[0001] The present disclosure relates, in general, to wireless sensor networks, and more
specifically, relates to a means for secure transmission of data in underwater wireless sensor
networks.
BACKGROUND
[0002] Background description includes information that may be useful in understanding
the present disclosure. It is not an admission that any of the information provided herein is prior
art or relevant to the presently claimed disclosure, or that any publication specifically or
implicitly referenced is prior art.
[0003] Security is one of the main objectives while designing protocols for underwater
wireless sensor networks (UWSN). Since the sensors in UWSN are vulnerable to malicious attac
kit becomes easy for opponents to manipulate the communication channel of UWSN and its
nodes. Authentication and data integrity play important roles in the context of security to make
network scalable and survivable.
[0004] The techniques of machine learning for a fault tolerant, reliable, and secure frame
workare available in the art. This technique suggests collection of information from the
environment and passes its inconsistencies from events to actuators in the deployed network. A
node has to follow specific rules in a network. This helps in building trust among the nodes. The
trust is qualitative and asymmetric in nature. If the rules are not followed by a node then it is
identified as an errant node i.e. to be eliminated from the network to restrict further
communication. Collaborative secure localization algorithm based on trust model (CSLT) is
developed for ensuring location security on the basis of trust model. Secure trust-based key
management system (STKF)is a trust-based framework that relies on the past and present
interaction between the nodes. In this framework the faulty node is isolated from the network
route and a link is developed within remaining nodes.
[0005] Use of clustering improves the lifetime of the system. A cluster-based secure
synchronization (CLUSS) protocol guarantees synchronization security even under harsh
3
underwater environments with respect to numerous malicious attacks such as sybil attack, delay
attack, replay attack, and message manipulation attack. Cluster based Key management Protocol
(CKP) is used for hierarchical networks. This protocol is based on the analysis made around the
security and mobility issues in UWSN.A low computational complexity authentication
mechanism is known in the art on the basis of the vandermonde matrix. Matrix multiplication has
been replaced by the matrix addition in order to minimize the overhead involved with
computation. Also, the mechanism is self-sustaining and irreversible. This improves the UWSN
security to a greater extent. An appropriate ticket-based authentication mechanism is known in
the art for UWSN after analysing the type of tickets selected in the authentication protocol for
WSN.
[0006] A set of signature mechanism called as hash-based sequential aggregate and
forward secure signature (HaSAFSS) is known in the art. It permits the signer to create a fixed
size and compact signature which can be verified publicly with minimum computation expense.
A secure as well as reliable data distribution mechanism, capable of facilitating forward secrecy
is known in the art. In this scheme, an optimized data distribution technique is presented to
enhance the probabilistic backward secrecy as well as data reliability. A solution has been
provided for routing attacks. A secure and anonymous routing technique is provided in which
short signature algorithm is used in route structure for validation between source-destination
node pair. Anonymity is achieved using trap-door system in routing the messages. A distributed
detection and mitigation technique are known in the art to mitigate routing attacks. The
behaviour of neighbours is monitored by storing their ongoing traffic details. A security suite
that bears a protected routing protocol and a set of cryptographic primitives is known in the art. It
assures privacy and reliability in underwater communication.
[0007] Previously, very few schemes were suggested for reliable communication in UWSN
and there created a space for further enhancement in attaining energy efficient technique having
decreased delay and packet drop. Recently, investigators work in WSN and have designed
numerous techniques for secure data aggregation. The situation has also created the need to
implement the existing techniques in underwater network to explore the consequences in a
diverse environment.
[0008] Therefore, there is a need for a means to use real-time parameters to improve the
data reliability in the network by reducing the energy consumption and delay.
4
OBJECTS OF THE PRESENT DISCLOSURE
[0009] An object of the present disclosure relates generally to under water wireless sensor
networks, and more specifically, relates to a method and system for authenticating the
communication devices to participate in the network in a secure way.
[0010] Another object of the present disclosure is to provide a secure authentication and
protected data aggregation (SAPDA) method for the cluster-based structure of UWSN to provide
a concise and stable network.
[0011] Another object of the present disclosure is to provide a system that uses real-time
parameters to improve the data reliability in the network by reducing the energy consumption
and delay.
[0012] Another object of the present disclosure is to provide a system that uses
authentication and data aggregation modules in cluster-based approach to improve quality of
service (QoS) parameters to reduce delay, packet drop, and to enhance packet delivery ratio and
network life time.
[0013] Yet an other object of the present disclosure is to provides a SAPDA method that
proves to be valid and secure by using trusted encryption schemes.
SUMMARY
[0014] The present disclosure relates generally to underwater wireless sensor networks,
and more specifically, relates to a method and system for authenticating the communication
devices to participate in the network in a secure way.
[0015] In an aspect, the present disclosure provides a method for secure transmission of
data through a network, the method including: receiving, at a computing device operatively
coupled to the network, from each of the cluster head nodes, an authentication request, the
authentication request encrypted by a first generated encryption factor, each of the one or more
cluster head nodes configured to receive data from sensor nodes; receiving, at the computing
device, from each of the cluster head nodes, a hash value signed with the first generated
encryption factor; decrypting, at the computing device, for each of one or more gateway nodes,
the authentication request from the at least one of the cluster head nodes operatively coupled to it
using a second generated encryption factor corresponding with the first generated encryption
5
factor, each of the gateway nodes operatively coupled with at least one cluster head node;
wherein each of the gateway nodes can be configured to generate an authentication confirmation
signal corresponding to the at least one of the cluster head nodes operatively coupled to it upon
determination of positive correlation between the encrypted authentication request and the
decrypted authentication request; receiving, at each of the gateway nodes upon authentication of
the at least one cluster head node, data from the at least one cluster head node, wherein the data
from the at least one cluster head node can be transmitted to a base station operatively coupled
with each of the gateway nodes, from each of the gateway nodes, and wherein the computing
device can configured to determine, at the base station, integrity of the received data based on the
hash value.
[0016] In an embodiment, the base station can be configured to link cluster head nodes
with the gateway nodes through an acoustic links or any combination thereof.
[0017] In another embodiment, each of the one or more sensor node can be configured to
protect the sensed data using symmetric encryption.
[0018] In another em bodiment, the hash values are selected from a group including data
identifier, timestamp and any combination thereof.
[0019] In another embodiment, the base station, upon receiving the data from the at least
one cluster head node, compares the hash value of the data associated with each of the sensor
nodes.
[0020] In another embodiment, the base station, in response to detecting a difference in the
hash value of the data, discard the compromised data and isolate the associated sensor node.
[0021] In an aspect, the present disclosure provides a system for secure transmission of
data through a network, the system including: one or more cluster head nodes configured to
receive data from sensor nodes; one or more gateway nodes, each gateway node operatively
coupled with at least one cluster head node and configured to receive data from the at least one
cluster head node; a base station operatively coupled to each of the gateway nodes and
configured to receive data from the one or more gateway nodes; a processor operatively coupled
with the one or more cluster head nodes, the one or more gateway nodes and the base station, the
processor configured to: receive, from each of the cluster head nodes, an authentication request,
the authentication request encrypted by a first generated encryption factor; receive, from each of
the cluster head nodes, a hash value signed with the first generated encryption factor; decrypt, at
6
each of the gateway nodes, the authentication request from the at least one of the cluster head
nodes operatively coupled to it using a second generated encryption factor corresponding with
the first generated encryption factor, wherein each of the gateway nodes can be configured to
generate an authentication confirmation signal corresponding to the at least one of the cluster
head nodes operatively coupled to it upon determination of positive correlation between the
encrypted authentication request and the decrypted authentication request; receive, at each of the
gateway nodes upon authentication of the at least one cluster head node, data from the at least
one cluster head node, wherein the data from the at least one cluster head node can be
transmitted to the base station from each of the gateway nodes, and wherein the processor can be
configured to determine, at the base station, integrity of the received data based on the hash
value.
[0022] Various objects, features, aspects, and advantages of the inventive subject matter will
become more apparent from the following detailed description of preferred embodiments, along
with the accompanying drawing figures in which like numerals represent like components.
BRIEF DESCRIPTION OF THE DRAWINGS
[0023] The following drawings form part of the present specification and are included to
further illustrate aspects of the present disclosure. The disclosure may be better understood by
reference to the drawings in combination with the detailed description of the specific
embodiments presented herein.
[0024] FIG. 1 illustrates an exemplary representation of a system for secure transmission of
data in a wireless network using secure authentication and protected data aggregation (SAPDA),
in accordance with an embodiment of the present disclosure.
[0025] FIG. 2 illustrates an exemplary representation of an approach for secure
transmission of data in a wireless network using SAPDA, in accordance with an embodiment of
present disclosure.
[0026] FIG. 3 illustrates an exemplary representation for data transmission using SAPDA,
in accordance with an embodiment of the present disclosure.
[0027] FIG. 4 illustrates an exemplary flow diagram for a method for secure transmission
of data through a network, in accordance with an embodiment of the present disclosure.
7
DETAILED DESCRIPTION
[0028] The following is a detailed description of embodiments of the disclosure depicted in
the accompanying drawings. The embodiments are in such detail as to clearly communicate the
disclosure. However, the amount of detail offered is not intended to limit the anticipated
variations of embodiments; on the contrary, the intention is to cover all modifications,
equivalents, and alternatives falling within the spirit and scope of the present disclosure as
defined by the appended claims.
[0029] If the specification states a component or feature “may”, “can”, “could”, or “might”
be included or have a characteristic, that particular component or feature is not required to be
included or have the characteristic.
[0030] As used in the description herein and throughout the claims that follow, the
meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates
otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on”
unless the context clearly dictates otherwise.
[0031] The use of any and all examples, or exemplary language (e.g., “such as”) provided
with respect to certain embodiments herein is intended merely to better illuminate the invention
and does not pose a limitation on the scope of the invention otherwise claimed. No language in
the specification should be construed as indicating any non – claimed element essential to the
practice of the invention.
[0032] The present disclosure relates generally to underwater wireless sensor networks,
and more specifically, relates to a method and system for authenticating the communication
devices to participate in the network in a secure way.
[0033] In an aspect, the present disclosure relates to a method for secure transmission of
data through a network, the method including: receiving, at a computing device operatively
coupled to the network, from each of the cluster head nodes, an authentication request, the
authentication request encrypted by a first generated encryption factor, each of the one or more
cluster head nodes configured to receive data from sensor nodes; receiving, at the computing
device, from each of the cluster head nodes, a hash value signed with the first generated
encryption factor; decrypting, at the computing device, for each of one or more gateway nodes,
the authentication request from the at least one of the cluster head nodes operatively coupled to it
8
using a second generated encryption factor corresponding with the first generated encryption
factor, each of the gateway nodes operatively coupled with at least one cluster head node;
wherein each of the gateway nodes can be configured to generate an authentication confirmation
signal corresponding to the at least one of the cluster head nodes operatively coupled to it upon
determination of positive correlation between the encrypted authentication request and the
decrypted authentication request; receiving, at each of the gateway nodes upon authentication of
the at least one cluster head node, data from the at least one cluster head node, wherein the data
from the at least one cluster head node can be transmitted to a base station operatively coupled
with each of the gateway nodes, from each of the gateway nodes, and wherein the computing
device can configured to determine, at the base station, integrity of the received data based on the
hash value.
[0034] In an embodiment, the base station can be configured to link cluster head nodes
with the gateway nodes through an acoustic links or any combination thereof.
[0035] In another embodiment, each of the one or more sensor node can be configured to
protect the sensed data using symmetric encryption.
[0036] In another embodiment, the hash values are selected from a group including data
identifier, timestamp and any combination thereof.
[0037] In another embodiment, the base station, upon receiving the data from the at least
one cluster head node, compares the hash value of the data associated with each of the sensor
nodes.
[0038] In another embodiment, the base station, in response to detecting a difference in the
hash value of the data, discard the compromised data and isolate the associated sensor node.
[0039] In an aspect, the present disclosure relates to a system for secure transmission of
data through a network, the system including: one or more cluster head nodes configured to
receive data from sensor nodes; one or more gateway nodes, each gateway node operatively
coupled with at least one cluster head node and configured to receive data from the at least one
cluster head node; a base station operatively coupled to each of the gateway nodes and
configured to receive data from the one or more gateway nodes; a processor operatively coupled
with the one or more cluster head nodes, the one or more gateway nodes and the base station, the
processor configured to: receive, from each of the cluster head nodes, an authentication request,
the authentication request encrypted by a first generated encryption factor; receive, from each of
9
the cluster head nodes, a hash value signed with the first generated encryption factor; decrypt, at
each of the gateway nodes, the authentication request from the at least one of the cluster head
nodes operatively coupled to it using a second generated encryption factor corresponding with
the first generated encryption factor, wherein each of the gateway nodes can be configured to
generate an authentication confirmation signal corresponding to the at least one of the cluster
head nodes operatively coupled to it upon determination of positive correlation between the
encrypted authentication request and the decrypted authentication request; receive, at each of the
gateway nodes upon authentication of the at least one cluster head node, data from the at least
one cluster head node, wherein the data from the at least one cluster head node can be
transmitted to the base station from each of the gateway nodes, and wherein the processor can be
configured to determine, at the base station, integrity of the received data based on the hash
value.
[0040] FIG. 1 illustrates an exemplary system for secure authentication and protected data
aggregation(SAPDA), in accordance with an embodiment of the present disclosure.
[0041] Referring to FIG.1, system 100 for secure authentication and protected data
aggregation (SAPDA) for the cluster-based structure of underwater wireless sensor networks
(UWSN) can be provided. The cluster-based arrangement produces a concise and stable network.
The UWSN includes sensor nodes 102-1, 102-2…..102-N (which are collectively referred to as
sensor nodes 102 and individually referred to as the sensor node 102, hereinafter), cluster heads
nodes 104-1, 104-2……, 104-N(which are collectively referred to as cluster heads nodes 104 and
individually referred to as the cluster head node 104, hereinafter), gateway nodes106-1, 106-
2……..106-N (which are collectively referred to as gateway node106 and individually referred to
as the gateway node106, hereinafter), and base station (BS) 108.A processor 110 can be installed
with every cluster head node 104, gateway node 106 and base station 108 and can be configured
to process or forward the information/data. The sensor network can be connected to base station
108 via a gateway node 106.The base station 108 can be deployed offshore, onshore or any
combination thereof.
[0042] In an embodiment, the sensor network includes multiple clusters. Each of the
clusters includes cluster head node104 and multiple sensor nodes 102. The sensor node 102 can
be deployed in underwater and includes a sensor and can collects information using the sensor.
10
Authentication and data integrity can play important roles in the context of security to make
network scalable and survivable.
[0043] In an embodiment, the cluster head node 104 can be connected to each of the sensor
nodes 102 in the cluster. The cluster head node can process the collected information to reduce a
possibility of misinformation of the information collected from each of the sensor nodes 102 and
can deliver the processed information to the base station 108. The cluster head node 104 of the
sensor network can be self-configured to work as the sensor node or the cluster head node to
provide real-time service. The gateway node 106can deliver the information received from the
cluster head node to the external network e.g., base station, Internet etc.
[0044] In another embodiment, the cluster head node 104 in each cluster can be
authenticated by the gateway node 106 to ensure that all the clusters are being handled by valid
nodes. Also, the data being communicated in the network can be securely handled to ensure that
it may not get compromised during network operations. In this way, the security of all the nodes
can be ensured to maintain safe network communication.
[0045] In another embodiment, each sensor node 102 can be a part of minimum one
cluster that itself may be managed by cluster headnode 104. The base station 108 can link cluster
head node 104 with the gateway node 106 through an acoustic links. The gateway node has
unlimited energy resources and perfect timing information. Multiple gateway 106 can transfer
information with each other through radio frequency (RF) links.
[0046] In an embodiment, the system can be configured to perform secure authentication.
The cluster head node 104 of each of the clusters in the underwater network configured to send
an authentication registration request to the one or more gateway nodes 106. The authentication
request can be encrypted by a secret key. The cluster head node 104 further creates hash value
and signs it using secret key for sending the request to t e gateway node 106. The gateway node
106 configured to decrypt the requestusing public key of the cluster head node, and can retrieve
hash value of data identifier (ID) and timestamp value at which the request can be generated.
Each of the gateway nodes 106 can be configured to generate an authentication confirmation
signal corresponding to the cluster head nodes 104 upon determination of positive correlation
between the encrypted authentication request and the decrypted authentication request.
[0047] Private key and public key are a part of encryption that encodes the information. The
gateway 106 can compare its hash value with the retrieved value. If hash values match, then the
11
gateway node 106 can send registration confirmation to the cluster head 104. The gateway node
106 can authenticate the cluster head node 104 by sending the registration confirmation response
to the cluster headnode 104. The sensor nodes 102 can collect information using the sensor. Each
sensor protects the data using symmetric encryption. Symmetric encryption is a type of
encryption where a secret key can be used to both encrypt and decrypt the information. The
entities communicating via symmetric encryption must exchange the key so that it can be used in
the decryption process.
[0048] In an embodiment, each sensor can protect the sensed data using symmetric
encryption. The encrypted data can be transmitted to the respective cluster headnode 104. The
cluster head node 104 can send the aggregated data to base station 108upon authentication of the
cluster head node 104. The base station 108 can be configured to determine the integrity of the
received data based on the hash value. The base station 108 can be configured to analyse the
aggregated data and can detect compromised data through timestamp values, whereby the
compromised data can be discarded and associated node can be isolated.
[0049] In another embodiment, the AquaSim tool of NS2 version 2.30 can be used for
simulation and data analysis. To simulate the scheme in UWSN, the underwater channel and
underwater propagation model can be used. Underwater Mac can be used as the media access
control (MAC) layer protocol and considered area size as 1000 x 1000 m2
region for a span of
100 seconds. For example, 200 sensor nodes are randomly deployed that remain static. The
numbers of attackers varied from 1 to 10. The other parameters used are given in table 1.
Name of
Parameter
Value of Parameter
Number of Nodes 200
Time Span Taken 100 sec
Traffic Source CBR
Traffic Rate 50Kbps
Attackers 1 to 10
Propagation Two Ray Ground
Antenna OmniAntenna
Initial Energy 10000 Joules
12
Transmission Power 2.0 Watts
Receiving Power 0.75 Watts
Table1: Parameters used for simulation and data analysis
[0050] However, these are just exemplary values, and that the actual values can be a wide
range, and the values included here are just for illustrative purposes other values and integer
multiples are possible as well.
[0051] The data transmission can be performed with high security and securely aggregated
by the cluster headnode 104. The aggregated data can be checked for its authenticity by the base
station 108 through its time stamp and detected compromised data can be discarded to ensure the
safety of the remaining aggregated data. The detected compromised/malicious node can be then
isolated from the cluster to maintain network security.
[0052] FIG. 2 illustrates an exemplary block diagram of SAPDA, in accordance with an
embodiment of present disclosure.
[0053] Referring to FIG.2, SAPDA 200 can be divided into two modules: secure
authentication module 202 (also referred to as first module 202, herein) of cluster head nodes and
protected data aggregation module 204 (also referred to as second module 204, herein). In first
module 202, the cluster head node104 can be authenticated by a gateway node106. The
authentication can be required to ensure that the cluster head node104 serving each cluster may
be a valid node and may not compromised. This confirms that the cluster can be under safe
operation. In second module 204, each sensor protects the data using symmetric encryption,
before sending to the cluster head node 104. The data can then aggregate in a secure manner and
transmitted to the base station 108. Any compromised data, if detected through time stamp
values, can be handled to ensure secure network operation.
[0054] In secure authentication of cluster head node, after route establishment among the
clusters, all the cluster head node104 can be authenticated to the gateway node106. Each cluster
head node104 in the network initially generates secret keySKCH and registration requestCH_RR
with the gateway node 106.The registration request message generated by the cluster head
node104 includes an identifier of cluster head node104 and an identifier of gateway node
106 CHid , GWid .
13
[0055] In an embodiment, the cluster head node104 further creates hash value of the request
CH_RR, Ts1
and signs it using secret key for sending the request to the gateway node 106. Time
stamp at which the request can be generated at the cluster head node104 can be included in the
hash value. The cluster head node104 can be configured to send the registration request message
MRREQ = SKCH H CH_RR, Ts1
to the gateway node 106.The gateway node106 decrypts the
request using public key PKCH and retrieves CH_RR and Ts1
. The gateway node106 creates
registration confirmation CH_RC and generates hash value of H CH_RC, Ts2
. The registration
confirmation generated by the gateway node 106 includes an identifier of cluster head node 104
and an identifier of gateway node 106 CHid , GWid .
[0056] In an embodiment, both hash values e.g., gateway hash value H CH_RC, Ts2
can be
compared with the retrieved value H CH_RR, Ts1
by ignoring small variation to authenticate
the cluster headnode 104. Once the gateway confirms that the cluster head node is a valid node,
the gateway node 106 signs H CH_RC, Ts2
using SKGW to create MRRES as MRRES =
SKCH H CH_RC, Ts2
. The registration confirmation can be sent to the cluster head node 104 by
the gateway node 106.
[0057] The cluster head node can decrypt the response message using public key of gateway
nodePKGW and can retrieve H CH_RC, Ts2
. In this way, every cluster head node104 can be
individually and securely authenticated by the gateway node106 to ensure that any malicious
node is not controlling the cluster operation that leads to safeguarding the cluster from being
compromised.
[0058] In an embodiment, after ensuring that the selected cluster head node104 can be
authentic, the sensor nodes 102transfer data to the respective cluster head node 104. Each sensor
protects the data using symmetric encryption, before sending to the cluster head node 104. The
data at cluster head node104 can be aggregated securely and further transmitted to base station
108 where compromised data, if any detected, can be handled accordingly.
[0059] In an embodiment, the gateway node106 initially generates master key Km and then
builds encrypted key Ki
for each sensor nodes Si
in the cluster using as Ki = H Km ∥ Si
, while
transmitting sensed data , sensor nodes 102builds a hash value e.g., HMAC = MAC D ∥
Ts3 .Sensor nodes 102 canencrypt HMAC along with the sensed data and can be transmitted to
the respective cluster head104 as DEnc(i) = EncK D ∥ HMAC ∥ Sid . The cluster head configured
14
to collect encrypted messageDEnc(i)
from all the sensor nodes as DEnc(col) = DEnc(1) + DEnc(2) +
⋯ + DEnc(n) because i = 1,2, … , n.
[0060] In an embodiment, the cluster head node 104 aggregates the encrypted message with
its own encrypted data DEnc(CH) and transmitted to the base station as DEnc(agg) = DEnc(col) +
DEnc(CH)
. Base station 108 decrypts the aggregatded message DEnc(agg) using decryption key Kd
and retrieves and Ts
sent by each Si
. The base station can compare the time stamp value e.g.,
Ts3 associated with each sensor nodes 102. If any timestamp value can be found to be older than
other values, then the associated sensor nodes can be confirmed as malicious and the sensed data
of the respective sensor nodes can be discarded.
[0061] In this way, the data transmission is performed with high security and securely
aggregated by the cluster head. The aggregated data can be checked for its authenticity by the
base station through its time stamp and detected compromised data can be discarded to ensure
the safety of the remaining aggregated data. The detected compromised/malicious node can then
be isolated from the cluster to maintain network security.
[0062] FIG. 3 illustrates an exemplary process flow diagram of SAPDA, in accordance
with an embodiment of the present disclosure.
[0063] Referring to FIG. 3, the process 300 of SAPDA includes the cluster head nodes 104
that can be deployed in the network. Each cluster head node 104 can be connected to one or
more sensor nodes 102 in the cluster. Each cluster head node 104 can generate a registration
request message MRREQ = SKCH H CH_RR, Ts1
to authenticate with its gatewaynode106. The
gateway node 106, upon receiving the registration request message, transmits the registration
response message MRRES = SKCH H CH_RC, Ts2
to authenticate the valid cluster headnode
104.
[0064] In an embodiment, each sensor node 102 protects the data DEnc(i) = EncK D ∥
HMAC ∥ Sid using symmetric encryption, before sending to the cluster head node. The cluster
head node can collect data from all the sensor nodes as DEnc(col) = DEnc(1) + DEnc(2) + ⋯ +
DEnc(n) because i = 1,2, … , n and aggregates the data. The aggregated data can be transmitted to
the base station. The base station 108 can decrypt the aggregated data e.g., DEnc(agg) =
DEnc(col) + DEnc(CH)and retrieves the sensed data and the timestamp. The aggregated data is
checked for its authenticity by the base station 108 through its time stamp value and detected
15
compromised data can be discarded to ensure the safety of the remaining aggregated data. The
detected compromised/malicious node can then be isolated from the cluster to maintain network
security. The data at the cluster head can be aggregated securely and further transmitted to base
station, where compromised data, if any detected, can be handled accordingly.
[0065] FIG. 4 illustrates an exemplary method for secure transmission of data through a
network, in accordance with an embodiment of the present disclosure.
[0066] Referring to FIG.4, the method includes receiving 402, at a computing device
operatively coupled to the network, from each of the cluster head nodes, an authentication
request. The authentication request encrypted by a first generated encryption factor, each of the
cluster head nodes configured to receive data from the sensor nodes. A hash value signed with
the first generated encryption factor can be received 404, at the computing device, from each of
the cluster head nodes.
[0067] In an embodiment, the method includes decrypting 406, at the computing device,
for each of the gateway nodes, the authentication request from the at least one of the cluster head
nodes operatively coupled to it using a second generated encryption factor corresponding with
the first generated encryption factor. Each of the gateway nodes operatively coupled with at least
one cluster head node, wherein each of the gateway nodes can be configured to generate an
authentication confirmation signal corresponding to the at least one of the cluster head nodes
operatively coupled to it upon determination of positive correlation between the encrypted
authentication request and the decrypted authentication request.
[0068] In an embodiment, the method further includes receiving 408, at each of the
gateway nodes upon authentication of the at least one cluster head node, data from the at least
one cluster head node, wherein the data from the at least one cluster head node can be
transmitted 410 to a base station operatively coupled with each of the gateway nodes, from each
of the gateway nodes, and wherein the computing device can be configured to determine, at the
base station, integrity of the received data based on the hash value.
[0069] The present invention, in various embodiments, includes components, methods,
processes, systems and/or apparatus substantially as depicted and described herein, including
various embodiments, sub-combinations, and subsets thereof. Those of skill in the art will
understand how to make and use the present invention after understanding the present disclosure.
The present invention, in various embodiments, includes providing devices and processes in the
16
absence of items not depicted and/or described herein or in various embodiments hereof,
including in the absence of such items as may have been used in previous devices or processes,
e.g. for improving performance, achieving ease and\or reducing cost of implementation.
[0070] It should be apparent to those skilled in the art that many more modifications
besides those already described are possible without departing from the inventive concepts
herein. The inventive subject matter, therefore, is not to be restricted except in the spirit of the
appended claims. Moreover, in interpreting both the specification and the claims, all terms
should be interpreted in the broadest possible manner consistent with the context. In particular,
the terms “comprises” and “comprising” should be interpreted as referring to elements,
components, or steps in a non-exclusive manner, indicating that the referenced elements,
components, or steps may be present, or utilized, or combined with other elements, components,
or steps that are not expressly referenced. Where the specification claims refer to at least one of
something selected from the group consisting of A, B, C … and N, the text should be interpreted
as requiring only one element from the group, not A plus N, or B plus N, etc. The foregoing
description of the specific embodiments will so fully reveal the general nature of the
embodiments herein that others can, by applying current knowledge, readily modify and/or adapt
for various applications such specific embodiments without departing from the generic concept,
and, therefore, such adaptations and modifications should and are intended to be comprehended
within the meaning and range of equivalents of the disclosed embodiments. It is to be understood
that the phraseology or terminology employed herein is for the purpose of description and not of
limitation. Therefore, while the embodiments herein have been described in terms of preferred
embodiments, those skilled in the art will recognize that the embodiments herein can be
practiced with modification within the spirit and scope of the appended claims.
While various embodiments of the present disclosure have been illustrated and described herein,
it will be clear that the disclosure is not limited to these embodiments only. Numerous
modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled
in the art, without departing from the spirit and scope of the disclosure, as described in the
claims.
17
ADVANTAGES OF THE PRESENT DISCLOSURE
[0071] The present disclosure provides a system that uses real-time parameters to improve
the data reliability in the network by reducing the energy consumption and delay.
[0072] The present disclosure provides a system in which the use of multiple sink nodes in
the method proves the effectiveness.
[0073] The present disclosure provides a SAPDA system proves to be valid and secure by
using trusted encryption schemes.
[0074] The present disclosure provides a system with authentication and data aggregation
modules in cluster-based approach to improve QoS parameters to reduce delay, packet drop, and
to enhance packet delivery ratio and network life time.
[0075] The present disclosure provides a system provided with authentication module in
which every cluster head can be individually and securely authenticated by the gateway to ensure
that any malicious node is not controlling the cluster operation that leads to safeguarding the
cluster from being compromised.
[0076] The present disclosure provides a system provided with data aggregation module in
which data transmission is performed with high security and securely aggregated by the cluster
head.

We Claim:

1. A method for secure transmission of data through a network, said method (400)
comprising:
receiving (402) , at a computing device operatively coupled to the network, from
each of a plurality of cluster head nodes (104), an authentication request, said
authentication request encrypted by a first generated encryption factor, each of the cluster
head nodes (104) configured to receive data from sensor nodes (102);
receiving (404), at the computing device, from each of the cluster head nodes
(104), a hash value signed with the first generated encryption factor;
decrypting (406) , at the computing device, for each of a plurality of gateway
nodes (106), the authentication request from the at least one of the cluster head nodes
(104) operatively coupled to it using a second generated encryption factor corresponding
with the first generated encryption factor, each of the gateway nodes (106) operatively
coupled with at least one cluster head node (104);
wherein each of the gateway nodes (106) is configured to generate an authentication
confirmation signal corresponding to the at least one of the cluster head nodes (104)
operatively coupled to it upon determination of positive correlation between the
encrypted authentication request and the decrypted authentication request;
receiving (408), at each of the gateway nodes (106) upon authentication of the at least
one cluster head node, data from the at least one cluster head node,
wherein the data from the at least one cluster head node (104) is transmitted (410) to a
base station (108) operatively coupled with each of the gateway nodes, from each of the
gateway nodes, and
wherein the computing device is configured to determine, at the base station (108),
integrity of the received data based on the hash value.
2. The method as claimed in claim 1, wherein the base station is configured to link cluster
head nodes with the gateway nodes through an acoustic links or any combination thereof.
3. The method as claimed in claim 1, wherein each of a plurality of sensor nodes is
configured to protect the sensed data using symmetric encryption.
19
4. The method as claimed in claim 1, wherein the hash values are selected from a group
comprising data identifier, timestamp and any combination thereof.
5. The method as claimed in claim 1, wherein the base station, upon receiving the data from
the at least one cluster head node, compares the hash value of the data associated with
each of the sensor nodes.
6. The method as claimed in claim 5, wherein the base station, in response to detecting a
difference in the hash value of the data, discard the compromised data and isolate the
associated sensor node.
7. A system for secure transmission of data through a network, said system (100)
comprising:
a plurality of cluster head nodes (104) configured to receive data from sensor
nodes (102);
a plurality of gateway nodes (106), each gateway node (106) operatively coupled
with at least one cluster head node and configured to receive data from said at least one
cluster head node;
a base station (108) operatively coupled to each of the gateway nodes and
configured to receive data from the plurality of gateway nodes;
a processor (110) is installed with every cluster head node (104), gateway node
(106), base station (108) to help in processing or forwarding the information, said
processor configured to:
receive, from each of the cluster head nodes (104), an authentication
request, said authentication request encrypted by a first generated encryption
factor;
receive, from each of the cluster head nodes (104), a hash value signed
with the first generated encryption factor;
decrypt, at each of the gateway nodes (106), the authentication request
from the at least one of the cluster head nodes (104) operatively coupled to it
using a second generated encryption factor corresponding with the first generated
encryption factor,
wherein each of the gateway nodes (106) is configured to generate an
authentication confirmation signal corresponding to the at least one of the cluster
20
head nodes (104)operatively coupled to it upon determination of positive
correlation between the encrypted authentication request and the decrypted
authentication request;
receive, at each of the gateway nodes (106) upon authentication of the at
least one cluster head node (104), data from the at least one cluster head node
(104),
wherein the data from the at least one cluster head node is transmitted to the base
station from each of the gateway nodes (106), and
wherein the processor is configured to determine, at the base station (108),
integrity of the received data based on the hash value.