“© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including

reprinting/republishing this material for advertising or promotional purposes, creating

new collective works, for resale or redistribution to servers or lists, or reuse of any

copyrighted component of this work in other works.”

 

1

A Mobile Multimedia Data Collection Scheme forSecured Wireless Multimedia Sensor Networks

Muhammad Usman, Member, IEEE, Mian Ahmad Jan∗, Member, IEEE,Xiangjian He∗, Senior Member, IEEE and Jinjun Chen∗, Senior Member, IEEE

Abstract—Wireless Multimedia Sensor Networks (WMSNs) produce an enormous amount of big multimedia data. Due to large size,Multimedia Sensor Nodes (MSNs) cannot store the generated multimedia data for a long time. In this scenario, mobile sinks can beutilized for data collection. However, due to vulnerable nature of wireless networks, there is a need for an efficient security scheme toauthenticate both the MSNs and mobile sinks. In this paper, we propose a scheme to protect the underlying WMSN during mobilemultimedia data collection. The proposed scheme is a two-layer scheme. At the first layer, the MSNs are distributed into small clusters,where each cluster is represented by a single Cluster Head (CH). At the second layer, the CHs verify the identities of the mobile sinks,before forwarding the multimedia data. Authentication at both these layers ensures a secure data exchange. We evaluate theperformance of the proposed scheme through extensive simulation results. The simulation results prove that the proposed schemeperforms better as compared to existing state-of-the-art approaches in terms of resilience and handshake duration. The proposedscheme is also analyzed in terms of authentication rate, data freshness, and packet delivery ratio, and has shown a better performance.

Index Terms—WMSNs, multimedia, MSNs, security, clusters, authentication.

F

1 INTRODUCTION

T RADITIONAL concept of the Internet of Things (IoT) con-sists of small sensing devices that are battery-operated

and unable to perform long-range wireless communication[1]. The sensing devices usually form a small Wireless Sen-sor Network (WSN), and forward sensed data to a nearbyBase Station (BS). In these networks, computationally-complex tasks are always performed at the BS. In recentyears, evolutionary steps have been taken in the field ofWSNs where audio and visual sensors are integrated intosimple sensor nodes and have transformed them into Multi-media Sensor Nodes (MSNs). These nodes are able to store,correlate and fuse both multimedia and non-multimediadata [2]. The MSNs are gaining the attention of researchersacross the globe due to their wide range of applications indaily lives, such as e-health, transport management system,and security and surveillance. For example, in smart cities,smart sensing cameras installed at major junctions, roadsand highways can capture current scenarios of vehiculartraffic, and forward the captured multimedia data to eitherlocal or remote cloud servers for further processing andanalysis. Earlier generations of MSNs consist of a limitedbattery power and a low-power transceiver to transmit andreceive multimedia data. However, latest generations, suchas wireless and camera motes, have powerful hardware andare able to deal with high-resolution multimedia data. Acomparison between the earlier and latest generations ofMSNs was summarized in [3]. On a large scale, multiple

A * indicates the corresponding author.Muhammad Usman and Jinjun Chen are with the Department of ComputerScience and Software Engineering, Swinburne University of Technology,Australia. (E-mail: musman@swin.edu.au, jinjun.chen@gmail.com)Xiangjian He is with the Global Big Data Technologies Center (GBDTC),School of Electrical and Data Engineering, University of Technology Sydney,Australia. (E-mail: xiangjian.he@uts.edu.au)Mian Ahmad Jan is with the Department of Computer Science, Abdul WaliKhan University, Mardan, Pakistan (E-mail: mianjan@awkum.edu.pk)

smart sensing cameras operate simultaneously. As a result,huge volumes of multimedia data are generated, that needto be managed and processed efficiently in real-time.

Just like miniature sensors, the MSNs also build a net-work known as a Wireless Multimedia Sensor Network(WMSN). For an efficient data sharing and transmission,the WSNs/WMSNs are usually distributed into small clus-ters. Each cluster is represented by a nominated node,known as a Cluster Head (CH). The nominated CHs takeresponsibility for collecting the sensed/captured data fromthe member nodes and forwarding to the BS. Dependingupon the underlying application, the captured data maycontain sensitive information. Furthermore, there is usuallyno human intervention when the WMSNs are deployed inan open environment. Such deployments expose these net-works to various network vulnerabilities and threats, suchas node replication, Sybil attack, Denial-of-Service (DoS),and Distributed DoS (DDoS) attacks [4]. These attacks areusually launched by malicious nodes. Therefore, there isa need to protect these networks from vulnerabilities andthreats through robust and highly efficient node authentica-tion schemes.

For the MWSNs operating in open environments, a mo-bile sink can play an important role to collect and forwarddata to the local/cloud servers. The mobile sinks can bemobile sensors, smartphones or personal digital assistants,and are able to communicate with the nearby sensor nodes[5]. Therefore, the mobile sinks are an essential componentin large-scale WMSNs. Sometimes, it is possible that thelink between cloud/local servers and BS may be partiallyor completely damaged. As a result, the BS is able tocontrol the network but unable to upload the collected datato the servers. On the other hand, the CHs continuouslycollect and forward the multimedia data to the BS. Thisdata need to be offloaded by the BS due to the fact that

2

the BS might not have enough storage space to store theforwarded real-time multimedia data for a long time. Onesolution to this problem is the use of mobile sinks. In thiscase, the CHs will forward the collected data to the mobilesinks, instead of forwarding to the BS. After receiving thedata from CHs, the mobile sinks will forward the data tothe local/cloud servers, as soon as they get access to theInternet. However, the use of mobile sinks to collect the datafrom the WMSNs introduces a new security challenge in theform of network control and attack. Privileges assigned tothe mobile sinks can be compromised, and as a result, can bemisused. Without a proper authorization, the compromisedmobile sinks can control the entire network and may causeundesirable consequences. Therefore, there is a need for aproper security mechanism to authenticate the validity ofmobile sinks and detect any compromised mobile sinks.

In this paper, we propose a secure multimedia datacollection scheme through mobile sinks in the WMSNs. Tothe best of our knowledge, there is no existing solutionfor a secure mobile data collection in the WMSNs. Theproposed approach is based on a two-layer architecture.These two layers help in securely managing the capturedmultimedia data. At the first layer, the identities of theparticipating devices, i.e., the CHs and MSNs, are verifiedthrough a lightweight four-way handshaking mechanism.At the second layer, the CHs forward the received data tothe authorized mobile sinks. The major contributions are asfollows.

• A lightweight four-way handshaking mechanism isapplied to verify the identities of participating de-vices (i.e., the CHs and MSNs). It is a payload-based mutual authentication mechanism. During theauthentication process, the payload is always en-crypted, and the authentication mechanism incursminimal computational overhead.

• A lightweight authentication scheme is applied toverify the identities of mobile sinks. This schemeis similar to the four-way handshaking mechanism.However, due to the mobility of sinks, hashing func-tions along with random numbers have been utilizedto verify the identities of the mobile sinks. Thisauthentication is first performed between the mobilesinks and BS, and then between the mobile sinks andCHs.

• The performance of the proposed scheme is analyzedin terms of various performance metrics. The simu-lation results prove the efficiency of our proposedscheme as compared to other well-known state-of-the-art approaches.

The rest of this paper is structured as follows. A liter-ature review on the recent work is provided in Section II.The system model is described in Section III followed byan explanation of the proposed approach in Section IV. Theexperimental setup and simulation results are discussed inSection V. Finally, the paper is concluded in Section VI.

2 LITERATURE REVIEW

We distribute this section into two subsections. In thefirst subsection, we discuss various node authentication

schemes, proposed for the cluster-based WSNs/WMSNs. Inthe second subsections, we provide an overview of variousauthentication schemes for mobile sinks.

2.1 Node AuthenticationIn [6], various user authentication schemes designed forWSNs were reviewed. In this survey, the WSNs in unat-tended environments are targeted, and secure and depend-able user authentication mechanisms are analyzed for futureresearch proposals, challenges, and applications. In [7], astudy on an adaptive security design for malicious node de-tection in the cluster-based sensor networks was presented.In this study, the adaptive security modules are analyzedto improve the secure communication in the cluster-basedWSNs by protecting them from external malicious nodes,using the authentication schemes.

In [8], a cluster-based node authentication scheme wasproposed for the WMSNs. In this scheme, the clusters areformed through a lightweight mutual authentication mech-anism between the MSNs and CHs. In [9], a geographicsecured routing mechanism was used to authenticate nodesand messages in the WMSNs. In this mechanism, the SecureHash Algorithm v3 (SHA-3) is used to minimize computa-tional complexity for the authentication purposes. In [10],a user-friendly hybrid authentication scheme was proposedfor the WSNs. In this scheme, mutual authentication andkey agreement schemes are combined, using chaotic mapsto minimize the computational complexity and protect useranonymity and secret passwords. In [11], a compressivesensing based approach for a secure data collection in theWSNs was proposed. In this approach, asymmetric semi-homomorphic encryption is used to ensure the privacyduring the data collection, and sparse compressive matrixis used to reduce the computational costs.

2.2 Mobile Sink AuthenticationIn [12], an authentication scheme was proposed to detectthe mobile sink replication attacks in unattended sensornetworks. This scheme is based on a model where a mobilesink can collect data from a sensor node, only if it establishesa shared key with the sensor node, and passes throughauthentication of at least m neighbors to improve the un-derlying network’s resilience against the replication attacks.In [13], [14], a seamless key agreement framework wasproposed for the mobile sinks in an IoT-based cloud-centricsecured sensor network. In this framework, a seamless se-cured authentication and key agreement approach, using bi-linear pairing and elliptic-curve crypto-systems, is adoptedto prevent node-capture attacks and support data confiden-tiality, mutual authentication, session-key agreement, useranonymity, password guessing, and key impersonation. In[15], a comprehensive approach for data collection wasproposed for sensor-cloud systems. In this approach, thetrustworthiness of mobile sinks and sensor nodes are eval-uated against various type of trusts. In [16], pairing-free ID-based identification scheme was proposed to minimize com-putation and communication costs for registering mobilesinks in WSNs. In this scheme, the performance is evaluatedin terms of computation cost and energy consumption onwell-known WSN hardware platforms. In [17], distributed

3

and decentralized schemes were proposed to detect repli-cation attacks in mobile WSNs. In these schemes, maliciousnodes along with collaborating imposters are detected andquarantined through total number of false-positives. In [18],a lightweight algorithm was proposed to detect mobile Sybilnodes in the mobile WSNs. In this algorithm, WatchdogNodes first technique is used to label mobile nodes, basedon their movements. As a result, the Sybil nodes can bedetected with a high accuracy, according to their movementsand the assigned labels.

3 SYSTEM MODEL

The system model focuses on multimedia data collectionfrom the secured WMSNs. The MSNs capture/sense un-usual events, and store the captured/sensed in their buffers.Later, the captured/sensed data are forwarded to the electedCHs. These CHs are responsible for sharing the receiveddata with the nearby mobile sinks. The mobile sinks arethen responsible to upload the data to the cloud/localservers through the Internet. As the focus is on the securecollection of multimedia data, therefore, the computationaloverhead of securing the underlying network needs to bethe minimum.

3.1 Secure Cluster Formation ModelThe secure cluster formation model is based on our pre-vious work, published in [19], [20]. Notations used in ourproposed model are illustrated in Table 1. In this model,the MSNs are denoted by αs, the CHs are denoted byrs, and the BS is denoted by a γ. Identity verificationmessages are exchanged between αs and rs. The identityverification messages contain various challenges that needto be decrypted by communicating entities. In our proposedscheme, the authentication process consists of four phases,i.e., session initiation, CH challenge, MSN response andchallenge, and CH response. To encrypt the payload of theverification messages, Advanced Encryption Standard 128-bits (AES-128) is used. Each MSN possesses a pre-sharedsecret (i.e., λ) and a token (i.e., τ ). The secret is usedduring the authentication process, and the token is usedfor a secure exchange of nomination and acknowledgmentpackets between the CHs and BS.

Notation Descriptionα Mobile sensor node (MSN)r CH (CH)γ Base stationλ Secretτ Tokeni ID of mobile sensor nodej ID of CHη Pseudo-random nonceµ Session keyϑ Intermediate valueC Challenge

TABLE 1: Notations of cluster formation model

During the first phase, i.e., the session initiation, eachMSN creates a joining-request message and forwards it

to a targeted CH. The payload of each joining-requestmessage contains the ID of the MSN (i.e., αi), wherei ∈ {1, 2, 3, ..., I}, and the header contains the ID of thetargeted CH (i.e., rj), where j ∈ {1, 2, 3, ..., J}).

After the session initiation, next phase is the CH chal-lenge. In this phase, the rj searches for a matching λi for theαi, and replies back with a challenge. The challenge consistsof a pseudo-random nonce (i.e., ηr), and a session key (i.e.,µ) generated by an rj . The challenge is created using thefollowing equations.

ϑ = λi ⊕ µ, (1)

Cr = AES{λi, (ϑ | ηr)}, (2)

where ϑ is an intermediate value generated by an rj , andCr is the challenge created for an αi.

In the MSN response phase, the αi retrieves ηr and µfrom Cr, and creates a challenge of its own, for an rj , usingthe following equations.

ϑ = ηr ⊕ λi, (3)

Ci = AES{µ, (ϑ | ηi)}, (4)

where ηi is the pseudo-random nonce, ϑ is the intermediatevalue generated by an αi, and Ci is the challenge created foran rj .

Upon reception, the rj tries to retrieve ηr from αi’s chal-lenge. If present, the status of αi changes to Authenticated,and the rj replies back with a response to αi’s challengeto complete the authentication process using the followingequation.

Cr = AES{λi, (ηi | µ)}. (5)

Upon receiving the response computed by Eq. 5, the αitries to extract the ηi. If present, the status of rj changes toAuthenticated.

3.2 Mobile Sink Verification Model

The notations used in this model are illustrated in Table2. The mobile sinks (i.e., βs) communicate with CHs tocollect the captured data. However, each mobile sink firstneeds to register itself with the BS. Once registered, themobile sinks are able to communicate with the surroundingCHs. Before contacting the BS for registration, each mobilesink generates a session key (i.e., µk), where k is the ID ofthe requesting mobile sink, and k ∈ {1, 2, 3, ...,K}, and arandom integer x, where x ∈ Z . In this registration process,two hashing functions, i.e., H1 and H2, are utilized. Each βkgenerates a secure request message (i.e., Θk) for registrationusing H2, as illustrated by the following equation.

Θk = AES{k, (H2(x⊕ µk))}. (6)

The generated request is forwarded to the BS. Afterreceiving the request message, the BS generates an en-crypted challenge (i.e., Cγ) consisting of four values usingthe following equations and forwards it to the βk.

4

Notation Descriptionβ Mobile sinkk ID of mobile sink

w, x, y, z Random integersZ Set of integers

H1, H2 Hashing functionsΘ Secure request message∆ Registration certificateδ Time-stampΨ Authentication valueµ New session keyf Bilinear group mapping functionc Available capacity of mobile sinkt timed Communication range of mobile sinkv Moving speed of mobile sinks Service rate of mobile sink

TABLE 2: Notations of mobile sink verification model

∆k = w.H1(k || H2(x⊕ µk)), (7a)

δk = H2(H2(k || y)), (7b)

Ψk = H2(k || x || y), (7c)

Cγ = AES{∆k, δk,Ψk}, (7d)

where w ∈ Z , y ∈ Z , ∆k is a registration certificate, δk is atime-stamp, and Ψk is an authentication value for the βk.

Upon reception, each βk creates an encrypted response(i.e., Ck) using a random value z, where z ∈ Z , andreplies back to complete the registration process by usingthe following equations.

ak = H2(Ψk || H2(x⊕ µk) || z), (8a)

Ck = AES{ak, z}. (8b)

Upon receiving the response, the BS verifies identityof the βk using Eq. 8a. If the equation holds, then theβk is considered an authentic node. The βk generates anencrypted connection request (i.e., Ck) including a newsession key (i.e., µk) by using the following equations andforwards it to the authentic rj .

bk = f(∆k.H2(δk).H1(j)), (9a)

µk = f(H2(δk).∆k, H2(δk).H1(j)), (9b)

Ck = AES{bk, µk}, (9c)

where f() is a bilinear group mapping function.Upon reception, the rj verifies the identity of βk by

using Eq. 9a. If the equation holds, the βk is consideredan authentic node. Once authenticated, the rj can startcommunicating with βk using µk.

Each βk has a specific capacity, and cannot collect mul-timedia data from all the nearby rs. It is possible that a βkis communicating with more than one r. In this situation,it needs to assign a specific capacity to an rj . The available

capacity (i.e., c) of a βk at time t is estimated by the followingequations.

t =d

v, (10)

c = s× t, (11)

where, d is communication range, v is moving speed, and sis service rate of a βk.

4 SECURED AND AUTHORIZED DATA COLLECTIONSCHEME

In this section, we explain our proposed Secured and autho-rized Scheme (SaaS) for mobile multimedia data collection.The block diagram depicting the traditional mechanism ofthe WMSNs is shown in Fig. 1. The block diagram depictingthe operational mechanism of the proposed SaaS is shownin Fig. 2. The proposed SaaS is divided into two layers, i.e.,the device and mobile sink layers. The clusters are formed atthe device layer via a lightweight handshaking mechanism,while the data is collected from the CHs using the mobilesinks at the mobile sink layer.

4.1 Secure Cluster FormationThis phase is divided into two sub-phases, i.e., the electionof the CHs, and mutual authentication between the MSNsand CHs. The CH election is a token-based approach whichenables the MSNs with highest energy levels to become theCHs. The remaining nodes join the CHs to form clusters andforward data to the elected CHs.

4.1.1 CH ElectionIn our proposed SaaS, the WMSN consists of 500 ran-domly deployed MSNs. The MSNs with minimum energylevels become members in a cluster while the remainingnodes become the CHs. The elected CHs are responsiblefor authentication of member nodes, and data reception andforwarding to the BS. Each MSN possesses a λ and a τ . The τis used to exchange control packets i.e., nomination packets(i.e., p), and acknowledgment packets (i.e., ACK), betweenthe CHs and BS. On the other hand, the λ is used to performmutual authentication inside the clusters between the MSNsand CHs.

At the beginning of each round, each αi broadcasts a pito the BS. Each pi contains the α’s ID (i.e., i), secret (i.e.,λi), and residual energy (i.e., αe). Upon reception, the BSextracts i and αe from p, and computes the average energythreshold (i.e., E), by using the following equation.

E =

N∑i=1

αeN, (12)

where N represents the total number of MSNs.An αi having energy equal or greater than E is consid-

ered eligible to be elected as a CH. An exception may occurat the start of each round when all the MSNs have almostthe same energy levels. In this case, the election of a CH isbased on minor differences in the energy values and can goup to four decimal digits. In upcoming simulation rounds,

5

Base Station

Internet

Cloud

Local Server

Inter

net Connec

tion

Cluster Head

MSN

Fig. 1: Traditional Mechanism of WMSN

Base Station

Internet

Cloud

Local Server

Cluster Head

MSN

Mobile Sink

Mobile Sink

Mobile Sink

Fig. 2: Operational Mechanism of SaaS

6

it is possible to have more than one nominee for a CH role.In this case, a CH is selected based on the following rules.

• αe should be equal or greater than E.• Node αi is not elected as a CH in past rounds.• Nominees in the same geographical location are eval-

uated based on their previous history of election ifthey have the same energy levels.

After the election, the BS broadcasts a pγ to the electedCHs. This pγ contains the IDs of the elected CHs and theirneighboring MSNs. 16-bit tokens similar to the tokens of theelected CHs are also appended in the header of each pγ .Upon reception, an elected rj matches the received tokenwith its own. If matches, three operations are performedat the elected rj , 1) retrieval of the appended IDs of theneighboring MSNs and storing in an array (i.e., B[αi][λi]),2) creation of an ACK packet that includes its own tokenand forwards it back to the BS, and 3) advertising itself toits neighboring MSNs. It is possible that an MSN receivesadvertisements from more than one CH. In this case, anMSN associates itself with the nearest one by sending ajoining request. The location of an MSN with respect to abroadcasting rj is computed by the Euclidean distance (i.e.,d), as shown in the following equation.

d =√

(x− xi)2 − (y − yi)2. (13)

The joining process requires mutual authenticationwhich is explained in the next subsection.

4.1.2 Mutual Authentication

Upon successful advertisement, each MSN tries to becomea part/member of a cluster, led by a CH. The aim of clusterformation is to secure data transmission from the MSNs tothe CHs that are authorized to share the data with eitherthe BS or mobile sinks. To authenticate an MSN, a payload-based handshaking mechanism is used. The 128-bit AESencryption algorithm is used to encrypt the messages sharedbetween the nodes. Unlike AES-192 and AES-256 algo-rithms, the AES-128 algorithm requires less computationalresources and is suitable for real-time data processing [21].The MSNs exchange multiple handshake messages with theCHs as shown in Fig. 3. Once authenticated, an MSN isallowed to forward the data to the nearest CH, to whomit belongs.

In the session initiation phase, an MSN sends a join-request to the nearest CH. The join request contains j, i andλi. The IDs are 8-bits long, making the join request messagesextremely lightweight. A maximum of four join requests canbe sent to a CH. After four attempts, any further attempt issimply ignored. In the join-request, an i is encapsulated inthe payload while a j is encapsulated in the header. A framecheck sequence is also appended as a trailer of the payloadfor error detection and correction.

Upon receiving the join-request, the CH retrieves j and ifrom the header and payload fields, respectively. If the CH’sID does not match with rj , the request is simply discardedotherwise the CH proceeds with the CH challenge task. TheCH also searches for a matching λi. If a match is found, therequesting device is considered authentic, and a challenge is

Cluster Head MSN

Session Initiation

Cluster Head Challenge

Client Response & Challenge

Cluster Head Response

Fig. 3: Secured Cluster Formation via Handshaking

forwarded back as a response. The challenge consists of anencrypted payload and is computed by Eq. 1-2.

In the MSN response phase, the MSN needs to decipherthe encrypted payload to extract µ and ηr. Upon successfuldeciphering, the MSN is authenticated and able to create achallenge, using Eq. 3-4, to verify the identity of the CH.

Upon receiving the MSN’s challenge, the CH deciphersthe challenge to observe an ηr . If present, it retrieves anηi, and creates a 256-bit encrypted payload, using Eq. 5, totransmit as a response to MSN’s challenge and changes thestatus of MSN to Authenticated.

After receiving the CH’s response, the MSN verifiesthe identity of an rj . Upon successful verification, themutual authentication process is completed, and the MSNis now permitted to forward the data to the selected rj .Furthermore, the selected rj is now authorized to sharethe data collected with the mobile sinks. The entire mutualauthentication process is summarized in Algorithm 1.

4.2 Mobile Sink VerificationIn the cluster-based data communication, the CHs collectthe data from member MSNs, and forward to the BS. Inour proposed SaaS, we are assuming that the Internet con-nection is down, and the BS is unable to forward the datato the local/cloud servers. In this particular scenario, themobile sinks can collect the data from the CHs, and forwardto the local/cloud servers. However, the use of mobilesinks raises network security issues. To ensure a securedata communication from the CHs to mobile sinks, thereis a need to authenticate the mobile sinks. In the followingsubsections, we explain registration and authentication ofthe mobile sinks in a WMSN.

4.2.1 Mobile Sink RegistrationFor a secure data exchange between the CHs and mobilesinks, there is a need to register the mobile sinks with the BSas shown in Fig. 4. In real-world scenarios, the mobile sinksare always on the move. As a result, the CHs get a very

7

Algorithm 1 Payload-based Mutual Authentication1: Initialization:

• α←− [i, λi]• r ←− [j, λj ]• Input [λi=λj=2128]

2: (αi, λi, rj)→ rj3: if rj == rj then4: if [αi,λj]==A[αi][λi] then5: αi ←→ rj . Session created between αi and rj6: rj → αi : {Cr, challenge created}7: else8: αi is unauthorized9: end if

10: else11: The request is for a different r and discarded12: end if13: αi ←− {λi, (ϑ | ηr)} . Decipher challenge14: αi → rj : {Ci, αi respond with a challenge}15: if ηr exists then16: Access granted17: αi is authenticated18: rj → αi : {Cr, rj responds back with a new chal-

lenge}19: else20: Access denied21: αi is unauthenticated22: end if23: if ηi exists then24: rj is authenticated25: Data can be exchanged now26: else27: rj is unauthenticated28: end if

short amount of time to share the data with the authorizedmobile sinks. In the proposed SaaS, each βk generates an µk,and some random integers, i.e., x and z. The generated µkand random integers are used to register a βk with the BS,and these numbers need to be generated before forwardinga registration request. The registration process is based ontwo hashing functions, i.e., H1 and H2, for mapping andsecure hashing purposes, respectively [22]. The first hashingfunction, i.e., H1, is used to perform a map to point hashingoperation, and the second hashing function, i.e., H2, isused to perform one-way secure hashing. For both hashingoperations, the range of values is between {0, 1}.

After generating the random integers and µk, the firststep in the registration process is to generate and send anencrypted registration request, i.e., Θk, to the BS. This reg-istration request consists of k, µk, and one of the generatedrandom integers, i.e., x. The registration request is generatedusing Eq. 6.

After receiving the encrypted registration request, theBS decrypts it and extracts all the embedded values. TheBS also generates two random integer values, i.e., w and y.The BS uses the extracted values to generate an encryptedchallenge. The encrypted challenge consists of three differ-ent values, i.e., a registration certificate (i.e., ∆k), a time-stamp (i.e., δk), and an authentication value (i.e., Ψk). The BS

Registration Request

Encrypted Challenge

Encrypted Response

Cluster Heads Database

Base Station Mobile Sink

Fig. 4: Registration of Mobile Sink with Base Station

generates two copies of the registration certificate. One copyof the registration certificate is stored at the BS for futurecommunication, and the other copy is used in the encryptedchallenge. The time-stamp represents the total amount oftime a mobile sink can spend in the WMSN to collect thedata from the CHs. The authentication value is used tocreate a response to the encrypted challenge at the mobilesink. The three different values for the encrypted challengeare computed using Eq. 7a-7c. After computing these values,the BS embeds them into an encrypted payload, and sendsas a challenge to the requesting βk, using Eq. 7d.

After receiving the encrypted challenge, the requestingβk decrypts the payload to extract the embedded values.The registration certificate and time-stamp are stored atthe mobile sink, and the authentication value is used tocreate a response to the BS’s challenge. The mobile sinkuses the random integer values x and z along with theextracted authentication value and session key to create anintermediate value using Eq. 8a. The generated intermediatevalue along with the random integer value z is encrypted inthe payload of the message, using Eq. 8b, and is sent to theBS as a response to the challenge.

After receiving the encrypted response, the BS verifiesthe identity of the mobile sink, using Eq. 8a. If the equationholds, the mobile sink is considered authentic, otherwise, itis considered an intruder node. After verifying the identityof the mobile sink, the BS performs three operations, 1)shares the registration certificate and time-stamp of the ver-ified mobile sink with all the CHs, 2) forwards the databaseof elected CHs to the verified mobile sinks, and 3) forwardsthe location information of the nearby CHs to the verifiedmobile sinks to complete the registration process.

8

4.2.2 Mobile Sink Authentication

After receiving the database of all the elected CHs, themobile sink stores the database in its buffer. Secondly, itbroadcasts a request to all the nearby CHs for establishinga connection to collect the data. In response, the nearbyCHs reply back by sharing their unique IDs, i.e., j. If theIDs exist in the stored database, the mobile sink generatestwo intermediate values using the IDs of the CHs and itsown time-stamp, as shown in Eq. 9a-9b. These generatedintermediate values are encapsulated into the payload of aconnection request message, as shown in Eq. 9c, and sent tothe CHs. Upon receiving, the CHs verify the identity of themobile sink, using Eq. 9a. If the equation holds, the mobilesink is considered an authentic node. Once the mobile sinkis authenticated, the CHs start communication with it.

It is possible that the mobile sink is connected to morethan one CH at a time. In this case, it broadcasts a datacollection request to all the communicating/connected CHs.The data is arranged in their buffers, based on prioritylevels. Due to the large size, the multimedia data is alwaysof high priority, and need to be transmitted first. The datacollection requests provide information about the size ofdata. Based on the provided information, the mobile sinkassigns capacities to the CHs.

Once the mobile sink broadcasts a request for a datacollection, the nearby CHs reply back with capacity allo-cation requests, based on their low and high priority data.The mobile sink first processes high priority data requestsand assigns high capacities to the requesting CHs. Once thecapacity is assigned, the CHs immediately start transmittingthe data. If there is any capacity left at the mobile sink, it isevenly assigned to the CHs with low priority data requests.The capacity allocation process is a continuous processand stops when no more capacity is left. Furthermore, thecapacity of the mobile sink is always updated accordingto its moving speed. The current available capacity of themobile sink at time t is estimated by using Eq. 10-11. It ispossible that there are multiple mobile sinks moving arounda CH. In this case, a mobile sink is selected based on themaximum available capacity. The mobile sink registration,authentication, and data exchange processes are summa-rized in Algorithm 2.

5 EXPERIMENTAL SETUP AND SIMULATION RE-SULTS

In this section, first, we discuss experimental setup. Later,the performance of our proposed SaaS is evaluated in detail.

5.1 Network Setup

For simulations, we use Matlab 2017a. The network consistsof 500 randomly deployed MSNs, out of which 5% of thenodes are selected as the CHs. All the nodes are deployedin a 500×500m2 area. The mobile sinks and MSNs commu-nicate over an IEEE 802.11e network. The communicationrange of each MSN is set to 100m. The mobile sinks arealways on the move with a speed of v using random way-point mobility model [23]. We do not consider any pausetime in their movements.

Algorithm 2 Mobile Sink Verification1: Initialization:

• β ←− k• . where k represents number of βs in the

network• β ←− [µ, x, z]• γ ←− [w, y]

2: βk → γ : {Θk, secured request message}3: γ → βk : {Cγ , encrypted challenge}4: βk → γ : {Ck, encrypted response}5: if Ψk exists then6: . γ checks for the presence of Ψk in Ck7: βk is registered8: γ → rs : {∆k and δk, these values are shared with

rs}9: γ → βk : {rs, share database and locations of rs withβk}

10: else11: βk is unregistered12: end if13: if j exists then14: Send a connection request15: else16: rj is unauthenticated17: end if18: if k exists then19: βk is authorized20: βk → r : {c, assigning available capacity to r}21: if Pr[a] > Pr[b] then22: βk assigns c to r[a] . ∀ a, b ∈ j

. P represents priority-level23: βk ←− r[a] : {D, r[a] start transmitting high-

priority multimedia data D}24: else25: βk assigns c to r[b]26: end if27: else28: βk is unauthenticated29: end if

5.2 Performance Evaluation

In this subsection, we evaluate the performance of ourproposed SaaS approach against two similar state-of-the-artschemes, i.e., Secured Query Processing Scheme (SQPS) [24],and Modified Secured Query Processing Scheme (MSQPS)[25]. Both these schemes use a cluster-based hierarchical ap-proach for securing the exchange of data. First, we comparethe proposed SaaS against the SQPS and MSQPS in termsof various security primitives followed by their robustnessagainst various attacks, handshake duration, authenticationrate, data freshness, and packet delivery ratio, respectively.

In the proposed SaaS, the node authentication phase isa two-step process. First, the CHs are elected by the BS.Later, a mutual handshaking mechanism is performed toauthenticate both the CHs and MSNs for data collection.The proposed SaaS uses a Message Authentication Code(MAC) in Cipher Block Chaining (CBC) mode to ensurethe authentication, as shown in Table 3. The SQPS and

9

MSQPS, on the other hand, use the simple MAC for au-thentication. To ensure confidentiality, the proposed SaaSuses a payload-based symmetric encryption, that is ex-tremely lightweight. In comparison, the SQPS and MSQPSemploy RC5-based symmetric cryptography to maintain theconfidentiality. For data freshness, the proposed SaaS usespseudo-random nonces (i.e., ηi and ηr). These nonces havea one-time usage during the handshake mechanism and arenon-reproducible. This feature of these nonces ensures thatredundant packets are not replayed by malicious nodes,and the freshness of genuine data packets remain intact.The SQPS and MSQPS use Query Response (QR) packetsto ensure the data freshness. In this case, each member nodeof a cluster transmits a 4-tuple packet to its respective CH.Each QR packet ensures the freshness at the expense of ahigh computational cost at the CH.

TABLE 3: Security Analysis

Security Services SQPS MSQPS SaaSAuthentication MAC MAC CBCConfidentiality Symmetric Symmetric Symmetric

Freshness QR QR Nonces

We evaluate the resilience of the three schemes againstvarious malicious attacks as shown in Table 4. In the pro-posed SaaS, the presence of ηi, ηr and λi, protects theunderlying network from different types of malicious at-tacks. Random combinations of ηi and ηj in the proposedSaaS make it extremely difficult for an adversary to replaypackets. The SQPS and MSQPS use QR packets to preventthe replay of malicious packets. In the proposed SaaS, theuse of λi restricts any unauthorized node from establishingconnections with the CHs. As a result, it is extremely diffi-cult for the malicious nodes to launch resource exhaustionand DoS attacks. As λi is a hard-coded secret, any attemptfor tempering can easily be identified, and an alarm can betriggered. This feature of λi ensures that a malicious nodedoes not clone itself by stealing the identity of a legitimatenode. The BS has prior knowledge about the identities ofall the legitimate nodes that prevent the malicious nodesfrom launching the Sybil attacks, as they are unable toimpersonate themselves. The SQPS and MSQPS, on theother hand, are unable to detect the resource exhaustion,DoS, cloning and Sybil attacks.

TABLE 4: Resilience against Attacks

Attacks SQPS MSQPS SaaSReplay Yes Yes Yes

Resource Exhaustion No No YesDenial-of-Service No No Yes

Cloning No No YesSybil No No Yes

We evaluate the performance of the proposed SaaSagainst the SQPS and MSQPS in term of handshake durationfor various cluster sizes as shown in Table 5. The handshakeduration depends on the total number of member nodesin a cluster and is usually measured in milliseconds (ms).The handshake approach of the proposed SaaS takes less

time as compared to the SQPS and MSQPS. Unlike theseapproaches, the CHs in our proposed SaaS use local knowl-edge of neighboring nodes for handshaking and authenti-cation purposes. As the table shows, increasing the size ofa cluster has a relatively smaller impact on the handshakeduration in the proposed SaaS. However, the handshakeduration increases significantly in the case of the SQPS andMSQPS with an increase in the cluster size. This is mainlydue to the fact that these schemes use complex symmetricencryption suites that require excessive processing at eachCH.

TABLE 5: Handshake Duration (ms)

Cluster Size SQPS MSQPS SaaS15 4.03 3.7 2.08

20 4.99 4.1 2.16

25 5.31 4.33 2.37

40 7.11 5.91 2.99

In Fig. 5, the authentication rate for received messagesis shown. As the figure shows, the authentication rate de-creases with an increase in the number of malicious nodesin the underlying network. This is mainly because the CHshave to process requests from multiple sensor nodes (MSNsin the case of the proposed SaaS) at a given time, whichallows one or more malicious nodes to sneak through theunderlying authentication mechanism. Another reason forthis decrease in the authentication rate is as the numberof malicious nodes increases, the number of attempts bythese nodes to transmit their unauthenticated informationincreases. In Fig. 5(a), we compare the proposed SaaSagainst the MSQPS and SQPS in the presence of 25 maliciousnodes. Although our proposed SaaS scheme drops slightlyfor the first 10 seconds, it sustains itself by ensuring a higherauthentication rate. Minimum authentication rate is 98.5%that shows that the proposed SaaS is highly robust againstthe detection of malicious nodes. In comparison, as the timepasses, the authentication rates of MSQPS and SQPS dropto 96.28% and 93.85%, respectively. In the presence of 50malicious nodes, the proposed SaaS has a minimum authen-tication rate of 93.1%, as shown in Fig. 5(b). In comparison,the authentication rates of MSQPS and SQPS drop to as lowas 87.8% and 81.2%, respectively. Fig 5 concludes that theproposed SaaS is highly efficient in ensuring the messageintegrity in comparison to the MSQPS and SQPS becausethe authentication rate is an indicator of message integrity.

In Fig. 6, the proposed SaaS is compared with the MSQPSand SQPS in term of data freshness. A higher percentageof data freshness means a scheme is more resilient againstthe replay attacks. In the presence of 25 malicious nodes,the average data freshness of the proposed SaaS is 99.45%,MSQPS is 97.28% and SQPS is 91.8%, respectively, over aperiod of 120 seconds. These results are depicted in Fig.6(a). The proposed SaaS achieves a higher percentage ofdata freshness and sustains itself against the replay attacksover the course of time. Unlike the proposed SaaS, theMSQPS experiences a significant decrease after 30 secondsof the network deployment. The SQPS, on the other hand,experiences a significant drop of 11% in the data freshness,after the initial 20 seconds of the network deployment. In

10

92

94

96

98

100

0 30 60 90 120

Aut

hent

icat

ion

Rat

e (%

)

Time (sec)

SQPS MSQPS SaaS

(a) 25 malicious nodes

80

82

84

86

88

90

92

94

96

98

100

0 30 60 90 120

Au

then

tica

tio

n R

ate

(%)

Time (sec)

SQPS MSQPS SaaS

(b) 50 malicious nodes

Fig. 5: Authentication rate for varying number of maliciousnodes

Fig. 6(b), all the three schemes are compared in term of datafreshness in the presence of 50 malicious nodes. The averagedata freshness of the proposed SaaS is 99.3%, MSQPS is94.9% and SQPS is 90.3%, respectively, over the course oftime. In the beginning, the proposed SaaS drops brieflybeyond the MSQPS, however, the drop is only 1.1% for ashort period of 10 seconds. After 30 seconds, the MSQPSdrops to as low as 91% and stays low over the specifiedperiod of time. The SQPS, on the other hand, drops by 15%after the initial 20 seconds and stays low over the course oftime. Fig 6 concludes that as the number of malicious nodesincreases, the freshness percentage of the received datadecreases. An increase in the number of malicious nodesincreases the number of attempts made by such nodes totransmit their data packets. As a result, the redundant datapackets are transmitted which affects the freshness metricand at the same time, increases the replay attacks.

In Fig 7, packet delivery ratio of the three schemes isshown for varying number of malicious nodes. The averagepacket delivery ratio for SaaS is 95%, MSQPS is 84% andSQPS is 74%, respectively. Unlike SaaS, MSQPS and SQPSexperience a significant drop in packet delivery ratio with anincrease in the number of malicious nodes. This parameteris associated with authentication rate, in general. Duringthe authentication, the malicious nodes that go undetected,acquire time division multiple access (TDMA) slots fromcluster heads and broadcast their fake data packets. Both

88

90

92

94

96

98

100

0 30 60 90 120

Dat

a Fr

esh

nes

s (%

)

Time (sec)

SQPS MSQPS SaaS

(a) 25 Malicious Nodes

84

86

88

90

92

94

96

98

100

0 30 60 90 120D

ata

Fres

hn

ess

(%)

Time (sec)

SQPS MSQPS SaaS

(b) 50 Malicious Nodes

Fig. 6: Data Freshness (%) for various malicious nodes

MSQPS and SPQS experience a significant drop in packetdelivery ratio as the number of malicious nodes increasesfrom 20 to 100, respectively.

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

10 20 30 40 50 60 70 80 90 100

Pack

et D

eliv

ery

Rat

io

Number of Malicious Nodes

SQPS MSQPS SaaS

Fig. 7: Packet delivery ratio with varying number ofmalicious nodes

6 CONCLUSION

In this paper, we have proposed a node authenticationscheme, called SaaS. It has been designed for multimediadata collection through mobile sinks in a wireless multi-media sensor network. The proposed SaaS has based onthe clustering concept. A mutual handshaking mechanismhas been applied to authenticate both the MSNs and CHs.

11

Once authenticated, the MSNs forward the captured datato the elected CHs, and then it is the responsibility of theCHs to share the collected data with the nearby verifiedmobile sinks. The mobile sink verification involves theirregistration with the base station and authentication withthe CHs. The simulation results have shown that our pro-posed SaaS performs better in terms of resilience, handshakeduration, authentication rate, data freshness, and packetdelivery ratio when compared with other established state-of-the-art approaches. Regarding future work, we shall usethe simulation results produced in this paper as a base toperform further enhancements in our proposed SaaS to sup-port mobile MSNs and sinks with random speeds. Besides,we aim to implement the proposed scheme on real testbedsin open field environment to measure various phenomenaof interests in order to analyze various QoS metrics.

REFERENCES

[1] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, andM. Ayyash, “Internet of things: A survey on enabling technolo-gies, protocols, and applications,” IEEE Communications Surveys &Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.

[2] S. A. Alvi, B. Afzal, G. A. Shah, L. Atzori, and W. Mahmood,“Internet of multimedia things: Vision and challenges,” Ad HocNetworks, vol. 33, pp. 87–111, 2015.

[3] M. Usman, N. Yang, M. A. Jan, X. He, M. Xu, and K. Lam, “Ajoint framework for qos and qoe for video transmission overwireless multimedia sensor networks,” IEEE Transactions on MobileComputing, 2017.

[4] G. Mali and S. Misra, “Trast: Trust-based distributed topologymanagement for wireless multimedia sensor networks,” IEEETransactions on Computers, vol. 65, no. 6, pp. 1978–1991, 2016.

[5] J. P. J. Peixoto and D. G. Costa, “Wireless visual sensor networksfor smart city applications: A relevance-based approach for mul-tiple sinks mobility,” Future Generation Computer Systems, vol. 76,pp. 51–62, 2017.

[6] S. Kumari, M. K. Khan, and M. Atiquzzaman, “User authenti-cation schemes for wireless sensor networks: A review,” Ad HocNetworks, vol. 27, pp. 159–194, 2015.

[7] M. A. Jan, P. Nanda, X. He, and R. P. Liu, “A sybil attack detec-tion scheme for a forest wildfire monitoring application,” FutureGeneration Computer Systems, vol. 80, pp. 613–626, 2018.

[8] M. Usman, M. A. Jan, X. He, and P. Nanda, “Data sharing in securemultimedia wireless sensor networks,” in Trustcom/BigDataSE/ISPA, 2016 IEEE. IEEE, 2016, pp. 590–597.

[9] B. P. Laxmi and A. Chilambuchelvan, “Gsr: Geographic securedrouting using sha-3 algorithm for node and message authenti-cation in wireless sensor networks,” Future Generation ComputerSystems, vol. 76, pp. 98–105, 2017.

[10] S. Kumari, X. Li, F. Wu, A. K. Das, H. Arshad, and M. K. Khan, “Auser friendly mutual authentication and key agreement scheme forwireless sensor networks using chaotic maps,” Future GenerationComputer Systems, vol. 63, pp. 56–75, 2016.

[11] P. Zhang, S. Wang, K. Guo, and J. Wang, “A secure data col-lection scheme based on compressive sensing in wireless sensornetworks,” Ad Hoc Networks, vol. 70, pp. 73–84, 2018.

[12] S. Li, W. Wang, B. Zhou, J. Wang, Y. Cheng, and J. Wu, “A (m,m) authentication scheme against mobile sink replicated attackin unattended sensor networks,” IEEE Wireless CommunicationsLetters, 2017.

[13] F. Al-Turjman, Y. K. Ever, E. Ever, H. X. Nguyen, and D. B. David,“Seamless key agreement framework for mobile-sink in iot basedcloud-centric secured public safety sensor networks,” IEEE Access,vol. 5, pp. 24 617–24 631, 2017.

[14] M. Usman, M. A. Jan, and X. He, “Cryptography-based secure datastorage and sharing using hevc and public clouds,” InformationSciences, vol. 387, pp. 90–102, 2017.

[15] T. Wang, Y. Li, W. Fang, W. Xu, J. Liang, Y. Chen, and X. Liu,“A comprehensive trustworthy data collection approach in sensor-cloud system,” IEEE Transactions on Big Data, 2018.

[16] K.-A. Shim, “Basis: A practical multi-user broadcast authenticationscheme in wireless sensor networks,” IEEE Transactions on Informa-tion Forensics and Security, vol. 12, no. 7, pp. 1545–1554, 2017.

[17] T. Dimitriou, E. A. Alrashed, M. H. Karaata, and A. Hamdan,“Imposter detection for replication attacks in mobile sensor net-works,” Computer Networks, vol. 108, pp. 210–222, 2016.

[18] M. Jamshidi, E. Zangeneh, M. Esnaashari, and M. R. Meybodi,“A lightweight algorithm for detecting mobile sybil nodes in mo-bile wireless sensor networks,” Computers & Electrical Engineering,vol. 64, pp. 220–232, 2017.

[19] M. Jan, P. Nanda, M. Usman, and X. He, “Pawn: a payload-basedmutual authentication scheme for wireless sensor networks,” Con-currency and Computation: Practice and Experience, vol. 29, no. 17,2017.

[20] M. A. Jan, F. Khan, M. Alam, and M. Usman, “A payload-based mutual authentication scheme for internet of things,” FutureGeneration Computer Systems, 2017.

[21] J. Daemen and V. Rijmen, The design of Rijndael: AES-the advancedencryption standard. Springer Science & Business Media, 2013.

[22] F. Zhang, R. Safavi-Naini, and W. Susilo, “An efficient signaturescheme from bilinear pairings and its applications,” in InternationalWorkshop on Public Key Cryptography. Springer, 2004, pp. 277–290.

[23] C. Bettstetter, G. Resta, and P. Santi, “The node distribution of therandom waypoint mobility model for wireless ad hoc networks,”IEEE Transactions on mobile computing, vol. 2, no. 3, pp. 257–269,2003.

[24] A. Ghosal, S. Halder, S. Sur, A. Dan, and S. DasBit, “Ensuring basicsecurity and preventing replay attack in a query processing appli-cation domain in wsn,” in International Conference on ComputationalScience and Its Applications. Springer, 2010, pp. 321–335.

[25] A. Ghosal and S. DasBit, “A lightweight security scheme for queryprocessing in clustered wireless sensor networks,” Computers &Electrical Engineering, vol. 41, pp. 240–255, 2015.

Muhammad Usman received a Ph.D. in Com-puter Systems from the School of Electrical andData Engineering, University of Technology Syd-ney, Australia, in 2017. Currently, he is workingas a postdoc research assistant in the Depart-ment of Computer Science and Software En-gineering, Swinburne University of Technology,Australia. His research interests include audio,image and video processing, multimedia com-munication, security and privacy in wireless net-works, Internet of Things, and error concealment

techniques.

Mian Ahmad Jan is an Assistant Professorin the Department of Computer Science, Ab-dul Wali Khan University, Mardan, Pakistan. Heholds a Ph.D. in Computer Systems from theUniversity of Technology Sydney, Australia. Hisresearch interests include cluster-based hier-archical routing protocols, congestion detectionand mitigation and intrusion and malicious attackdetection in wireless sensor networks, Internetand web of things.

12

Xiangjian He received a Ph.D. in ComputingSciences from the University of Technology, Syd-ney, Australia, in 1999. Since 1999, he has beenwith the University of Technology, Sydney. He iscurrently a full professor and the director of Com-puter Vision and Pattern Recognition Laboratorythere.

Jinjun Chen is a Professor from Faculty of Sci-ence, Engineering and IT, Swinburne Univer-sity of Technology, Australia. He holds a PhDin Computer Science and Software Engineering(2007) from the Swinburne University of Tech-nology, Melbourne, Australia. His research inter-ests include cloud computing, big data, and dataintensive systems. He has published more than130 papers in high quality journals and confer-ences.