Pseudo-Random Encryption for Security Data Transmission in Wireless Sensor Networks

Abstract

The security of wireless sensor networks (WSN) has become a great challenge due to the transmission of sensor data through an open and wireless network with limited resources. In the paper, we discussed a lightweight security scheme to protect the confidentiality of data transmission between sensors and an ally fusion center (AFC) over insecure links. For the typical security problem of WSN’s binary hypothesis testing of a target’s state, sensors were divided into flipping and non-flipping groups according to the outputs of a pseudo-random function which was held by sensors and the AFC. Then in order to prevent an enemy fusion center (EFC) from eavesdropping, the binary outputs from the flipping group were intentionally flipped to hinder the EFC’s data fusion. Accordingly, the AFC performed inverse flipping to recover the flipped data before data fusion. We extended the scheme to a more common scenario with multiple scales of sensor quantification and candidate states. The underlying idea was that the sensor measurements were randomly mapped to other quantification scales using a mapping matrix, which ensured that as long as the EFC was not aware of the matrix, it could not distract any useful information from the captured data, while the AFC could appropriately perform data fusion based on the inverse mapping of the sensor outputs.

1. Introduction

Wireless sensor networks (WSNs) are commonly deployed in various practical applications to gather information from a hostile area or placements where human intervention is impossible, and thus can support many new and important areas, such as customer satisfaction survey [1], unmanned aerial vehicles [2], military surveillance [3], and fire detection [4]. However, due to the broadcast nature of the wireless network, sensor data are prone to be intercepted by unauthorized receivers [5,6]. The security of WSN mainly involve decentralized detection whereby the sensors send their measurements to an ally fusion center (AFC) which attempts to detect the state of nature using the data received from all the sensors, meanwhile an enemy fusion center (EFC), also located in a vicinity of the AFC, tries to eavesdrop on the wireless communications between sensors and the AFC [7].

The data confidentiality of WSN has been the subject of many studies using different security strategies [8,9]. To facilitate data encryption using symmetric cryptographic algorithms, the authors in [10,11] proposed novel lightweight anonymous authentication and key agreement (AKA) protocols for WSN, which combines multi-security stages: User registration, sensor node registration, login, authentication, key agreement, and password change. However, the issue of scalability remains a great challenge, since a sensor’s life span is largely determined by its energy supply, which is difficult to satisfy when the resource requirements of traditional encryption methods are at a high security level [12]. Therefore, the security solutions which demand excessive processing costs are not suitable for WSN [13].

With these challenges, several novel efficient approaches have been explored. Aysal and et al. [14] proposed that sensors can intentionally generate errors in the transmitted data to confuse eavesdroppers. They assume that the statistics of the induced error pattern is only available to the AFC, and the eavesdroppers who do not know this, fail to detect the real state from the eavesdropped data. In [15], the sensor outputs are randomly flipped through XOR operations on the local observations and independent binary variables. It is shown that using carefully selected operation parameters, we can hinder the EFC from making correct decisions while maintaining an acceptable error rate at the AFC. In [16], the sensor outputs are randomly mapped to other possible quantification levels according to a probability matrix. It is assumed that the AFC is aware of the matrix but the EFC is not. Therefore, the AFC can optimize its decision result along with the mapping probabilities while imposing a high error rate on the EFC. In [17], the authors developed a security scheme based on sensor censorship to maximize the J-divergence of the EFC while ensuring that the divergence of the AFC is zero. In [18], the authors proposed a lightweight encryption scheme whereby sensors flip their local decisions based on the instantaneous channel (to the AFC) fading gains which are unknown to the EFC due to the independence of the physical communication channels. They showed that information-theoretic perfect secrecy can be achieved in the condition that the global flipping and non-flipping data have the same size. However, the channel state information (CSI) changes from time to time, if the data flipping of each sensor is independently decided by its local CSI statistic, it will be difficult to satisfy the required equivalent condition. Moreover, currently most of the security schemes are designed for the binary hypothesis testing problems in which only two opposite candidate states are considered. However, in many practically-oriented applications, the target systems may contain multiple states and quantification scales. Thus a more general security model with a high efficiency is required to ensure the data confidentiality of WSN.

In the paper, we proposed a security data propagation method based on pseudo-random encryption (SDPR) for WSN. The underlying idea is that since most of the random functions generate stochastic sequence in a pseudo-random way, such that as long as the input initial random seed is the same, the functions will always return a same random digital sequence; it is nearly impossible to guess the generated sequence without the seed, even when the employed function is known. Furthermore, the time complexity of the pseudo-random function is much lower than traditional high security encryption algorithms, which makes them more applicable to the resource constrained environment of WSN. It should be noted that pseudo-functions are utilized to control the data interfering process in our method SDPR. The detailed discussion of pseudo-functions is out of the scope of the paper, but anyone interested in it can refer to [19,20,21].

Firstly the typical security problem of distributed binary hypothesis testing in WSN is considered. It is assumed that the sensors report their measurements in the form of binary bits and sequentially transmit them to the AFC. At the beginning of a sensing cycle, the AFC and each sensor $s_i$ select an unique seed (for pseudo-random functions) based on the channel state information. In each duplex time, $s_i$ is randomly assigned to the flipping or non-flipping group based on the output of its random function. The sensors in the non-flipping group directly transmit their binary results to the AFC, while the others perform data encryption in a way to flip their quantized bits (zero turns to one and vice versa). Therefore, the AFC can recover the flipped data while the EFC can not, and the flipping will only prevent the EFC from fusing the correct result. Note that the seeds can be safely decided by the sensors and AFC based on the observation of the main channel state information. In [22,23,24], the wireless channel gains are considered as common randomness exclusively shared by the transmitter and legitimate receiver using the time-division duplexing (TDD) protocol. Specifically, in [18], the magnitude of the channel gain (MCG) is applied to the negotiation of secret keys. As the main channels (sensors to the AFC) and eavesdropping channels (sensors to the EFC) are statistically independent when the EFC is located more than a half wavelength apart from both the sensors and AFC, it is impossible for the EFC to eavesdrop the seed information.

The scheme is then extended to a more common scenario with multiple quantification scales and candidate states. Our goal is to achieve data confidentiality of WSN by ensuring that the data observed by the EFC is useless for detection purposes. It should be noted that the proposed approach has minimal processing requirements and does not introduce any communication overhead.

2. The Description of the Security Model

2.1. System Model

The proposed security scheme SDPR for binary hypothesis testing is referred to as SDPR_B. The sensors observe a common target state which can be ${\theta }_0$ or ${\theta }_1$, and the measurement of each sensor $s_i$ is quantized into binaries (local decision $u_i$) based on the measurement and decision threshold: If the measurement is less than the decision threshold, then $u_i$ = 1 ($s_i$ detected ${\theta }_1$), otherwise $u_i$ = –1 ($s_i$ detected ${\theta }_0$). Let $p(u_i=1|{\theta }_1)$ and $p(u_i=1|{\theta }_0)$ denote the local detection rate $p{d}_i$ and false alarm rate $p{f}_i$ of the i-th sensor respectively. Usually, the environment sensing performance $p{d}_i$ and $p{f}_i$ can be known in advance both by the AFC and EFC. In order to prevent the EFC from detecting the real state, the sensors in the flipping group flipped their binary outputs before sending to the AFC.

2.2. Flipping Encryption

A sensor is assigned to the flipping group if the output of its local pseudo-random function $rand(·)$ is in the flipping domain $[{\tau }_4,{\tau }_3]$. Usually the output sequence of $rand(·)$ is decided by its initial $seed$. Therefore, in order to make sure that the AFC and sensors can synchronously generate the same random sequences at the beginning of each sensing cycle, the AFC and each corresponding sensor $s_i$ decide $see{d}_i$ based on the observation of the instantaneous channel state of the i-th main channel ($s_i$ to AFC), such that $see{d}_i$ = $g_i$, where $g_i$ can be the magnitude of the channel gain or the CQI (channel quality indicator) level. As $g_i$ is only known by the AFC and $s_i$ due to the channel independence between the main channels and the eavesdropping channels [18], the EFC cannot eavesdrop $see{d}_i$ through the captured data in WSN.

Before the data transmission in each duplex time, the AFC first broadcasts pilot signals with flipping thresholds: $\{{\tau }_1,{\tau }_2,{\tau }_3,{\tau }_4\}$, where $\{{\tau }_1>{\tau }_2>{\tau }_3>{\tau }_4\}$, to trigger the sensors to report their local decisions in a time-division duplex (TDD) manner. In particular, the thresholds remain constant during a duplexing time for pilot transmission and sensors’ transmissions, say one block, and changes independently across blocks and sensors. Once the i-th sensor received the pilot signal, it immediately generates a random value ${\phi }_i^{\left(t\right)}$ by $rand(·)$ as shown in Equation (1):

$${\phi }_i^{\left(t\right)}=\left\{\begin{array}{cc}rand\left(see{d}_i\right),\hfill & ift=1\hfill \\ rand({\phi }_i^{(t-1)}),\hfill & ift>1\hfill \end{array}\right.$$

(1)

The encrypted data (output) of the i-th sensor $s_i$ is denoted by $x_i$. If ${\tau }_2<{\phi }_i^{\left(t\right)}<{\tau }_1$, then $s_i$ is put into the non-flipping group and output $x_i=u_i$. On the contrary, $s_i$ is assigned to the flipping group when ${\tau }_4<{\phi }_i^{\left(t\right)}<{\tau }_3$, and its output is $x_i=-u_i$, which is a bit-flipping version of the quantized data. The remaining sensors are dormant. Note that the EFC can also receive the sensor outputs through eavesdropping channels due to the broadcast nature of WSN. We emphasize that since the encryption is based on the pseudo-random functions’ outputs, which are different between sensors, the EFC cannot distinguish the flipped data from the original outputs even if it has eavesdropped the pilot packets from the AFC. As a result, we expect that the EFC fails to detect the target state. In the next section, we will show that the AFC can correctly fuse the received data whereas the EFC totally failed to utilize the captured data.

2.3. The Fusion Result of the AFC

In this section, the fusion result of the AFC based on log-likelihood ratio (LLR) is analyzed. Suppose the number of activated sensors in one duplexing time is $k(k\le N)$, then the input vector, which contains data from all the activated sensors, for the decision fusion is $z^A=[z_1^A\dots z_k^A]$, and according to [25] the LLR-based fusion rule at the AFC is given by:

$$\begin{array}{c}\hfill \mathsf{\Lambda }=log\frac{P\left(z^A\right|{\theta }_1)}{P\left(z^A\right|{\theta }_0)}=\sum _{i=1}^{k}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}\begin{array}{c}{\theta }_1\hfill \\ \gtrless \hfill \\ {\theta }_0\hfill \end{array}0\end{array}$$

(2)

$f(.|.)$ is the conditional probability density function. As the sensor outputs have been randomly flipped, $z_i^A$ may not be the original sensor quantification. Note that the AFC holds the initial $see{d}_i$ of each sensor. Then the original quantized measurement $u_i^A$ of $z_i^A,i=1\dots k$, can be recovered by Equation (3):

$$u_i^A=\left\{\begin{array}{cc}sign\left(z_i^A\right),\hfill & if{\tau }_2<{\phi }_i^{\left(t\right)}=rand({\phi }_i^{(t-1)})<{\tau }_1\hfill \\ -sign\left(z_i^A\right),\hfill & if{\tau }_4<{\phi }_i^{\left(t\right)}=rand({\phi }_i^{(t-1)})<{\tau }_3\hfill \end{array}\right.$$

(3)

where sign($z_i^A$) represents the sign of $z_i^A$. Let $S_1=\left\{i\right|z_i^A=1,{\tau }_2<{\phi }_i^{\left(t\right)}<{\tau }_1\}$, $S_2=\left\{i\right|z_i^A=-1,{\tau }_2<{\phi }_i^{\left(t\right)}<{\tau }_1\}$, $S_3=\left\{i\right|z_i^A=1,{\tau }_4<{\phi }_i^{\left(t\right)}<{\tau }_3\}$, and $S_4=\left\{i\right|z_i^A=-1,{\tau }_4<{\phi }_i^{\left(t\right)}<{\tau }_3\}$. Then the left side of Equation (2) can be rewritten as:

$$\begin{array}{c}\hfill \mathsf{\Lambda }=\sum _{i\in S_1}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}+\sum _{i\in S_2}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}+\\ \hfill \sum _{i\in S_3}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}+\sum _{i\in S_4}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}\end{array}$$

(4)

When $i\in S_1$, it means that the original quantification $u_i^A$ is not flipped and $u_i^A=z_i^A=1$, therefore the LLR value of the i-th sensor in $S_1$ becomes:

$$\sum _{i\in S_1}log\frac{f\left(z_i^A\right|{\theta }_1)}{f\left(z_i^A\right|{\theta }_0)}=\sum _{i\in S_1}log\frac{f(u_i^A=1|{\theta }_1)}{f(u_i^A=1|{\theta }_0)}=\sum _{i\in S_1}log\frac{p{d}_i}{p{f}_i}$$

(5)

In the same manner, we can compute the LLR values in different set $S_2\sim S_4$, finally the LLR based fusion rule can be reduced to the following one:

$$\begin{array}{cc}\hfill \mathsf{\Lambda }& =log\frac{f\left(z^A\right|{\theta }_1)}{f\left(z^A\right|{\theta }_0)}\hfill \\ & =\sum _{i\in S_1}log\frac{p{d}_i}{p{f}_i}+\sum _{i\in S_2}log\frac{1-p{d}_i}{1-p{f}_i}+\hfill \\ & \sum _{i\in S_3}log\frac{1-p{d}_i}{1-p{f}_i}+\sum _{i\in S_4}log\frac{p{d}_i}{p{f}_i}\begin{array}{c}{\theta }_1\hfill \\ \gtrless \hfill \\ {\theta }_0\hfill \end{array}0\hfill \end{array}$$

(6)

Note that this approximation can be viewed as a modified version of the Chair–Varshney fusion rule, which only utilizes local false alarm and detection probabilities [25].

3. Security Analysis

In the security analysis of the proposed scheme, the main concern is whether the EFC can get useful information from the eavesdropped data. At the EFC, the captured data from the i-th sensor is denoted by $z_i^E$ and the input vector for EFC’s fusion rule is $z^E=[z_1^E,z_2^E\dots z_k^E]$. And the final decision of EFC is is shown in Equation (7).

$$\begin{array}{c}\hfill L=log\frac{f\left(z^E\right|{\theta }_1)}{f\left(z^E\right|{\theta }_0)}\begin{array}{c}{\theta }_1\hfill \\ \gtrless \hfill \\ {\theta }_0\hfill \end{array}0\end{array}$$

(7)

From Equation (7) we can see that data confidentiality can be achieved by deriving $f\left(z^E\right|{\theta }_1)$ equals $f\left(z^E\right|{\theta }_0)$, which makes the LLR value at the EFC always equals to zero, and the EFC will totally ignore the data since it cannot make a final decision for the binary hypothesis testing problem when L = 0.

Obviously, the sensor outputs are independent with each other, and $f\left(z^E\right|{\theta }_1)={\prod }_{i=1}^{k}f\left(z_i^E\right|{\theta }_1)$. Then $f\left(z_i^E\right|{\theta }_1)$ is computed with the total probability theorem, as shown in Equation (8).

$$\begin{array}{cc}\hfill f\left(z_i^E\right|{\theta }_1)& =\sum _{u_i}\sum _{x_i}f(z_i^E,x_i,u_i|{\theta }_1)\\ & \hfill =\sum _{u_i}p\left(u_i\right|{\theta }_1)\sum _{x_i}\int f(z_i^E,{\phi }_i,x_i|u_i,{\theta }_1)d{\phi }_i\\ & \hfill =\sum _{u_i}p\left(u_i\right|{\theta }_1)\sum _{x_i}\int f\left(z_i^E\right|{\phi }_i,x_i,u_i,{\theta }_1)·\\ & \hfill f\left({\phi }_i\right)·p\left(x_i\right|{\phi }_i,u_i,{\theta }_1)d{\phi }_i\end{array}$$

(8)

where ${\phi }_i$ denotes the value of the pseudo-random function $rand(·)$ with probability density function $f\left({\phi }_i\right)$, $u_i$ and $x_i$ represent the original measurement and final output of the i-th sensor $s_i$ respectively. $z_i^E$ is conditionally independent of $u_i$, ${\phi }_i$, and ${\theta }_1$ when $x_i$ is known, while $x_i$ is conditionally independent of ${\theta }_1$ when ${\phi }_i,u_i$ are known. Remember that only the sensors whose random values ${\phi }_i$ belong to $[{\tau }_2,{\tau }_1]$ or $[{\tau }_4,{\tau }_3]$ are activated in a duplex time, and we can derive $f\left(z_i^E\right|{\theta }_1)$ as follows:

$$\begin{array}{cc}\hfill f\left(z_i^E\right|{\theta }_1)=& \sum _{u_i}p\left(u_i\right|{\theta }_1)\sum _{x_i}f\left(z_i^E\right|x_i)·\hfill \\ & ({\int }_{{\tau }_2}^{{\tau }_1}f\left({\phi }_i\right)·p\left(x_i\right|{\phi }_i,u_i)d{\phi }_i+\hfill \\ & {\int }_{{\tau }_4}^{{\tau }_3}f\left({\phi }_i\right)·p\left(x_i\right|{\phi }_i,u_i)d{\phi }_i)\hfill \end{array}$$

(9)

Since the EFC cannot be aware of ${\phi }_i$ and its probability density function $f\left({\phi }_i\right)$, it should take into account all the flipping cases: (1) ${\phi }_i\in [{\tau }_2,{\tau }_1],u_i=\pm 1,x_i=u_i;$ (2) ${\phi }_i\in [{\tau }_4,{\tau }_3],u_i=\pm 1,x_i=-u_i$. To simplify the expression, let ${\lambda }_1$ and ${\lambda }_2$ represent ${\int }_{{\tau }_2}^{{\tau }_1}f\left({\phi }_i\right)·p\left(x_i\right|{\phi }_i,u_i)d{\phi }_i$ and ${\int }_{{\tau }_4}^{{\tau }_3}f\left({\phi }_i\right)·p\left(x_i\right|{\phi }_i,u_i)d{\phi }_i$ respectively, then we have:

$$\begin{array}{cc}\hfill f\left(z_i^E\right|{\theta }_1)& =f\left(z_i^E\right|x_i=-1)(1-p{d}_i){\lambda }_1\hfill \\ & +f\left(z_i^E\right|x_i=1)p{d}_i{\lambda }_1\hfill \\ & +f\left(z_i^E\right|x_i=1)(1-p{d}_i){\lambda }_2\hfill \\ & +f\left(z_i^E\right|x_i=-1)p{d}_i{\lambda }_2\hfill \end{array}$$

(10)

If ${\lambda }_1$ and ${\lambda }_2$ satisfy ${\lambda }_1={\lambda }_2=\lambda$, then,

$$f\left(z_i^E\right|{\theta }_1)=f\left(z_i^E\right|x_i=1)\lambda +f\left(z_i^E\right|x_i=-1)\lambda$$

(11)

In the same manner, we can compute $f\left(z_i^E\right|{\theta }_0)$ as follows,

$$f\left(z_i^E\right|{\theta }_0)=f\left(z_i^E\right|x_i=1)\lambda +f\left(z_i^E\right|x_i=-1)\lambda$$

(12)

From Equation (9) we can see that the AFC can easily ensure ${\lambda }_1={\lambda }_2$ as long as the width ${\tau }_1-{\tau }_2={\tau }_3-{\tau }_4$. And when ${\lambda }_1={\lambda }_2=\lambda$, it means that the transmitted data from the flipping and non-flipping groups arrive at the EFC with the same size, and the proposed transmission scheme achieves $f\left(z_i^E\right|{\theta }_1)=f\left(z_i^E\right|{\theta }_0)$. Consequently, the EFC cannot make the final decision for the nature state ${\theta }_1$ or ${\theta }_0$, and it has to totally ignore the captured data.

4. Generalization to the Multiple Decisions

Besides the binary hypothesis testing problem discussed in previous sections, there are many WSN applications involved multiple states $\mathsf{\Theta }=\{{\theta }_1,{\theta }_2\dots {\theta }_m\}$, and the sensor quantifications also have multiple scales $\mathsf{\Xi }=\{{\upsilon }_1,{\upsilon }_2\dots {\upsilon }_n\}$. Usually each scale corresponds to an unique conditional probability in different state. Then the AFC needs to make a decision from the multiple candidate states while the EFC also tries to eavesdrop the natural state based on the captured data.

Suppose the received vector is $Z=[z_1,z_2\dots z_k],z_i\in \mathsf{\Xi }$, according to Bayes rules [26], the state which has the maximum posterior probability is selected as the final decision.

$$\underset{j}{max}\frac{P\left(Z\right|{\theta }_j)P\left({\theta }_j\right)}{{\sum }_{i=1}^{n}P\left(Z\right|{\theta }_i)P\left({\theta }_i\right)}$$

(13)

Without loss of generality, we assume that the prior probability of each state is equal, therefore Equation (13) can be simplified to:

$$\underset{j}{max}{\mathsf{\Pi }}_{i=1}^{k}P\left(z_i\right|{\theta }_j)$$

(14)

In order to prevent the EFC from forming the correct fusion result of Equation (14), the proposed SDPR is extended for the case of multiple scales (referred to SDPR_M). As shown in Figure 1, the measurement results are automatically mapped to other quantification scales based on a $1\times n$ mapping matrix $\varphi$ before sending to the AFC. Consequently, the AFC recovers the received data using an inverse mapping before data fusion. To make sure that the AFC and each sensor $s_i$ keep the same mapping matrix ${\varphi }_i$, firstly, they select an initial $see{d}_i$ in a similar manner as described in Section 2 for a pseudo-random function randInt (usually, $randInt\left(see{d}_i\right)=\lfloor min+rand\left(see{d}_i\right)\ast (max-min)\rfloor$), which uniformly generates random integer numbers in a given range [min, max] based on the $see{d}_i$, and $randInt$ always outputs the same sequence of numbers with the same $see{d}_i$. And then, in the t-th time-division sensor $s_i$ generates a random sequence and forms ${\varphi }_i$ using the following process:

• Step 1 initialize ${\varphi }_i=null$, $R=null$, j = 2, n = number of scales;
• Step 2 $R\left(1\right)=randInt\left(see{d}_i\right)$, $temp=R\left(1\right)$;
• Step 3 if $j>n$ update; $see{d}_i=randInt\left(R\left(n\right)\right)$, go to step 5, else $temp=randInt\left(temp\right)$, endif;
• Step 4 if $\forall k<j,R\left(k\right)\ne temp,R\left(j\right)=temp,j=j+1$, endif, go to Step 3;
• Step 5 set ${\varphi }_i=\{\mathsf{\Xi }\left(R\left(1\right)\right),\mathsf{\Xi }\left(R\left(2\right)\right)\dots \mathsf{\Xi }\left(R\left(n\right)\right)\}$.

As shown in Equation (15), if the quantified result of sensor $s_i$ is $u_i={\upsilon }_j$, then the final output $x_i$ is mapped to another scale $x_i={\varphi }_i\left(j\right)$ based on the mapping matrix.

$$x_i={\varphi }_i\left(j\right),if{u}_i={\upsilon }_j,where{\varphi }_i\left(j\right),{\upsilon }_i\in \mathsf{\Xi }$$

(15)

After the data mapping, the output is sent to the AFC to form a decision using Equation (14). Then we analyze the security of the mapping schemes for multiple states and scales.

Firstly, it is assumed that the outputs are transmitted through error-free channels, and the received data from the i-th sensor is $z_i=x_i$. Let us consider the probability of $P\left(z_i\right|{\theta }_j)$ in Equation (14).

$$\begin{array}{cc}\hfill P\left(z_i\right|{\theta }_j)& =\sum _{u_i}P(z_i,u_i|{\theta }_j)\hfill \\ & =\sum _{u_i}P\left(u_i\right|{\theta }_j)P\left(z_i\right|u_i,{\theta }_j)\hfill \\ & \stackrel{\left(a\right)}{=}\sum _{u_i}P\left(u_i\right|{\theta }_j)P(\mathsf{\Phi }\left(u_i\right)=z_i|u_i,{\theta }_j)\hfill \\ & \stackrel{\left(b\right)}{=}\sum _{u_i}P\left(u_i\right|{\theta }_j)P(\mathsf{\Phi }\left(u_i\right)=z_i)\hfill \end{array}$$

(16)

where $\mathsf{\Phi }(.)$ is a mapping function defined on matrix ${\varphi }_i$, such that $\mathsf{\Phi }\left({\nu }_k\right)={\nu }_t$ if ${\varphi }_i\left(k\right)={\nu }_t$ and $P(\mathsf{\Phi }\left(u_i\right)=z_i)$ represents the probability of mapping scale $u_i$ to $z_i$. (a) Follows from the fact that the final output of $s_i$ is decided by the local measurement $u_i$ and the mapping matrix; (b) follows the fact that the mapping probability of $P(\mathsf{\Phi }\left(u_i\right)=z_i)$ is independent of $u_i$ and ${\theta }_j$ when the mapping matrix $\mathsf{\Phi }$ is known. Let $P(\mathsf{\Phi }\left(u_i\right)=z_i)={\lambda }_i$, then $P\left(z_i\right|{\theta }_j)={\sum }_{u_i}P\left(u_i\right|{\theta }_j){\lambda }_i$.

As the random function $randInt$ generate integers uniformly between 1 and n, it can be assumed that the probability of mapping ${\upsilon }_i$ to any ${\upsilon }_j,i,j=1,2\dots n$ is the same and ${\lambda }_1={\lambda }_2\dots ={\lambda }_n=\lambda$. Therefore, Equation (16) is simplified as:

$$\begin{array}{cc}\hfill P\left(z_i\right|{\theta }_j)& =\sum _{u_i}P\left(u_i\right|{\theta }_j)\lambda \hfill \\ & =\lambda \hfill \end{array}$$

(17)

Then we discuss a more complex scenario that the channel is interfered by noise, and for the i-th sensor, the received data is given by $z_i=h_i·x_i+n_i$, where $h_i$ is the channel gain and $n_i$ is the signal noise. If the channel is not error-free, $z_i$ may not equal $x_i$, and $f\left(z_i\right|{\theta }_j)$ in Equation (14) can be derived as follows:

$$\begin{array}{cc}\hfill P\left(z_i\right|{\theta }_j)& =\sum _{u_i}\sum _{x_i}P(z_i,x_i,u_i|{\theta }_j)\hfill \\ & =\sum _{u_i}P\left(u_i\right|{\theta }_j)\sum _{x_i}P\left(x_i\right|u_i,{\theta }_j)P\left(z_i\right|x_i,u_i,{\theta }_j)\hfill \\ & \stackrel{\left(a\right)}{=}\sum _{u_i}P\left(u_i\right|{\theta }_j)\sum _{x_i}P\left(x_i\right|u_i)P\left(z_i\right|x_i)\hfill \\ & \stackrel{\left(b\right)}{=}\sum _{u_i}P\left(u_i\right|{\theta }_j)\sum _{x_i}P(\mathsf{\Phi }\left(u_i\right)=x_i)P\left(z_i\right|x_i)\hfill \end{array}$$

(18)

where (a) follows the fact that $z_i$ is independent of $u_i$ and ${\theta }_j$ when $x_i$ is known, and (b) follows from the fact that the output of $x_i$ is decided by $u_i$ and local mapping matrix. As we have discussed in Equation (17), the probability of mapping $u_i$ to any quantification scale can be the same, and $P\left(z_i\right|{\theta }_j)$ is further derived as:

$$\begin{array}{cc}\hfill P\left(z_i\right|{\theta }_j)& =\sum _{u_i}P\left(u_i\right|{\theta }_j)\sum _{x_i}\lambda P\left(z_i\right|x_i)\hfill \end{array}$$

(19)

The probability of $P\left(z_i\right|x_i)$ in Equation (19) is decided by the physical state of the wireless channel, including channel gains, noise level, etc. However, the physical channel can be assumed to be stable during one duplex time, and ${\sum }_{x_i}P\left(z_i\right|x_i)$ is a constant value $P_i$, which is not related to the candidate state ${\theta }_j$. Finally we can have:

$$\begin{array}{cc}\hfill P\left(z_i\right|{\theta }_j)& =\sum _{u_i}P\left(u_i\right|{\theta }_j)\sum _{x_i}\lambda P\left(z_i\right|x_i)\hfill \\ & =\lambda ·P_i\hfill \end{array}$$

(20)

The AFC can recover the original quantifications based on reverse mapping of ${\varphi }_i$, but the EFC dose not know the mapping matrix, and has to fuse the raw data using Equation (14). According to Equations (17) and (19), the EFC for any input vector $Z=[z_1,z_2\dots z_k]$ and candidate state ${\theta }_j,j=1,2\dots m$, 1) in error-free channels $P\left(Z\right|{\theta }_j)={\mathsf{\Pi }}_{i=1}^{k}P\left(z_i\right|{\theta }_j)={\lambda }^k$; 2) in noise channels $P\left(Z\right|{\theta }_j)={\mathsf{\Pi }}_{i=1}^{k}P\left(z_i\right|{\theta }_j)={\lambda }^k·{\mathsf{\Pi }}_{t=1}^k{P}_t$. For both of the two cases, the conditional probability of the fusion rules in Equation (14) is all the same no matter what the candidate state ${\theta }_j$ is. Therefore, it will be nearly impossible for the EFC to generate correct decisions based on the captured sensor data.

5. Simulation Results

5.1. Experiments on Binary Hypothesis Testing

In this section, a group of simulations were carried out to test whether SDPR_B could prevent the EFC from eavesdropping the real state, while the AFC could correctly fuse the sensor outputs when there were only two candidate states.

The comparison objects include security fusion rules proposed in [18] (referred to Jeon), in which the sensors’ binary decisions are flipped based on instantaneous channel gains in the main channels to the AFC. In addition, the performance of the Optimum-LLR proposed in [26], where the optimum LLR based fusion rule is derived without the presence of the EFC, is considered as the lower bounds of the error probability.

For ease of comparisons, we adopted a similar condition as in [18], the sensors were deployed into a star-like topology and the main channel gains were assumed to follow a Rayleigh distribution. Furthermore, the sensors have the same local detection performances $p_f=0.2, p_d=0.9$. The total error probability by $P_{\epsilon }=\mathsf{\Delta }(1-P_d)+(1-\mathsf{\Delta })P_f$ is taken as the criterion of fusion performance, where $P_d$ and $P_f$ are the detection and false alarm probabilities at the fusion center, respectively, and $\mathsf{\Delta }=0.5$ is a weighting factor.

The first round of comparisons were carried out in ideal conditions that the channel gains strictly followed the Rayleigh distribution. The results are shown in Figure 2, Figure 3 and Figure 4, which depict the weighted error probability of the AFC and EFC with different signal to noise rate (SNR) and sensor number.

From Figure 2 and Figure 4, we can see that Optimum-LLR achieved the lowest error probability (lower bound). However, Optimum-LLR does not take any security mechanism against eavesdropping, thus the EFC can get the same low error rate as that achieved by the AFC. For SDPR_B, its error probability at the AFC was near to that of Optimum-LLR, and obviously better than Jeon. That is because the AFC could recover the flipped data using inverse flipping before data fusion. On the other hand, from Figure 3 and Figure 5, we can see that the error probability of the EFC was always near 50% even with high SNR and many sensors, because it could not distinguish the flipped data from the original outputs, which completely interfered its data fusion. Therefore, in the ideal condition, both SDPR_B and Jeon achieved information-theoretic perfect secrecy.

To further test the proposed schemes, we designed another group of comparisons that simulated a more realistic network environment where the channel gains continuously changed and we had no prior-knowledge of the probability distribution of the gains. The results are shown in Figure 6, Figure 7, Figure 8 and Figure 9.

The figures depict that, at the AFC, the error probabilities of SDPR_B and Jeon decrease as the SNR and sensor number increased. Furthermore, for the EFC, the error probability of SDPR_B is always near to 50%, but compared with the results in the ideal condition, the error probability of Jeon apparently decreased. In the real situations, the channel gain, which affects the data flipping of Jeon, dynamically change due to power consumption, external disturbance, etc. Therefore, the numbers of flipping data and non-flipping data of Jeon are not equal any more, resulting in less disturbance to the EFC. As shown in Figure 7 and Figure 9, the average error probability is reduced to 40%, which means the confidentiality of Jeon is compromised. In addition, the data flipping of SDPR_B is controlled by the pre-deployed random function, and when the AFC sets ${\tau }_1-{\tau }_2={\tau }_3-{\tau }_4$ in Equation (9), it ensures that the sizes of the flipped and non-flipped data in the EFC are the same and the two sets of data are self-contradictory, resulting in the error probability of the EFC to be always near 50%, which is a necessary condition of ideal confidentiality for binary hypothesis testing in WSN.

5.2. Experiment on Multiple Scales

In this section, we tested the security schemes involved in multiple scales and states. Our goal is to demonstrate that SDPR_M proposed in the paper can ensure that the fusion result of EFC provides no more information than the priori-knowledge of the natural state, while the AFC can make a correct decision.

Our experiment simulated a common scenario in the industry area: n sensors quantize the vibration velocity of a mechanical system and periodically report the quantifications to the fusion center through WSN. The velocity scale ranges from $S=\{1,2\dots 100\}$, while the candidate states consists of ${\theta }_1,{\theta }_2,{\theta }_3,{\theta }_4$, corresponding to ‘Idle’, ‘Busy’, ‘High Load’, and ‘Broken’ respectively. As shown in Figure 10, the sensor quantifications in different state are assumed to follow Gauss distributions, such that $p\left(x\right|{\theta }_1)\sim N(12.5,8)$, $p\left(x\right|{\theta }_2)\sim N(37.5,8)$, $p\left(x\right|{\theta }_3)\sim N(62.5,8)$, $p\left(x\right|{\theta }_4)\sim N(87.5,8)$ and, $p\left(x\right|{\theta }_i)={\int }_{x-1}^{x}f{\left(x\right)}_{{\theta }_i}dx$. Without loss of generality, the priori-probability of each state is assumed to be the same.

In each round of the simulation, one state ${\theta }_i,i\in \{1,2,3,4\}$ is randomly selected and then the sensor measurements $[u_1,u_2\dots u_n],u_i\in S$ are generated based on the probability density function $p\left(x\right|{\theta }_i)$. As described in Section 4, before data transmission, sensor $s_i,i=1\dots n$ mapped its measurement $u_i$ to another scale based on its mapping matrix to confuse the EFC. An example of data mapping is shown in Figure 11, each rows in (a) represent the original measurements of 20 sensors for a given state ${\theta }_i$, while the rows in (b) are the corresponding mapped results which are totally different from the original ones. Note that the probability of mapping a scale to any one in S is the same. The theoretical number of possible mapping matrix is $100!=9.3326215443944e+157$ and it is nearly impossible for the EFC to recover the original quantifications through brute-force analyzing of the captured data (it will cost more than $3e+132$ years, even if America’s newest top supercomputer ’SUMMIT’ is employed to the analysis).

For comparisons, we employed a native Bayes decision fusion rules [27] which is derived by using the principle of maximum posterior probability without data mapping.

In the first group of comparisons, 30% of the sensor outputs are interfered by White Gaussian noise. Figure 12 depicts the average error probability with different sensor number for 10 rounds of simulations. We see that in [27] as a lower error bound of the AFC, however the EFC has a similar performance too due to the lack of data encryption. Therefore, the EFC can easily eavesdrop the target state based on the captured data. The figure shows that the AFC of SDPR_M has a similar performance with that of [27]. Meanwhile, the EFC of SDPR_M has an apparently higher error probability and the corresponding true detection rate is near 25%, which is the priori-knowledge of the distribution of the 4 states. That is because in SDPR_M, the AFC and sensors deployed same pseudo-random functions and initial seeds, which ensures that they also have same mapping matrices and the AFC can recover the original quantifications through inverse mapping of the received data. In addition, the initial seeds are selected based on the instantaneous state information of the main channels (sensors to AFC). The EFC is unaware of the mapping matrix because of the independence between the main and eavesdropper channels. Therefore the data mapping only causes interference to the EFC’s fusion results.

We can see similar results in Figure 13, which depicts the error probability with different SNRs. The results present a similar trend that the AFC of SDPR_M has a performance close to [27], while the EFC can still not get useful information about the state even with high SNR. The experiment confirmed the capabilities of SDPR_M in that it ensures the security of WSN’s open transmissions while reserving the high performance of the AFC.

To see the performance superiority of the proposed scheme, another group of simulations were carried out to compare SDPR_M with the scheme proposed in [16] where the sensor outputs are randomly mapped to other scales using an optimized stochastic cipher matrix $\mathsf{\Phi }$. Its encryption is converted to solve the following optimization problem of $\mathsf{\Phi }$:

$$\begin{array}{l}{\mathsf{\Phi }}^{\ast }=\underset{\mathsf{\Phi }}{arg}max{J}_A({\alpha }_1\mathsf{\Phi }\mathsf{\Delta }\left|\right|{\alpha }_2\mathsf{\Phi }\mathsf{\Delta })\\ \begin{array}{ll}\mathrm{subject} \mathrm{to}:& 1)0\le {\varphi }_{ij}^{\ast }\le 1,2){\mathsf{\Phi }}^{\ast }{\mathbf{1}}_{m\times 1}={\mathbf{1}}_{m\times 1},\mathrm{and}\\ & 3\left)\right(q_1{\alpha }_1+q_2{\alpha }_2){\mathsf{\Phi }}^{\ast }\mathsf{\Delta }=1/m{\mathbf{1}}_{1\times m}\end{array}\end{array}$$

where $J_A$ is the detection gain of the AFC, $q_1$ and $q_2$ represent priori-probability of two candidate states ${\theta }_i$, i = 1,2, ${\alpha }_i=[p\left(x_1\right|{\theta }_i),p\left(x_2\right|{\theta }_i)\dots p\left(x_m\right|{\theta }_i)]$ represents the post-probability vector of multiple scales in state ${\theta }_i$, ${\varphi }_{ij}$ is the probability of mapping a scale i to another level j, and $\mathsf{\Delta }$ is the transition probability matrix. In addition, the native Bayes fusion rule [27] without data encryption is also compared and its results are taken as a lower bound of the error probability.

The proposed scheme in [16] is limited to two candidate states. For fair comparisons, it is assumed that there are only two states ${\theta }_1$, ${\theta }_2$, and the quantification scales $\{1,2\dots 100\}$ are assumed to follow Gauss distributions in different state: $p\left(x\right|{\theta }_1)\sim N(37.5,12)$, and $p\left(x\right|{\theta }_2)\sim N(62.5,12)$.

The comparison results are depicted in Figure 14 and Figure 15. From the figures, we can see that both SDPR_M and the scheme proposed in [16] ensure that the error probability is around 50% at the EFC. Furthermore, the performance of SDPR_M at the AFC is quite similar to the lower bound shown as the red line. However, the performance at the AFC of [16] obviously deteriorated, especially when the sensor number is less than 20, the error probability is higher than 20%. That is because the optimization problem of the stochastic cipher matrix $\mathsf{\Phi }$ in [16] is NP-hard, and usually its heuristical solutions are suboptimal, which results in the non-trivial degeneration of performance across a wide range of sensor numbers (SNR values). Although the scheme in [16] achieved good confidentiality, it sacrificed the performance of the AFC. Whereas SDPR_M realized a similar security level that maintained data availability of the AFC. In addition, it should be noted that in many applications, both the data confidentiality and the data reliability should be taken into consideration. Therefore, from this point of view our method can be more applicable.

6. Conclusions

In the paper, a lightweight scheme was proposed to protect data confidentiality in a distributed sensor network. The data was supposed to be transmitted over open and insecure channels with the presence of an enemy fusion center EFC, which tried to gather all the transmitted data to form its own decision regarding the state of nature. To prevent the EFC from eavesdropping, the security scheme was designed by exploiting randomness of data flipping (mapping). The main idea was that the activated sensors change their quantized outputs in a random way based on pseudo-random functions known by sensors and the AFC. Thus the EFC who captured the sensor data over the open channels failed to perform data decryption since it could not distinguish the original output from the flipped data. The theory analysis and experimental results demonstrated that the AFC could appropriately decrypt the data, but for the EFC, even with high SNR and large number of sensors, it still could not make right decisions on the state.

We claim that due to the simplicity and low complexity, the proposed solution could be deployed in many resource-limited applications of WSN, including natural disaster monitoring, battlefield situation awareness, remote control of unmanned aerial vehicle, etc. Furthermore, the new pseudo-encryption model opens several future research lines. Being a generalization of data-flipping encryption, we can expect stochastic data flipping to allow better confidentiality while reserving data utility. Exploring the capability limit of pseudo random flipping for data confidentiality is another possible follow-up of this article. Finally, it should be noted that our method is preferred in the condition that the number of sensor quantification scales were stable and known in advance, and how to improve the proposed method for the unpredictable and unstable environment of WSN will be taken into consideration in our future work.