Secure real-time routing protocol with load distribution in wireless sensor networks

Transcription

1 SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2011; 4: Published online 25 May 2010 in Wiley Online Library (wileyonlinelibrary.com)..214 RESEARCH ARTICLE Secure real-time routing protocol with load distribution in wireless sensor networks Adel Ali Ahmed 1 and Norsheila Fisal Fisal 2 1 Faculty of Engineering and Information Technology, Taiz University, Taiz, Republic of Yemen 2 University Technology Malaysia, Telecomminication, Johor Bahru, Johor Darul Ta zim, Malaysia ABSTRACT Wireless sensor network (WSN) is a wireless ad hoc network that consists of a very large number of tiny sensor nodes communicating with each other with limited power and memory constrain. WSN demands real-time forwarding which means messages in the network are delivered according to their end-to-end deadlines (packet lifetime). Since many sensor networks will be deployed in critical applications, security is essential. Recently, many real-time routing protocols have been proposed, but none is designed with security. This paper proposes a novel secure real-time with load distribution (SRTLD) routing protocol that provides secure real-time data transfer and efficient distributed energy usage in WSN. The SRTLD routing protocol ensures high packet throughput and minimized packet overhead. It has been successfully studied and verified through simulation and real test bed implementation. Copyright 2010 John Wiley & Sons, Ltd. KEYWORDS random number; real-time packet; end-to-end delay; remaining power; packet velocity * Correspondence Adel Ali Ahmed, Faculty of Engineering and Information Technology, Taiz University, Taiz, Republic of Yemen. engadel2003@hotmail.com 1. INTRODUCTION The recent technological advancement in wireless communications, micro-electro-mechanical systems (MEMS), and digital electronics have led to the development of low cost, low power, multifunctional sensor nodes that are small in size and communicate within short distances [1]. As it can be shown in Figure 1, the tiny sensor node consists of sensing, data processing, and communicating components. The sensor nodes can be interconnected to form a network defined as wireless sensor network (WSN). WSN consists of a very large number of sensor nodes, which are densely deployed either inside an event area or in proximity. WSN enables reliable monitoring and analysis of a physical environment. Real-time communication is necessary in many WSN applications. For example, in a fire fighting application, appropriate actions should be made in the event area immediately as delay may cause huge damages further. The sensor data collected and delivered must still be valid at the time of decision making since late delivery of data may endanger the fire fighter s life. The general research challenges for multi-hop routing in WSN arise primarily due to the large number of constraints that must be simultaneously satisfied. One of the most important constraints on sensor nodes is the low power consumption requirement. Sensor nodes carry limited, generally irreplaceable power sources. WSN applications must operate for months or years without wired power supplies and battery replaced or recharged. Therefore, the power consumption must be considered while designing multi-hop routing in order to prolong the WSN lifetime [2]. Since many WSNs will be deployed in critical applications, security is essential. Unfortunately, security may be the most difficult problem to solve in WSNs [3,4]. In particular, it is easy to eavesdrop or cause a network layer attacks, which fall into one of the following categories: manipulating routing information, selective forwarding, Sybil, sinkhole, wormhole, and Hello flooding (unidirectional) attacks. Furthermore, most real-time communication and coordination routing protocols do not address security, so it is easy for an adversary to exploit those routing protocols on a given WSN [5,6]. Lightweight security schemes are required in real-time routing protocols for WSN. The security for real-time routing protocols must exploit the nature of the sensor network and relate to issues such as most data is only valid for a short time [3,5]. Real-time routing protocols designed for WSN must therefore, balance real-time performance, energy efficiency, and data security. Copyright 2010 John Wiley & Sons, Ltd. 839

2 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Figure 1. WSN with mutli-hop communication. This paper presents secure real-time with load distribution (SRTLD) routing protocol that depends on optimal forwarding (OF) decision that takes into account of the link quality (LQ), packet delay time, and the remaining power of next hop sensor nodes. It possesses built-in and an enhanced security measure. The random selection of a next hop node using location aided routing and multi-path forwarding contributes to built-in security measure. The encryption and decryption with authentication of the packet header further supplement secure packet transfer. The SRTLD routing protocol in WSN has been successfully studied and verified through simulation and real test bed implementation. The remaining parts of this paper are organized as follows: Section 2 will present related work. The overview of security attacks will be described in Section 3 and Section 4 will describe the SRTLD design concepts. Section 5 will present the simulation study of SRTLD and test bed studies will be described in Section 6. Finally Section 7 will conclude the paper. 2. RELATED WORK WSN constrains mainly affect data routing and data security between sensor nodes. The related research to this paper can be classified into two categories as describes as follows Real-time routing protocol for WSNs A comprehensive review of the challenges and the state of the art of real-time communication in sensor networks can be found in Ref. [7]. Lu et al. [8] develop real-time architecture and protocols (RAP) based on velocity. RAP provides service differentiation in the timeliness domain by velocity-monotonic classification of packets. Based on packet deadline and destination, its required velocity is calculated and its priority is determined in the velocitymonotonic order so that a high velocity packet can be delivered earlier than a low velocity one. Similarly, SPEED is a stateless protocol for real-time communication in WSN. It bounds the end-to-end communication delay by enforcing a uniform communication speed in every hop in the network through a novel combination of feedback control and non-deterministic QoS aware geographic forwarding [2]. MM-SPEED is an extension to SPEED protocol [9]. It was designed to support multiple communication speeds and provides differentiated reliability. Scheduling messages with deadlines focuses on the problem of providing timeliness guarantees for multi-hop transmissions in a real-time robotic sensor application [10]. In such application, each message is associated with a deadline and may need to traverse multiple hops from the source to the destination. Message deadlines are derived from the validity of the 840 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

3 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol accompanying sensor data and the start time of the consuming task at the destination. The authors propose heuristics for online scheduling of messages with deadline constraints as follows: schedules messages based on their per-hop timeliness constraints, carefully exploit spatial reuse of the wireless channel, and explicitly avoid collisions to reduce deadline misses. A routing protocol called real-time power control (RTPC) uses velocity with the most energy efficient forwarding choice as the metrics for selecting forwarding node [11]. A key feature of RTPC is its ability to send the data while adapting to the power of transmission. However, RTPC, RAP, SPEED, MM-SPEED, and Ref. [10] depend on the velocity which is not sufficient to provide high throughput in wireless communication. The best LQ usually provides low packet loss and energy efficient [12]. On the other hand, RTPC uses minimum hop count as a metric to provide energy efficient forwarding. However, the minimum hop count affects the delivery ratio [13] Data security of WSN Several solutions for securing WSNs have been proposed in the literature. TinySec by Karlof et al. [14] presents two different security options: authenticated encryption (TinySec-AE) and authentication only (TinySec-Auth). In TinySec-AE, TinySec encrypts the data payload and authenticates the packet with a message authentication code. The message authentication code is computed over the encrypted data and the packet header. In TinySec-Auth, TinySec authenticates the entire packet with a message authentication code, but the data payload is not encrypted. TinySec currently runs on MICA platforms. TinySec-AE and TinySec-Auth increase packet latencies (compared to the current TinyOS stack) by 56.6 and 53.4 ms, respectively. TinySec does not provide a secure localization, secure routing mechanism while the proposed security algorithm addresses these weaknesses. It requires 728 bytes of RAM and 7146 bytes of program space. TinyHash based on hash algorithm for WSNs is a modified security method for TinySec [15]. It implements security components for message hash and authentication using Secure Hash Algorithm 1 (SHA1) function instead of using Cipher Block Chaining-Message Authentication Code (CBC-MAC) based on SkipJack, which is offered in TinySec. TinyHash uses Hash Message Authentication Code (HMAC) scheme for authentication and SHA1 for message digest. It is implemented on Telos mote using SHA1 8 bits version in order to have the compatibility with MICA mote series. SHA1 requires 140 bytes of RAM and 3504 bytes of ROM. Also, it requires 35 ms execution time for 160 bits data packet. HMAC has twice the size of SHA1 algorithm and has twice the execution time of SHA1. Researchers in Cambridge University proposed an encryption algorithm, the Tiny Encryption Algorithm (TEA) [16]. It is based on an alternative application of a large number of iterations with XORs and additions operations, rather than on preset tables. The running time of the TEA algorithm per one-hop is ms and requires 1140 bytes of memory size [17]. Yang et al. [18] demonstrate a location-based resilient security (LBRS) solution. LBRS proposes a location-based approach in which the secret keys are bound to geographic locations, and each node stores a few keys based on its own location. LBRS has been designed on MICA2 motes. LBRS required 2.8 s to derive the cell keys in the bootstrapping phase. It reported 20 ms to execute the message authentication code and requires 10K bytes of memory size. Enhancing Base Station Security in WSNs is proposed in Ref. [19]. This security method devises two different solutions, one applicable during the route discovery phase and the other applicable after the route discovery phase. The authors in Ref. [19] made real experiment to estimate the required processing time to implement the security operation in MICA2 mote. The execution time in LFSR is 48 ms to forward a packet per one-hop. LFSR requires 1300 bytes in ROM and 110 bytes in RAM. One-time pad was invented by Kahn [20]. It is a very simple security system and is unbreakable [21]. The pad is a block of random data equal in length to the original message and one copy of the pad is kept by each user. The word random is used in its most literal possible sense here. If the data on the pad is not truly random, the security of the pad is reduced. The pad is used by XORing every bit of the pad with every bit of the original message. Once the message is encoded with the pad, the pad is destroyed and the encoded message is sent. On the recipient side, the encoded message is XORed with the duplicate copy of the pad and the plaintext message is generated. The drawbacks of this mechanism are producing real random number is complicated and a one-time pad does not provide data authenticity [21]. Furthermore, if an adversary captures and stores an encrypted message C = M XOR X, where X is the one-time pad, and later on gets X (steals the code book), then he can decode: M = X XOR C. The same holds for any existing private or public key encryption scheme. The existing security methods are not applicable for real-time routing in WSNs because the execution time for one-hop is high and WSNs have density deployment where hundreds of nodes need more time to process security mechanism. 3. ATTACKS ON WSNS ROUTING Many WSN routing protocols are quite simple, and for this reason are sometimes even more susceptible to attacks against general ad hoc routing protocols. In WSN, an adversary can either deploy his own node or compromise some nodes. The manipulated sensor data attacks are divided into two classes that include manipulating user data directly and influencing the underlying routing topology. SRTLD defends against the attacks that influence the underlying routing protocol such as selective forwarding, sinkhole, Sybil, wormholes, and HELLO flood attacks [5,6,22--24]. Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 841

4 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Optimal forwarding determined. In order to carry out the OF calculation, the routing management calculates three parameters namely packet velocity, LQ, and remaining power (remaining battery) for every one-hop neighbors. Eventually, the router management will forward a data packet to the one-hop neighbor that has an OF. The OF is computed as follows: OF = max(λ 1 PRR + λ 2 (V batt /V mbatt ) Figure 2. Block diagram of SRTLD routing protocol. 4. DESIGN OF SRTLD IN WSN In order to develop real-time routing in WSN, the packet velocity is utilized in the forwarding calculation. The wireless LQ at the physical layer is studied to predict the communication between sensors. In addition, the remaining power is estimated to spread all traffic load distribution during path forwarding to the destination. In Figure 2, SRTLD consists of five functional modules that include location management, routing management, power management, neighborhood management, and security management. The location management in each sensor node calculates its location based on the distance to three pre-determined neighbor nodes. The power management determines the state of transceiver and the transmission power of the sensor node. The neighborhood management discovers a subset of forwarding candidate nodes and maintains a neighbor table of the forwarding candidate nodes. The routing management computes the OF choice, makes forwarding decision, and implements routing problem handler. The security management applies encryption and decryption with authentication mechanisms at specific fields in the packet header Routing management The routing management consists of three sub-functional processes; forwarding metrics calculation, forwarding mechanism, and routing problem handler. Specifically, the chosen optimal nodes rely on the LQ of the hop, the delay per hop, and the remaining battery level of the forwarding nodes. Since forwarding nodes with the best LQ are chosen, the network improves the data throughput in terms of packet delivery ratio. By choosing the forwarding nodes with the minimum delay limit, the network ensures real-time packet transfer in the WSN. Additionally, choosing nodes with the highest remaining power level ensures sporadic selection of forwarding neighbor nodes. The continuous selection of such nodes spread out the traffic load to neighbors in the direction of the sink, hence, prolonging the WSN lifetime. The routing problem handler is used to solve the routing hole problem due to hidden sensor nodes in WSN. Unicast and geodirectional-cast are the mechanisms used to select the way to forward data. + λ 3 (V/V m )) where λ 1 + λ 2 + λ 3 = 1 (1) V mbatt is the maximum battery voltage for sensor nodes and is equal to 3.6 V [20]. V m is the maximum velocity of the RF signal that is equal to the speed of light. The determination of packet reception rate (PRR), V batt, and V is elaborated in the following section. The values of λ 1, λ 2, and λ 3 are estimated by exhaustive search using Network Simulator-2 (NS-2) simulation such that λ 1 + λ 2 + λ 3 = 1 as illustrated in Ref. [21]. In Ref. [21], the number of possible values for each λ is 11 (from 0.0 to 1.0) and the number of tails for event λ 1 + λ 2 + λ 3 = 1 is 66. The optimal trial from the 66 trials has been determined using NS-2 simulation with four types of grid network topology which are low density, medium density, high density with one source, and high density with several sources. In each type of topology, three types of traffic load are examined. The finding in Ref. [25] shows that the trial with 0.6, 0.2, and 0.2 for λ 1, λ 2, and λ 3 experiences high performance in terms of delivery ratio and power consumption. Therefore, Equation (1) can be written as follows: OF = max(0.6 PRR (V batt /V mbatt ) (V/V m )) (2) The average delay to one-hop neighbor (N) from the source (S) can be calculated as: Avg delay(s, N) = T c + T t + T p + T q + T b + T s Round trip time = (3) 2 where T c is the time it takes for S to obtain the wireless channel with carrier sense delay and backoff delay. T t is the time to transmit the packet that is determined by channel bandwidth, packet length, and the adopted coding scheme. T p is the propagation delay that can be determined by the signal propagation speed and the distance between S and N. In sensor networks, the distances between sensor nodes are normally very small, and the propagation delay can normally be ignored. T q is the processing delay which depends on network data processing algorithms to process the packet before forwarding it to the next hop. T b is the queuing delay, which depends on the traffic load. In a heavy traffic case, queuing delay becomes a dominant factor. T s is sleep delay which is caused by nodes periodic sleeping. When S 842 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

5 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol gets a packet to transmit, it must wait until N wakes up. Equation (3) shows that the delay between two pairs of nodes varies since the T c and T b delays differ for all nodes. It is interesting to note that the routing management is independent of synchronization timing. The non-synchronization is solved by inserting the transmission time in the header of request to route (RTR) packet. When receiving node N replies to sensor node S, it inserts the RTR transmission time in its reply. Once S receives the reply, it subtracts the transmission time from the arrival time to calculate the round trip time. The packet velocity (V) between a pair of nodes is calculated as: V = d(s, N) Avg delay(s, N) (4) where d(s,n) is the one-hop distance between source node S and destination node N. In this study, this distance is assumed to be fixed. However, if the sensor node is mobile, the distances can be calculated from the signal strength as shown in Refs. [26,27]. If the velocity is high, the packet has a high probability to arrive before deadline and thus ensure real-time communication. In designing SRTLD routing protocol, the LQ is considered in order to improve the delivery ratio and energy efficiency [13]. It should be noted that the LQ is measured based on PRR to reflect the diverse link qualities within the transmission range. PRR is approximated as the probability of successfully receiving a packet between two neighbor nodes [13,28]. If PRR is high that means the LQ is high and vice versa. The PRR uses the link layer model derived in Refs. [13,29] as: [ PRR = 1 ( )( ) j=2 ( ) 16 ( 1) j j ( ( )) ] exp 20γ(d) j 1 where γ(d) is SNR and it can be calculated as: (5) SNR = γ(d) = P t PL(d) S r (6) where P t is the transmitted power in dbm (maximum is 0 dbm for MICAz), S r is the receiver s sensitivity in dbm ( 95 dbm in MICAz) [30]. PL(d)is the path loss model which can be calculated as: ( ) d PL(d) = PL(d 0 ) + 10 β log + X σ (7) where d is the transmitter--receiver distance, d 0 is the reference distance, β is the path loss exponent (rate at which signal decays) which depends on the specific propagation environment. For example, β equals to 2 in free space and will have larger value in the presence of obstructions. This work estimates the value of to be in β between d 0 Figure 3. PRR versus distance. 2.4 and 2.8 as calculated in Ref. [27]. X σ is a zero-mean Gaussian distributed random variable in (db) with standard deviation σ. The PRR for IEEE /Zigbee was simulated in NS-2 simulator and the results are shown in Figure 3. The figure shows the effect of PRR as the distance is increased. Each point in this figure is the average of 10 PRR values with the same distance. The PRR reaches to disconnected region when the distance is more than 21 m because the signal strength is very low. The OF choice is generally in the transitional region [28]. The main reason is the fact that geographic forwarding scheme attempts to minimize the number of hops by maximizing the geographic distance covered at each hop (as in greedy forwarding). This is likely to incur significant energy expenditure due to retransmission on the unreliable long weak links which wastes up to 80 per cent of communication energy [12]. On the other hand, if the forwarding mechanism attempts to maximize per-hop reliability by forwarding only to close neighbors with good links, it may cover only a small geographic distance at each hop. Also, this will result in greater energy expenditure due to the need for more transmission hops for each packet to reach the destination [12]. Therefore, the proposed forwarding mechanism allows the data packet to be forwarded to sensor nodes in the connected and transitional regions. In order to compute the remaining power in the battery of a sensor node, MICAz has an accurate internal voltage reference that can be used to measure battery voltage (V batt ). Since the eight-channel ADC on the microcontroller of MICAz (ATMega128L) uses the battery voltage as a fullscale reference, the ADC full-scale voltage value changes as the battery voltage changes. In order to track the battery voltage, the precision voltage reference (band gap reference) is monitored to determine the ADC full-scale (ADC FS) voltage span which corresponds to V batt [30]. The battery voltage is computed as follows: V batt = V ref ADC FS ADC Count (8) Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 843

6 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal ADC FS equals 1024 while V ref equals V and ADC Count is the ADC measurement data at internal voltage reference Forwarding mechanisms. The routing management proposes two different types of forwarding in SRTLD: unicast forwarding and geodirectional-cast forwarding toward the destination based on quadrant. In unicast forwarding, the source node checks the forward flag of each neighbor in the neighbor table. The forwarding flag is used to check the direction of neighbor node. If the forward flag is 1, the neighbor node is in the direction to destination. In case of forwarding flag is 1 for any node in neighbor table, the source node will check the OF metrics and compute forwarding progress as in Equation (2). This procedure continues until the OF choice is obtained. If there are no nodes in the direction to the destination, the source node will invoke the neighbor discovery. Once the OF choice is obtained, the data packet will be unicast to the selected node. This procedure continues until the destination is one of the selected node s neighbors. Directional forwarding is defined as forwarding to the next nodes that have the best progress toward the destination. In geodirectional-cast forwarding, if a node wants to forward a data packet to a specific destination in a specific geographical location, it will broadcast the packet in the first hop to all neighbors. Then the selected neighboring node will use unicast forwarding to forward the packet toward the destination. Therefore, if the neighboring nodes are in the same quadrant as the destination and if the distance to the destination is less than the distance from source to destination, nodes will forward the packet using unicast forwarding. Otherwise, the packet will be ignored. Since nodes have information of its neighbors, it will not only forward but also select a neighbor that has the OF progress toward the destination. If the destination receives multiple copies of the same packet, it will accept the first packet delivered and ignore the others. The geodirection-cast mechanism is a modification of our previous work done on Q-DIR [27]. In Q-DIR, all forwarding nodes broadcast the packet without knowing the distance. However, in the proposed mechanism, source node only broadcasts the packet to one-hop neighbor. This modification of Q-DIR will save power usage, reduce packet flooding, and minimize collision. Figure 4 shows an example of geodirectional-cast forwarding of 12 nodes in a global coordinate system based on quadrant system. In this figure, S broadcasts the data packet to its neighbors. S considers D to be in the first quadrant. Nodes B, C, F, and N ignore the forwarding request because they are not in the same quadrant as D. Node L also ignores the forwarding request because its distance to D is greater than the distance between S and D. On the other hand, nodes A and G are in the first quadrant as D and the distance between them and D is less than the distance between S and D. Hence A and G will participate and forward the data packet to E and M, respectively. It is interesting to note that Figure 4. Geodirectional-cast forwarding based on quadrant. nodes A and G will use unicast forwarding to forward the data packet to E and M rather than broadcast. The forwarding policy may fail to find a forwarding node when there is no neighbor node currently in the direction of destination. The routing management recovers from these failures by using routing problem handler as described in the following section Routing problem handler. A known problem with geographic forwarding is the fact that it may fail to find a route in the presence of network holes even with neighbor discovery. Such holes may appear due to voids in node deployment or subsequent node failures over the lifetime of the network. Routing management in SRTLD solves this problem by introducing routing problem handler which has two recovery methods; fast recovery using power adaptation and slow recovery using feedback control packet. The fast recovery is applied when the diameter of the hole is smaller than the transmission range at the maximum power. The routing problem handler will inform neighbor discovery to identify a maximum transmission power required to efficiently transmit the packet across the hole as shown in Figure 5. In this figure, if nodes A and G are failures due to some problems such as diminishing energy of sensor node or due to unreliable connection, S will use maximum transmission power (0 dbm in IEEE ) to send RTR. Therefore, node E will receive RTR from S and will reply using maximum transmission power. Hence, Figure 5. Fast recovery of routing hole problem. 844 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

7 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol that are most useful in meeting the one-hop end-to-end delay with the optimal PRR and remaining power. The neighbor table format contains node ID, remaining power, one-hop end-to-end delay, PRR, forward flag, location information, and expiry time. The proposed system manages up to a maximum store of 16 sensor nodes information in the neighbor table. Figure 6. Feedback mechanism in routing problem handler. node E will be used as OF node. If the fast recovery cannot avoid routing hole problem, the slow recovery is applied. In the slow recovery, candidate OF node will send feedback packet to its parent. The feedback packet will inform the sensor node parent to stop sending data packet toward OF sensor node. When the parent received feedback control packet, it will calculate OF again for all candidates as depicted in Figure 6. In this case, node G has a hole routing problem. Therefore, node G sends feedback to node S that will select node A as OF Neighbor discovery. The neighbor discovery procedure is executed in the initialization stage to identify a node that satisfies the forwarding condition. The neighbor discovery mechanism introduces small communication overhead. This is necessary to minimize the time it takes to discover a satisfactory neighbor. The source node invokes the neighbor discovery by broadcasting RTR packet. Some neighboring nodes will receive the RTR and send a reply. Upon receiving the replies, the neighborhood management records the new neighbor in its neighbor table. Initially, the neighbor discovery will broadcast the RTR at the default power level. However, if the source node does not receive a reply from any node, the routing problem handler will be invoked Location management The proposed location management determines localized information of sensor nodes. It assumes that all sensor nodes are in a fixed position. It also assumes that the sink node is at the origin (0,0) and at least two of its neighbors are location aware. The location management is used to determine the sensor node location in a grid of WSNs. It assumed that each node has a location aware mechanism such as in Refs. [26,27] to obtain its location in the WSNs area. The location mechanism uses at least three signal strength measurements extracted from RTR packets broadcasted by pre-determined nodes at various intervals. Each pre-determined node broadcasts RTR packet and inserts its location in the packet header. The distance of the unknown node from the pre-determined nodes is determined from the signal strength received based on a propagation path loss model of the environment. If the distance and location of these pre-determined nodes are known, unknown nodes can triangulate their coordinates as explained in Refs. [26,27]. The developed location management does not require additional hardware such as GPS since it uses the existing wireless communication hardware Neighborhood management The design goal of the neighborhood manager is to discover a subset of forwarding candidate nodes and to maintain neighbor table of the forwarding candidate nodes. Due to limited memory and large number of neighbors, the neighbor table is limited to a small set of forwarding candidates 4.4. Power management The main function of power management is to adjust the power of the transceiver and select the level of transmission power of the sensor node. It significantly reduces the energy consumed in each sensor node between the source and the destination in order to increase node lifetime span. To minimize the energy consumed, power management minimizes the energy wasted by idle listening and control packet overhead. The transceiver component in MICAz consumes the most energy compared to other relevant components of the MICAz. The radio has four different states: down or sleep state (1 µa) with voltage regulator off, idle state (20 µa) with voltage regulator on, send state (17 ma) at 1 mw power transmission, and receive state (19.7 ma) [31]. According to the data sheet values, the receive mode has a higher power consumption than the all other states. In SRTLD, the sensor node sleeps most of the time and it changes its state to idle if it has neighbor in the direction of destination (forwarding flag is 1). In addition, if the sensor node wants to broadcast RTR, it changes its state to transmit mode. After that, it changes to receive mode if it waits replies or data packet from its neighbor. Since the time taken to switch from sleep state to idle state takes close to 1 ms [37], it is recommended that a sensor node should stay in the idle state if it has neighbors with forward flags equal to 1. Thus, the total delay from the source to the destination will be decreased. The power management also proposes that a sensor node should change its state from idle to sleep if it does not have at least one neighbor in the neighbor table that can forward data packet toward the destination. Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 845

8 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal 4.5. Security in SRTLD The proposed SRTLD routing scheme provides two types of security built-in security and security enhancement Built-in security in SRTLD. SRTLD is a routing protocol that takes advantage of location-based routing, multi-path forwarding, and random selection of next hop. The random selection of next hop in SRTLD provides some measure of security in WSN. Since the random selection of next hop depends on PRR, packet velocity, and remaining power, which are totally dependent on the physical parameters. These parameters cannot be changed by other sensor node and thus ensures probabilistic selection chance of next hop node. SRTLD constructs the routing topology on demand using only localized interactions and information. Because traffic is naturally routed toward the physical location of a sink, it is difficult to attract it elsewhere to create a sinkhole attack. A wormhole is most effective when used to create sinkholes or artificial links that attract traffic. Artificial links are easily detected in location-based routing protocols because the neighboring nodes will notice the distance between them is well beyond normal radio range [5,32]. Probabilistic selection in SRTLD of a next hop from several acceptable neighbors can assist to overcome the problem of wormhole, sinkhole, and Sybil attacks. Hence, SRTLD can be relatively secure against wormhole, sinkhole, and Sybil attacks. However, the main remaining problem is that location information advertised from neighboring nodes must be trusted. A compromised node advertising its location on a line between the targeted node and a sink will guarantee it is the destination for all forwarded packets from that node. Even though SRTLD is resistant to sinkholes, wormholes, and the Sybil attack, a compromised node has a significant probability of including itself on a data flow to launch a selective forwarding attack if it is strategically located near the source or a sink. A compromised node can also include itself on a data flow by appearing to be the only reasonable node to forward packets to the destination in the presence of routing hole problem. Multi-path forwarding in SRTLD can be used to counter these types of selective forwarding attacks. Messages routed over n paths whose nodes are completely disjoint are completely protected against selective forwarding attacks involving at most n compromised nodes and still offer some probabilistic protection whenever n nodes are compromised. In addition, SRTLD allows nodes to dynamically choose a packet s next hop probabilistically from a set of possible candidates which can further reduce the chances of an adversary gaining complete control of a data flow. Major classes of attacks that are not countered by SRTLD are selective forwarding and HELLO flood attacks. Defense mechanisms that are more sophisticated are needed to provide reasonable protection against selective forwarding and HELLO flood attacks. We focus on countermeasures against these attacks by enhancing security measure in SRTLD as explained in the following section Security management. Real-time routing protocols are limited to time constrain which is an important parameter to consider when designing security in SRTLD routing protocol. Since sensor nodes function as routers, the encryption and decryption with authentication process should be made at every hop for every forwarding packet in WSN. Thus, the security enhancement in SRTLD must ensure real-time routing between the source and the destination. In addition, SRTLD solves the problem of producing real random number using random generator function encrypted with mathematical function. The output of random function is used to encrypt specific header fields in the packet such as source, destination addresses, and packet ID. Moreover, the data authenticity is solved in SRTLD using authentication procedure applied after decryption. The output packet of the security system (secure packet) is a packet with incorrect header fields. If an adversary node eavesdrops the secure packet, it does not know the source, the destination, and the packet ID of the secure packet. Since the secure packet is only valid for a short time, the dynamic mathematical calculation for decryption is designed to prevent an adversary to understand the secure packet as explained in the next section. The proposed security mechanism is designed based on the following assumptions: 1. Each sensor node is static and aware of its location. 2. Sink is a trusted computing base. 3. Pseudo-random function as a function of master key and packet ID (Pkt ID) is stored during program uploading into sensor nodes. 4. Hard mathematical function with its reverse calculation is stored in each sensor node before sensor deployment. 5. Two master keys (k, k1) are stored during program uploading into sensor nodes. Where k is used as a master key in all nodes for encryption and decryption purpose and k1 is used as a master key for a new node after WSN is already started. In order to satisfy the producing real random number requirement, the security management uses the random generator function F k (Pkt ID) recommended by Ref. [33] as: F k (Pkt ID + 1) = A F k (Pkt ID)modP (9) where P is a prime and equal (2 31 1) for a 32-bit (31 bit + 1 sign bit), A is a positive primitive root of P. Any power (modulo P) of 7, say 7 k where k is not a factor of P 1, is also a positive primitive root of P. In this way, many As could be generated, and it was confirmed empirically that an A approximately equal to (P) 1/2 is required to even begin to give good test results. Hence, k is 5 and A is set to 7 5 for 846 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

9 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol Figure 7. State machine diagram of security management. (2 31 1). The randomness of Equation (9) has been tested and analyzed in Ref. [33]. Figure 7 shows the state machine diagram of security management in SRTLD. In this figure, routing management will send security instruction to security management. Next, the security management will invoke packet header. Then, the Source ID (S ID) and/or the destination ID (D ID) are extracted from the header of data packet or control packet. Then, random function F k (Pkt ID) will create random number based on the k and the Pkt ID. Then, the mathematical function f(x) is applied as: f (x) = ((x + F k (Pkt ID)) 3 + R) mod(2 31 1) (10) where R is the number of sensor devices in the same group of WSN and x is S ID or D ID. Finally, the encrypted packet (ciphertext) will be sent. Figure 7 also shows the decryption procedure of security management. When routing management receives the ciphertext packet, first it will send decryption instruction to security management. Next, the decryption procedure will implement the decryption algorithm for S ID and/or D ID. Since the legal received node has same random generator, it can create the same random number to decrypt the original packet based on k and Pkt ID. Therefore, the reverse function of the security management in the previous example can be computed as follows: x = (f (x) R) 1/3 F k (Pkt ID) (11) The decryption function will send authenticity request to the authentication procedure. Then, the authentication procedure will check the output of decryption procedure. If the output of decryption procedure is between 0 and R, the authenticity status is ok. Otherwise, the authenticity status is in error. Finally, the security status of the message will send to routing management in order to process the received packet. It is interesting to note that the encryption mathematical function in this proposal is an example, however, in reality; Figure 8. Trend of encryption function at source node 90. the encryption mathematical function is selected based on harder reversing mathematical function. It is also important to note that new sensor device can be added to the WSN using a control packet. In this control packet, the new R is encrypted by the same encryption mechanism with k1 as a master key in random function. Figure 8 shows the example of encryption mathematical function based on the proposed function. The figure shows that the trend of encryption function is irregular and difficult to predict. This ensures that the proposed security feature produces real random number. 5. SIMULATION IMPLEMENTATION OF SRTLD NS-2 simulator has been used to simulate SRTLD routing protocol. IEEE MAC and physical layers are used to reflect real access mechanism in WSN. To create a realistic simulation environment, the SRTLD has been simulated based on the characteristics of the MICAz mote from Crossbow Technology [30]. Table I shows the simulation parameters used to simulate SRTLD in NS-2. Many-to-one traffic pattern is used which is common in WSN applications. This traffic is typical between multiple source nodes and a base station. In this work, 121 nodes are distributed in a 100 m 100 m region as shown in Figure 9. Nodes num- Table I. Simulation parameters. Parameter IEEE Propagation Model Shadowing Path loss exponent 2.5 Shadowing deviation (db) 4.0 Reference distance (m) 1.0 Packet size 70 bytes phytype Phy/WirelessPhy/ mactype Mac/ freq 2.4E+9 Initial energy 3.3 J Power transmission 1 mw Traffic CBR Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 847

10 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Figure 9. Network simulation model. RTLD is compared with three other baseline protocols that consider multiple packet speeds (MM-SPEED), velocity with energy efficiency (RTPC), and LQ in routing decisions. The LQ forwarding policy selects next hop based on the highest PRR in the neighbor table. MM- SPEED selects the next hop based on the proper packet speed options that meets the end-to-end deadline. The feedback control and differentiated reliability in MM-SPEED routing protocol have not been taken into account in this work because they require modification on the MAC layer protocol. RTPC protocol forward the packets to the most energy efficient forwarding choice that meets the packet s velocity. The simulation evaluates the performance of all the forwarding policies in a situation where by the neighbor table of each node does not have forwarding choices. The routing protocols simulated in this work are locationbased routing protocols. In all the simulations, each node updates its neighbor table every 180 s. SRTLD has been simulated with two different types of forwarding methods: SRTLD with geodirectional-cast forwarding (SRTLD G ) and SRTLD with unicast forwarding (SRTLD U ). bered as 120, 110, 100, and 90 are the source nodes and node 0 is the base station node (sink). To increase the hop count between sources and the sink, the source nodes from the leftmost grid of the topology and the sink in the middle of the grid were selected. Also, the traffic has been assumed to be constant bit rate (CBR). End-to-end packet delay, packet delivery ratio, normalized control packet overhead, and energy consumption are the metrics used to analyze the performance of SRTLD. All metrics are defined with respect to the network layer. Packet delivery ratio is the ratio of packets received at the destination to the total number of packets sent from the source in a network layer. Normalized control packet overhead counts the number of control packets sent in the network for each data packet delivered while energy consumption is the total energy consumed in each sensor node during the simulation task Effect of end-to-end packet deadline The real-time transfer requires that each packet reaches its destination within the deadline period. The deadline delimits the lifetime of a packet traversing the WSN. In this simulation, Figure 10(a) shows the average end-to-end delay comparison between SRTLD and baseline routing protocols for different packet rates. SRTLD possesses short average delay compared to baseline routing protocols. This is primarily due to its forwarding strategy which considers LQ and packet velocity that minimize the average delay. In the simulation, the end-to-end packet deadline was varied while the simulation time and traffic load were fixed at 100 s and 10 packet/s, respectively. The simulation results in Figure 10(b) show that SRTLD experiences higher delivery ratio by 4--7 per cent than the baseline routing protocols. The finding also shows that SRTLD provides the highest delivery ratio for all packet deadlines. This is primarily due to Figure 10. Comparison between SRTLD U and baseline routing protocols at (a) different packet rates and (b) different packet deadlines. 848 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

11 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol Figure 11. Comparison between SRTLD and baseline routing protocols at different packet rates: (a) delivery ratio, (b) normalized packet overhead, and (c) normalized energy consumption. its forwarding strategy which chooses the next hop that has the optimal combination of the best LQ, remaining power, and packet velocity. Besides that, Figure 10(b) shows the minimum packet deadline is around 150 ms. Beyond this, the packet delivery ratio remains unchanged at its maximum throughput. The results in Figure 10(a) and (b) justify that the endto-end delay experience does not exceed the set limit 250 ms that also defined in Refs. [2,11]. It is important to note that the data packet travels between 5 and 10 hops to reach the sink in this simulation. However, the proposed system recommends more than 250 ms if the distance between the source and the sink is far away (more than 17 hops) Impact of varying network load In this simulation, the packet rates were varied while the end-to-end deadline and simulation time were fixed at 250 ms and 100 s, respectively. The traffic load is varied from 1 to 10 packet/s to emulate low data rate in IEEE The simulation results in Figure 11(a) show that SRTLD U experiences higher delivery ratio than the baseline protocols by 4--7 per cent as observed in previous section. This is because SRTLD U takes into consideration LQ, packet velocity, and remaining power that guarantee high delivery ratio and energy efficient. This is primarily due to LQ with packet velocity are considered in SRTLD U. The LQ consideration usually experiences high delivery ratio and energy efficient [12,13]. In addition, Figure 11(a) shows the delivery ratio decreases as the load in the network increases. This is mainly due to packet loss because of network congestion and packet collision. Figure 11(b) shows that SRTLD U spends less number of packets overhead compared to baseline routing protocols. This is largely due to its neighbor discovery which does not allow the one-hop neighbor to reply if it is not in the direction to the destination. Hence, the probability of collision is reduced and packet overhead is minimized. On the other hand, the baseline forwarding strategy does not consider probability of collision due to neighbor discovery which degrades the delivery ratio and energy efficiency. Figure 11(c) demonstrates that SRTLD U consumes less power compared to baseline routing protocols because the packet overhead in SRTLD U is less than the baseline routing protocols Prolonging WSN lifetime Network lifetime measures the amount of time before the first node runs out of battery power [34]. Based on this definition of WSN lifetime, this section will analyze the influence of the remaining power on the performance of WSN. End-to-end deadline, packet rate, and simulation time are fixed at 250 ms, 10 packet/s, and 300 s, respectively. The simulation results in Figure 12(a) show that the delivery Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 849

12 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Figure 12. Comparison prolonging lifetime between SRTLD U and baseline routing at fixed packet rate: (a) delivery ratio, (b) normalized packet overhead, and (c) normalized energy consumption. Table II. Comparison WSN lifetime between SRTLD U and baseline routing protocols. Comparison RTLD RTPC MM-SPEED LQ Lifetime Normalized lifetime 96% 80% 77% 68% ratio of SRTLD U is higher by per cent compared to the baseline routing protocols. Table II shows WSN lifetime is prolonged by 16 per cent using SRTLD U compared to the baseline routing protocol. The baseline routing protocols suffer decreasing packet delivery ratio due to packet dropping over a long period of time. One major reason is the baseline routing ignores spreading of the traffic load among neighboring nodes, hence creating routing holes problem. The routing holes problem may also appear due to power termination in the forwarding candidate node. In contrast, SRTLD U distributes the load to forwarding candidates to overcome routing holes problem and hence, balancing the load among the neighboring nodes and maintains the delivery ratio to a comparable level. Figure 12(b) shows that SRTLD U experiences the least packet overhead. Since baseline routing protocols are not capable of countering the routing hole problem, the nodes around the hole are required to send more packet overhead. SRTLD U consumes up to 5 per cent less power compared to baseline protocols as shown in Figure 12(c). The reduced power consumption is as a result of sending and distributing the load throughout the neighboring nodes Enhancement of SRTLD RTLD G routing uses geodirectional-cast forwarding mechanism. Simulation study on the influence of the forwarding mechanism is carried out using parameters configured in Table I. The packet rates were varied while the packet lifetime and simulation time were fixed at 250 ms and 100 s, respectively. The traffic load is varied from 1 to 10 packet/s. The simulation results in Figure 13(a) show that the SRTLD G increases delivery ratio by 20 per cent compared to SRTLD U. This is due to feasible multiple paths forwarding in SRTLD G. However, SRTLD G drops sharply when the traffic load is high mainly due to congestion in the network. Moreover, the IEEE MAC is designed for low traffic rate and does not work well with high traffic load [35]. The flooding in the direction to the destination causes congestion near the source of the data packet, channel contention, and interference. Figure 13(b) shows SRTLD G spends 4 per cent higher packet overhead compared to SRTLD U. Generally, this is due to data packet broadcast in the first one-hop when the packet travels from the source to the destination. Figure 13(c) shows SRTLD G consumes 9 per cent more power compared to SRTLD U to achieve high delivery ratio. This is 850 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

13 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol Figure 13. Performance of SRTLD G and SRTLD U at different packet rates: (a) delivery ratio, (b) normalized packet overhead, and (c) energy consumption. largely due to its forwarding strategy spending more packets overhead for the initial broadcasting of packets Effect of routing problem handler In order to show the effect of routing holes problem, the WSN model has been simulated using random distribution topology in NS-2. In this scenario, 50 nodes are distributed in random topology as shown in Figure 14. Node 10 is the source node and node 44 is the sink. In this case, nodes 20 and 26 have low battery power (0.9 J) and their energy diminishes shortly after packet forwarding. It is interesting to know that in NS-2, the sensor node will stop receiving and transmitting when the energy reaches zero. However, the MICAz sensor node stops receiving and transmitting once the remaining energy reaches 2.4 V. In Figure 14, the data packet can flow through two paths according to the chosen OF strategy; the first path is from the source 10 to nodes 8, 2, 5, 0, 29, 45, 20, 47, and 44; and the second path is from the source 10 to nodes 8, 2, 5, 0, 29, 36, 26, 14, and 44. If the first path experiences routing hole problem along the path, feedback packet is sent to the sender of the data packet to stop data forwarding. According to the feedback mechanism, node 45 will discover from its neighbor table that node 20 anticipates energy problem. In this case, node 45 sends feedback packet to the previous hop, which is node 29 since it does not have other neighbor to forward the packet. Once node 29 receives the feedback packet, it will decrease the forwarding flag by 20 per cent. This means after five feedback packets are received at node 29 from node 45, node 29 will stop sending data packet to node 45. The feedback mechanism allows the node five chances to identify its case whether it has problem or not. After that, node 29 will search in its neighbor table for another neighbor that has active forwarding flag (1). As in Figure 14, node 29 selects node 36 as an OF node. In the simulation, the traffic load is varied from 1 to 10 packet/s while the end-to-end deadline and simulation time were fixed at 250 ms and 300 s, respectively. The result in Figure 15(a) shows that routing with feedback increases the delivery ratio by 15 per cent as the packet rate varies. This is mainly due to the routing management is having heavy flexibility to deal with the routing problem. Besides, the feedback allows route recovery hence achieving higher throughput. The throughput without feedback becomes worst as the traffic load increases. This is due to the fact that the source node does not know the path status after its one-hop neighbor. Thus, more packets are lost as more traffic is generated. Figure 15(b) shows that rout- Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 851

14 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Figure 14. Random distribution topology. Figure 15. Performance of SRTLD using feedback packet at different traffic load: (a) delivery ratio, (b) normalized packet overhead, and (c) energy consumption. ing with feedback packet spends less number of packets overhead compared to routing without feedback. This is primarily due to the previous hop node in the routing without feedback is sending more packets overhead to recover the bad forwarding path even if there is no neighbor reply. Routing with feedback permits the previous hop node to send packets overhead only for a short time to confirm that the forwarding path is unstable. If the forwarding path is 852 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

15 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol Figure 16. Network simulation grid with attackers. not recovered, the sensor node will launch feedback packet to its previous hop node. Otherwise, the previous hop node refrains from sending packet to sensor node. Figure 15(c) shows routing with feedback consumes less power compared to routing without feedback. This is mainly due to higher packet overhead in the routing without feedback Simulation of security management The built-in security due to location-based routing, multipath forwarding, and random selection of next hop relatively defend against wormhole, sinkhole, and Sybil attacks. However, it cannot defend against selective forwarding and HELLO flood attacks. Therefore, the security enhancement is developed to defend against selective forwarding and HELLO flood attacks. The simulation evaluates the capability of SRTLD to overcome the HELLO flood attack and selective forwarding attack. In this work, 121 nodes are distributed in a 100 m 100 m region as shown in Figure 16. Nodes numbered as 120, 110, 100, and 90 are the source nodes, node 0 is the sink, and nodes numbered as 24, 25, 31, and 36 are adversary nodes. In this simulations study, the packet rates were varied while the end-to-end deadline and simulation time were fixed at 250 ms and 100 s, respectively. We assume that CBR traffic is assumed in this simulation Influence of HELLO flood and selective forwarding attacks. In order to analyze the security performance in SRTLD, delivery ratio, packet overhead, and power consumption are studied in the presence of HELLO flood and selective forwarding attacks. SRTLD routing that uses security enhancement is defined as (SRTLD E ). Figure 17(a) shows that SRTLD experiences higher delivery ratio by 6.83 per cent than SRTLD E when there are no attacks. This is because SRTLD E requires additional processing delay to implement the security mechanism for one-hop as illustrated in Figure 17(b). The total processing delay due to security mechanism affects the packet deadline, which results in some data packets missing the end-to-end deadline. However, the delivery ratio of SRTLD is reduced by 50 per cent when the adversary node injects HELLO flood attack and selective forward attack as shown in Figure 17(c). This is primarily because SRTLD cannot defend against the HELLO flood and selective forwarding attacks. The simulation results in Figure 18(a) show that the packet overhead in SRTLD without attack is less than the packet overhead in SRTLD E. SRTLD E processes the legal packet and drops ambiguous packet which results in a slightly more packet overhead to confirm the authenticity of the received packet. However, Figure 18(b) shows that SRTLD in an attack requires more packet overhead than SRTLD E. This is because the source node trusts the packet that come from an adversary node. An adversary node claims that it has the optimal path to the sink with high remaining power. The source node allows an adversary node to become its OF. An adversary node drops the received packet from the source node. This means that the probability of received packet decreases and the normalized packet overhead will be decreasing. The simulation results in Figure 19(a) show that SRTLD without attack consumes less power than SRTLD E because it spends less packet overhead. However, Figure 19(b) shows that the normalized power consumption in SRTLD under attack is higher than normalized power consumption in SRTLD E. The reason is due to the packet dropping caused by selective forwarding attack in SRTLD Influence of increasing compromised nodes An adversary node can become an inside attacker to allow malicious code running inside the compromised node in WSN. The compromised node may use all network layer attacks that will ultimately affect the performance of the routing protocol. This section studies the effect of increasing number of compromised sensor nodes in WSN. In this simulations study, the packet rate is fixed at 10 packets/s while the number of compromised nodes is increased gradually from 4 to 24 nodes. Figure 20 shows the network grid with a maximum of 24 compromised nodes that amount to 20 per cent of the nodes in the grid. As can be seen in Figure 20, the compromised nodes surround the sink to emulate the worst case scenario. Figure 21 shows the performance of SRTLD E as the number of compromised node increases from 4 to 24. In Figure 21(a), the delivery ratio is reasonable constant as the number of compromised nodes increases from 4 to 20. This is because that SRTLD E deals with the compromised nodes as Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 853

16 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal Figure 17. Comparison between SRTLD E and SRTLD at different packet rates: (a) delivery ratio without attack, (b) average ETE delay, and (c) delivery ratio with attack. Figure 18. Comparison between SRTLD and SRTLD E at different packet rates: (a) normalized packet overhead without attack and (b) normalized packet overhead with attack. a routing hole problem and overcomes this problem using routing problem handler mechanism. However, as the number of compromised nodes increases beyond 20, the delivery ratio starts decreasing. This is primarily due to the routing hole between the sink and source nodes 120 and 110 becoming bigger. In Figure 21(b), the power consumption increases as the number of compromised nodes increases in order to overcome the routing hole problem. This is because the routing path becomes longer and transmission power becomes higher in the presence of compromised nodes. 6. EXPERIMENTAL RESULTS OF SRTLD ROUTING The SRTLD routing protocol has been realized in real test bed using 25 sensor nodes (10 TELOSB and 15 MICAZ). Figure 22 shows the picture of sensor nodes configuration and code uploading into the sensor through serial programming board for MICAZ and USB port for TELOSB. The security encryption, decryption with authentication codes require 216 bytes in flash memory. Therefore, SRTLD and 854 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.

17 A. A. Ahmed and N. F. Fisal Secure real-time routing protocol Figure 19. Comparison between SRTLD and SRTLD E at different packet rates: (a) normalized power consumption without attack and (b) normalized power consumption with attack. Figure 22. Programming sensor node Test bed network Figure 20. Increasing compromised nodes in network grid. SRTLD E are lightweight mechanisms, which can apply for different types of radio sensor board with different platforms. WSN test bed has been used to verify the SRTLD. The test bed performance in terms of packet delivery ratio and average packet delay from the source to the destination are analyzed. The results are compared with the simulation output. Many-to-one traffic pattern is used in SRTLD routing protocol in the case of unicast forwarding mechanism. One-to-many traffic pattern is used in the geodirection-cast forwarding mechanism. In this work, 25 nodes are distributed in a 40 m 40 m region as shown in Figures 23 and 24. Node numbered as 24 is the source node and node Figure 21. Influence of increasing compromised nodes in network performance: (a) delivery ratio and (b) normalized power consumption. Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd. 855

18 Secure real-time routing protocol A. A. Ahmed and N. F. Fisal delay is largely due to the processing delay caused by the slow microprocessor in MICAz and TelosB compared to personal computer processing in the simulation. The microprocessor in MICAz and TelosB runs at 8 MHz while the processor in simulation runs at 1700 MHz which is more than 200 times faster. In addition, the delay can be due to unreliable communication links in wireless networks. The link failures cause retransmissions of the packet at the MAC layer which increase the average delay. Nevertheless, the end-to-end delay in the test bed is below the end-to-end deadline limit which is 250 ms Enhanced security in SRTLD routing protocol test bed Figure 23. Network simulation grid. 0 is the sink. The traffic is CBR and locations of all nodes are known Results of SRTLD routing protocol in test bed The network in the test bed has been configured similar to the network in the simulation. In real test bed, end-to-end deadline and the experiment time were fixed at 250 ms and 100 s, respectively. The traffic load is varied from 0.2 to 2 packet/s. The results in Figure 25(a) show that SRTLD routing protocol in the simulation environment experiences slightly higher delivery ratio (about 5 per cent) compared to the real test bed implementation. This may be due to the propagation model in the simulation differs from the real test bed environment. In practice, many parameters in the propagation model affect the signal strength including fading, reflection, diffraction, and interference. In addition, it has been recommended by TinyOS that the maximum packet rate should be set to 0.5 packet/s for multi-hop communication because higher packet rates can lead to congestion and overflow of the communication queue [36]. Figure 25(b) shows that the end-to-end delay in the real test bed is higher compared to the simulation study. The In this part of comparison, the network configuration was set similar to the previous section. The results in Figure 26(a) show that enhanced SRTLD routing protocol in the simulation experiences 5.5 per cent higher delivery ratio compared to the real test bed as the packet rate is varied. This is primarily due to the encryption and decryption with authentication processes that consume higher delay, which cause dropping of some received data packet. The results in Figure 26(b) show that the processing delay of the encryption and decryption with authentication for the packet to travel three hops between the source node and the sink is around 30 ms in the test bed. However, the processing delay of the encryption and decryption with authentication in the simulation is around 12 ms. The most significant reason is the mathematical of the encryption and decryption with authentication processes in the PC is faster than MICAZ and TELOSB Geodirection-cast forwarding in test bed The results in Figure 27(a) show the geodirection-cast forwarding mechanism in both simulation and test bed enhance the throughput by 10 per cent higher than unicast forwarding mechanism due to the multi-path forwarding. This is extremely important in the real-time communication. However, this enhancement is achieved at expense of more power Figure 24. Network test bed field. 856 Security Comm. Networks 2011; 4: John Wiley & Sons, Ltd.