RESEARCH ON NODE AUTHENTICATION SOLUTIONS AND ROUTING BULLETINS IN MULTIMEDIA WIRELESS SENSOR NETWORKS

Or by using the MD5 hash in the GSTP routing protocol [7] and SHA-3 in the GSR routing protocol [8] to provide authentication to both the node and the bulletin, allowing it to secure the

MINISTRY OF EDUCATION AND TRAINING

UNIVERSITY OF TRANSPORT AND COMMUNICATION

-

Tran Huy Long

RESEARCH ON NODE AUTHENTICATION SOLUTIONS AND ROUTING BULLETINS IN MULTIMEDIA WIRELESS

The project was completed at:

University of Transport and Communication

The thesis will be defended at the University-level Doctoral Thesis

Examining Council meeting at University of Transport and Communication

At hour, day month in 2025

This thesis can be found at: Library Information Center - University of Transport and Communications, Vietnam National Library

INTRODUCTION Reasons for choosing the thesis

Energy-efficient routing and security in wireless sensor networks (WSNs) are critical challenges, especially in terms of node authentication and routing messages

to ensure system integrity and safety Many protocols have been developed such as Saleh's authentication protocol [2], Sharma's key distribution algorithm [3], and mechanisms based on elliptic curve cryptography [4] Other studies based on the routing mechanism of the original two-phase greedy geo-relay protocol - TPGF [5] such as the SecuTPGF protocol proposed in [6] used the bulletin authentication code

- MAC to authenticate the origin and protect the information that may change in the routing bulletin However, this incurs high computational costs Or by using the MD5 hash in the GSTP routing protocol [7] and SHA-3 in the GSR routing protocol [8] to provide authentication to both the node and the bulletin, allowing it to secure the 1-stage node identifier and route through that 1-stage node, …

Multimedia Wireless Sensor Network (WMSN) [9] is a special variant of WSN, designed to sense and transmit not only scalar data but also multimedia data [10], including real-time or non-real-time images, audio, and video In order to be able to transmit multimedia data streams when designing a routing protocol for WMSN [9],

it is necessary to ensure three criteria: (1) Multipath transmission; (2) Transmission through holes, and (3) the shortest transmission line In particular, the TPGF Protocol

is a protocol designed specifically for WMSN that meets all three of the above requirements The protocol forms a routing framework based on geographical principles, with the goal of improving the transmission of multimedia data in WMSNs TPGF works through two distinct phases: geo-routing and route optimization However, TPGF was originally designed only for the purpose of efficient routing of multimedia data without any security measures in place, so the protocol is vulnerable to routing attacks Therefore, SecuTPGF [6] has improved on the original TPGF protocol, integrating identity-based security mechanisms to enhance neighbor detection and routing security in WMSNs This protocol implements strict measures against spoofing attacks, Sybil, wormhole, and selective forwarding, ultimately enhancing the overall resilience of the network through improved authentication and secure data transmission In the SecuTPGF routing algorithm, both node and bulletin authentication are performed by the cryptographic mechanism and the MAC, respectively, which requires more computation, thus consuming more power [7]

To ensure proper operation in a WSN environment with resource constraints, optimizing the multimedia data transfer process is essential Therefore, a secure and efficient routing protocol needs to be designed to extend the lifetime of the network while preventing as many attacks as possible Accordingly, research on lightweight cryptography aims to create solutions for compact installations, but does not reduce too much in terms of safety It is a solution that offers a compromise between security and efficiency in the installation of cryptographic algorithms

From the above analysis, PhD students have determined the topic "Research

on node authentication solutions and routing messages in multimedia wireless sensor networks" for their research thesis

Objectives of the thesis:

Overall objectives: Develop an effective, secure, and consistent routing node

and bulletin authentication mechanism with WMSN characteristics

Detail objectives: It is proposed to build new node authentication mechanisms

and routing bulletins based on modern cryptographic mechanisms, consuming minimal energy consumption to ensure routing safety and suitability for sensor nodes with limited resources Evaluate the effectiveness of proposed solutions through simulation

Main contributions of the thesis

The new scientific contributions of the thesis have been achieved with proposals

to improve the TPGF protocol, specifically:

1 Propose a solution to develop additional mechanisms for node authentication and routing messages using lightweight ID-based digital signatures for the TPGF protocol (abbreviated as ECDSA-TPGF)

2 Propose a solution to develop additional mechanisms for node authentication and routing messages using CRC and ECC for the TPGF protocol (abbreviated as LS-TPGF)

These contributions are reflected in scientific articles in the list of published works [J1, J2, J3]

Scientific and practical significance

Contribute to the treasure trove of security knowledge in the WSN, opening up new research directions for lightweight and effective authentication solutions At the same time, it provides effective security solutions for WSN/WMSN systems, ensuring reliability and safety for real-world applications that will be deployed in Vietnam

Layout of the thesis

The thesis is divided into three chapters with the following main contents: Chapter 1, "Routing protocols in multimedia wireless sensor networks"; Chapter 2,

"Proposing solutions to develop additional node authentication mechanisms and routing bulletins using ID-based lightweight numeric signatures for the TPGF protocol"; Chapter 3, "Proposing a solution to develop additional node authentication mechanisms and routing messages using CRC and ECC for TPGF protocol" In the Conclusion, the thesis summarizes the main research results that have been carried out and gives suggestions for the next direction of research and development

CHAPTER 1: ROUTING PROTOCOLS IN MULTIMEDIA WIRELESS

SENSOR NETWORKS 1.1 Multimedia Wireless Sensor Network Overview

1.1.1 Overview of Multimedia Wireless Sensor Networks

An overview of WMSN and its characteristics When designing a routing protocol for WMSN, it is necessary to consider the following three requirements: Multipath transmission; Vulnerability transmission and Shortest transmission These characteristics, challenges and requirements of WMSN have posed many research issues and orientations for the future

In this content, the PhD student focuses on presenting some routing solutions used for WMSN, and analyzes the selection of the TPGF protocol as a basis for developing multimedia transmission methods in WMSN

1.2 TPGF Routing Protocol [5]

TPGF consists of two phases: (1) Geographic transition and (2) Path optimization

1.2.1 Geographic Transition

This first phase is responsible for discovering a routing path that is guaranteed

to be delivered while passing through vulnerabilities in the WMSN

Get 1-hop Neighbor Location

Choose the Next-hop Node which

is the Closest One to the Base Station Among All 1-hop Nodes

Get Base Station Location

Get Current Node Location Deploy Sensor Network

Has Availible Neighbor Node

Can step Back to its Previous-hop Node and Mark Itself as A Block Node

Check whether Base Station in 1-hop

Base Station Return Acknowledgement Optimize Routing Path Release Explored But Unused Nodes End

No

Yes

Yes

No Yes

No Step 2

Step 1

Phase 2 Phase 1

Figure 01.1 TPGF routing algorithm flowchart 1.3 Routing Security Issues in WMSN

Most of the routing protocols at the beginning of construction have no security mechanisms, malicious nodes can carry out any attack such as attacking internal and external adversaries As a result, TPGF [6] is also very vulnerable to a number of

security attacks, e.g., an attacker can send spoofed routing packets and create a routing interruption attack, and can also send false location information during proximity node detection

On the basis of the results of scientific and technological research within the scope of the ministerial-level scientific research project "Research on security solutions in WSN for smart city construction", code DT.44/21 [J6], led by PhD student, the types of attacks on the routing layer and countermeasures are described

in detail as in Appendix A

Based on the results of this study, the PhD student also proposed some typical protocols corresponding to the types of attacks on the layers of WSN (detailed in Appendix B)

1.4 Approaches related to the research topic

1.4.1 Analysis and evaluation of approaches in VietNam

Through a survey of research in the country, PhD students found that most researchers focus on WSN's applied research for the purpose of collecting, processing and providing information from the real world New security studies only focus on the angle of encryption and decryption of data packets, but there is no comprehensive solution to ensure the safety of WSN, especially in the issue of routing Therefore, the research on secure routing in WSN will create a basis for improving security when building and developing WSN in Vietnam

1.4.2 Analyze and evaluate approaches in the world

In developed countries, research on secure routing has been of interest and offers many research directions to address the challenges of encryption, privacy protection, authentication, and key setting such as: Boulaiche [42] introduces a security method that uses MAC and authenticated credentials to secure georouting protocols before attack Das [43] presents a game theory-based mechanism for detecting selfish and malicious nodes to ensure secure routing and ensure packet transmission Khezri [44] proposes a secure routing protocol for vehicle customization (ad-hoc) networks that focuses on authentication, security, and resistance to routing attacks Zhang [45] proposes a new innovative routing method for greedy forwarding, considering factors such as link quality, node shift, and power

to reduce energy consumption, improve packet delivery speed, and extend network lifespan

The SecuTPGF protocol proposed in [6] already uses MAC to authenticate the origin and protect the information that may change in the routing bulletin, however incurs high computational costs The GSTP protocol [7] uses the routing mechanisms

of the original TPGF protocol and applies the MD5 algorithm to provide both node and message authentication, allowing it to secure the identity of the 1-pass node and route through that secured 1-pass node One of the more advanced versions when using hash functions, the GSR protocol [8] identifies rival nodes with low computational power by using the standard SHA-3 algorithm for authentication instead of user-defined authentication methods Comparing MD5 and SHA-3 [45]

with different parameters such as cost, bulletin length, speed, and attacks has described SHA-3 as more secure than MD5 MD5 is faster than SHA-3 but thanks to reduced circuitry, plus low computing power, SHA-3 can perform better on small devices like sensors Therefore, it can be said that GSR is safer and more energy-efficient than GSTP

Research [47] has proven MAC to be considered more secure than MD5, as MD5 has had security vulnerabilities discovered Meanwhile, MAC does not have the same security vulnerabilities and is considered more secure However, MAC can

be slower than MD5 because it uses a secret key to generate the authentication code, while MD5 only uses a data hashing algorithm MAC and SHA-3 are both encryption tools used to protect data integrity However, they have different purposes and applications For the validation of the data and ensuring that it is not modified, then MAC is a good choice However, if it is only necessary to check the integrity of the data and ensure that it has not been altered, then SHA-3 is the better choice because

it provides a unique hash value for each input data set

In fact, NWS are devices with limited resources such as limited battery capacity, low computing power, small storage capacity, and difficulty in applying high-performance software and algorithms The authors [49] conducted a review of different WSN routing models from 2017 to 2021 that found that the main limitations

of WSN are its processing capacity, security, and power consumption These studies confirm the need to develop new, secure, and more effective routing protocols to extend network lifetime and minimize the risk of attacks

1.5 Theoretical basis

1.5.1 Cyclic Redundancy Check (CRC) and Elliptic Curve Cryptography (ECC)

1.5.1.1 Overview of CRC hash function

Suppose, the data series polynomial to be transmitted is M(x) and the generative polynomial, p(x) Then, M(x) and p(x) will have the form

𝑀(𝑥) = 𝑎𝑚 𝑥𝑚+ 𝑎𝑚−1 𝑥𝑚−1+ ⋯ + 𝑎1 𝑥1+ 𝑎0 𝑥0 (1.1) 𝑝(𝑥) = 𝑎𝑛 𝑥𝑛+ 𝑎𝑛−1 𝑥𝑛−1+ ⋯ + 𝑎1 𝑥1+ 𝑎0 𝑥0 (1.2)

in which

- am and an equal to 1 or 0

- The length of the CRC sequence is equal to the length of the polynomial minus 1 and equal to the largest exponent of the polynomial and equal to n

Để thực hiện mã hóa CRC, chuỗi dữ liệu cần truyền sẽ được mở rộng thêm n bit

về phía bên phải bằng cách M(x) được nhân với xn, trong đó n là bậc của p(x) Sau

đó, kết quả được chia modulo cho đa thức sinh p(x) Các hệ số của kết quả tạo thành các bit kiểm tra của CRC

These test bits are added to the message to form from the CRC code:

where " ⨁" is the XOR operation

The decoding of the CRC is done by dividing the modulo of the received message by the initiating polynomial p(x) If the result is 0, it means that the message has not changed, if it is different from 0, the message received is incorrect (has been changed)

1.5.1.2 ECC Overview

Consider that the elliptic curve has the form y2 = x3 + ax + b mod p với 0 ≤ x <

p The constants a and b are non-negative integers that are smaller than the prime p and must satisfy the condition:

Suppose the two nodes A and B both belong to the upper curve and both define

a generator G Set the private keys of A and B respectively to nA and nB The public key of A and B is defined as follows:

1.5.2.1 Evaluate the performance of routing protocols

Evaluate the performance of the protocol via: fast response time (low latency), high accuracy, energy consumption saving, extended life time, …

1.5.2.2 Measuring network performance

These parameters can be described as follows:

- Terminal delay is the amount of time it takes to transmit information from the power node to the sink node The average latency of each leg is Dhope + Dotherfactors

De2e = k × (Dhope+ Dotherfactors) (1.9) where k is the number of steps (number of stages), Dhop is the delay in transmission and Dotherfactor is a delay based on other factors

With each average delay jump (Dhop + Dotherfactors) is a fixed value

At that time:

from (1.10) it can be said that the terminal delay is directly proportional to the number

of k-turns If the number of legs is less, then the terminal latency decreases, i.e the time required to transmit information also decreases

- The path length is calculated as the sum of the link weights with each link visited Some routing protocols use the number of legs to determine the number of relay nodes that a packet must pass through from the source node to the destination node

PLength = k(số lượng cá𝑐 hop (hop)) (1.11)

1.6 Research direction of the thesis

Through the analysis and evaluation, the PhD student has selected the research direction of the thesis as follows:

- Propose a solution to develop additional node authentication mechanisms and routing messages using ID-based lightweight numeric signatures for the TPGF protocol

- Propose a solution to develop additional node authentication mechanisms and routing messages using CRC and ECC for TPGF protocol

1.7 Conclude

This chapter provides an overview of WMSN including the characteristics and security challenges in this network Through the analysis and evaluation of domestic and foreign research related to WSN and WMSN, PhD students have pointed out the shortcomings of previous studies On that basis, the research direction of the thesis is proposed to solve the existing problem to ensure routing safety for the original TPGF protocol, as a basis for the proposed solutions in the research in Chapters 2 and 3 Some of the contents of this chapter have been shown in the publications in documents [J6], [J7], [J8], [J9]

NODE AUTHENTICATION MECHANISMS AND ROUTING MESSAGES USING ID-BASED LIGHTWEIGHT NUMERIC

SIGNATURES FOR THE TPGF PROTOCOL

Chapter 2 presents a lightweight signature-based routing message and node authentication solution for WMSNs The ECDSA-TPGF geographically secure lightweight routing protocol is proposed on the basis of the original TPGF routing protocol improvement, in which the PhD student has added ECC cryptography and CRC hash to create a digital signature for a The sensor node is attached to the routing message This ensures that only sensor nodes and newsletters from trusted sources are accepted and participate in the routing process By using lightweight authentication methods and efficient encryption algorithms, the ECDSA-TPGF routing protocol helps prevent node spoofing attacks and ensures the security of information transmitted over the network The effectiveness of the algorithm has been confirmed through security analysis and simulation evaluation and has been published in [J1], [J3]

2.1 Proposed solution description: Additional development of node authentication and routing bulletins using ID-based lightweight signatures for the TPGF protocol

2.1.1 ID-based digital signature scheme

The solution proposes ID-based lightweight digital signatures as shown in Figure 2.1

Figure 0.1 ID-based digital signature scheme

2.1.1.1 Create a key

1 Choose an elliptic curve using a 128-bit long key that looks like y2 = x3 + ax + b mod p with 0 ≤ x < p The constants a and b are non-negative integers that are smaller than the prime p and must satisfy the condition (1.5)

2 Select a G-initiation point of that elliptic curve, which is used to multiply scalar on the curve This point is made public throughout the network

3 Then, each node (e.g node A) when it needs to relay the news, it will select

a private key by selecting a random number nA<p This private key is responsible for generating a digital signature to prove that data or assets belong to the node with the private key

4 Unlike a private key, the public key is public for all nodes and is calculated

by PA=nAG Elliptic curve multiplication is a trap door operation, meaning that it is easy to calculate in one direction and cannot be calculated in the opposite direction Therefore, the node that owns the private key can easily generate a public key and share it with all nodes without worrying that a node can reverse the public key to take over its private key

2.1.1.2 Create a digital signature

1 Each ID will be transformed into a binary bit which is then hashed using CRC

2 The ECC is then used to create a digital signature on the CRC (h) test value

To perform digital signing, we proceed as follows:

- Pick a random number k in the range [1…p-1];

- Random scoring R = k * G and get its x-coordinate: r = R.x

- Digital Signature Calculation by: s = k-1 * (h + r*nA) (mod p)

in which k-1 is the inverse modularity (also an integer) of k so that: k*k-1 ≡ 1

3 Return the digital signature {r,s}

The calculated number signature { r , s } is a pair of integers, each of which is between [1 p-1] It encodes the random point R = k*G, along with the proof s, which confirms that the signer knows the h bulletin and the privKey private key The proof can be verified using the corresponding public key (pubKey)

2.1.2.3 Digital signature verification

Any node in the network can verify the digital signature of node A using the public key PA shared

1 Inverse of the digital proof module: s1 = s-1 (mod p)

2 Recover random points used in the digital signing process by: R’ = (h*s1)*G + (r*s1)*PA

3 Derived from R' its x-coordinate: r’ = R’.x

4 Calculate the authentication result by attaching the new CRC code obtained from the calculation of the coordinates of R' to the ID, the authentication process is

as follows:

+ The decoding of the CRC is done by dividing the received packet module by the initiating polynomial p(x) and comparing the coefficients of the obtained remainder with the received CRC test bits Errors will appear if the results are different

2.1.3 Proposal to use lightweight signatures for secure routing protocols in

WMSN

The proposed solution consists of three phases: (i) network setup; (ii) discovery

of safe 1-hop nodes; (iii) communication via 1-hop safety nodes

2.1.3.1 Network Setup

Figure 0.2 Network Setup Diagram

After completing the deployment and setup phase, the next stage, explore the secure 1-hop nodes, which are initiated by the network's power node

Begin Deploy WMSN

Get ID of all Sensor Nodes

Hash ID using CRC

Store as Attribute Digital Signature by Private key

2.1.3.2 Phase of discovery of safe 1-hop nodes

This process is described as follows:

Figure 0.3 The proposed solution uses light digital signatures

The algorithm for discovering safe 1-hop nodes is as follows:

Step 1: Each node will broadcast a promotional message to nodes in the

network

For example, Node A will send a newsletter that looks like this:

𝑎 → ∗ ∶ 𝐻𝐸𝐿𝐿𝑂(𝐼𝐷𝐴+ 𝑆𝑖𝑔𝐴, 𝐺𝐿𝐴) (2.1)

in which, IDA is the identity of the node A, and with additional digital signatures SigA

as described in Section 2.1.2; and GLA is the location of the transition node

Step 2: Neighboring node B will proceed to use PA to decrypt the digital signature and validate if node A is in the storage catalog Node B will then send a

newsletter containing the ID and location of Node B to A

𝐵 → 𝐴 ∶ (𝐼𝐷𝐵 + 𝐶𝑅𝐶𝐵, 𝐺𝐿𝐵) (2.2)

Step 3: Node A receives this message also confirms and stores it as a node that

is adjacent to each other hop

Every node in the network verifies that the neighbor is a safe 1-hop node, establishes a secure link, and adds the node to its list of safe 1-hop neighbors as shown

in the figure below:

Figure 0.4 Flow chart exploring safe 1-hop nodes

Wireless channel

Sign ID Encryption

Secure CRC

Public Key

Message

Authentication

Message Secure

Message Sign ID

Get ID of the node

Signature ID

Update the secured neighbour list

2.1.3.3 Transmission phase via secure 1-hop nodes

The transmission process through a secure hop is described as shown below:

Figure 0.5 Secure streaming and forwarding flow charts.

2.2 Evaluation simulation of the proposed ECDSA-TPGF protocol

2.2.1 Network models and assumptions

2.2.1.1 Network models and assumptions

Just like TPGF protocol [5], The built protocol will solve two problems: First,

it will search for all secure transmissions Pnth = {vPn1, ., vPnm} in the chart

Gavailable(Vavailable, Eavailable) after ignoring the dead node (hole) and the attack node It then proceeds to optimize the route with the least number of nodes (Noptimized) among the lines Pnth_optimized were found In which, Pnth_optimized = {vOPn1, ., vOPnm} và (Pnth_optimized ⊆ Pnth)

The performance evaluation parameters have been presented in chapter 1 section 1.5.2

2.2.1.2 Routing attacks and attack patterns

In this section, we will discuss possible attacks during routing such as: Spoofed Routing Attacks (Spoofed Routing Attacks; Spoofing Attacks; Sybil attack; Wormhole attacks; Flooding; Selective Forwarding

2.2.2 Simulation and evaluation of the proposed ECDSA-TPGF protocol

2.2.2.1 Setting up the simulation

To evaluate and analyze the proposed ECDSA-TPGF protocol, PhD students choose the Nettopo simulator, which was designed specifically for the TPGF protocol

by the research team [71], [72] The implementation of the new algorithms in the NetTopo emulator consists of a three-step process: (1) modifying a new node Java class; (2) modify a new topology Java class and register this class; and (3) develop a new algorithm with the support of an existing algorithm

Check if base station is 1-hop

Has available 1-hop nodes

Node sink

acttack

Node source

node parameter

Figure 0.6 ECDSA-TPGF Simulation Setup

The ECDSA-TPGF routing algorithm is built on the basis of the TPGF routing protocol ECDSA-TPGF generates ID-based numeric signatures using two algorithms, CRC and ECC to provide security, its performance is compared to the previous SecuTPGF protocol that has been built with user-defined security algorithms based on various network metrics such as the number of routing paths and the average path length

The simulation parameters are set as below table:

Table 0.1 Simulation parameters ( [6], [7], [8])

Run the SecueTPGF and ECDSA-TPGF algorithms and match them respectively

Figure 0.7 Results of ECDSA-TPGF simulation

Figure 2.7 shows the execution of ECDSA-TPGF in NetTopo, the attack nodes are not included in the transmission lines

2.3.2.2 Assess

Table 2.2 shows a comparison of the simulation results of the average hops calculated before and after optimization in the search for routing paths using the SecuTPGF (initial) and ECDSA-TPGF (proposed) algorithms

Table 0.2 Average hop count under ECDSA-TPGF scenario

Number of

Nodes

Before Optimization After Optimization