Design and Analysis of Lightweight Trust Mechanism for ...ijns.jalaxy.com.tw/contents/ijns-v18-n1/ijns-2016-v18-n1-p1-18.pdf · tion, authentication, distance bounding and tag with

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 1

Design and Analysis of Lightweight TrustMechanism for Secret Data using Lightweight

Cryptographic Primitives in MANETs

Adarsh Kumar1, Krishna Gopal1, and Alok Aggarwal2

(Corresponding author: Adarsh Kumar)

Computer Science Engineering and Information Technology Department, Jaypee Institute of Information Technology1

A-10, Sector-62, Noida, India

(Email: [email protected])

JP Institute of Engineering and Technology, Meerut2

Mawana Road, P.O. RAJPURA, Rajpura Meerut, Uttar Pradesh, India

(Received May 17, 2013; revised and accepted Apr. 20 & Nov. 6, 2014)

Abstract

Lightweight trust mechanism with lightweight cryptogra-phy primitives and post-quantum cryptosystems are hav-ing important concerns in resource constraint wireless sen-sor based Mobile Ad Hoc Networks (MANETs). In post-quantum cryptosystems, error correcting codes (ECC)help in code based cryptography for lightweight identifica-tion, authentication, distance bounding and tag with own-ership transfer protocols to provide security. In this work,a novel approach is designed to secure the RFID-Sensorbased MANET that uses ECC for assigning identificationto resource constrained mobile nodes. This assignmenthelps to create centralized environment with subgroups,groups and hierarchies. Group or subgroups boundariesare limited through distance bounding protocols. Trustmanagement plays the role of maintaining the relation-ship between nodes for long endeavor. Probability analy-sis of distance bounding protocol shows that the proposedapproach is protected from mafia fraud, distance fraud,terrorist fraud, and distance hijacking attacks. The suc-cess of these attacks on the proposed mechanism depen-dence on trust score: lesser trust score (≤ 50) increasesthe chances of these attacks whereas higher trust scoreprotects the network from these attacks and improves thenetwork performance as well. In performance analysis, itis observed that the Zone Routing Protocol (ZRP) out-performs the other MANET routing protocols in termsof network performance and security for the proposedscheme. However, the probabilistic analysis proves thatit is still possible to control outliers in the network de-spite the new inserted defenses with trust managementand limited resources.

Keywords: MANET, RFID, zone routing protocol

1 Introduction

Radio frequency identification (RFID) devices are the lowcost computing devices for automatic identification, lo-cating and tracking objects using radio frequency (RF).RFID networks are having many applications like: ac-cess rights, object tracking, inventory management, li-brary management etc. RFID devices are classified intothree major components: tag, reader and back-end sys-tem. Tag includes the identification mark and a smallmemory unit to store information about product, objector environment. Reader helps to write and/or read in-formation to tag. The read information is delivered tobackend system for storage, migration etc. Wireless sen-sor networks (WSNs) and RFIDs are the two complemen-tary technologies. WSNs consist of small sensing deviceswith wireless communication medium. In compliment toRFID, WSNs consist of multi-hop, smart sensing, track-ing and reprogrammable devices. However, integration ofWSNs and RFIDs provides sensors to read tags, intelli-gence, sensing, ad-hoc and wireless communication facil-ities. These facilities result in many advantages whichinclude: network-resource-data expandability, network-information scalability, portable readers extendability forspeeding the on spot and random data collection, reduc-ing hardware cost etc. [45, 74]. Requirements to inte-grate RFID-sensor network include accurate and reliablecommunication, energy efficiency and network mainte-nance [19, 74]. Various proposals are given to integrateRFID and sensor networks. In [72, 74], three types ofintegration mechanisms are proposed. In first integrationmechanism, RFID tags are integrated with sensor devices.In this mechanism, two approaches are suggested to inte-grate RFID tags and sensors. In first approach, tags areintegrated with sensor devices and communicate only withreaders. Second approach suggest to integrate tag with

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 2

sensor devices and they communicate with each other toconstruct an ad hoc network. In second integration mech-anism, reader are integrated with sensor devices [24, 74].In this mechanism, readers attached with sensors collectdata from RFID tags. Readers-sensor attachment com-municates to route the information and construct an adhoc network. In [26], a commercial solution to integrateRFID and mobile devices is proposed. This solution helpsto construct MANET. In third integration mechanism, amixed architecture is proposed. In this architecture, tagsand sensor nodes are kept independent but coexist in samenetwork. Mixed architecture consist of smart stations,RFID tags and sensor nodes. Smart stations are com-posed of RFID reader, a microprocessor and a networkinterface. Both RFID and Sensor networks are pervasivenetworks and require more attention on all aspects of itssecurity. Security aspects in these networks include accessrights, identification, authentication, authorization, own-ership transfer, hardware cryptographic implementation,message delivery guarantee, security threats, tampering,forging etc. [5, 40]. Among WSNs, security and privacyissues include physical attacks, jamming, tampering atphysical layer, packet disruption and collision at data linklayer, spoofing, sybil, altering, replaying, wormhole andsinkhole attacks at network layer, flooding at transportlayer, cloning, incorrect location reference, data aggrega-tion, time synchronization and masquerading attacks inservice and application layer. Among RFIDs, security andprivacy issues include spoofing, cloning, tampering, track-ing, denial of service, etc. [62]. Solutions to these securityand privacy issues are achievable through cryptographyor detection and prevention mechanisms [62]. Cryptog-raphy is an art of writing or solving the codes which isclassified into symmetric and asymmetric cryptosystem.

Asymmetric cryptosystem is considered to be more se-cure than symmetric cryptosystem. In asymmetric cryp-tosystem, key can be easily shared between two partieswithout the need to pre-establish any key. But algo-rithms of asymmetric cryptosystem can be easily bro-ken using quantum computers [58]. Thus, Elliptic CurveCryptosystem (ECCr), ElGamal Cryptosystem, RSA, etc.are not considered to be secure against quantum com-puters [14]. Hence demand of designing secure sys-tem increases and it results to post quantum cryptosys-tem [51]. Post quantum cryptosystem can be classified as:Hash based, Lattice based, Coding based, Multivariate-quadratic and Secret key cryptosystem [11]. These sys-tems are considered to be secure against quantum com-puters. Both RFID and sensor based Mobile Ad HocNetworks (MANETs) are resource constraint devices andthus require lightweight cryptographic primitives. Theselightweight cryptographic aspects should be accommo-dated within one third of the total hardware available.This space may increase three to four times at lesser costin future [76]. Lightweight hierarchical error correctingcodes are an efficient approach for node interconnectionin resource constraint devices [10]. Such hierarchical sys-tems decrease the losses, errors, noises, implementation

overhead and improve performance, throughput, good-put, etc. In order to achieve complete security, lightweightcryptographic primitives can be integrated with hierarchi-cal distribution for achieving the necessary performanceand security.

For achieving complete system security, a three dimen-sional McCumber Cubes model suggests various cryp-tographic primitives: transmission, storage, processing,confidentiality, integrity, availability, human factor, pol-icy with practices and technology [47]. During thesephases various aspects are taken into consideration like:user rights and roles, usage policies, trust policies, pass-word policy, authentication policy, security policies, ed-ucating security policy, training policies, privacy rights,etc. Trust management is an important aspect of consid-eration. Trust is a behavior assessment and it is definedin many ways [4, 22, 23, 33, 46, 48, 64]. Trust can bemeasured based on various aspects like: integrity, abilityand benevolence, key generation, identification, informa-tion secrecy, simulator aspects, etc. [32, 69]. In this worktrust is used to establish and maintain relationships be-tween nodes.

The current study proceeds as follows. Section 2 pro-vides background on lightweight cryptographic primitives,protocols and trust management. Section 3 introducesthe assumption and premises used in this work. In sec-tion 4, proposed method for integrating lightweight identi-fication, lightweight authentication, lightweight distancebounding, lightweight tag and ownership transferred ispresented using lightweight trust management mecha-nism. Section 5 describes the probability based attackanalysis in distance bounding protocols. Simulation andprotocol policy analysis of proposed hierarchical networkis also presented in section 5. Finally, section 6 concludesthe work.

2 Background

Lightweight cryptography is classified as: lightweightprimitives and lightweight protocols [2]. Two majorclasses of lightweight primitives are: symmetric and asym-metric primitives. Symmetric primitives include block ci-pher, stream cipher, hash function, pseudo random num-ber generation and asymmetric primitives include numberbased system, discrete logarithmic construction and curvebased cryptosystem. Lightweight Protocols can be classi-fied as: identification, authentication, distance bounding,yoking, tag ownership protocols, etc. In resource con-straint devices, upto 30% of gate equivalents (GEs) areavailable for lightweight cryptographic primitives and pro-tocols [34, 53]. These GEs can increase with advancementof technology [49].

On radio frequency signal, authenticity and valid-ity of users and messages is achieved through crypto-graphic primitives, ultra-lightweight operations, EPC-global Class1 Generation2 protocols, physical primitives,etc. [2]. Unique serial number generation [35, 41, 44, 65]

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 3

and plausibility check [44, 52] are the authenticationmechanisms without using tags. These protocols areapplication dependent solutions for authentication withproper justification. A leak in justification enhancesthe chance of un-authenticated users become part ofnetwork. Authentication solutions through cryptogra-phy avoid cloning. For example: encryption/decryption,hash-lock, hash based synchronous secret, Hopper andBlum (HB), pseudo random number based protocols, zeroknowledge device authentication, etc. are cryptographymechanisms for providing authentication [44]. In anothersolution [50], physical properties of product stores theunique and cryptography based data for avoiding coun-terfeiting and un-authorized access. Apart solutions fromcryptography, specific security model based requirementsfor authentication is considered to be a valid choice [13].Among these protocols, traceability, de-synchronization,man-in-middle, cracking codes using basic binary opera-tion, etc. are commonly found to be the attacks [6, 15, 61].Cryptography based authentication solutions are costlieralso. For example, although hash based solution are foundto be perfect in security but the hardware cost for im-plementing a hash based solution proposed is almost in-feasible solution [60]. Hash based solutions like: RIP,RAP, O-RAP, O-RAKE, etc. easily avoids the traceabil-ity attacks. Cryptography based stored information con-taining unique identification, anonymity and anti-cloningmechanism provides maximum security through hashingonly [12]. In [3], it is found that computational workloadand scalability are the major challenges in hash basedschemes. However, solutions has been proposed to in-creased the scalability and security of authentication pro-tocols through hashing. For example, Avoine mutual au-thentication protocol is a two phase hash based mech-anism and it is designed to increase the scalability andsecurity. Here, scalability is limited with distance bound-ing and removal of distance based frauds.In lightweightcryptography, various solutions for lightweight authenti-cation protocols are proposed. For example, LightweightMutual Authentication protocol (LMAP) [67]. LMAPprovides security against replay, forgery, anonymity, etc.However, this protocol is not secure against traceabilityattack. Protocol for Lightweight Authentication of IDen-tity (PLAID) provides authentication and enhances theprivacy through confidentiality and integrity [9]. Thissolution is designed for contactless smart card systems.Efficiency and reduction of costs are the real advantagesof this protocol. It also provides fast and strong securitybetween smart card and terminal devices. Strong securityis achieved by not leaking the identity information.

Trust Management involves trust measurement, trustpropagation, trust accumulation, trust prediction andtrust application [20, 28, 29]. Trust measurement isa subjective calculation that one node has to establishon another. Trust measurement among various nodesof a resource constraint network is another challenge.CuboidTrust is a positive or negative signal based globaltrust computational method [18]. This method also

helps to determine quality and contribution of nodes ina network. EigenTrust is satisfactory or unsatisfactorytransaction based method with malicious node identifica-tion [36].

Health of resource constraint mobile nodes plays animportant role in measuring the trust score. In thiswork, health is measured with the help of three com-ponents: lightweight energy measurements, lightweightroute acting algorithms and lightweight vibration signals.Lightweight energy conservation and measurement algo-rithms in lightweight mobile sensor networks with abilityof full coverage play an important role in trust compu-tation. Energy in ad hoc networks is consumed throughthree modes: transmitting, receiving or simply ”on” [25].Saving energy increases the lifetime and utilization of adhoc nodes. Transmitting data is major source of energyconsumption among three components [25]. Receiving orcollecting information is divided into four major compo-nents: discovery, data transfer, routing and motion con-trol [27]. Discovery information can be collected from ei-ther of the two methods: Mobility independent protocolsor knowledge based protocols. Mobility independent pro-tocols are further classified into three schemes: scheduledrendezvous, on-demand and asynchronous [27]. Sched-ules based protocols classification involve time slot, fre-quency based and spread spectrum codes [75]. In thesetypes of networks, slots are fixed for every node thus nochance of collision or overhead, easy to implement andenergy efficient but assigning numbers to nodes for spe-cific slot can prolonged delay. For example, Chakrabartiet. al. proposed a wake up mechanism on time sched-ule [17]. Zhang et. al. proposed ZebraNet based onglobal positioning system (GPS) and derivation of sched-ule mechanism [73]. Other examples of scheduling basedprotocols developed for sensor nodes are: TRAMA [56],FLAMA [55], SMACS [59], SRSA [68], R-MAC [71], DW-MAC [62, 75], etc. On-demand protocols are based onwakeup calls. Whenever some event signals to channel,it intimates to the sensor node and that node power upthe data radio and start transmission. In this type ofprotocols, two types of signals are required to completethe process: one for wakeup call and second for datatransmission. Various mechanisms are used to completethis functionality. Wakeup call could be performed usinglow frequency and data transmission through high fre-quency [57], wakeup call and data transmission call areperformed using separate messages [70].

3 Proposed Scheme

Table 1 shows the symbols used in this work.

3.1 Lightweight Identification

In order to reduce the computation cost, Reed-Muller

codes is used for identifying the tags. BCM

(a,b)

(c,d)

2n

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 4

Table 1: Symbols

Symbol Quantity

M(a,b)(c,d)

cth mobile node in dth subgroup at ath layer with bth network. Here,a, b, c, dε{1, 2...∞}.

BCM

(a,b)

(c,d)

2n binary code selected for M(a,b)(c,d) .

SMHLa

(e,d) eth subgroup member in dth subgroup at ath layer.

CWBC

M(a,b)(c,d)

2n

codeword generated with length L and distance D.

SGHLa

d dth subgroup at ath layer. Selection of SGHLa

d is based on HEALTH, i.e. HEHMNa .

HEHMNaHEALTH,HEHMNaεf{ESMa , RASMa , V IB

SMHLa(e,d)

+ }.ESMNa energy state

RASMNa router acting strength moment

V IBSMHLa

(e,d)

+ /V IBSMHLa

(e,d)

− positive/negative vibration signals send from subgroup member

PSMNa ath mobile node in its full energy and without being attacked

SGSCHLad

subgroup controller of dth subgroup at hierarchical layer HLa

is an ary code with elements (CWBC

M(a,b)(c,d)

2n

, L,D).

A new binary code for next node is generated as

BC(m)M

(a,b)

(c,d)

2n = BC(m1)M

(a,b)

(c,d)

2n ∗ BC(m2)M

(a,b)

(c,d)

2n ={(X,X +

Y ), XεBC(m1)M

(a,b)

(c,d)

2n and Y εBC(m2)M

(a,b)

(c,d)

2n }. Majorstrengths of this coding technique are: (i) with the helpof small key size it provides strong security, (ii) it reducesthe probability of cheating some node to a great extentand (iii) computational complexity is very less. Weaknessof this coding technique is that it is prone to structuralattack.

3.2 Lightweight Grouping

Trust management plays an important role for formingsecure local subgroups for information exchange. It isalso necessary to integrate additional trust security layerto resource constraint sensor nodes since cryptographicprimitives do not provide complete security and any extracomputation is not feasible on these nodes [37]. In orderto compute trust, following steps are followed: (a) gathernode information, (b) propagate information, (c) map totrust model and make trust decision [37].

3.2.1 Gather Node Information

Taarget node’s reliability for information transfer caneasily be calculated through neighboring nodes. Neigh-

bor node can send V IBSMHLa

(e,d)

+ or V IBSMHLa

(e,d)

− signal to-

wards SMHLa

(e,d) . Strength of signal can be calculated

through different ways such as: forwarded packets, in-tentionally dropped packets, intentionally forward packetthrough some legitimate intermediate node, imperson-ation or masquerading of data to bogus data, probabilityof some event, etc. Probability of finding an anomaly

in attending or reporting in a regular event is helpfulfor providing neighboring node information [43]. Now,probability of following a path from source (SR(x1,y1))to destination (DT (xn,yn)) is identified using Markov

chain. P (SR(x1,y1)1 , SR

(x2,y2)2 , SR

(x3,y3)3 .DT

(xn,yn)n ) =

P (SR(x1,y1)1 = SR

(x1,y1)1 ∗px1x2 ∗px2x3 .....∗pxn−1xn = PS ,

i.e. when probability reaches zero then that particularregion is called an event region. When a node follows aparticular path, Frisbee model [16] is used to constructsubgroups. This model in resource constraint networkreduces losses. Figure 1 shows the construction of Fris-bees with fixed number of nodes. In the process of cre-ating single-hop Frisbees, node communicates with othernode through lightweight and energy efficient authentica-tion mechanism.

Figure 1: Frisbee construction with mobility of node

3.2.2 Propagate Information

Once subgroups are constructed then these subgroups aremerged to form hierarchy. Each SGHLi

M(a,b)

(c,d)

at every hi-

erarchical layer will contain a subgroup controller. Fig-ure 2 shows the construction of hierarchy with movement

of M(a,b)(c,d) that may take the form of SGHLi

SCd. As shown

in Figure 2, M(a,b)(c,d) will act as producer (Pi) or consumer

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 5

(C′

i or C′′

i ). These producer and consumer will perform

multiple tasks like: (i) distribution of BC(m1)M

(a,b)

(c,d)

2n , (ii)

with the help of BC(m)M

(a,b)

(c,d)

2n , SGHLi

SCdgenerate keys and

distribute to consumers and (iii) nodes exchange messagesusing lightweight encryption mechanism.

Figure 2: Hierarchical formation using real and virtualnodes

• During distribution of BC(m)M

(a,b)

(c,d)

2n , Pi will fetch thereed-muller binary code from the database and dis-tribute to C

′

i or C′′

i . The producer-consumer moduleto exchange reed-muller code using interface, portand channel is shown in Figure 3. Here, n-consumermodules are connected to single producer and eachproducer/consumer module is associated with an in-terface. These are writing and reading interfaces atproducer and consumer ends respectively. Since pro-ducers generate and consumers accept reed-mullercodes thus port associated with producer is outputand consumer is input.

• With the help of BC(m)M

(a,b)

(c,d)

2n , SGHLi

SCdgenerate keys

and distribute to consumers. In [42], efficient hier-archical threshold based symmetric group key man-agement protocol is proposed. It is found that inclu-sion of virtual nodes reduces the energy losses andjoining/leaving expenses of nodes. Extension to Teoand Tan‘s group key management protocol is inte-grated to generate and distribute a group symmetrickey ‘K ′ [42, 66]. Major strengths of this process are:(i) protected from forward and backward secrecy, (ii)strong authentication mechanism and (iii) efficient interms of small subgroup formation in close vicinity.

• With help of symmetric key ‘K ′, messages are ex-changed using protocol1 between smart nodes. Here,smart node is integration of RFID reader with mo-bile sensor node. Reader reads the information fromnearby tags and communicates to other sensor nodesthrough radio frequency. A microcontroller is usedto make the RFID reader data compatible for sensornode in a smart node.

Figure 3: Exchange of BC(m)M

(a,b)

(c,d)

2n , Pi using producer-consumer

Protocol 1: Messages exchange using lightweight en-cryption/decryption mechanisms.

Premise: Let EK , DK and H represents the lightweightencryption, decryption and hashing functions respec-tively.

1) SGHLi

SMj→ SGHLo

SMr: {EK{Message}, H(Message)}.

2) SGHLo

SMrverifies the message digest by regen-

erating it using H(DK(EK{Message})). IfH(DK(EK{Message})) = H(Message) then mes-sage is accepted otherwise rejected.

3) if message is accepted then SGHLo

SMr→ SGHLi

SMj:

{EK{Acknowledgement}, H(Acknowledgement)}and if message is rejected then SGHLo

SMr→

SGHLi

SMj: {EK{Negative Acknowledgement},

H(Negative Acknowledgement)}.

4) SGHLi

SMjverifies the receipt of mes-

sage through acknowledgement as:H(DK(EK{Acknowledgement})).If H(DK(EK{Acknowledgement})) =H(Acknowledgement) then message is acceptedotherwise retransmission start with timer.

These steps of message exchange ensures: (i)confidentiality of message exchange through en-cryption/decryption, (ii) message integrity throughlightweight hashing hashing, (iii) pre-image resistantand collision resistant properties of messages throughlightweight hashing, (iv) compression of message throughhashing and (v) retransmission of messages in case ofmessage loss or corruption.

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 6

3.2.3 Map to Trust Model

As discussed, trust management includes trust gen-eration, trust propagation, trust accumulation, trustprediction and trust application [29]. Once subgroup isconstructed using protocol1 then it can be protected fromvarious attacks and maintains the relationships usingtrust management. Trust mechanism assumes everymember of constructed hierarchy as PSMNa and passesthrough following phases for maintaining relationships.

Trust Generation: Trust on a mobile node is calcu-lated from its HEHMNa score. Trust is directly pro-portional to HEHMNa score. Initially, all nodes are

considered to be PSMNa and vibrate V IBSMHLa

(e,d)

+ signalonly. Here, health is calculated from three factors i.e.

HEHMNaεf{ESMa , RASMa , V IBSMHLa

(e,d)

+ }. Three com-ponent’s values are rated on grading scheme in order tocalculate the trust value of any node and this gradingprocess is explained as follows:

• RASMa ensures reliability and quality of service.Since all nodes are considered to be PSMNa thusreliability and quality of nodes is assumed tobe very high. Reliability of node is dependentupon delivery ratio, goodput, coverage, fairness,jitter and routing cost [54]. Quality of serviceis calculated from number and type of interac-tions, which is calculated as probability score value(PSV) and it is calculated as number of times the

P (SR(x1,y1)1 , SR

(x2,y2)2 , SR

(x3,y3)3 ····DT (xn,yn)

n ) of any

M(a,b)(c,d) reaches zero in some region ‘R’. Interactions

in this region may transmit very good, good, average,poor or very poor quality of transmissions.

• ESMa is measured in form of bursts and sleep time.These bursts are scaled based on traffic. Low trafficconsumes less energy and heavy traffic consumes highenergy. In order to rate energy levels, bursts are di-vided into four major categories: zero, low, mediumand high. Zero bursts do not consume energy and inthis state, nodes are assumed to be in sleep state.Low bursts are the minimum consumption states.Medium bursts are the frequent consumption statesbut do not increase its value with time as comparedto high bursts which are more frequent. Energy con-sumption increases with time if high bursts are con-tineously observed. Section 5 describes the energyconsumption analysis.

• V IBSMHLa

(e,d)

+ are the positive vibration signals andpresent experiences of neighboring nodes. A nodecan send positive or negative vibration signals. Pos-itive signals are used to indicate trust and negativefor un-trust. In this work, counts on positive signalsare made to measure the trust. This count valueranges from 1(Low) to 10 (High). Rating is the num-ber of trust response coming from neighboring nodes.

If number of neighboring nodes exceed ten then itis considered to be highly trusted but if numberof neighboring nodes response is less than ten then10 minus total response will give negative vibrationscore. Subgroup signal value is also calculated fromthe average score of it’s node’s trust vibration scores.Subgroup controller can debar any subgroup from hi-erarchy because of its malicious operations. Which iscalculated from its subgroup members health score.

Table 2: Lightweight automatic trust propagation-intruder analysis (time in msec)

Percentageage ofSCORE

(HEHMNaneighbor)

IntruderAsser-tions

Proposed TrustedStrategy

Time (Steps) Result

More than 90 1/5/10 20/21/26 Proved(120/226/351)

90 to 75 1/5/10 35/42/61 Proved(222/350/595)

75 to 60 1/5/10 41/61/74 Proved(332/530/650)

60 to 45 1/5/10 52/74/85 Proved(436/626/751)

Less than 45 1/5/10 62/84/95 Proved(546/726/881)

Trust Propagation: Once trust of node is calculatedthen its value is propagated to other nodes. This prop-agation is made through selective algorithm [63]. Rangeof SCORE(HEHMNa

neighbor) selected for selective algorithmis analyzed using Alloy [30, 31]. Alloy is a lightweight,powerful, simple design, automatic and animation anal-ysis tool. Table 2 shows that there are five ranges ofhealth score: more than 90, 90 to 75, 75 to 60, 60 to45 and less than 45. There are three variations of in-truders: 1, 5 and 10 to analyze the proposed mech-anism. This analysis shows that with change in ev-ery score range, there is an increase in minimum of 10msec and 100 steps to detect intruders. However, in-truders are detectable and results are proved in thistool. According to selective algorithm, single high healthscore neighbor is selected if SCORE(HEHMNa

neighbor) ≥90%, two high score neighbor are selected if 90% SCORE(HEHMNa

neighbor) ≥ 75% ,three high score neigh-

bor are selected if 75% SCORE(HEHMNa

neighbor) ≥60%, four high score neighbor are selected if 60% SCORE(HEHMNa

neighbor) ≥ 45%, transmit to all neigh-

boring nodes if 45%SCORE(HEHMNa

neighbor). Multipleentities of trust are re-evaluated in trust predictionphase through identification marks since each commu-

nication contains its identification, i.e. BC(m)M

(a,b)

(c,d)

2n ) ‖SCORE(HEHMNa

neighbor). This mechanism of trust propa-

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 7

gation through health score help in protecting the networkfrom various attacks.

Table 3: Lightweight automatic trust accumulation-intruder analysis (time in msec)

Percentageage ofSCORE

(HEHAV G)

IntruderAsser-tions

Proposed TrustedStrategy

Time (Steps) Result

More than 90 1/5/10 31/41/44 Proved(131/233/362)

90 to 80 1/5/10 42/52/71 Proved(222/362/493)

80 to 70 1/5/10 54/61/88 Proved(341/466/645)

70 to 60 1/5/10 64/81/101 Proved(531/771/823)

60 to 50 1/5/10 74/93/118 Proved(666/902/1120)

Less than 50 1/5/10 92/104/165 Proved(786/966/1481)

Trust Accumulation: At destination, trust valuesare accumulated and evaluated. Since, trust valuepasses through multiple paths hence source‘s trustvalue is predicted from health of the path followed.Health of each routed node is accumulated along withits trust value. Average of health is calculated using:HEHAVG = (HEHMN1+HEHMN2+..+HEHMNn)/N .Based on score(HEHAVG) value, path is se-lected and rated. Table 3 shows that there aresix range of score(HEHAVG). With decrease inscore(HEHAVG) of 10% there is an increase in min-imum of 10 msec and 100 steps to detect intruders.However, intruders are detectable and results areproved on alloy tool. This measurement is takento rate the path followed for trust accumulation. Ifscore(HEHAVG) ≥ 90%, then path is considered asexcellent, very good if 90% score(HEHAVG) ≥ 80%,good if 80% score(HEHAVG) ≥ 70%, averageif 70% score(HEHAVG) ≥ 60%, below aver-age if 60% score(HEHAVG) ≥ 50%, poor if50% score(HEHAVG).

Trust Prediction: Now, after transmitting the trustscore in the form of health, healthiness of route isdetermined. If route health is below average then trustis recomputed at destination using lightweight trustcomputation based on prejudice, experience and hearsay.It is calculated as: T i = C ∗ Exp. + (1 − C) ∗ Her.,where T, C, Exp. and Her. are respectively the trust,self confidence level, experience and hearsay values.Experience is the average value of current observationand immediate observation. Hearsay is calculated as:

H(MN j) = (Σni=1T

i)/N . Here, N is the number ofneighboring connected nodes to MNa and T i is the ith

response of trust.

Trust Application: Once basic trust relationship isestablished then application specific trust depends uponuser operations. Secure and safe transmission of informa-tion is necessary and confirmed through authenticationprocedures. Applications that are required to be operatedin basic trusted environment should have to produceapplication trust value (Ta). This trust value is comparedwith basic trust value (Ti). If Ta � Ti then access toapplication fails. Failure or success of the applicationfor operation is broadcasted to other subgroup membersusing broadcasting mechanism. Protocol 2 describes thismechanism.

Protocol 2: Application trust broadcasting for accessrights.Goal: To compare trust value with required applicationtrust value. After this comparison, if application trustvalue is less then access to application is not allowed andthis information is broadcasted to all subgroup members.

1) SGHLi

SMj→ SGHLi

SMk: ”ALLOW” ‖ ”DENY ”.

2) SGHLi

SCk→ SG

HLi−1

SCk: ”ALLOW” ‖ ”DENY ”. This

step is repeated until top subgroup controller receivesthe message.

3) SGHLo

SCkinitiated the process of collecting information

about applications whose access rights are managedthrough trust comparison.

Here, ALLOW and DENY are single bit messages.These messages help to debar the applications that canmaliciously harm the network. If ‘h′ is the height of hier-archy constructed and ‘n′ is the total number of subgroupconstructed then total number of messages required tobroadcast this information are ‘h ∗n ∗ 10’. In this work, aset of two node based trust applications are integrated fordistance bounding. This trust application is explained innext sections.

3.3 Lightweight Trust Based DistanceBounding and Authentication

In this section, distance bounding and authenticationprotocols are integrated to hierarchical model for limitingthe distance between two nodes and to authenticate eachother. Distance bounding and authentication are two setof protocols but an integrated form of these protocols isused to reduce the hardware cost. In this work, modifiedform of Avoine mutual authenticated KA2 (MA-KA2)protocol is integrated with lightweight parameters [7].The modified form of this mechanism is explained inProtocol 3. There are two phases of protocol: slowand fast. In slow phase, nonce values are exchangedand in fast phase, authentication is performed using

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 8

challenge-verify process.

Protocol 3: Modified MA-KA2 and Distance BoundingProtocol.

Premises: Let RM

(a,b)

(c,d) be the random number selectedby M

(a,b)(c,d) .NSGHLa

SCd

represents the nonce generated by dth

subgroup with its subgroup controller. Here, every sub-group member act as a prover or a verifier. When direc-

tion bitDIRi

M(a,b)

(c,d)

of some mobile node is zero thenM(a,b)(c,d)

sends a random challenge CHAi

M(a,b)

(c,d)

ε{0, 1} towards an-

other mobile node M(a,b)(f,d) . Now, this mobile node replies

with verification process (V ERCHAi

M(a,b)

(f,d)

). When DIRi

M(a,b)

(c,d)

is one then M(a,b)(f,d) will send CHAi

M(a,b)

(f,d)

ε{0, 1} and M(a,b)(c,d)

will verify. If the random number generated is not veri-

fied, i.e. RM

(a,b)

(c,d) 6= V ERCHAi

M(a,b)

(a,d)

then communication is put

in protected mode. This protected mode behaves differ-ently than regular rounds. In this mode, nodes have toregularly produce and verify the challenges. Let b and rare the number of bits used in direction bit and numberof rounds in two phases of distance bound mutual au-thentication protocol. T

M(a,b)

(c,d)

represents the timer from

M(a,b)(c,d) , TMAX is the maximum time elapsed for check-

ing distance bounding and H is a pseudorandom numberfunction.Goal: Limit the distance between two subgroup con-trollers or members and authenticate each other.Step 1: Slow Phase

1) Every subgroup member from both subgroups will se-

lect a random number, i.e. RM

(a,b)

(1,d) , RM

(a,b)

(2,d) ...RM

(a,b)

(9,d)

and RM

(a,b)

(1,e) , RM

(a,b)

(2,e) ...RM

(a,b)

(9,e) .

2) Since a symmetric key K is already shared betweensubgroup members thus nonce are generated using:

NSGHLaSCd

= H(K,RM

(a,b)

(1,d) ‖ RM(a,b)

(2,d) ‖ ... ‖ RM(a,b)

(9,d) )

and NSGHLaSCe

= H(K,RM

(a,b)

(1,e) ‖ RM

(a,b)

(2,e) ‖ ... ‖

RM

(a,b)

(9,e) ). Here, H is a lightweight cryptographic hashfunction.

3) Two subgroup controller exchanges these noncevalues as: SGHLa

SCd→ SGHLa

SCe: NSGHLa

SCd

, SGHLa

SCe→

SGHLa

SCd: NSGHLa

SCe

, {DIRiSGHLa

SCd

‖

DIRiSGHLa

SCe

‖ V ERCHA0 ‖ V ERCHA1 ‖

V ERCHA2} = h(K,NSGHLaSCd

, NSGHLaSCe

Num-

ber of bits (DIRiSGHLa

SCd

) = Number of

bits(DIRiSGHLa

SCe

) = r, Number of bits (V ERCHA0

)

=Numberofbits(V ERCHA1

) = 2(b−r)−1, Number

of bits (V ERCHA2

) = 2b.

Step 2: Fast bit exchange phase

1) SGHLa

SCdcomputes COM1

SGHLaSCd

= DIR1SGHLa

SCd

and

start timer TSGHLaSCd

. During this time, it sends

COM1SGHLa

SCd

towards SGHLa

SCe.

2) SGHLa

SCechecks if COM1

SGHLaSCd

= DIR1SGHLa

SCd

then

computes COM1SGHLa

SCe

= V ERCHA2

1 . With start of

TSGHLaSCe

, SGHLa

SCesends COM1

SGHLaSCe

to SGHLa

SCd. But if

COM1SGHLa

SCd

6= DIR1SGHLa

SCd

then error is detected and

instead of sending random answers until end of theprotocol it check value ofHEHMNa

SGHLaSCe

andHEHAVG.

if any value is below satisfactory level then it addsthe communication in protected mode.

3) SGHLa

SCdstops TSGHLa

SCd

and compute DOM b−1SGHLa

SCe

=

COM b−1SGHLa

SCd

⊕ V ERCHA2

2b−3 .if DOM b−1SGHLa

SCe

=

DIRb−1SGHLa

SCe

then COM bSGHLa

SCd

= V ERCHA2

2b−2 ⊕

DIRbSGHLa

SCd

. Further, if DOM b−1SGHLa

SCe

6= DIRb−1SGHLa

SCd

then again it check for HEHMNa

SGHLaSCd

and HEHAVG.

If any of these values are unsatisfactory then it addsthe communication to protected mode. Also, SGHLa

SCd

sends COM bSGHLa

SCd

to SGHLa

SCeand start TSGHLa

SCd

.

4) SGHLa

SCestops TSGHLa

SCe

and compute DOM bSGHLa

SCd

=

COM bSGHLa

SCd

⊕ V ERCHA2

2b−2 . If DOM bSGHLa

SCd

6=

DIRbSGHLa

SCd

then HEHMNa

SGHLaSCd

and HEHAVG are

checked before sending unsatisfactory report for pro-tected mode. Also, SGHLa

SCestart TSGHLa

SCe

and send

DOM bSGHLa

SCd

to SGHLa

SCd.

5) SGHLa

SCdstops TSGHLa

SCd

and compute

DOM bSGHLa

SCe

= DOM bSGHLa

SCd

⊕ V ERCHA2

2b−1 .

If DOM bSGHLa

SCe

= DIRbSGHLa

SCe

then compute

COM b+1

SGHLaSCd

= V ERCHA2

2b ⊕ RM

(a,b)

(1,d) . Further,

if DOM bSGHLa

SCe

6= DIRbSGHLa

SCe

then HEHMNa

SGHLaSCd

and HEHAVG values are checked before sendingunsatisfactory report for protected mode. SGHLa

SCd

sends COM b+1

SGHLaSCd

to SGHLa

SCeand start TSGHLa

SCd

6) SGHLa

SCestops TSGHLa

SCe

and computes RM

(a,b)

(1,d) =

COM b+1

SGHLaSCd

⊕ V ERCHA2

2b−2 . If RM

(a,b)

(1,d) = 0 then

COM b+1

SGHLaSCe

= V ERCHA0 ⊕RM(a,b)

(1,e) else if RM

(a,b)

(1,d) =

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 9

1 then COM b+1

SGHLaSCe

= V ERCHA1 ⊕ RM

(a,b)

(1,e) . Also,

SGHLa

SCestarts TSGHLa

SCe

and sends COM b+1

SGHLaSCe

to

SGHLa

SCd.

7) SGHLa

SCdstops TSGHLa

SCd

and computes RM

(a,b)

(r−b−1,e) =

DOM b−1SGHLa

SCd

⊕V ERCHAr−b−1

2r−2b−2 . Now, if RM

(a,b)

(r−1,e) = 0

then DOM bSGHLa

SCd

= V ERCHA02r−2b−1⊕RM

(a,b)

(r−b,d) else

if RM

(a,b)

(r−1,e) = 1 then COM bSGHLa

SCd

= V ERCHA1

2r−2b−1 ⊕

RM

(a,b)

(r−b,d) . Also, SGHLa

SCdstarts TSGHLa

SCd

and sends

COM bSGHLa

SCd

to SGHLa

SCe.

8) SGHLa

SCestops TSGHLa

SCe

and computes RM

(a,b)

(r−b−1,d) =

DOM bSGHLa

SCd

⊕V ERCHAr−b−1

2r−2b−2 . Now, if RM

(a,b)

(r−b,d) = 0

then COM bSGHLa

SCe

= V ERCHA0

2r−2b−1 ⊕ RM

(a,b)

(r−b,e) else if

RM

(a,b)

(r−b,d) = 1 then COM bSGHLa

SCe

= V ERCHA12r−2b−1⊕

RM

(a,b)

(r−b,e) . Also, SGHLa

SCesends COM b

SGHLaSCe

to

SGHLa

SCd.

9) SGHLa

SCdstops TSGHLa

SCd

.

Step 3: End of fast bit exchange phase and start checkfor processing delay.

1) SGHLa

SCdchecks for H(K,R

M(a,b)

(1,d) ‖ RM

(a,b)

(2,d) ‖

.... ‖ RM

(a,b)

(9,d) ) = NSGHLaSCd

and SGHLa

SCechecks for

H(K,RM

(a,b)

(1,e) ‖ RM(a,b)

(2,e) ‖ ... ‖ RM(a,b)

(9,e) = NSGHLaSCe

.

If both are true and time elapsed is less than TMAX

then communication is successful.

Major strengths of this protocol are: (i) one subgroupcontroller or member can put distance limit to anothersubgroup controller or member, (ii) unilateral authen-tication is provided to protect against dismantling at-tack, (iii) distance bounding protocols protects from lo-cation based attacks using cryptographic characteristicsintegrated with physical attributes of the nodes and (iv)attack analysis in section 5 shows that the modified proto-col is efficient, secure and having lowest False AcceptanceRate (FAR). The FAR is the rate of possibility of accep-tance of nodes when there are chances of attack.

4 Result Analysis

4.1 Attack Analysis

4.1.1 Distance Bounding Protocol Attack Anal-ysis

In this section, probability of success of mafia fraud, dis-tance fraud, terrorist fraud and distance hijacking attacksare analyzed on distance bounding protocols. The analy-sis is explained as follows:

Attack: Mafia Fraud Attack

Description: In this attack, a malicious subgroupcontroller (MSGHLa

M(a,b)

(c,d)

) and a malicious group member

(MM(a,b)(c,d) ) are inserted in subgroups. These malicious

entities communicate with original subgroup controllerand members and convince them to reveal secret in-formation [59, 68, 71]. MSGHLa

M(a,b)

(c,d)

and MM(a,b)(c,d) start

man-in-middle attack by sending MSGHLa

SCd→ SGHLa

SCe:

NMSGHLaSCd

and MSGHLa

SCe→ SGHLa

SCd: NMSGHLa

SCe

. This ef-

fects the rounds of fast bit exchange. Now, success proba-bility of this attack is determined by defining the followingevents:

• ANDiSGHLa

SCd

attack is not detected at ith round by

SGHLa

SCd.

• ADiSGHLa

SCd

attack is detected at ith round by SGHLa

SCd.

• HEH ANDMNa

SGHLaSCd

health score of SGHLa

SCdat time

when attack is not detected at ith round by SGHLa

SCd.

• UANDiSGHLa

SCd

attack is not detected at until the ith

round by SGHLa

SCd.

• ANDiSGHLa

SCe

attack is not detected at ith round by

SGHLa

SCe.

• ADiSGHLa

SCe

attack is detected at ith round by SGHLa

SCe.

• HEH ANDMNa

SGHLaSCe

health score of SGHLa

SCeat time

when attack is not detected at ith round by SGHLa

SCe.

• UANDiSGHLa

SCe

attack is not detected at until the ith

round by SGHLa

SCe.

• COLiSGHLa

SCd

is an event when collision occurs at

SGHLa

SCdside in ith round.

• COLiSGHLa

SCe

is an event when collision occurs at

SGHLa

SCeside in ith round.

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 10

Now, success probability of Mafia fraud attack can becalculates as follows:

P [FAR]

= P [UANDiSGHLa

SCd

/UANDiSGHLa

SCe

]P [UANDiSGHLa

SCe

]

+

n∑i=1

P [UANDiSGHLa

SCe

/ADiSGHLa

SCd

]P [ADiSGHLa

SCd

]

+

n∑i=1

P [UANDiSGHLa

SCd

/ADiSGHLa

SCe

]P [ADiSGHLa

SCe

]

(1)

P [UANDiSGHLa

SCe

/ADiSGHLa

SCd

]P [ADiSGHLa

SCd

]

= Πi−1j=1P [

UANDiSGHLa

SCe

ANDiSGHLa

SCd

]HEH ANDMNa

SGHLaSCd

=satisfactory

Πi−1j=1P [

UANDiSGHLa

SCe

ADiSGHLa

SCd

]HEH ANDMNa

SGHLaSCd

=satisfactory

(2)

Now, there are five case when HEH ANDMNa

SGHLaSCd

=

satisfactory. Let 1p90, 1p80, 1p70, 1p60

and 1p50

are the

five case probabilities when HEH ANDMNa

SGHLaSCd

≥ 90%,

HEH ANDMNa

SGHLaSCd

≥ 80%, HEH ANDMNa

SGHLaSCd

≥ 70%,

HEH ANDMNa

SGHLaSCd

≥ 60%,and HEH ANDMNa

SGHLaSCd

≥

50% respectively. If 1pi−1

be the probability that colli-

sion is not detected until (i− 1)th round and 1pprotected

is

the probability of moving to protected mode then:

Πi−1j=1P [

UANDiSGHLa

SCe

ANDiSGHLa

SCd

]HEH ANDMNa

SGHLaSCd

=satisfactory

= (1

pj−1)j−1(

1

pprotected)j−1

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)j−1.

Thus Equation (2) can be written as:

P [UANDiSGHLa

SCe

/ADiSGHLa

SCd

]P [ANDiSGHLa

SCd

]

= (1

pi−1)i−2(

1

pprotected)i−2

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)i. (3)

Similarly,

n∑i=1

P [UANDiSGHLa

SCd

/ADiSGHLa

SCe

]P [ADiSGHLa

SCe

]

= (1

pi−1)i−2(

1

pprotected)i−2

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)i. (4)

From Equations (3) and (4), one of the equation is usedto find error thus it reduces the probability of finding acollision to be 1

2 . After putting values of Equations (3)and (4) in (2), probability of false acceptance rate can becalculated as:

P [FARn] = (1

pi−1)n(

1

pprotected)n

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)n

+

n∑i=1

((1

pi−1)n−i−2(

1

pprotected)n−i−2

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)n−i−2).

(5)

Equation (5) gives the false acceptance probability.Higher value of this probability give less protectionagainst intruders at earlier stage. However, progression ofrelationship through trust decreases the probability andincreases the security of network for finding an attack. Ifhealth score does not permit to accept any subgroup con-troller or member then collision can stop the process ofcommunication at early stage.Attack: Distance Fraud AttackDescription: A malicious node can come closer to sub-group and make false claim to be the nearest node. [7,38, 39]. Let EV ENT i

SGHLaSCe

and EV ENT iSGHLa

SCd

are the

events when SGHLa

SCeand SGHLa

SCdfind collision. A collision

can occur when some bits are not verified. Now, successprobability of distance fraud attack can be calculated as:

P [EV ENT iSGHLa

SCe

∩ EV ENT iSGHLa

SCd

]

= (P [EV ENT 1SGHLa

SCe

]P [EV ENT 2

SGHLaSCe

EV ENT 1SGHLa

SCe

]

· · ·P [EV ENTn

SGHLaSCe

Πn−1i=1 EV ENT

iSGHLa

SCe

]HEH=satisfactory

+(P [EV ENT 1SGHLa

SCd

]P [

EV ENT 2SGHLa

SCd

EV ENT 1SGHLa

SCd

]

· · ·P [

EV ENTnSGHLa

SCd

Πn−1i=1 EV ENT

iSGHLa

SCd

]HEH=satisfactory.

Now, when DIR1SGHLa

SCd

or DIR1SGHLa

SCe

is zero then:

P [EV ENT iSGHLa

SCe

∩DIRiSGHLa

SCe

∩HEH ANDMNa

SGHLaSCd

= satisfactory]

=1

2(

1

p90+

1

p80+

1

p70+

1

p60+

1

p50)

= P [EV ENT iSGHLa

SCd

∩DIRiSGHLa

SCd

∩HEH ANDMNa

SGHLaSCd

= satisfactory]. (6)

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 11

When DIR1SGHLa

SCd

or DIR1SGHLa

SCe

is one then:

P [EV ENT iSGHLa

SCe

∩DIR1SGHLa

SCe

∩HEH ANDMNa

SGHLaSCe

= satisfactory]

= P [EV ENT iSGHLa

SCe

∩DIRiSGHLa

SCe

]

P [HEH ANDMNa

SGHLaSCe

= satisfactory]

= P [(EV ENT iSGHLa

SCe

∩V ERCHA1

= h[K,NSGHLaSCd

, NSGHLaSCe

)]

P [DIRiSGHLa

SCe

]P [HEH ANDMNa

SGHLaSCe

= satisfactory]

+P [(EV ENT iSGHLa

SCe

∩V ERCHA1

6= h[K,NSGHLaSCd

, NSGHLaSCe

)]

P [DIRiSGHLa

SCe

]P [HEH ANDMNa

SGHLaSCe

= satisfactory]

= (3

4)i + (

n∑i=1

(1

pi−1)n−i−2 ∗ (

1

pprotected)n−i−2

+(1

p90+

1

p80+

1

p70+

1

p60+

1

p50)n−i−2). (7)

Since collision is found in one of the two sides thus inthis case also probability is considered to be 1

2 . Equa-tion (7) gives the value of acceptance rate of attack.Higher value of trust reduces the chances of this attack toa great extent.Attack: Terrorist Fraud Attack.Description:In this attack, existing M

(a,b)(c,d) act as mali-

cious entity. M(a,b)(c,d) collaborate with MM

(a,b)(c,d) and tries

to convince MSGHLa

M(a,b)

(c,d)

that he is nearby when he is

not [7, 39, 38]. This attack can be protected using secretsharing scheme [8]. P [success of terrorist fraud attack]

≥ P [success of mafia fraud attack]. Let P [M(a,b)(c,d) →

MM(a,b)(c,d) : Cert(MNHLi

SMj+1), NM , SKALM ] = 1

pterrorist .

P [MM(a,b)(c,d) → M

(a,b)(c,d) : Cert(V N

(a,b)(c,d) )]HEH ANDMNa

M(a,b)(c,d)

=

1pterrorist

+ 1p90

+ 1p80

+ 1p70

+ 1p60

+ 1p50

. Since symmet-

ric key K is known to all thus P [M(a,b)(c+1,d) → MM

(a,b)(c,d) :

EPKV N

(a,b)(c,d)

{SKM

(a,b)

(c+1,d)

}]HEH ANDMNa

M(a,b)(c,d)

= ( 1pterrorist

+

1p90

+ 1p80

+ 1p70

+ 1p60

+ 1p50

)2. and it is easy to mis-lead any communication by existing members. Withincrease in such communication chances of terroristfraud detection increases because trust score decreases.If probability of M

(a,b)(c,d) for self answered question is

marked as 1pself answered

then P [success of terrorist fraud

attack]=( 1pself answered

)q ∗ ( 1pterrorist

+ 1p90

+ 1p80

+ 1p70

+1

p60+ 1

p50+ (t − 1)/t + pself answered)q. where ‘t′ is the

total number of queries exchanged between M(a,b)(c,d) and

MM(a,b)(c,d) and collision does not found in q rounds.

Attack: Distance Hijacking AttackDescription: This attack is different from distance fraudand terrorist fraud attack. In distance fraud, a dishon-est prover and verifier are involved. In terrorist fraud,dishonest prover involves with other attacker but in thedistance hijacking attack, dishonest prover interacts withhonest prover and involves them for false distance [21].In distance hijacking attack, minimum single dishonestprover is involved with the other honest parties. If otherparties behave like dishonest prover or verifiers then thisattack become distance fraud attack. Now, P [Success ofdistance hijacking attack] ≤ P [Success of distance fraudattack] [38]. P [Success of distance hijacking attack] =P [honest nodes reveal secret information without be-ing dishonest]. Any dishonest node can behave as hon-est through masquerading, impersonation, taking falseownership, etc. This dishonest behavior in tags can bechecked through birthday paradox and trust score. Nowaccording to birthday paradox, probability of matchingtwo numbers when number of nodes are 10 in each sub-group is less than 1

8 . Further, trust score reduces theprobability of this attack to ( 1

p90+ 1

p80+ 1

p70+ 1

p60+ 1

p50).

This probability of success of distance hijacking attackdue to trust score is much less than 1

8 .

4.2 Performance Analysis

In this section, network performance is analyzed usingvarious QoS parameters: delivery ratio, goodput, cover-age, energy consumption and jitter. This analysis is per-formed using 150-nodes scenarios on ns-3 simulator. Inorder to construct MANET, a smart node is formed byintegrating RFID reader with mobile sensor node. Thesemobile smart nodes constitute a hierarchical Ad-hoc net-work as shown in Figure 2. Reader collects the data fromits local network and transmits to other nodes throughradio frequency antenna of sensor nodes. Performanceanalysis of QoS parameters is as follows.

Delivery Ratio. It is the ratio of number of sent pack-ets to number of delivered packets toward sink.Figure 4 shows the delivery ratios of 150 nodesover five MANETs routing protocols: Ad-hoc OnDemand Distance Vector (AODV), Destination Se-quenced Distance Vector (DSDV), Dynamic SourceRouting (DSR), Temporarily Ordered Routing Algo-rithm (TORA) and Zone Routing Protocol (ZRP).From both scenarios, it is observed that ZRP pro-tocol outperforms the other routing protocols. In150 nodes scenarios, delivery ratio decreases with in-crease in time for every protocol because the numberof available nodes for data transmission decreases andmore number of nodes are occupied for routing.

Goodput. Another non-overlapping term with deliveryratio is goodput. It is the total number of success-fully delivered packets to sink [54]. With addition ofmore number of packets and delay parameters, valueof goodput can be increased. Figure 5 and Figure 6

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 12

Figure 4: Delivery ratio for 150 nodes over MANETs rout-ing protocols

Table 4: Lightweight node-packet delivery analysis usingalloy (time in msec)

Percentageof routed ordeliveredpackets

IntruderAsser-tions

Proposed TrustedStrategy

Time (Steps) Result

More than 75 1/5/10 10/21/32 Proved(80/113/131)

More than 65 1/5/10 60/94/145 Proved(150/173/224)

More than 55 1/5/10 113/146/211 Proved(170/210/563)

show the goodput for 150 nodes at offer load of 1packet/second and 5 packets/second respectively. In150-nodes scenarios, ZRP protocol outperforms thanany other protocol. Performance of ZRP protocol isaverage and it is increasing exponentially with timeat lesser rate, i.e. 1 pkt/sec.. In 5pkt/sec. for 150nodes, ZRP is having improved performance as com-pared to 1 pkt/sec. In these scenarios, other proto-cols also show increase in performance but this in-crease is lesser as compared to ZRP protocol. It isalso observed that in 150 nodes scenarios, growth ofthroughput for ZRP is linear than linear but for otherprotocol, it is linear or less.

Figure 5: Goodput for 150 nodes at 1 packet/second

Coverage. It is defined as number of nodes used per unit

Figure 6: Goodput for 150 nodes at 5 packets/second

time for successful transmission of packets. In Ta-ble 4, three scenarios are taken into consideration tofind the coverage range for proposed scheme. Re-sults shows that if a node deliver more than 75% ofpackets then intrusion detection take 50 msec and 70steps which is lesser than delivery percentage of 65.It takes a minimum difference of 100 msec. and 90steps when compared with 55% of delivery. Hence,a node is considered to be covered if it successfullydelivers 75% of packets it receive and loss 25% onlyfor performance analysis. Figure 7 and Figure 8 showthe coverage of 150 nodes at 1pkt/sec and 5 pkts/secrespectively. In 1pkt/sec and 5 pkts/sec. scenarios,DSR and TORA are having worst performance vari-ance. In both such scenarios, ZRP outperforms theother protocols because of its hybrid routing nature.This protocol, internally divides the nodes into zoneand these zones with energy saving Frisbee formationsave nodes energy for communication. Most of thenodes are silent during simulation initialization andthis property is common among all scenarios. Highcoverage is observed during peak hours which variesfrom protocol to protocol.

Energy Consumption. The evaluation of energy con-sumption in simulation environment is observedthrough throughput. Whenever radio of any nodeis on and a byte is transferred then energy of nodeis considered to be consumed. As discussed in sec-tion 4, this energy is calculated from RSSI and it is afunction of distance. More is the distance parametermore will be the energy consumption. Figure 9 showsthe average energy consumption for 150 nodes sce-nario. If bursts of any protocol are closer to the outerring then average energy consumption for that proto-col is higher and it is called as high burst (0.04-0.05Joules). Low bursts are the minimum consumptionvalues that are close to origin (0.01 Joules). Whereas,medium bursts are the intermediate values betweenhigh and low bursts (0.02-0.03 Joules). As shown inFigure 9, ZRP and TORA protocol are having higheraverage energy consumption than AODV, DSDV andDSR for o.1 pkt/sec, 1 pkt/sec. and 5 pkts/sec. InDSR and DSDV protocol, energy consumption shows

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 13

Figure 7: Coverage for 150 nodes at 1 packets/second

Figure 8: Coverage for 150 nodes at 5 packets/second

Figure 9: Energy consumption for 150 nodes during sim-ulation time

variations with increases in packet/second. becauseof dynamic nature of routing protocol. Wheneverthere is need to transmit packets, then only nodesare activated and energy consumption starts.

Jitter. It is an average value of root mean square delay.Figure 10 shows the jitter values at different packetdelivery rates, i.e. 1 pkt/sec. and 5 pkts/sec. Jittervalues of TORA and AODV are worst as compared toother protocols. Since ZRP provides higher through-put but at minimum jitter thus it is considered to bethe best protocol. Jitter value decreases with increasein number of nodes because more nodes are availableto route the packets thus delay decreases. But thisdelay does not affect much on the performance be-cause the packet delivery rate also increases. Perfor-mance improvement because of increased number ofnodes is compensated by increase in packet delivery

ratio. Also, with increase in packet delivery ratio thejitter decreases because once routes are establishedthen it does not affect much on the performance.

Figure 10: Jitter for 150 nodes at different delivery rate

4.3 Lightweight Analysis

4.3.1 Lightweight Primitive Analysis

Confidentiality as well as authentication mechanisms areintegrated with protocol 1 and protocol 3 whereas onlyauthentication mechanism is integrated with protocol 2.Table 5 shows the comparative analysis of substitutionpermutation network (SPN) based lightweight primitivesfor Protocols 1, 2 and 3. Two lightweight primitivesare taken for analysis: LED and PHOTON. Result oflightweight primitives are compared with classical mech-anism, i.e. Advanced Encryption Standard (AES). Allthree are based on confusion and diffusion layer principlein SPNs. LED and AES are used to achieve confidential-ity and PHOTON is used for authentication. Alloy anal-ysis shows that the number of variable generated, clausesformed and computational time in Protocol 1 and Proto-col 3 for LED and PHOTON are much lesser than AES.Both confusion and diffusion layers are showing similar re-sults. Multiple challenges and verifications in Protocol 2increases the resource consumption and time required tocomplete the operations. Comparison of lightweight prim-itives with classical primitive shows that integration ofLED and PHOTON in proposed mechanism enhances theperformance of protocols as compared to AES based clas-sical confidentiality mechanism.

4.3.2 Lightweight Policy Analysis

Figure 11 shows the proposed trust policy for subgroupmember in proposed scheme. Trust based proposed mech-anism is having: subgroup controller, subgroup member,virtual subgroup member and virtual subgroup controller.Each entity in hierarchical model acts as either produceror consumer. While acting as producer or consumer, therewill be change of permissions. A subgroup controller willbe having READ, WRITE, ACCESS, USE, MODIFYpermissions for trust management. Whereas, a subgroup

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 14

Table 5: Simple vs. lightweight primitive analysis for proposed schemeProtocol Primitives Layer Variables Clauses Time(msec)

Protocol1

LEDConfusion 22025 15174 1463Diffusion 20451 13012 1231

PHOTONConfusion 42314 44101 2112Diffusion 36110 23603 1642

AESConfusion 80178 25545 3463Diffusion 60145 160234 2654

Protocol2 PHOTONConfusion 44114 46045 2414Diffusion 37111 26032 2001

Protocol3

LEDConfusion 22544 160112 1513Diffusion 20653 13009 1213

PHOTONConfusion 41015 44023 2104Diffusion 36009 23112 1672

AESConfusion 81534 26123 3413Diffusion 62435 16144 2611

(MemberAssigned = (Interested s a r):- (Assigned s r) (AssignID a) (SubGroup r))

(MemberConflict = (Interested s a r):- (Conflicted s r) (RetrieveID a) (SubGroup r))

(MemberTrust = (TrustGeneration s a r):- (Assigned s r) (AssignID a) (SubGroup r))

(MemberTrust = (TrustPropagation s a r):- (Assigned s r) (AssignID a) (SubGroup r))

(MemberTrustConflict = (TrustAccumulation s a r):- (Conflicted s r) (SubGroup r))

(MemberTrust = (TrustPrediction s a r):- (Assigned s r) (AssignID a) (SubGroup r))

(MemberTrustConflict = (TrustEvaluate s a r):- (Conflicted s r) (SubGroup r))

(MemberTrustConflict = (TrustApplication s a r):- (Conflicted s r) (SubGroup r))

Figure 11: Margrave policy for access control in proposed scheme

member will be having READ, ACCESS, USE permis-sions only. So, each member will have its own policy in thenetwork. Figure 11 shows the subgroup member policyfor TrustGeneration, TrustPropagation, TrustAccumula-tion, TrustPrediction, TrustEvaluation and TrustApplica-tion. A subgroup member can act as producer to assignnew identification to new node or retrieve its identifica-tion. Trust generation, propagation and prediction arepermissible for subgroup member. Trust accumulationand application comparison are not allowed for memberbut these are considered to be the functions of subgroupcontroller. After designing and analyzing the policies ofevery member in proposed scheme, it is analyzed throughMargrave that there is no conflict in any policy [1].

5 Conclusions

The current study examines RFID-Sensor basedMANETs using ECCr in code based cryptography.MANETs are constructed by extending the trust man-agement approach in resource constraint environmentwith Teo and Tan protocol for key exchange usinghierarchical model [66] and Avoine MA-KA2 protocol

for distance bounding and mutual authentication [7].These approaches are perceived as efficient lightweightapproaches with strong protection against distancebounding attacks. QoS parameters taken for networkperformance analysis are: delivery ratio, goodput,coverage, energy consumption and jitter. In conclusion,150 nodes scenario shows that ZRP protocol outperformsany other protocol for proposed security system usingtrust management. Maximum goodput that is achievablethrough best routing protocol is approximately 80packets per second to minimum delay of 0.03 msec.Probability attack analysis is performed for mafia fraudattack, distance fraud attack, terrorist fraud attack anddistance hijacking attack in distance bounding protocol.In this analysis, fault acceptance rate of system is checkedand in result it is found that system is strong enoughagainst all these attacks. Lightweight primitives andpolicies for subgroup members are also analyzed. It isfound that integration of lightweight primitives reducecomputation and time complexity. Lightweight policyanalysis shows that there is no conflict in access domainsof any subgroup member.

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 15

References

[1] The Margrave Policy Analyzer, Jan. 19, 2015.(http://www.margrave-tool.org)

[2] M. R. S. Abyaneh, Security Analysis of LightweightSchemes for RFID Systems, PhD thesis, Universityof Bergen, Norway, 2012.

[3] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran,“Scalable RFID systems: A privacy-preversing protowith constant-time identification,” IEEE Transac-tions on Parallel Distribution Systems, vol. 23, no. 8,pp. 1536–1550, 2012.

[4] R. J. Anderson, Security Engineering: A guide toBuilding Dependable Distributed Systems, New York,USA, John Wiley & Sons, 2001.

[5] S. A. Anson and M. Ilyas, RFID handbook: Applica-tion, technology, security and privacy, Boca Raton,Florida, USA, CRC, 2008.

[6] P. D’Arco and A. De Santis, “On ultralightweightRFID authentication protocols,” IEEE Transactionson Dependable and Secure Computing, vol. 8, no. 4,pp. 548–563, 2011.

[7] G. Avoine and C. H. Kimh, “Improving programanalyses by structure untupling,” IEEE Transactionson Mobile Computing, vol. 12, no. 5, pp. 830–839,2013.

[8] G. Avoine, C. Lauradoux, and B. Martin, “Howsecret-sharing can defeat terrorist fraud,” in Proceed-ings of the 4th ACM Conference on Wireless NetworkSecurity, pp. 145–155, Hamburg, Germany, June 15-17, 2011.

[9] N. Bagheri and M. Safkhani, “Secret disclosure at-tack on kazahaya, a yoking-proof for low-cost RFIDtags,” Technical Report Cryptology ePrint Archive:Report 2013/453, July 2013.

[10] J. D. Bakos, D. M. Chiarulli, and S. P. Levitan,“Lightweight error correction coding for system-levelinterconnects,” IEEE Transactions on Computing,vol. 56, no. 3, pp. 289–304, 2007.

[11] D. J. Bernstein, J. Buchmann, and E. Dahmen, Post-Quantum Cryptography, Springer-Verlag Berlin Hei-delberg, New York, USA, Springer, 2009.

[12] M. Burmester, T. V. Le, and B. D. Medeirosn, “Uni-versally composable RFID identification and authen-tication protocols,” ACM Transaction on Informa-tion and Systems Security, vol. 12, no. 4, pp. 21:1–21:33, 2012.

[13] M. Burmester and J. Munilla, “Lightweight RFIDauthentication with forward and backward security,”ACM Transactions on Information and System Se-curity, vol. 14, no. 1, pp. 11:1–11:26, 2011.

[14] A. Canteaut and F. Chabaud, “Improvement of theattacks on cryptosystems based on error-correctingcodes,” Research Report: LIENS-95-21, Ecole Nor-male Superieure, Paris, July 1995.

[15] T. Cao, E. Bertino, and H. Lei, “Security analysis ofthe sasi protocol,” IEEE Transactions on Dependableand Secure Computing, vol. 6, no. 1, pp. 73–77, 2009.

[16] A. Cerpa, J. Elson, D. Estrin, L. Girod, M. Hamilton,and J. Zhao, “Habitat monitoring application driverfor wireless communication technology,” in Proceed-ings of the ACM SIGCOMM Workshop on DataCommunication in Latin America and the Caribean,pp. 20–41, San Jose, Costa Rica, Apr. 2001.

[17] A. Chakrabarti, A. Sabharwal, and B. Aazhang, “Us-ing predictable observer mobility for power efficientdesign of sensor networks,” in Proceedings of the 2ndInternational Workshop on Information Processingin Sensor Networks (IPSN-03), pp. 129–145, PaloAlto, CA, USA, Apr. 2003.

[18] R. Chen, X. Chao, L. Tang, J. Hu, and Z. Chen, “Aglobal reputation-based trust model in peer-to-peernetworks,” in 4th International Conference Auto-matic and Trusted Computing (ATC 2007), pp. 203–215, Hong Kong, China, 2007.

[19] J. Cho, Y. Shim, T. Kwon, and Y. Choi, “Sarif: Anovel framework for integrating wireless sensor andRFID networks,” IEEE Wireless Communications,vol. 14, no. 6, pp. 50–56, Dec. 2007.

[20] M. Conrad, T. French, and W. Huang, “Alightweight model of trust propagation in a multi-client network environment. to what extent doesexperience matter?,” in International Conferenceon Avaiability, Reliability and Security (ARES’06),pp. 482–487, Vienna University of Technology, Aus-tria, Apr. 20-22, 2006.

[21] C. Cremers, K. B. Rasmussen, B. Schmidt, andS. Capkun, “Distance hijacking attacks on distancebounding protocols,” in IEEE Symposium on Secu-rity and Privacy (SP’12), pp. 113 – 127, San Fran-cisco, CA, USA, 20-23 May 2012.

[22] D. Denning, “A new paradigm for trusted systems,”in Proceedings on the 1992-1993 Workshop on NewSecurity Paradigms, pp. 36–41, New York, NY, USA,1993.

[23] M. Deutch, “Cooperation and trust: Some theoret-ical notes,” in Nebraska Symposium on Motivation,pp. 275–319, University of Nebraska Press, LincolnNE, USA, 1962.

[24] C. Englund and H. Wallin, “RFID in wireless sen-sor network,” Master Thesis, Communication Sys-tems Group, Department of Signals and Systems,Chalmers University of Technology, Goteborg, Swe-den.

[25] A. Ephremides, “Energy concerns in wireless net-works,” IEEE Transactions on Wireless Communi-cation, vol. 9, no. 4, pp. 48–59, 2002.

[26] R. B. Ferguson, “Gentag patent addsRFID sensor network feature to mo-bile devices,” Dec. 2006. (http://www.eweek.com/c/a/Mobile-and-Wireless/

Gentag-Patent-Adds-RFID-Sensor-Network\

-Feature-to-Mobile-Devices\)[27] M. D. Francesco, S. K. Das, and G. Anastasi, “Data

collection in wireless sensor networks with mobile ele-ments: A survey,” ACM Transaction on Sensor Net-works, vol. 8, no. 1, pp. 7:1–7:31, 2011.

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 16

[28] D. Gambetta, “Can we trust?,” in Trust: Makingand Breaking Cooperative Relations, vol. 13, pp. 213–237, Department of Sociology, University of Oxford,England, 2000.

[29] K. Govindan and P. Mohapatra, “Trust computa-tions and trust dynamics in mobile adhoc networks:A survey,” IEEE Communications Surveys and Tu-torials, vol. 14, no. 2, pp. 279–298, 2012.

[30] D. Jackson, “Alloy: a lightweight object modellingnotation,” ACM Transactions on Software Engineer-ing and Methodology, vol. 11, no. 2, pp. 256–290,2002.

[31] D. Jackson, “Micromodels of software: Lightweightmodelling and analysis with alloy,” Technical ReportMIT Lab Manual, Feb. 2002.

[32] S. Jarvenpaa, K. Knoll, and E. L. Dorothy, “Is any-body out there?: antecedents of trust in global vir-tual teams,” Journal of Management, vol. 14, no. 4,pp. 29–64, 1998.

[33] A. Josang, “The right type of trust for distributedsystems,” in Proceedings of the ACM New SecurityParadigm Workshop, pp. 119–131, Lake Arrowhead,CA, USA, 1996.

[34] A. Juel and S. Weis, “Authenticating pervasive de-vices with human protocols,” in Advances in cryptol-ogy (Crypto’05), pp. 293–298, Santa Barbara, Cali-fornia, USA, 2005.

[35] A. Juels, “RFID security and privacy: A researchsurvey,” IEEE Journal on Selected Areas in Com-munication, vol. 24, no. 2, pp. 381–394, 2005.

[36] S. Kamvar, M. Schlosser, and H. Garcia-Molina,“The eigentrust algorithm for reputation manage-ment in p2p networks,” in Proceedings of the Inter-national World Wide Web Conference (WWW’03),pp. 640–651, Budapest, Hungary, 2003.

[37] O. Khalid, U. S. Khan, S. A. Madani, et al., “Com-parative study of trust and reputation systems forwireless sensor networks,” International Journal onSecurity and Communication networks, vol. 6, no. 6,pp. 669–688, 2013.

[38] C. H. Kim, “Security analysis of ykhl distancebounding protocol with adjustable false acceptanceratio,” IEEE Communications Letters, vol. 15,no. 10, pp. 1078–1080, 2011.

[39] C. H. Kim and G. Avoine, “RFID distance bound-ing protocols with mixed challenges,” IEEE Trans-actions on Wireless Communications, vol. 10, no. 5,pp. 1618–1626, 2011.

[40] P. Kitsos and Y. Zhang, RFID security, techniques,protocols and system-on-chip design, New York,USA, Springer, 2008.

[41] R. Koh, E. Schuster, I. Chackrabarti, and A. Bell-man, “Securing the pharmaceutical supply chain,”White Paper, 2003.

[42] A. Kumar and A. Aggarwal, “Efficient hierarchicalthreshold symmetric group key management proto-col for mobile ad hoc networks,” in InternationalConference on Contemporary Computing (IC3’12),pp. 335–346, Noida, India, 2012.

[43] A. Kumar, K. Gopal, and A. Aggarwal, “Outlierdetection and treatment for lightweight mobile adhoc networks,” in Qshine’13, pp. 750–763, GreaterNoida, India, 2013.

[44] M. Lehtonem, T. Staake, F. Michahelles, andE. Fleisch, “From identification to authentication- areview of RFID product authentication techniues,”in Networked RFID Systems and Lightweight Cryp-tography, pp. 169–187, USA, 2007.

[45] A. Mason, A. Shaw, A. I. Al-Shamma’a, andT. Welsby, “RFID and wireless sensor integration forintelligent tracking systems,” in Proceedings of 2ndGERI Annual Research Symposium (GARS’06), Liv-erpool, U.K., 2006.

[46] R. C. Mayer, J. H. Davis, and F. D. Schoorman, “Anintegrative model of organizational trust,” Academyof Management Executive, vol. 20, no. 3, pp. 709–734, 1995.

[47] A. McCumber, Assessing and Managing SecurityRisk in IT Systems: A Structured Methodology, BocaRaton, Florida, USA, Auerbach Publications, 2005.

[48] D. H. McKnight and N. L. Chervany, “Trust anddistrust definitions: One bite at a time,” in Decep-tion, Fraud, and Trust in Agent Societies, pp. 27–54,Barcelona, Spain, 2000.

[49] G. E. Moore, “Cramming more components ontointegrated circuits,” Electronics Magazine, vol. 38,no. 8, pp. 114–117, 1965.

[50] Z. Nochta, T. Staake, and E. Fleisch, “Productspecific security features based on RFID technol-ogy,” in International Symposium on Applicationsand the Internet Workshops (SAINTW’06), pp. 72–75, Phoenix, AZ, USA, 2006.

[51] D. M. R. Overbeck, Public Key Cryptography basedon Coding Theory, Ph.D. Thesis, Technische Univer-sitat Darmstadt, 64277 Darmstadt, 2007.

[52] J. Pearson, “Securing the pharmaceutical supplychain with RFID and public key infrastructure (PKI)technologies,” White Paper, June 2005.

[53] P. Peris-Lopez, J. C. Hernandez-Castro, J. M.Esteveze-Tapiador, and A. Ribagorda, “RFID sys-tems: A survey on security threats and proposedsolutions,” in International Conference on PersonalWireless Communication (PWCA’06), pp. 159–170,Albacete, Spain, 2006.

[54] D. Puccinelli and M. Haenggi, “Reliable data deliv-ery in large scale low-power sensor networks,” IEEETransactions on Mobile Computing, vol. 6, no. 4,pp. 28:1–28:41, 2010.

[55] V. Rajendran, J. J. Garcia-Luna-Aceves, andK. Obraczka, “Energy-efficient, application-awaremedium access for wireless sensor networks,” inProceedings of the 2005 International Conferenceon Mobile Ad Hoc and Sensor Systems Conference(MASS’05), pp. 623–630, Washington, DC, USA,2005.

[56] V. Rajendran, K. Obraczka, and J. J. Garcia-Luna-Aceves, “Energy-efficient, collision free medium ac-

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 17

cess control for wireless sensor networks,” WirelessNetworks, vol. 12, no. 1, pp. 63–78, 2006.

[57] C. Schurgers, V. Tsiatsis, S. Ganeriwal, and M. B.Srivastava, “Optimizing sensor networks in theenergy-latency-density design space,” IEEE Trans-actions on Mobile Computing, vol. 1, no. 1, pp. 70–80, 2002.

[58] P. W. Shor, “Algorithm for quantum computation:Discrete logarithms and factoring,” in 35th AnnualSymposium on Foundations of Computer Science,pp. 124–134, Santa Fe, New Mexico, USA, 1994.

[59] K. Sohrabi, J. Gao, V. Ailawadhi, and G. J. Pottie,“Protocols for self-organization of a wireless sensornetworks,” ACM Computer Communication Review,vol. 7, no. 5, pp. 16–27, 2000.

[60] A. W. Stephen, S. E. Sarma, R. L. Rivest, and D. W.Engels, “Security and privacy aspects of low-cost ra-dio frequency identification systems,” in First Inter-national Conference on Security in Pervasive Com-puting, pp. 201–212, Boppard, Germany, 2003.

[61] H. M. Sun, W. C. Ting, and K. H. Wang, “On thesecurity of chien’s ultralightweight RFID authenti-cation protocol,” IEEE Transactions on Dependableand Secure Computing, vol. 8, no. 2, pp. 315–317,2011.

[62] Y. Sun, S. Du, O. Gurewitz, and D. B. Johnson,“Dw-mac: A low latency energy efficient demandwakeup mac protocol for wireless sensor networks,”in proceedings of the 9th ACM International Sympo-sium on Mobile Ad Hoc Networking and Computing(MobiHoc’08), pp. 53–62, New York, USA, 2008.

[63] Y. Sun, W. Yu, Z. Han, and K. J. Ray Liu, “Informa-tion theoretic framework of trust modeling and eval-uation for ad hoc networks,” IEEE Journal of SelectArea on Communications, vol. 24, no. 2, pp. 305–317,2006.

[64] P. Sztompka, Trust: A sociological theory, Cam-bridge, United Kingdom: Cambridge UniversityPress, 1999.

[65] K. Takaragi, M. Usami, R. Imura, R. Itsuki, andT. Satoh, “An ultra small individual recognition se-curity chip,” IEEE Micro, vol. 21, no. 6, pp. 43–49,2001.

[66] J. C. M. Teo and C. H. Tan, “Energy-efficient andscalable group key agreement for large ad hoc net-works,” in ACM International Workshop on Perfor-mance Evaluation of Wireless Ad Hoc, Sensor, andUbiquitous Networks (PE-WASUN’05), pp. 114–121,Montreal, Qc. Canada, 2005.

[67] M. Najam ul islam U. Mujahid and J. Ahmed, “Ul-tralightweight cryptography for passive RFID sys-tems,” Technical Report Cryptology ePrint Archive:Report 2013/847, Dec. 2013.

[68] T. Wu and S. Biswas, “A self-reorganizing slot al-location protocol for multi-cluster sensor networks,”in proceedings of the 4th International Symposium onInformation Processing in Sensor Networks, pp. 309–316, Los Angeles, California, USA, 2005.

[69] R. Yahalom, B. Klein, and Th. Beth, “Trust relation-ships in secure systems- a distributed authenticationperspective,” in Proceedings 1993 IEEE Symposiumon Research in Security and Privacy, pp. 150–164,Oakland, CA, USA, 1993.

[70] X. Yang and N. Vaidya, “A wakeup scheme for sen-sor networks: Achieving balance between energy sav-ing and end-to-end delay,” in Proceedings of the 10thIEEE Real-Time and Embedded Technology and Ap-plications Symposium (RTAS’04), pp. 19–26, KingEdward, Toronto, Canada, 2004.

[71] S. Yessad, F. Nait-Abdesselam, T. Taleb, andB. Bensaou, “R-mac: Reservation medimum accesscontrol protocol for wireless sensor networks,” in Pro-ceedings of the 32nd IEEE conference on Local com-puter networks, pp. 719–724, Dublin, Ireland, 2007.

[72] L. Zhang and Z. Wang, “Integration of RFID intowireless sensor networks: Architectures, opportuni-ties and challenging problems,” in Proceedings of the5th International Conference on Grid and Cooper-ative Computing Workshops (GCCW’06), pp. 463–469, Changsha, China, 2006.

[73] P. Zhang, C. M. Sadler, S. A. Lyon, andM. Martonosi, “Hardware design experiences in ze-branet,” in Proceedings of the 2nd ACM Confer-ence on Embedded Networked Sensor Systems (Sen-Sys’04), pp. 227–238, Baltimore, Maryland, 2004.

[74] Y. Zhang, L. T. Yang, and J. Chen, RFID and Sen-sor Networks: Architectures, Protocols, Security andIntegrations, Boca Raton, London, New York: CRC,2009.

[75] Y. Z. Zhao, C. Miao, M. Ma, J. B. Zhang, and C. Le-ungi, “A survey and projection on medium accesscontrol protocols for wireless sensor networks,” ACMComputing Surveys, vol. 45, no. 1, pp. 7:1–7:37, 2012.

[76] L. Zhou and Z. J. Haas, “Securing ad hoc networks,”IEEE Network, vol. 13, no. 6, pp. 24–30, 1999.

Adarsh Kumar received his ME degree in softwareengineering from Thapar University, Patiala, Punjab,India, in 2003. Since 2003, he has been with the Depart-ment of Computer Science Engineering and InformationTechnology, Jaypee Institute of Information Technology,Noida, Uttar Pardesh, India, where he is now an assistantprofessor. His main research interests are cryptography,network security, and adhoc networks.

Krishna Gopal biography. received his BTECHdegree in electrical engineering from the Departmentof Electrical Engineering, IIT, Madras, India, in 1966and his MS and PhD degrees in engineering from theREC Kurukshetra, Kurukshetra, India, in 1972 and1979, respectively. Since 2011, he has been working asadean (Academic & Research) with Jaypee Institute ofInformation Technology, Noida, India. He has forty-fiveyears of teaching and research experience. He is amember of various professional bodies, such as the LifeMember System Society of India, the Indian Society for

International Journal of Network Security, Vol.18, No.1, PP.1-18, Jan. 2016 18

Technical Education, and the IEEE. .

Alok Aggarwal received his BTECH and MTECH de-grees in computer science engineering from the Depart-ment of Computer science, Kurukshetra University, In-dia, in 1995 and 2001, respectively and his PhD degree inengineering from IIT, Roorkee, India, in 2010. From 2009to 2012, he worked for the Jaypee Institute of InformationTechnology, Noida, India. Since 2012, he has been withthe JP Institute of Engineering and Technology, Meerut,India, where he is now a professor and director. His mainresearch interests are wired/wireless networks, security,and coding theory.