SERA: A Secure Energy and Reliability Aware Data
Gathering for Sensor Networks
Sang Guun Yoo, Seung-hoon Kang, and Juho Kim
Department of Computer Science and Engineering
Sogang University
Seoul, Korea
Abstract—Wireless sensor networks are used in many
applications in military, ecological, health, and other areas. These
applications often include the monitoring of sensitive information
making the security issue one of the most important aspects to
consider in this field. However, most of protocols optimize for the
limited capabilities of sensor nodes and the application specific
nature of the networks, but they are vulnerable to serious
security attacks. In this paper, a Secure Energy and Reliability
Aware data gathering protocol (SERA) is proposed, which
provides energy efficiency and data delivery reliability as well as
a security scheme giving protection against the most common
network layer attacks such as spoofed, altered, or replayed
routing information, selective forwarding, sinkhole attacks, Sybil
attacks, wormhole attacks, HELLO flood attacks, and
acknowledgment spoofing attacks.
Keywords: sensor network, key generation, secure protocol
I. INTRODUCTION
Recently, wireless sensor networks have been widely used
in applications such as habitat monitoring [1], indoor sensor
network [2], battlefield surveillance [3], and health monitoring
[4]. A number of routing protocols have been proposed for
sensor networks such as LEACH [5][6], Direct Diffusion [7],
TEEN [8], APTEEN [9], PEGASIS [10], Rumor Routing [11],
EECS [12], and EMRA [13]. However, these works optimize
for the limited capabilities of sensor nodes and the application
specific nature of the networks, but do not consider security.
Therefore, these approaches are very vulnerable from many
attacks such as spoofed, altered, or replayed routing
information [14], selective forwarding [14], sinkhole attacks
[14], Sybil attacks [15], wormhole attacks [16][17], HELLO
flood attacks [14], and acknowledgment spoofing attacks [14].
In this paper, a Secure Energy and Reliability Aware data
gathering protocol (SERA) is proposed. In the proposed
solution, the network area is partitioned into a virtual grid with
identical cells based on Geographical Adaptive Fidelity (GAF)
[18] which maintains one node called coordinator (called cell
header in SERA) to participate in network communication
while the other equivalent nodes falls into sleeping mode to
save energy. However, GAF causes loss of data packets while
coordinator switches from one state to another or until new
coordinator node is selected after energy depletion of previous
coordinator node; it additionally does not provides any security
solution. For this reason, in SERA the state change of cell
headers are limited and a support node is added to each cell
978-1-4244-5943-8/10/$26.00 ©2010 IEEE
header when its energy reaches a low level to guarantee the
reliability of data delivery. Additionally, SERA proposes a key
management and secure communication scheme to protect
from different attacks.
The rest of the paper is organized as follows. Section 2
briefly discusses on some existing routing protocols as well as
their vulnerabilities and shortcomings. Later in section 3,
terminology, assumptions, and general description of the
proposed solution are described. In section 4, details of the
proposed algorithm are explained. Next, section 5 presents the
security analysis of the approach against attacks in the sensor
network routing, followed by section 6 which shows the
performance evaluation. Finally, section 7 concludes the paper.
II. BACKGROUND
A. Previous Work
Research on the sensor network routing has been carried
out for nearly a decade. Heinzelman et al. introduce a
clustering algorithm called LEACH [5][6]. In LEACH, sensors
are organized into clusters with a cluster head node in each
cluster which aggregates information from its members and
transmits information to the base station. However, LEACH
has a number of shortcomings. LEACH assumes every node
can directly reach the base station which is not feasible in
large-scale sensor networks; it is also vulnerable from several
attacks [14]. Other one-hop protocols such as EECS [12] have
the same limitations of LEACH. Other multi-hop protocols
such as [7], [8], [9], [10], [11], and [13] optimize for the
limited capabilities of nodes and the application specific nature
of the networks, but they are vulnerable to serious security
attacks. Unlike the wired counterparts, sensor networks do not
require any physical contact for communication, and hence, an
adversary with a simple radio receiver/transmitter can easily
eavesdrop conversations or modify/inject packets, making
them vulnerable to many attacks such as spoofed, altered, or
replayed routing information, selective forwarding, sinkhole
attacks, Sybil attacks, wormhole attacks, HELLO flood attacks,
and acknowledgment spoofing attacks.
Because of this security issue, some works have taken into
account of security such as SPINS [19] and SCODE [20].
SPINS proposes two security building blocks called Sensor
Network Encryption Protocol (SNEP) and μTESLA. SNEP
provides two-party data authentication, data confidentiality,
integrity, and data freshness, and μTESLA provides on a side as show in Fig. 2. In order to meet the definition of
authentication for broadcast, whereas SCODES provides data virtual cell, the distance between two possible farthest nodes
dissemination focused on energy efficiency and security. in any two adjacent cells, such as cell B and C in Fig. 2, must
However, these approaches have some limitations. SNEP in not be larger than R. For example, node 2 of cell B and node 5
SPINS uses a pair-wise key between each node and base of cell C in Fig. 2 are at the end of the long diagonal
station, and hence, aggregation is not possible in each hop. connecting two adjacent cells. Therefore, value of the side of a
Furthermore, the centralized control of SPINS generates too
cell r can be calculated as: r 2 + (2r )2 ≤ R2 or r ≤ R / 5 .
much communication and management overhead [21]. On the
other hand, SCODE uses the flooding mechanism to announce
stimulus to the base station which wastes a lot of energy, and III. SERA: OVERVIEW
even if its next_cell_calculation algorithm were used for data
gathering, it would not be possible to send information in some A. Definition
sensor node distribution, because it discovers the path using Specific terminology used in SERA is explained in this
only the three nearest cells to the destination (see Fig. 1). Other
part of the paper:
problem is that this solution uses the same states of GAF which
is not reliable from data packet delivery because when the Neighbor cell: each one of the 8 surrounding cells. There
coordinator of the cell depletes its energy, there is no node to are 2 kinds of neighbor cells: (1) adjacent neighbor cell which
process the information of neighbor cells until other node shares a common side, and (2) diagonal neighbor cell which is
becomes coordinator. located diagonal to a selected cell (see Fig. 3).
In the rest of the chapter, the concepts of virtual cell grid
Intracell communication: communication between nodes
and equivalent node of GAF is explained briefly.
of same cell. Intracell communication only needs to use the
half of the nominal radio range (see Fig. 3 and 4).
Intercell communication: communication between nodes
of different neighbor cells. There are 2 kinds of intercell
Next_cell_calculation
function of SCODE only
communication: (1) adjacent intercell communication which is
Source
node searches in the nearest
three cells to destination.
used to communicate with an adjacent neighbor cell and (2)
In this case, the source diagonal intercell communication which is used to
node cannot reach to the
destination node, even communicate with a diagonal neighbor cell. Adjacent intercell
there are paths to it such as
J E D C H M Q communication requires less power than diagonal intercell
communication because the maximum distance between cells is
Empty cells or cells
with nodes without
smaller (see Fig. 3 and 4).
Destination
node energy

Figure 1. Limitation of next_cell_calculation function of SCODE

Figure 2. Example of virtual grid in GAF

B. Virtual Grid Cell and Equivalent Node

The concept of virtual grid cells and equivalent node are
presented in GAF. This concept is also used in [20] as well as
in SERA. GAF suggests that energy optimizations must turn
off the radio, not simply decrease packet transmission and
reception. In GAF, node location information and virtual grid
are used to establish node equivalence. Two nodes are
equivalent if they are located in the same virtual cells. The
size of each virtual cell is determined based on the nominal
radio range R. Assume the virtual grid is a square with r units
Figure 3. Cell and communication types used in SERA
B. Assumption
Consider a set of sensor nodes dispersed in a field. The
following properties are assumed about the sensor network:
y Large number of homogeneous nodes is distributed in
the network area.
 y All nodes are stationary and know their location cell communicate with cell headers of other cells to create
(using GPSs or approaches such as [22] or [23]). path to the base station. In data gathering phase, the sensed
data is transmitted to the base station; in this phase, energy
y All nodes have similar capabilities.
verification of the cell header is also executed. Finally, the
y Node capture attack is controlled using approaches path maintenance phase is executed after certain preconfigured
such as [24]. Other types of physical attacks are not periods of time or when all nodes of parent cell deplete their
considered in this paper. energy to search a new parent cell. Notations used in this
paper are described in Table I.
y Each node has a set number of transmission power
levels. An example of such sensor nodes are Berkeley
Motes [25]. TABLE I. NOTATIONS USED IN SERA
Notation Description
y Base stations are powerful nodes and they are trusted.
IKx Individual key of node x
y Given the limited resources, asymmetric cryptography UK Universal key
is not suitable for sensor networks. Thus, symmetric RKIV Random Key Initialization Vector
key algorithms are used for the security purposes [26- CKx Cell key of the cell or node x
29]. PKAB
Pair-wise key shared between 2 neighbor cells
which CID are A and B. PKAB=PKBA
Broadcast key used by nodes of B cell to decrypt
BKAB
broadcast messages coming from a neighbor cell A
Broadcast key used by nodes of A cell to send a
R 5 BKA*
R1 = R R2 = R broadcast message to neighbor cells
2 8
a ⎯⎯ ⎯→ b
intracell
Intracell communication from node a to node b
a ⎯⎯ ⎯→ *
intracell
Intracell broadcast from node a
a ⎯⎯⎯→ b
intercell
Intercell communication from node a to node b
a ⎯⎯ ⎯→ *
intercell
Intercell broadcast from node a
RN1,RN2,RN3,RN4 Random nonces
Message Authentication Code of message M using
MAC(M,K)
the key K
E(M,K) Symmetric encryption of message M using key K
Symmetric decryption of the ciphertext C using key
D(C,K)
K
SEQ Sequence number
Figure 4. Different radio ranges used in SERA
IDx Node identification of node x
Cell identification of node x. CIDx is composed by
CIDx
C. General Description of the Proposed Solution X and Y coordinates. CIDx=[CIDXx,CIDYx]
The goal of this work is to propose a secure protocol which PCIDx Parent cell identification of node x
Number of alive nodes of the cell where the node x
considers energy efficiency and data delivery reliability. In NNCx
belongs
SERA, the network area is divided into a virtual grid with
HOPSx Number of hops to the base station of node x
identical cells and only one node called cell header stays
Number of alive nodes of the ancestor cell of node
awake to handle routing while the other equivalent nodes fall MNNACx
x with less number of alive nodes
into sleeping mode for energy saving. After an interval, ⊕ Data aggregation
sleeping nodes wake up and verifies the level of energy of the W1,W2,W3,W4 Partial weights of a cell
cell header, and decides if becoming a support node or not. If WT Total weight of a cell
the cell header’s energy is lower than a low energy threshold Function that returns the maximum value among
(LET), the verifying node is activated as a support node to be MAX(v1,…, vn)
values v1 to vn
aware of the cell header functionality. When the cell header’s Function that returns the minimum value among
energy reaches lower level than a critical energy threshold MIN(v1,…, vn)
values v1 to vn
(CET), the support node is activated as cell header. This Value of the X field of the i-est PARENT_ADV
PARENT_ADVi(X)
feature gives more reliability against packet loss because message
makes sure that a cell header is always present in each cell.
SERA has 4 major phases: initialization, path
establishment, data gathering, and path maintenance. In the IV. SERA: DETAILS
initialization phase, each node calculates its cell identification
and generates keys for secure communication; and after A. Finite State Machine
discovering neighbor intracell nodes, cell header election is In SERA, nodes are in one of 6 states or modes: initial,
executed. In the path establishment phase, cell headers of each parent_search, active, sleep, verify, and support (see Fig. 5).
Initially nodes start out in the initial state where the
initialization phase is executed (see section 4.B) calculating
and generating its location, cell identification, and a set of keys
required for a secure communication among nodes. Once
generated the keys, each node exchanges messages to discover
nodes of the same cell. After discovering intracell nodes, a
node of each cell is selected as cell header (ch), and the
selected node changes to the parent_search state, whereas
other nodes of the same cell changes to the sleep state. The cell
header in parent_search state searches the path to the base
station (see section 4.C), and when the link to the base station
is created, it changes to the active state. Once in active state,
data gathering is executed (see section 4.D). Parent_search and
active states are the two possible states of a cell header. After
an interval, sleeping nodes wake up and changes to verify state
and asks the level of energy of the cell header, and decides if
becoming a support node or not. If the cell header’s energy is
lower than a low energy threshold (LET), verify state node is
activated to support state to be aware of the cell header
functionality; otherwise, it returns to the sleep state. When the
cell header’s energy reaches lower level than a critical energy
threshold (CET), the support node is activated as cell header.
This feature gives more reliability from packet loss because
assures the availability of the cell header in each cell. When the
active state node receives LAST_PARENT packet from the
parent cell or after certain preconfigured period of time, the
active state cell header changes to parent_search state to
execute the path maintenance phase (see section 4.E). When
the cell header depletes its energy or gets lower than CET, it
finishes its life cycle.
Details of each phase and the relation with the finite state
machine are explained in the rest of the section.
Figure 5. Finite state machine used in SERA
B. Initialization Phase
After deployment, each node starts out in initial state. In
this state, each sensor node recognizes its location and executes
the following steps.
1) Cell Identification Calculation
Each node calculates its cell identification CID as in [20]:
ª« x » « y »º
CID = [ CIDX , CIDY ] = « « » , « » »
¬¬ r ¼ ¬ r ¼¼
where [x,y] is node’s coordinate and r is the side length of the
cell. In SERA, 8 neighbor cells are considered for
transmission. Therefore, the cell size r must satisfy
(2 r ) 2 + (2 r ) 2 ≤ R 2 or r ≤ R / 8 , where R is the nominal radio
range.
2) Key Generation
Before deployment, each node is preloaded securely with a
common universal key UK and a random key initialization
vector RKIV. These values are temporal and they are erased
after the key generation process.
For a secure communication between different nodes of the
network, each node uses 4 kinds of keys: (1) individual key, (2)
cell key, (3) pair-wise keys, and (4) broadcast keys.
Individual Key IK: this is a unique random key of the
sensor node shared only with the base station used for a point-
to-point communication with it. Each node x generates its IK
as follows IKx=MAC(RKIV||IDx,UK)
Cell Key CK: this is a key shared by all nodes of the same
cell and it is used for intracell communication. Each node x
generates its CK as follows. CKx=MAC(RKIV||CIDx, UK)
Pair-wise keys PKs: This is a set of keys used for intercell
unicasting (communication between nodes of two neighbor
cells). Each node requires eight pair-wise keys to
communicate with each neighbor cell. These keys are
generated using the following algorithm.
FOR EACH neighbor cell A of current cell B
IF CIDA<CIDB THEN
PKAB=MAC(RKIV||CIDA||CIDB,UK)
ELSE
PKAB=MAC(RKIV||CIDB||CIDA,UK)
ENDIF
ENDFOR
Note: CIDA is lower than CIDB when CIDYA<CIDYB, or
when CIDYA=CIDYB and CIDXA<CIDXB
Broadcast keys BKs: a set of keys shared by all neighbor
cells and is used for intercell broadcasting. Each node requires
9 broadcast keys. Eight keys are used to decrypt messages
coming from neighbor nodes and these keys are generated as
follows:
FOR EACH neighbor cell A of current cell B
BKAB=MAC(RKIV || [CIDXA-1,CIDYA-1] ||
[CIDXA,CIDYA-1] || [CIDXA+1,CIDYA-1] ||
[CIDXA-1,CIDYA] || [CIDXA,CIDYA] ||
[CIDXA+1,CIDYA] || [CIDXA-1,CIDYA+1] ||
[CIDXA,CIDYA+1] || [CIDXA+1,CIDYA+1], UK)
ENDFOR
The last key is used to encrypt messages broadcasted by
nodes of the cell and it is generated as follows:
 BKB*=MAC( RKIV ||[CIDXB-1,CIDYB-1] ||
[CIDXB,CIDYB-1] || [CIDXB+1,CIDYB-1] ||
[CIDXB-1,CIDYB] || [CIDXB,CIDYB] ||
[CIDXB+1,CIDYB] || [CIDXB-1,CIDYB+1] ||
[CIDXB,CIDYB+1] || [CIDXB+1,CIDYB+1], UK)
where B is the cell of the node generating the key.
3) Cell Discovery
Once generated the keys and deleted UK and RKIV, each
sensor node x broadcasts a CELL_HELLO (0x0) message to
discover nodes of the same cell. This message is encrypted
using the cell key CK:
x ⎯⎯⎯→
intracell
* : 0x0||IDx||CIDx||E(0x0||IDx||CIDx||RN1,CKx)
Each receptor node y of the cell verifies the validity of the
message by decrypting the encrypted part of the message with
the CKy, and comparing these values with the values sent in
plaintext. After verification, received RN1 is increased by 1
and sent back to the node x using a CELL_ADV (0x1)
message:
y ⎯⎯⎯
intracell
→x :
0x1||IDy||CIDy||IDx||E(0x1||IDy||CIDy||IDx||RN1+1,CKy)
The node x verifies the validity of y by comparing the one
greater than the generated RN1 with the RN1+1 received in
E(0x1||IDy||CIDy||IDx||RN1+1,CKy). This message exchange
allows to nodes discover securely their intracell neighbor
nodes. The bidirectional verification of HELLO messages is
performed to avoid HELLO flood attacks.
If there is already a cell header ch in the cell (this happens
when cell discovery process is executed by new nodes added
to the network), ch responds to the CELL_HELLO message
with a CH_ADV (0x2) message:
ch ⎯⎯ ⎯→ x :
intracell
0x2||IDch||CIDch||IDx||E(0x2||IDch||CIDch||IDx||RN1+1,CKch)
and the node x verifies the validity of the message by
decrypting the encrypted payload and comparing the
decrypted values with the values sent in plaintext and the
generated RN1, and after verification, it changes to sleep state.
4) Cell Header Selection
After discovering intracell neighbor nodes, each node
initializes a timer Tinitial with a random value. The random
value can be generated in function to the ID of the node to
avoid race conditions among nodes. When the Tinitial of a node
x fires, this sends a CH_SEL (0x3) message to the rest of
nodes in the same cell:
x ⎯⎯⎯→
intracell
*:
0x3||SEQ||IDx||CIDx||MAC(0x3||SEQ||IDx||CIDx, CKx)
and x becomes cell header ch, and changes to parent_search
state. Each node y of CIDx cell receiving the CH_SEL
message verifies the validity of the message, by verifying the
SEQ value and generating the MAC(0x3||SEQ||IDx||CIDx,CKy)
and comparing with the received MAC(0x3||SEQ||IDx||CIDx,
CKx), and if they are valid, the node y stops its Tinitial and
changes to sleep state.
C. Path Establishment Phase
The node selected as cell header in each cell has the
responsibility to establish the path to the base station while
other equivalent nodes sleep.
Each cell header x in parent_search state sends a
PARENT_HELLO (0x4) message to all neighbor cells:
x ⎯⎯ ⎯→ * :
intercell
0x4||IDx||CIDx||E(0x4||IDx||CIDx||RN2,BKCIDx*)
Every neighbor cell’s cell header y receiving the message,
after verifying the validity of the message by
D(0x4||IDx||CIDx||RN2, BKCIDxCIDy) and comparing with the
values sent in plaintext responds with a PARENT_ADV (0x5)
message (base stations also responds to the PARENT_HELLO
message).
y ⎯⎯⎯
intercell
→x :
0x5||IDy||CIDy||CIDx||E(0x5||IDy||CIDy||CIDx||NNCy||HOPSy||
MNNACy||RN2+1,PKCIDyCIDx)
It is important to clarify that cell headers of cells that still
has no connection to the base station and children cells of the
requesting cell do not respond to the PARENT_HELLO
message. This means that in the first cycle only the base
stations will respond to the message.
Cell header x gathers all PARENT_ADV messages and
calculates the Total Weight WT of each neighbor cell using the
data received in the PARENT_ADV message. WT strikes a
balance between cell lifetime, delay, energy-efficient
transmission, reliability of the link to the base station based on
four attributes, namely, number of nodes of the cell, number of
hops to the base station, transmission range, and minimal
number of nodes in ancestor cells. The WT of the i-est among n
received PARENT_ADV messages is calculated using (1),
where α, β, γ, and δ are non-negative values and α+β+γ+δ=1,
and their values are dependant to the application, e.g., if delay
is not important and if data aggregation is executed in each hop
β could be 0.
WTi=α W1i +β W2i +γ W3i +δ W4i (1)
The W1i, W2i, W3i, and W4i of (1) are partial weight values
of the i-est PARENT_ADV message and they represent the
level of influence of predefined aspects. W1 represents the
node concentration ratio in relation to the other possible parent
cells, and the W1 of the i-est among n received
PARENT_ADV messages is calculated using (2), where NNCi
is the NNC value contained in the i-est PARENT_ADV
message and NNCMAX=MAX(PARENT_ADV1(NNC),…,
(PARENT_ADVn(NNC)).
 NNCi cell with the highest WT to be its parent sending a
W 1i = (2)
N N C M AX PARENT_REQ (0x6) message as follows.

W2 represents the hops ratio to the base station in relation

to the other possible parent cells, and the W2 of the i-est
among n received PARENT_ADV messages is calculated
using (3), where HOPSi is the HOPS value of the i-est
PARENT_ADV message, and HOPSMIN=MIN
(PARENT_ADV1 (HOPS),…, (PARENT_ADVn(HOPS)).

HOPS MIN (3)

W2i =
HOPSi

W3 represents the radio range used to transmit DATA

packets (see fig. 4), and the W3 of the i-est PARENT_ADV
message is calculated using (4).

­ 1 if PARENT_ADV comes from adjacent cell ½ Figure 6. SERA’s data gathering path when α=1
° ° (4)
W3i = ® 5 ¾
° if PARENT_ADV comes from diagonal cell °
¯ 8 ¿

W4 represents the reliability of the path to the base station.

If no aggregation is used there is more probability to re-
establish paths when there are ancestor cells with low
concentration of nodes. This reliability ratio of the link of the
i-est among n received PARENT_ADV messages is calculated
using (5), where MNNACi is the MNNAC value of the i-est
PARENT_ADV message, and
MNNACMAX = MAX(PARENT_ADV1(MNNAC), …,
(PARENT_ADVn(MNNAC))

MNNAC i (5)
W4i =
MNNAC MAX

The WT of base station is calculated with the following

Figure 7. SERA’s data gathering path when β=1
values: NNCbasestation=∞, HOPSbasestation=0, and
MNNACbasestation=∞ (∞ is implemented with a high value).
Therefore, neighbor cells to the base station will select
commonly the cell containing the base station as their parent
cell.
If the HOPS of the PARENT_ADV message are greater
than the current HOPS increased by 1
[PARENT_ADV(HOPS)>currentHOPS+1], the message is
discarded to avoid link loops among cells. If wide option of
path is required the currentHOPS+x value can replace the
currentHOPS+1, but, in this case each cell header must have a
table of PCID of x ancestor cells.
Fig 6, 7, and 8 shows how paths to the base station
changes depending values of α, β, γ, and δ.
Once calculated WT of all received PARENT_ADV
messages, the cell header x requests to the cell header z of the
Figure 8. SERA’s data gathering path when α, β, γ, and δ are 0.25
x ⎯⎯⎯→
intercell
z:
0x6||IDx||CIDx||CIDz||E(0x6||IDx||CIDx||CIDz||RN3,
PKCIDxCIDz)
The node z, verifies the validity of the message comparing
the decrypted values with the values sent in plaintext. After
verification, z replies with a PARENT_REP (0x7) message:
z ⎯ intercell
⎯ ⎯→ x :
0x7||IDz||CIDz||CIDx||E(0x7||IDz||CIDz||CDx||RN3+1,
PKCIDzCIDx)
The cell header x verifies the validity of the message, and
after verification, PCIDx is set with CIDz, HOPSx is set with
HOPSz+1, and MNNACx is set with MIN(NNCz,MNNACz).
Once the link with the parent cell is established, the node x
changes to active state, and it is ready to transmit data to the
base station.
PARENT_REQ and PARENT_REP messages encrypted
with pair-wise keys works as an authentication scheme for a
secure path establishment process protecting from attacks such
as sink hole and wormhole attacks.
D. Data Gathering Phase
1) Data Transmission
Once connected to a parent cell, cell headers are ready to
collect and send information to the base station. Each cell
header in active state sends DATA (0x8) message to its parent
cell using the following format:
0x8||SEQ||IDorigin||CIDsender||PCIDsender||E(SEQ||IDorigin||
DATA,IKorigin)||MAC(0x8||SEQ||IDorigin||CIDsender||PCIDsender||
E(SEQ||IDorigin||DATA,IKorigin), PKCIDsenderPCIDsender)
where IDorigin is the identification of the node which create the
DATA message, while CIDsender and PCIDsender are the cell
identification and parent cell identification of the node that is
sending/forwarding the DATA message. The sensed
information DATA is concatenated with SEQ and IDorigin, and
the result is encrypted using the individual key IKorigin to
maintain confidentiality from rest of nodes. In each hop, the
MAC of the message is verified and re-calculated using the
pair-wise key shared between the current cell and its parent
cell (PKCIDsenderPCIDsender). Once the base station receives de
DATA message, it decrypts the E(SEQ||IDorigin||DATA,IKorigin)
and gets SEQ, IDorgin and DATA, and compares SEQ and
IDorigin with values sent in plaintext to verify the validity and
integrity of the message. The following example illustrates
with more details the DATA message forwarding process.
When a cell header x sends a DATA (0x8) packet to the cell
header u of the parent cell, the node x sends:
x ⎯ intercell
⎯ ⎯→ u :
0x8||SEQ||IDx||CIDx||PCIDx||E(SEQ||IDx||DATA,IKx)||
MAC(0x8||SEQ||IDx|||CIDx||PCIDx||E(SEQ||IDx||DATA,IKx),
PKCIDxCIDu)
and the node u forwards the message to the next parent cell as
follows:
u ⎯⎯ ⎯→ nextCellHeader :
intercell
0x8||SEQ||IDx||CIDu||PCIDu||E(SEQ||IDx||DATA,IKx)||
MAC(0x8||SEQ||IDx||CIDu||PCIDu||E(SEQ||IDx||DATA,IKx),
PKCIDuPCIDu)
The previous format of DATA message provides a secure
point-to-point communication between nodes and base station,
but it does not allow data aggregation. Thus it is used when
such feature is not required. However, aggregation is used in
many applications to save energy. Therefore, an additional
DATA format which allows data aggregation is proposed:
0x8||SEQ||IDsender||CIDsender||PCIDsender||E(0x8||SEQ||IDsender||
CIDsender||PCIDsender||DATA,PKCIDsenderPCIDsender)
In this format, the data is encrypted using the pair-wise key
shared with the parent cell PKCIDsenderPCIDsender allowing cell
header of the parent cell to decrypt and aggregate the received
data with its own data. The following example illustrates this
mechanism. When a node x sends a DATA packet to the cell
header u of its parent cell:
x ⎯ intercell
⎯ ⎯→ u :
0x8||SEQ||IDx||CIDx||CIDu||E(0x8||SEQ||IDx||CIDx||CIDu||
DATA,PKCIDxCIDu)
the cell header u decrypts the DATA and aggregates with
its data and sends a new message to the next parent cell
header.
u ⎯⎯ ⎯→ nextCellHeader :
intercell
0x8||SEQ||IDu||CIDu||PCIDu||E(0x8||SEQ||IDu||CIDu||PCIDu||
DATAx⊕DATAu, PKCIDuPCIDu)
2) Cell Header Verification and Support
To increase the reliability of data delivery to the base
station, each cell must guarantee the availability of a cell
header. Two actions are taken in SERA to reach this goal: 1)
active cell header only changes to parent_search state only to
discover a new path, and 2) when cell header’s residual energy
reaches lower level than LET a support node is activated. This
support node will take the cell header functionality when the
cell header almost depletes its energy.
Each node v in sleep state wakes up after Tsleep time and
changes to verify state. Once in verify state, the node v sends a
VERIFY (0x9) message to the cell header x of same cell as
follows.
v ⎯ intracell
⎯ ⎯→ x :0x9||IDv||CIDv||E(0x9||IDv||CIDv||RN4, CKv)
The cell header x verifies the validity of the message and
responds to the VERIFY message with a VERIFY_REP (0xA)
message:
x ⎯ intracell
⎯ ⎯→ v :
0xA||IDx||CIDx||IDv||E(0xA||IDx||CIDx||IDv||Bit||RN4+1, CKx)
The receiving node v verifies the validity of the message,
and checks the Bit value. If Bit is equal to 1, it means that the
x’s residual energy is lower than LET and there is still no
support state node in the cell. Therefore, if v receives Bit=1, it
changes to support state, but, if v receives Bit=0, it returns to
sleep state. If the cell header requires a support node, the cell
header x also sends a PARENT_UPDATE (0xB) message to
the verify state node v.
x ⎯ intracell
⎯ ⎯→ v :
0xB||IDx||CIDx||IDv||E(0xB||IDx||CIDx||IDv||PCIDx||NNCx||
HOPSx||MNNACx||RN4+1,CKx)
Then v decrypts the encrypted part of the message, and sets
PCIDv with PCIDx, NNCv with NNCx, HOPSv with HOPSx,
and MNNACv with MIN(NNCx, MNNACx).
When residual energy of the cell header x reaches a lower
level than CET, it sends a CHANGE_CH (0xC) message to the
support state node s:
x ⎯⎯ ⎯→ s :
intracell
0xC||SEQ||IDx||CIDx||E(0xC||SEQ||IDx||CIDx||Active||RN4+2,
CKx)
The receptor node s verifies the validity of the message by
D(E(0xC || SEQ || IDx || CIDx || Active || RN4+2,CKx), CKs)
and comparing the decrypted values with the values sent in
plaintext, and comparing the decrypted RN4+2 with the RN4
that was generated and sent by the node v in the VERIFY
message. The node s also checks the Active field. If Active=1,
it changes to the active state, but, if Active=0, it changes to
parent_search state to execute the path establishment process.
Active=0 is sent by the cell header when its residual energy
reaches a lower level than CET in the middle of the path
establishment or path maintenance execution.
All nodes in verify state receiving a valid CHANGE_CH
recognize that another node has been chosen as cell header
and changes to sleep state.
Some validations are taken to give more resistance against
cell header failures (see Fig. 5):
- Each support state node starts a timer Tsupport and each
time any message is received from the cell header of same cell
(it could be a BEACON) resets Tsupport. If no action of cell
header is detected in Tsupport time, Tsupport is fired changing
support state node to active state, and informs to the rest of
nodes of the same cell that a new cell header has been
selected.
- Each node in verify state after sending the VERIFY
message starts a timer Tverify. Tverify is stopped if reply of this
message is received, but, if no reply is received from cell
header in Tverify time, Tverify is fired changing the verify state
node to parent_search state, and informs to the rest of nodes
of the same cell that a new cell header has been selected.
E. Path Maintenance Phase
When a cell header x is the last alive node of the cell (it is
easily known because it has not received any message from
verify state nodes) and its residual energy reaches lower level
than CET, it sends a LAST_PARENT (0xD) message to the
children cells.
x ⎯⎯ ⎯→ * :
intercell
0xD||SEQ||IDx||CIDx||MAC(0xD||SEQ||IDx||CIDx,BKCIDx*)
Each neighbor cell header receiving the message which
PCID is equal to CIDx searches a new parent cell. To do this,
the cell header changes to parent_search state and it executes
the path establishment process again. The path establishment
process can also be executed repeatedly after a certain
preconfigured period of time for load balancing purpose.
If the cell header x’s HOPSx or MNNACx value have been
changed with the path maintenance, a PARENT_UPDATE
(0xB) message is sent to children cells to update their data, and
after updating this data they sends the message to their
children cells successively until all cells of the sub-tree are
updated.
V. SECURITY ANALYSIS
Security of SERA is analyzed in this section, explaining
how SERA can defend against attacks mentioned in [14].
Spoofed, altered, or replayed routing information: path
establishment is based on information included in the
PARENT_ADV message and this information is sent
encrypted using a pair-wise key which only nodes of source
and receiver cells knows. Therefore, the attacker without this
key cannot cheat with false information. Additionally, the use
of RN2 make no possible to replay messages used in previous
sessions.
Selective forwarding: this attack is avoided by using a
sequence number SEQ to uniquely identify each data packet.
If a compromised node selectively drops packets, that will be
detected by nodes of parent cells.
Sinkhole and wormhole attacks: the parent cell search
algorithm makes that the data is only sent to parent cell.
Therefore, the adversary cannot attract traffic to a particular
point. To create a sinkhole or wormhole attack, the attacker
must respond to PARENT_HELLO messages with
PARENT_ADV message containing optimal values for a high
rank WT. However, this attack is not feasible because the
attacker must first decrypt the PARENT_HELLO message to
obtain the RN2 to respond with a valid message, and as the
attacker does not know the broadcast key BK cannot decrypt
the message. Therefore, sink hole or wormhole attacks are not
feasible.
Sybil attacks: authenticated neighbor discovery using
encrypted random nonces make not possible to use faked IDs.
Therefore, a node cannot pretend to be another node.
HELLO flood attacks: the proposed protocol uses two
HELLO messages: CELL_HELLO and PARENT_HELLO. In
both cases, they are encrypted and contain random nonces.
This means that receptor nodes have to decrypt the message
using secret keys to reply hello messages, which is not
possible to be performed by the adversary. Therefore, SERA is this is normal because of the delay of data packets until
strong against HELLO flood attacks. arriving to the base station. Fig. 11 shows the average data
packet loss ratio, indicating 15.79% and 17.79% for
Acknowledgement spoofing: every acknowledgement
GAF/AODV and SCODE, whereas SERA only loss 0.97% of
messages such as PARENT_REP and CELL_ADV uses
its data packets.
message authentication using CK or PKs. Therefore, the
adversary who does not have these keys cannot spoof these
kinds of messages.

VI. SIMULATION
SERA was implemented using C# to evaluate its
performance and it was compared with GAF/AODV, and
SCODE. The simulation parameters are similar to [5][30] and
they are listed in Table II.

TABLE II. SIMULATION PARAMETERS

Type Parameter Value
Number of nodes 200
Network size 200m × 200m
Network
Base Station (Sink) (100,250)
Initial energy 1J / sensor node
Data message size 500 bytes + 25 bytes Figure 9. Simulation environment
Application header
Control message size 25 bytes
(Eelec+Efs d2) × data
Transmission energy size if d<dcrossover
model Etx (Eelec+Emp d4) × data
size if d≥dcrossover
Reception energy model
Eelec × data size
Erx
Eelec 50 nJ/bit
Energy model Efs 10 pJ/bit
Emp 0.0013 pJ/bit
dcrossover 87m
Energy for data
5 nJ/bit
aggregation Eaggr
Figure 10. Data packet loss ratio during the network lifetime
Energy in idle mode Eidle 0.00017 J
Energy in sleep mode Esleep 0.000017 J On the other hand, Fig. 12 visualizes the residual energy
level of the network during the network lifetime. Following
the figure, SERA spends 6.08% and 3.5% more energy than
Fig. 9, shows the simulated network where the node
GAF/AODV and SCODE respectively, but, this is because
density is 200/2002=0.005 nodes/m2. In the simulation, the
SERA delivers more data packets than GAF/AODV and
application dependant variables α, β, γ, and δ were set using SCODE. As shown before, the data loss ratio of GAF/AODV
the same value of 0.25, and LET and CET were set with the and SCODE are 15.79% and 17.79% respectively whereas
10% and 1% of the node’s initial energy respectively. SERA only loss 0.97% of the data packet, which means that
One of the most important features of SERA is the SERA is delivering around 14~16% more data packets than
reliability of data packet delivery to the base station. As the other protocols.
explained before, in case of GAF/AODV and SCODE the data Because of this reason, average energy usage per delivered
delivery process is unstable because of the state changes of data packet was calculated to estimate more precisely the
cell coordinator and the lack of guarantee of the availability of effectiveness of the energy usage of the network. This data
the next cell’s coordinator. To measure the reliability of the was calculated dividing the total energy used by the network
transmission of data packets, data packet loss ratio was over the total number of delivered data to the base station. The
calculated. As shown in Fig. 10, GAF/AODV and SCODE calculated value were 0.004162J in GAF/AODV, 0.00506J in
works unstable during the network lifetime, whereas SERA SCODE, and 0.004201 in SERA. As shown in the Fig. 13.
maintains stable level of data packet reception. The negative SERA has better energy efficiency than SCODE and it is only
value refers that more data packets are received than sent, and around 1% less efficient than GAF/AODV, but this is
justifiable considering that SERA includes advantages over
GAF/AODV such as data delivery reliability.
Figure 11. Average data packet loss ratio
Figure 12. Network residual energy without considering data packet loss ratio
Figure 13. Average energy usage per delivered data packet
VII. CONCLUSION
In this paper, a secure energy and reliability aware data
gathering scheme for sensor network called SERA was
presented. SERA takes advantage of the virtual grid cell
concept of GAF to save energy, working only with an active
node in each cell called cell header and changing other
equivalent nodes to the sleeping mode. Unlike GAF/AODV
and SCODE, SERA provides reliability of data packet
delivery providing help to cell headers adding a support node
when their residual energy reaches a low level. This feature
guarantees the availability of a cell header in each cell ready to
receive and transmit data. SERA also provides a security
scheme which gives protection from the most common
network layer attacks such as spoofed, altered, or replayed
routing information, selective forwarding, sinkhole attacks,
Sybil attacks, wormhole attacks, HELLO flood attacks, and
acknowledgment spoofing attacks. The reliability of data
delivery and effectiveness of energy usage as shown in
simulation makes the proposed protocol applicable in different
type of applications that require scalability, prolonged network
lifetime, reliability, load balancing, and security.
ACKNOWLEDGMENT
Sang Guun Yoo likes to take this opportunity to thank
Overseas Korean Foundation (OKF) for its scholarship support.
He had the privilege to be the recipient of this award from 2007
to 2010.
REFERENCES
[1] A. Mainwaring, J. Polastre, R. Szewczyk, D. Culler, J. Anderson,
“Wireless sensor networks for habitat monitoring,” In First ACM
Workshop on Wireless Sensor Networks and Applications (WSNA’02),
pp. 88–97, 2002
[2] J. Carlson, R. Han, S. Lao, C. Narayan, S.S. Ghani, “Rapid prototyping
of mobile input devices using wireless sensor nodes,” In WMCSA’03,
October 2003
[3] U.A.F. “ARGUS Advanced Remote Ground Unattended Sensor
Systems, Department of Defense,” Argus,
http://www.globalsecurity.org/ intell/systems/arguss.htm.
[4] C. Otto, A. Milenkovic, C. Sanders, E. Jovanov, “System Architecture
of a Wireless Body Area Sensor Network for Ubiquitous Health
Monitoring,” Journal of Mobile Multimedia, vol. 1, No.4, pp. 307-326,
2006
[5] W. Heinzelman, A. Chandrakasan, H. Balakrishnan, “An Application-
Specific Protocol Architecture for Wireless Microsensor Networks,”
IEEE Transactions on Wireless Communications, vol. 1, no. 4, pp.660-
670, October 2002
[6] W. Heinzelman, A. Chandrakasan, H. Balakrishnan, “Energy-Efficient
Communication Protocol for Wireless Microsensor Networks,”
Proceedings of the 33rd Hawaii International Conference on System
Sciences, 2000
[7] C. Intanagonwiwat, R. Govindan, D. Estrin, J. Heidemann, F. Silva.
“Directed diffusion for wireless sensor networking,” IEEE/ACM
Transactions on Networking, Vol. 11(1), pp. 2-16, Feb. 2003
[8] A. Manjeshwar and D.P. Agrawal, “TEEN: A routing protocol for
enhanced efficiency in wireless sensor networks,” IEEE International
Parallel Distributed Processing Symposium, 2001
[9] A. Manjeshwar and D.P. Agrawal, “APTEEN: A hybrid protocol for
efficient routing and comprehensive information retrieval in wireless
sensor networks,” IEEE International Parallel Distributed Processing
Symposium, 2002
[10] S. Lindsey, C. S. Raghavendra, “PEGASIS: Power-Efficient GAthering
in Sensor Information Systems,” IEEE Aerospace Conference
Proceedings, 2002
[11] D. Braginsky, D. Estrin, “Rumor Routing Algorithm For Sensor
Networks,” Proceedings of the 1st ACM international workshop on
Wireless sensor networks and applications, September 2002
[12] M. Ye, C. Li, G. Chen, J. Wu, “An Energy Efficient Clustering Scheme
in Wireless Sensor Networks,” Ad Hoc & Sensor Wireless Networks,
Vol. 3, pp. 99-119, 2006
[13] M. Kim et al., “An Energy-Aware Multipath Routing Algorithm in
Wireless Sensor Networks,” IEICE Trans. Inf. & Syst., Vol. E91-D, No.
10, October 2008
[14] C. Karlof, D. Wagner, “Secure routing in wireless sensor networks:
attacks and countermeasures,” Ad Hoc Networks Vol. 1, Issues 2-3
Pages 293-315, September 2003
[15] J. Douceur, “The Sybil attack,” In First International Workshop on Peer-
to-Peer Systems, Vol. 2429 of Lecture Notes in Computer Science,
Springer, March 2002.
[16] Y. C. Hu, A. Perrig, D.B. Johnson, “Packet leashes: A defense against
wormhole attacks in wireless networks,” In Proceedings of IEEE
Infocom 2003, April 2003.
[17] Y. Hu, A. Perrig, and D. B. Johnson, “Wormhole detection in wireless
ad hoc networks,” Technical Report TR01-384, Department of
Computer Science, Rice University, June 2002.
[18] Y. Xu, J. Heidemann, D. Estrin, “Geography-informed energy
conservation for ad hoc routing,” Proc. Seventh Annual ACM/IEEE
International Conference on Mobile Computing and Networking
(MobiCom 2001), pp. 70-84, July 2001
[19] A. Perrig et al., “SPINS: Security Protocols for Sensor Networks,”
Wireless Networks, Vol. 8, pp. 521-534, 2002
[20] L. Hung et al., “SCODE: A Secure Coordination-Based Data
Dissemination to Mobile Sinks in Sensor Networks,” IEICE
Transactions in Communications, Vol. E92-B, No.1, 2009
[21] Y. Zhou, Y. Fang, Y. Zhang, “Securing Wireless Sensor Network: A
Survey,” IEEE Communications Surveys & Tutorials, 3rd Quarter,
Volume 10, No.3, 2008
[22] S. Capkun and J.P. Hubaux, “Secure Positioning in Wireless Networks,”
IEEE J. Selected Areas in Comm., Feb. 2006.
[23] S. Capkun and J. Hubaux, “Secure Positioning of Wireless Devices with
Application to Sensor Networks,” Proc. IEEE INFOCOM, Mar. 2005.
[24] M. Conti, R. Di Pietro, L. Mancini, Al Mei, “Emergent Properties:
Detection of the Node-capture Attack in Mobile Wireless Sensor
Networks,” ACM Wisec’08, 2008
[25] J. Hill et al., “System Architecture Directions for Networked Sensors,”
Architectural Support for Programming Languages and Operating
Systems, pp. 93-104, 2000
[26] V. Giruka, M. Singhal, J. Royalty, S. Varanasi, “Security in wireless
sensor network,” Wireless communications and mobile computing,
Volume 8 Issue 1, Pages 1 – 24, 2008
[27] H. Çam et al., “Energy Efficient Security Protocol for Wireless Sensor
Networks,” IEEE VTC Fall 2003 Conference, October 2003
[28] A. Hodjat, I. Verbauwhede, “The energy cost of secrets in ad-hoc
networks,” Proc. IEEE Circuits and Systems Workshop on Wireless
Communications and Networking, page 4, 2002
[29] T. Park, K. Shin, “LiSP: A Lightweight Security Protocol for Wireless
Sensor Networks,” ACM Transactions on Embedded Computing
Systems, Vol. 3, No.3, pp. 634-660, August 2004
[30] O. Younis, S. Fahmy, “HEED: A Hybrid, Energy-Efficient, Distributed
Clustering Approach for Ad Hoc Sensor Networks,” IEEE Transactions
on Mobile Computing, Vol.3, No. 4, October-December 2004
[31] I. Krontiris, et al., “Cooperative Intrusion Detection in Wireless Sensor
Networks,” EWSN 2009, LNCS 5432, pp. 263-278, 2009