ABSTRACT The main goal of the data aggregation schemesin wireless sensor networks is to gather and aggregate data in an energyefficient manner so that network lifetime is enhanced. However, the technique still has the inherent security problems and canbe easily compromised by a vast of attacks, such as reply attacks, datainterception and data tampering, etc. Hence, the goal is to design a secure andefficient data integrity scheme, given an Identity-based aggregate signaturewith a designated verifier for wireless sensor networks. In this model thesensor nodes are grouped into clusters for efficient data transmission, Clusteringis an effective way to enhance the system performance of wireless sensornetworks.

This modelcan not only keep data integrity but also can reduce bandwidth and storage costfor wireless sensor networks. The security of this scheme is provably secure inthe random oracle model under the computational Diffie–Hellman assumption. Keywords: Wireless Sensor Network, Id-based Cryptography, Data Aggregation,Aggregate Signature, Data Integrity, Coalition Attack, Elliptic CurveCryptography, Verifier, Encryption, Decryption. I. INTRODUCTION A wireless sensor network (WSN) is a wireless networkconsisting of spatially distributed autonomous devices using sensors to monitorphysical or environmental conditions, such as temperature, sound, pressure, etc.These sensor nodes, whichconsist of sensing, data processing, and communicating components, result inthe idea of sensor networks based on collaborative effort of a large number ofnodes. Such sensor nodes could be deployed in home, military, science, andindustry applications such as transportation, health care, disaster recovery,warfare, security, industrial and building automation, and even spaceexploration.

In WSNs, data aggregation refersto the use of aggregation techniques to reduce the amount of bytes required tocode the different pieces of information and, thus, the traffic load whichneeds to be processed within the network. Because of these advantages a lot ofattention has been paid to WSNs 1. Sensor nodes are usually resource-limitedand power-constrained; they always suffer from the restricted storage andprocessing resources. The concept of aggregate signature was firstintroduced by Boneh et al.

at Eurocrypt 2003 2.The aggregate signatures are digital signatures where anyone, given nsignatures on n messages from n users, can combine all of these signatures intoa single short signature. The resulting signature can convince a verifier thatthe n users indeed signed the n corresponding messages.

By this way, aggregatesignature can greatly reduce the computational and communication overhead. Hence, aggregation is useful technique inreducing storage cost and bandwidth. However, the technique still has the inherent security problems, such aseavesdropping, reply attacks, data forge and data tampering, etc. Hence,designing a secure and efficient data aggregation method is very significantfor WSNs.

This paper proposes amodel combining the features of aggregate signature scheme and ID-basedcryptography to give an ID-based data integrity scheme using cluster method forWSNs.The security of this model can resist all kind of coalition attacks3. The aggregate signature scheme is valid if and only if every individualsignature used in the aggregation is valid.This paper is classifiedas following: In section-II the basic details of Aggregate Signature schemesand ID based cryptography is discussed. In section-III and section-IV the completesystem and security model of ID-based data integrity scheme is analysed andreviewed and to show how to resist all kinds of coalition attacks. The designand implementation is discussed in section-V. The Simulation results andperformance analysis of this implementation of ID based data integrity scheme isdiscussed in Section-VI and section-VII. Finally, the section-VIII deals withthe conclusion.

II. RELATED WORK The concept of aggregate signature was introducedby Boneh et al in 2003. The main feature of Aggregatesignatures is that it allows an efficient algorithm to aggregate n signaturesof n distinct messages from n different users into one single signature. Theresulting aggregate signature can convince a verifier that the n users didindeed sign the n messages. To let a signature scheme function, the public key has to be bound withthe identity of the owner of the public key. Traditionally, this is provided bythe public key infrastructure (PKI) in which a third party known as certificateauthorities (CAs), issue digital certificates to bind a user and his publickey. In this scheme, before using the public key of a user, the participantmust first verify the certificate of the user, which results in a large amountof computing and storage cost to manage certificates, to overcome theseproblems Shamir introduced the identity-based public key cryptography (ID-PKC)4 to simplify certificate management in PKI systems. In this scheme, theuser’s public key is easily generated from this user’s any unique identityinformation (e.

g. the serial number, a mobile phone number, an email address,etc), which is assumed to be publicly known. A trusted third party, called theprivate key generator (PKG), generates and issues secretly the correspondingprivate keys for all users using a master secret key. Hence, ID-PKC suffersfrom a key escrow problem which implies that all the users have to fully trustPKG. To address the key escrow problem of ID-PKC scheme,Al-Riyami and Paterson 5 inventeda new scheme called certificateless public key cryptography (CLPKC). CL-PKCalso exploits a third party called Key Generation Center (KGC) to help a userto generate his private key. However, the KGC can merely determine part of theprivate key for each user.

In CL-PKC, the user computes the resulting privatekey with the partial private key resulted from the KGC and the secretinformation chosen by the user. As a result, CL-PKC systems avoid the keyescrow problem. Since then, many ID-based aggregate signature schemes have been presented6 7.But, most of the existing CLAS schemes cannot sustain a type ofpractical and harmful attacks called coalition attacks 8.

If a coalitionattack can generate a valid aggregate signature using a few invalid singlesignatures with the collusion of two or more signers. If this attack issucceeded then the aggregate signature will pass the validation. This indicatesthat a valid aggregate signature may fail to prove the validity of every singlesignature involved in the aggregation. So, this paper mainly focuses ondesigning the secured and efficient aggregate algorithm which can resist suchcoalition attacks.

III.SYSTEM ARCHITECTURE The main aim of this system model is to protect data integrity whilereducing bandwidth and storage cost for WSNs.The system architecture consists offour components namely: Key Generator Base Station Aggregator Sensor Nodes Figure1 Architecture of the systemKey Generator is a key server which generates unique public and private keys for basestation and sensor nodes and uses Elliptic Curve Cryptography algorithmto generate keys. It also shares public keys of sensor nodesand base station. Base Station possesses much morecomputational power and larger memory and it is often connectedto a better source of energy. The base station’s primary goal is to gathersensed data from sensor nodes in WSN. Sensed data can be stored, visualized andanalyzed.

Aggregator is one of the important methodsfor prolonging the network lifetime in wireless sensor networks (WSNs). Itinvolves grouping of sensor nodes into clusters and electing cluster heads(CHs) for all the clusters. CHs collect the data from respective cluster’snodes and forward the aggregated data to base station. Sensor Nodes are used by wireless sensor nodes tocapture data from their environment.

They are hardware devices that produce ameasurable response to a change in a physical condition like temperature orpressure. Each sensor nodebelongs to one cluster, sends encrypted messages to their aggregator, and themessages will finally be sent to data center via aggregator. IV. SECURITY MODEL An ID-based Data-Integrity signature (IBDS) scheme is a tuple ofprobabilistic polynomial-time algorithms. The description of each algorithm is as follows.

Setup, KeyGeneration, Sign, Verify, Aggregation, VerifyAgg. Setup: This algorithm is run by a key generation center(KGC). G1, G2 are two cyclic groups of primeorder p. Let ê: G1 × G1 ? G2 be abilinear pairing, and let P bean arbitrary generator of G1. H1, H2 and H arefull-domain collision resistant hash functions.

H1, H2: {0, 1}*? G1, H: G2 ?Z*p. KGC chooses x,y ? Z*p randomly andcomputes P0 = xP, PKctr = yP. Then the system parameters are param = {ê,G1,G2, P, p,H1,H2,H, P0}, themaster secret key is msk = x. The data center’s public-secretverification key is (PKctr =yP, SKctr = y).

Key Generation: This algorithm takes a user’s identity IDi. Compute Qi=H1(IDi) and the sensor node’scorresponding private key is Di = xQi. The KGC sends Dito the user IDi througha secure channel. Sign: Thisalgorithm takes a system parameters params, a message mi, an identity IDi and corresponding private key Di as input, and outputs anindividual signature ? on the message mifor the user with identity IDi and generates ti ? Z p*Ti = tiP,hi = H2(Ti, IDi,mi),Ui = Di + tihi. Verify: This algorithm takes a system parameters params, an identity IDi,a message mi and an individual signature ? as input the verifiercomputes Qi = H1(IDi) and hi= H2(Ti, IDi,mi),then accepts if the following equation holds:ê(Ui, P) = ê(P0,Qi) ê(Ti,hi). Aggregation: This algorithm is run by an aggregate signature generator and allowsthe generator to compress multiple single signatures into an aggregatesignature. Each sensor node with the identity IDi provides a signature ?i = (Ui,Ti, IDi, mi) on a message mi ?{0, 1}of its collection, i = 1, ·· · , n.

the aggregator computes r = H(ê(U1, PKctr), ·· · , ê(Un, PKctr)), ? = (U, T1, · · · , Tn)is the aggregate signature with identities {ID1, ID2, . . .

, IDn}on messages {m1,m2, . . ,mn} respectively. VerifyAgg: To verify the validity of an aggregate signature ?Agg = (U, V, W) formessage-identity pairs {(m1, ID1),. . . ,(mn,IDn)}, the verifier computes agg Qi = H1 (IDi),hi=H2 (Ti,mi, IDi), for i=1,.

. ,n, and checks. Where V.DESIGN AND IMPLEMENTATION A. Design In this model implementation is done by combining thehighlights of aggregate signature scheme and ID-based cryptography, given anID-based Data Integrity scheme (IBDIS) using cluster method for WSNs.

Thismodel mainly focuses on designing the aggregate signature scheme which canverify each and every individual signature of sensor nodes to resist attacks. The sensornodes are grouped into clusters so that network lifetime of nodes is increasedand simultaneously reduces bandwidth and storage cost.The new aggregate signature scheme results in a short aggregatesignature that is valid if and only if every individual signature involved inthe aggregation is valid. In order toprovide the end-to-end confidentiality,Elliptic curve cryptography (ECC) is used.

ECC is a public keycryptography approach based on the algebraic structure of elliptic curves overfinite fields where the elliptic curves are defined over prime fields Fp, wherep is a large prime number. For current cryptographic purposes, an elliptic curve is a plane curve over a finite field (ratherthan the real numbers) which consists of the points satisfying the equation. {displaystyle y^{2}=x^{3}+ax+b,,} Along with adistinguished point at infinity denoted ?.Where a, b ? Fp such that 4a3+ 27b2 ? 0 (mod p).For dealing thesecurity risks, secure data aggregation scheme must provide the followingsecurity requirements.Confidentiality: ensures that the plaintext can only beaccessible by the authorized user. All data captured must be encrypted andprevent intermediate node to access to the plaintext. Integrity: ensures that the received data has not beenaltered, either maliciously or accidentally, during transmission.

Authenticity: ensures that the received data is sent by theclaimed sender. Availability: ensures the survivability of the networkdespite denial of service attacks. Freshness: ensures that each message is recent and noold messages replayed by an attacker. Efficiency: a security protocol mustbe efficient in term of computation and communication overhead in order to preserveenergy and prolong the network life time. ECC algorithm is probabilistic in nature and the security relies on thehardness of algorithm. However, when considering security against activeadversaries, a verification of the data integrity is needed in order to ensurethat all the data were ported successfully, eachsensor of the network computes a tag using HMAC algorithm on cipher text,and every intermediate node then verify the data integrity, execute thehomomorphic operation if the verification hold; otherwise, the packet will bedropped, with this process the data integrity of all packet is maintained and all senders areauthenticated. B.

Implementation The Implemented model of the proposed systemconsists of three major components known as data center, aggregator and sensornodes which are in large numbers. Aggregator works as a cluster head, canproduce the aggregate signature and send it to the data center with themessages generated by the sensor nodes.Thecomplete block diagram of the implementation is shown in the following: Figure2 Block Diagram of the System This paper proposed an improvement for ID-Based Aggregate Signature Scheme byproviding an initial approximation of trustworthiness of sensor nodes whichmakes the data not only coalition free, but also more secure and efficient. Theimplementation is described below:? Sensor nodes,if they want to transmit messages, first they want to register with key server,for this case we make use of key generator to generate unique keys like publicand private keys using Elliptic Curve Cryptography (ECC).

The same procedurerepeats for cluster head and even for base station.? Sensors inorder to send the messages to the cluster head they make use of public key ofbase station and its own private key to generate a shared key for encryptingthe message.? Thisencrypted message is sent to the cluster head, where cluster head willaggregate the message and produces the aggregate data and signature for it andsends to the base station.

? In basestation in order to decrypt the message sent form the cluster head it make useof public key of the sensor and using its own private key it generates a sharedkey which will decrypt the sent messages.? If thedecrypted message is same as the encrypted messages then we can say that thematching is successful. VI. SIMULATIONRESULTS The code is developed andsimulated in the Network simulation (NS) tool.The sensor nodes are grouped into clusters and appropriate cluster heads areselected to reduce the energy consumption and increase the network lifetime. Sensor node has limitedresources in terms of computation, memory and battery power, aggregator has acertain ability to calculation and communication range and it works as aspecial sensor node, data centre has a strong computing power and storagespace. So, our scheme’s objectives are trying to reduce the communication costand computation cost of aggregator and sensor node without loss of generality.In the following, we evaluate our scheme in terms of · EnergyConsumption· ComputationOverhead· Communication Overhead Figure 3 Energy Consumption Figure 4 Computation Overhead Figure 5 Communication OverheadVII.

PERFORMANCE EVALUATION The performance comparison is obtained by comparing our ID-based dataIntegrity scheme (IBDIS) with the Certificateless aggregate signature scheme(CLAS) as following.Energy Consumption: The energy consumed is decreased when compared to the previous schemefrom the (figure 3) graph, because of the clustering of nodes vast amount ofload on nodes is reduced.Computation Overhead: ComputationOverhead is obtained by calculating the number of routing packets to number ofpackets sent. The comparison graph (figure 4) shows that the computationoverhead is improved and reduced by a fare margin.Communication Cost: The comparison of communication cost (figure5) indicates that the aggregate scheme can reduce transmission in one data aggregation.

It is performed by calculating thenumber of routing packets to number of received packets. Energy Consumption (joules) No. of nodes CLAS-scheme (existing) IBDIS-scheme (proposed) 50 176 155 100 182 159 150 179 167 200 184 171 250 188 176 Table1 Energy Consumption Computation Overhead No. of nodes CLAS-scheme (existing) IBDIS-scheme (proposed) 50 33.49 29.49 100 43.

76 34.76 150 55.07 51.07 200 58.03 54.

43 250 66.69 62.33 Table 2Computation Overhead Communication Overhead No. of nodes CLAS-scheme (existing) IBDIS-scheme (proposed) 50 35.65 32.65 100 40.38 37.38 150 43.

42 42.42 200 48.39 45.39 250 53.91 50.30 Table 3 Communication Overhead VIII. CONCLUSION This paper raised data transmissionand security issues and proposed an ID-based data Integrity scheme usingcluster method for WSNs, which protects data integrity and resist coalitionattacks. This scheme consists of cluster heads whichcan compress many signatures generated by sensor nodes into a single one.

The experimentalresults show that our IBDIS scheme can not only reduce communication overheadand computation overhead but also can reduce Energy consumption. It is alsoproved that this scheme can stand up against any coalition attacks, asaggregate signature is valid if and only if every individual signature involvedin the aggregation is valid. In future work, the aim is to improve theperformance of the aggregation scheme by using a novelcluster-head choice technique to extend network lifetime and reliability. VI.

REFERENCES1. J. Yick, B. Mukherjee and D. Ghosal,”Wireless sensor network survey,”ComputerNetworks, vol. 52, pp.

2292-2330, 2008.2. D. Boneh,C. Gentry, B.

Lynn and H. Shacham, “Aggregate and verifiably encryptedsignatures from bilinear maps”, inProc. Eurocrypt 2003, Warsaw,Poland. LNCS, pp. 416-432, 2003.3.

F. Zhang, L. Shen and G. Wu, “Notes on the security ofcertificateless aggregate signature schemes,” Information Sciences, vol. 287, pp. 32-37, 2014. 4.

A. Shamir, “Identity-based cryptosystems and signature schemes,” in Proc .CRYPTO 1984, Santa Barbara,California, USA, August 19-22,Springer-Verlag, Berlin LNCS, vol. 196, pp.47-53, 1984.

5. S. Al-Riyami, K. Paterson, Certificateless public key cryptography, in:ASIACRYPT 2003, LNCS, vol. 2894, 2003, pp. 452–473.

6. L. Zhang, B.

Qin, Q. Wu and F. Zhang, “Efficient many-to-oneauthentication with certificateless aggregate signatures,” Computer Networks, vol.54, no. 14, pp. 2482-2491, 2010.

7 H. Xiong, Z. Guan, Z. Chen and F.

Li, “An efficient certificateless aggregate signature with constant pairingcomputations,” Information Sciences, vol. 219, no. 10, pp.225-235, 2013.

8. F. Zhang, L. Shen and G.

Wu, “Notes on the security ofcertificateless aggregate signature schemes,” Information Sciences, vol. 287, pp. 32-37,2014.