Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.


Introduction
Recent advances in Wireless Sensor Networks (WSNs) have meant that sensor nodes are capable of processing and transmitting environmental monitored data in real time to end users who are located far from the area covered by the sensor network. WSNs are still limited however in terms of energy, memory storage, and security communication capabilities. Fortunately, security for WSNs has been examined and developed upon for different application domains, such as medical and environmental. It has been shown by Mathur et al. in [1] that it is possible to provide a patient monitoring system that resolves security issues associated with data loss, while in [2] Elgenaidi et al. have studied different water environment monitoring systems based on WSNs that carry information that has value, and this value (data) must be encrypted for protection. The security of transmitted data is crucial in WSN applications so as not to reveal to unauthorized persons the information travelling between nodes, however this security solution must be resource-friendly and efficient. In order to build an efficient security algorithm, it is necessary to fully understand the process of security functions in terms of energy consumption, time execution and code size.
In WSN mesh networks, symmetric encryption algorithms have been widely used because of the advantages of low cost with respect to power consumption, time execution and code size.
Liebeherr et al. [12] designed and implemented a security key management and encryption scheme called the 'neighborhood key' scheme. This technique provided integrity and confidentiality for application data in overlay networks. The core mechanism of this technique was to avoid network-wide re-keying operations. Additionally, the scheme re-encrypts the payload data at each forwarding hop. Moreover, the neighborhood key method provided a solution for protection against routing attacks, where authentication between sensor nodes in the network depends on the certificate signed by a trusted third party using an X.509 Version 3 certificate. Each sensor node in the network had its own signed certificate, also each node stores the certificates of one or more trusted third party. In this scheme the authentication phase was performed without coordination with other nodes. The node certificate included a secret key, which is used to encrypt or sign data. Sensor nodes exchange certificates after receiving a message protocol from another node in the network. Once the certificates are exchanged, the encryption of data and the signing of hashes in each node will be done with a single symmetric key called a 'neighborhood key'. Thus, the neighborhood keys are shared between current authenticated neighbors in the network. In the joining phase where a new node joins the network, a new neighborhood key must be generated and sent to all of its authenticated neighbors in order to maintain confidentiality in the network.
Furthermore, updating and exchanging a new neighborhood key is executed whenever the set of authenticated neighbors are changed or the specified maximum lifetime of the current neighborhood key is expired. Therefore, every sensor node must encrypt the new neighborhood key with the public keys of all the authenticated neighbors (using the RSA algorithm), which are stored in the node during the authentication stage. The security issues are exacerbated during failures in re-establishment of the network topology when one or more nodes join/leave the network at the same time. Additionally, by implementing an integrity test and limiting the allowed frequency of transmitted key request messages the neighborhood scheme protects nodes from Denial of Service (DoS) attacks from malicious adversaries.
A hierarchical key management scheme for secure group communications in a mobile ad hoc network is proposed by Wang et al. [13] and Annadurai [14]. In this proposed scheme, a new approach with a two-layer structure where a cluster head manages information between sensor nodes in the layers was given. The main idea in this scheme is that nodes are divided into two subgroup levels, a Level 1 subgroup 'L1-subgroup' contains all sensor nodes in the subgroup. Moreover, Level 2 subgroup 'L2-subgroup' is located depending on positional information of nodes in Level 1. In order to manage data transmission and coordinate security keys between nodes in the same subgroup level and with nodes in the other subgroup level, an election of a cluster head in each level must be processed. Generally, the election of a cluster head in each level depends on the largest weight value of nodes [4]. In each L1-subgroup', the node with the largest weight value in every L1-subgroup will be selected as the level 1 cluster head 'L1-head'. Then to manage communication between levels and subgroups, the largest node weight value in L2-subgroup will be selected as Level 2 cluster head 'L2-head'.
The nodes in the subgroups use the Diffie-Hellman (DH) scheme for secure transmission of their own subgroup keys, where each subgroup has a unique subgroup key [13,14]. Packets are transmitted between subgroups through the cluster heads. The L1-head generates a communication key which is shared between the different subgroups. However, the encryption and decryption operation during data transmission in different subgroups is only through subgroup keys. Furthermore, the Level 2 cluster head, 'L2-head', is responsible for a new node joining its subgroup.
Jang et al. [15] proposed a time-based management protocol for WSNs to establish pair-wise keys. This technique relies on probabilistic time intervals and multiple initial keys, K I . In this scheme, a pool of initial keys is assigned to time slots during the key setup phase. Sensor nodes are preloaded with initial key and master keys of randomly chosen time slots before the deployment phase. In the initial key establishment phase, all sensor nodes that contain K I can compute a master key and then establish pair-wise keys with their neighbor node that was deployed at the same time slot using the same initial key. However, sensor nodes that were deployed at different time slots can establish pair-wise keys, if they have the same master key derived from the current initial key.

Proposed Scheme
Node configuration and security key management are fundamental characteristics to improve the performance of secure data transmission in a WSN. These security considerations require practical and accurate key management techniques. Location-based techniques solve the topology construction issues, where every node in a network knows its own position in the network. Furthermore, neighbor-based techniques make WSNs efficient in terms of packet travelling, power consumption and topology control.

Network Topology
In most WSNs, a node needs to know some very important features, such as its own location and that of the destination node. Normally, nodes in WSNs use a location service mechanism such as the Global Positioning System (GPS) to perform the routing function [16]. In this section, an approach to manage and maintain a line topology network that is appropriate for coastal marine applications based on WSNs is presented. The scheme addresses some of the obstacles to security in WSNs, such as memory storage, communication overhead, energy consumption and the re-keying process. This mechanism relies upon the concepts of location-based routing [17]. Packets travel between nodes based on the information of the next repeater node. Subsequently, the static position of the sensor node encourages proposing a strategy for managing and controlling the transmission of secure packets between wireless nodes. In addition, maintaining network connectivity when removing or joining nodes makes it necessary to know the identification of the neighboring node/nodes in order to exchange the cryptographic keys and create a secure communication link. The main idea behind this work is to allow an ordinary node to determine its authenticated neighbor without the use of complex computations. Nodes will make their decision depending on the recommendation message from the node called the leader node (L n ). The L n is located at a calculated distance from the line topology of ordinary nodes. Figure 1 illustrates the deployment of the nodes in our scheme and Table 1 provides details on the notation used.

Proposed Scheme
Node configuration and security key management are fundamental characteristics to improve the performance of secure data transmission in a WSN. These security considerations require practical and accurate key management techniques. Location-based techniques solve the topology construction issues, where every node in a network knows its own position in the network. Furthermore, neighbor-based techniques make WSNs efficient in terms of packet travelling, power consumption and topology control.

Network Topology
In most WSNs, a node needs to know some very important features, such as its own location and that of the destination node. Normally, nodes in WSNs use a location service mechanism such as the Global Positioning System (GPS) to perform the routing function [16]. In this section, an approach to manage and maintain a line topology network that is appropriate for coastal marine applications based on WSNs is presented. The scheme addresses some of the obstacles to security in WSNs, such as memory storage, communication overhead, energy consumption and the re-keying process. This mechanism relies upon the concepts of location-based routing [17]. Packets travel between nodes based on the information of the next repeater node. Subsequently, the static position of the sensor node encourages proposing a strategy for managing and controlling the transmission of secure packets between wireless nodes. In addition, maintaining network connectivity when removing or joining nodes makes it necessary to know the identification of the neighboring node/nodes in order to exchange the cryptographic keys and create a secure communication link. The main idea behind this work is to allow an ordinary node to determine its authenticated neighbor without the use of complex computations. Nodes will make their decision depending on the recommendation message from the node called the leader node (Ln). The Ln is located at a calculated distance from the line topology of ordinary nodes. Figure 1 illustrates the deployment of the nodes in our scheme and Table  1 provides details on the notation used.

The Platform
The main focus of this work is a real time testbed implementation of a secure data routing algorithm. A Waspmote platform created by Libelium (Zaragoza, Spain) as shown in Figure 2 was used. The Waspmote sensor node is provided with different frequency radio and protocols as shown in Table 2.

The Platform
The main focus of this work is a real time testbed implementation of a secure data routing algorithm. A Waspmote platform created by Libelium (Zaragoza, Spain) as shown in Figure 2 was used. The Waspmote sensor node is provided with different frequency radio and protocols as shown in Table 2.  In the work presented here the XBee-Pro protocol is used for communications between nodes. This provides for a maximum communication distance of 7000 m between nodes which is ideal for the line topology used in this work.  In the work presented here the XBee-Pro protocol is used for communications between nodes. This provides for a maximum communication distance of 7000 m between nodes which is ideal for the line topology used in this work.

Travelling Packets
As shown in Figure 1, the packet travels from the source to the destination based on the location of the nodes in the neighboring node's list of members, which is coordinated from/by the leader node, L n . Each ordinary node must forward the packet to its next authenticated neighbor through link encryption with its adjacent key, 'k nj '. The fundamental motivation behind this strategy is to configure a network line topology with simple and scalable security algorithms.

Packet Structure
Generally, a packet consists of two different parts, namely, the header field and the payload field. The header part is a set of bytes that are usually used to determine packet characteristics, for instance, Start Delimiter, Frame Type 'Binary/ASCII', Node ID and Frame Sequence. The frame payload part is used to store sensor data. Figure 3 shows the ASCII frame structure of the Libelium Waspmote that is used in this work. After applying the encryption function, the Waspmote Frame encrypted with the Advanced Encryption Standard (AES) key is specified as input. This encrypted information becomes the payload of the new encapsulated frame as in Figure 4.

Travelling Packets
As shown in Figure 1, the packet travels from the source to the destination based on the location of the nodes in the neighboring node's list of members, which is coordinated from/by the leader node, Ln. Each ordinary node must forward the packet to its next authenticated neighbor through link encryption with its adjacent key, 'knj'. The fundamental motivation behind this strategy is to configure a network line topology with simple and scalable security algorithms.

Packet Structure
Generally, a packet consists of two different parts, namely, the header field and the payload field. The header part is a set of bytes that are usually used to determine packet characteristics, for instance, Start Delimiter, Frame Type 'Binary/ASCII', Node ID and Frame Sequence. The frame payload part is used to store sensor data. Figure 3 shows the ASCII frame structure of the Libelium Waspmote that is used in this work. After applying the encryption function, the Waspmote Frame encrypted with the Advanced Encryption Standard (AES) key is specified as input. This encrypted information becomes the payload of the new encapsulated frame as in Figure 4.  Although, the maximum default frame size in the Waspmote is 150 bytes per frame, the frame size depends on three characteristics: Type of XBee module used  Transmission mode

Travelling Packets
As shown in Figure 1, the packet travels from the source to the destination based on the location of the nodes in the neighboring node's list of members, which is coordinated from/by the leader node, Ln. Each ordinary node must forward the packet to its next authenticated neighbor through link encryption with its adjacent key, 'knj'. The fundamental motivation behind this strategy is to configure a network line topology with simple and scalable security algorithms.

Packet Structure
Generally, a packet consists of two different parts, namely, the header field and the payload field. The header part is a set of bytes that are usually used to determine packet characteristics, for instance, Start Delimiter, Frame Type 'Binary/ASCII', Node ID and Frame Sequence. The frame payload part is used to store sensor data. Figure 3 shows the ASCII frame structure of the Libelium Waspmote that is used in this work. After applying the encryption function, the Waspmote Frame encrypted with the Advanced Encryption Standard (AES) key is specified as input. This encrypted information becomes the payload of the new encapsulated frame as in Figure 4.  Although, the maximum default frame size in the Waspmote is 150 bytes per frame, the frame size depends on three characteristics: Type of XBee module used  Transmission mode   Although, the maximum default frame size in the Waspmote is 150 bytes per frame, the frame size depends on three characteristics:

Security and Key Management
This section presents an overview of the services provided, such as confidentiality, availability and localization, as well as a smart technique to transmit security data between sensor nodes while addressing the issues of key management. The technique presented here uses a symmetric cryptographic algorithm to encrypt the links between the ordinary nodes and the leader node. The approach that was implemented for this work was based on the Advanced Encryption Standard (AES) with a key length of 128 bits. Here AES encrypts a block of elements using the electronic codebook (ECB) encryption mode as shown in Table 4.

Transmission Security and Data Encryption
As shown in Figure 5, sensor data, 'M', is encrypted in the application layer via software with AES 128 using the source key, 'k s ', which is shared exclusively between the source and the destination nodes.
Then, the encrypted frame is encrypted again with the shared adjacent key, 'k ni ' (AES-128), which is shared exclusively between every set of two neighbors as in Equation (1) below. The repeater node that forwards the sensor data to the destination in the network will decrypt the information once using the shared adjacent key, 'k ni '. Then, to ensure complete confidentiality and privacy, before forwarding the data to the next repeater, the node will encrypt it via its adjacent key, 'k nj '. Thus, the repeater will not be able to see the original sensor data transmitted due to the encryption with the source key, 'k s '. Equation (1) below shows this process where decryption with a shared adjacent key which is shared with the neighbor of the node performing the encryption: n i → n j : {M} k s k ni then at n j : : {M} k s k ni k ni then n j → n k : {M} k s k nj etc . . . As shown in Figure 5, sensor data, 'M', is encrypted in the application layer via software with AES 128 using the source key, ' ', which is shared exclusively between the source and the destination nodes. Then, the encrypted frame is encrypted again with the shared adjacent key, ' ' (AES-128), which is shared exclusively between every set of two neighbors as in Equation (1) below. The repeater node that forwards the sensor data to the destination in the network will decrypt the information once using the shared adjacent key, ' '. Then, to ensure complete confidentiality and privacy, before forwarding the data to the next repeater, the node will encrypt it via its adjacent key, ' '. Thus, the repeater will not be able to see the original sensor data transmitted due to the encryption with the source key, ' '. Equation (1) below shows this process where decryption with a shared adjacent key which is shared with the neighbor of the node performing the encryption:

Key Pre-Distribution
In this scheme, the initial process is offline, such as the establishment of the authenticated neighbors list and the pre-distribution of keys. Each ordinary node has its own symmetric adjacent key. This key is shared only with a trustworthy neighbor in the line network topology. All ordinary nodes and the leader node must share a master key called the Leader node key, 'k Ln '. This key is used for all confidential communications between network members in processes such as when a new member joins the network, and for monitoring the behavior of the ordinary nodes. The individual key, 'k j ', is a unique pre-distributed key between every ordinary node and the leader node. This key is used in the re-keying phase during the revocation process.

Re-Keying
In the case of a network member being revoked, only the leader node key, 'k Ln ', and one adjacent key needs to be renewed. Subsequently, every node in the network has a key re-generation mechanism to create a new key. This mechanism relies upon the Message Digest 5 algorithm (MD5) outlined in Table 5 and a hash of the Real Time Clock (RTC) value as shown below: Due to the straight line network topology, only the node located before the revoked node must update its own adjacent key, 'k nj '. This node then needs to share its new key with the new neighbor that replaces the revoked node in the authenticated neighbors list. This stage is coordinated by the L n via a method of unicasting a revoked message that is encrypted with a pre-distributed individual key, 'k j '. The revoked message contains elements such as the revoked node ID, the new neighbor ID and the new leader node key.
New_K Ln , ID j , ID k , STAMP I I K i where 'New_K Ln ' is the new leader node key, 'ID j ' and 'ID k ' are the identification numbers of the revoked node and the new authenticated neighbor respectively and the 'STAMP I I ' part, which indicates the order of the elements in the revoked message as well as the length and hash of 'New_K Ln '. The next step after receiving the revoked message is that the node will update its adjacent key, 'New_k nj ', using its key re-generation mechanism and it shares this key with its authenticated new neighbor node: The authentication process between new neighbors is coordinated by the leader node, as shown in Figure 6. Initially, the L n will send the authentication message of the new neighbor to the node that is located after the revoked node in the network topology. This message contains the new neighbor ID, the new leader node key and the 'STAMP I ' part, which indicates the order of the elements in the message as well as the length and hash of 'New_K Ln '. Then, the new neighbors will establish a secured encrypted link: {New_K Ln , ID i , STAMP I } K k

Memory Requirement
One of the major challenges in the establishment of a high security system in WSN is the limitation of memory capacity and storage. The constructed scheme occupies only a small memory size and this makes it suitable due to the limited storage capacity in sensor nodes. The binary sketch size of the uploaded program and the bootloader program stored in the Flash memory is 57,230 bytes of a maximum of 122,888 bytes available, and 4987 bytes of chip memory SRAM of a maximum of 8192 bytes available. Figure 7 shows the key administration operation in our scheme. If the leader node revokes any node member from the network, the key update phase will be performed by two of the revoked node neighbors in the line topology.

Memory Requirement
One of the major challenges in the establishment of a high security system in WSN is the limitation of memory capacity and storage. The constructed scheme occupies only a small memory size and this makes it suitable due to the limited storage capacity in sensor nodes. The binary sketch size of the uploaded program and the bootloader program stored in the Flash memory is 57,230 bytes of a maximum of 122,888 bytes available, and 4987 bytes of chip memory SRAM of a maximum of 8192 bytes available. Figure 7 shows the key administration operation in our scheme. If the leader node revokes any node member from the network, the key update phase will be performed by two of the revoked node neighbors in the line topology.
size of the uploaded program and the bootloader program stored in the Flash memory is 57,230 bytes of a maximum of 122,888 bytes available, and 4987 bytes of chip memory SRAM of a maximum of 8192 bytes available. Figure 7 shows the key administration operation in our scheme. If the leader node revokes any node member from the network, the key update phase will be performed by two of the revoked node neighbors in the line topology.

Practical Implementation of Proposed Framework
In this section, we present the implementation and test measurements of the scheme.

Practical Implementation of Proposed Framework
In this section, we present the implementation and test measurements of the scheme. Below is an outline of the three scenarios used to provide measurements to obtain the optimum configuration. The three scenarios were: (1) Four nodes and the gateway at a distance of 80, 120 or 160 m between end points in line topology.
(2) Three nodes and the gateway at a distance of 80, 120 or 160 m between end points in the line topology.
(3) One repeater node between sender and the gateway at a distance of 80, 120 or 160 m between end points in the line topology. Figure 9 shows the physical setup of the scheme, where each Waspmote was placed on a fixed pole at a height of 80 cm from the ground. The effects of temperature and humidity on RSSI in WSNs as in [18] was considered. In this scenario the temperature was between 20 °C and 21 °C and the humidity was 70%. Below is an outline of the three scenarios used to provide measurements to obtain the optimum configuration. The three scenarios were: (1) Four nodes and the gateway at a distance of 80, 120 or 160 m between end points in line topology.
(2) Three nodes and the gateway at a distance of 80, 120 or 160 m between end points in the line topology. (3) One repeater node between sender and the gateway at a distance of 80, 120 or 160 m between end points in the line topology. Figure 9 shows the physical setup of the scheme, where each Waspmote was placed on a fixed pole at a height of 80 cm from the ground. The effects of temperature and humidity on RSSI in WSNs Sensors 2016, 16, 2204 11 of 19 as in [18] was considered. In this scenario the temperature was between 20 • C and 21 • C and the humidity was 70%.
(1) Four nodes and the gateway at a distance of 80, 120 or 160 m between end points in line topology.
(2) Three nodes and the gateway at a distance of 80, 120 or 160 m between end points in the line topology.
(3) One repeater node between sender and the gateway at a distance of 80, 120 or 160 m between end points in the line topology. Figure 9 shows the physical setup of the scheme, where each Waspmote was placed on a fixed pole at a height of 80 cm from the ground. The effects of temperature and humidity on RSSI in WSNs as in [18] was considered. In this scenario the temperature was between 20 °C and 21 °C and the humidity was 70%. Figure 9. System outdoor deployment. Figure 9. System outdoor deployment.

Received Single Strength Indicator Measurement
In order to ascertain the received single strength indicator (RSSI) a test involving the transmission of a fixed amount of data was performed. In this experiment, the received single strength indicator (RSSI) was measured at the gateway. Figure 10 depicts the average value of RSSI which was measured after receiving 300 encrypted packets of 79 bytes in size at a baud rate of 115,200 bps.

Received Single Strength Indicator Measurement
In order to ascertain the received single strength indicator (RSSI) a test involving the transmission of a fixed amount of data was performed. In this experiment, the received single strength indicator (RSSI) was measured at the gateway. Figure 10 depicts the average value of RSSI which was measured after receiving 300 encrypted packets of 79 bytes in size at a baud rate of 115,200 bps.  These values were measured in the three aforementioned scenarios of distances and repeaters. The signal strength in the 80 m scenario was the strongest in the all case of one, two and three repeaters at exactly −48, −41 and −36 dB respectively. However, in the case of one repeater the 160 m scenario had the minimum signal strength value at −64 dB. While, in the case of all possible scenarios (as mentioned in Section 3) the maximum achievable signal strength is −36 dB, which is the 80 m distance with three repeaters scenario. These measurements are used by the leader node to determine the positions of future new joining nodes into the line topology. Figure 11 illustrates the average round time trip (RTT) for the different numbers of repeaters when increasing the distances between the sender and the gateway. In this experiment, RTT represents the elapsed time between the sender and the returned acknowledgment of the gateway to the last repeater. In fact, there was not a big difference in RTT measurements in the cases of one and two repeaters in all scenarios. However, in the three repeaters case, the time delay between 80 m and 160 m scenarios increased by approximately 39.248 ms, where RTT only increased by approximately 1.772 ms in the two repeaters case. The best RTT was obtained for the 80 m separation distance in all scenarios at 968.73, 1037.4 and 1996.802 ms in the one, two, and three repeater cases, respectively. These results were captured using a MC1322x USB Zigbee Dongle and the Wireshark network analyzer.

Current Consumption
Data processing relies on the size of the data and the approach used in processing this data. Furthermore, the designed scheme has been adapted to use minimum current consumption for data processing. Figure 12 illustrates the average current consumption of the fully functional scheme including the XBee transmission module current consumption. However, the current consumption of the transmission data has been improved by using sleeping schedules for the receiving/transmitting modules (the XBee current consumption is from 37 to 64 mA with the mode ON fully operational). The measurements were taken using the 66321D-Agilent with input 3.689 V and 0.19999 Ω resistance. The average current consumption of the XBee module is 64.9123 mA when the leader node is fully operational, this was significantly improved by introducing the sleeping mode feature as described below.

Current Consumption
Data processing relies on the size of the data and the approach used in processing this data. Furthermore, the designed scheme has been adapted to use minimum current consumption for data processing. Figure 12 illustrates the average current consumption of the fully functional scheme including the XBee transmission module current consumption. However, the current consumption of the transmission data has been improved by using sleeping schedules for the receiving/transmitting modules (the XBee current consumption is from 37 to 64 mA with the mode ON fully operational). The measurements were taken using the 66321D-Agilent with input 3.689 V and 0.19999 Ω resistance. The average current consumption of the XBee module is 64.9123 mA when the leader node is fully operational, this was significantly improved by introducing the sleeping mode feature as described below.
The XBee module in the leader node will return to sleeping mode after transmitting/receiving data. Figure 13 shows the average current consumption of the sleeping mode of the XBee modules in the scheme. Where this is the total current consumption during data processing except for the transmission/receiving phase. The measured current consumption has been improved from 64.9123 to 7.4355 mA, which is a reduction of over 88%. Table 6 provides the current consumption of the scheme modes, this includes when the XBee module is fully functional and sleeping.
of the transmission data has been improved by using sleeping schedules for the receiving/transmitting modules (the XBee current consumption is from 37 to 64 mA with the mode ON fully operational). The measurements were taken using the 66321D-Agilent with input 3.689 V and 0.19999 Ω resistance. The average current consumption of the XBee module is 64.9123 mA when the leader node is fully operational, this was significantly improved by introducing the sleeping mode feature as described below.  The XBee module in the leader node will return to sleeping mode after transmitting/receiving data. Figure 13 shows the average current consumption of the sleeping mode of the XBee modules in the scheme. Where this is the total current consumption during data processing except for the transmission/receiving phase. The measured current consumption has been improved from 64.9123 to 7.4355 mA, which is a reduction of over 88%. Table 6 provides the current consumption of the scheme modes, this includes when the XBee module is fully functional and sleeping.

Discussion and Comparisons
In [19] Piyare et al. evaluated the performance of ZigBee networks based on XBee modules in terms of RSSI. The experiment was based on the single-hop and multi-hop in line network topology. In this experiment, average values of the RSSI was measured after transmitting 50 packets of 30 Bytes with varied distance between the sender and the receiver. Figure 14 illustrates the relationship

Discussion and Comparisons
In [19] Piyare et al. evaluated the performance of ZigBee networks based on XBee modules in terms of RSSI. The experiment was based on the single-hop and multi-hop in line network topology. In this experiment, average values of the RSSI was measured after transmitting 50 packets of 30 Bytes with varied distance between the sender and the receiver. Figure 14 illustrates the relationship between the measured RSSI and the distance using two different transmit power values of −2 dBm and 2 dBm. In our scheme, the measurements have been taken after transmitting 300 encrypted packets of 97 Bytes in an outdoor environment. As shown in Figure 14, the three measured values of RSSI decreased when the distance between the sender and the receiver was increased. However, our scheme presents strong signal strength values at all distance scenarios, where the strongest value is −36 dBm at 20 m and the weakest value was −43 dBm at 40 m. In the 20 and 30 m distances, the fluctuation in this scheme is graphed and can be correlated with interference from other networks, e.g., reflection phenomena.  When comparing the work undertaken, it was compared to Jorg and Guangyu [12]. Figure 15 presents their result of the average Round Trip Time RTT of line network topology. The experimental setup consisted of multiple different scenarios of distance and number of repeaters. Initially, the scenarios were: 9.14 m (30 feet), 18.288 m (60 feet), and 27.432 m (90 feet) between nodes, with one hop, two hops, three hops, four hops, and five hop scenarios (one hop per repeater). Furthermore, Figure 16 depicts the three scenarios of our scheme, which are one repeater, two repeaters, and three repeaters in 80, 120 and 160 m distances between the sender and the gateway.
In the cases of 40 and 60 m distances between the nodes in the single repeater scenario, both schemes presented approximately the same time delay. However, in the two repeaters scenario, at a distance of 55 m the setup showed a time delay of 1033.172 ms and [12] presents approximately 1300 ms. In addition, the time delay between our scheme and [12] was around 170 ms in the same scenario at the distance of 27 m. Comparatively, travelling packets in the scheme being presented needed larger delays in comparison with [12] at distance of 40 m in the case of the three repeaters scenario. Generally, the time of receiving transmitting packets increase with the number of repeaters. Proposed scheme measured RSSI values with different distances versus the Piyare [19] results.
When comparing the work undertaken, it was compared to Jorg and Guangyu [12]. Figure 15 presents their result of the average Round Trip Time RTT of line network topology. The experimental setup consisted of multiple different scenarios of distance and number of repeaters. Initially, the scenarios were: 9.14 m (30 feet), 18.288 m (60 feet), and 27.432 m (90 feet) between nodes, with one hop, two hops, three hops, four hops, and five hop scenarios (one hop per repeater). Furthermore, Figure 16 depicts the three scenarios of our scheme, which are one repeater, two repeaters, and three repeaters in 80, 120 and 160 m distances between the sender and the gateway.
schemes presented approximately the same time delay. However, in the two repeaters scenario, at a distance of 55 m the setup showed a time delay of 1033.172 ms and [12] presents approximately 1300 ms. In addition, the time delay between our scheme and [12] was around 170 ms in the same scenario at the distance of 27 m. Comparatively, travelling packets in the scheme being presented needed larger delays in comparison with [12] at distance of 40 m in the case of the three repeaters scenario. Generally, the time of receiving transmitting packets increase with the number of repeaters. Figure 15. Multi-hop measurement of average round trip time [12]. Figure 15. Multi-hop measurement of average round trip time [12]. In Tables 6 and 7, a comprehensive comparison between the scheme presented and three other schemes in terms of cryptographic scheme, size and number of stored security keys, memory space used by schemes, maintenance and re-keying strategy, scheme implementation environment, nodes and coordination, is shown. In the cases of 40 and 60 m distances between the nodes in the single repeater scenario, both schemes presented approximately the same time delay. However, in the two repeaters scenario, at a distance of 55 m the setup showed a time delay of 1033.172 ms and [12] presents approximately 1300 ms. In addition, the time delay between our scheme and [12] was around 170 ms in the same scenario at the distance of 27 m. Comparatively, travelling packets in the scheme being presented needed larger delays in comparison with [12] at distance of 40 m in the case of the three repeaters scenario. Generally, the time of receiving transmitting packets increase with the number of repeaters.
In Tables 7 and 8, a comprehensive comparison between the scheme presented and three other schemes in terms of cryptographic scheme, size and number of stored security keys, memory space used by schemes, maintenance and re-keying strategy, scheme implementation environment, nodes and coordination, is shown. 128 Unicast (5 keys) Each ordinary node stores; own adjacent key; neighbor shared adjacent key; an individual key that is shared with leader node; Leader node master key, and a source key (used when the node is data source).
Program size 57,230 bytes Ram required 4987 bytes.
Re-keying in this scheme is a local operation, where only one node must update its adjacent key, in addition to the leader node key. Table 8. Comparison between schemes.

Scheme Implementation Environment Node Coordination Comments
Neighborhood Scheme [12] • Simulation using the Glomosim Simulator. • Used HP iPAQ 550 PDAs outdoors.
• Node authentication is performed without coordination with other nodes.
• Provides protection against attacks to the routing protocol using X509, RSA and a sequence number.

•
Rekeying is a local operation between the nodes that share neighborhood keys with a revoked node. • Provides forward and backward security.

•
Does not rely on an online trusted third party.
Hierarchical Key Management Scheme [13] Simulation only • The Leader node monitors the behaviour of all ordinary nodes in this scheme. • It is responsible for the authentication, revocation, and reconfiguration phases of other nodes.
• Provides protection against attacks to the routing protocol using location based routing. • Node addition or revocation is handled by the Leader Node.

•
Rekeying is a local operation between the nodes that share neighborhood keys with a revoked node. • Provides forward and backward security.

•
Does not rely on online trusted third party. • All message exchanges are acknowledged.