Empirical Study on Secure Routing Protocols in Wireless Sensor Networks

Transcription

1 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni Msc Student, Faculty of Computer Science and Information Systems,University Technology Malaysia Norafida Ithnin Department of Computer System and Communication, Faculty of Computer Science and Information Systems, University of Technology Malaysia doi: /ijact.vol2.issue5.3 Othman Ibrahim Department of Information System, Faculty of Computer Science and Information Systems, University of Technology Malaysia Abstract Wireless Sensor Networks (WSN) is usually made by cooperation of number of limited sensor devices which are connected over the wireless media. There are a lot of its application in military, health and industry. Due to limitations of sensor devices, the networks exposed to various kinds of attacks and conventional defenses against these attacks are not suitable due to the resource constrained nature of these kinds of networks. Therefore, security in WSNs is a challenging task due to inheritance limitations of sensors and it becomes a good topic for researchers. In this paper we focus at secure routing protocols in wireless sensor networks and surveyed nineteen papers which focusing on this matter. We represent their problems and methodologies which are used in order to address the problems and develop a matrix which identifies protocol, its features and the attacks it resistance to. 1. Introduction Keywords: Secure Routing Protocol, Wireless Sensor Network, Security Advantages in communication technology allow us to build the networks where large numbers of low-power and inexpensive sensor devices are integrated in the physical environment and operating together over a wireless media. There are a lot of its application in industry, military and health. In some applications such as intruder detection systems in military, detection of unusual behavior or failures in a manufacturing process or detection of forest fires, the infrequency of occurrence of specific events has been detected via wireless sensor network (WSN). In the some other WSN applications such as monitoring temperature, humidity and lighting in office buildings, data gathered and reported in the specific periods of time. In some application s scenarios the process of gathering and reporting environment data had been asked through the base, or sink. In some cases border surveillance, WSN may be used in order to track of specific objects in the environment. In these applications data has been gathered, processed via sensor devices in the network. The transmission of collected data is responsibility of sensor devices as well. Therefore in order to develop any routing protocol, and more advanced secure routing protocol, architecture of sensor devices should be determined and its limitations should be considered In wireless sensor networks, sensor device, also may be referred as sensor node or node, perhaps is the most widely used equipment. It is usually restricted and as its name suggests it has the responsibility of sensing environment. Furthermore it acts as router and transmits data through the wireless medium. Kishnamachari considers six basic elements for sensor devices. These components are described in Table

2 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim Table 1. Sensor Device Components which considered by Kishnamachari Name Description The interpretation of both locally sensed data and communication information are duties of processor. Usually, the processors are often limited in terms of Processor computational power (e.g., many of the devices have only an eight-bit 16-MHz processor). These devices have two kinds of memories: RAM and ROM which are used for instructions execution by the processor and storing raw and processed sensor Memory measurements as well as other local information. Radio Transceiver Sensor(s) Power Source Geo-Positioning System WSN devices include a low-rate and short-range wireless radio ( kbps, <100 m). These devices may use of several sensors (such as temperature sensors, light sensors, humidity sensors ) depends on application to sense the environment. It provides the energy for the other components to work. In many WSN applications, it is important for all sensors to know about their locations. This can be achieved, when the network is deployed in an ad hoc manner, via satellite-based GPS. Consider that, it may be an optional component because in some areas satellite access is not possible. Verdone et al. describe the sensor node device as the simplest tool in the wireless sensor networks and considers the five elements for sensor device which are shown in Figure 1. According to their works, sensor node device has the Microcontroller which manages all tasks. It also equipped with the memory which is used to store environmental sensed data. The radio transceiver is used to transmit data. Additionally it has the sensor to sense environment. And finally the power source, the battery, which is used to provide required power for the other elements. Figure 1. Sensor Node Architecture [1] Cordiero and Agrawal, also, consider five basic elements for the sensor node device. In this case, sensor device is equipped with embedded processor which is the responsible of controlling and managing the tasks. It also has the transceiver which sends and receives data. In addition to these, the memory is considered to store temporary data, the sensor for sensing environment and finally the battery to support the energy. The rest of the paper is organized as follow: In Section 2 you will be introduced to routing taxonomy in WSNs. Section 3 will discuss about security issues in wireless sensor networks. After that selected secure routing protocols in WSN will be represented in Section 4. Section 5 will discuss about security analysis of selected protocols. And finally Section 6 concludes the paper. 2. Routing in Wireless Sensor Network As it illustrated in Table 1, the sensor devices are usually restricted in case of memory, processor and power. Additionally they are responsible for sensation and transmission of environment data as

3 well. Data transmission task is critical and challenging as there are usually huge amount of data and sensor devices are limited. So designing the routing protocol for these kinds of networks should consider these limitations in mind. As a result from Boukerche et al, routing protocols in wireless sensor networks can be classified into following categories according to deployment: Data-Centric, Flat, QoS-Based, Geographical, Multipath and hierarchal routing. This classification is shown in Figure 2. In data-centric routing, usually sink ask for specific node data by broadcasting a message. After this message is reached to the specific node which sink is interested in its data, it will send the information back to sink. Flat routing uses tremendous equal sensor nodes (in case of memory, processor and so on) which collaborate together in order to sense the environment. In the QoS-based routing, routing is performed by applying QoS parameters which usually control packet overhead and energy efficiency. Geographical routing uses location information of the node to forward data. By applying this approach, overhead may significantly decreases. In the multipath routing, multiple paths from source to destination are created and packets will send to destination through these paths. In the hierarchal routing (also called as cluster-based routing), the virtual tree is made by the nodes. Each node sends the packet to base (root of the tree) through the parent node. Figure 2. Illustration of Boukerche et al routing protocols classification in wireless Sensor Network In another classification which is illustrated in Figure 3, routing protocols had been categorized into the following categories base on how protocol selects the next hop for packet forwarding [2]: Contentbase routing protocols which in order to forward the data, selects the next node base on the content of the query, this query usually issues by sink. Another category in this classification is probabilistic routing protocols which randomly select the next hop in order to mitigate the load and improve the robustness of the network. Location-based routing protocol is also placed in this classification. These kinds of protocols select the next hop base on the position of the destination and neighbors as well. Hierarchical-based routing protocols are in this category as well. Sensor nodes in hierarchal routing protocols, forward the data to a node(s) which is placed in the higher hierarchy than the sender, this sensor node is called aggregator, and then be forwarded to base via aggregators. Another category in this classification is Broadcast-based routing protocols which every sensor node individually decides to forward the data or to drop it. If it wants to forward the data, it simply broadcast it again. Figure 3. Illustration of Acs and Butty s routing protocols classification in WSNs

4 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim Al-Karaki and Kamal consider two important factors for classification of routing protocols in wireless sensor networks. These factors are network structure and protocol operation. If the structure of network is considered, routing protocols in wireless sensor network can be divided into flat-based, hierarchal-based and location-based. Additionally, routing protocol in WSN can be classified into multipath-based, query-based, negotiation-based, QoS-based and coherent-based if the protocol operation is the concerning case. These two classifications are shown in Figure 4 and we represent these in the following paragraphs respectively. Figure 4. Illustration of routing protocols classification [3] In the flat networks, sensor node devices play the same roll in order to gather the environment data. Hierarchal or cluster-based routing protocols - which divided network into the cluster, each cluster has its own cluster head and data is transmitted first from the internal cluster nodes to the cluster head and then to the base via cluster heads - are also placed in Al-Karaki and Kamal s classification. Another category in this classification is the location-based routing protocols which addressed the sensor node devices via their physical location and the distance between nodes may be estimated via signal strengths. Multipath-based routing protocol is one of the categories in their classification of WSN routing protocol base on the operation. As its name suggests it uses multiple path in order to deliver data from source to destination. Query-based routing protocols start to work as the destination (sink) asks for the data and then corresponding nodes will forward data to the destination. Negotiation-based routing protocols are placed in this classification as another category. In negotiation-based routing protocols high-level data descriptor is used to omit transmission of redundant data and decisions about communication are made through these high-level descriptors. QoS-based routing protocols, as the category in this classification, try to satisfy QoS metrics such as bandwidth or delay and make a balance between energy consumption and data quality as well. Finally, according to the processing of data we can have coherent and non-coherent routing protocol in WSN. Coherent routing protocol in WSN send data to the aggregator, then it is processing data. And in non-coherent routing protocol data is being process in the sensor node before it will be transmitted to the other node. In this section some of different points of view concerning with routing classification in wireless sensor networks were represented. They were different from each other as they were made considering different factors such as deployment of network and protocol functionality. We use the first mentioned routing classification, Boukerche et al classification of routing protocols in WSN, as the selected one and the basis in our work. 3. Security Issues in Wireless Sensor Networks As resources are limited in wireless sensor networks, security will be critical in WSNs and achieving security objectives is a challenging task. Many of traditional security schemes are not suitable for WSNs due to the resource constrained nature of these kinds of networks. Brief introduction of security issues is presented in this section Security Requirements in Wireless Sensor Network

5 In order to achieve security in wireless sensor networks security requirements should be provided. These security requirements are as follow, system may satisfy some of these requirements depend on application [4], [5], [6] and [7]: Confidentiality: Confidentiality is the ability of hiding message to an unauthorized attacker. It means that if an illegal and unauthorized adversary access to the message, it cannot understand it. Integrity: This provide a mechanism in order to know whether the message had been tampered or not. Authentication: Authentication is ability to identify the reliability of message origin. Availability: availability grantees that network services are on hand as they needed. This factor identify whether message can move on to network or not. If the node can use its resource, then the availability is provided to the network for forwarding the message. The above mentioned security requirements mostly considered as the basic security requirements as authors unanimously mentioned them in their works and the following security requirements mostly considered as the additional security requirement. Walters et al. considered four additional security requirements for wireless sensor networks which are as follow: Data Freshness: Data freshness simply grantee the message is fresh enough that has not been replayed by adversary. Self-Organization: As usually there is no fix infrastructure in wireless sensor networks, node should be independent and flexible enough to be self organized. If network is not self organized, then it cannot conduct the key management scheme to achieve a secure relationship among the nodes. Time Synchronization: In order to conserve energy, most of the wireless sensor networks use time synchronization techniques which turn off some nodes in specific time periods. In order to achieve a better security, secure time synchronization [8] should be applied. Secure Localization: Localization is referred as the techniques which try to identify the other sensor nodes location in the network. According to Pual Walters et al. localization must be secured, otherwise it provides a good condition for adversary to attack. Chen et al. mentioned three additional security requirements for wireless sensor network which are briefly reviewed below: Non-repudiation: Non-repudiation simply means that sender of message cannot deny the message after it being sent. Authorization: By applying authorization, it will be grantee that only authorized sensor nodes can access to the network resources. Freshness: As it mentioned before in this section, freshness means that message is new enough that has not been re-played. Rehana provides some attributes for secure protocol in WSNs as the additional security requirement. These attributes are as follow: Data Freshness Robustness against attacks: It simply means that if attack occurs, the protocol should be able to minimize the impact. In other words, in order to minimize the impact of attack, protocol must be robustness against the attack. Resilience: Resilience is referred as the techniques that allow protocol work well in the condition that some nodes are being compromised. Broadcast Authentication: In the situation which sink broadcasts the command, adversary can modify the command and cause the malfunctioning in the WSN. So broadcast authentication techniques should be applied in order to block the attacker which want to forge the broadcast command. Self Organization Scalability: Size of the wireless sensor network can be changed. Adding the new node to the wireless sensor network should be secure in order to blocking the adversary may want to inject itself to the network

6 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim Although security requirements in wireless sensor networks are depending on the application, there are several security requirements that should be considered. These security requirements are important because they will offer fundamental control or protection towards the implementation of wireless sensor network application. We can classify the security requirements into two categories, which are basic security requirements and additional security requirements. The basic security requirements are confidentiality, integrity, availability and authentication. Meanwhile, data freshness, self organization, time synchronization, secure localization, authorization, non-repudiation, resilience, robustness against the attacks, scalability and broadcast authentication can be categories as an additional security requirement. Figure 5 shows the classification of security requirement in WSN. Figure 5. Security Requirements in WSNs classification Therefore in order to design and develop secure routing protocol for wireless sensor networks, the mentioned security requirements, as it has been shown in Figure 5, should be considered and consequently security functions should be utilized Routing Attacks in Wireless Sensor Network Due to the limitations of resources in wireless sensor networks, these kinds of networks exposed to variety of attacks. Some of these attacks which are related to the routing protocols in WSNs are shown in Table 2. The brief description of Table 2 s attacks will be presented in this subsection [5], [6], [9], [10], [7], [4]. Attack Selective forwarding Spoof, alter or replay routing info. Sinkhole Sybil Wormhole Hello flood Table 2. Routing Attacks in Wireless Sensor Networks Description Attacker will randomly drop the packets. As the name suggests, adversary alters, spoof the routing information. It can also reply routing information. Adversary attacker announces a short path to destination to attract packets and then may drop them. Multiple identities will be announced by attacker. A tunnel will be made by attacker in order to transmit packets to another place in the network. Strong hello message will be broadcasted by attacker. Other nodes may think this message is from sink. In selective forwarding attack, certain messages will be dropped by malicious node. Two factors are important in this attack. First is location of attacker, if the location of malicious node is close to base, it will attract more traffic. Another factor is the amount of dropped messages, the more it drops, the more

7 energy it has in order to attack. In the case of sinkhole attack, also known as black-hole attack, attacker surprisingly announces the short path to sink in order to attract traffic. And when it attracts the messages drop them or run selective forwarding attack. In scenario of Spoofed, Altered or Replayed routing information, attacker targets at the routing information as it exchanged among neighbors. In this case, attacker may spoof, alter or replay the routing packets, creates the loops in networks, repel the network traffic and etc. The adversary in Sybil attack announces multiple identities by fabricating and stealing the identity of the legal nodes. The fast tunnel will made by adversary attacker in wormhole attack. The attacker will forward the traffic of one place in the network to another place through this tunnel in wormhole attack. In case of hello flood attack, attacker broadcasts Hello message with the strong transmission power to the networks and make itself as a fake sink In this subsection, some of the attacks regarding to the routing protocols in wireless sensor networks were reviewed. It is important to consider that different types of routing protocol in wireless sensor network can be targeted via routing attacks which is mentioned in Table 2 [10], [6] and [4]. Therefore in order to develop secure routing protocol for wireless sensor network, routing attacks should be considered and solution for those should be applied Cryptographic approaches in Wireless Sensor Networks Sometimes malfunctioning of network is not aim of the attacker; instead it has intent of accessing and interpreting the data which it collected. Therefore in order to prevent attacker from eavesdropping, cryptography will be applied. Cryptography, simply, aims at making data not understandable to an unauthorized adversary which has the goal of data interpretation. In order to apply cryptography in any system including wireless sensor networks, cryptographic keys should be distributed among the parties, sensor node in this case, and this task is the responsibility of key management system. Cryptographic algorithms use these keys for data encryption and decryption. Depending on the key, there are two types of cryptography: symmetric cryptography - mostly referred as secret key cryptography - which will use the same key for encryption and decryption and asymmetric cryptography, also known as public key cryptography, which uses public/private pair key for encryption and decryption. Conventional public key cryptographic algorithms are not desirable for wireless sensor networks due to the limited resources [11], [7], [12] and [13]. Unlike public key cryptography, symmetric cryptographic techniques more be used in wireless sensor networks. There are some symmetric encryption algorithms which are also used in wireless sensor networks [14], [15] and [16]. Table 3, shows some of these algorithms accompany with their features. Table 3. cryptographic algorithms Name Key length Block Length AES [17] 128 bits 128 bits RC5 [18] 128 bits 64 bits RC6 [19] 128 bits 128 bits Misty1 [20] 128 bits 64 bits Law et al. tried to evaluate these algorithms on wireless sensor networks. According to their findings, AES is more desirable in order to providing high security and efficient energy consumption. They also claimed that Misty1 is more suitable for good memory and energy efficiency. This is against some of other works such as [14], which rather to use RC6 as the cryptographic algorithm. Choosing cryptographic method in wireless sensor networks is critical task due to the resource constrained nature of these kinds of networks. It should be chosen concerning with the factors such as energy consumption efficiency, required memory and security level. Electing unsuitable cryptographic scheme and algorithm for wireless sensor network consequences the negative effect on network. In this section variety of issues regarding to the security in wireless sensor networks were reviewed. You were familiar with security requirements in WSNs in Subsection 3.1. After that brief introduction of attacks in sensor networks were presented in Subsection 3.2. Subsection 3.3 reviewed cryptographic

8 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim approaches in WSNs. In order to provide security for routing protocol in wireless sensor network, these issues should be considered. 4. Secure Routing Protocols in Wireless Sensor Networks Although there are many routing protocols proposed for wireless sensor networks, few of them consider the problem of security and most of them developed without any security consideration. In this section we focus at selected secure routing protocols in wireless sensor network. We also categorize these protocols base on the routing taxonomy which was previously mentioned in Section 2 [21]. Subsections represent the proposed secure hierarchal, multipath and geographic routing protocols in WSNs respectively. Additionally at the end of this section we review an algorithm which can apply to WSN s routing protocols in order to identify compromised nodes Secure Hierarchal Routing Protocols for Wireless Sensor Networks In this subsection, we go through the secure hierarchal routing protocols which have been proposed for wireless sensor network, and we review ten approaches. The problem(s) that protocols want to solve or the question which it want to answer a company with the methodology which is used to address that problem are represented. So the structure of this subsection is base on the problems, or questions, and methodologies. Problem 1: How to defense against black hole attack which attacker announce short path to destination in order to attract packets and drop them? Methodology: Yin and Madria proposed hierarchical secure routing protocol against black hole attack (HSRBH). This protocol is the family of hierarchical routing protocols which applies MAC (Message Authentication Code) for integrity of the packets and symmetric cryptography for discover a safe route against black hole attack. In this approach first network is divided into set of groups. Each group has its own leader. So there are two types of shared key in HSRBH: inter-group key which is shared between two group leaders and intra-group key which is shared among neighbors of leader. This protocol uses Randomized Data Acknowledgment to defend against black hole attack which attacker drops the packets that forwarded to sink. In this protocol, source asks sink (destination) to send an acknowledgment and sink will send the acknowledgment to source. If source receives this acknowledgment and verification process is successfully accomplished, route is secure against the black hole attack. Problem 2: The problem of data confidentially, authentication and integrity in heterogeneous sensor networks Methodology: Du et al. proposed A Secure Routing Protocol for Heterogeneous Sensor Networks (TTSR) to provide security attributes such as confidentiality, authentication and integrity. The mentioned protocol which is a family of cluster based protocol uses Message Authentication Code (MAC) to provide authentication and integrity as well. The founders of it designed Asymmetric Predistribution (AP) key management scheme which sets up the shared key between neighbors in the cluster. In this protocol, there are two types of nodes, L-Sensor which includes majority of nodes in the network and H-Sensors which are the cluster heads and responsible of data aggregation and transmission to base. They also design two-tier routing scheme that consists of two parts: inter-cluster and intra-cluster routing. Intra-cluster routing deals with the transmission of data from L-Sensors to the cluster head (H-Sensor). To accomplish this goal, the sender sends its ID and encrypted data as well as the MAC of these two to its parent. This packet will be authenticated in the parent node through the MAC. The receiver node (the parent of sender) will send the packet to its parent and also send acknowledgment to the original sender. If the original sender does not receive an acknowledgment retransmit the packets to its parent again. In case of another failure, it selects another neighbor within the cluster and transmits the packet to it. This process continued until packet reach to destination (cluster head). The data will be stored on cluster head and after data aggregation; it will be compressed and sent to the base through the cluster head backbone (inter-cluster routing). This protocol is secure against Sybil, sinkhole, wormhole and selective forwarding attacks. Problem 3: How to achieve better security and performance in heterogeneous sensor networks in comparison to homogeneous sensor networks?

9 Methodology: Kausar et al. proposed Key Management and Secure Routing in Heterogeneous Sensor Networks. The mentioned protocol is a family of cluster based protocol. They proposed the key management scheme based on random key distribution for heterogeneous sensor networks. This scheme significantly decreases the required space for saving the keys as it only stores one key in the sensors in comparison to random pre-key distribution. There are two types of node in this protocol: H- sensors and L-sensors. H-sensors are the ones that act as the cluster head. Therefore there are two routing schemes: inter-cluster and intra-cluster schemes. The former is deals with transmission of packets thought the cluster head backbone through the selected nodes called Relay Cells and the later is responsible for exchanging data from cluster member (L-node) to cluster head. This protocol applies Message Authentication Code (MAC) and symmetric cryptography to provide confidentiality, integrity and authentication. It also applies acknowledgment scheme to detect a selective forward attack. The idea of this scheme is very simple; if a sender node does not hear any acknowledgment from the destined neighbor in certain period of time, it will re-transmit packet to another neighbor. The mentioned protocol shows as strong resilience against node capture as the key management scheme generates the pair-wise keys between the cluster head and cluster member randomly. Finally this protocol is secure against various kinds of attack such as Sybil (which attacker select multiple identity of itself) as it applies authentication mechanism, wormhole (which attacker transmit the traffic of one place in the network to the other place through the tunnel) and sinkhole (which attacker announce the short path to sink to attract the packets and will drop them) as inter-routing uses Relay Cells and attacker could not able to participate in this routing. Problem 4: How to build a secure route against wormhole attack which attacker tries to direct packet from one location to the remote location in the network through the tunnel, without applying any special equipment such as Antenna or GPS? Methodology: Madria & Yin propose a secure routing protocol against wormhole attack (SeRWA) which not only detects the attack, but also defense against it. SeRWA is a kind of tree base routing protocol which nodes could not be moved after deployment, builds the secure path against wormhole attack without applying any specific hardware. It uses per-wise key establishment to share key between neighbors and assumed that the channel between sensor nodes are reliable thought the MAC. There are four major phases in SeRWA. One-hop neighbor discovery is first phase and deals with building a neighbors list for each node. When each node creates its own list exchange it with its neighbors. In this situation, nodes can detect some case of wormhole attack. Let A and B are neighbors with S A and S B which are the neighbor count of node A and node B respectively. According to Madria & Yin proven if (S A - S B ) union (S B - S A ) <= Threshold (they define threshold of closeness among nodes as the reverse of density of sensor network) then A and B are Close (distance between them is less than specific amount) or they connected through the wormhole. So in order to defense against the wormhole attack, node A and all of its neighbors reconstruct their neighbor list by omitting of nodes A, B and all neighbors of these two nodes from their list. The second phase in SeRWA is initial route discovery. In this phase sink broadcast beacon and each node which receives it, mark sink (or sender) as the parent and rebroadcast it again. This process recursively continued until topology of the network will be created. Data Dissemination and wormhole detection is the third phase in SeRWA. In this phase, source signs the packet and send it to destination. Destination verifies the packet and sends acknowledgment. During this phase, if node finds that data packet is lost or is being modified, it will understand the wormhole attack is occurring. Therefore the nodes will reconstruct their neighbors list and omit suspicious nodes (and their neighbors as well). After detection of wormhole attack during the data dissemination, base starts the new routing request which has the same process as the second phase. This new routing is done in the secure route discovery against wormhole attack phase. Problem 5: How to Defense against the compromised nodes which try to run selective forwarding attack and inject wrong routing information? Methodology: Lee and Choi propose SeRINS( a Secure Alternate path routing in WSN) which is a type of tree base routing protocol aiming at detection and isolation nodes which intend to inject wrong routing information from entire network. In SeRINS, there is one powerful sink (can be extended to multiple sinks) and tremendous low-power and restricted sensor nodes in which sink has an ability to have a direct communication to all nodes. In this protocol, every node has multiple parents in tree, and select, randomly, one of them for forwarding the message. So the opportunity of selective forwarding attack will be decreased. They use Neighbor Report System, to detect and delete malicious

10 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim compromised nodes which try to inject inconsistence routing information in the network. The idea of this system is like this; when a node receives suspicious routing information from its neighbor, it suddenly report to base. Then base asks the neighbors of the suspicious node to announce the information about this node in the network. Sink collects the votes from the neighbors of suspicious node and determines node is really been compromised or the reporter is a compromised nod? And finally sink, omits the suspicious node from the network by revocation of its key. In this protocol, it had been assumed that a compromised node cannot broadcast inconsistent routing information to its neighbors. Problem 6: The problem of secure routing against compromised nodes which try to drop messages or alter them. Methodology: Yin and Madria proposed Secure Routing Protocol for Sensor Networks (SecRout) to have secure network against compromised nodes which try to drop or modify the messages. SecRout is a family of cluster-base routing and applies two-level architecture which divided network to set of cluster with the cluster head and uses a secure and powerful sink as well. There are two types of key in SecRout. First which is shared among the nodes in the cluster is called cluster key and second is master key which is shared among the sink and cluster heads. The founders of SecRout consider four features for it. First the size of routing and data packet is very small. Second, it creates secure route and then forward packet through it and not broadcast the packet and so it has a very small amount of overhead. Third, as it mentioned before, it applies two-level architecture which data first is collect in the cluster head (through the sensor nodes which exist in the cluster) and then will be forwarded to sink. And finally it uses symmetric cryptography. All messages will be verified in SecRout through MAC. SecRout not only will detect if intimidate node drop the packets or modified them, but also detect the malicious source node which sent abnormal packet to sink. Problem 7: Problem of the security of LEACH Methodology 1: Zhang et al. proposed A Secure Routing Protocol for Cluster-Based Wireless Sensor Networks Using Group Key Management (RLEACH). This protocol which is a family of cluster-based protocol can be thought as security extension of LEACH. The founders of RLEACH developed a key management scheme based on random pair-wise key management (RPK). The problem basic RPK scheme is that it is not adaptable to LEACH as it is not providing shared key for all nodes. In order to address this problem they proposed improve RPK key management scheme. RLEACH is resistance against the different attacks such as selective forwarding as all nodes had been integrated with the share key and attacker need to capture many nodes to achieve its objective, Sybil as it applies node to node authentication through the improved key management scheme and hello flood attack as every node need to have a permission to join the network. Methodology 2: Ruan et al. proposed a secure routing protocol for clustered sensor networks. The mentioned protocol is based on centralized energy-efficient routing protocol which was introduced by Maruganathan et al. in [22]. In this protocol which is a family of clustered base protocol, there are one powerful base and thousands of limited sensor nodes which can act in sensor and cluster-head modes. And it is assumed that cluster head has the ability of direct communication with each cluster member and nodes cannot move after deployment as well. The founders of this protocol apply Elliptic Curve Digital Signature for message authentication to provide resistance against node compromising and perform rekeying operation periodically in order to decrease the opportunity of breaking the key for attacker. The key management scheme starts with creation of public-private key at base and assigning them, randomly, to the cluster heads through the pre-loaded shared key. Then cluster heads do the same thing to the cluster members. This protocol periodically changes the cluster head so it performs rekeying operation as it mentioned, and provides reliable route the base which make it secure against the attacks such as wormhole and selective forwarding. Problem 8: The problem of authentication and confidentiality of data in cluster based sensor networks. Methodology: Srinath et al. proposed the Authentication Confidentiality (AC) cluster based secure routing protocol for wireless sensor network. AC, which is the family of cluster routing protocol, has three layers in which the one layer has the responsibility of cluster head election, another is responsible for authentication and confidentiality and the last one deal with routing as well. The mentioned protocol, also periodically changes the cluster heads in order to decrease the chance of finding key for attackers. Additionally in this protocol, every node has a pre loaded unique identifier and certificate

11 For AC to work, first Cluster head broad casts its ID to the network and then nodes will send theirs ID and Certificate. After that cluster head verify the node through the certificate. Once the node is verified by cluster head, it can send data. The same process will happen for communication between cluster head and the base but, in this case data will be authentication using signature. According to the founders of AC acclaim, AC should only use when the secrecy of data is more important than the energy consumption and this maybe is drawback of this protocol. Problem 9: The problem of security level adjustment in wireless sensor network. Methodology: Lan et al. proposed certainty-based secure routing protocol (CBSRP) for wireless sensor networks. CBSRP which is a family of cluster-based routing protocol applies AES cryptography to provide data secrecy and authentication mechanism. In this protocol the size of the key can be changed from 6 to 64 bits. It also uses a random function for generation of node s key. Therefore by changing the length of the key, it can fine the security level in the sensor network Secure Multipath Routing protocols for Wireless Sensor Networks We presented selected findings about secure multipath routing protocols which have been proposed for wireless sensor network in this subsection. Like previous one, Problems that protocols want to be solved is represented. And the methodology of particular protocol has been mentioned in order to know how that secure multipath routing protocol addresses the problem. In this subsection, six selected approaches will be reviewed and it is organized based on the problem and methods which try to address the problem. Problem 1: The problem of lack of security in SPIN protocol. Methodology: Tang and Li proposed security extension of SPIN called S-SPIN. S-SPIN is a kind of negotiation base routing protocol which uses MAC for integrity check and correctness of the packets. As confidentiality is application dependent, the founder of S-SPIN did not identify the method of message confidentially. There are three stages in S-SPIN: ADV, REQ and DATA. When a node gains new data, it will send ADV message to its neighbors. Once a node receives ADV message from its neighbor, it checks and verifies the ADV message through the MAC. If verification process has been achieved, then receiver will send the REQ message to source. REQ will be verified at the source again through the MAC and in the case of success, DATA message which contains encrypted data will be sent to destination. To prove security of S-SPIN, its founders use the formal security framework proposed by Acs et al [23]. They prove that S-SPIN is secure if MAC scheme is secure against existential forgery attack. Problem 2: How to detect malicious nodes and build the secure route against them. Methodology: Jiang and Zhao proposed A Secure Routing Protocol with Malicious Node Detecting and Diagnosing for Wireless Sensor Networks. This protocol applies µtelsa authentication to make the sending packets secure against the modification, forging and re-forwarding. Jiang and Zhao apply acknowledgment mechanism to detect the malicious nodes. The basic concept of mentioned mechanism is simple: if node A forwarded the message, it saves it in its buffer and waits for the acknowledgment. If node A can hear the acknowledgment from destination in the certain amount of time, then the receiver node is secure, otherwise it will be a malicious node. Therefore in order to make a secure path, node A selects another node (route) and forwards the packet to it and waits for acknowledgment. This process continues until the packet reach to destinations. Problem 3: Many of the new flooding and gossiping routing protocol that proposed for wireless sensor network do not consider the security issue. How to have secured flooding or gossiping routing protocol from attacker who wants to understand the messages? Methodology: Wen et al. proposed Segment Transmission Secure Routing Protocol for Wireless Sensor Network. The mentioned protocol applies lightweight cryptography [24] to provide confidentially against the attacker who intends to intercept the messages. This routing protocol, divides the message into several segments. It also encrypts segments and sends it to destination through different paths. So message interception will be harder for attacker. And by not broadcasting the segments, the performance of entire system will be increased. Problem 4: How to tolerate the damages cost by compromised nodes which try to inject, modify or drop the packets

12 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim Methodology: Zhou et al. proposed an intrusion-tolerant secure routing protocol with key exchanges for wireless sensor network (ITSRP). Applying both authenticated key exchange and energy factor in routing algorithm through ITSRP makes the proposed protocol resistance to some attacks such as sinkhole (which malicious node announce a short path to sink) and wormhole (which attacker exchanges the routing information of one place in network to another place using a tunnel). The founder of ITSRP proposed Distributed key management with distributed key management system which is running in the sink and has the responsibility of distributed and session key initialization. ITSRP applies cryptography in order to provide data secrecy and authentication as well. Problem 5: Problem of notion of a tradeoff between security and communication cost. Methodology: Gui et al. proposed A Secure Routing and Aggregation Protocol with Low Energy Cost for Sensor Networks (STAPLE). They apply one-way hash chain and multipath routing in order to achieve security. Also they design network expanding modeling with communication cost limitation to have better energy consumption. STAPLE applies hash based message authenticated code (HMAC) to achieve authentication and data integrity. It also uses symmetric cryptography to provide data secrecy. There are three phases in STAPLE: initialization phase, transmission phase and source authentication phase. The first phase deals with arrangement of the nodes in different levels according the minimum hops from base and key distribution as well. The second phase is responsible of transmission of packets from child node to parent and then to grandparent nodes. This phase follows three objectives: child authentication, data integrity authentication and false packet filtering. The last phase, source authentication, is achieved in the base. It includes two goals: source authentication and data integrity verification. The founders of STAPLE acclaim that their protocol has a better performance in comparison with INSENS and achieve the higher level of security. Problem 6: Problem of lack security of multipath routing algorithms Methodology: Li et al. proposed the secure multipath algorithm which works base on GPS for wireless sensor networks. The proposed algorithm is based on Curve-Base routing which proposed by Zhang et al. [25]. They consider data secrecy, authentication and integrity in their works. Confidentially is achieved by encryption of the message. In order to provide data encryption, they apply several key management schemes in their works. They use one global key for the first stage of multipath construction. This key is valid for several second and it is equal for all nodes in network as well (it may be thought as a one drawback of this algorithm). Also the probability key sharing is used for key pool construction and after that fixed amount of keys from pool will be assigned to nodes. Therefore node can use these keys to have secure communication. And additionally master key is applied for one-way function to provide integrity of the packets. The proposed algorithm uses MAC (Message Authentication Code) to provide integrity and problem of authentication is solved through the data encryption Secure Geographical Routing Protocol for Wireless Sensor Network This subsection goes through the geographical secure routing protocols in wireless sensor network and reviews two selected approaches. Its organization is similar two previous subsections: first the problem related security in routing protocols in WSN was presented and then appropriate approaches were reviewed. Problem 1: How to defeat attacks of malicious or captured nodes Methodology: Yao and Zheng proposed A Secure Routing Scheme Based on Multi-objective optimization in Wireless Sensor Network which applies node location information and trust model. The mentioned protocol which will be applied in the static sensor networks is developed based on hexagon model which introduced by Li et al. in [26]. The founders of it apply trust model introduced by Weifang et al. in [27]. Accordingly the trust value is the proportion of dynamic re-transmission ratio to the packet forwarding cooperatively. The former is defined as the proportion of number of packets need to be re-transmit to the number of all packets transmitted form one not to another node. The idea of this model is like this, transmit the packet to the nodes that have better trust value. Additionally this protocol uses acknowledgment mechanism to detect compromised nodes therefore most inside attacks can be avoided. It also applies cryptography for all packets (data and acknowledgment) and Hexogen Based pre-distribution key management scheme [26] so the confidentiality, authentication and integrity will be achieved respectively

13 Problem 2: Problem of authentication in sensor networks. Methodology: Yin et al. proposed heuristic secure routing on diameter (SDR) for wireless sensor networks. The mentioned protocol gets the concept of Third Trusted Party and applies the Pre-loaded Token Protocol (PTP) to provide authentication. The founder of SDE claimed that Tokens are a substitution of the public key and PTP is blind signature of the message. PTP and Ticket Server are used together in order to provide authentication in the mentioned protocol. The authentication protocol in SDR checks blind signature of message to authenticate the sender Secure Routing Algorithm for Wireless Sensor Network The content of this subsection is briefly reviewing one approach which proposes an algorithm for secure routing in wireless sensor networks. As the previous subsections, the problem and solution are represented. Problem: How to build the secure route against detected and undetected compromised nodes in sensor network? Methodology: There are two types of compromised node: detected compromised node which is detected through the security system and undetected compromised node which security system is unable to detect it. To overcome the problem of undetected compromised node Chen et al [28] proposed the novel secure routing scheme called Proactive Secure Routing Algorithm Defense against Node Compromise in Sensor Network (PSR). The basic idea of their scheme is to estimate probability of node being compromised, if it has high probability then bypasses the node and direct packets from another route. Figure 6. PSR algorithm [28] In the Figure 6, source want to send packet to destination, the normal path is S-C-G-D. As you can see, node G is detected compromised node. Therefore another route that may be compute by some secure routing algorithm is S-B-F-I-D which is not secure because node F is probably compromised node. PSR removes both nodes (G and F) and selects S-A-E-H-I-D. The founders of PSR use a method which is introduced in [29] to compute the probability of the node is being compromised. 5. Security Matrix In order to generalize previous findings, base on discussions in Section 4.1, 4.2 and 4.3, we present the following matrix which is shown as Table 4. In the proposed matrix, secure routing protocols in wireless sensor network are shown and classified according to Boukerche et al. routing taxonomy which is mentioned at the begging of Section 2. It also identifies basic security requirements in wireless sensor network and specifies which protocol addresses which basic security requirements. The attacks which have been reviewed in Section 3.2 are also provided in the matrix, and resilience and defense against each attack is mentioned for each particular protocol as well. We also try to extract the key management technique of the selected protocols and specify the cryptographic scheme. Additionally the authentication mechanism is identified for specific protocol

14 Protocol Name HSRBH [30] TTSR [31] Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim Table 4. Selected secure routing protocols in wireless sensor networks Basic Security Attacks in WSNs Requirements Cryptography Scheme Cryptography RC4 Cryptography RC4 Key Management Scheme Asymmetric Predistribution Authentication Scheme Confidentiality Integrity Availability Sybil Wormhole Authentication Traffic eavesdropping Spoofed, Altered Hello flood sinkhole Selective Forwarding MAC MAC + Secure Hierarchal Routing Protocols Secure Multipath Routing Protocols Secure Geographical Routing Protocols Key Management and Secure Routing in Heterogeneous Sensor Networks [32] SeRAW [15] SeRINS [9] SecRout [33] RLEACH [35] secure routing protocol for clustered sensor networks [36] AC [37] CBSRP [16] S-SPIN (38) ITSPR (39) STAPLE (40) Multipath-Based Secure Routing Algorithm for Sensor Network (41) Secure Routing Protocol with Malicious Node Detecting and Diagnosing for Wireless Sensor Networks (43) Transmission Secure Routing Protocol for Wireless Sensor Network (44) Secure Routing Scheme Based on Multiobjective optimization in Wireless Sensor Network (46) SDR (47) Cryptography, Application Specific Improved Random key distribution Pre-Distribution Key Cryptography RC5 Management Random Pre- Distribution Key Management The Scheme introduced in LEAP Cryptography RC5 [34] Improved Random pair-wise key management (IRPK) Elliptic Curves Cryptography Asymmetric and Cryptography Cryptography, AES Cryptography, Application Specific Cryptography Public Key and Key pre-distributed schemes Random Function for key Generation Pair-wise predistribution key Management Authenticated Key Exchange protocol Pre-Distribution Key Cryptography Management Application Specific Cryptography Lightweight Cryptography Cryptography Cryptography Key Management for distributed sensor networks (42) Basic Scheme (42), (45) MAC + It is assumed that channel are reliable through MAC ARMS, MAC MAC + + Authentication is achieved via IRPK Elliptic Curves Digital Signature Certificate, Signature AES + + MAC * Authenticated Key Exchange protocol Hexogen Based predistribution key Via Key Management management scheme Scheme (26) HMAC + MAC µtelsa Pre-loaded Token Protocol (PTP), Blind Signature

15 Note that we use different symbols in order to fill our matrix. The symbol means that the specific protocol provides the corresponding security requirement or defends the specific attack as it claimed via author(s). The + symbol in the matrix shows that protocol mitigates the effect of the specific attack according to our pre evaluation conclusion - and finally the * symbol is used in order to show that the specific protocol assumes that corresponding basic security requirements is provided. According to our matrix, most of the secure routing protocols addressed the authentication and integrity issues as the basic security requirements. Therefore those protocols which addressed these requirements can resist under the attacks such as sinkhole, Sybil, spoof, alter or replay routing information and mitigate their effects on the sensor network as they authenticate source and check for integrity of the packets. Confidentiality is placed in the third place after authentication and integrity. Those protocols which apply cryptography in order to provide data secrecy can resist against the passive attacks which attacker has the intent of monitoring the traffic in the network. It also considerable that most of selected protocols, if apply cryptography, use symmetric cryptography which is more desirable than asymmetric one due to the limitations in WSNs. As it illustrated in presented matrix, most of the protocols satisfy two security requirements and there is only one protocol [46] which satisfies all basic security requirements. We can conclude that this protocol provides higher level of security among the others as it provides all basic security requirements. Although this protocol [46] has higher level of security, it may not efficient for some application as it applies variety of techniques in order to provide all basic security requirements. Therefore it should apply more resources and this has an effect on network life time. Another drawback of this protocol may be delay of computation - as nodes should compute variety of things related to the security requirements - and for this reason it may not be suitable for real time applications as well. Therefore it is noticeable that providing security for any routing protocol in wireless sensor network needs additional cost, mostly in term of energy consumption, and in order to elect any of these protocols for specific application, the balance among the factors such as energy consumption, security level and computation efficiency should be considered. 6. Conclusion and Future Work In this paper we briefly introduced wireless sensor networks and most wildly used elements in WSN which is sensor device. Then routing in wireless sensor networks was discussed. Additionally we reviewed some of concepts and issues concerns with security in WSN. In Section 4, nineteen secure routing protocols in wireless sensor network were represented focusing on the problem and the methodology in order to solve the problem. In the next section, we generalized previous researches about secure routing protocols in WSNs and presented a matrix in this concern. Our matrix may be considered as the basis for the researchers who want to work on the secure routing protocol in wireless sensor network. In the future we intend to evaluate these protocols under variety of routing attacks and map these protocols to the appropriate applications. 7. References [1] Verdone, Roberto, et al. Wireless Sensor and Actuator Networks. s.l. : Elsevier/Academic Press, [2] Acs, Gergely and Butty an, Levente. A Taxonomy of Routing Protocols for Wireless Sensor Networks [3] Al-Karaki, Jamal N. and Kamal Ahmed E, Routing tecniques in Wireless Sensor Networks: A Survey , IEEE Wireless Communications, pp [4] Zia, Tanveer and Zomaya, Albert Y. Security Issues and Countermeasures in Wireless Sensor Networks. Algorithms and protocols for wireless sensor networks. s.l. : John Wiley & Sons, Inc., [5] Rehana, Jinat. Security of Wireless Sensor Networks. Seminar on Internetworking [6] Chen, Xiangqian, et al, Sensor Network Security: A Survey. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, pp , [7] Paul Walters, John, et al., Wireless Sensor Network Security: A Survey. Security in Distributed, Grid, and Pervasive Computing,

16 Empirical Study on Secure Routing Protocols in Wireless Sensor Networks Ali Modirkhazeni, Norafida Ithnin, Othman Ibrahim [8] Ganeriwal, S., et al, Secure time synchronization service for sensor networks. New York : ACM Press, 4th ACM workshop on Wireless security. pp , [9] Lee, Suk-Bok and Choi, Yoon-Hwa, A Secure althernate path routing in sensor netwroks, ScienceDirect computer communication, pp , [10] Karlof, Chris and Wanger, David, Secure Routing in Wireless Sensor Network: Attacks adn Countermeasures., IEEE, pp , [11] Sabbah, Eric and Kang, Kyoung-Don. Security in Wireless Sensor Networks. Guide to Wireless Sensor Networks. s.l. : Springer, pp , [12] Wang, Yong, Attebury, Garhan and Ramamurthy, Byrav. A Survey of Security Issues in Wireless Sensor Networks. IEEE Communications Surveys and Tutorials, 2006, [13] Kizza, J.M. A Guide to Computer Network Security. s.l. : Springer, [14] Slijepcevic, Sasha, et al. On Communication Security inwireless Ad-Hoc Sensor Networks. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. pp , [15] Madria, Senjay and Yin, Jian. SeRWA: A secure routing protocol against wormhole attack., Ad Hoc Networks 7, pp , [16] Lan, Yoa, et al.the Research on Certainty-Based Secure Routing Protocol in Wireless Sensor Networks. pp. 1-5, [17] Daemen, Joan and Rijmen, Vincent. AES Proposal: Rijndael. s.l. : submitted to NIST as a candidate for the AES, [18] Rivest, Ronald L. The RC5 Encryption Algorithm [19] Rivest, Ronald L., et al. The RC6 Block Cipher. s.l. : submitted to NIST as a candidate for the AES, [20] Matsui, Mitsuru. New Block Encryption Algorithm MISTY.. s.l : Springer, Fast Software Encryption Workshop. pp , [21] boukerche, azzedine, turgut, mohammad z. Ahmad and damla and turgut, begumhan. A taxonomy of routing protocols in sensor networks. Algorithm and protocols for wireless sensor networks. S.l. : wiley, [22] Muruganathan, S. D., et al. A Centerilzed Energy-Efficient Routing Protocol for Wireless Sensor Networks., IEEE Communication Magazine Vol 43, [23] Acs, G., Buttyan, L. and Vajda, I. The security proof of link-state routing protocol for wireless sensor netwoek. Mobile Adhoc ans Sensor System, [24] Seys, Etefaan. Lightweight Cryphtography Enabling Secure Wireless Sensor Network, Security Issues in Mobile and Wireless Heterogenouse Networks [25] Li, Ping, Zhang, Jin and Lin, Ya-ping. Curve-base routing algorithm for sensor networks. International conference on computer networks and mobile computing [26] Li, Guorui, He, JingSha and Fu, YingFang. A Hexagon-Based key Pre-distribution Scheme in Sensor Networks. International Conference on Parallel Processing Workshop, [27] Cheng Weifang, Liao Xiangke, Shen Changxiang, Li Shanshan. A Trust-Based Routing Framework in Energy-Constrained Wireless Sensor Networks. WASA, pp , [28] Chen, Xiangqian, et al. A Proactive Secure Routing Algorithm Defense against Node Compromise in Sensor Network. s.l. : IEEE, IEEE. pp , [29] Chen, Xiangqian, et al. Node compromised modeling and its application in sensor networks. Aveiro : s.n. IEEE Symposium on Computers and communication [30] Yin, Jian and Madria, Sanjay Kumar. A hierarchical secure routing protocol against black hole attack in sensor networks..ieee Intenational Conference on Sensor Networks and trustworthy computing [31] Du, Xiaojiang, et al. A Secure Routing Protocol for Heterogeneous Sensor Networks. s.l. : IEEE, IEEE GLOBECOM, [32] Kausar, Firdous, Saeed, Muhammad Qasim and Masood, Ashraf. Key Management and Secure Routing in Heterogeneous Sensor Networks. s.l. : IEEE Computer Society, IEEE International Conference on Wireless and Mobile Computing, Networking and Communication. pp , [33] Yin, Jian and Madria, Sanjay. SecRout: A Secure Routing Protocol for Sensor Network. s.l. : IEEE, 20th International Conference on Advanced information networking and applications

17 [34] Zhu, S, Setia, S and Jajodia, S. Washing, LEAP: Efficient Security Mechanisms for Larg-Scale Distributed Sensor Networks. : s.n., ACM Conference on Computer and Communication Security [35] Zhang, Kun, Wang, Cong and Wang, Cuirong. A Secure Routing Protocol for Cluster-Based Wireless Sensor Networks Using Group Key Management. s.l. : IEEE Computer Society, pp. 1-5, [36] Ruan, Zhiquang, Li, Qiaoliang and Li, A Secure Routing Protocol for Clustered Sensor Networks. Sujun. s.l. : IEEE, pp [37] Srinath, Rampur, Reddy, A. Vasudev and R.Srinvasan. AC: Cluster Based Secure Routing Protocol for WSN. s.l. : IEEE, Third International Conference in Networking and Services [38] Tang, Liang and Li, QiaoLiang. S-SPIN: A Provably Secure Routing Protocol for Wireless Sensor Network. s.l. : IEEE, IEEE International Conference on Communication Software and Network. pp [39] Zhou, Jiliang, et al. Zhangiajie An Intrusion-tolerant Secure Routing Protocol with key exchanges for Wireless Sensor Network. : IEEE, International Conference on Information and Automation. pp [40] Gui, Nike, et al. A Secure Routing and Aggregation Protocol with Low Energy Cost for Sensor Networks. s.l. : IEEE Computer Society, 2009 International Symposium of Information Engineering and Electronic Commerce. pp [41] Li, Ping, Zhang, Jin and Lin, Ya-ping. Multipath-Based Secure Routing Algorithm for Sensor Network. Dalian, China : IEEE, 6th world conference on Intelligent Control and Automation [42] Eschenauer, L and Gligor, V.D. Key Management Scheme for Distributed Sensor Networks.. 9th ACM Conference on Computer and Communication Security. pp [43] Jiang, Yuan-X- And Zhao, Bao-Hua. A Secure Routing Protocol with Malicious Node Detecting and Diagnosing for Wireless Sensor Networks. s.l. : IEEE Computer Society IEEE Asia- Pacific Services Computing Conference. pp , [44] Wen, Song, Du, Ruiying and Zhang, Huanguo. A Segment transmission secure routing protocol for wireless sensor network. s.l. : IEEE. pp [45] Chan, H, Perrig, A and Song, D. Random Key Predistribution schemes for sensor networks Security and Privacy. Symposium on Carnegie Mellon Univ. pp [46] Yao, Xuanxia and Zheng, Xuefeng. A Secure Routing Scheme Based on Multi-objective optimization in Wireless Sensor Network. s.l. : IEEE Computer Society International Conference on Computational Intelligence and Security [47] Yin, Changqinh, et al. Secure Routing for Large-Scale Wireless Sensor Network. s.l. : IEEE, ICCT2003. pp [48] Rosenberg, Aravind Iyer, Sunil S. Kulkarni, Vivek Mhatre, Catherine P. A Taxonomy-based Approach to Design of Large-scale Sensor network. s.l. : Springer, [49] Krishnamachari, Bhaskar. Neworking Wireless Sensor. s.l. : Cambridge University Press, [50] Fleeger, C. P. Security in Computing, 3rd edition. s.l. : Prentice-Hall, [51] Cordeiro, Carlos De Morais and Agrawal, Dharma Prakash. Adhoc and Sensor Network : theory and applications. s.l. : World Scientific Publishing Pte. Ltd, [52] Law, Yee Wei, Doumen, Jeroen and Hartel, Pieter. Benchmarking Block Ciphers for Wireless Sensor Networks (Extended Abstract)., IEEE International Conference on Mobile Ad-hoc and Sensor Systems. pp [53] Perrig, A., et al. SPINS: Security Protocols for Sensor Networks., Wireless Networks, vol. 8, no. 5, pp [54] Du, Xiaojiang and Xiao, Yang.A Survey on Sensor Network Security. Wireless Sensor Networks and Applications. s.l. : Springer US, 2008, pp [55] Willig, A, Wireless sensor networks: concept,. e & i Elektrotechnik und Informationstechnik, pp , [56] Carlo, et al. Perfectly-Secure Key Distribution for Dynamic Conferences. Blundo, Advances in Cryptology - CRYPT0 92, LNCS 740, pp [57] Iyer, Aravind, et al. A Taxonomy-based Approach to Design of Large-scale Sensor Networks. Wireless Sensor Networks and Applications. s.l. : Springer, 2008, pp