Recent Developments in micro-electro-mechanical systems (MEMS)
technology and advances in wireless communications have enabled the
growth of sensor networks . Figure 1 shows a sensor network.
The sensor network is composed of many tiny sensor nodes each of
which has limited computational, communicational, and sensing
capabilities . The sensor nodes coordinate to perform a common task
. Sensor networks are employed for a wide variety of applications,
including industrial, military, biomedical, and environmental areas.
Sensor network nodes are deployed in open environments in many
applications [1,2]. Hence, the sensor nodes are vulnerable to physical
attacks which compromise their cryptographic keys . One such attack
is false report injection attack. If an attacker compromises any node to
obtain the security information, the attacker makes a compromised node
generate false reports and insert them into the sensor network. A false
report injection attack can result in not only a reduction of the
already limited energy of sensor nodes in a battery powered network but
also false alarms [3-6]. To minimize such damages, false reports have to
be dropped en-route as soon as possible, while few eluded false reports
have to be rejected at the sink node . Fan Ye et al. proposed a
solution that drops the false reports en-route called statistical
en-route filtering (SEF). In SEF, each intermediate node includes
authentication keys that verify reports from different partitions in a
global pool . Whenever a report is forwarded, each node verifies
whether a report is legitimate. Legitimate report, the reports are
forwarded to the next intermediate node. Non-legitimate reports are
dropped. Thus, the false reports that are generated by compromised nodes
are filtered early, meaning that sensor nodes do not need to waste
energy forwarding many false reports. However, when there are few false
reports, the sensor nodes have to waste energy verifying both legitimate
and false reports with the same probability .
[FIGURE 1 OMITTED]
In this paper, to save the energy that is consumed verifying event
reports, we propose a method that controls a probability of attempts at
verification of an event report through a fuzzy system in a sensor
network. The probability is decided by three elements: the number of
neighbor nodes, the number of hops from a node to a sink node and the
rate of false reports.
Our proposed method is described in detail as follows. Section 2
explains SEF related work. Section 3 describes the proposed method.
Section 4 shows the simulation results. Section 5 presents the study
2. Statistical En-Route Filtering
SEF is composed of four steps: key assignment, report generation,
en-route filtering, and sink verification. In this section, these four
steps are explained
2.1. Key Assignment
Some of the keys in the global key pool are assigned to each sensor
node. The keys are selected at random before the sensor nodes are
deployed in the sensor field. The global key pool is divided into
several non-overlapping partitions that have the same number of keys.
Several partitions are randomly selected from the global key pool by a
user, who then assigns some of the keys to a node. The number of keys
assigned to each node is decided by the user. Each node generates
Message authentication codes (MAC) using its keys to verify reports.
2.2. Report Generation
After key assignment and node deployment, when an event is occurred
in the sensor field, multiple nodes that detect the event elect a center
of stimulus node (CoS), which most strongly detects the event. Each node
that detects the event randomly chooses a key among its own keys that is
used to generate a MAC. The MAC and the key index are sent to the CoS
node, which then generates an event report to which the MACs received
from the multiple nodes are attached. The report including the MACs is
forwarded to next intermediate node toward the sink node.
2.3. En-Route Filtering
Because of the random key assignment, each intermediate node has a
probability that an intermediate node has a key that can verify a
report. When a report is arrived at a node, the node uses one of its own
keys to generate a MAC. Each node compares the number of key indices and
MACs between the report and the node. If the node has a larger or
smaller number of key indices and MACs than were decided by the user, or
if key indices are derived from the same partitions, the report is
dropped by the node. If neither situation occurs, the node finds a key
that matches the one it chose. When there is a matching key with the key
of the node, the node generates the MAC using the key. When a key
matches that chosen by the node, the node generates a MAC, which is
compared to the MAC of a report. If the MAC of the node matches the MAC
of a report, the report is forwarded to next node. If the MACs do not
match, the report is considered false and is dropped.
2.4. Sink Verification
After en-route filtering, a few false reports can still arrive at
the sink node because the intermediate nodes use the same probability to
verify reports. However, in SEF, the sink node has of all keys that are
in the global key pool. Thus, the sink node can filter the false
reports. As stated above, in SEF, false reports can be dropped early and
energy consumption in the sensor network can be reduced through use of
3. Proposed Method
In SEF, each node uses the same probability to verify a report
regardless of its status (false vs. legitimate). Thus, if there are few
or no false reports in the sensor network, the energy that is consumed
verifying legitimate nodes is wasted. To save verification energy for
legitimate reports, we propose a method that controls a probability of
attempts at verification of an event report. Section 3.2 shows the
assumption of our proposed method.
The proposed method includes the following assumptions:
* Each node has a unique identification (ID).
* Each node has a table which is composed of two values: IDs of
neighbor nodes and a probability of attempts at verification of an event
report of neighbor nodes.
* Each node stores the number of hops from the node to the sink
* Each node stores verification results of the ten most recent
reports of every node.
Key assignment and node deployment occur the same way in the
proposed method as in SEF. However, in the proposed method, after these
steps, a unique ID is assigned to each node and a table is generated
that consists of IDs of neighbor nodes and the probabilities that
attempt to verify a report. Figure 2 shows a table that is composed of
two elements: neighbor node IDs and attempts to verify event report
As shown in Figure 2, the probabilities of neighbor nodes are equal
to 1, because the information for controlling the probability is not yet
generated. After ID distribution for sensor nodes and table generation,
the nodes are deployed and keys are assigned to the nodes. Reports are
generated here the same way as in SEF. When an event occurs, the
intermediate nodes that detect the event elect a CoS node to which MACs
are forwarded. The CoS node generates the event report to which MACs
collected from the intermediate nodes are attached. The event report is
then forwarded to the next node toward the sink node. Every time the
event report is forwarded to an intermediate node, that node verifies
the event report. This en-route filtering step is the differentiating
feature of the proposed method from the SEF. Figures 3, 4 and 5 show a
sample event report verification of the proposed method.
[FIGURE 5 OMITTED]
As shown Figure 3, when the each node receives the event report,
the node checks identification of the neighbor node which sends to the
node and attempt to verify a report probability. The node attempts to
verify the report by the probability in Figure 4. After verification of
the report, if the report is a legitimate report, the probability of the
neighbor node becomes low. The report is forwarded to next node. But if
the report is a false report, the probability of the neighbor node
becomes high. The report is dropped in Figure 5. When an intermediate
node receive an event report, if the probability of the neighbor node
which forwards the event report to the intermediate node is high, lots
of energy for verifying the report are consumed. On the contrary, if the
probability is low, less energy is consumed than the probability. The
probability is calculated by three inputs. Figure 6 shows three inputs
and output that is probability of attempts at verification of a report
using a fuzzy system.
The following figures are shown the three inputs which are used to
calculate the probability.
Figure 7 Shows a fuzzy membership function of the number of
neighbor nodes. Figure 8 shows a fuzzy membership function of the number
of from a node to a sink node. Figure 9, the fuzzy values of three fuzzy
membership functions are in the range of 0-1. The values belong to the
fuzzy set, which is composed of three levels: small, medium, and large.
A fuzzy membership function of a probability of attempts at verification
of an event report comes from the three membership functions. Figure 10
shows an output fuzzy membership function of the probability.
[FIGURE 6 OMITTED]
[FIGURE 7 OMITTED]
[FIGURE 8 OMITTED]
[FIGURE 9 OMITTED]
Figure 10, a fuzzy value of the probability is in the range of 0-1.
The value belongs to the fuzzy set which is composed of five levels:
very small, small, medium, large, and very large. The fuzzy membership
functions are defined by fuzzy rules that are designed by a user.
The part of fuzzy rules of proposed method is shown in Table 1.
In our proposed method, each sensor node verifies a report
controlling the probability of attempts at verification of an event
report that is calculated by the fuzzy system for its neighbor nodes.
The proposed method controls the probability and consumes less
node's energy than SEF. A comparison of the energy efficiency
between the proposed method and SEF is able to express some equations.
Equation (1) represents the probability that a node includes a key that
has not been compromised by an attacker . Table 2 explains elements
[P.sub.1] = [k(T - [N.sub.c])] / N (1)
[FIGURE 10 OMITTED]
The probability [P.sub.1] is used to calculate a probability that
is used to filter false reports. In this paper, [P.sub.1] is a
probability that is used to filter false reports. Table 3 shows the
probabilities to compare the energy efficiency between the proposed
method and SEF.
Equation (2) represents the probability that is used to filter
false reports in SEF.
[P.sub.fs] = [P.sub.1] x [P.sub.ts] ([P.sub.ts] = 1) (2)
Equation (3) represents the probability that is used to filter
false reports in the proposed method.
[P.sub.fp] = [P.sub.1] x [P.sub.tp] (0 [less than or equal to]
[P.sub.tp] [less than or equal to] 1) (3)
As shown above, [P.sub.ts] is always 1, but [P.sub.tp] is in the
range of 0-1. If the verification energy consumption of a sensor node in
SEF is 1, the verification energy of the node in the proposed method is
always the same as or smaller than the one in SEF. We simulate this
proposed method in section 4 to investigate the method.
In this section, we explain the simulation results of the proposed
method. This simulation was performed to show the energy efficiency of
the proposed method compared with that of SEF. The simulation included
several environments. First is the sensor field, which is 100 m wide and
100 m tall. Within this sensor field, 600 sensor nodes are deployed. A
sink node in this sensor field includes 100 keys in global key pool. The
global key pool is divided into 10 partitions, each of which includes 10
keys. The sensor node energies are 0.3 J. Also, the energies that are
consumed by receiving an event report are 12.5 [micro]J, the energies
that are consumed by sending the event report are 16.25 [micro]J.
Approximately 75 [micro]J are consumed by the event report verification.
The event report packet is 24 bytes. The probability that a node has a
key that is not compromised ([P.sub.1]) is 0.4. This simulation was
divided into two aspects. The first aspect is energy efficiency. A
simulation comparing energy efficiency was made between SEF and the
proposed method. The simulation was tested in two environments: when a
rate of false reports which were generated by sensor nodes in the sensor
field was 10%, and when the rate of false reports was 30%. Figure 11
compares SEF and the proposed method in terms of energy consumption of
sensor nodes when the rate of false reports was 10%.
Figure 11 shows that less sensor node energy was consumed in the
proposed method than in the SEF when the rate of false reports was 10%.
We found that 3.5% less energy was consumed in the proposed method than
that in SEF on average. Figure 12 compares SEF and the proposed method
in terms of energy consumption of the sensor nodes when the rate of
false reports was 30%.
Figure 12 also indicates that less sensor node energy was consumed
in the proposed method than in the SEF when the rate of false reports
was 30%. We found that 3% less energy was consumed in the proposed
method than that in SEF on average. Figures 13 and 14 indicate that when
the false report rate was low in a sensor network, the energy efficiency
of the proposed method was greater than that of the SEF.
[FIGURE 11 OMITTED]
[FIGURE 12 OMITTED]
The second aspect is security. Because the proposed method controls
probability using intermediate nodes to verify an event report in the
sensor network, the security of the proposed method has to be tested and
compared against that of the SEF. Thus, this simulation also was tested
in two environments. Figure 13 compares the number of false reports in
SEF with the number of false reports that were not filtered by sensor
nodes in en-route filtering in the proposed method when the false report
rate was 10%.
Figure 13 shows that the number of false reports that were not
filtered by en-route filtering in the proposed method is similar to the
number of false reports in SEF. Actually, an average of 0.03 more false
reports was seen in the proposed method than the average seen in SEF.
Figure 14 compares the number of false reports in SEF with the
number of false reports that were not filtered by en-route filtering in
the proposed method when the false report rate was 30%.
[FIGURE 13 OMITTED]
[FIGURE 14 OMITTED]
Figure 14 shows that the number of false reports that were not
filtered by en-route filtering between SEF and proposed method is again
similar. An average of 2.61 more false reports was seen in the proposed
method than the average seen in SEF. As shown above, the security level
of the proposed method is similar to that of SEF. Moreover, both SEF and
the proposed method contain a sink verification step in which all
unfiltered false reports are dropped. Thus, the energy efficiency of the
proposed method is the more important factor.
Sensor networks, which are used in open environments, are
vulnerable to physical attacks from the outside. A false report
injection attack is a physical attack in which a node compromised by an
attacker forwards many false reports that are not based on real events.
Sensor node energy is thus wasted by the attack. However, there are many
solutions that defend against false report injection attacks. One such
solution is SEF, in which any time a node in the sensor network receives
an event report, it verifies the validity of that report using a fixed
probability. If the event report is false, the node drops it. Thus, SEF
prevents energy waste by filtering false reports early. However, if the
false report rate in the sensor network is low, sensor node energy is
wasted because the nodes in SEF verify both false and legitimate reports
as the same probability. Thus, in this paper, we suggested a method by
which each sensor node controls The probability is determined by a fuzzy
system. The fuzzy system of the proposed method has three inputs: the
number of neighbor nodes, the number of hops from the sensor node to the
sink node, and the rate of false reports among the ten most recent event
reports received from a neighbor node. We performed four simulations to
prove the energy efficiency of the proposed method. The first simulation
compared energy consumption of SEF and the proposed method for various
false reports rates. We also compared the number of false reports that
were not filtered. Thus, our proposed method can be respected for its
energy efficiency in sensor network.
This research was supported by Basic Science Research Program
through the National Research Foundation of Korea (NRF) funded by the
Ministry of Education, Science and Technology (No. 2011-0004955).
 I. F. Akyildiz, W. L. Su, Y. Sankarasubramaniam and E. Cayirci,
"A Survey on Sensor Networks," IEEE Communications Magazine,
Vol. 40, No. 8, 2002, pp. 102-114. doi:10.1109/MCOM.2002.1024422
 F. Li and J. Wu, "A Probabilistic Voting-Based Filtering
Scheme in Wireless Sensor Networks," Proceedings of the 2006
International Conference on Wireless Communications and Mobile
Computing, Vancouver, 3-6 July 2006, pp. 27-32.
 B. Przydatek, D. Song and A. Perrig, "SIA: Secure
Information Aggregation in Sensor Networks," Proceedings of the 1st
International Conference on Embedded Networked Sensor Systems, Los
Angeles, 5-7 November 2003.
 F. Ye, H. Y. Luo, S. W. Lu and L. X. Zhang, "Statistical
En-Route Filtering of Injected False Data in Sensor Networks," 23rd
Annual Joint Conference of the IEEE Computer and Communications
Societies, Vol. 4, No. 7-11, 2004, pp. 2446-2457.
 H. Yang and S. W. Lu, "Commutative Cipher Based En-Route
Filtering in Wireless Sensor Networks," IEEE 60th Vehicular
Technology Conference, Vol. 2, Los Angeles, 26-29 September 2004, pp.
 C. Karlof and D. Wagner, "Secure Routing in Wireless
Sensor Networks: Attacks and Countermeasures," Proceedings of the
First IEEE: 2003 IEEE International Workshop on Sensor Network Protocols
and Applications, Anchorage, 11 May 2003, pp. 113-127.
Hyun Woo Lee, Soo Young Moon, Tae Ho Cho
School of Information and Communication Engineering, Sungkyunkwan
University, Suwon, Republic of Korea
Received September 5, 2011; revised October 11, 2011; accepted
Table 1. Fuzzy rules.
Rule Input Output
NN NH RF Probability
0 Small Small Small VS
6 Small Large Small S
10 Medium Small Medium M
17 Medium Large Large L
22 Large Medium Medium VL
* NN (neighbor nodes), NH (node's hops),
RF (rate of false reports).
Table 2. Elements determining [P.sub.1] in Equation (1).
T The number of MACs in the event report
[N.sub.c] The number of keys disclosed to an attacker
k The number of keys of a node
N The number of keys in the global key pool
Table 3. Probabilities for a comparison of energy efficiency.
[P.sub.fs] The probability of filtering a false report in SEF
[P.sub.fp] The probability of filtering a false report in
[P.sub.ts] an attempt to verify a report probability in SEF
[P.sub.tp] an attempt to verify a report probability in
Figure 2. Event report verification information.
Table of node A for its neighbor nodes
ID of Neighbor Nodes Probability
Figure 3. Check for the probability of
the neighbor node.
Table of node A for its neighbor nodes
ID of Neighbor Nodes Probability
Figure 4. Verification of an event report.
Node Event Report
Key Index Key Index MAC
index 1 index 1 MAC5
index 2 index 4 MAC4
index 3 index 6 MAC8
index 4 MAC generation index 7 MAC9
... ... ... ...