International Journal of Advancements in Research & Technology, Volume 2, Issue 7, July-2013
ISSN 2278-7763
473
Comparative Analysis of Hop-to-Hop and
End-to-End Secure Communication
Shital Y. Gaikwad
M. Tech. (Second Year Student)
(Computer Network and Information Security)
SGGS Institute of Engineering and Technology,
Vishnupuri, Nanded. (M.S.), India
shitalygaikwad@gmail.com
Abstract — End-to-End secure communication
between sensor and sink is important in network
communication management. In majority cases End-toEnd secure communication is largely ignored since most of
us give importance to Hop-to-Hop communication. Endto-End secure communication protocol in randomly
deployed wireless sensor network is based on methodology
called differentiated key pre-distribution [19]. Here, the
main idea is to distribute different number of keys to
different sensors to speed up the resilience of certain links.
To determine the optimum protocol parameters in the
End-to-End Secure communication, the theoretical
analysis is necessary and it is being discussed in this
paper. It is observed that End-to-End solution can provide
secure communication between the sensor nodes and the
sink in the Wireless Sensor Network (WSN). The
theoretical analysis was practically attempted to prove its
work and same been discussed in this paper.
U. V. Kulkarni
Professor and Head,
Department of Computer Science and Engineering,
SGGS Institute of Engineering & Technology,
Nanded - 431606, Maharashtra, INDIA.
uvkulkarni@sggs.ac.in
In this process End-to-End secure communication
can naturally be done via Hop-to-Hop encryption or
decryption. In the first approach there are some
limitations in multi-hop WSN because it stops the
working of intermediate sensors performing
encryption/decryption along the path. This function is
important for interpreting and aggregating data at
intermediate sensors to save energy. To protect from
fake packets injection attack, denial of service attack
etc. it is authenticated. Hence in WSNs, we need to use
hop by hop based encryption/decryption in providing
End-to-End secure communication. In the second
approach, the system works well if all links in the
network are highly resilient. It is very difficult but not
impossible to achieve high resilience for all the links in
randomly deployed WSNs since it depends on inherent
resource limitation of sensors, nature of random
deployment and presence of attacks.
To provide security, communication in sensor
network should be encrypted and authenticated. It is
important to prevent unauthorized users from
eavesdropping, obstructing and tampering with sensor
data, and launching denial-of-service (DOS) attacks
against entire network. A secure routing protocol
should handle any attack in a way so that network
continues to function properly [4, 7 and 8].
WSNs are collection of nodes where each node has
its own sensor, processor, transmitter and receiver and
such sensors usually are low cost devices that perform a
specific type of sensing task. Being of low cost such
sensors are deployed densely throughout the area to
monitor specific event. The traditional security
mechanisms are authentication, symmetric key
encryption and decryption and public key infrastructure
cryptography. The major challenge is to deploy the
above encryption techniques or their counterparts in a
sensor network which is characterized with constrained
memory, power supply and processing capability.
Today, Intrusion Detection Systems are widely
used as a security solution in a wired network in the
form of software/hardware by which one can detect
IJOART
Keywords — WSNs, security, attacks, Advanced
Encryption Standard
1. INTRODUCTION
Now a day’s WSN is used in military, emergency,
railway, aero-plane and inquiry applications, in which
sensor nodes need to send sensed data to the sink.
WSNs can be deployed in both indoors and outdoors.
Depending on the deployment platform, there are
various applications for such sensor networks. In some
cases under certain conditions sensor nodes cannot be
deployed and thus randomly deployed into the field. In
such cases to save the data from attacker End-to-End
secure network is important [2, 5, 9, 13, 16 and 18].
There are two approaches to provide a high degree
of End-to-End secure communication in WSN.
 There is unique pair wise key into each sensor and
the sink, prior to deployment which allows each
sensor to use this pair wise key to encrypt the
communication with the sink.
 In second approach it provides Hop-to-Hop secure
communication between neighboring sensors into
the network.
Copyright © 2013 SciResPub.
IJOART
International Journal of Advancements in Research & Technology, Volume 2, Issue 7, July-2013
ISSN 2278-7763
474
unwanted services going on in the system by way of
enhanced/abnormal network activity and identifying
suspicious patterns that may indicate whether the
network/system is under attack. For WSN several
schemes were proposed but they have limited features
like only concerned to attacks on a particular layer [15,
17 and 20]. Some others have also proposed a
theoretical framework that is not suitable at deployment
time. Xbow (developer of Mica mote) and Ambient
System (developer of μ node) were first two companies
who produced sensor nodes for commercial use.
Recently Sun Microsystems have also developed a
WSN platform that runs java code “on-the-metal” on
their motes known as Sun SPOTs.
Figure 1. Sybil Attack
2.
ATTACKS ON WSN
The security breaches occur primarily in the form of
interruption that breaks down the communication links,
interception which is unauthorized access of WSN is
again modified means change of data by unauthorized
access and fabrication means addition of false data by
unauthorized accesses [1, 11, 14, and 22].
2.1. Denial of service: This type of attack results into
making unavailable the resources to their intended
users. As an example node A sends request to node B
for communication and node B acknowledges to node
A but A keeps on sending request to B continuously. As
a result B is not able to communicate with any other
nodes and thus intended information becomes
unavailable to all of them. Denial of service attack may
also occur at physical layer by jamming that is by
broadcasting mechanism and/or tampering i.e. by
modification or fabrication of the packet.
2.2. Attack on information in transit: In case of WSNs
usually each node reports changes to a cluster head or
base station only for data above some threshold.
Information in transit may be altered, spoofed, replayed
again or vanished. In this type of attack attacker has
high processing power and large communication range.
This type of attack may be prevented by data
aggregation and authentication techniques.
2.3. Sybil attack: In this attack as shown in Fig. 1 the
attacker gets illegally multiple identities on one node.
By this, the attacker mostly affects the routing
mechanism. Sybil attacks are generally prevented by
validation techniques.
2.4. ‘Hello flood’ attack: This is one of the simplest
attacks in WSNs in which attacker broadcasts HELLO
packets with high transmission power to sender or
receiver. The nodes receiving the messages assume that
the sender node is nearest to them and sends packets by
this node. By this attack congestion occurs in the
network. This is a specific type of DOS. Blocking
techniques are used to prevent Hello Flood attacks.
2.5. Black hole/ Sinkhole Attack: In this type of attack
as shown in Fig. 2, attacker places himself in a network
with high capability resources (high processing power
and high band width) by which it always creates
shortest path. As a result, all data passes through
attackers’ node.
IJOART
Copyright © 2013 SciResPub.
Figure 2. Black hole/Sinkhole Attack
3. ALGORITHM FOR HOP-to-HOP
COMMUNICTION
Here we present the algorithm for Hop-to-Hop
communication in which, we use Ad-hoc on Demand
Distance vector protocol for choosing routing path for
the better communication. The proposed algorithm data
packet is used to transmit the information from node to
node. User Datagram packet is designed to control the
signals and subsequently to control traffic generator in
the node. As a check transport layer is available in the
network, the data goes to the destination, without losing
its designed route to the destination. Further, Media
access control code and authentication are checked data
from the source to the destination. As the result the
IJOART
International Journal of Advancements in Research & Technology, Volume 2, Issue 7, July-2013
ISSN 2278-7763
packet goes to application layer ultimately. The steps in
the algorithm are listed below in figure 3.
Step1: Start
Step2: Initialize wireless sensor node
a. Key distribution in (AODV)
b. Data packet proposed
Step3: Agent node initiated
Step4: Traffic generator
a. Data packet (AODV)
b. Down the process
Step5: Check transport layer it is available in the
network then it goes to the destination and it
will not route.
Step6: MAC (authentication check)
Step7: Send authentication to destination
Step8: Reach the packet to the destination after it
goes to the application layer.
Step9: End.
Figure 3: Steps for Hop-to-Hop communication
4.
ALGORITHM FOR END-to-END SECURE
COMMUNICTION
475
Here we put forth the algorithm for End-to-End
communication in figure 4 by using AODV protocol for
choosing routing path for safe, sound and intact
communication and transmission of secure data. In this
process, the proposed algorithm data packet is used to
transmit the information from node to node. In order to
complement the prior process, we designed to control
the signals by using User Datagram Protocol packet. In
the earlier processes we have used the traffic control
generator mechanism in node. Further it confirms the
presence of transport layer in the network. The data
goes to the destination without losing its route hence
MAC code and authentication is checked, resulting in
making the node sending authentic data from the source
to the destination. If destination is not available, node
will send the data to the source address and source
broadcast address hence resulting in creation of new
link. When the destination is available, keys are
checked. Consequently the data is not only encrypted
and decrypted but also forwarded to the next node. As a
result the packet goes to the application layer.
5. KEY GENERATION
IJOART
Step1: Start
Step2: Initialize wireless sensor node
a) Key distribution in(AODV)
b) AES algorithm initialize
c) Data packet proposed
Step3: Agent node
Step4: Traffic generator
a) Data packet (AODV)
b) AES- Encryption/ Key code
Down the process
Step5: Check transport layer it is available in the
network then it goes to the destination and it
will not route.
Step6: MAC (authentication check)
Step7: Send authentication to destination
Step8: Destination is not available that time sent
(ACK) to the source, source broadcast and
new link created
Step9: Destination is available check the Tr-key and
Rx-key and checks the process.
Step10: payload (data packet) encryption/decryption
and forward to next.
Step11: Reach the packet to the destination after it
goes to the application layer.
Step12: End.
Figure 4: Steps for End-to-End secure communication
Copyright © 2013 SciResPub.
By using AES, secret keys in End to End
communication are created. Here, AES must be a
symmetric block cipher with a block length of 128 bits
and support for key lengths of 128,192 and 256 bits [3,
6, 10, 12 and 21].
AES is used in End-to-End communication with a
motive of securing the communication and the data as
well. It is applicable to all keys and to all nodes. If the
first node communicates with the neighbor, the
neighbor node decrypts the key and it creates its own
key to communicate with the other neighbor and the
same process goes on.
6. SIMULATION RESULTS
In
packets
packets
to-Hop
packets
AES.
these graphs the x axis shows number of
being sent, whereas y axis shows number of
being received for both End-to-End and Hopcommunications which depicts that more
are lost in Hop-to-Hop than End-to-End due to
End-to-End delay packets:
X AXIS VALUES STATISTICS:
Minimum: 44.0000000000
Maximum: 590.0000000000
Y AXIS VALUES STATISTICS:
Minimum: 0.0000000000
Maximum: 0.0017043800
Hop-to-Hop delay packets:
X AXIS VALUES STATISTICS:
IJOART
International Journal of Advancements in Research & Technology, Volume 2, Issue 7, July-2013
ISSN 2278-7763
Minimum: 32.0000000000
Maximum: 1078.0000000000
Y AXIS VALUES STATISTICS:
Minimum: 0.0000000000
Maximum: 0.1520521342
476
X AXIS VALUES STATISTICS:
Minimum: 0.3035373920
Maximum: 99.9975590300
Y AXIS VALUES STATISTICS:
Minimum: 1.0000000000
Maximum: 5.0000000000
Figure 5. Analysis of HOP-to-Hop and End-to-END
communication.
Figure 7. Capability of Hop-to-Hop method.
The figure 5 shows graph for delay between Hopto-Hop and End-to-End communication which is clearly
proving that the delay is more in Hop-to-Hop than Endto-End communication.
The figure 7 depicts the number of packets being
lost against number of packets being sent. Here, the x
axis shows packet sent and y axis shows the packet
received for Hop-to-Hop.
IJOART
Figure 6. Efficiency of proposed approach
The figure 6 depicts the number of packet being
lost against number of packet being sent, x axis shows
the packet being sent and y axis shows the packet
received for End-to-End.
End-to-End sending packets:
X AXIS VALUES STATISTICS:
Minimum: 0.3005350000
Maximum: 99.9969550000
Y AXIS VALUES STATISTICS:
Minimum: 1.0000000000
Maximum: 384.0000000000
End-to-End receiving packets:
Copyright © 2013 SciResPub.
Hop-to-Hop sending:
X AXIS VALUES STATISTICS:
Minimum: 0.3005350000
Maximum: 99.9997455060
Y AXIS VALUES STATISTICS:
Minimum: 1.0000000000
Maximum: 703.0000000000
Hop-to-Hop-receiving:
X AXIS VALUES STATISTICS:
Minimum: 0.3035373920
Maximum: 99.9978976150
Y AXIS VALUES STATISTICS:
Minimum: 1.0000000000
Maximum: 498.0000000000
7. CONCLUSIONS
It was observed that in the End-to-End secure
communication, the loss of packets is almost four times
less than that of Hop-to-Hop communication. It implies
that the simulation and throughput is better in End to
End secure communication. Worth to note, that the
packet delivery ratio is high in End-to-End secure
communication at lower simulation time. As against
this, in Hop-to-Hop packet loss is more and throughput
is less. We observed that Simulation time is high and
the packet delivery ratio is low in Hop-to-Hop.
IJOART
International Journal of Advancements in Research & Technology, Volume 2, Issue 7, July-2013
ISSN 2278-7763
So in this experimental work we observed that in
the End-to-End communication the packet transfer is
better than Hop-to-Hop by using AES.
Hence, we have practically proved that the End-toEnd secure communication outwits the Hop-to-Hop
communication in transmitting and receiving the
accurate information.
REFERENCES
[1] A. Das, “An unconditionally secure key management scheme for large scale heterogeneous wireless sensor networks, “in Proc. First International
Comm. Syst. Netw. Workshops, pp. 1-10, 2009.
[2] Abhishek Pandey, R. C. Tripathi, “A Survey on
Wireless Sensor Networks Security”, International Journal of Computer Applications (0975 –
8887), Volume 3, No. 2, pp. 43-49, June 2010.
[3] Alzaid, D. Park, J. Nieto, C. Boyd, and E. Foo, “A
forward and backward secure key management in
wireless sensor networks for PCS/SCADA," Sensor Syst. Software, pp. 66-82, 2010.
[4] Al Sakhib Khan Pathan, Hyung-woohee, Cheeng
Seon Hong, “Security in Wireless Sensor Networks: Issues & Challenges,” ICACT, Feb 2006.
[5] B. Schneier, “Fast Software Encryption”, Cambridge Security Workshop Proceedings, SpringerVerlag, 1994, pp.191-204, December 1993.
[6] D. Liu, P. Ning, and W. Du, “Group-based key
predistribution for wireless sensor networks,"
ACM Trans. Sensor Netw., vol. 4, no. 2, pp. 1-30,
2008.
[7] H. Chan, A. Perrig, and D. Song, “Random key
predistribution schemes for sensor networks," in
Proc. IEEE Symp. Research Security Privacy,May
2003.
[8] H. Jen-Yan, I. Liao, and H. Tang, “A forward authentication key management scheme for heterogeneous sensor networks," EURASIP J.Wireless
Commun. Netw., 2010.
[9] H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang,
“Self-Securing Ad Hoc Wireless Networks,” In
Seventh IEEE Symposium on Computers and
Communications (ISCC '02), 2002.
[10] K. Ren, W. Lou, and Y. Zhang, “LEDS: providing
location-aware end to-end data security in wireless sensor networks," IEEE Trans. Mobile Comput., vol. 7, no. 5, pp. 585-598, May 2008.
[11] L. Eschenauer and V. D. Gligor, “A keymanagement scheme for distributed sensor networks," in Proc. 9th ACM Conf. Comput. Commun. Security, Nov. 2002.
[12] N. Canh, Y. Lee, and S. Lee, “HGKM: a groupbased key management scheme for sensor networks using deployment knowledge," in Proc. 6th
477
Annual Commun. Netw. Services Research Conf.,
pp. 544-551, 2008.
[13] N. Gura, A. Patel, A. Wander, H. Eberle, and S.
C.Shantz, “Comparing Elliptic Curve Cryptogra
phy and RSA on 8-bit CPUs,” August 2004.
[14] P. Andreou, D. Zeinalipour-Yazti, P. Chrysanthis,
and G. Samaras, “In network data acquisition and
replication in mobile sensor networks,” Distributed Parallel Databases, pp. 1-26, 2011.
[15] R. Merkle, “Protocols for public key cryptosystems,” In Proceedings of the IEEE Symposium on
Research in Security and Privacy, Apr 1980.
[16] S. Chellappan, W. Gu, X. Bai, B. Ma, D. Xuan,
and K.Zhang, “Deploying wireless sensor networks under limited mobility constraints,"
IEEETrans. Mobile Comput., vol. 6, no.10, Oct.
2007.
[17] S. Choi, V. Sarangan, and S. Trost, “Key management in wireless sensor networks with internetwork sensor roaming," in 33rd IEEE Conf. LocalComput. Netw. 2008.
[18] Shuai Xang, Jie Liu, ChuxiaoFan, Xioying Zhang,
Junwei Zou, “A New Design of Security in Wireless Sensor Network using Efficient Key Management Scheme,” IEEE 2010.
[19] Wenjun Gu, Neelanjana Dutta, Sriram Chellappan
and Xiaole Bai, “Providing End-to-End Secure
Communications in Wireless Sensor Networks,”
IEEE transactions on network and service management, vol. 8, No. 3, September 2011.
[20] Yunho Lee, Soojin Lee, “A New Efficient Key
Management Protocol for Wireless Sensor and
Actor Networks, ” (IJCSIS) International Journal
of Computer Science and Information Security,
Vol. 6,No. 2, 2009.
[21] Y. Zhang, W. Liu, W. Lou, and Y. Fang, “Location-based compromise tolerant security mechanisms for wireless sensor networks," IEEE J. Sel.
Areas Commun., vol. 24, no. 2, pp. 247-260,
2006.
[22] Y. Zhang, W. Yang, K. Kim, and M. Park, “An
AVL tree-based dynamic key management in hierarchical wireless sensor network," in Proc. International Conf. Intelligent Inf. Hiding Multimedia Signal Process., pp. 298-303, 2008.
IJOART
Copyright © 2013 SciResPub.
IJOART