# Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Literature Review

- Acknowledgement spoofing.
- Selective forwarding.
- Sybil attacks.
- Wormholes attacks.
- Sinkhole attacks.
- Hello flood attacks.

## 3. Secure Adaptive Distributed Topology Control Algorithm

#### 3.1. Phase I: Anti-node Detection

#### 3.2. Phase II: Cluster Formation

#### Clusterhead Selection

#### Gateway Selection

#### 3.3. Phase III: Key Distribution

#### 3.4. Phase IV: Key Renewal

_{r}) is set in order to avoid that the originator does not start the “key renewal” process. If the other clusters do not receive the index after T

_{r}, they will choose a new originator from themselves. The method helps to rescue when the previous originator is broken off. The focal procedures of the SADTCA are summarized in Figure 4.

## 4. Determining the Quarantine Region

#### 4.1. Method 1: Quarantine for Clusters

#### 4.2. Method 2: Quarantine for Nodes

#### 4.3. Method 3: The Infected Areas

^{2}/N

_{CH}, the possible coverage range of a cluster is

_{CH}is the number of clusters. Accordingly, the coordinates of the clusters yields

_{e}, y

_{e}) and r

_{e}, respectively. As depicted in Figure 5 (right), the infected region O between the coverage of a neighboring clusterhead and an anti-node is given by

**A**and

**B**. Therefore, given the infected region

**O**and a threshold of infected percentage of the cluster coverage η, the decision of quarantine region may be determined. For instance, when

**O**/πr

^{2}≥ η, Method 1 may be applied; otherwise, Method 2 may be chosen to quarantine the whole cluster. Therefore, Method 3 achieves the operation balance of Methods 1 and 2 for establishing local quarantine regions.

## 5. Performance Analysis

#### 5.1. The Routing Variation

_{hop}] with Q anti-nodes yields

#### 5.2. Analysis of Energy Consumption

#### Phase II: Clusterhead Selection

_{Tx}is equal to the number of sensors in the network, n, and the number of receptions N

_{Rx}is the sum of the neighboring sensors of each sensor. That is,

_{j}is the number of neighboring sensors of sensor j.

_{i}) transmissions and (N

_{i}+ ∑

_{j∈Ci}N

_{j}) receptions are executed, where C

_{i}is the index set of neighboring sensors of sensor i. This procedure is applied to all clusterheads and their cluster members. Now let ${N}_{{T}_{x}}^{c}$ and ${N}_{{R}_{x}}^{c}$ denote the number of transmissions and receptions for all clusters, respectively. Hence,

_{T}and the number of receptions N

_{R}are

_{T}, which depends on the transmitting range R, the energy needed for the reception is E

_{R}, the energy needed for the encryption is E

_{enp}, and the energy needed for decryption is E

_{dep}. From (24) and (25), the total energy consumption, E

_{total}, for cluster formation in the wireless sensor network is

#### Phase III: Key Distribution

_{i}denote the index set of 1-hop cluster members of cluster i (a subset of H); let M denote the index set of 2-hop cluster members in the network; let M

_{i}denote the index set of 2-hop cluster members of cluster i (a subset of M); similarly, let S be the index set of sensors neighboring with 2-hop cluster members; let S

_{i}be the index set of sensors neighboring with 2-hop cluster members of cluster i (a subset of S); let G be the index set of gateway nodes.

_{pro}is the consumed energy of Diffie-Hellman key exchange. When clusterheads broadcast messages to trigger the key distribution procedure, the number of transmission D

_{T}and reception D

_{R}can be expressed by

#### Phase IV: Key Renewal

#### 5.3. Comparison of the SADTCA and the DADS

#### The DADS

_{q}as the distance between the anti-node and the borderline of the quarantine region. Here we consider two scenarios, d

_{q}= R and d

_{q}= 2R, where R is the transmission range of a sensor node. The first scenario considers that an anti-node threatens the neighboring sensor nodes that are of d

_{q}= R. The second scenario considers that an anti-node threatens the whole cluster. Since the network infrastructure of the SADTCA is based on 2-hop cluster topology, the DASA scheme with d

_{q}= 2R may be used to benchmark the performance of the proposed SADTCA with Method 1 (quarantine for clusters).

_{q}= R, the total energy consumption for determining the set of quarantine nodes is

_{a}is the number of neighboring sensors of the anti-node and ${B}_{a}^{(R)}$ is the index set of sensors neighboring with the anti-node.

_{q}= 2R, considering the authentication phase and the quarantine region, the total number of transmissions ${N}_{T}^{(2R)}$ and the number of receptions ${N}_{R}^{(2R)}$ may be approximated by

#### The SADTCA

_{T}and the number of receptions N

_{R}are

_{k}is the index set of 2-hop cluster members of cluster k, B

_{a}is the index set of sensors neighboring with the anti-node, N

_{a}is the number of neighboring sensors of the anti-node, and N

_{ch}is the number of neighboring sensors of the clusterhead. The energy consumption in a cluster is ${E}_{\mathit{total}}^{(\mathit{ch})}={N}_{T}\cdot ({E}_{T}+{E}_{\mathit{enp}})+{N}_{R}\cdot ({E}_{R}+{E}_{\mathit{dep}})$. Since the quarantine nodes may belong to different clusters, the total energy consumption yields

_{c}is the number of neighboring clusters of the anti-node.

_{q}= R without using the information of cluster topology (as described in (20)).

**O**/πr

^{2}< η, the energy consumption can be described by (20); otherwise, we may use (26) to represent the energy consumption for quarantining the whole cluster.

## 6. Simulation

#### 6.1. Case I: Quarantine for Clusters

#### 6.2. Case II: Quarantine for Nodes

#### 6.3. Quarantine for Infected Areas (Cases III and IV)

**O**) as detailed in Section 4. In Case III, if the dimension ratio of infected area (

**O**) to the cluster coverage is over 1/3, the cluster will be quarantined. Similarly, in Case IV, if the dimension ratio of infected area (

**O**) to the cluster coverage is over 1/5, the cluster will be quarantined. Assuming the sensors are uniformly distributed, instead of using the criterion in (5), the ratio of the number of nodes within the transmission range of an anti-node to the number of nodes within a cluster sensing scope (i.e., the number of infected cluster members) may be applied to determine the quarantine region. Experimental results show that this ratio can well represent the cover ratio in a random network with high network density.

#### 6.4. Proportion of the Quarantine Region

_{q}= R may represent a lower bound for the performance of the SADTCA with the quarantine strategies. Due to the 2-hop cluster topology, the quarantine strategy for clusters (Case I) expands the quarantine region, which makes the average percentage of Case I close to that of the DADS with d

_{q}= 2R. Thus, the DASA scheme with d

_{q}= 2R may be used to benchmark the performance of the proposed SADTCA with Method 1 (i.e., Case I: quarantine for clusters).

_{0}, y

_{0}) = (50, 50) and the spreads of the blob σ

_{x}= σ

_{y}= 0.25ℓ (Figure 20 (left)). For deployment strategy II, assuming that 50 sensors are deployed within the center sensing field 80 × 80 units in size and the other 200 nodes are deployed outside the center square (Figure 21 (left)), Figure 21 (right) shows the proportion of the quarantine region in the sensing field. Observe that these performances are similar to the one with uniform distribution as shown in Figure 19 (right). Thus, except under extreme conditions for specific topologies, the distribution of the sensor nodes may not have significant impact on the performance of the proposed quarantine strategies.

#### 6.5. Energy Consumption

## 7. Conclusions

## References and Notes

- Al-Karaki, J.N.; Kamal, A.E. Routing techniques in wireless sensor networks: A survey. IEEE Wirel. Commun
**2004**, 11, 6–28. [Google Scholar] - Djenouri, D.; Khelladi, L. A survey of security issues in mobile ad hoc and sensor networks. IEEE Commun. Surv. Tutor
**2005**, 7, 2–28. [Google Scholar] - Karlof, C.; Wagner, D. Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Netw
**2003**, 1, 293–315. [Google Scholar] - Karlof, C.; Sastry, N.; Wagner, D. TinySec: A link layer security architecture for wireless sensor networks. Proceedings of the 2nd international conference on Embedded networked sensor systems, Baltimore, MD, USA, November 3–5, 2004; ACM: New York, NY, USA, 2004; pp. 162–175. [Google Scholar]
- Yi, S.; Naldurg, P.; Kravets, R. A security-aware routing protocol for wireless ad hoc networks. Proceedings Of ACM Symposium On Mobile Ad Hoc Networking & Computing (MOBIHOC), Lausanne, Switzerland, June 9–11, 2002; pp. 286–292.
- Zhu, S.; Setia, S.; Jajodia, S. LEAP: efficient security mechanisms for large-scale distributed sensor networks. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’ 03), Washington, DC, USA, October 27–30, 2003; pp. 62–72.
- Dimitriou, T.; Krontiris, I. A localized, distributed protocol for secure information exchange in sensor networks. Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium, Denver, Colorado, April 3–8, 2005; p. 240a.
- Li, H.; Singhal, M. A secure routing protocol for wireless ad hoc networks. Proceedings of the 39th Hawaii International Conference on System Sciences, Kauai, HI, USA, January 4–7, 2006; 9, p. 225a.
- Wood, A.; Stankovic, J. Denial of service in sensor networks. Computer
**2002**, 35, 54–62. [Google Scholar] - Wood, A.; Stankovic, J.; Son, S. JAM: A jammed-area mapping service for sensor networks. Proceedings of the 24th IEEE International Real-Time Systems Symposium (RTSS’03), Cancun, Mexico, December 3–5, 2003; pp. 286–297.
- Newsome, J.; Shi, E.; Song, D.; Perrig, A. The sybil attack in sensor networks: Analysis & defenses. Proceedings of the third international symposium on Information processing in sensor networks, Berkeley, CA, USA, April 26–27, 2004; pp. 259–268.
- Hu, Y.C.; Perrig, A.; Johnson, D.B. Wormhole detection in wireless ad hoc networks. Rice University Department of Computer Science Technical Report TR01-384, Rice University, Houston, TX, USA; 2002. [Google Scholar]
- Anderson, R.; Kuhn, M. Tamper resistance - a cautionary note. Proceedings of the Second Usenix Workshop on Electronic Commerce, Oakland, California, November 18–21, 1996; pp. 1–11.
- Roosta, T.; Shieh, S.; Sastry, S. Taxonomy of security attacks in sensor networks and countermeasures. Proceedings of The First IEEE International Conference on System Integration and Reliability Improvements, Hanoi, Vietnam, December, 2006; pp. 13–15.
- Shaikh, R.A.; Jameel, H.; d’Auriol, B.J.; Lee, H.; Lee, S.; Song, Y.-J. Group-based trust management scheme for clustered wireless sensor networks. IEEE Trans. Parall. Distrib. Sys
**2009**, 20, 1698–1712. [Google Scholar] - Chu, K.-T.; Wen, C.-Y.; Ouyang, Y.-C.; Sethares, W. A. Adaptive distributed topology control for wireless ad-hoc sensor networks. Proceedings of 2007 International Conference on Sensor Technologies and Applications (SENSORCOMM 2007), Valencia, Spain, October 14–20, 2007; pp. 378–386.
- Sancak, S.; Cayirci, E.; Coskun, V.; Levi, A. Sensor wars: detecting and defending against spam attacks in wireless sensor networks. Proceedings of IEEE International Conference on Communications, Paris, France, June 20–24, 2004; pp. 3668–3672.
- Coskun, V.; Cayirci, E.; Levi, A.; Sancak, S. Quarantine region scheme to mitigate spam attacks in wireless sensor networks. IEEE Trans. Mobil. Comput
**2006**, 5, 1074–1086. [Google Scholar] - Wen, C.-Y.; Sethares, W. A. Automatic decentralized clustering for wireless sensor networks. EURASIP J. Wirel. Commun. Netw
**2005**, 5, 686–697. [Google Scholar] - Perrig, A.; Szewczyk, R.; Tygar, J.D.; Wen, V.; Culler, D. E. SPINS: Security protocols for sensor networks. Wirel. Netw
**2002**, 8, 521–534. [Google Scholar] - Santi, P. Topology Control in Wireless Ad Hoc and Sensor Networks; John-Wiley & Sons: Chichester, UK, 2005. [Google Scholar]

**Figure 1.**The influence of anti-nodes (cyan) ; the sensor network without secure topology control (left), the sensor network with secure topology control (right).

**Figure 3.**Key renewal process: the originator sends the renewal index to other clusterheads through gateways (left); the clusterheads send the renewal index to their cluster members (right).

**Figure 5.**The geometric illustration of cluster distribution; an ideal distribution of clusters (left), the infected region

**O**of a cluster (right).

**Figure 6.**The path interference of the quarantined cluster; one quarantined cluster (left), two quarantined clusters (right).

**Figure 7.**Three possible locations of the source; group 1 (left), group 2 (middle), group 3 (right).

**Figure 8.**The locations of quarantined clusters given the location of source group 1; one cluster quarantined (left), two clusters quarantined with possible locations of the second quarantined cluster (right).

**Figure 9.**The locations of quarantined clusters given the location of source group 2; one cluster quarantined (left), two clusters quarantined with possible locations of the second quarantined cluster (right).

**Figure 10.**The locations of quarantined clusters given the location of source group 3; one cluster quarantined (left), two clusters quarantined with possible locations of the second quarantined cluster (right).

**Figure 12.**A random network with 500 sensors, R = 6.33, and ℓ = 100 (left); a random network with 1000 sensors, R = 4.48, and ℓ = 100 (right).

**Figure 14.**Case I: the number of extra hops for bypassing routing path and the number of authenticated hops for going through the quarantined clusters.

**Figure 15.**Authentication of quarantined nodes (Case II): a member node (left) and a clusterhead (right).

**Figure 16.**Case II: the number of extra hops for bypassing routing path and the number of authenticated hops for going through the quarantined clusters (left); the comparison of authenticated hops of Case I and Case II (right).

**Figure 17.**The number of extra hops for bypassing routing path and the number of authenticated hops for going through the quarantined clusters: the result of

**O**≥ 1/3 (Case III) (left), the result of

**O**≥ 1/5 (Case IV) (right).

**Figure 18.**Average extra hops for bypassing routing path and the ideal line of

**O**≥ 1/3 (Case III) (left), the result and the ideal line of

**O**≥ 1/5 (Case IV) (right).

**Figure 19.**A random network of 250 sensors deployed based on uniform distribution (left); the average percentage of quarantine region with R = 9.4 (right).

**Figure 20.**A random network of 250 sensors deployed based on Gaussian distribution with sensor deployment strategy I (left); the average percentage of the quarantine region (right).

**Figure 21.**A random network of 250 sensors deployed based on sensor deployment strategy II (left); the average percentage of the quarantine region (right).

**Figure 22.**Communications of key distribution process; total number of transmission and reception in the network (left), the average number of transmission and reception in a cluster (right).

1. Each sensor initializes a random waiting timer with a value $W{T}_{i}^{(0)}$. |

2. Each sensor encrypts the Plaintext with the Hello message. |

3. Each sensor transmits the Hello message at random times: Draw a sample r from the distribution $\lambda \cdot W{T}_{i}^{(0)}\cdot U(0,1)$, where 0 < λ < 0.5 wait r time units and then transmit the Hello. |

4. Each sensor receives the Hello message and decrypts it. |

if the decrypted Ciphertext is the same as the preload message |

the sensor is a normal node. |

else |

(a) the sensor is an anti-node. |

(b) it should be removed from the neighbor list. |

end |

5. Establish and update the neighbor identification: |

if a sensor receives a message of assigning a cluster ID at time step k |

(a) join the corresponding cluster. |

(b) draw a sample r′ from the distribution $W{T}_{i}^{(k)}\cdot U(0,1)$. |

(c) wait r′ time units and then send an updated Hello message with the new cluster ID. |

(d) stop the waiting timer. (Stop!) |

else |

collect neighboring information. |

end |

6. Decrease the random waiting time according to equation (1). |

7. Clusterhead check: |

if WT_{i} = 0 and the neighboring sensors are not in another cluster |

(a) broadcast itself to be a clusterhead. |

(b) assign the neighboring sensors to cluster ID i. (Stop!) |

elseif WT_{i} = 0 and some of the neighboring sensors are in other clusters |

stand by. (Stop!) |

else |

go to Step 3. |

end |

while (sensor n_{i} is a neighboring sensor of m_{j}) |

if n_{i} is a clusterhead |

${C}_{ij}^{({n}_{i})}={C}_{ij}^{({n}_{i})}+10\beta $ |

else |

${C}_{ij}^{({n}_{i})}={C}_{ij}^{({n}_{i})}+\beta $ |

end |

end |

where
${C}_{ij}^{({n}_{i})}$ is the counter of sensor n_{i} for cluster j,
$\beta =\alpha (1-\frac{{d}_{{n}_{i}{m}_{j}}}{R})$ with a positive integer α, d_{nimj} is the distance between sensors n_{i} and m_{j}, and R is the transmission range. |

a) Based on the cluster formation in Phase I, clusterheads broadcast messages to trigger the gateway selection process. |

b) Initialize a vector of random waiting times
${WT}_{ij}^{({n}_{i},k)}$, where
${WT}_{ij}^{({n}_{i},k)}$ is the waiting time of sensor n_{i} for cluster j at time step k. |

c) Initialize a counter of sensor n_{i},
${C}_{ij}^{({n}_{i})}$, for gateway selection in cluster i to cluster j. |

d) Decrease the waiting time |

${WT}_{ij}^{({n}_{i},k+1)}={WT}_{ij}^{({n}_{i},k)}-{C}_{ij}^{({n}_{i})}$. |

e) Gateway check: |

if$W{T}_{ij}^{({n}_{i},k)}=0$ |

(1) assign G_{ij} = n_{i}, and then |

G_{ij} broadcasts the gateway information to its neighbors. |

(2) set
${C}_{ij}^{({x}_{i})}=0$ and stop the waiting timer for all neighboring sensors x_{i} in cluster i. |

else |

go to step d). |

end |

© 2010 by the authors; licensee Molecular Diversity Preservation International, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/).

## Share and Cite

**MDPI and ACS Style**

Hsueh, C.-T.; Li, Y.-W.; Wen, C.-Y.; Ouyang, Y.-C. Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks. *Sensors* **2010**, *10*, 1251-1278.
https://doi.org/10.3390/s100201251

**AMA Style**

Hsueh C-T, Li Y-W, Wen C-Y, Ouyang Y-C. Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks. *Sensors*. 2010; 10(2):1251-1278.
https://doi.org/10.3390/s100201251

**Chicago/Turabian Style**

Hsueh, Ching-Tsung, Yu-Wei Li, Chih-Yu Wen, and Yen-Chieh Ouyang. 2010. "Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks" *Sensors* 10, no. 2: 1251-1278.
https://doi.org/10.3390/s100201251