication (NAU) message, which includes message identifier, ${I D}_{A}$ , current path quality ${C P Q}_{A}$ , and a random nonce $R_{A}$ . The NAU message comprises the following fields:

\begin{matrix} 〈NAU  identifier, {I D}_{A}, {C P Q}_{A}, R_{A}〉, \end{matrix}

(8)

where NAU identifier uniquely identifies the NAU message;

{I D}_{A}

denotes that this NAU message is from node A;

{C P Q}_{A}

is used to negotiate the shared key between the neighborhood nodes;

R_{A}

is applied to calculate and compare the message integrity code.

Node B responds to this message, when it is within the transmission range of node A. Node B firstly calculates the shared key $N K_{B, A}$ based on ${I D}_{A}$ , ${C P Q}_{A}$ , ${I D}_{B}$ , and ${C P Q}_{B}$ . And then Node B computes the message integrity code $h_{N K_{B, A}} (R_{A} ∥ R_{B} ∥ 1)$ by using parameters $R_{A}$ and $R_{B}$ . Node B responds to node A, after it generates the Neighbor Respond (NRE) message with $h_{N K_{B, A}} (R_{A} ∥ R_{B} ∥ 1)$ . The NRE message consists of the following fields:

\begin{matrix} 〈NRE  identifier, {I D}_{B}, {C P Q}_{B}, R_{B}, h_{N K_{B, A}} (R_{A} ∥ R_{B} ∥ 1)〉, \end{matrix}

(9)

where NRE identifier presents the NRE message; the function of

{I D}_{B}

{C P Q}_{B}

, and

R_{B}

is identical to the homologous fields in NAU message. Based on bilinear pairing formulation,

N K_{B, A}

is computed by the private key

T K_{B}

of node B and the public key

P K_{A}

of node A. Although

N K_{B, A}

is generated on node B,

N K_{B, A}

is equal to

N K_{A, B}

that is deduced by node A. The computing process is described as follows:

\begin{matrix} N K_{B, A} = e l (T K_{B}, P K_{A}) = e l (T K_{B}, H (I D_{A} ∥ C P Q_{A})) = e l (k H (I D_{B} ∥ C P Q_{B}), H (I D_{A} ∥ C P Q_{A})) = e l (H (I D_{B} ∥ C P Q_{B}), k H (I D_{A} ∥ C P Q_{A})) = e l (H (I D_{B} ∥ C P Q_{B}), T K_{A}) = e l (T K_{A}, H (I D_{B} ∥ C P Q_{B})) = e l (T K_{A}, P K_{B}) = N K_{A, B} . \end{matrix}

(10)

Based on the bilinearity and symmetry of $e l$ , the above equation holds. Therefore, node A uses $N K_{A, B}$ to compute $h_{N K_{A, B}} (R_{A} ∥ R_{B} ∥ 1)$ . If the result is equal to what node B sent, node A considers node B an authentic neighbor. After node A verifies the NRE message, it sends the Neighbor Confirmation (NCO) message to node B. The NCO message contains the following fields:

\begin{matrix} 〈NCO  identifier, h_{N K_{A, B}} (R_{A} ∥ R_{B} ∥ 2)〉, \end{matrix}

(11)

where NCO identifier denotes the NCO message.

h_{N K_{A, B}} (R_{A} ∥ R_{B} ∥ 2)

is used to verify node A, due to

h_{N K_{B, A}} (R_{A} ∥ R_{B} ∥ 2) = h_{N K_{A, B}} (R_{A} ∥ R_{B} ∥ 2)

By the three-way handshaking above, node A can construct the set of its certificated neighborhood nodes, and the shared keys between them are generated at the same time.

3.4.3. Construction Procedure

The Sink is secure and not compromised in wireless sensor networks; otherwise it is difficult to set up the trust management mechanism and secure protocol. Since the path quality of Sink is 0, each node can find a path to the Sink, by the relaying of other nodes. In the construction procedure, the Sink firstly establishes the one-hop trusted path with the neighboring nodes, and then other nodes are added into the Trusted Tree by the nodes that have joined the Trusted Tree. The detailed procedure of construction is represented as follows.

The Sink periodically broadcasts the Trusted Tree (TTR) message, which contains the message identifier, a sequence number $N_{S i n k}$ , and the message integrity code which affirms the Sink origin of it. The TTR message comprises the following fields:

\begin{matrix} 〈TTR  identifier, N_{S i n k}, T K_{S i n k} [TTM  identifier ∥ N_{S i n k}]〉, \end{matrix}

(12)

where TTR identifier stands for the TTR message;

N_{S i n k}

is used to differentiate and compare the message; the private key

T K_{S i n k}

of Sink is applied to sign the message. After the nodes receive and verify the TTR message, they rebroadcast the message. By comparing the messages from the neighboring nodes, the receiving node calculates the trust value and then sets up the trust relationship with them. The authenticated result of message is used in computing the node's trust value.

Node A receives the messages from the certificated neighboring nodes. If the current path quality of neighboring node is not the initial value $P Q_{i n i t}$ , the neighboring node has been authenticated with the Sink and has joined the Trusted Tree. Based on (7), node A researches the parent node B from its neighbor nodes set and then invokes the computing process of node trust value in Section 3.2.

If the trust value of parent node B is larger than the trusted threshold, node A sets up the Joining Tree (JTR) message by using $I D_{A}$ , current path quality ${C P Q}_{A}$ , new calculating path quality ${N P Q}_{A}$ , $V_{T} (A, B)$ , and $n_{p} \cdot {(P K_{A})}_{N P Q}$ . $n_{p}$ is a random number. ${(P K_{A})}_{N P Q}$ is the public key that is generated by ${N P Q}_{A}$ . And node A uses the current private $T K_{A}$ to sign it. The JTR message consists of the following fields:

\begin{matrix} 〈J T R i d e n t i f i e r, {I D}_{A}, {C P Q}_{A}, {N P Q}_{A}, n_{p} \cdot {(P K_{A})}_{N P Q}, V_{T} (A, B), T K_{A} [{I D}_{A} ∥ {C P Q}_{A} ∥ {N P Q}_{A} ∥ n_{p} \cdot {(P K_{A})}_{N P Q}]〉, \end{matrix}

(13)

where JTR identifier represents the JTR message.

Node A sends the JTR message to the parent node B. Node A encrypts the JTR message by using the shared key with node B. If node B is not directly communicated with the Sink, it needs to forward JTR message to the relaying node D, and then node D forwards it to the Sink. In the forwarding process, the trust value of relaying nodes is added into the JTR message. Figure 4 shows the JTR message delivering.

Figure 4

Message delivering.

After the Sink receives the JTR message from node A, the Sink stores the path quality of node A and calculates the new private key according to ${(T K_{A})}_{N P Q} = k H ({I D}_{A} ∥ {N P Q}_{A})$ . Then the Sink computes the trust value of topology path in Trusted Tree, which is denoted by $V_{T T} (A)$ . The Sink packets the encrypted ${(T K_{A})}_{N P Q}$ and $n_{q} \cdot P K_{S i n k}$ into the Tree Confirmation (TCO) message. $n_{q}$ is a random number and $P K_{S i n k}$ is the public key of Sink. The TCO message contains the following fields:

\begin{matrix} 〈TCM  identifier, P K_{A} \{{(T K_{A})}_{N P Q}\}, {n_{q} \cdot P K}_{S i n k}, T K_{S i n k} [P K_{A} \{{(T K_{A})}_{n e w}\} ∥ n_{q} \cdot P K_{S i n k}]〉, \end{matrix}

(14)

where TCO identifier denotes the TCO message; the generated

{(T K_{A})}_{N P Q}

is securely transmitted back to node A by encryption. At last, the Sink signs this message. The Sink calculates the shared key with node A, by using

\begin{matrix} S K_{S i n k \leftrightarrow A} = e l (T K_{S i n k}, n_{p} \cdot {(P K_{A})}_{N P Q} + n_{q} \cdot {(P K_{A})}_{N P Q}) = e l (k \cdot P K_{S i n k}, (n_{p} + n_{q}) \cdot {(P K_{A})}_{N P Q}) = e l {(P K_{S i n k}, {(P K_{A})}_{N P Q})}^{k \cdot (n_{p} + n_{q})} . \end{matrix}

(15)

Once node A receives the TCO message, it also computes the shared key as follows:

\begin{matrix} S K_{A \leftrightarrow S i n k} = e l ({(T K_{A})}_{N P Q}, n_{p} \cdot P K_{S i n k} + n_{q} \cdot P K_{S i n k}) = e l (k H (I D_{A} ∥ N P Q_{A}), (n_{p} + n_{q}) P K_{S i n k}) = e l {({(P K_{A})}_{N P Q}, P K_{S i n k})}^{k \cdot (n_{p} + n_{q})} = e l {(P K_{S i n k}, {(P K_{A})}_{N P Q})}^{k \cdot (n_{p} + n_{q})} = S K_{S i n k \leftrightarrow A} . \end{matrix}

(16)

After the shared key is set up and node A has joined the Trusted Tree, node A updates the information with its neighborhood nodes. And the neighbors, which are not added into the Trusted Tree, join the Trusted Tree by node A. In the processing of establishing the Trusted Tree, the Sink stores the secure information of nodes in network.

These neighborhood authentication messages and Trusted Tree construction messages can be piggybacked in the routing protocol messages. So the communication overhead is further reduced.

3.5. Routing Algorithm

In the design of trust based routing, two aspects need to be considered. The first aspect implies checking the trust value of the nodes and path. Only the nodes and path, whose trust value is larger than the set trusted threshold, are placed into the candidate set of the routing decision. The second aspect tries to include the trust value metric and some kind of routing metric, such as hop counts and QoS parameter. In other words, on the basis of trusted nodes, the secure routing with QoS support is built. The routing decision is based on the combination value of the two metrics.

The Trusted Tree-based trust management scheme can be applied in many routing protocols and algorithms. Taking the QoS based routing protocol as example, we add Trusted Tree-based trust management scheme into the TQOS, which implements TQOS using Trusted Tree (TT). Since both the trust and QoS requirement are considered, the cost that combines the trust and QoS requirement is designed as follows:

\begin{matrix} C_{A} (P) = \sum_{i, j \in P} α \cdot Φ (i, j) \cdot (1 - V_{T} (i, j)), \end{matrix}

(17)

\begin{matrix} Φ (i, j) = β \cdot L Q_{i, j} \cdot D_{i, j}, \end{matrix}

(18)

where α is a coefficient that is used to scale the cost;

Φ (i, j)

is a combined metric that contains the link quality

L Q_{i, j}

and delay

D_{i, j}

over the link from i to j; β is a scaling factor that is used to scale the impact of delay on the total metric. The bigger value of

C_{A} (P)

represents the higher cost of path P, which is due to lower path quality, or the less trust value of path, or both. The path that is less trusted and does not meet the QoS requirement cannot be selected. Therefore, the problem of routing decision can be described as researching the minimum cost of path to be selected as follows:

\begin{matrix} \min C_{A} (P), P \in Ω_{A \to S i n k}, \end{matrix}

(19)

where

Ω_{A \to S i n k}

is the set of routing paths that are from node A to the Sink.

In order to implement the minimum $C_{A} (P)$ , each relaying node needs to calculate an increase to the cost function $C_{A} (P)$ when it and next hop node are selected to join the path P.

In the process of secure routing establishment, source node A broadcasts the route discovery packet ( ${R D P}_{A}$ ) with its secure signature. If node B belongs to the trusted neighbors set of node A, and ${C P Q}_{B}$ is lower than ${C P Q}_{A}$ , node B adds its own information into the ${R D P}_{A}$ and then rebroadcasts it. The smaller ${C P Q}_{B}$ means node B is nearer to the Sink, because the path quality in Trusted Tree is a kind of gradient information for routing. If ${C P Q}_{B}$ is higher than ${C P Q}_{A}$ , the distance or hop number of node B to the Sink can be larger than node A. So node B can not be the next hop of node A and drops ${R D P}_{A}$ . This process is repeated until it reaches the Sink. At the Sink, it firstly verifies ${R D P}_{A}$ and then calculates the total cost of the routing path by using (17). After the Sink receives a few routing discovery packets from node A, it makes the routing decision by using (19). The path with the least cost is selected as the optimal path. And then the Sink sends the route reply packet ( ${R E P}_{A}$ ) back to node A. After node A receives and verifies ${R E P}_{A}$ , the secure route between node A and the Sink is established, and node A starts data transmission. The process of route establishment is implemented on the Trusted Tree. The steps are shown in Algorithm 1(a).

Algorithm 1: The processing flow of algorithm.

(a) Algorithm for secure route establishment

(1) Process Initialization;

(2) Source node broadcasts RDP to its neighborhood nodes;

(3) while (verify(RDP) == TRUE AND Receiving Node ≠ Sink);

(4) if ( $C P Q_{R e c e i v i n g N o d e}$ < $C P Q_{S e n d i n g N o d e}$ );

(5) Receiving Node adds its own information and rebroadcasts RDP;

(6) else

(7) Receiving Node drops RDP;

(8) end if

(9) end while

(10) By using (17), the Sink computes the cost for the current route of the RDP;

(11) Store the current RDP and its cost into $Ω_{S o u r c e N o d e \to S i n k}$ ;

(12) if $Ω_{S o u r c e N o d e \to S i n k}$ is FULL;

(13) By using (19), select the one with the least cost;

(14) Sends the REP back to the Source Node over the selected route;

(15) end if

(16) Source node receives the REP;

(17) if (verify(REP) == TRUE)

(18) Secure route is established, and start data transmission;

(19) end if

(20) End Process

(b) Algorithm for secure route maintenance

(1) Process Initialization;

(2) if (The trust value of Monitored Node is lower than the trust threshold)

(3) Generates the RER, and broadcasts the RER;

(4) if (Monitoring Node == Source Node AND Monitored Node == Next Hop)

(5) Deletes the route, and invokes Algorithm 1(a);

(6) else if (Monitored Node == Next Hop)

(7) Deletes the route;

(8) end if;

(9) end if;

(10) while (Receiving Node ≠ Source Node)

(11) if (Sending Node == Next Hop OR Monitored Node == Next Hop)

(12) Deletes the route;

(13) end if;

(14) Broadcast the RER;

(15) end while;

(16) Establish the new route by using Algorithm 1(a);

(17) End Process

The nodes on the Trusted Tree monitor and observe the behavior of neighbor nodes. When the trust value of observed node is lower than the trust threshold, the route error (RER) message is generated to notify other nodes to change the route.

For example, node E is compromised. When the malicious behavior of node E is detected by node D, it broadcasts ${R E R}_{D}$ . If node E is next hop of node D, and node D is not the source node of route, it only deletes node E from its routing table and trusted neighbor set. If node D is the source node, it needs to reestablish the route to the Sink by using Algorithm 1(a). When the neighbor node C of node D receives ${R E R}_{D}$ , and it finds that node E or node D is its next hop, it deletes this next hop from the routing table and broadcasts $R E R_{D}$ . After it reaches the source node, the new route establishment is conducted. Algorithm 1(b) describes this process.

4. Performance Evaluation

All of the simulation experiments are run in the TOSSIM simulator [39]. TOSSIM inherits the implementation and design of TinyOS, which provides the tool to generate network topology and uses CPM algorithm to simulate noise. The scenario that is used in our experiments consists of a 100 m × 100 m square area. The Sink is placed at the edge of the experiment area. The nodes are uniformly randomly distributed, where the average node density is about 2 to 6 nodes in each 20 m × 20 m square subarea. And the distance between any two nodes is more than 7 meters. The ID of node is orderly numbered by their distance to the Sink from near to far. Among the total number of the nodes in the experiment, 10 percent nodes are selected as the malicious nodes. Other normal nodes generate the sensed data packets by the period of random time interval. Each node can have the difference task for monitoring the environment. The period of sensing data or event driven time is also different. The nodes send a packet at the random time interval, which is randomly set from 5 to 15 seconds. The simulation experiments are run for 6000 seconds. The main experimental parameters are listed in Table 1.

Table 1

Simulation settings.

Parameter	Value
Terrain (m²)	100 × 100
Node number	100
Packet length (Byte)	110
MAC protocol	IEEE802.15.4 CSMA
Radio range (m)	40
Trust threshold	0.4

We implement and compare TQOS, TQOS using ReTrust, and TQOS using TT (Trusted Tree). After the malicious and normal nodes are selected, each test is executed about 5 times, and then their average value is calculated.

4.1. The Security and Performance of Trusted Routing

The trust management scheme is the effective method to defend the attacks in the network routing. In the tampering attack, the malicious node forwards the messages in the routing path, after receiving and tampering the messages. So the trust management scheme needs to cooperate with the cryptographic technique to detect the malicious nodes. And then the trust management scheme recalculates the trust value of the nodes and path for the routing algorithm.

As shown in Figure 5, the average delivery ratio of the packet decreases significantly when the malicious nodes launch the attack, while the average delivery ratio increases after the malicious nodes are detected out. At the initial stage of network running, the average delivery ratio is close to 1. Since the tampered messages are dropped, the packet loss ratio increases and the average delivery ration suffers the degradation. Compared with TQOS, the TQOS using ReTrust and TQOS using TT can earlier detect the malicious nodes, because the direct trust and indirect trust are used in them. TQOS has only direct trust by observing the neighbor nodes, so the detection efficiency of TQOS is lower than them. However, the trust value node and path are computed in dynamic time window of TQOS using TT, and the path quality gradient of Trusted Tree can speed up the building process of secure routing path. Therefore, the average delivery ratio in the new path of TQOS using TT increases more than the TQOS using ReTrust.

Figure 5

Average delivery ratio under tampering attack.

Figure 6 represents the average transmission latency of the 30 normal nodes, which are randomly selected among the source nodes. The transmission time of packet is the base for the data transmission. The statistics of latency is based on the transmission time of packet. According to the transmission time of each packet from the source node to the destination node, the latency is counted and calculated on the Sink. Based on the link quality of Trusted Tree and the routing discovery, the TQOS using TT can get higher performance and has the lower transmission delay. TQOS using ReTrust has more stable routing path than the TQOS. Since the direct trust and indirect trust are used, the trust value of path is faster calculated for the routing. So the performance is enhanced.

Figure 6

End-to-end delay under tampering attack.

In the TQOS using TT, the routing path is built on the Trusted Tree. The next hop node is the trusted neighbor node, which is from the authenticated neighbor nodes set. And the neighbor nodes, which take lower path quality as routing gradient, forward the routing discovery packet for route establishment. The massive flooding of routing message is avoided. So TQOS using TT has the lower route load as shown in Figure 7. Due to the large number of broadcast and rebroadcast packets sent and forwarded, TQOS has much higher cost. Based on the scheme of TQOS, the direct trust and indirect trust communication of TQOS using ReTrust result in more load.

Figure 7

Route load.

4.2. Detecting Malicious Behavior

The malicious node can continue to change between the good and bad behavior, so as to achieve the purpose of damaging the network and avoid being detected. Firstly, we execute the simulation, in which the malicious nodes launch the on-off attack with dropping 50% of packets. The attack effect is shown in Figure 8. Compared with the tampering attack, the average delivery ratio decreases gently in the presence of the on-off attacking, but many packets are dropped. This is because the malicious nodes are difficult to be detected. The message authentication mechanism in TQOS is modified and replaced by the direct trust computing. The average delivery ratio is lower when only direct trust is used. But the malicious nodes are earlier detected out in the TQOS using ReTrust and TQOS using TT. And TQOS using TT has higher delivery ratio than TQOS using ReTrust, because of the dynamic time window and Trusted Tree.

Figure 8

Average delivery ratio under on-off attack.

In the presence of on-off attack, the average transmission latency of the 30 normal nodes is shown in Figure 9. The transmission latency of data packet is computed. In TQOS, the instability of the trust value results in the fluctuation of the delay. TQOS using ReTrust can alleviate the instability of the trust value. By the dynamic time window and Trusted Tree, TQOS using TT can quicker find out the malicious node and enhance performance on the latency.

Figure 9

End-to-end delay under on-off attack.

When the malicious nodes launch the on-off attack with dropping 10% of packets, the attack effect is shown in Figure 10. TQOS and TQOS using ReTrust are difficult to detect out the attack. However, TQOS using TT can prolong the size of dynamic sliding window to find out the malicious nodes and raise the average delivery ratio.

Figure 10

The effect of lower probability on-off attack.

When the bad-mouthing attack is launched, the malicious nodes detection performance is shown in Figure 11. Let D denote the set of malicious nodes that are detected out. M represents the set of malicious nodes. The malicious nodes detection performance is defined as $D / M$ , which is a real number in $[0,1]$ . In order to avoid being detected, the malicious nodes do not launch bad-mouthing attack constantly. When the proportion of bad-mouthing behavior is 50% and 20%, the TQOS using ReTrust and TQOS using TT can find out the malicious nodes. But the TQOS using TT has the higher performance. While the proportion of bad-mouthing behavior drops down to 10%, the TQOS using TT can still detect the malicious node since the dynamic time window is introduced.

Figure 11

Malicious node detection performance.

4.3. Residual Energy

After the simulation is completed, the residual energy of normal nodes is shown in Figure 12. For TQOS using TT, the average value of residual energy is 0.679, and TQOS and TQOS using ReTrust are, respectively, 0.589 and 0.561. TQOS using TT does not use the message redundancy and route redundancy to build secure routing. So the number of messages is decreased. TQOS using TT has the higher residual energy. The building process of routing path is shortened by introducing Trusted Tree. The network lifetime is longer in TQOS using TT.

Figure 12

Residual energy.

5. Conclusions

In this paper, we proposed Trusted Tree-based trust management scheme for secure routing. The attacks in wireless sensor networks are firstly analyzed. Based on the distributed trust model with the detection of direct trust and indirect trust, the dynamic time window is used to compute the trust value of nodes. Then Trusted Tree is established on the trusted nodes. The node's path quality in Trusted Tree can aid the routing discovery process to set up the routing path. Trusted Tree-based trust management scheme can be added to the many secure routing algorithms, such as the QoS based secure routing algorithm. Compared with some current algorithms with the trust management scheme, the routing algorithm with Trusted Tree shows better performance and security, according to results of the simulation experiments.

In the future, we plan to use message type weight to develop the distributed trust mode, which can both improve the detection efficiency and enhance the network performance. We will add our proposed trust management into some actual network protocol, such as IETF RPL protocol.

Footnotes

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work is supported by the National Natural Science Foundation of China under Grant nos. 60903159 and 61173153, the Special Fund from the Central Collegiate Basic Scientific Research Bursary N110818001 and N100218001, and Science and Technology Planning Project of Shenyang City under Grant no. 1091176-1-00. The authors would like to thank NSR (Neusoft Group Research) and research colleagues for support.

References

Mainetti

Patrono

Vilei

Evolution of wireless sensor networks towards the internet of things: a survey

Proceedings of the 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM ′11)

September 2011

Split, Croatia

1 6

2-s2.0-81455142290

Rawat

Singh

K. D.

Chaouchi

Bonnin

J. M.

Wireless sensor networks: a survey on recent developments and potential synergies

Journal of Supercomputing 2014 68 1 1 48

10.1007/s11227-013-1021-9

2-s2.0-84904043180

Duan

Yang

Zhu

Zhang

Zhao

TSRF: a trust-aware secure routing framework in wireless sensor networks

International Journal of Distributed Sensor Networks 2014 2014 14

209436

10.1155/2014/209436

2-s2.0-84893163837

Acampora

Gaeta

Loia

Vasilakos

A. V.

Interoperable and adaptive fuzzy services for ambient intelligence applications

ACM Transactions on Autonomous and Adaptive Systems 2010 5 2, article 8

10.1145/1740600.1740604

2-s2.0-77952928088

Yick

Mukherjee

Ghosal

Wireless sensor network survey

Computer Networks 2008 52 12 2292 2330

10.1016/j.comnet.2008.04.002

2-s2.0-46449122114

Zhou

Xiong

Shu

Vasilakos

Yeo

S.-S.

Context-aware middleware for multimedia services in heterogeneous networks

IEEE Intelligent Systems 2010 25 2 40 47

10.1109/mis.2010.48

2-s2.0-77954803204

Liu

Song

Zhang

Vasilakos

A. V.

Physarum optimization: a biology-inspired algorithm for the Steiner tree problem in networks

IEEE Transactions on Computers 2015 64 3 819 832

10.1109/tc.2013.229

MR3313287

Akyildiz

I. F.

Melodia

Chowdhury

K. R.

A survey on wireless multimedia sensor networks

Computer Networks 2007 51 4 921 960

10.1016/j.comnet.2006.10.002

2-s2.0-33845708421

Song

Liu

Vasilakos

A. V.

A biology-based algorithm to minimal exposure problem of wireless sensor networks

IEEE Transactions on Network and Service Management 2014 11 3 417 430

10.1109/tnsm.2014.2346080

10.

Liu

Vasilakos

A. V.

Toward incentivizing anti-spoofing deployment

IEEE Transactions on Information Forensics and Security 2014 9 3 436 450

10.1109/tifs.2013.2296437

2-s2.0-84896839864

11.

Yang

Zhang

Zhou

Liu

Vasilakos

A. V.

Provably secure three-party authenticated key agreement protocol using smart cards

Computer Networks 2014 58 1 29 38

10.1016/j.comnet.2013.08.020

2-s2.0-84893715932

12.

Yan

Zhang

Vasilakos

A. V.

A security and trust framework for virtualized networks and software-defined networking

Security and Communication Networks 2015

10.1002/sec.1243

13.

Alam

Analysis of security threats in wireless sensor network

International Journal of Wireless and Mobile Networks 2014 6 2 35 46

10.5121/ijwmn.2014.6204

14.

Dener

Security analysis in wireless sensor networks

International Journal of Distributed Sensor Networks 2014 2014 9

303501

10.1155/2014/303501

2-s2.0-84911456638

15.

Jing

Vasilakos

A. V.

Wan

Qiu

Security of the internet of things: perspectives and challenges

Wireless Networks 2014 20 8 2481 2501

10.1007/s11276-014-0761-7

2-s2.0-84910149653

16.

Han

Jiang

Shu

Niu

Chao

H.-C.

Management and applications of trust in wireless sensor networks: a survey

Journal of Computer and System Sciences 2014 80 3 602 617

10.1016/j.jcss.2013.06.014

2-s2.0-84891933258

17.

Yan

Zhang

Vasilakos

A. V.

A survey on trust management for Internet of Things

Journal of Network and Computer Applications 2014 42 120 134

10.1016/j.jnca.2014.01.014

2-s2.0-84901427258

18.

Tajeddine

Kayssi

Chehab

CENTER: a centralized trust-based efficient routing protocol for wireless sensor networks

Proceedings of the 10th Annual International Conference on Privacy, Security and Trust (PST ′12)

July 2012

195 202

10.1109/pst.2012.6297940

2-s2.0-84868234787

19.

Tajeddine

Kayssi

Chehab

Elhajj

Itani

CENTERA: a centralized trust-based efficient routing protocol with authentication for wireless sensor networks

Sensors 2015 15 2 3299 3333

10.3390/s150203299

20.

Kim

T. K.

Seo

H. S.

A trust model using fuzzy logic in wireless sensor networks

Proceeding of World Academy of Science Engineering and Technology 2008 32 63 66

21.

Leung

K. K.

A Trustworthiness-based QoS routing protocol for wireless ad hoc networks

IEEE Transactions on Wireless Communications 2009 8 4 1888 1898

10.1109/TWC.2009.080161

2-s2.0-65949087881

22.

Chen

Chan

Vasilakos

A. V.

ReTrust: attack-resistant and lightweight trust management for medical sensor networks

IEEE Transactions on Information Technology in Biomedicine 2012 16 4 623 632

10.1109/titb.2012.2194788

2-s2.0-84863512174

23.

Anita

Bhagyaveni

M. A.

Manickam

J. M.

Fuzzy-based trust prediction model for routing in WSNs

The Scientific World Journal 2014 2014 11

480202

10.1155/2014/480202

24.

Yao

Kim

Doh

PLUS: parameterized and localized trust management scheme for sensor networks security

Proceedings of the IEEE International Conference on Mobile Ad-Hoc and Sensor Sysetems (MASS ′06)

October 2006

Vancouver, Canada

IEEE

437 446

10.1109/mobhoc.2006.278584

2-s2.0-39049103908

25.

Ishmanov

Kim

S. W.

Nam

S. Y.

A robust trust establishment scheme for wireless sensor networks

Sensors 2015 15 3 7040 7061

26.

Zahariadis

Trakadas

Leligou

H. C.

Maniatis

Karkazis

A novel trust-aware geographical routing scheme for wireless sensor networks

Wireless Personal Communications 2013 69 2 805 826

10.1007/s11277-012-0613-7

2-s2.0-84879695642

27.

Shaikh

R. A.

Jameel

d'Auriol

B. J.

Lee

Song

Y.-J.

Group-based trust management scheme for clustered wireless sensor networks

IEEE Transactions on Parallel and Distributed Systems 2009 20 11 1698 1712

10.1109/TPDS.2008.258

2-s2.0-70350070568

28.

Zhou

Cao

Dong

Xiong

Vasilakos

A. V.

4S: a secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks

Information Sciences 2015 314 255 276

10.1016/j.ins.2014.09.003

29.

Zhang

Wang

Vasilakos

A. V.

Fang

ECG-cryptography and authentication in body area networks

IEEE Transactions on Information Technology in Biomedicine 2012 16 6 1070 1078

10.1109/TITB.2012.2206115

2-s2.0-84870926798

30.

Djenouri

Khelladi

Badache

A. N.

A survey of security issues in mobile ad hoc and sensor networks

IEEE Communications Surveys & Tutorials 2005 7 4 2 28

10.1109/comst.2005.1593277

2-s2.0-84892591410

31.

Zhou

Trust mechanisms in wireless sensor networks: attack analysis and countermeasures

Journal of Network and Computer Applications 2012 35 3 867 880

10.1016/j.jnca.2011.03.005

2-s2.0-84858038684

32.

Gnawali

Fonseca

Jamieson

Moss

Levis

Collection tree protocol

Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems (SenSys ′09)

November 2009

Berkeley, Calif, USA

ACM

1 14

10.1145/1644038.1644040

2-s2.0-74549185267

33.

Gnawali

Fonseca

Jamieson

Kazandjieva

Moss

Levis

CTP: an efficient, robust, and reliable collection tree protocol for wireless sensor networks

ACM Transactions on Sensor Networks 2013 10 1, article 16

10.1145/2529988

2-s2.0-84890408416

34.

Wang

Liu

Vasilakos

A. V.

Survey on channel reciprocity based key establishment techniques for wireless systems

Wireless Networks 2015 21 6 1835 1846

10.1007/s11276-014-0841-8

2-s2.0-84921364511

35.

Chen

Shih

Tsai

A bilinear pairing-based dynamic key management and authentication for wireless sensor networks

Journal of Sensors 2015 2015 14

534657

10.1155/2015/534657

36.

Oliveira

L. B.

Aranha

D. F.

Morais

Daguano

López

Dahab

TinyTate: computing the tate pairing in resource-constrained sensor nodes

Proceedings of the 6th IEEE International Symposium on Network Computing and Applications (NCA ′07)

July 2007

Cambridge, Mass, USA

318 323

10.1109/nca.2007.48

2-s2.0-46749097974

37.

Oliveira

L. B.

Scott

López

Dahab

TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks

Proceedings of the 5th International Conference on Networked Sensing Systems

June 2008

173 180

10.1109/inss.2008.4610921

2-s2.0-53149126145

38.

Xiong

Wong

D. S.

Deng

TinyPairing: computing tate pairing on sensor nodes with higher speed and less memory

Proceedings of the 8th IEEE International Symposium on Network Computing and Applications (NCA ′09)

July 2009

Cambridge, Mass, USA

IEEE

187 194

10.1109/nca.2009.30

2-s2.0-70449389956

39.

Levis

Lee

Welsh

Culler

TOSSIM: accurate and scalable simulation of entire TinyOS applications

Proceeding of the 1st ACM Conference on Embedded Networked Sensor System (Sensys ′03)

November 2003

Los Angeles, Calif, USA

126 137

Trusted Tree-Based Trust Management Scheme for Secure Routing in Wireless Sensor Networks

Abstract

1. Introduction

2. Related Work

2.1. Centralized Trust Model

2.2. Distributed Trust Model

3. Trusted Tree-Based Trust Management

3.1. Threats Analysis

3.2. Computing of Trust Value

3.3. Model of Trusted Tree

3.4. Establishment of Trusted Tree

3.4.1. Key Predeployment

3.4.2. Authentication between Neighborhood Nodes

3.4.3. Construction Procedure

3.5. Routing Algorithm

Algorithm 1: The processing flow of algorithm.

4. Performance Evaluation

4.1. The Security and Performance of Trusted Routing

4.2. Detecting Malicious Behavior

4.3. Residual Energy

5. Conclusions

Footnotes

Conflict of Interests

Acknowledgments

References