ArticlesA Low Overhead and Scalable Authentication and Encryption Scheme for Medical Wireless Sensor Networks
- Harpreet Vohra1, Mohammad Kamrul Hasan2,*, Harsh Shukla1, Ravie Chandren Muniyandi2, Hesham Alhumyani3, Mohammed S. Alzaidi4, Manpreet S Manna5, Shayla Islam6,*, and A. K. M. Ahasan Habib2
Human-centric Computing and Information Sciences volume 13, Article number: 05 (2023)
Cite this article 2 Accesses
https://doi.org/10.22967/HCIS.2023.13.005
Abstract
This study discusses an integrated authentication and encryption (LoSWIAE) scheme for medical wireless sensor networks (MWSNs). A scalable watermarking-based solution promises amalgamated advantages offered by both encryption and authentication schemes in MWSNs but at much lower costs. Furthermore, unlike encryption, the proposed scheme does not require an encryption–decryption key to be exchanged before communication. LoSWIAE ensures nonrepudiation, confidentiality, and protection against eavesdropping in addition to node and data authentication. The scheme’s strength lies in the node’s geographical credentials, temporal credentials of the message, and basic information captured by the sensor node. Parameters used to check the scheme’s robustness are cracking probability and communication overhead. Analytical results obtained compared to an earlier scheme show the effectiveness of LoSWIAE. It proves to have better efficiency and an improvement of the order of 1,032 at the cost of infinitesimal communication overhead.
Keywords
Lightweight, Node Authentication, Watermarking, Wireless Sensor Network, IoT, Cloud Computing
Introduction
Today, few advanced modern technologies like cloud computing and the Internet of Things (IoT) depend on the network and Internet services for communication, making cyber security a thrust area for research. Due to the ease of implementation and innumerable applications wherein wired networking is impossible, the shift to wireless networks seemed more promising, specifically when the number of wireless networks is more. Most of the ultramodern applications, e.g., cellular, adhoc, medical wireless sensor networks (MWSNs), mobile adhoc (MANETs), vehicular adhoc (VANETs), and peer-to-peer networks communicate wirelessly [1–3]. IoT has carved its niche in the field of the medical domain too. Various medical devices, healthcare practitioners, and patients communicate using the Internet to realize what is termed the Internet of Medical Things (IoMT). In IoMT, data is shared and saved through the cloud platforms using different gateways (Fig. 1). Cloud computing has emerged as an effective solution for data sharing and other services between numerous technologically diverse systems. However, such innovations have brought in significant challenges related to security and privacy issues [4]. A pacemaker carried by a patient can be one such example prone to an unauthorized attack on a healthcare device.
The 5G networks, which are considered the backbone of the wireless communication system, are prone to challenges like Flash network traffic specific to the IoT environment, security of encrypted keys shared over the radio transmission, security of applications running on the end users’ devices, and so on [
5]. Another such grave example, called advanced persistent threat, is a cyberattack done on a specific enterprise for accessing its financial and other secret information [
6]. Several studies are being done in the last two to three decades to address various security challenges in wireless communication. The possible solutions explored so far include access control, flow control, security identification and verification, service access control, location security, and so on. Meanwhile, the penetration of blockchain in cloud computing has risen as a solution to various vulnerability and load issues safeguarding the interactions, data storage, and trust involved in applications like healthcare, finance sector, and so on.
Keeping in view the tremendous need for secure systems, an effective encryption and authentication scheme is required to address the concerns discussed above while maintaining a low communication overhead. This paper proposes a low overhead and scalable watermarking-based integrated authentication and encryption (LoSWIAE) technique that provides node and data authentication. It also supports security against various attacks and protects against eavesdropping. The key feature of LoSWIAE which differentiates it from other schemes is that it does not need the exchange of the key between the nodes before the communication unlike other encryption schemes, which require additional overhead for the key distribution mechanisms. Moreover, scalability, the backbone of LoSWIAE, differentiates it from other schemes and provides unparalleled robustness because it is reversible and self-sustainable. Furthermore, it utilizes the decryption key, hidden as a watermark in the communicated message. The node must first authenticate itself to obtain the decryption key. LoSWIAE neither computes the hash digest of the message to be communicated nor does it use cryptographic algorithms—e.g., advanced encryption standard (AES) and elliptic curve cryptography (ECC). Instead, simple single-clock cycle operations (e.g., XOR, shift, insertion, and extraction) are used, thus reducing the computation cost. It maintains the scalability in the length of the message to be communicated, reducing the communication cost. For instance, in a scheme incorporating MD5 [
7], a 128-bit hash digest is computed for a 64-bit message leading to an additional 64-bit communication overhead which is not the case with LoSWIAE. Meanwhile, the security, as provided by hashing algorithms (e.g., MD5 against man in the middle attack) is not compromised in LoSWIAE because the message is encrypted using the means of interpolating and watermarking.
The rest of the paper’s organization is as follows: Section 2 briefly reviews the existing work; Section 3 delineates the proposed scheme and further illustrates the scheme with the help of an example; and an analysis of the performance of the LoSWIAE scheme is presented in Section 4, demonstrating how scalability in the proposed algorithm lowers the cracking probability by multifold. The results show that LoSWIAE provides strong robustness against threats like identity replication attack [
8], masquerade attack [
8], man-in-the-middle attack (MITM) [
9,
10], forward and backward secrecy [
11], and so on making it a trustworthy candidate to be employed as a security measure in resource-constrained wireless sensor networks (WSNs). Section 5 provides a comparative analysis of LoSWIAE with a recently published watermark-based node authentication scheme. Section 6 concludes the work and gives an insight into possible future studies.
Literature Survey
The rapid growth in the field of WSNs equipped with the power of the Internet has benefited many application areas. The introduction of IoT in domains (i.e., healthcare, industry, and so on) has brought paradigm shifts like IoMT, industrial IoT (IIoT), and so on. The coronavirus disease 2019 (COVID-19) pandemic made people realize the importance of telemedicine even more. Through smart biosensors serving the purpose of real-time health monitoring and the Internet, people like doctors, caregivers, and patients can exchange information in real-time. Likewise, as per the doctor’s instructions, automated smart equipment (i.e., pacemaker, insulin delivery systems, and so on) are operated. However, all these benefits have come with the increased susceptibility to unwanted attacks at the sensor locations, cloud, and intelligent equipment. Numerous techniques have been developed to ensure the authenticity of the wireless nodes and data encryption to ensure the safe delivery of the messages. Mendilah et al. [12] proposed a FlexenTech encryption technique using IoT to increase security and decrease the computation time in data transmission by minimizing the computations and number of rounds used to cipher the information. Secure communication between the various MWSN nodes kept at remote locations with compromised power supplies and human intervention is crucial [13–16]. Zhang et al. [17] proposed an entity authentication scheme that incorporates a six-phase node authentication framework and uses the concept of hidden point generator and ECC [18] as its backbone. A dual watermarking frame for content authentication and temporal localization using discrete cosine transform coefficients based on IoT technology for the industrial environment is proposed [19]. A secure sharing of information between spatially different network nodes is ensured with the emerging co-use of blockchain and IoT. An approach proposed by Wang et al. [20] involves pairing a free lightweight blockchain-based certificateless signature scheme to solve the data privacy and security concerns for IoT-based systems. A critical objective while using blockchain is the preservation of authentic digital signatures produced by a node against the forged signatures sent by an eavesdropper in applications (i.e., Bitcoin) [21]. The approach addresses the problems of efficiency improvement for false signature isolation in batches and their identification [ECDSA]. Likewise, for network function virtualization systems, intrusion detection systems (IDS) are being used to stop malicious attacks [22]. Deep neural network-based IDS in IoMT architectures is proposed in [23]. The paper highlights that the secure exchange of the encryption keys among the different systems is still a huge challenge that needs a solution. An emerging solution for the hardware security of the sensor nodes is the use of physically unclonable functions (PUF) [24] with the random characteristic. It is a hardware equivalent to the biometric handprint capable of generating the key on-demand without fixed key storage. A physically unclonable functions and blockchain-based data authentication scheme is proposed in [25], addressing the physical security of nodes and gateway nodes. A detailed analysis of different approaches to address the APT attacks is given in [6]. Algorithms (i.e., AES [26], Secure Hash Algorithm [27], and so on), have proven strong robustness to the network and are found to be highly computationally intensive. Low overhead watermark-based node authentication (LoWaNA) [28] can be used for node authentication in flat architectures and unicast communication. Moreover, LoWaNA provides security against masquerade [29] and replays attacks [7, 30]. However, the scheme incorporates the use of MD5 which makes it computationally intensive.
The length of the message transmitted between the sender and receiver nodes depends on the raw information captured by the sensor nodes, the unique identity numbers of the communicating nodes, and the time at which the information is transmitted in a two-tuple format consisting of the UID of the receiver node and the watermarked message (Fig. 2(c)). The two tuples appear segregated from the authentic nodes in the network. However, the line of division between the two tuples is unclear to an outsider. In the case of hierarchical architecture, the sensor node in a cluster communicates the information to its cluster head. It further processes the information obtained from all the sensor nodes, agglomerates it whenever necessary, and sends it to the next level cluster head (base station) or broadcasts it to all the nodes in the cluster. The process continues until the information reaches the desired user or the base station. In such a case, the UID field of the transmitted packet consists of the identification number of the cluster head. In the case of flat architecture, transmission occurs in a peer-to-peer fashion, i.e., the sensor node communicates either with the nearby sensor nodes.
Message Encryption
LoSWIAE aims to build robustness in the network by incorporating the need for the authentication of the receiving node before message decryption. Hence, security against an eavesdropper who tries to listen to the communication between two nodes is promised. Herein, the time of the message generation is chosen as an encryption key. The variation between the messages created at different timings ensures the forward and backward secrecy in the network. A node must know the network architecture, i.e., the number of nodes in the network, the UID of the communicating nodes, and their exact location to locate and decode this hidden key. Hence, an adversary node that is not a part of the network will not locate the key. Also, no additional overhead and exchange mechanism is encountered to communicate the key separately because the key is hidden as a watermark in the message itself. The desired encryption–decryption key lies in the portion of time after the radix point and is taken as a millisecond precision. Such a precision requires a maximum of 10 bits when converted to a binary form. Algorithm 1 shows the pseudo-code for message encryption using LoSWIAE. It makes use of the domino effect to increase the robustness of the scheme against attacks by adversaries. Assuming that the variable length message to be communicated is represented by var message, key time is a list having an upper bound of 10 bits and stores the generated encryption key. The msg length and key length store the length of var message and key time, respectively. For Algorithms 1–6, bit positions in the lists start from index 1 to avoid any confusion.
Pseudo-watermark Generation
Encrypting the message using time as an encryption key and utilizing the concept of the domino effect (step 8, Algorithm 1) and making the result of the present block dependent on the previous one ensures that the encrypted message depends on temporal credentials as the message itself. The location of the communicating sender and receiver nodes is used for pseudo-watermark generation. This further upgrades the level of security and reduces the cracking probability. Knowing both the time at which the message is generated and the location of nodes is very less likely for an eavesdropper, who is not a part of the network. Furthermore, this algorithm would protect the network from identity replication, masquerade, and Sybil attack for node and message authentication. Algorithm 2 shows the pseudo-code for pseudo-watermark generation using LoSWIAE. For the proposed algorithm, latitude_s, latitude_r, longitude_s, and longitude_r store the latitude and longitude at which the sending and receiving nodes (with a precision of up to 10 cm) are placed, respectively, count stores the number of ones inextracted loc, and pseudo_w is the desired pseudo-watermark. This requires both the latitude and longitude to be represented in six decimal digits after the radix point. For the addition of floating-point numbers, the value of the radix point is considered to be zero. The maximum number that the latitude and longitude can sum up to is 72 and 74, respectively. A maximum of nine ones can be obtained when converted to binary, including the sum and sign bits.
Algorithm 1. Message encryption
Input: (i) Time from system clock at which the message is generated.
(ii) Original message to be communicated.
Output: Encrypted message having length same as that of the input message.
1. Set key_time, msg_length, key_length = 0.
2. Generate the key for encryption using system clock of the node. Encryption key is the portion of time which conveys the milliseconds.
3. Convert the decimal key obtained in step 2 in binary form and store it in key_time for further processing.
4. For key_time ≠ null // calculate the length of key_time
Add one to key_length
5. For var_message ≠ null // calculate the length of var_message
Add one to msg_length
6. Starting from the most significant position of the var_message, make blocks having block size = key_length.
7. If bits left at the rear end of the message are smaller than the size of the block defined in step 6, make a block of those left over bits. In such a case, the size of the last block would be smaller than rest of the blocks.
8. For each block obtained in step 6, perform bit wise XOR operation between the var_message bits, key_time bits, and the result obtained from the block just prior to the block under consideration. For the first block, consider the previous result to be zero.
9. Replace the original var_message with the encrypted message obtained in step 8.
10. Convert the key_length into binary.
11. Store the binary representation obtained in step 10 in list time_bits in 4-bit notation. If the number of bits is <4, append 0s before it to make it a 4-bit binary number
Algorithm 2. Pseudo-watermark generation
Input: Latitude and longitude of the communicating nodes from lookup table stored in the node.
Output: w bit pseudo-watermark.
1. Set latitude_s, latitude_r, latitude_c, longitude_s, longitude_r, longitude_c, extracted_loc, pseudo_w, count = 0
2. Extract latitude of the sender and receiver node from the look up table into the lists latitude_s and latitude_r respectively.
3. latitude_c = latitude_s + latitude_r
4. For latitude_c ≠ null
n = n + 1. //n stores the length of latitude_c
5. Initialize lat_c=0 // stores the sum of all the digits of latitude_c
6. for (i = 1, i ≤ n, i++) // i is the position indicator of latitude_c
lat_c += latitude_c[i]
7. Repeat steps 2–6 for longitude of the sender and receiver nodes and store the result in lon_c.
8. lat_c = lon_c + lat_c
9. Convert the decimal number obtained in step 8 into binary and store it in the list extracted_loc. Append the sign bit according to sign of the result obtained.
10. Count the number of 1s in the binary number stored in extracted_loc and store it in the variable count.
11. if (count < 3)
count = 9 - count
12. else
count = count
13. End if
14. for ( j = count; extracted_loc[j] ≠ null; j--) // j is the position indicator of extracted_loc.
Extract 1 bit from extracted_loc and store it in the list pseudo_w. //In case number of 1s= =0, then return pseudo_w= 1111.
In case len(extracted_loc) < count, append 0’s before extracted_loc to make len(extracted_loc)=count.
15. return pseudo_w.
Watermark Generation
The third algorithm manipulates pseudo_w according to the UIDs of the sender and receiver nodes, further adding one more dimension to the scheme. Furthermore, this algorithm would ensure that the location of nodes is not compromised if, in the worst case, the message is decrypted and watermark bit positions are traced. For the proposed algorithm, uid_length stores UID (bits) size, and uid sender and uid receiver store the UID number of sender and receiver, respectively. Steps 7–8 of Algorithm 3 start with the most significant bit (MSB) in the case of x = 1. Also, the bit position once XORed cannot be used again for performing the XOR operation. In such a situation, the adjacent element is used in the direction of traversal for completing the assigned task. However, XORed bit has to be counted while traversing the bit positions.
Algorithm 3. Watermark generation
Input: (i) w bit pseudo-watermark, (ii) variable length message, and (iii)unique identity numbers of sender node and the msg_length (iv)count
Output: w bit watermark
1. uid_length = size of (unique identity number of sender node)
2. Set short_msg= int(Msg_length / 10)
3. Initialize x = 1 // x is position indicator of pseudo_w
4. location 1 = ( count+ uid_length)pseudo_w % count
5. location 2 = ( count+ uid_length)var_message % msg_length
6. location 3 = ( count × uid_length)var_message % msg_length
7. If ( short_msg < uid_length)
While (x ≤ count) (location 1)th bit pseudo_w = (location 2)th bit var_message ^ (location1)th bit pseudo_w
x = x + 1
If (location 1)th bit after XORing = 0
Subtract the (uid_length + count) bits from current location to obtain next locations 1 and 2.
Else
Add the (uid_length + count) bits to current location to obtain next locations 1 and 2.
8. Else
(While x ≤ count) (location 1)th bit pseudo_w = (location 3)th bit var_message^ (location1)th bit pseudo_w
x = x + 1
If (location 1)th bit in pseudo_w after XORing = 0
Subtract the (uid_length + count) bits from current location to obtain location1 in pseudo_w and (uid_length × count) bits to obtain location 3 in var_message.
Else
Add (uid_length + count) bits to current location to obtain location1 in pseudo_w and (uid_length × count) bits to obtain location3 in var_message.
9. Return pseudo_w
Algorithm 4. Watermark embedding
Input: w bit pseudo-watermark
(ii) encrypted message
(iii) contents of short_msg and uid_length
Output: (msg_length)bits watermarked message
1. Initialize x =1 // x is position indicator of pseudo_w
2. location 2= ( count + uid_length) var_message% msg_length
3. location 3= ( count × uid_length) var_message % msg_length
4. If ( short_msg < uid_length)
While x ≤ count
Locate the (location 2)th bit in var_message //Start the counting of location 2 from the least significant bit when x = 1
Extract the (x)th bit from pseudo_w //Start the counting of x from the most significant bit when x = 1.
(location 2)th var_message = (location 2)th var_message ^(x)th pseudo_w
x = x + 1
Subtract (uid_length+count) bits from current location to obtain next location2 in var_message.
5. Else
While x ≤ count
Locate the (location 3)th bit in var_message //Start the counting for location3 from the least significant bit when x = 1
Extract the (x)th bit from pseudo_w//Start the counting of x from the most significant bit when x = 1.
(location3)th var_message= (location3)th var_message ^ (x)th pseudo_w
x = x + 1
Subtract (uid_length × count) bits from current location to obtain next location 3 in var_message.
6. Return var_message
Key Hint Generation and Embedding
The crux of the proposed scheme lies in Algorithms 5 and 6 for key hint generation and embedding and for key and watermark detection, respectively. Algorithm 5 generates the hint for the receiver node to identify the locations where the decryption key resides. The hint is hidden in the message where it can be obtained only by an authentic node. The specialty of this algorithm is its simple yet robust nature. It makes use of both the geographical and temporal credentials of the node and message, respectively.
Key and Watermark Detection
Message sent from the sender node is routed according to the receiver UID. The message communicated on the channel is a one-tuple information, i.e., no separation exists between the two portions corresponding to the UID and the message in the transmitted packet on the communicating channel. Nodes that are a part of the network are aware of the number of bits used to represent the UID and can further process the information. Every possible combination corresponding to every possible number of bits in the UID has to be tried because an adversary is unaware of the number of bits required to represent the UID number and the number of bits of the message transmitted. It will require a very high number of trials. For example, if the message transmitted is 32 bits, the combinations of UID bits and message bits could range from 1-bit UID and 31-bit message to 31-bit UID and 1-bit message to anything in between. Algorithm 6 shows the pseudo-code for key and watermark detection.
Algorithm 5. Key hint generation and embedding
Input: UID number of the sender and receiver node (ii) message returned (iii) location of the sender and receiver node (iv) time at which message is generated in binary form (v) key_length
Output: Encrypted and watermarked message string.
1. For (x = 1, x≤ uid_length, x++)
Extract the bits in var_message obtained after watermark embedding and store them in uid_s
2. Extract the UID of the sender and receiver node from the look up table into the lists uid_sender and uid_receiver respectively.
3. uid_s =uid_receiver + uid_s // Ignore the final carry if the carry is obtained.
4. Calculate the decimal equivalent of uid_s and store the result in variable deci
5. If (deci x 19 > (msg_length + 4+key_length))
Deci = int(deci/2)
If (deci x 19 > x (msg_length + 4+ key_length ))
Deci = deci/2
Else
Deci = deci r
6. Set e = deci //e is the position indicator of var_message
7. uid_sender = uid_sender || time_bits || key_time
8. Set y = uid_length
9. location 5 = e + y
10. location 6 = e + y + 1
11. For (x ≤ uid_length + 4 + key_length )
e = e + deci; x = x + 1
//Extract the xth bit from the uid_sender obtained in step 7 starting from the MSB. Locate (location 5)th bit in the message obtained after the execution of above algorithm.
//Shift bits starting (location 6)th position 1 bit to the right. Append the extracted xth bit at the vacant position created as a result of shifting of bits.
12. return var_message
Algorithm 6. Key and watermark detection
Input: Encrypted message from the sender node. Let the encrypted message be represented by enc_msg.
Output: Decryption key, watermarked bits, location of sender and receiver nodes and the original message.
1. Store the first g bits from the enc_msg into uid_s. Here g=uid_length of the receiver node.
2. uid_s = uid_receiver + uid_s // Ignore the final carry if the carry is obtained.
3. Calculate the decimal equivalent of uid_s and store the result in variable deci
4. If (deci x 19 > len(enc_msg)-uid_length)
Deci = deci/2
If (dec x 19 > x (len(enc_msg) - uid_length))
Deci = deci/2
else
Deci =deci
5. Set e = deci, y = uid_length
6. location1= e+y-x
7. location 2 = e + y – x + 1
8. For (x = −1; x ≤ uid_length + 2; x++ )
Extract the (location 1)th bit from the var_message obtained from the receiver : uid_sender.
e = e + deci // Shift bits starting (location 2)th position in var_message 1 bit to the left.
return e, uid_sender, var_message
9. For (z = uid_length + 1; z ≤ uid_length + 4; z++) //z is the position indicator of uid_sender (step 8)
Extract bits from uid_sender obtained in step 8 and store it in list time_bit.
10. Resize uid_sender(step 8) starting from the most significant bit to make it equal to uid_length.
11. Convert the binary number so obtained in step9 into decimal and store it in codeci.
12. x = uid_length+3
13. For (p = 1; p ≤ codeci; p++)
Extract the (location 1)th bit from the var_message obtained in step8 and store it in the list key_time.
Shift bits starting (location 2)th position 1 bit to the left.
e = e + deci; x = x + 1
// This is the required decryption key i.e. the time at which the message was generated. Only an authentic node will have an access to location of sender and receiver node.
14. Store the remaining message in the list var_message bit by bit. // The length var_message would be equal to length (enc_msg)-number of watermarked bits.
15. Extract the location of receiver node from the location sensors of the node and location of sender node from the look up table present in the node.
16. Repeat steps 3–15 of Fig. 4 and steps 2–9 of Fig. 5 to obtain pseudo_w.
17. Repeat algorithm in Fig. 6 to obtain the positions where XOR operation has been performed with pseudo_w
18. Using the property of XOR: If a^b = c, then a^c = b and b^c = a, obtain the encrypted message.
19. Decrypt the message obtained in step 14 using the decryption key key_time obtained in step 13.
20. Original_message = var_message ^ key_time for each block.
Consider a wireless sensor network with two communicating nodes. A message of 128 bits (randomly chosen to show the efficiency of the network) is to be sent from a node situated at a location (latitude: +78.982765, longitude: +123.808017) to a node situated at a location (latitude: +56.825760, longitude: +87.004679). Let the UID number of sender and receiver nodes be 101011 and 110010, respectively. Let the time at which the message is generated be 16:23:11:451. Examples depicting the use of the proposed scheme stepwise are shown in Figs. 3–7. Let the message to be communicated be: 1010101010101010101010101010101010101010101010101010101010100101010101010101010101010101010101010101010101010101010101010101010.
Fig. 3. (a) Message encryption and (b) domino effect on block 2 of the message. Result obtained in block 1 XORed with the contents of block 2.
Fig. 4. (a) Watermark generation and (b) pseudo-watermark generation.
Fig. 5. (a) Watermark embedding, (b) key hint generation and embedding, and (c) calculation of bit positions.
Fig. 6. Calculation to obtain bit positions of var_message and uid_sender. Extent of dissimilarity between the original message and the message sent to the receiver node.
Fig. 7. (a) Key and watermark detection and (b) calculation of location 1.
The proposed LoSWIAE scheme is implemented in Python programming language for random test vectors of 32, 64, and 128 bits. The simulations took a maximum of 1–2 minutes when performed on a machine with an i7 processor and 16 GB RAM. The complexity of the algorithm is roughly 2n at both sender’s and receiver’s sides based on the location parameters and the UID length. The only information that an adversary can have for an ongoing message from the sender to the receiver node is given by Equation (1) because the number of bits used to represent the UID number of the sender and receiver nodes, location of the nodes, and the time at which the message is generated is scalable. Thus, the total length is a function of (uid length, count, key time, and msg length). Consequently, only the total number of bits transmitted is available to an adversary eavesdropping on the communicated message, while the number of possible combinations of individual terms sums up to the left-hand side of the Equation (1) along with the correct permutation of bits is very high. For instance, all the combinations (4, 4, 6, and 135), (8, 3, 8, and 126), and (12, 9, 9, and 111) sum up to a total of 153 bits (total length for illustration in Section 4).
LoSWIAE performance is analyzed in terms of cracking probability and communication overhead. Consider a case in which information is being communicated from an isolated military base A to a location headquartered at B at a far-off distance. For an adversary to decrypt, manipulate, and send the message as an authentic node located in base camp A, the network architecture, the number of nodes in the network, the location of communicating nodes, the time at which the message was generated, and the UID numbers of the communicating nodes will have to be known. Guessing this high precision (centimeters) in an area of a few kilometers (assuming A to be spread over a few kilometers) is highly improbable. As explained earlier, using the time stamp as the key makes it difficult to deduce the encryption–decryption key and decipher the message. The number of trials required would be 2m where m is the length of the message communicated even in the case of a brute force attack. Furthermore, if an eavesdropper gets hold of the message and tries to make even subtle changes in the message, the final result would be drastically modified due to the domino nature of the algorithm, thus ensuring an integrity check. The discovery of the exact location of the sender node is a challenging task and LoSWIAE would prove to be a paragon in most of the applications of WSN with geographical variations like underground coal mines, hazardous gas stations, oceanographic monitoring, and so on.
Cracking probability: Cracking probability refers to the probability that an adversary may be able to decrypt the communicated message and manipulate it to originate from an authentic node. The cracking probability of LoSWIAE is computed as follows: the number of bits (n) required for UID of the receiver can be calculated by Equation (2), and the probability that an adversary would correctly obtain the number of bits required to represent the UID of the receiver node can be calculated by Equation (3). For intra-network communication, the number of bits required to represent the UID of the sender node can be calculated. For an m bit message communicated, the probability of obtaining the correct positions of the sender’s UID for the correct number of UID receiver’s bits can be calculated by Equation (4). The probability of obtaining j correct positions for the number of time bits can be calculated by Equation (5). Moreover, the probability of obtaining k correct positions of the watermarked key time bits can be calculated by Equation (6). Furthermore, the probability of obtaining one correct position of the bits in which the XOR operation is performed can be calculated by Equation (7). Hence, from Equations (3)–(7), the cracking probability is obtained as calculated by Equation (8) where u is the number of bits in the UID of the receiver node. The cracking probability for the given illustration of the 128-bit message and 6-bit UID, considering the location and time at which the message is generated, is found to be 7 × 10−55. The maximum, minimum, and average cracking probabilities for 32- and 64-bit combinations of inputs are shown in Figs. 8–10. A similar trend of cracking probabilities is observed for the original message length of 128- and 256-bit as shown in Fig. 11.
Comparison of cracking probability and overheads of the proposed with existing schemes
| Scheme |
Msg length (bits) |
UID length (bits) |
Crack prob |
Tx over (µJ) |
Rx over (µJ) |
| LoWaNA [28] |
128 |
6 |
4.00E-13 |
84.4 |
93.8 |
| 64 |
5 |
3.41E-09 |
44.4 |
49.5 |
| 32 |
4 |
7.24E-06 |
24 |
26.8 |
| LoSWIAE |
128 |
6 |
3.45E-45 |
89.7 |
100.16 |
| 64 |
5 |
4.76E-37 |
50.1 |
55.94 |
| 32 |
4 |
4.36E-29 |
29.7 |
33.16 |
Communication overhead of LoSWIAE refers to the number of bits transmitted from the sender node to the receiver node. The overhead for LoSWIAE includes bits required to transmit the vital information, the watermarked bits, the decryption key, and the header (includes the UID of the receiver node according to the network model of the proposed scheme). As per MICAz specifications, to transmit and receive 1 bit of information, 0.60 and 0.67 µJ of energy is consumed, respectively [21]. Communication overhead for various combinations of inputs is shown in Fig. 12. For illustration, the transmission and reception overhead are 91.8 and 102.51 µJ, respectively.
Fig. 12. Comparison of communication overhead of LoSWIAE with LoWaNA [28].
Comparative Analysis
Due to the dearth of studies in the field of authentication and encryption in MWSN using watermarking and the lack of comparable data, LoSWIAE is compared with a recently published scheme LoWaNA [28]. Fig. 11 shows the comparative evaluation of LoSWIAE in terms of cracking probability and communication overhead. The proposed scheme is found to be more efficient by a factor of 1,032 for a message length of 128 bits, 1,028 for a message length of 64 bits, and 1,023 for a message length of 32 bits compared to LoWaNA [25]. This high efficiency is achievable in a trade-off with an infinitesimal increase in communication overhead (Fig. 9). In terms of the security analysis: the use of the key_time as the time information of message generation helps protect against the Replay attack. The sensor node impersonation and DDoS attacks are addressed by the improved cracking probability. The MITM attack is addressed by the XORing function for identity checks explained earlier.
Conclusion
This paper proposes a scalable and low overhead integrated authentication and encryption scheme based on watermarking. The proposed scheme amalgamates the advantages of authentication and encryption through watermarking and is scalable, reversible, and self-sustainable which sets it apart from other authentication and encryption schemes in MWSNs. Algorithms of LoSWIAE proposed in the scheme make use of single-clock cycle operations (e.g., XOR, shift, insertion, and extraction), thus making the scheme computationally inexpensive. The proposed scheme is devised with an accuracy of a millisecond of temporal credentials and a resolution of a few centimeters in geographical credentials. The performance of the scheme is analyzed in terms of cracking probability and communication overhead. This opens an insight into lightweight and scalable watermarking-based algorithms for WSN that provides security features proven by computationally expensive cryptographic algorithms. However, owing to the vulnerability of the physical nodes, any adversary using artificial intelligence can steal their sensitive information which may pose further challenges. Therefore, future work may include testing the proposed approach for PUF-enabled IoMT applications.
Acknowledgements
Authors acknowledges to the University Kebangsaan Malaysia for supporting this work.
Author’s Contributions
Conceptualization, HV, MKH, HS, SI, MSM. Funding acquisition, HV, MKH, HS, SI, MSM. Investigation and methodology, HV, AKMAH, MKH, MSA, HA. Supervision, HV, MKH, HS, SI, MSM. Writing of the original draft, HV, MKH, HS, SI, MSM. Writing of the review and editing, HV, MKH, HS, SI, MSM. Software, HV, MKH, HS, SI, MSM. Data curation, AKMAH, MSA, HA.
Funding
This research was supported by the GP-2021-K023208 grant through the National University of Malaysia (UKM), Also, this research was supported by Taif University Researchers Supporting Project number (TURSP-2020/216), Taif University, Taif, Saudi Arabia.
Competing Interests
The authors declare that they have no competing interests.
Author Biography
Paper Title: A Scalable and low Overhead Authentication and Encryption Scheme for Medical Wireless Sensor Networks
Name: Harpreet Vohra
Affiliation: Thapar Institute of Engineering and Technology, Patiala, India
Biography: Harpreet Vohra is a faculty in Electronics and Communication Engineering Department, at Thapar Institute of Engineering & Technology, Patiala since 2006. She has earned PhD in Test Solution development for System on chip and holds her Master’s degree with distinction in VLSI Design. She has more than 14 years of experience in teaching and research both at UG/PG levels She has guided more than 30 UG projects and Master’s thesis in the areas of communication, low power VLSI design and Design for testability. She is professional member IEEE and Ex-Com member of Rajasthan chapter of IEEE photonics society. She has published many papers in several reputed international conferences and journals. Her areas of interest include machine learning and its applications in the domain of VLSI test.
Name: Mohammad Kamrul Hasan
Affiliation: Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), 43600 Bangi, Malaysia.
Biography: Dr. Mohammad Kamrul Hasan is currently working as an Assistant Professor at the center for Cyber Security, Universiti Kebangsaan Malaysia (UKM). He completed a Doctor of Philosophy (Ph.D.) degree in Wireless Communication and Network Engineering from the faculty of Engineering, International Islamic University, Malaysia, in 2016. Dr. Kamrul is a Senior Member of the IEEE, and member of the IET, and a member of the Internet Society. His research interest includes telecommunications, Internet of Things, Vehicular networks, Smart grid Technologies, microprocessor and Interfacing, and cyber-physical Security. He has been published more than 130 SCIE and SCOPUS indexed journal papers.
Name: Harsh Shukla
Affiliation: Thapar Institute of Engineering and Technology, Patiala, India
Biography: Harsh Shukla is a final year undergraduate student in the Department of Electronics and Communications Engineering, Thapar Institute of Engineering and Technology, Patiala, Punjab, India. He has worked on projects based on IOT and Machine learning. His research interests include wireless sensor networks and machine learning.
Name: Ravie Chandren Muniyandi
Affiliation: Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), 43600 Bangi, Selangor, Malaysia
Biography: Ravie Chandren Muniyandi completed his Ph.D. in computer science in 2011. He is currently an Associate Prof. at the Faculty of Information Science and Technology, National University of Malaysia (UKM). His research interests are in software security, network security, intelligent security (smart city, cloud, IoT), parallel and distributed computing, bio-inspired computing (membrane computing), and programming technology. He has published high-quality research in more than 100 journals and conference proceedings. He has led five research projects that have been completed successfully. He has also been accorded Professional Technologist (Ts.) in Information Technology by MBOT since 2018.
Name: Hesham Alhumyani
Affiliation: Department of computer Engineering, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
Biography: Dr. Hesham Alhumyani is working in Department of Computer Engineering in College of Computers and Information Technology Taif University at Taif Saudi Arabia. He has appointed as a faculty Dean in 2019. He has obtained his Ph.D. Degree from University of Connecticut Storrs, USA. His research interests are Wireless Sensor Networks, Underwater Sensing, IoT (Internet of Things), and Cloud Computing. Dr. Hesham Alhumyani has published many research papers in distinctive journals and conferences.
Name: Mohammed S. Alzaidi
Affiliation: Department of Electrical Engineering, College of Engineering, Taif University, P.O. Box 11099,Taif 21944, Saudi Arabia.
Biography: Mohammed S. Alzaidi received the B.Sc. degree in Electrical Engineering from Umm Al-Qura University, Makkah, Saudi Arabia, in 2007, the M.Eng. degree and Ph.D. in Electrical Engineering from Stevens Institute of Technology, Hoboken, NJ, USA in 2014, 2019, respectively. He is currently an Assistant Professor with the Department of Electrical Engineering, Faculty of Engineering, Taif University, Saudi Arabia. He is also the Vice Dean of the Deanship of Scientific Research at Taif University. His research interests include nano molecular communications, wireless communications, signal processing, digital techniques, machine learning, and deep learning.
Name: Manpreet S Manna
Affiliation: Instrumentation and Control Engineering, Sant Longowal Institute for Engineering and Technology, Longowal Punjab, India
Biography: Starting his teaching profession as Lecturer from Sant Longowal Institute of Engineering & Technology in 1997, he attained the position of Director, All India Council for Technical Education under Ministry of HRD, India on deputation from 2014 to 2018. He also worked as Director of “SWAYAM MOOCs” project and Prime Minister Special Scholarship Scheme. He also taught in AIT, Bangkok for January 2012 session as Visiting Associate Professor by MHRD, Govt. of India. Dr. Manna has published about 140 Research Publications in indexed journals and participated in conferences. He is the editor and reviewer for many International Referred Journals.
Name: Shayla Islam
Affiliation: Institute of Computer Science and Digital Innovation, UCSI University, Kuala Lumpur, Malaysia
Biography: Dr. Shayla Islam is currently working as an Assistant Professor at the Institute of Computer Science and Digital Innovation (ICSDI), UCSI University, Malaysia. She has completed a Ph.D. degree from the Electrical and Computer Engineering department at International Islamic University Malaysia (IIUM) in 2016 under the Malaysian International Scholarship (MIS) by the Ministry of Higher Education (MoHE) Malaysia. Her current research interests include Mobile Networks in 5G environment, Telecommunications, Cyber-Physical and Network Security. She published more than 90 papers in international journals and conferences (WoS/ ESCI/Scopus indexed). Dr. Shayla received 384 citations in Google Scholar, with H-index is 12.
Name: A K M Ahasan Habib
Affiliation: Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), 43600 Bangi, Selangor, Malaysia
Biography: A K M Ahasan Habib received B.Sc. in EEE from Daffodil International University (DIU) in 2015 and M.Sc. in EE from International Islamic University Malaysia in 2018. He joined in DIU as a Research Associate (Teaching Position) in august 2018 and served till Dec, 2020. He founded a research institute named "North Garth Institute of Technology" in february, 2020. Currently, he is a PhD student in the Universiti Kebangsaan Malaysia. His research interests are Electric Vehicles Energy Storage and Management System, Smart Grid and Cyber Security System
References
[1]
E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. De Caro, et al., “Hyperledger fabric: a distributed operating system for permissioned blockchains,” in Proceedings of the 13th EuroSys Conference, Porto, Portugal, 2018, pp. 1-15.
[2]
G. Blossey, J. Eisenhardt, and G. Hahn, “Blockchain technology in supply chain management: an application perspective,” in Proceedings of the 52nd Hawaii International Conference on System Sciences, Maui, HI, 2019..
[3]
S. Pesic, M. Radovanovic, M. Ivanovic, M., Tossic, O. Ikovic, and D. Boskovic, “Hyperledger fabric blockchain as a service for the IoT: proof of concept,” in Model and Data Engineering. Cham, Switzerland: Springer, 2019, pp. 172-183.
[4]
M. A. Khan and K. Salah, “IoT security: review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.
[5]
C. Qu, M. Tao, J. Zhang, X. Hong, and R. Yuan, “Blockchain based credibility verification method for IoT entities,” Security and Communication Networks, vol. 2018, no. 7817614, 2018.
https://doi.org/10.1155/2018/7817614
[6] J. H. Park, S. Rathore, S. K. Singh, M. M. Salim, A. E. Azzaoui, T. W. Kim, Y. Pan, and J. H. Park, “A comprehensive survey on core technologies and services for 5G security: taxonomies, issues, and solutions,” Human-centric Computing and Information Sciences, vol. 11, article no. 3, 2021.
https://doi.org/10.22967/HCIS.2021.11.003
[7]
M. Pustisek and A. Kos, “Approaches to front-end IoT application development for the Ethereum blockchain,” Procedia Computer Science, vol. 129, pp. 410-419, 2018.
[8] S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” 2008 [Online]. Available: https://bitcoin.org/en/bitcoin-paper.
[9] R. Ch, G. Srivastava, T. R. Gadekallu, P. K. R. Maddikunta, and S. Bhattacharya, “Security and privacy of UAV data using blockchain technology,” Journal of Information Security and Applications, vol. 55, article no. 102670, 2020.
https://doi.org/10.1016/j.jisa.2020.102670
[10] R. Kumar, P. Kumar, R. Tripathi, G. P. Gupta, T. R. Gadekallu, and G. Srivastava, “SP2F: a secured privacy-preserving framework for smart agricultural unmanned aerial vehicles,” Computer Networks, vol. 187, article no. 107819, 2021.
https://doi.org/10.1016/j.comnet.2021.107819
[11] C. Rupa, G. Srivastava, T. R. Gadekallu, P. K. R. Maddikunta, and S. Bhattacharya, “A blockchain based cloud integrated IoT architecture using a hybrid design,” in Collaborative Computing: Networking, Applications and Worksharing. Cham, Switzerland: Springer, 2021, pp. 550-559.
[12] I. W. G. Kwon and T. Suh, “Factors affecting the level of trust and commitment in supply chain relationships,” Journal of Supply Chain Management, vol. 40, no. 1, pp. 4-14, 2014.
[13] J. M. Song, J. Sung, and T. Park, “Applications of blockchain to improve supply chain traceability,” Procedia Computer Science, vol. 162, pp. 119-122, 2019.
[14]
S. Kim, G. C. Deka, and P. Zhang, Role of Blockchain Technology in IoT Applications. Cambridge, MA: Academic Press, 2019.
[15] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of Trust: a decentralized blockchain-based authentication system for IoT,” Computers & Security, vol. 78, pp. 126-142, 2018.
[16] S. Rouhani and R. Deters, “Security, performance, and applications of smart contracts: a systematic survey,” IEEE Access, vol. 7, pp. 50759-50779, 2019.
[17]
A. Reyna, C. Martin, J. Chen, E. Soler, and M. Diaz, “On blockchain and its integration with IoT: challenges and opportunities,” Future Generation Computer Systems, vol. 88, pp. 173-190, 2018.
[18]
A. Halldorsson, H. Kotzab, J. H. Mikkola, and T. Skjott‐Larsen, “Complementary theories to supply chain management,” Supply Chain Management, vol. 12, no. 4, pp. 284-296, 2007.
[19]
A. Rejeb, S. Simske, K. Rejeb, H. Treiblmaier, and S. Zailani, “Internet of Things research in supply chain management and logistics: a bibliometric analysis,” Internet of Things, vol. 12, article no. 100318, 2020.
https://doi.org/10.1016/j.iot.2020.100318
[20] H. Birkel and J. M. Muller, “Potentials of industry 4.0 for supply chain management within the triple bottom line of sustainability: a systematic literature review,” Journal of Cleaner Production, vol. 289, article no. 125612, 2021.
https://doi.org/10.1016/j.jclepro.2020.125612
[21] S. A. R. Khan, Z. Yu, H. Golpira, A. Sharif, and A. Mardani, “A state-of-the-art review and meta-analysis on sustainable supply chain management: future research directions,” Journal of Cleaner Production, vol. 278, article no. 123357, 2021.
https://doi.org/10.1016/j.jclepro.2020.123357
[22]
C. S. Singh, G. Soni, and G. K. Badhotiya, “Performance indicators for supply chain resilience: review and conceptual framework,” Journal of Industrial Engineering International, vol. 15, no. 1, pp. 105-117, 2019.
[23] R. Kamath, “Food traceability on blockchain: Walmart’s pork and mango pilots with IBM,” The Journal of the British Blockchain Association, vol. 1, no. 1, pp. 47-53, 2018.
[24] S. Saberi, M. Kouhizadeh, and J. Sarkis, “Blockchains and the supply chain: Findings from a broad study of practitioners,” IEEE Engineering Management Review, vol. 47, no. 3, pp. 95-103, 2019.
[25] S. Malik, V. Dedeoglu, S. S. Kanhere, and R. Jurdak, “Trustchain: trust management in blockchain and IoT supported supply chains,” in Proceedings of 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, 2019, pp. 184-193.
[26]
P. K. R. Maddikunta, Q. V. Pham, B. Prabadevi, N. Deepa, K. Dev, T. R. Gadekallu, R. Ruby, and M. Liyanage, “Industry 5.0: a survey on enabling technologies and potential applications,” Journal of Industrial Information Integration, vol. 26, article no. 100257, 2022.
https://doi.org/10.1016/j.jii.2021.100257
About this article
Cite this article
Harpreet Vohra1, Mohammad Kamrul Hasan2,*, Harsh Shukla1, Ravie Chandren Muniyandi2, Hesham Alhumyani3, Mohammed S. Alzaidi4, Manpreet S Manna5, Shayla Islam6,*, and A. K. M. Ahasan Habib2, A Low Overhead and Scalable Authentication and Encryption Scheme for Medical Wireless Sensor Networks, Article number: 13:05 (2023) Cite this article 2 Accesses
Download citation
- Received22 March 2022
- Accepted28 March 2022
- Published30 January 2023
Share this article
Anyone you share the following link with will be able to read this content:
Provided by the Springer Nature SharedIt content-sharing initiative
Keywords
ArticlesAll Issue
