Wireless Sensor Networks (WSNs): Security and Privacy Issues and Solutions

Wireless sensor networks (WSNs) have become one of the current research areas, and it proves to be a very supportive technology for various applications such as environmental, military, health, home, and office-based applications. WSN can either be mobile wireless sensor network (MWSN) or static wireless sensor network (SWSN). MWSN is a specialized wireless network consisting of considerable number of mobile sensors, however the instability of its topology introduces several performance issues during data routing. SWSNs consisting of static nodes with static topology also share some of the security challenges of MWSNs due to some constraints associated with the sensor nodes. Security, privacy, computation and energy constraints, and reliability issues are the major challenges facing WSNs, especially during routing. To solve these challenges, WSN routing protocols must ensure confidentiality, integrity, privacy preservation, and reliability in the network. Thus, efficient and energy-aware countermeasures have to be designed to prevent intrusion in the network. In this chapter, we describe different forms of WSNs, challenges, solutions, and a point-to-point multi-hop-based secure solution for effective routing in WSNs.


Introduction
Wireless sensor network (WSN), as shown in Figure 1, is a wireless interconnected network which consists of independently setup devices that monitor the conditions of its environment using sensors. WSNs are employed in a wide range of applications such as security surveillance, environmental monitoring, target tracking, military defense, intrusion detection, etc. Security in wireless sensor network is at a growing stage mainly not because of nonavailability of efficient security schemes, but most of the existing schemes are not suitable due to the peculiarity of WSNs. That is, WSNs' nodes have low computational capacity and energy constraint. In WSNs, sensor nodes have the ability to communicate with one another, but their primary task is to sense, gather, and compute data. These data are forwarded, via multiple hops, to a sink which may use it or relay it to other networks. To achieve an effective communication, WSNs need efficient routing protocols [2][3][4][5][6]. They facilitate communication in WSNs by discovering the appropriate routes for transmitting data and maintain the routes for subsequent transmissions. As a result of heterogeneity of WSNs' nodes, different protocols had been developed for different WSNs depending on the nature of the nodes and application. For instance, there are dedicated protocols for MWSNs and dedicated protocols for SWSNs.
There are two modes of transmission in WSN; single hop involves the source node sending its data packets to the destination within a hop. Meanwhile, WSNs' sensor nodes may rely on one another in order to relay packets to remote destinations. This mode of transmission is called multi-hop. Multi-hop is a routing phenomenon that involves the transfer of data between source and destination nodes with the cooperation of intermediary nodes. It enhances the performance of WSNs by allowing energy-depleted node to transfer data through its neighboring nodes along the routing path to the destination node. There are several security and privacy issues associated with multi-hop routing. Some of these issues like snooping, sinkhole, tampering Sybil, clone, wormhole, spoofing, etc. affect the integrity, availability, and data confidentiality of the WSNs.
Several security solutions had been proposed for WSNs; however, resource constraint of sensors makes some of these security solutions unfit for WSNs. This, therefore, makes their adoption in WSNs impossible. This is as a result of instability of the topology of most WSNs. Some of the WSNs, unlike some other networks, consist of mobile nodes that intermittently change the topology of the networks, therefore making it impossible for such mobile network to use existing protocol developed for static nodes. Also, large volume of data is transferred on the WSNs; this increases the traffic on the wireless communication infrastructure of WSN. All these show that security and privacy solutions of WSN must not only be lightweight in terms of the computational, communication, and energy overheads but also support aggregation and multi-hop in order to reduce the traffics and extend the life span of the networks. Meanwhile, most of the existing security solutions do not have these performance requirements [1,[7][8][9][10].

Classification of WSNs protocols
Routing protocols can be classified into: 1. Data-centric routing protocol 2. Hierarchical routing protocol

Data-centric routing protocol
Data-centric routing protocol combines data arriving from various sensor nodes at a specific route. This eliminates redundancies and minimizes the total amount of data transmission before forwarding it to the base station. Directed diffusion, rumor routing, and sensor protocol for information via negotiation (SPIN) protocol are examples of data-centric routing protocol [11,12].
SPIN is a negotiation-based data-centric protocol for WSNs. Each node uses metadata to name its data, and negotiation is performed by a sensor node using its metadata. Hence, each node is able to negotiate whether to deliver data or not, in order to eliminate redundant data transmission throughout the network. After the negotiation, the sender transmits its data as shown in Figure 2; node A starts by broadcasting its hop request to its neighboring node B. Once the request is accepted, node A sends its data to B who then repeats this procedure. This is to find its neighboring node and hops the data to the neighboring node until the data reaches the destination. SPIN protocol saves energy due to the fact that each node only performs single hop. SPIN's hop request and acceptance packets prevent flooding attack on WSNs. Although SPIN protocol is good for lossless networks, it can also be used for lossy or mobile networks.

Hierarchical routing protocol
Hierarchical routing protocol classifies network nodes into hierarchical clusters. For each of the clusters, the protocol selects a node with high residual energy as the cluster head. The sensed data of each node in the cluster are transferred through the cluster heads of the clusters in the network [11]. The cluster node aggregates the sensed data of all the nodes in the cluster before sending it to the sink. Hierarchical routing protocol reduces the energy consumption through multi-hop transmission mode [13]. Also, data aggregation performed by the cluster head reduces traffic on the network. Low-energy adaptive clustering hierarchy (LEACH), thresholdsensitive energy-efficient sensor network protocol (TEEN) and adaptive threshold-sensitive energy-efficient sensor network protocol (APTEEN), and secure hierarchical energy-efficient routing (SHEER) are examples of hierarchical routing protocol. TEEN gives a very good performance since it reduces the number of transmissions [14]. Patil et al. presented SHEER in [15]. It uses adaptive probabilistic transmission mechanism for determining the optimal route in WSN. SHEER also adopts hierarchical key establishment scheme (HIKES) for key distribution, authentication, and confidentiality. SHEER involves four phases as described below:

Initiation phase
1. The base station (BS), computes key K R ¼ HMAC I R kO R ð Þ, generates a broadcast authentication token N R , and encrypts it as N l The base station pre-loads each sensor node with N l R and keeps I R and O R .

BS broadcasts the initiation call as
3. On receiving the initiation message, the sensor node extracts and decrypts , regenerates N 0 R , and compares it with the N R in the received initiation message. If they are similar, then the base station is successfully authenticated. It then replaces N R in the newly with N 0 R , sets its timer and starts the next phase.

Neighbor discovery phase
During the neighbor discovery phase, the sensor nodes establish their hopping link with their neighboring node. Each node switches from listening mode to transmission mode. In listening mode, node sends a HELLO message containing its identity, a nonce, and an encrypted header with the sensor key until it gets a reply from its neighboring nodes.

Clustering phase
In this phase, cluster consisting of certain number of nodes with a cluster head is selected based on some parameters.

Data message exchange phase
Each sensor sends its data to the base station through the cluster heads. This centralize data transmission reduces collision within clusters.

Multipath routing protocol
For an effective data delivery, multipath routing protocol generates a multipath (primary and secondary paths) from the source node to the destination node. It uses secondary path in case the primary path fails. With this, fault tolerance is achieved. However, this increases the cost of routing through the cost of maintaining multiple paths between source and destination [10,16]. There are different types of multipath-based routing protocols.

Disjoint path routing protocol
In a disjoint path routing protocol, every source node finds the shortest disjointed multipath to the sink node. It evenly shares its data load among these disjointed paths. All the paths in this multipath share no sensor node. The protocol is reliable with extra overhead but at a low energy.

Braided path routing protocol
To construct braided multipath, the protocol first selects the primary path; then for every sensor, the best path is chosen from source to sink node, but this path does not include the primary node. The best alternative paths that are not necessarily disjoint from the primary path are called idealized braided multipath. These alternative paths are located either on the primary path or very close to it which means that the energy consumption on both the primary path and an alternative path is almost equal [17].

N to 1 multipath discovery routing protocol
N to 1 multipath discovery protocol is a protocol based on flooding. Example of N to 1 multipath-based routing protocol is multipath-based segment-by-segment routing (MSSR) protocol proposed by Lu et al. in [18]. MSSR protocol divides a single path into multiple segments, where multiple node-disjoint paths are discovered and independently maintained. N to 1 multipath discovery routing protocol reduces congestion, and effectively manages.

Location-based routing protocol
Location-based routing protocol routes data based on the distance of the source and destination nodes. It calculates the distance between source and destination nodes in order to determine estimated routing energy. Shruti [19] proposed a location-based routing protocol. The protocol uses the signal strength of the incoming signal to determine their distance. In their protocol, all the non-active nodes are put in sleeping mode in order to save energy. In location-based, the knowledge of the position of sensor nodes is exploited to route the query from the base station to the event. Location information enables the network to select the best route.
Another example of the location-based protocol is the geographic adaptive fidelity (GAF) protocol for mobile adhoc networks (MANETs). GAF conserves energy, and reduces routing overhead, which makes suitable for WSNs. Other examples of location-based protocols are location-aided routing (LAR), energyefficient location-aided routing (EELAR), greedy location-aided routing protocol (GLAR), etc.

Quality of service (QoS)-based routing protocol
QoS-based routing protocol balances effective data delivery of the data to the sink node with some predetermined QoS metrics [17,20]. Some of the existing QoS-based routing protocols are described below:

Sequential assignment outing (SAR) protocol
SAR protocol uses energy, QoS on each path, and the priority level of each packet as the QoS metrics to achieve effective data delivery. SAR protocol discovers and uses multiple paths from the sink node to sensor nodes for effective data delivery. SAR protocol considers energy efficiency and fault tolerance and also focuses on minimizing the average weighted QoS metric during data transfer [21].

SPEED protocol
SPEED is also an example of QoS-based routing protocol. In SPEED, every sensor node keeps its neighboring node information in order to increase the performance of the protocol. For example, SPEED protocol has congestion avoidance mechanism that is used to avoid congestion. The mechanism relies on the node information. Routing module in SPEED is called stateless geographic nondeterministic forwarding (SGNF) and works together with four modules at the network layer. In this protocol, the total energy used for transmission is incomparable to the performance of the routing algorithm.

QoS-aware and heterogeneously clustered routing (QHCR)
It is an energy-efficient routing protocol used by heterogeneous WSNs for delaysensitive, bandwidth-hungry, time-critical, and QoS-aware applications. The QHCR protocol provides dedicated paths for real-time applications as well as delaysensitive applications at a lower energy. The QHCR protocol consists of information gathering, cluster head selection, and intra-cluster communication phases.

Mobility-based routing protocol
Mobility-based routing protocol is a lightweight protocol that ensures data delivery from source to destination nodes. Tree-based efficient data dissemination protocol (TEDD), scalable energy-efficient asynchronous dissemination (SEAD), two-tier data dissemination (TTDD), and data MULES are some of the examples of mobility-based routing protocol. These routing protocols deal with the dynamism of the topology of the network. The closest node to the sink node tends to transmit more than others, which reduces its lifetime faster than other nodes [22]. Another example of the mobility-based routing protocol was the protocol proposed by Kim et al. [23]. The authors proposed a temperature-aware mobility algorithm for wireless sensor networks. Their algorithm employs store-and-carry mechanism to overcome the challenges posed by human postural mobility. In their store-and-carry-based routing protocol, routing packets are stored in a temporary memory called buffer. The buffer reroutes lost data to any intermediary node that temporarily lost connection with the source node. Their protocol also uses temperature to determine the intermediary node.
Another example of mobility protocol is the routing protocol proposed by Kumar et al. in [24]. They use ant colony optimization (ACO) and endocrine cooperative particle swarm optimization (ECPSO) algorithms to enhance the performance of the WSNs.

Security and privacy issues in WSN
Most of the existing WSN routing protocols and existing security solutions are unsuitable for WSNs. This is due to resources constraint associated with WSNs [25]. These constraints majorly determine the kind of security approaches that can be adopted for WSNs. Various security issues and their solutions are described in this section.

Security and privacy issues
The increase in demand for a real-time information has made WSN become more expedient. WSNs most of the time employs multi-hop transmission mode to overcome their constraints. The major problem of multi-hop transmission is attacks on the source data and nodes' identities during hopping. For a resource-constraint WSN with source node sending data to the destination through several intermediary nodes, there is a possibility of intrusion, identity tracing by an adversary, gleaning, and modification of source data by the intermediary nodes. WSNs, most times, operate in hostile environments and can be subjected to side channel attacks, such as differential power analysis. In these attacks, the adversary monitors the system, repeats the same operation, and takes careful measurements of power consumed in a cycle-by-cycle basis in order to either recover the secret key or perturb used in the perturbation. To prevent this, a scalar blinding is usually engaged in cryptographic-based security solutions. The scalar multiplication is blinded using integer m, where m is the order of the point P ∈ E q , such that mP ¼ 0.
Another issue in WSNs is how to preserve the identities of the source and destination nodes from the privy of intermediary nodes and adversaries during multi-hop. That is, there must be a form of lightweight authentication feature(s) inherent in the data packet between a source and destination nodes. Some other attacks on WSNs are discussed below.

Manipulating routing information
This attack targets the routing information between two sensor nodes. It can be launched through spoofing or replaying the routing information. This can be done by adversaries who have the capability of creating routing loops, attracting or repelling network traffic, and extending or shortening source routes. This attack is a passive attack which is not only easy to launch but elusive to detection. However, a unique identity can be created for the selected path (using key-based hash function of the pseudonyms or identity of all the selected intermediate nodes and embellishes in the message, any attempt to record data packet from a location and re-tunnel it at another location will be detected by the base station when comparing the embellished path identity with hash of all the appended pseudonyms or identities of all the nodes involved in the multi-hop).

Sybil attack
In this attack, adversary compromises the WSN by creating fake identities to disrupt the network protocols. Sybil attack can lead to denial of services. It may also affect mapping during routing, since a Sybil node creates illegal identities in a bid to break down the one-to-one mapping between each node. Sybil is common in P2P networks and also extends to wireless sensor networks [8]. Moreover, detection and defense against Sybil attack is more challenging; this is due to the limited energy and computational capabilities of WSNs. Different efforts had been developed to thwart Sybil attack in WSN. An example is the use of a pair-wise key-based detection scheme which sets a threshold for the number of the identity that a node can use [21]. However, this requires pre-assignment of keys to sensor node.
Another way to thwart Sybil attack is to validate identity of every node involved in routing. This can be reactively or proactively done. Reactively means prior to routing, a node must provide enough identification parameters to differentiate it from all other sensor nodes. The most common method is a resource test. Another way is to increase the cost against the benefit in identity generation [8]. That is, increasing cost of creating an identity and reducing the possible of having multiple identities will thwart Sybil attack, since the goal of a Sybil attacker is to acquire more identities. Also, traceable pseudonym and network-node identity generated by base station can be used to prevent a Sybil attack [9,26].

Sinkhole attack
This attack prevents the sink node (base station) from obtaining the complete and correct data from the sensors, thus posing a threat to higher layer applications. In this attack, an adversary makes itself receptively attractive to its neighboring nodes in order to direct more traffics to itself [27,28]. This results in adversary attracting all the traffics that is meant for the sink node. The adversary can then launch a more severe attack on the network, like selective forwarding, modifying, or dropping the packets. WSN is more vulnerable to this attack because its nodes most of the time send data to the base station [29].
Meanwhile, a point-to-point authentication between source node, identifiable intermediate nodes, and end-to-end symmetric encryption between source and destination nodes can be used prevent sinkhole, Sybil, and sinkhole attacks. The attack is foiled once the adversary could not decrypt end-to-end symmetric encrypted data even if it successfully impersonates the node and receives its data packet [9].

Clone attack
In a clone attack, the attacker first attacks and captures the legitimate sensor nodes from the WSNs, collects all their information from their memories, copies them on multiple sensor nodes to create clone nodes, and finally deploys them to the network. Once a node is clone, adversary can then launch any other attacks. There are two different ways of detecting this attack: centralized and distributed approaches. Centralized uses sink node to detect and foil the activities of clone nodes, while distributed approach uses selected nodes to detect clone nodes and foil their activities in the network. Distributed approach is suitable for static WSNs because distributed techniques use nodes' location information to detect clones and sensor nodes with the same identity, but different addresses are taken as clone nodes. Meanwhile, in mobile WSNs, it is a different thing entirely, sensor nodes keep changing their position, and these nodes keep joining and leaving the network. Hence, node location information is not considered as the best technique for detecting clone nodes. Clone node can launch the following attacks:

Selective forwarding attack
Multi-hop-based WSN routing protocols assumed that all the neighboring nodes must re-hop their received data packets. Malicious nodes selectively forward some packets while dropping the others. Selective forwarding attacks are most effective when the adversary is actively involved in the data flow.

HELLO flood attack
This attack utilizes the connection between nodes. Most routing protocols require sensor nodes to broadcast HELLO packets to announce themselves to their neighboring nodes. An adversary may exploit this to deceive sensor nodes receiving the HELLO packet that they are within the radio range of the source node. In [30], the authors proposed a new method for detecting the HELLO flood attack based on distance. Here, nodes not only compare the RSS of the received HELLO packet but also compare the node's distance to the selected cluster head (CH) with the threshold distance. Only those nodes whose RSS as well as distance falls within the threshold limits are allowed to join the network. For example, in the setup phase of LEACH protocol [31], CH sends its own location coordinates. The nodes receiving HELLO packets from CH calculate the distance Dist as shown below: Here, (x1; y1) are the coordinates of the sensor node receiving the packet, and (x2; y2) are the coordinates of CH. Each sensor node calculate the radio signal strength value (RSS) and distance between (Dist). These are used to determine the cluster they belong in, that is, if RSS < ThRSS and Dist < ThDist ð Þ then Node ¼ 'Friend of the cluster' otherwise not a friend of the cluster.

Denial of service attack
This type of attack exploits the weaknesses in the sensor network, by attempting to disrupt the sensor network. Denial of service (DoS) attack denies services to valid users [32]. In a safety-critical network, this kind of attack can be disastrous to the functionality of the network. One of the methods engaged by adversary to launch DoS is by flooding the network with messages in order to increase traffics on the network. The DOS attack can be detected through proper filtration of incoming messages based on the contents and identifying nodes with high number of faulty messages. Faulty messages are detected by checking for the contradiction between messages sent by neighboring nodes [33].

Security and privacy solutions
Recently, application of WSN has gained massive attention leading to new security challenges and design issues [34]. In this section, we discussed relevant research efforts on the development of security schemes for WSN using different approaches such as effective key management, public key infrastructure (PKI), multiclass nodes, as well as grouping of nodes to improve the security of routing protocols in WSNs.

Use of effective key management
Du et al. presented a scheme with an example of an effective key management. Their scheme takes advantage of the high-end sensors in the heterogeneous networks. The performance evaluation and security analysis of their scheme show that the key management scheme provides better security with less complexity than the existing key management schemes [35]. The protocol pre-assigns a few keys in the L-sensor and a few keys to every H-sensor. This is because H-sensor is tamper-proof and has a larger memory than L-sensor. Their scheme uses asymmetric predistribution (AP) key management scheme since the number of pre-distributed keys in an H-sensor and in an L-sensor is different [12].

Use of effective public key infrastructure
Yu in [36] solved the security problem in WSN using the public key cryptography as a tool to ensure the authenticity of the sink node or base station. The approach consists of two phases; the first phase is node to sink handshake phase, where sink and sensor nodes set up session keys for secure data exchange. In the second phase, the session keys are used to encrypt data. Their scheme is very easy to implement, and requires a low computational power. The only limitation of their scheme is that all the participating nodes in the network have to agree on a common key prior to the exchange of data. However, any scheme based on a single key is vulnerable to the key compromise. That is, a compromised sensor node will not only compromise the shared key but also the whole network.
Also, Chen et al. [37] presented a PKI-based approach to ensure secure keys exchange in the WSNs. Their scheme provides key management mechanism for wireless sensor network applications that can handle sink mobility and deliver data to neighboring nodes and sinks without failure. They also presented a method for detecting and thwarting DoS attack and data authentication encryption.

Effective use of multiclass nodes
Du et al. [38] presents a new secure routing protocol for heterogeneous sensor networks (HSNs), which is a two-tier secure routing (TTSR) protocol. The TTSR protocol consists of both intra-cluster routing and inter-cluster routing schemes. The intra-cluster routing forms a minimum spanning tree (shortest path tree) among L-sensors in a cluster for data forwarding. In case of inter-cluster routing, data packets are sent by H-sensors in the relay cells along the direction from the source node to the sink node. The tree-based routing and relay via relay cells of TTSR make it resistant to spoofing, selective forwarding, and sinkhole and wormhole attacks.
Du [39] also proposed a novel QoS routing protocol that includes bandwidth calculation and slot reservation for mobile ad hoc networks (MANETS). Their QoS routing protocol takes advantage of the numerous transmission ability of multiclass nodes. Their protocol used three encryption keys: 1. A public key known by the sink and all other nodes 2. Node private key shared by two neighbor nodes and refreshed in the route discovery phase 3. A share primary key between node and sink node The QoS routing protocol divides transmission data into different data slices. Each slice is route through a unique route of the discovered multipath.

Effective grouping of nodes to improve security of wireless sensor networks
In group-based WSN security scheme, the dominating node processes the sensed information locally and prepares the authenticated report for the destination node [40]. In this category, sensor nodes are grouped into smaller clusters wherein each cell assigns a special sensor node to carry out all the burden of relaying multi-hop packets. Hence division of labor is possible in the network, which makes the scheme to consume low power. Zhang et al. in [41] presented a group-based security scheme for distributed wireless sensor networks; their scheme involves three entities: one or more sink nodes, Y number of group dominator nodes, and N number of ordinary sensor nodes.

Point-to-point security solution
Point-to-point security solution involves secure routing between every two nodes along the multi-hop path. To show the design and efficacy of point-to-point solution, we fully describe a typical point to point security solution for multi-hop based WSNs proposed in [9]. Olakanmi and Dada [9] proposed an effective pointto-point security scheme that engages point-to-point (PoP) mutual authentication scheme, perturbation, and pseudonym to overcome security and privacy issues in WSNs. To reduce computational cost and energy consumption, they used elliptic curve cryptography, hash function, and exclusive OR operations to evolve an efficient security solution for a decentralized WSNs. The network model, as shown in Figure 3, consists of base station (BS), immediate node (IN), source node (SN) or (sn), and destination node (DS) or (ds). The SNs and DSs are capable of multi-hop transmission; therefore any SN can become DS and vice versa.
The PoP security scheme consists of the following phases: registration and key management, secure data exchange, perturbs generation, signature and obfuscation, authentication, and verification and decryption phases.

Registration and key management phase
The serial number ψ of each node is sent to BS. BS then generates unique pseudonym and network-node identity as follows: i. BS randomly generates s, ρ ∈ Z * q * , as its master secret key pair, and computes and distributes its public parameter φ = (ρ + μ)P mod q, where P is the generator of elliptic curve E q and q is the order of E. ii. Each node i randomly selects a unique r i ∈ Z * q , computes its two-way distribution parameter β i as β i = (r i + μ)P mod q, and broadcasts its β i to other nodes in the network.
iii. BS then computes N i as It extracts the distribution parameter β i of the node i in order to compute its node-base station shared key γ bs!i as γ bs!i = ρ β i and sends the symmetrically encrypted node's F i and N i as E γ bs!i (F i ) to node i. iv. On the receipt of its encrypted pseudonym, each node then generates its corresponding node-base station shared key as γ i ! bs = r i φ and uses it to decrypt the received encrypted pseudonym.

Secure data exchange phase
To send data M, the primary SN signs M and generates perturb to secure M. It then encrypts the obfuscated message packet as σ, using its node-destination shared key ϕsn!ds. The message packet σ contains the signature δ, perturbed data P p , pseudonyms of the primary source node F sn , and destination node F ds .

Perturb generation phase
The perturbation enforces first level of security on the data. It is used to remove semantic pattern caused by wide variation in the transmitted data. The perturbation uses a novel additive noise generation method to perturb the data M. Primary source and destination nodes independently generate a set of perturb λ for session τ as follows: i. The SN and its destination node generate their perturbation parameters α sn , α ds by randomly selecting a unique m 1 ∈ Z * q and m 2 ∈ Z * q , and compute α sn ¼ m 1 þ μ ð ÞP mod q and α ds ¼ m 2 þ μ ð ÞPmod q, respectively.
ii. Using the destination perturbation parameter α ds for session, SN computes perturbation seed ϑ as ϑ ¼ m 1 α ds .
iii. For session, SN generates the perturbation chain as Clear all the perturbation parameters of perturb index n À 1 in its memory for session τ and destination node of pseudonym F ds . It replaces its former encrypted perturbation parameters with the new one, that is, replaces [(λ n À 1 ||m 1 || n À 1||F ds ) ⊕ ϑ] with [(λ n ||m 1 ||n||F ds )⊕ ϑ].
iv. Primary SN computes new perturb for every new data transmission of the same session by repeating step c using the previously used perturb λ nÀ1 . However, for a new session and destination node, SN generates a new ϑ by following steps (i)-(iii).

Signature and perturbation phase
Primary source node signs and perturbs the data packet through the following process: a. Both the SN and destination nodes compute the source-destination shared session key ϕ sn ! ds as follows: i. SN and destination nodes uniquely generate κ 1 and κ 2 , respectively.
ii. SN extracts the two-way distribution parameter of destination node β ds to compute ϕ sn ! ds as ϕ sn ! ds = κ 1 β ds .
b. Sign its data M using its source-destination shared session key ϕ sn ! ds as δ = H ϕ sn ! ds (M), perturbs M as P p = M + λ n .
c. SN finally generates its message packet as σ = δ||P p ||F i ||F j ||n, and encrypts it as σ σ = σ ⊕ ϕ sn ! ds to further ensure second-tier data confidentiality and integrity of the message and communication information, where F i and F j are the pseudonyms of the source and destination nodes, respectively.
d. SN then performs PoP authentication with its IN, as described in the next section, before hopping P p to the IN.

Authentication phase
After the signature and perturbation phase, the source node initiates the PoP authentication with the IN as follows: i. SN generates an authentication token ω and time stamp t s .
ii. SN and IN randomly generate υ ∈ Z * q and ε ∈ Z * q , respectively. SN computes its PoP authentication parameter as n sn = (υ + μ)P mod q, while IN computes its own as n in = (ε + μ)P mod q and sends it to SN, who then computes its PoP session authentication key φ sn ! in as φ sn ! in = υ.n in .
iii. SN then encrypts the concatenated authentication token ω, pseudonym of source, pseudonym of IN, and time stamp as Eφ sn ! in (ω||F sn ||F in ||t s ), concatenates it with n sn as Eφ sn ! in (ω||F sn ||F in ||t s ))||n sn , and sends it to its IN.
iv. On the receipt of Eφ sn ! in (ω ||F sn ||F in ||t s )||n sn , IN extracts n sn then computes its φ in!sn = ε.n sn . It decrypts the received Eφ sn ! in (ω||F sn ||F in ||t s ) using its φ sn ! in to extract ω and t s . It, thereafter, re-encrypts the extracted ω and t s , using φ in ! sn , and sends it back to the SN. The SN decrypts it using its φ sn ! in and verifies it by comparing the ω and t s with their original values. If equal, SN hops its encrypted data packet σ σ . The IN then becomes temporary SN and repeats this phase with its selected IN until the packet gets to the destination node.t

Verification and decryption
Destination node extracts and authenticates the received data M by following this procedure: i. Destination node extracts the two-way distribution parameter of SN and βsn and computes destination of the used perturb P.