a new digital watermarking method for data integrity protection...
TRANSCRIPT
Research ArticleA New Digital Watermarking Method for Data IntegrityProtection in the Perception Layer of IoT
Guoyin Zhang1 Liang Kou1 Liguo Zhang1 Chao Liu2 Qingan Da1 and Jianguo Sun1
1School of Computer Science and Technology Harbin Engineering University Heilongjiang Harbin China2Institute of Information Engineering Chinese Academy of Sciences Beijing China
Correspondence should be addressed to Jianguo Sun sunjianguohrbeueducn
Received 19 May 2017 Revised 31 August 2017 Accepted 17 September 2017 Published 30 October 2017
Academic Editor Rongxing Lu
Copyright copy 2017 Guoyin Zhang et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
Since its introduction IoT (Internet of Things) has enjoyed vigorous support from governments and research institutions aroundthe world and remarkable achievements have been obtainedThe perception layer of IoT plays an important role as a link betweenthe IoT and the real world the security has become a bottleneck restricting the further development of IoT The perception layeris a self-organizing network system consisting of various resource-constrained sensor nodes through wireless communicationAccordingly the costly encryption mechanism cannot be applied to the perception layer In this paper a novel lightweight dataintegrity protection scheme based on fragile watermark is proposed to solve the contradiction between the security and restrictedresource of perception layer To improve the security we design a position random watermark (PRW) strategy to calculate theembedding position by temporal dynamics of sensing data The digital watermark is generated by one-way hash function SHA-1 before embedding to the dynamic computed position In this way the security vulnerabilities introduced by fixed embeddingposition can not only be solved effectively but also achieve zero disturbance to the data The security analysis and simulationresults show that the proposed scheme can effectively ensure the integrity of the data at low cost
1 Introduction
With the rapid development of computer technology embed-ded technology Internet and mobile communication net-work IoT emerges at a historic momentThe basic character-istic of IoT is the comprehensive perception reliable trans-mission and intelligent processing of information and thekey is to realize the information interaction between humanand things or things and things [1] Since its introductionIoT has caused great repercussions all over the world that alot of manpower and material resources have been investedto support the research and remarkable achievements havebeen obtained The rapid growth of IoT has caused greatchanges in the industry which is considered as the third waveof the world information industry following the computerand Internet [2] China Communications Standards Associ-ation (CCSA) defines the architecture of IoT as perceptionlayer network layer and application layer [3] as shownin Figure 1 The perception layer consists of sensors RFIDreader WebCam and smart phone which is used to perceive
and collect the information of objects and the environmentThe network layer consists of Internet and wireless networksuch as 2G 3G 4G and satellite network which is responsiblefor transferring the sensed data to the application layerThe application layer consists of application platform andsupporting platform such as distributed parallel computingdata mining and cloud computing The supporting platformprovides the functions for the specific application such asdata processing data storage and security managementThe IoT application has been widely used in smart citytelemedicine smart home and other fields
The network layer and application layer both apply themature technology which will ensure the security of thesensed data However the perception layer consisting ofsimple node will face the serious security problems whichattracts the attention of the majority of scholars The mainfunction of the perception layer is information perceptionThe information perception is the basis of IoT applicationsthat provides the information from the physical world so
HindawiSecurity and Communication NetworksVolume 2017 Article ID 3126010 12 pageshttpsdoiorg10115520173126010
2 Security and Communication Networks
WebCam Mobile phone
Wi-FiZigbee RF433 Bluetooth
Gateway
2G3G4GSatellite network Internet
Cloud computing platform
Application layer
Network layer
Perception layer
Smart home Smart city Telemedicine
Artificial intelligenceData mining
Distributed parallel computing Information search technologyVirtual reality
Sensor RFID reader
Figure 1 The architecture of IoT
Sink node
SatelliteInternet
Monitoring area Remote monitoringcenter
Sensor node
Figure 2 The communication mechanism of IoT perception layer
the perception layer has become the main concern of theIoT related research The communication mechanism ofIoT perception layer is shown in Figure 2 The perceptioninformation plays a key role as a link between the IoTand the real world It is composed of perception data andlocation data The disclosure of perception data can leadto the disclosure of critical information across the wholenetwork resulting in immeasurable consequences In thispaper we mainly consider the protection of perception dataand regard the wireless sensor networks (WSNs) as theperception layer of the IoT WSNs are self-organized by alarge number of microsensors with limited computing powerand small battery power to form a self-organizing networkin wireless communicationThe sensor data is collected fromthe sensor nodes and sent to the sink node by multihop relay
The sink node processes the perceptual data and sends it tothe application layer through the network layer Comparedwith other sensor nodes the sink node can be regarded asa powerful computer connected to the power supply whichhas fast speed processor huge storage capacity high networkbandwidth and security assurance [4]
Compared with traditional networks the WSNs havesome special features (1) WSNs are data-centric networkswhich focus purely on detecting and collecting the perceptualdata of the sensing area and do not care about the origin ofthe data (2) The urgent problem that WSNs need to solve isto reduce the energy consumption and extend the workinghours of the sensor nodes (3) The sensor nodes are requiredto dynamically adapt to the changes of the network sincemost of them are working in harsh environment and failures
Security and Communication Networks 3
can occur at any time (4) The sensor nodes cannot performcomplex calculations due to the utterly limited processorand storage capacity (5) Security considerations should becomprehensive before focusing on the design of the WSNsbecause the inherent vulnerabilities enable them easily tobe attacked by various attacks such as packet tamperingattack packet forgery attack selective forwarding attackpacket replay attack and transfer delay attack [5] The datasecurity of WSNs becomes a bottleneck that affects thefurther development of WSNs
Protecting the integrity of data in WSNs is the keyissue of WSNs security Malicious modification of data cancause serious consequencesThe data integrity authenticationof traditional network mainly makes use of cryptographyand Message Authentication Code (MAC) Although theencrypted data is safe the data can only be used afterdecryption which brings an opportunity to attackers Inaddition in order to ensure security the encryption algo-rithm takes advantage of complex computational instruc-tions that require additional space to store the keys whichundoubtedly increases a significant challenge to computa-tional load energy consumption and storage space of sensornodes [6] The literature [7] first implements the link layersecurity protocol TinySec which generates a 4-bit MAC toprevent data forgery and data tampering AlthoughTinySec isoptimized based on the highly constrained resource ofWSNsthere is still an additional payload that cannot be ignored forthe sensor nodes Considering the computing power storagespace and energy supply of sensor nodes are limited theproposed strategies based on MAC and encryption are notapplicable for the WSNs [8]
In order to solve the deficiencies of the traditional dataintegrity authenticationmethod researchers have introduceddigital watermarking technology into WSNs to protect thedata integrity [9] Digital watermarking technology is widelyused to protect copyright information and content integrityof multimedia digital works (images audio and videoetc) [10] Compared with the traditional encryption tech-nology digital watermarking technology has the followingfour advantages (1) the operation of watermark genera-tion watermark embedding and watermark extraction useslightweight calculations leading to low energy consumption(2) the watermarks information is directly integrated intothe carrier data without additional overhead for networkcommunication and storage capacity of nodes in WSNs (3)once the encrypted data is decrypted the protection of theencryption technique loses its effect but as the inseparablepart of the host carrier the watermarks can always guaranteethe data security [11] (4) the digital watermarking technologycan significantly reduce the end-to-end delay caused byencryption technology According to the antiattack charac-teristics digital watermarking technology can be dividedinto fragile watermarking and robust watermarking [12]Robust watermarking is not sensitive to modifications andcan be used for copyright protection Fragile watermarkingis extremely sensitive to tampering and any modificationsto the carrier can lead to the failed extraction of watermarkwhich can be used to verify the integrity of data [13]
2 Related Work
This paper first introduces some of the protection mecha-nisms for the security of the Internet of things Then wemainly focus on the data integrity protection of perceptionlayer (WSNs) of the IoT The data integrity means that thedata received by the recipient is consistent with the datasent by the sender in the transmission process Various dataintegrity protection strategies in WSNs have been proposedsummarized as follows
Li et al [14] propose the RealAlert that is a securitysensing strategy based on policy for IoT The strategy appliesthe reporting history and the policy rules for data collectionto ensure the trustworthiness of the data and the IoT devicesLi and Song [15] propose a trust scheme for the vehicularad hoc networks (VANETs) to protect collected data and thenode in the VANETs The proposed model can appraise thetrustworthiness of the data and the nodes respectively Whatis more it can also locate the malicious node in the VANETsand own resistance to a variety of attacks Anbuchelian etal [16] apply the trust mechanism for the WSNs clusterhead selection The trust mechanism named Firefly basedmetaheuristic will improve the security while extending thelife cycle of WSNs
Feng and Potkonjak [17] implemented the first real-time digital watermarking system in WSNs to validate theintegrity of sensed data The proposed algorithm embeddedthe encryption code of digital signature into the sensed datacollected by WSNs Taking the advantage of the property ofsensor nodes which allowed the existence of certain errorof various practical parameters the watermark informationwas embedded by modifying the value of actual parameterswithin allowable range Taking the positioning process ofatomic triangulation as an example it transformed the local-ization problem into the optimal solution of the nonlinearequation and embeds the encrypted signature of author intothe coefficients of equation However the limitation of theoptimal solution of nonlinear equations led to the fact thatthis method cannot be widely used
Guo et al [18] proposed a new fragile digital water-marking algorithm SGW which could verify the integrityof the data stream from the application layer The literaturegrouped the data according to the key and calculated the hashvalue of data from each group as the watermark Then thewatermark was directly embedded into the Least SignificantBit (LSB) of the data from each group to save bandwidthThe proposed method used watermark to link all groupsto detect deletion of the data and even the whole groupHowever the design of the strategy did not take limitedenergy supply and computing power of WSNs node intoaccount so it could not be applied to WSNs directly Kameland Juma [19] proposed lightweight chained watermarking(LWC) to optimize the SGWand achieved high performanceIt also applied dynamic group size and used the hash valueof two consecutive groups of data as the watermark to savecomputational overhead significantly instead of calculatingthe hash value of each data element in the group
Kamel and Juma [20] proposed FWC-D algorithm toaddress the inherent security vulnerabilities of the above two
4 Security and Communication Networks
methods The algorithm first divided the sensed data intogroups of the same size according to the delimiter (the valuethat the sensed data could not reach) The algorithm gener-ated a sequence number SN for each group and embeddedit into the group to achieve the purpose of detecting theoperation of deleting or adding group Digital watermark wasobtained by the hash function through the key K group dataand group serial number In order to avoid replay attacksthe algorithm embedded the watermark of current group intothe previous group and then chained all groups with digitalwatermark
Shi and Xiao [21] proposed a new data integrity authen-tication algorithm for WSNs based on reversible digitalwatermarking The proposed algorithm effectively appliedprediction-error expansion to avoid the loss of the senseddata due to embedding watermark However this algorithmrequired not only to calculate the size of the group accordingto the prediction function but also to calculate the hash valueof each data item in the group which greatly increased thecomputational complexity so it is not suitable for the highlyresource-constrained WSNs In addition the watermarkembedding process that used the predictions of spread-errorexpansion might cause data underflow and overflow
Wang et al [22] proposed a multimarked fragile digitalwatermarking algorithm based on integrity of characterdata to detect the malicious tampering by an attacker Thealgorithm used chain watermark of dynamic group sizeIt firstly transferred sensed data from numerical type intocharacter type and then used the watermark embeddingstrategy based on blank characters In this algorithm thecommunication bandwidth and node storage capacity couldbe saved effectively while the data integrity was protectedHowever the limited number of blank characters resulted inlimited watermark capacity
Kamel et al [23] proposed a new lossless digital water-marking algorithm that was suitable for WSNs to verify theintegrity of sensed data Firstly the algorithm divided thesensed data into fixed-size group and then used the variable-base factorial number system to rearrange the locationof the sensed data Secondly it embedded the watermarkinformation through the new order of sensed data in thegroup finally the sender and the receiver added a mappingstring for each group to provide the basis for reconstructingthe original data element and then extracted the watermarkinformation The algorithm did not bring any loss to thesensed data and could be applied to WSNs effectively due toits low computational complexity
Sun et al [24] proposed a lossless digital watermarkingstrategy which used redundant space of data to embed water-mark information The sensed data collected by the sensornodes was repackaged unlike the previous methods theembedding of the watermark did not cause any modificationto the original sensed data However this strategy still hada certain security vulnerability because the initial value ofreservation bit for watermark was zero and the watermarkembedding position was relatively fixed which could be usedby the attacker to obtain the sensed data
In conclusion the existing WSNs data integrity verifica-tion algorithms are based on digital watermarking mostly by
replacing the LSB of the sensed data with watermark datato achieve the goal of embedding watermark informationThis kind of algorithm is easy to implement and has a lowtime complexity which satisfies the requirements of highlyresource-constrained WSNs to a certain extent Besides alarge number of scholars put forward many improved LSBalgorithms the algorithm based on the LSB group thealgorithm based on distributed LSB and the algorithm basedon multiflag LSB To a certain extent although the improvedalgorithm enhances the security the watermark embeddingposition can become a serious security vulnerability whichis prone to malicious use by the attacker Besides LSB willcause data damage to some extent which is unacceptablein sensitive areas such as medical and military What ismore in the existing algorithms the data integrity can onlybe verified after the arrival of entire group of data whichleads to greater delay In order to solve these problems thispaper presents a lightweight watermarking technique calledposition randomwatermark (PRW)The proposed algorithmcalculates the embedding position of watermark dynamicallyby using the data collecting time from sensor nodes whichnot only improves the security but also saves energy andrealizes real-time data authentication
3 Attack Models and Proposed Scheme
31 The Attack Models Compared to wired networks theWSNs that deploy in the extreme environment face morethreats andwhat ismore the public communication protocoladopted byWSNs exacerbates the risk of physical tamperingThe sensed node owns limited computational capabilities andenergy resources which increase the difficulty of designingsecurity protocols We summarize the main attack modelsinto five categories
(a) Packet tampering a malicious node added to WSNstamperswith the value of the packets and forwards thetampered packets which can lead to extremely seriousconsequences in some special cases
(b) Packet forgery a malicious node added to WSNskeeps sending the fake packets to other nodes greatlyincreasing network traffic and resulting in wastingenergy of the whole WSNs
(c) Selective forwarding a malicious node added toWSNs deletes partial packets and forwards somepackets to destination selectively The data loss maycause the bad situation that the sink node fails tomakethe correct response
(d) Packet replay a malicious node added to WSNsforwards the packets that have been forwarded oncemore or repeatedly to other nodes which will causethe traffic congestion and energy waste
(e) Transfer delay a malicious node added to WSNsforwards the packets later than the predeterminedtime which will lead to the fact that the sink nodedrops the packets due to the timestamp
32 The Proposed Scheme This paper proposes a new WSNsdata integrity protection strategy based on fragile digital
Security and Communication Networks 5
Data collection
Hashcalculation
Collected time
Watermark generation
Hash value
Watermark
Watermark embedding
Data monitoringData tampering
Data deletionData forgery
Data transmissionData sending
Watermarkeddata
Watermark generation
Integrityauthentication
Regeneratedwatermark
Watermarkeddata
Recovered data
Extracted watermark
Data receiving
Watermark extractionand data recovery
Datasetand key
Figure 3 The implementation model of the proposed fragile watermark algorithm
watermarking to protect the sensed data from the above fourcategories of attack models The proposed algorithm makesuse of the characteristic that the fragile watermarking issensitive to modification Once the host data is modified thewatermark is destroyedThemalicious nodewithout the priorknowledge of watermarking algorithms cannot effectivelyrestore real data Data tampering and data forgery are similarwhich can be seen as malicious data generated by maliciousnodes The malicious sensed data generated by the maliciousnode cannot be verified by watermarking algorithm afterreaching the sink node The proposed algorithm introducesthe packet sequence number SNwhich is used for positioningthe added packet or deleted packet
The proposed watermarking algorithm includes threeprocesses namely digital watermark generation digitalwatermark embedding and digital watermark extraction asshown in Figure 3 firstly each sensing node collects thesensing data and generates the digital watermark according tothe fragile watermarking algorithm Secondly the watermarkis merged into the sensed data through the predefined ruleto form a data packet that is transferred to the sink nodethrough the transmission node The packet may suffer froman unreliable transmission and face different kinds of attacksThirdly the sink node receives the data and then extracts thewatermark and restores the sensed data according to the pre-defined ruleThe restored data is used to generate watermarkaccording to the same algorithmThe data integrity is verifiedby comparing the regenerated watermark and the extractedwatermark If the regenerated watermark is not the same asthe extracted watermark the data is proved to be temperedduring transmission Otherwise the data is proved safe Thedigital watermark is copiedwith the copy of the digitalmediaand the process is hidden If the predefined method is notknown the digital watermark is difficult to detect
The WSNs are simplified in this paper and only threetypes of nodes are considered
(i) Sensing node is responsible for collecting data ofmonitoring area
(ii) Transmission node is responsible for transferring thedata to the sink node by multihop relay
(iii) Sink node is responsible for receiving the sensed datasent by sensor node
Table 1 Notations and parameters of algorithm
Notation DescriptionHash() The given one-way hash function SHA-1 The concatenation operatorrand() The random position function119905 The data collecting time119879 The time queue stored in the sink node119898 The length of watermark embedding bits119870 The secret keydata119895 The 119895th sensed data elementSN The serial number inserted in each packet119882 Watermark to be inserted1198821015840 The extracted watermark11988210158401015840 The regenerated watermark
This paper makes the following assumptions the numberof sensing nodes is 119899 the same sensing node defined as nodeexists near the sink node and uses the same protocol andparameter as the node in the sensing area each sensing nodecollects sensed data at the same time in one working cycle Inorder to improve the security the collected time of the senseddata is not transmittedThenode near the sink node sends thetime for collected sensed data to the sink node every workingcycleThe sinknode sets up a queue to save the time accordingto the receiving order Table 1 shows the main notations andparameters used in the proposed algorithm
Definition 1 In WSNs the sensed data is encapsulated as apackage according to a predefined order before transmissionA series of sensed data collected at each working cycle isdefined as 119904119894 = data1 data2 data119899 data119895 represents thevalue of one sensed data (119895 = 1 2 119899) 119894 represents theworking cycle of the sensing node (119894 = 1 2 119896) and theworking cycle 119894 is saved to the packet sequence number SN
Definition 2 A transmitted packet is denoted as Packet =Head SN 119904119894 It consists of a fixed data header packetsequence number SN and a series of sensed data elements119904119894 The data of the packet is stored in binary mode Thewatermarked packet is denoted as PacketW The receivedpacket is denoted as Packet1198821015840
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 Security and Communication Networks
WebCam Mobile phone
Wi-FiZigbee RF433 Bluetooth
Gateway
2G3G4GSatellite network Internet
Cloud computing platform
Application layer
Network layer
Perception layer
Smart home Smart city Telemedicine
Artificial intelligenceData mining
Distributed parallel computing Information search technologyVirtual reality
Sensor RFID reader
Figure 1 The architecture of IoT
Sink node
SatelliteInternet
Monitoring area Remote monitoringcenter
Sensor node
Figure 2 The communication mechanism of IoT perception layer
the perception layer has become the main concern of theIoT related research The communication mechanism ofIoT perception layer is shown in Figure 2 The perceptioninformation plays a key role as a link between the IoTand the real world It is composed of perception data andlocation data The disclosure of perception data can leadto the disclosure of critical information across the wholenetwork resulting in immeasurable consequences In thispaper we mainly consider the protection of perception dataand regard the wireless sensor networks (WSNs) as theperception layer of the IoT WSNs are self-organized by alarge number of microsensors with limited computing powerand small battery power to form a self-organizing networkin wireless communicationThe sensor data is collected fromthe sensor nodes and sent to the sink node by multihop relay
The sink node processes the perceptual data and sends it tothe application layer through the network layer Comparedwith other sensor nodes the sink node can be regarded asa powerful computer connected to the power supply whichhas fast speed processor huge storage capacity high networkbandwidth and security assurance [4]
Compared with traditional networks the WSNs havesome special features (1) WSNs are data-centric networkswhich focus purely on detecting and collecting the perceptualdata of the sensing area and do not care about the origin ofthe data (2) The urgent problem that WSNs need to solve isto reduce the energy consumption and extend the workinghours of the sensor nodes (3) The sensor nodes are requiredto dynamically adapt to the changes of the network sincemost of them are working in harsh environment and failures
Security and Communication Networks 3
can occur at any time (4) The sensor nodes cannot performcomplex calculations due to the utterly limited processorand storage capacity (5) Security considerations should becomprehensive before focusing on the design of the WSNsbecause the inherent vulnerabilities enable them easily tobe attacked by various attacks such as packet tamperingattack packet forgery attack selective forwarding attackpacket replay attack and transfer delay attack [5] The datasecurity of WSNs becomes a bottleneck that affects thefurther development of WSNs
Protecting the integrity of data in WSNs is the keyissue of WSNs security Malicious modification of data cancause serious consequencesThe data integrity authenticationof traditional network mainly makes use of cryptographyand Message Authentication Code (MAC) Although theencrypted data is safe the data can only be used afterdecryption which brings an opportunity to attackers Inaddition in order to ensure security the encryption algo-rithm takes advantage of complex computational instruc-tions that require additional space to store the keys whichundoubtedly increases a significant challenge to computa-tional load energy consumption and storage space of sensornodes [6] The literature [7] first implements the link layersecurity protocol TinySec which generates a 4-bit MAC toprevent data forgery and data tampering AlthoughTinySec isoptimized based on the highly constrained resource ofWSNsthere is still an additional payload that cannot be ignored forthe sensor nodes Considering the computing power storagespace and energy supply of sensor nodes are limited theproposed strategies based on MAC and encryption are notapplicable for the WSNs [8]
In order to solve the deficiencies of the traditional dataintegrity authenticationmethod researchers have introduceddigital watermarking technology into WSNs to protect thedata integrity [9] Digital watermarking technology is widelyused to protect copyright information and content integrityof multimedia digital works (images audio and videoetc) [10] Compared with the traditional encryption tech-nology digital watermarking technology has the followingfour advantages (1) the operation of watermark genera-tion watermark embedding and watermark extraction useslightweight calculations leading to low energy consumption(2) the watermarks information is directly integrated intothe carrier data without additional overhead for networkcommunication and storage capacity of nodes in WSNs (3)once the encrypted data is decrypted the protection of theencryption technique loses its effect but as the inseparablepart of the host carrier the watermarks can always guaranteethe data security [11] (4) the digital watermarking technologycan significantly reduce the end-to-end delay caused byencryption technology According to the antiattack charac-teristics digital watermarking technology can be dividedinto fragile watermarking and robust watermarking [12]Robust watermarking is not sensitive to modifications andcan be used for copyright protection Fragile watermarkingis extremely sensitive to tampering and any modificationsto the carrier can lead to the failed extraction of watermarkwhich can be used to verify the integrity of data [13]
2 Related Work
This paper first introduces some of the protection mecha-nisms for the security of the Internet of things Then wemainly focus on the data integrity protection of perceptionlayer (WSNs) of the IoT The data integrity means that thedata received by the recipient is consistent with the datasent by the sender in the transmission process Various dataintegrity protection strategies in WSNs have been proposedsummarized as follows
Li et al [14] propose the RealAlert that is a securitysensing strategy based on policy for IoT The strategy appliesthe reporting history and the policy rules for data collectionto ensure the trustworthiness of the data and the IoT devicesLi and Song [15] propose a trust scheme for the vehicularad hoc networks (VANETs) to protect collected data and thenode in the VANETs The proposed model can appraise thetrustworthiness of the data and the nodes respectively Whatis more it can also locate the malicious node in the VANETsand own resistance to a variety of attacks Anbuchelian etal [16] apply the trust mechanism for the WSNs clusterhead selection The trust mechanism named Firefly basedmetaheuristic will improve the security while extending thelife cycle of WSNs
Feng and Potkonjak [17] implemented the first real-time digital watermarking system in WSNs to validate theintegrity of sensed data The proposed algorithm embeddedthe encryption code of digital signature into the sensed datacollected by WSNs Taking the advantage of the property ofsensor nodes which allowed the existence of certain errorof various practical parameters the watermark informationwas embedded by modifying the value of actual parameterswithin allowable range Taking the positioning process ofatomic triangulation as an example it transformed the local-ization problem into the optimal solution of the nonlinearequation and embeds the encrypted signature of author intothe coefficients of equation However the limitation of theoptimal solution of nonlinear equations led to the fact thatthis method cannot be widely used
Guo et al [18] proposed a new fragile digital water-marking algorithm SGW which could verify the integrityof the data stream from the application layer The literaturegrouped the data according to the key and calculated the hashvalue of data from each group as the watermark Then thewatermark was directly embedded into the Least SignificantBit (LSB) of the data from each group to save bandwidthThe proposed method used watermark to link all groupsto detect deletion of the data and even the whole groupHowever the design of the strategy did not take limitedenergy supply and computing power of WSNs node intoaccount so it could not be applied to WSNs directly Kameland Juma [19] proposed lightweight chained watermarking(LWC) to optimize the SGWand achieved high performanceIt also applied dynamic group size and used the hash valueof two consecutive groups of data as the watermark to savecomputational overhead significantly instead of calculatingthe hash value of each data element in the group
Kamel and Juma [20] proposed FWC-D algorithm toaddress the inherent security vulnerabilities of the above two
4 Security and Communication Networks
methods The algorithm first divided the sensed data intogroups of the same size according to the delimiter (the valuethat the sensed data could not reach) The algorithm gener-ated a sequence number SN for each group and embeddedit into the group to achieve the purpose of detecting theoperation of deleting or adding group Digital watermark wasobtained by the hash function through the key K group dataand group serial number In order to avoid replay attacksthe algorithm embedded the watermark of current group intothe previous group and then chained all groups with digitalwatermark
Shi and Xiao [21] proposed a new data integrity authen-tication algorithm for WSNs based on reversible digitalwatermarking The proposed algorithm effectively appliedprediction-error expansion to avoid the loss of the senseddata due to embedding watermark However this algorithmrequired not only to calculate the size of the group accordingto the prediction function but also to calculate the hash valueof each data item in the group which greatly increased thecomputational complexity so it is not suitable for the highlyresource-constrained WSNs In addition the watermarkembedding process that used the predictions of spread-errorexpansion might cause data underflow and overflow
Wang et al [22] proposed a multimarked fragile digitalwatermarking algorithm based on integrity of characterdata to detect the malicious tampering by an attacker Thealgorithm used chain watermark of dynamic group sizeIt firstly transferred sensed data from numerical type intocharacter type and then used the watermark embeddingstrategy based on blank characters In this algorithm thecommunication bandwidth and node storage capacity couldbe saved effectively while the data integrity was protectedHowever the limited number of blank characters resulted inlimited watermark capacity
Kamel et al [23] proposed a new lossless digital water-marking algorithm that was suitable for WSNs to verify theintegrity of sensed data Firstly the algorithm divided thesensed data into fixed-size group and then used the variable-base factorial number system to rearrange the locationof the sensed data Secondly it embedded the watermarkinformation through the new order of sensed data in thegroup finally the sender and the receiver added a mappingstring for each group to provide the basis for reconstructingthe original data element and then extracted the watermarkinformation The algorithm did not bring any loss to thesensed data and could be applied to WSNs effectively due toits low computational complexity
Sun et al [24] proposed a lossless digital watermarkingstrategy which used redundant space of data to embed water-mark information The sensed data collected by the sensornodes was repackaged unlike the previous methods theembedding of the watermark did not cause any modificationto the original sensed data However this strategy still hada certain security vulnerability because the initial value ofreservation bit for watermark was zero and the watermarkembedding position was relatively fixed which could be usedby the attacker to obtain the sensed data
In conclusion the existing WSNs data integrity verifica-tion algorithms are based on digital watermarking mostly by
replacing the LSB of the sensed data with watermark datato achieve the goal of embedding watermark informationThis kind of algorithm is easy to implement and has a lowtime complexity which satisfies the requirements of highlyresource-constrained WSNs to a certain extent Besides alarge number of scholars put forward many improved LSBalgorithms the algorithm based on the LSB group thealgorithm based on distributed LSB and the algorithm basedon multiflag LSB To a certain extent although the improvedalgorithm enhances the security the watermark embeddingposition can become a serious security vulnerability whichis prone to malicious use by the attacker Besides LSB willcause data damage to some extent which is unacceptablein sensitive areas such as medical and military What ismore in the existing algorithms the data integrity can onlybe verified after the arrival of entire group of data whichleads to greater delay In order to solve these problems thispaper presents a lightweight watermarking technique calledposition randomwatermark (PRW)The proposed algorithmcalculates the embedding position of watermark dynamicallyby using the data collecting time from sensor nodes whichnot only improves the security but also saves energy andrealizes real-time data authentication
3 Attack Models and Proposed Scheme
31 The Attack Models Compared to wired networks theWSNs that deploy in the extreme environment face morethreats andwhat ismore the public communication protocoladopted byWSNs exacerbates the risk of physical tamperingThe sensed node owns limited computational capabilities andenergy resources which increase the difficulty of designingsecurity protocols We summarize the main attack modelsinto five categories
(a) Packet tampering a malicious node added to WSNstamperswith the value of the packets and forwards thetampered packets which can lead to extremely seriousconsequences in some special cases
(b) Packet forgery a malicious node added to WSNskeeps sending the fake packets to other nodes greatlyincreasing network traffic and resulting in wastingenergy of the whole WSNs
(c) Selective forwarding a malicious node added toWSNs deletes partial packets and forwards somepackets to destination selectively The data loss maycause the bad situation that the sink node fails tomakethe correct response
(d) Packet replay a malicious node added to WSNsforwards the packets that have been forwarded oncemore or repeatedly to other nodes which will causethe traffic congestion and energy waste
(e) Transfer delay a malicious node added to WSNsforwards the packets later than the predeterminedtime which will lead to the fact that the sink nodedrops the packets due to the timestamp
32 The Proposed Scheme This paper proposes a new WSNsdata integrity protection strategy based on fragile digital
Security and Communication Networks 5
Data collection
Hashcalculation
Collected time
Watermark generation
Hash value
Watermark
Watermark embedding
Data monitoringData tampering
Data deletionData forgery
Data transmissionData sending
Watermarkeddata
Watermark generation
Integrityauthentication
Regeneratedwatermark
Watermarkeddata
Recovered data
Extracted watermark
Data receiving
Watermark extractionand data recovery
Datasetand key
Figure 3 The implementation model of the proposed fragile watermark algorithm
watermarking to protect the sensed data from the above fourcategories of attack models The proposed algorithm makesuse of the characteristic that the fragile watermarking issensitive to modification Once the host data is modified thewatermark is destroyedThemalicious nodewithout the priorknowledge of watermarking algorithms cannot effectivelyrestore real data Data tampering and data forgery are similarwhich can be seen as malicious data generated by maliciousnodes The malicious sensed data generated by the maliciousnode cannot be verified by watermarking algorithm afterreaching the sink node The proposed algorithm introducesthe packet sequence number SNwhich is used for positioningthe added packet or deleted packet
The proposed watermarking algorithm includes threeprocesses namely digital watermark generation digitalwatermark embedding and digital watermark extraction asshown in Figure 3 firstly each sensing node collects thesensing data and generates the digital watermark according tothe fragile watermarking algorithm Secondly the watermarkis merged into the sensed data through the predefined ruleto form a data packet that is transferred to the sink nodethrough the transmission node The packet may suffer froman unreliable transmission and face different kinds of attacksThirdly the sink node receives the data and then extracts thewatermark and restores the sensed data according to the pre-defined ruleThe restored data is used to generate watermarkaccording to the same algorithmThe data integrity is verifiedby comparing the regenerated watermark and the extractedwatermark If the regenerated watermark is not the same asthe extracted watermark the data is proved to be temperedduring transmission Otherwise the data is proved safe Thedigital watermark is copiedwith the copy of the digitalmediaand the process is hidden If the predefined method is notknown the digital watermark is difficult to detect
The WSNs are simplified in this paper and only threetypes of nodes are considered
(i) Sensing node is responsible for collecting data ofmonitoring area
(ii) Transmission node is responsible for transferring thedata to the sink node by multihop relay
(iii) Sink node is responsible for receiving the sensed datasent by sensor node
Table 1 Notations and parameters of algorithm
Notation DescriptionHash() The given one-way hash function SHA-1 The concatenation operatorrand() The random position function119905 The data collecting time119879 The time queue stored in the sink node119898 The length of watermark embedding bits119870 The secret keydata119895 The 119895th sensed data elementSN The serial number inserted in each packet119882 Watermark to be inserted1198821015840 The extracted watermark11988210158401015840 The regenerated watermark
This paper makes the following assumptions the numberof sensing nodes is 119899 the same sensing node defined as nodeexists near the sink node and uses the same protocol andparameter as the node in the sensing area each sensing nodecollects sensed data at the same time in one working cycle Inorder to improve the security the collected time of the senseddata is not transmittedThenode near the sink node sends thetime for collected sensed data to the sink node every workingcycleThe sinknode sets up a queue to save the time accordingto the receiving order Table 1 shows the main notations andparameters used in the proposed algorithm
Definition 1 In WSNs the sensed data is encapsulated as apackage according to a predefined order before transmissionA series of sensed data collected at each working cycle isdefined as 119904119894 = data1 data2 data119899 data119895 represents thevalue of one sensed data (119895 = 1 2 119899) 119894 represents theworking cycle of the sensing node (119894 = 1 2 119896) and theworking cycle 119894 is saved to the packet sequence number SN
Definition 2 A transmitted packet is denoted as Packet =Head SN 119904119894 It consists of a fixed data header packetsequence number SN and a series of sensed data elements119904119894 The data of the packet is stored in binary mode Thewatermarked packet is denoted as PacketW The receivedpacket is denoted as Packet1198821015840
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 3
can occur at any time (4) The sensor nodes cannot performcomplex calculations due to the utterly limited processorand storage capacity (5) Security considerations should becomprehensive before focusing on the design of the WSNsbecause the inherent vulnerabilities enable them easily tobe attacked by various attacks such as packet tamperingattack packet forgery attack selective forwarding attackpacket replay attack and transfer delay attack [5] The datasecurity of WSNs becomes a bottleneck that affects thefurther development of WSNs
Protecting the integrity of data in WSNs is the keyissue of WSNs security Malicious modification of data cancause serious consequencesThe data integrity authenticationof traditional network mainly makes use of cryptographyand Message Authentication Code (MAC) Although theencrypted data is safe the data can only be used afterdecryption which brings an opportunity to attackers Inaddition in order to ensure security the encryption algo-rithm takes advantage of complex computational instruc-tions that require additional space to store the keys whichundoubtedly increases a significant challenge to computa-tional load energy consumption and storage space of sensornodes [6] The literature [7] first implements the link layersecurity protocol TinySec which generates a 4-bit MAC toprevent data forgery and data tampering AlthoughTinySec isoptimized based on the highly constrained resource ofWSNsthere is still an additional payload that cannot be ignored forthe sensor nodes Considering the computing power storagespace and energy supply of sensor nodes are limited theproposed strategies based on MAC and encryption are notapplicable for the WSNs [8]
In order to solve the deficiencies of the traditional dataintegrity authenticationmethod researchers have introduceddigital watermarking technology into WSNs to protect thedata integrity [9] Digital watermarking technology is widelyused to protect copyright information and content integrityof multimedia digital works (images audio and videoetc) [10] Compared with the traditional encryption tech-nology digital watermarking technology has the followingfour advantages (1) the operation of watermark genera-tion watermark embedding and watermark extraction useslightweight calculations leading to low energy consumption(2) the watermarks information is directly integrated intothe carrier data without additional overhead for networkcommunication and storage capacity of nodes in WSNs (3)once the encrypted data is decrypted the protection of theencryption technique loses its effect but as the inseparablepart of the host carrier the watermarks can always guaranteethe data security [11] (4) the digital watermarking technologycan significantly reduce the end-to-end delay caused byencryption technology According to the antiattack charac-teristics digital watermarking technology can be dividedinto fragile watermarking and robust watermarking [12]Robust watermarking is not sensitive to modifications andcan be used for copyright protection Fragile watermarkingis extremely sensitive to tampering and any modificationsto the carrier can lead to the failed extraction of watermarkwhich can be used to verify the integrity of data [13]
2 Related Work
This paper first introduces some of the protection mecha-nisms for the security of the Internet of things Then wemainly focus on the data integrity protection of perceptionlayer (WSNs) of the IoT The data integrity means that thedata received by the recipient is consistent with the datasent by the sender in the transmission process Various dataintegrity protection strategies in WSNs have been proposedsummarized as follows
Li et al [14] propose the RealAlert that is a securitysensing strategy based on policy for IoT The strategy appliesthe reporting history and the policy rules for data collectionto ensure the trustworthiness of the data and the IoT devicesLi and Song [15] propose a trust scheme for the vehicularad hoc networks (VANETs) to protect collected data and thenode in the VANETs The proposed model can appraise thetrustworthiness of the data and the nodes respectively Whatis more it can also locate the malicious node in the VANETsand own resistance to a variety of attacks Anbuchelian etal [16] apply the trust mechanism for the WSNs clusterhead selection The trust mechanism named Firefly basedmetaheuristic will improve the security while extending thelife cycle of WSNs
Feng and Potkonjak [17] implemented the first real-time digital watermarking system in WSNs to validate theintegrity of sensed data The proposed algorithm embeddedthe encryption code of digital signature into the sensed datacollected by WSNs Taking the advantage of the property ofsensor nodes which allowed the existence of certain errorof various practical parameters the watermark informationwas embedded by modifying the value of actual parameterswithin allowable range Taking the positioning process ofatomic triangulation as an example it transformed the local-ization problem into the optimal solution of the nonlinearequation and embeds the encrypted signature of author intothe coefficients of equation However the limitation of theoptimal solution of nonlinear equations led to the fact thatthis method cannot be widely used
Guo et al [18] proposed a new fragile digital water-marking algorithm SGW which could verify the integrityof the data stream from the application layer The literaturegrouped the data according to the key and calculated the hashvalue of data from each group as the watermark Then thewatermark was directly embedded into the Least SignificantBit (LSB) of the data from each group to save bandwidthThe proposed method used watermark to link all groupsto detect deletion of the data and even the whole groupHowever the design of the strategy did not take limitedenergy supply and computing power of WSNs node intoaccount so it could not be applied to WSNs directly Kameland Juma [19] proposed lightweight chained watermarking(LWC) to optimize the SGWand achieved high performanceIt also applied dynamic group size and used the hash valueof two consecutive groups of data as the watermark to savecomputational overhead significantly instead of calculatingthe hash value of each data element in the group
Kamel and Juma [20] proposed FWC-D algorithm toaddress the inherent security vulnerabilities of the above two
4 Security and Communication Networks
methods The algorithm first divided the sensed data intogroups of the same size according to the delimiter (the valuethat the sensed data could not reach) The algorithm gener-ated a sequence number SN for each group and embeddedit into the group to achieve the purpose of detecting theoperation of deleting or adding group Digital watermark wasobtained by the hash function through the key K group dataand group serial number In order to avoid replay attacksthe algorithm embedded the watermark of current group intothe previous group and then chained all groups with digitalwatermark
Shi and Xiao [21] proposed a new data integrity authen-tication algorithm for WSNs based on reversible digitalwatermarking The proposed algorithm effectively appliedprediction-error expansion to avoid the loss of the senseddata due to embedding watermark However this algorithmrequired not only to calculate the size of the group accordingto the prediction function but also to calculate the hash valueof each data item in the group which greatly increased thecomputational complexity so it is not suitable for the highlyresource-constrained WSNs In addition the watermarkembedding process that used the predictions of spread-errorexpansion might cause data underflow and overflow
Wang et al [22] proposed a multimarked fragile digitalwatermarking algorithm based on integrity of characterdata to detect the malicious tampering by an attacker Thealgorithm used chain watermark of dynamic group sizeIt firstly transferred sensed data from numerical type intocharacter type and then used the watermark embeddingstrategy based on blank characters In this algorithm thecommunication bandwidth and node storage capacity couldbe saved effectively while the data integrity was protectedHowever the limited number of blank characters resulted inlimited watermark capacity
Kamel et al [23] proposed a new lossless digital water-marking algorithm that was suitable for WSNs to verify theintegrity of sensed data Firstly the algorithm divided thesensed data into fixed-size group and then used the variable-base factorial number system to rearrange the locationof the sensed data Secondly it embedded the watermarkinformation through the new order of sensed data in thegroup finally the sender and the receiver added a mappingstring for each group to provide the basis for reconstructingthe original data element and then extracted the watermarkinformation The algorithm did not bring any loss to thesensed data and could be applied to WSNs effectively due toits low computational complexity
Sun et al [24] proposed a lossless digital watermarkingstrategy which used redundant space of data to embed water-mark information The sensed data collected by the sensornodes was repackaged unlike the previous methods theembedding of the watermark did not cause any modificationto the original sensed data However this strategy still hada certain security vulnerability because the initial value ofreservation bit for watermark was zero and the watermarkembedding position was relatively fixed which could be usedby the attacker to obtain the sensed data
In conclusion the existing WSNs data integrity verifica-tion algorithms are based on digital watermarking mostly by
replacing the LSB of the sensed data with watermark datato achieve the goal of embedding watermark informationThis kind of algorithm is easy to implement and has a lowtime complexity which satisfies the requirements of highlyresource-constrained WSNs to a certain extent Besides alarge number of scholars put forward many improved LSBalgorithms the algorithm based on the LSB group thealgorithm based on distributed LSB and the algorithm basedon multiflag LSB To a certain extent although the improvedalgorithm enhances the security the watermark embeddingposition can become a serious security vulnerability whichis prone to malicious use by the attacker Besides LSB willcause data damage to some extent which is unacceptablein sensitive areas such as medical and military What ismore in the existing algorithms the data integrity can onlybe verified after the arrival of entire group of data whichleads to greater delay In order to solve these problems thispaper presents a lightweight watermarking technique calledposition randomwatermark (PRW)The proposed algorithmcalculates the embedding position of watermark dynamicallyby using the data collecting time from sensor nodes whichnot only improves the security but also saves energy andrealizes real-time data authentication
3 Attack Models and Proposed Scheme
31 The Attack Models Compared to wired networks theWSNs that deploy in the extreme environment face morethreats andwhat ismore the public communication protocoladopted byWSNs exacerbates the risk of physical tamperingThe sensed node owns limited computational capabilities andenergy resources which increase the difficulty of designingsecurity protocols We summarize the main attack modelsinto five categories
(a) Packet tampering a malicious node added to WSNstamperswith the value of the packets and forwards thetampered packets which can lead to extremely seriousconsequences in some special cases
(b) Packet forgery a malicious node added to WSNskeeps sending the fake packets to other nodes greatlyincreasing network traffic and resulting in wastingenergy of the whole WSNs
(c) Selective forwarding a malicious node added toWSNs deletes partial packets and forwards somepackets to destination selectively The data loss maycause the bad situation that the sink node fails tomakethe correct response
(d) Packet replay a malicious node added to WSNsforwards the packets that have been forwarded oncemore or repeatedly to other nodes which will causethe traffic congestion and energy waste
(e) Transfer delay a malicious node added to WSNsforwards the packets later than the predeterminedtime which will lead to the fact that the sink nodedrops the packets due to the timestamp
32 The Proposed Scheme This paper proposes a new WSNsdata integrity protection strategy based on fragile digital
Security and Communication Networks 5
Data collection
Hashcalculation
Collected time
Watermark generation
Hash value
Watermark
Watermark embedding
Data monitoringData tampering
Data deletionData forgery
Data transmissionData sending
Watermarkeddata
Watermark generation
Integrityauthentication
Regeneratedwatermark
Watermarkeddata
Recovered data
Extracted watermark
Data receiving
Watermark extractionand data recovery
Datasetand key
Figure 3 The implementation model of the proposed fragile watermark algorithm
watermarking to protect the sensed data from the above fourcategories of attack models The proposed algorithm makesuse of the characteristic that the fragile watermarking issensitive to modification Once the host data is modified thewatermark is destroyedThemalicious nodewithout the priorknowledge of watermarking algorithms cannot effectivelyrestore real data Data tampering and data forgery are similarwhich can be seen as malicious data generated by maliciousnodes The malicious sensed data generated by the maliciousnode cannot be verified by watermarking algorithm afterreaching the sink node The proposed algorithm introducesthe packet sequence number SNwhich is used for positioningthe added packet or deleted packet
The proposed watermarking algorithm includes threeprocesses namely digital watermark generation digitalwatermark embedding and digital watermark extraction asshown in Figure 3 firstly each sensing node collects thesensing data and generates the digital watermark according tothe fragile watermarking algorithm Secondly the watermarkis merged into the sensed data through the predefined ruleto form a data packet that is transferred to the sink nodethrough the transmission node The packet may suffer froman unreliable transmission and face different kinds of attacksThirdly the sink node receives the data and then extracts thewatermark and restores the sensed data according to the pre-defined ruleThe restored data is used to generate watermarkaccording to the same algorithmThe data integrity is verifiedby comparing the regenerated watermark and the extractedwatermark If the regenerated watermark is not the same asthe extracted watermark the data is proved to be temperedduring transmission Otherwise the data is proved safe Thedigital watermark is copiedwith the copy of the digitalmediaand the process is hidden If the predefined method is notknown the digital watermark is difficult to detect
The WSNs are simplified in this paper and only threetypes of nodes are considered
(i) Sensing node is responsible for collecting data ofmonitoring area
(ii) Transmission node is responsible for transferring thedata to the sink node by multihop relay
(iii) Sink node is responsible for receiving the sensed datasent by sensor node
Table 1 Notations and parameters of algorithm
Notation DescriptionHash() The given one-way hash function SHA-1 The concatenation operatorrand() The random position function119905 The data collecting time119879 The time queue stored in the sink node119898 The length of watermark embedding bits119870 The secret keydata119895 The 119895th sensed data elementSN The serial number inserted in each packet119882 Watermark to be inserted1198821015840 The extracted watermark11988210158401015840 The regenerated watermark
This paper makes the following assumptions the numberof sensing nodes is 119899 the same sensing node defined as nodeexists near the sink node and uses the same protocol andparameter as the node in the sensing area each sensing nodecollects sensed data at the same time in one working cycle Inorder to improve the security the collected time of the senseddata is not transmittedThenode near the sink node sends thetime for collected sensed data to the sink node every workingcycleThe sinknode sets up a queue to save the time accordingto the receiving order Table 1 shows the main notations andparameters used in the proposed algorithm
Definition 1 In WSNs the sensed data is encapsulated as apackage according to a predefined order before transmissionA series of sensed data collected at each working cycle isdefined as 119904119894 = data1 data2 data119899 data119895 represents thevalue of one sensed data (119895 = 1 2 119899) 119894 represents theworking cycle of the sensing node (119894 = 1 2 119896) and theworking cycle 119894 is saved to the packet sequence number SN
Definition 2 A transmitted packet is denoted as Packet =Head SN 119904119894 It consists of a fixed data header packetsequence number SN and a series of sensed data elements119904119894 The data of the packet is stored in binary mode Thewatermarked packet is denoted as PacketW The receivedpacket is denoted as Packet1198821015840
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 Security and Communication Networks
methods The algorithm first divided the sensed data intogroups of the same size according to the delimiter (the valuethat the sensed data could not reach) The algorithm gener-ated a sequence number SN for each group and embeddedit into the group to achieve the purpose of detecting theoperation of deleting or adding group Digital watermark wasobtained by the hash function through the key K group dataand group serial number In order to avoid replay attacksthe algorithm embedded the watermark of current group intothe previous group and then chained all groups with digitalwatermark
Shi and Xiao [21] proposed a new data integrity authen-tication algorithm for WSNs based on reversible digitalwatermarking The proposed algorithm effectively appliedprediction-error expansion to avoid the loss of the senseddata due to embedding watermark However this algorithmrequired not only to calculate the size of the group accordingto the prediction function but also to calculate the hash valueof each data item in the group which greatly increased thecomputational complexity so it is not suitable for the highlyresource-constrained WSNs In addition the watermarkembedding process that used the predictions of spread-errorexpansion might cause data underflow and overflow
Wang et al [22] proposed a multimarked fragile digitalwatermarking algorithm based on integrity of characterdata to detect the malicious tampering by an attacker Thealgorithm used chain watermark of dynamic group sizeIt firstly transferred sensed data from numerical type intocharacter type and then used the watermark embeddingstrategy based on blank characters In this algorithm thecommunication bandwidth and node storage capacity couldbe saved effectively while the data integrity was protectedHowever the limited number of blank characters resulted inlimited watermark capacity
Kamel et al [23] proposed a new lossless digital water-marking algorithm that was suitable for WSNs to verify theintegrity of sensed data Firstly the algorithm divided thesensed data into fixed-size group and then used the variable-base factorial number system to rearrange the locationof the sensed data Secondly it embedded the watermarkinformation through the new order of sensed data in thegroup finally the sender and the receiver added a mappingstring for each group to provide the basis for reconstructingthe original data element and then extracted the watermarkinformation The algorithm did not bring any loss to thesensed data and could be applied to WSNs effectively due toits low computational complexity
Sun et al [24] proposed a lossless digital watermarkingstrategy which used redundant space of data to embed water-mark information The sensed data collected by the sensornodes was repackaged unlike the previous methods theembedding of the watermark did not cause any modificationto the original sensed data However this strategy still hada certain security vulnerability because the initial value ofreservation bit for watermark was zero and the watermarkembedding position was relatively fixed which could be usedby the attacker to obtain the sensed data
In conclusion the existing WSNs data integrity verifica-tion algorithms are based on digital watermarking mostly by
replacing the LSB of the sensed data with watermark datato achieve the goal of embedding watermark informationThis kind of algorithm is easy to implement and has a lowtime complexity which satisfies the requirements of highlyresource-constrained WSNs to a certain extent Besides alarge number of scholars put forward many improved LSBalgorithms the algorithm based on the LSB group thealgorithm based on distributed LSB and the algorithm basedon multiflag LSB To a certain extent although the improvedalgorithm enhances the security the watermark embeddingposition can become a serious security vulnerability whichis prone to malicious use by the attacker Besides LSB willcause data damage to some extent which is unacceptablein sensitive areas such as medical and military What ismore in the existing algorithms the data integrity can onlybe verified after the arrival of entire group of data whichleads to greater delay In order to solve these problems thispaper presents a lightweight watermarking technique calledposition randomwatermark (PRW)The proposed algorithmcalculates the embedding position of watermark dynamicallyby using the data collecting time from sensor nodes whichnot only improves the security but also saves energy andrealizes real-time data authentication
3 Attack Models and Proposed Scheme
31 The Attack Models Compared to wired networks theWSNs that deploy in the extreme environment face morethreats andwhat ismore the public communication protocoladopted byWSNs exacerbates the risk of physical tamperingThe sensed node owns limited computational capabilities andenergy resources which increase the difficulty of designingsecurity protocols We summarize the main attack modelsinto five categories
(a) Packet tampering a malicious node added to WSNstamperswith the value of the packets and forwards thetampered packets which can lead to extremely seriousconsequences in some special cases
(b) Packet forgery a malicious node added to WSNskeeps sending the fake packets to other nodes greatlyincreasing network traffic and resulting in wastingenergy of the whole WSNs
(c) Selective forwarding a malicious node added toWSNs deletes partial packets and forwards somepackets to destination selectively The data loss maycause the bad situation that the sink node fails tomakethe correct response
(d) Packet replay a malicious node added to WSNsforwards the packets that have been forwarded oncemore or repeatedly to other nodes which will causethe traffic congestion and energy waste
(e) Transfer delay a malicious node added to WSNsforwards the packets later than the predeterminedtime which will lead to the fact that the sink nodedrops the packets due to the timestamp
32 The Proposed Scheme This paper proposes a new WSNsdata integrity protection strategy based on fragile digital
Security and Communication Networks 5
Data collection
Hashcalculation
Collected time
Watermark generation
Hash value
Watermark
Watermark embedding
Data monitoringData tampering
Data deletionData forgery
Data transmissionData sending
Watermarkeddata
Watermark generation
Integrityauthentication
Regeneratedwatermark
Watermarkeddata
Recovered data
Extracted watermark
Data receiving
Watermark extractionand data recovery
Datasetand key
Figure 3 The implementation model of the proposed fragile watermark algorithm
watermarking to protect the sensed data from the above fourcategories of attack models The proposed algorithm makesuse of the characteristic that the fragile watermarking issensitive to modification Once the host data is modified thewatermark is destroyedThemalicious nodewithout the priorknowledge of watermarking algorithms cannot effectivelyrestore real data Data tampering and data forgery are similarwhich can be seen as malicious data generated by maliciousnodes The malicious sensed data generated by the maliciousnode cannot be verified by watermarking algorithm afterreaching the sink node The proposed algorithm introducesthe packet sequence number SNwhich is used for positioningthe added packet or deleted packet
The proposed watermarking algorithm includes threeprocesses namely digital watermark generation digitalwatermark embedding and digital watermark extraction asshown in Figure 3 firstly each sensing node collects thesensing data and generates the digital watermark according tothe fragile watermarking algorithm Secondly the watermarkis merged into the sensed data through the predefined ruleto form a data packet that is transferred to the sink nodethrough the transmission node The packet may suffer froman unreliable transmission and face different kinds of attacksThirdly the sink node receives the data and then extracts thewatermark and restores the sensed data according to the pre-defined ruleThe restored data is used to generate watermarkaccording to the same algorithmThe data integrity is verifiedby comparing the regenerated watermark and the extractedwatermark If the regenerated watermark is not the same asthe extracted watermark the data is proved to be temperedduring transmission Otherwise the data is proved safe Thedigital watermark is copiedwith the copy of the digitalmediaand the process is hidden If the predefined method is notknown the digital watermark is difficult to detect
The WSNs are simplified in this paper and only threetypes of nodes are considered
(i) Sensing node is responsible for collecting data ofmonitoring area
(ii) Transmission node is responsible for transferring thedata to the sink node by multihop relay
(iii) Sink node is responsible for receiving the sensed datasent by sensor node
Table 1 Notations and parameters of algorithm
Notation DescriptionHash() The given one-way hash function SHA-1 The concatenation operatorrand() The random position function119905 The data collecting time119879 The time queue stored in the sink node119898 The length of watermark embedding bits119870 The secret keydata119895 The 119895th sensed data elementSN The serial number inserted in each packet119882 Watermark to be inserted1198821015840 The extracted watermark11988210158401015840 The regenerated watermark
This paper makes the following assumptions the numberof sensing nodes is 119899 the same sensing node defined as nodeexists near the sink node and uses the same protocol andparameter as the node in the sensing area each sensing nodecollects sensed data at the same time in one working cycle Inorder to improve the security the collected time of the senseddata is not transmittedThenode near the sink node sends thetime for collected sensed data to the sink node every workingcycleThe sinknode sets up a queue to save the time accordingto the receiving order Table 1 shows the main notations andparameters used in the proposed algorithm
Definition 1 In WSNs the sensed data is encapsulated as apackage according to a predefined order before transmissionA series of sensed data collected at each working cycle isdefined as 119904119894 = data1 data2 data119899 data119895 represents thevalue of one sensed data (119895 = 1 2 119899) 119894 represents theworking cycle of the sensing node (119894 = 1 2 119896) and theworking cycle 119894 is saved to the packet sequence number SN
Definition 2 A transmitted packet is denoted as Packet =Head SN 119904119894 It consists of a fixed data header packetsequence number SN and a series of sensed data elements119904119894 The data of the packet is stored in binary mode Thewatermarked packet is denoted as PacketW The receivedpacket is denoted as Packet1198821015840
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 5
Data collection
Hashcalculation
Collected time
Watermark generation
Hash value
Watermark
Watermark embedding
Data monitoringData tampering
Data deletionData forgery
Data transmissionData sending
Watermarkeddata
Watermark generation
Integrityauthentication
Regeneratedwatermark
Watermarkeddata
Recovered data
Extracted watermark
Data receiving
Watermark extractionand data recovery
Datasetand key
Figure 3 The implementation model of the proposed fragile watermark algorithm
watermarking to protect the sensed data from the above fourcategories of attack models The proposed algorithm makesuse of the characteristic that the fragile watermarking issensitive to modification Once the host data is modified thewatermark is destroyedThemalicious nodewithout the priorknowledge of watermarking algorithms cannot effectivelyrestore real data Data tampering and data forgery are similarwhich can be seen as malicious data generated by maliciousnodes The malicious sensed data generated by the maliciousnode cannot be verified by watermarking algorithm afterreaching the sink node The proposed algorithm introducesthe packet sequence number SNwhich is used for positioningthe added packet or deleted packet
The proposed watermarking algorithm includes threeprocesses namely digital watermark generation digitalwatermark embedding and digital watermark extraction asshown in Figure 3 firstly each sensing node collects thesensing data and generates the digital watermark according tothe fragile watermarking algorithm Secondly the watermarkis merged into the sensed data through the predefined ruleto form a data packet that is transferred to the sink nodethrough the transmission node The packet may suffer froman unreliable transmission and face different kinds of attacksThirdly the sink node receives the data and then extracts thewatermark and restores the sensed data according to the pre-defined ruleThe restored data is used to generate watermarkaccording to the same algorithmThe data integrity is verifiedby comparing the regenerated watermark and the extractedwatermark If the regenerated watermark is not the same asthe extracted watermark the data is proved to be temperedduring transmission Otherwise the data is proved safe Thedigital watermark is copiedwith the copy of the digitalmediaand the process is hidden If the predefined method is notknown the digital watermark is difficult to detect
The WSNs are simplified in this paper and only threetypes of nodes are considered
(i) Sensing node is responsible for collecting data ofmonitoring area
(ii) Transmission node is responsible for transferring thedata to the sink node by multihop relay
(iii) Sink node is responsible for receiving the sensed datasent by sensor node
Table 1 Notations and parameters of algorithm
Notation DescriptionHash() The given one-way hash function SHA-1 The concatenation operatorrand() The random position function119905 The data collecting time119879 The time queue stored in the sink node119898 The length of watermark embedding bits119870 The secret keydata119895 The 119895th sensed data elementSN The serial number inserted in each packet119882 Watermark to be inserted1198821015840 The extracted watermark11988210158401015840 The regenerated watermark
This paper makes the following assumptions the numberof sensing nodes is 119899 the same sensing node defined as nodeexists near the sink node and uses the same protocol andparameter as the node in the sensing area each sensing nodecollects sensed data at the same time in one working cycle Inorder to improve the security the collected time of the senseddata is not transmittedThenode near the sink node sends thetime for collected sensed data to the sink node every workingcycleThe sinknode sets up a queue to save the time accordingto the receiving order Table 1 shows the main notations andparameters used in the proposed algorithm
Definition 1 In WSNs the sensed data is encapsulated as apackage according to a predefined order before transmissionA series of sensed data collected at each working cycle isdefined as 119904119894 = data1 data2 data119899 data119895 represents thevalue of one sensed data (119895 = 1 2 119899) 119894 represents theworking cycle of the sensing node (119894 = 1 2 119896) and theworking cycle 119894 is saved to the packet sequence number SN
Definition 2 A transmitted packet is denoted as Packet =Head SN 119904119894 It consists of a fixed data header packetsequence number SN and a series of sensed data elements119904119894 The data of the packet is stored in binary mode Thewatermarked packet is denoted as PacketW The receivedpacket is denoted as Packet1198821015840
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 Security and Communication Networks
Input input parameters Packet 119905 119898119870Output Watermark119882(1) for 119894 = 1 to 119899 do(2) Datafl Data Packet sdot data119894(3) Data fl Data 119905(4) Data fl Data 119870(5) 1198820 = Hash(Data)(6) 119882 = MSB(1198820 119898)(7) return119882
Algorithm 1 Watermark generation algorithm
321 Watermark Generation Algorithm Thewatermark gen-eration algorithm uses the SHA-1 hash function to calculatethe hash value SHA-1 hash function not only guarantees dataintegrity but also has a lightweight feature that uses 65less memory than other hash algorithms such as the MD5algorithm which is more suitable for resource-constrainedWSNs [25] The secret key K [26] is the specific informationthat is only known to the sender and the receiver
Thewatermark generation process is described as follows
(i) Concatenate all the sensed data elements collectedtime t and secret key 119870 to data
Data = data1 data2 sdot sdot sdot data119899 (1)
(ii) Calculate the hash value of the variable data denotedas1198820 based on SHA-1 hash function
1198820 = Hash (Data 119905 119870) (2)
(iii) Select 119898 bits from most significant bits of1198820 as thewatermark119882 according to the actual needs
119882 = MSB (1198820 119898) (3)
The detailed operation steps of watermark generationalgorithm are shown in Algorithm 1
322Watermark EmbeddingAlgorithm Theproposedwater-mark embedding algorithm improves from the following twoaspects
(i) The packet is redesigned and added m bits for water-mark to ensure that the watermark is transparentlyembedded in the packet It does not cause anyinterference to the data and meets the high-precisionrequirements
(ii) In order to solve the vulnerabilities brought by fixedembedding location we introduce a new positionrandom function to dynamically calculate the water-mark embedding position which effectively solvespotential vulnerabilities and greatly improves thesecurity of the algorithm
Figure 4 illustrates the generation and embedding mech-anism The watermark embedding process is described asfollows
Input input parameters Packet 119905 119898119870Output New packet Packet119882(1) Get watermark119882 according to Algorithm 1(2) 119875119876 = rand(119905 119870119898)(3) for 119894 = 1 to119898 do(4) index fl 119875119894(5) Packet119882index =119882119894(6) for 119894 = 1 to 119897 do(7) index fl 119876119894(8) Packet119882index = Packet119894(9) return Packet119882
Algorithm 2 Watermark embedding algorithm
(i) Calculate the watermark information W accordingto Algorithm 1 and update the payload of the packetfrom 119897 to 119871
(ii) Acquire position arrays 119875 and 119876 through functionrand() with collected time 119905 secret key119870 and num ofwatermark bits 119898 P and 119876 represent the watermarkembedding position and the sensed data embeddingposition respectively 119875 and 119876 need to satisfy theformula
1 le 119875119894 le 119871 1 le 119894 le 119898
119875119894 = 119875119895 119894 = 119895
119875119894 lt 119875119895 119894 lt 119895
1 le 119876119894 le 119871 1 le 119894 le 119897
119876119894 = 119876119895 119894 = 119895
119876119894 lt 119876119895 119894 lt 119895
119875 cap 119876 = 0 119875 cup 119876 = 1 2 119871
Length (119875) + Length (119876) = 119871
(4)
(iii) Embed the watermark 119882 according to the positionarray 119875 and embed the sensed data according to theposition array 119876 to form a new packet PacketW
The detailed operation steps of watermark embeddingalgorithm are shown in Algorithm 2
323 Watermark Extraction Algorithm When the packet istransmitted to the sink node the sink node extracts thedigital watermark information and restore the sensed dataThe received packet is denoted as Packet1198821015840 The sink nodeand the sensing node share the secret key 119870 The restoredpacket is represented as Packet1015840
The extraction and verification process are described asfollows
(i) Extract the serial number SN from received packetPacket1198821015840
(ii) Acquire the collected time 119905 from the time queuestored in the sink node based on the SN
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 7
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
1m
Header 0 1 0 0SN 0 0 1 1 1 11l
Collected data
Hash function(SHA-1)
Watermark length m and key K
1 0 1 0 1 0 Generated watermark
Position randomization
Collected time t
Original packet
Watermarked packet
Header SN
Watermark lengthCollected time t
Wat
erm
ark
gene
ratio
nW
ater
mar
k em
bedd
ing
m and key K
Figure 4 The processes of generation and embedding
Input input parameters Packet1198821015840 119898119870Output Integrity verification result(1) indexfl Packet1198821015840 sdot SN(2) 119905 fl timeindex(3) 119875119876 = rand(119905 119870119898)(4) for 119894 = 1 to119898 do(5) index fl 119875119894(6) 1198821015840119894 fl Packet1198821015840index(7) for 119894 = 1 to 119897 do(8) index fl 119876119894(9) Packet1015840119894 = Packet1198821015840index(10) for 119894 = 1 to 119899 do(11) Datafl Data Packet1015840 sdot data119894(12) Data fl Data 119905(13) Data fl Data 119870(14) 1198820 flHash(Data)(15) 11988210158401015840 flMSB(1198820 119898)(16) if11988210158401015840 == 1198821015840 then(17) Return (Integrity intact)(18) else(19) Return (Integrity tampered)
Algorithm 3 Watermark extraction algorithm
(iii) Calculate the arrays119875 and119876 according to the functionrand()
(iv) Obtain the watermark denoted as1198821015840 and restore thepacket represented as Packet1015840
(v) Recalculate the watermark 11988210158401015840 according toAlgorithm 1 with Packet1015840 119905119898 and119870
(vi) Compare1198821015840 with11988210158401015840 if1198821015840 is equal to11988210158401015840 the dataintegrity is verified otherwise the data is tampered
Figure 5 illustrates the extraction and verification mech-anism The detailed operation steps of watermark extractionalgorithm are shown in Algorithm 3
4 Security Analysis
The malicious node added to the WSNs can launch variousattacks based on the attackmodelsmentioned before Attacksusually happen during the transmission One attack is sup-posed to be successful if the sink node cannot detect themodification of the sensed data In this section we discusshow the proposed watermarking algorithm resists variousattacks
41 Modification
411 Modification of One Data Element If the attacker justmodifies one data element and the embedded watermarkremains unchanged The sink node can extract the rightwatermark information and restore the wrong data elementaccording to the extraction algorithm The modification ofone data element can lead to the wrong hash value andthe wrong recalculated watermark that does not match theextracted watermark The sink node will reject the modifiedpacket If an attackmodifiesmultiple data elements the resultis similar
412 Modification of Embedded Watermark If the attackerjust modifies the embedded watermark and the data elementsremain unchanged this may result in the wrong extractedwatermark and the right recalculated watermark that lead tothe failed authentication
413 Modification of 119878119873 We assume the attacker modifiesthe serial number SN The changed SN leads to the wrongcollected time in the sink node It affects both extractionwatermark and restored sensed data because the wrongcollected time can result in the wrong embedding positionThe recalculated watermark and the extracted watermarkare inconsistent The sink node will reject the modifiedpacket
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 Security and Communication Networks
0 1 1 0 0 1 0 0 0 0 1 1 1 1 0 11L
Position randomization
Time [SN] Watermark length
Received packet
1m
1 0 1 0 1 0
0 1 0 0 0 0 1 1 1 11l
Watermark extraction
Watermark generationExtracted
1m
1 0 1 0 1 0
Recalculated
Integrity intact
Integritytampered
YesNo
Wat
erm
ark
extr
actio
nW
ater
mar
k ve
rifica
tion
Header SN
Header SN
m and key K
watermark W
watermark W
W= W
Figure 5 The processes of extraction and verification
42 InsertionDeletion
421 InsertionDeletion of Element of Packet When thepacket arrives the sink node checks its length Nomatter oneelement or multiple elements are inserted into the packetthe length of packet does not meet the requirement whichresult in the rejection of this packet The deletion of elementis similar to the insertion so it is not discussed here in detail
422 InsertionDeletion of Whole Packet The collected timeand the secret key are known to the sender and receiversonly but are not known to an attacker If the attacker deletesone or more packets the sink node may locate these packetsaccording to the SN Without the knowledge of collectedtime and secret key the attacker can hardly get the correctembedded position and watermark so the attack cannotgenerate the packets that meet the requirements When theinserted packets arrive at the sink node they cannot beauthenticated successfully and are rejected
The above analyses are sufficient to prove that the pro-posed algorithm can resist various attacks of WSNs suchas modification insertion and deletion It also applies to acombination of scenes It is proved that the algorithm canguarantee the integrity of data of the WSNs
5 Experimental Results
The experimental data used in this paper is the real senseddata collected by the Intel Berkeley Research Laboratorywhich contains humidity data temperature data light inten-sity data and voltage data and the time to obtain these dataHowever the collected time of different types of sensed datais not the same In order to save the amount of computationit is assumed that all types of data in the one working cycleuse the same collected time
We use the Network Simulator Ns-2 to implement sim-ulation experiment that evaluates the performance of theproposed PRWalgorithmNs-2 is the open source simulation
Table 2 Notations and parameters of simulation
Parameter ValueSurface of the network 100m lowast 100mNum of sink node 1Num of sensing node 8Num of attacker node 10Num of transmission node 81Sink node location (30 60)Routing protocol LEACHMAC protocol S-MACInitial energy 2 J
platform that simulates discrete events It is widely used inacademia because of its scalable features Table 2 shows thesignificant notations and parameters of the simulation
In order to better conserve energy the designed exper-iment uses the S-MAC protocol The S-MAC protocol isdesigned for the resource-constrained WSNs It has energy-efficient features because it implements the low-duty-cycleoperations and periodically listening and sleeping
In the simulation experiment the coverage ofWSNs is setto 100mlowast 100mThere are 1 sink nodes 1 sensing node nearthe sink node 8 sensing nodes 80 transmission nodes and 10attacker nodes randomly distributed in the sensing area andthe total number of sensing nodes is 100 In each packet thereare 1-byte packet header 2-byte packet SN 1-byte redundantspace and 8 bytes for data elements The duration of eachsimulation is set to 200 seconds Each simulation randomlyselects 200 packets as experimental samples The averagevalue of the 20 simulations is used as the result data
We conduct two sets of experiments In the experimentselection of 119898 we aim to select the right parameter 119898 toachieve the best experimental results with the minimumcalculated load In the experiment antiattack we verify theantiattack ability of our method against five common attacks
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 9
50
55
60
65
70
75
80
85
90
95
100
20 40 60 80 100 120 140 160 180 200
Posit
ive r
ate (
)
Number of packets
m = 4
m = 8
m = 2
Figure 6The detection rate under different embedding parameters119898
The rest of the experiments compare the embedded capacityenergy consumption delay and detection rate with theexisting LSBmethods SGW [18] LWC [19] FWC-D [20] andmultimark [22] respectively to prove that our algorithm hasbetter performance than the baseline
51 The Selection of 119898 The parameter 119898 indicates thewatermark bit In order to select the appropriate parameter119898thatmeets the safety requirements and does not lead to higherfalse positive rate we select three values of the parameter119898 24 and 8The experiment introduces the detection rate whichis the probability that the algorithm successfully detects thetampered packet It is defined as
119875119863 =119873119863119873Total (5)
where 119873119863 is the number of tampered packets that theextracted watermark does not match the recalculated water-mark and 119873Total is the number of all packets arriving at thesink node
The experimental results are shown in Figure 6 It canbe concluded from the experimental results that the biggervalue of parameter 119898 corresponds to higher detection rateand the algorithm owns higher securityWhen the parameter119898 falls to 2 the detection rate falls rapidly because thewatermark capacity is too small to detect the tampered packeteffectively The appropriate selection of the parameter 119898ensures both high security and high performance of theproposed watermark algorithm
52 Antiattack The 10 attacker nodes take advantage ofvarious attacks to verify the antiattack ability of our proposedalgorithmThe five attacks packet tampering packet forgery
Table 3 The detection rate under various attacks
Attack type Experiments num Detection rate ()Packet tampering 50 100Packet forgery 50 100Selective forwarding 50 100Packet replay 50 100Transfer delay 50 100
0
5
10
15
20
25
30
35
0 6 12 18 24 30
Embe
dded
bit
(bit)
Sense data (bytes)
SGWLWCFWC-D
MultimarkPRW
Figure 7 The watermarking embedded capacity
selective forwarding packet replay and transfer delay areperformed separately The test of each attack is repeated 50times and the experimental results are showed in Table 3
According to the experimental results our proposedalgorithm effectively resists several common attacks Forthe first three attacks packet tampering packet forgeryselective forwarding the attack will not calculate the correctwatermark information so our watermark strategy cannotextract the correct watermark information from the packetand the data integrity certification fails The last two attackspacket replay and transfer delay with concealment can evadeexisting programs but our algorithm associates the serialnumber and collected time effectively to detect these twoattacks and achieves the desired results
53 Embedding Capacity Theexperimental results are shownin Figure 7 whose clarity shows the superiority of the pro-posed algorithm in terms of embedding capacity compared tothe LSB [18ndash20] and multimark [22] Embedding the water-mark at the lowest bit (LSB) not only limits the watermarkembedding capacity but also disrupts the integrity of the datawhich is fatal for the high-precision applications Multimark[22] can guarantee data accuracy but the number of blankcharacters is limited which restricts the watermark capacity
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
10 Security and Communication Networks
0
2
4
6
8
10
12
14
16
18
16 32 48 64 80 96
Tota
l ene
rgy
cons
umpt
ion
(J)
Simulation time (seconds)
SGWLWCFWC-D
MultimarkPRW
Figure 8 The energy consumption
54 Energy Consumption The sensed node uses the batteryfor energy and the energy consumption directly determinesthe life cycle of the sensed node The main energy con-sumption of sensed node mainly includes data collectionwatermark generation and embedding and data forwardingwhere data transmission costs the highest energy
In this paper the bits of data packets are fixed so theembedding of the watermark does not increase the additionalstorage overhead and transmission overhead The proposedmethod does not cause any disturbance to the original databecause the watermark is embedded into the redundantpositions The experimental results are shown in Figure 8which clearly shows that the proposed algorithm saves moreenergy than the algorithms LSB [18ndash20] and multimark [22]
55 Average Delay The delay caused by the algorithm to theWSNs mainly includes the calculation embedding extrac-tion and verification of the watermark The proposed PRWapplies the one-way hash function SHA-1 algorithm withlightweight features Compared to other hash algorithmssuch as MD5 SHA-1 can calculate faster and save more stor-age space and energy Therefore the watermark generation ofPRW saves more time than previous watermarking schemesAlthough [9] also uses SHA-1 it embeds 160 bits of datainto the packet that greatly increase the transmission loadIt not only consumes more energy but also increases thetransmission delay The experimental results are shown inFigure 9 which clearly shows that the proposed algorithmreducesmore delay than the algorithms proposed in LSB [18ndash20] andmultimark [22] which will improve the response timeof the network
56 The Detection Rate Due to the interference problems ofwireless communication the embedded watermark may be
0
2
4
6
8
10
12
14
16
100 80 60 40 20
Aver
age d
elay
(sec
onds
)
Percentage of alive nodes ()
SGWLWCFWC-D
MultimarkPRWWithout watermark
Figure 9 The average delay
00
02
04
06
08
10
12
14
16
18
20
22
100 80 60 40 20 4
Perc
enta
ge o
f fal
se p
ositi
ve d
etec
tion
()
Number of alive nodes
SGWLWCFWC-D
MultimarkPRW
Figure 10 False positive detection
affected involuntarily and the integrity authentication mayfail when the packet arrived without attacks at the sink nodewhich is called false positive detection
We have conducted several simulation experiments tocompare the detection rate between the PRW and previousalgorithms LSB [18ndash20] and multimark [22] We measure thefalse positive detection rate with different number of alivenodes in the network The experimental results are shown inFigure 10 which clearly shows that the proposed algorithmdecreases the false positive rate than the existing algorithms
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 11
We can see fromFigure 10 that the false positive rate is around08 percent when the 80 percent sensor nodes are alive andit falls to 02 percent if 20 percent of nodes are alive So weneed to adjust the alert threshold based on the number of alivenodes in the WSNs dynamically
6 Conclusion
In this paper an advanced random digital watermarkingalgorithm is proposed for the data integrity of IoT perceptuallayerTheproposed algorithmcan effectively prevent a varietyof attacks such as packet forgery attacks packet forwardingattacks packet tamper attacks packet replay attacks andpacket delay transmission attacks caused by malicious nodesBesides the proposed algorithm effectively solves the short-comings of the existing technologies It not only simplifies thecomputational complexity and improves the authenticationefficiency and security but also ensures the reversible extrac-tion of watermark and the lossless restoration of data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
This work is supported by the National Science Foundationof China (Grant no 61501132 Grant no 61370084) theChina Postdoctoral Science Foundation (no 2016M591515)the Heilongjiang Postdoctoral Sustentation Fund (no LBH-Z14055) and Harbin Application Technology Research andDevelopment Project (Grant no 2016RAQXJ063 Grant no2016RAXXJ013)
References
[1] D Miorandi S Sicari F de Pellegrini and I Chlamtac ldquoInter-net of things vision applications and research challengesrdquo AdHoc Networks vol 10 no 7 pp 1497ndash1516 2012
[2] S Chen H Xu D Liu B Hu and H Wang ldquoA vision ofIoT Applications challenges and opportunities with ChinaPerspectiverdquo IEEE Internet of Things Journal vol 1 no 4 pp349ndash359 2014
[3] J S Kumar and D R Patel ldquoA survey on internet of thingssecurity and privacy issuesrdquo International Journal of ComputerApplications vol 90 no 11 pp 20ndash26 2014
[4] A K Pathan H-W Lee and C S Hong ldquoSecurity in wirelesssensor networks issues and challengesrdquo inProceedings of the 8thInternational Conference Advanced Communication Technology(ICACT rsquo06) vol 2 pp 1043ndash1048 Phoenix Park IrelandFebruary 2006
[5] X Dong and X Li ldquoAn authentication method for self nodesbased on watermarking in wireless sensor networksrdquo in Pro-ceedings of the 5th International Conference onWireless Commu-nications Networking and Mobile Computing WiCOM 2009Beijing China September 2009
[6] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 ACM November 2003
[7] C Karlof N Sastry and DWagner ldquoTinySec a link layer secu-rity architecture for wireless sensor networksrdquo in Proceedingsof the Second International Conference on Embedded NetworkedSensor Systems (SenSys rsquo04) pp 162ndash175 November 2004
[8] X Ren and H Yu ldquoSecurity mechanisms for wireless sensornetworksrdquo Journal of Computer Science and Network Securityvol 6 no 3 pp 155-156 2006
[9] D E Boubiche S Boubiche H Toral-Cruz A-S K PathanA Bilami and S Athmani ldquoSDAW secure data aggregationwatermarking-based scheme in homogeneousWSNsrdquoTelecom-munication Systems vol 62 no 2 pp 277ndash288 2016
[10] R G van Schyndel A Z Tirkel and C F Osborne ldquoA digitalwatermarkrdquo in Proceedings of the IEEE International ConferenceImage Processing (ICIP rsquo94) vol 2 pp 86ndash90 Austin Tex USANovember 1994
[11] C Fei D Kundur and R H Kwong ldquoAnalysis and design ofsecure watermark-based authentication systemsrdquo IEEE Trans-actions on Information Forensics and Security vol 1 no 1 pp43ndash55 2006
[12] I CoxMMiller J Bloom and J FridrichDigitalWatermarkingand Steganography Morgan Kaufmann 2007
[13] P F Luis C Pedro et al Watermarking Security A SurveyTransactions on Data Hiding and Multimedia Security ISpringer Berlin Heidelberg 2006
[14] W Li H Song and F Zeng ldquoPolicy-based secure and trustwor-thy sensing for internet of things in smart citiesrdquo IEEE Internetof Things Journal vol PP no 99 pp 1-1 2017
[15] W Li and H Song ldquoART an attack-resistant trust managementscheme for securing vehicular ad hoc networksrdquo IEEE Trans-actions on Intelligent Transportation Systems vol 17 no 4 pp960ndash969 2016
[16] S Anbuchelian S Lokesh and M Baskaran ldquoImproving secu-rity in Wireless Sensor Network using trust and metaheuristicalgorithmsrdquo in Proceedings of the 3rd International Conferenceon Computer and Information Sciences ICCOINS 2016 pp 233ndash241 August 2016
[17] J Feng andM Potkonjak ldquoReal-time watermarking techniquesfor sensor networksrdquo in Proceedings of the Security and Water-marking of Multimedia Contents V pp 391ndash402 January 2003
[18] H Guo Y Li and S Jajodia ldquoChaining watermarks for detect-ing malicious modifications to streaming datardquo InformationSciences vol 177 no 1 pp 281ndash298 2007
[19] I Kamel and H Juma ldquoSimplified watermarking scheme forsensor networksrdquo International Journal of Internet ProtocolTechnology vol 5 no 1-2 pp 101ndash111 2010
[20] I Kamel and H Juma ldquoA lightweight data integrity scheme forsensor networksrdquo Sensors vol 11 no 4 pp 4118ndash4136 2011
[21] X Shi and D Xiao ldquoA reversible watermarking authenticationscheme for wireless sensor networksrdquo Information Sciences vol240 pp 173ndash183 2013
[22] B Wang X Sun Z Ruan and H Ren ldquoMulti-mark Multiplewatermarking method for privacy data protection in wirelesssensor networksrdquo Information Technology Journal vol 10 no 4pp 833ndash840 2011
[23] I Kamel O A Koky and A A Dakkak ldquoDistortion-freewatermarking scheme for wireless sensor networksrdquo in Proceed-ings of the International Conference on Intelligent Networkingand Collaborative Systems INCoS 2009 pp 135ndash140 November2009
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
12 Security and Communication Networks
[24] X Sun J Su B Wang and Q Liu ldquoDigital watermarkingmethod for data integrity protection in wireless sensor net-worksrdquo International Journal of Security and Its Applications vol7 no 4 pp 407ndash416 2013
[25] P Ganesan R Venugopalan P Peddabachagari A Dean FMueller and M Sichitiu ldquoAnalyzing and modeling encryptionoverhead for sensor network nodesrdquo in Proceedings of the Sec-ond ACM International Workshop on Wireless Sensor Networksand Applications WSNA 2003 pp 151ndash159 September 2003
[26] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of