Integrate the hierarchical cluster elliptic curve key agreement with multiple secure data transfer modes into wireless sensor networks

Since sensor nodes in wireless sensor networks or Internet of things have limited resources, achieving secure data transmissions among nodes is a challenge. Hence, efficient key management schemes with lightweight ciphers are essential. Many asymmetric keys or public key mechanisms have been developed. However, they are unsuitable for secure group communications in wireless sensor networks, because sensor nodes are usually devoid of sufficient memory, CPU and bandwidth to deal with complex operations. In addition, only a few group key agreements are integrated into secure data transmissions. Therefore, a key agreement using the hierarchy-based cluster elliptic curve key agreement named HCECKA is proposed in this study to deal with secure data transmissions in wireless sensor networks. The presented security mechanism relies on elliptic curves instead of logarithmic curves, and utilises a lesser key length to accomplish similar security classification than Diffie-Hellman and Rivest Shamir Adleman cryptosystems. Simultaneously, the proposed scheme provides a rapid, efficient and dynamic group key synchronisation technique in plenty of sensor nodes with no need for reorganising the whole system key if members join or leave wireless sensor networks.


ECDH, the key agreement of elliptic curve Diffie-Hellman
In general, the asymmetric key system is more secure than a symmetric key system. Therefore, Public Key Infrastructure (PKI) provides higher security level functions, but PKI consumes lots of computing resources. However, WSNs have insufficient computing resources. Thus, sensors could not properly execute security operations very well through the above methods. So far, many studies intended to enhance security for sensor nodes through ECDH security mechanisms. Nicolas et al. (2007) designed and implemented Elliptic Curve Cryptography (ECC) on a hardware architecture. Piotr et al. (2008) surveyed the limit value of ECC, and confirmed that implementation of the public key cryptography on WSNs was achievable. An et al. (2008) developed an executable software and a function library for ECC.
Elliptic Curve Diffie-Hellman (ECDH) is a native of the renowned Diffie-Hellman (DH). The main difference is that ECDH employs the elliptic curve cryptography to create a common secret key known as a session key, which is responsible for secure transmitted data in open environments between two parties. Subsequently, they adopt the session key to cipher or decipher succeeding transmissions through a symmetric key mechanism. However, ECDH uses only 160-bit keys to achieve the same level of security as the DH secret sharing system. But, the raw DH agreement reaches an appropriate security level at least needing a 1024bit key length, and hence consumes more memory capabilities and computing resources to execute exponential operations. Regrettably, sensors only have limited resources and a few computing power to deal with extra overheads. This study compares the key length of ECC with RSA under the same security levels. Table 1 indicates that the ECC has a key size of less than 160 bits to reach secure levels, which is equivalent to 1024 bits RSA. Besides, in ECC operations, there are only use addition and multiplication and thus can reduce the operational complexity and increase the operational performance. On the contrary, RSA, DH and DSA all need exponential operations. That is why ECC outperforms RSA, DH and DSA algorithms. This study adopts ECC as the cryptosystem is certainly workable for WSNs without sufficient computing sources. Consequently, ECDH is well adequate for WSNs. Figure 1 represents the sensor A which wishes to connect with the sensor B using a session key within ECDH. Initially, the well-known parameters must first be set, including an elliptic curve y 2 = x 3 +ax + b, coefficients a and b, and a generator P with prime and base point in Diffie-Hellman. Moreover, each node owns a proper key pair to perform elliptic curve cryptography, comprising a randomly selected integer as ECC private key K and a well-known C (where C = KP) as the public key. Then the sensor A's key pair represents (KR, C R ), and the sensor B's key pair represents (K V , C V ). Every node has each other's public key. Subsequently, the node A figures out C R = K R P, and the node B figures out C V = K V P. Then the node A delivers C R to the node B, and the node B delivers C V to the node A. After receiving, each node computes the common session key S = K R C V = K R K V P = K V K R P = K V C R . This agreement is secure since two nodes disclose nothing besides public keys, and there is no one who knows the other's private key unless the Discrete Logarithm Problem (An & Peng, 2008) of Diffie-Hellman can be worked out. Additionally, we assume that there is a secure CA (Certification Authority) server on this system. CA is a trusted digital signature server, and provides both nodes with a digital signature to sign the sent message before transmitting them. Therefore, both nodes ensure each other's identity, and prevent attacking from malicious nodes (Zhongyuan et al., 2014).

The proposed key agreement using the hierarchy-based cluster elliptic curve, HCECKA
This section presents our proposed key agreement using a hierarchy-based cluster elliptic curve. Considering numerous sensor nodes, clustering forms a resilient and scalable architecture in which the entire WSNs are separated into many clusters with gateway sensors managing inter-cluster communications. The proposed hierarchy-based cluster key agreement (HCECKA) is inspired by cluster architecture. We assume that HCECKA splits the whole sensor network into several groups named clusters through an appropriate cluster algorithm. Besides, each cluster has a cluster head named base station, and the whole network only has a root base station with sufficient computing power, huge memory and constant power. Generally, the base station and root base station comprise a powerful computer and differ from sensor nodes, and they never collapse. For simplicity, this study assumes that the base stations and the root base station provide constant power and are secure. At the same time, the base stations are elected and deployed before arranging the sensor nodes according to secure operations. Simultaneously, the base stations can straightly reach to each sensor node of the intracluster, and periodically broadcasts a hello message that includes the cluster identity and the member information to each node of the intra-cluster for determining other node geographic coordinates. The proposed above architecture quickly synchronises the inner cluster key of plenty of members, intelligently executes key exchange among cluster heads, and ensures secure data transmissions. Our proposed hierarchy-based cluster infrastructure consists of three entities and is scalable for group key managements as below.
Member node (M xi ): a regular sensor node i acquires authentication from a base station (BS x ), and joins the cluster x and protects data transmissions using the obtained descendent cluster key. RBS denotes the controller of the entire system cluster key and is also known as the root base station, and BS is responsible for the controller of the descendent cluster key. Prior to whole sensor nodes being arranged, this study deployed RBS and BS in advance. The detailed HCECKA hierarchical model is illustrated in Figure 2.
Base station (BS): it is responsible for the controller of the descendent cluster key in a cluster, managing the descendent cluster operation for a cluster. When a cluster achieves the key synchronisation. In this cluster, every node obtains the same descendent cluster key for future secure data transmissions.
Root base station (RBS): RBS is in charge of controlling the system cluster key, managing operations for the whole WSNs. When the entire system achieves the key synchronisation, every node obtains the same system cluster key for future security communications. RBS is the ancestor of base stations, figures out the system cluster key of the whole system, also assigns a descendent cluster key to every base station.
Necessary settings reduce the quantity of key agreement operations executed in every cluster. Especially, in a quite huge cluster, the computing overload increases if members of a cluster grow. Our proposed mechanism comprises the following stages. Figure 3 depicts the detailed operations in each stage. Stage 1. The controller of a descendent cluster key is the base station BS x , which is deployed for the members M xi in the cluster, where i represents the quantity of sensors in this cluster, i and n ∈integer, and x represents the identity of the cluster, 1 x n.
Stage 2. In this system, the most secure and powerful base station is selected as RBS, responsible for key control for the whole network. The other base stations BS x , 1 x n, work with RBS to figure out the system cluster key for WSNs.
Stage 3. Every BS x (BS 1 , BS 2 , BS 3 , ... , BS n−1 ) executes the agreement of the descendent cluster key as depicted in Figure 4 (such as BS 1 ) and determines a descendent cluster key KC x P, where x ∈ [1, n-1] through the ECDH agreement. This study presents the specific descendent cluster key agreement as the following steps.
Step 1. Initially, every node M 1i in the BS 1 cluster creates a private key KM 1i and figures out the public key KM 1i P, where P is a generator in ECDH. M 1i subsequently broadcasts KM 1i P to the rest of member nodes in cluster 1. After receiving KM 1i P, M 1x (x =i) calculates KM 1x P and multiplies KM 1x P with KM 1i P. Finally, every node obtains the common result KM 11 P * KM 12 P * K ... M 1n−1 P, as shown in Figure 4➀.
Step 3. After receiving KM 12 P * KM 13 P * ... * KM 1n−1 P from M 11 , BS 1 computes its own key KM 1n P. Then BS 1 figures out KM 12 P * KM 13 P * ... * KM 1n−1 P * KM 1n P, and enciphers the message to securely unicast it back to M 11 , as shown in Figure 4➂. Simultaneously, BS 1 executes the same processes to figure out the keys for M 1i , where i ∈ [2, n-1]. Then, BS 1 transmits the outcome to M 1i . After receiving, M 11 multiplies the transmitted key with its own KM 11 P. Subsequently, M 11 acquires the descendent cluster key KM 11 P * KM 12 P * ... * KM 1n−1 P * KM 1n P. Likewise, every node finally obtains the same descendent cluster key KM 11 P * KM 12 P * ... * KM 1n−1 P * KM 1n P, and then we can simplify to represent the above descendent cluster key as the mathematical representation n i=1 KM 1i • P, where (i = 1 to n), and the symbol denotes a multiplication of multiple elements, such as KM 11 P multiplies KM 12 P multiplies KM 13 P, which can be represented as 3 i=1 KM 1i P. Briefly, in BS 1 , the descendent cluster key n i=1 KM 1i • P is defined as KC 1 P. Finally, every BS x executes the similar process and obtains a descendent cluster key KC x P, where x ∈ [1, n-1].
Stage 4. Meanwhile, this entire network gathers every cluster head BS x 's descendent cluster keys. Subsequently, each BS x figures out KC 1 PKC 2 P ... KC x P by multiplying its own KC x P with the received KC 1 PKC 2 P ... KC x−1 P, and forwards its own descendent cluster key to the next BS x+1 , as shown in Figure 5➀. For instance, BS 4 receives the forwarding descendent key KC 1 PKC 2 PKC 3 P from BS 3 , then multiplies KC 1 PKC 2 PKC 3 P with its descendent key KC 4 P, and then delivers KC 1 PKC 2 PKC 3 PKC 4 P to the next BS 5 . Consequently, the forwarding key from BS n−2 is obtained, and BS n−1 then can derive KC 1 PKC 2 PKC 3 P ... KC n−2 PKC n−1 P = n−1 i=1 KC i • P, where (i = 1 to n-1), and the symbol denotes a multiplication of multiple elements. Stage 5. Subsequently, as shown in Figure 5➁, BS n−1 declare KC 1 PKC 2 PKC 3 P ... KC n−1 PKC n−1 P to all other cluster heads (BS 1 , BS 2 , BS 3 , ... , BS n−2 ). Stage 6. Every BS i (i ∈ [1, n-1]) obtains the declared key n−1 i=1 KC i • P, then takes out its own factor KC i P, and sends the outcome to RBS. Figure 5➂ depicts the detailed process.
Stage 7. At the last stage, after receiving all descendent cluster keys from every BS x , RBS subsequently multiplies its own KC n P with every descendent cluster key, and enciphers the message to securely unicast n i=1 KC i • P{where, i = x, x ∈ [1, n − 1]} back to BS x . Figure 5➃ depicts the detailed process. After receiving the unicasted key, BS x multiplies the received key with its own descendent key KC x P. Consequently, every cluster head obtains the same KP = n i=1 KC i • P{where, i ∈ [1, n]} as the system cluster key for the entire network.
The above-mentioned stages introduce the complete synchronisation process to construct the system cluster key for the whole system. In a practical environment, the root cluster head could be replaced or may collapse down, also ordinary sensors or cluster heads may join or leave the network. This study only explores multiplication and addition operations, and thus the proposed scheme can rapidly achieve synchronisation of the system key.

Mobile nodes participate in or leave a cluster
When a node M 1i participates in (or leaves) cluster 1, M 1i only needs to broadcast its public key KM 1i P to each node in the cluster once. Other nodes multiply (or remove) the received key with their own key KM 1x P (x =i). Subsequently, each node repeats steps 2 and 3 in stage 3, and then the cluster obtains the new descendent cluster key KC 1 P. Eventually, the system performs the stages 4-7, and obtains the system cluster key.

Cluster participation
A system must reconstruct the system cluster key for the entire network when a new cluster head BS (nominated during system deployment) joins a WSN. The key exchange processes are categorised into three cases as presented in detail below.
(1) In the general case The joining cluster head BS x is between BS 1 and BS n . Then the BS x−1 system forwards KC 1 PKC 2 PKC 3 P ... KC x−1 P to BS x , and BS x generates a private key KC x using ECC. Subsequently, BS x multiplies KC x P with KC 1 PKC 2 PKC 3 P ... KC x−1 P to obtain KC 1 PKC 2 PKC 3 P ... KC x−1 PKC x P, and forwards the result to BS x+1 . Eventually, the system performs the stages 5-7 in section 3. The performance of recalculating the system cluster key depends on the joining position of a new cluster head.
(2) In the worst case The joining cluster head is BS 0 allocated at the leftmost position, the system has to completely perform the stages 4-7 in section 3.
(3) In the best case The joining cluster head is BS n allocated at the rightmost position. Achieving the system cluster key for the whole network, this system only performs several computations. The detailed procedures are as follows.

Phase 1
The last cluster head BS n−1 forwards KC 1 PKC 2 PKC 3 P ... KC n−1 P to BS n , and then BS n generates a private key KC n using ECC. Subsequently, BS n multiplies KC n P with KC 1 PKC 2 PKC 3 P ... KC n−1 P to obtain KC 1 PKC 2 PKC 3 P ... KC n−1 PKC n P, and then unicasts the result to RBS.
Phase 2 Upon receiving KC 1 PKC 2 PKC 3 P ... KC n−1 PKC n P, RBS generates a new ECC private key KC n+1 , and replaces its own old public key KC n P with KC n+1 P. Subsequently, RBS calculates a new system cluster key value as below.
and the symbol denotes a multiplication of multiple elements, such as KC 1 P multiplies KC 2 P multiplies KC 2 P.
Phase 3 RBS extracts the key KC x P of the target base station BS x , and calculates the n descendent cluster keys for the other clusters as below, and securely unicasts it to BS x .

Phase 4
Each base station BS x receives the descendent cluster key from RBS, and multiplies the received key by its own key KC x P. Thus, each BS x can derive the new system cluster key K n+1 P.
The HCECKA rapidly and efficiently calculates the new system cluster key K n+1 P, and requires only a few operations to calculate n descendent cluster keys if a new cluster is added. Additionally, all former clusters recalculate the new system cluster key by K n+1 P with a single multiplication. Only an RBS needs to generate a new private key and perform n multiplications for n descendent cluster keys. RBS inevitably requires additional operational loads.

Cluster departure
The procedure in HCECKA for a cluster head departing from a network is similar to a cluster head joining a network. Let BS x denote a cluster removed from the network. In the general case, assume that x ∈ [1, n-1] and x = n. Thus, BS x−1 forwards KC 1 PKC 2 PKC 3 P ... KC x−1 P to BS x+1 , and the subsequent key generation procedure is performed with BS x+1 replacing BS x . Subsequently, the system performs stages 4-7 in section 3, and obtains the system cluster key.
In the worst case, if the leftmost node BS 1 leaves the network, the system has to completely perform the stages 4-7 in section 3. However, each BS x (x =1) only needs to extract KC 1 P from its previous KC 1 PKC 2 PKC 3 P ... KC x−1 PKC x P, and thus can reduce operational time in stage 4.
In the best case, the leaving cluster head is BS n−1 allocated at the rightmost position. RBS generates a new private key KC * replacing KC n , and calculates a new system cluster key KP = KC 1 PKC 2 P ... .KC n−2 PKC * P for the entire network. RBS then securely unicasts a new set of n-2 partial system cluster keys n−2 i=1 KC i {where, i = x} • P to the base station BS x . Additionally, if RBS leaves the system, then BS n−1 substitutes the role of RBS, and performs the system cluster key procedures. Consequently, the system generally regains the system cluster key in a few operations.
From the above presentation, we propose an elliptic curve key agreement based on a hierarchy cluster infrastructure to improve the efficiency of a group key synchronisation when nodes or clusters dynamically join or leave. Besides, we integrate the proposed key agreement into communications and then secure the data transmission. The detailed description is as follows.

The mechanism of secure data transmissions
This section introduces how to deal with secure data transmissions for inter-cluster and intra-cluster, and applies the descendent cluster key, system cluster key and ECDH session key on various scenarios to enhance secure data transmission efficiency.
This study adopts the descendent cluster key to protect and confirm the data security of intra-cluster, exploits the system cluster key performing security operations of inter-cluster, and utilises the ECDH session key to provide flexible modes of secure data transmissions for intra-cluster, inter-cluster and gateway. The detailed description is as follows.

Transmission mode of data security using the descendent or system cluster key
Considering the key synchronisation of the descendent cluster key or the system cluster key in WSNs, this proposed mode gives the best efficient secure data transmissions. Since, the whole network utilises the same key to secure data transmissions. This operational process is just like a single master key mechanism. We present the transmission mode of data security using the descendent or system cluster key for inter-cluster and intra-cluster as below.

Transmission mode of data security for intra-cluster
As shown in Figure 6, when a sink node (a data collector) named M 13 dynamically enters the cluster to collect information, the cluster head BS 1 first performs the descendent key operations to calculate the descendent key. Subsequently, in the same cluster, M 11 , M 12 and BS 1 deliver their collected data to M 13 . This operational mode utilises the same descendent cluster key to encipher and decipher the transmitted data, and performs operational processes of data security from M 11 sending data to M 13 as below.
Sensor node M 11 exploits the descendent cluster key KC 1 P to encipher the path of routing nodes, the sensed message DM 11 of node M 11 and HMAC (DM 11 ). Then, this study inputs the sensed message DM 11 and the KC 1 P descendent cluster key, and figures out the Hash Message Authenticated Code HMAC (DM 11 ). After that, M 11 puts the above data into the relevant fields, and subsequently sends the encoded message to the following M 12 .
When the transmitted message is received, M 12 enciphers them utilising the descendent cluster key KC 1 P. After that, M 12 inspects the integrity of HMAC (DM 11 ) by KC 1 P, accumulates sensed data DM 12 with DM 11 , appends self M 12 identity into the route, generates HMAC (DM 12 ||DM 11 ), and enciphers them using KC 1 P. Subsequently, M 12 sends the enciphered result to the next BS 1 .
When BS 1 accepts the enciphered message, and then deciphers the received message utilising KC 1 P. Subsequently, BS 1 executes the similar processes as the above procedures. Eventually, BS 1 delivers the enciphered result to the end sensor M 13 .
As M 13 receives the enciphered message, M 13 deciphers the received message and inspects the HMAC (DBS 1 ||DM 12 ||DM 11 ) integrity by KC 1 P to identify if these original messages have been modified.
The proposed scheme for secure data transmissions of intra-cluster is straightforward and clear. The early single master key mechanism is a particular instance in our proposed cluster architecture.

Transmission mode of data security for inter-cluster
When two nodes in different clusters would like to communicate with each other, this study secures the data transmissions utilising the system cluster key. During transmission, nodes employ the system cluster key KP to encipher and decipher messages, exploit KP to generate the HMAC code through hash functions, and inspect the transmitted message integrity by KP. The whole processes are similar to the transmission mode of data security for intra-cluster.

Urgent transmission mode of data security
If sensor nodes are deployed in critical environments for detecting urgent accidents, this mode provides a rapid and secure data transmission method. Figure 6 depicts that M 11 detects an urgent message and needs to notify RBS immediately. Since RBS serves as the urgent operation centre, in this mode, M 11 adopts the system cluster key KP to encipher the urgent message, and then dispatches the enciphered result to the next sensor along the routing path toward RBS. Consequently, RBS obtains the enciphered message and deciphers them utilising KP to enhance the efficiency of data transmissions. The detailed transmission procedure from M 11 to RBS is as follows.
First, M 11 exploits the system key KP to encipher its identity and an urgent message EM 11 sensed from M 11 , and then attaches the routing path and HMAC on the tail of the enciphered message. Subsequently, M 11 sends the enciphered message to the following M 12 . After receiving the transmitted message, BS 1 executes the similar processes as the above procedures, and transmits the enciphered message to its cluster head RBS.

Transmission mode of data security using the ECDH session key
As known to all, ECDH stems from the key agreement protocol of Diffie-Hellman. The variation is that ECDH utilises elliptic curve cryptography to create a session key for securing the communication between two parties over unshielded channels. Here, for simplicity, we assume that a secure and trusted server named CA takes charge of certificate authority in this system. The CA server issues digital certificates for both parties to ensure the identity of each other for communications. As a result, this system prevents identity theft and the attack of the man-in-the-middle. Subsequently, we perform secure data transmissions between two nodes directly connected utilising the session key from ECDH.

Transmission mode of data security for intra-cluster
Within an intra-cluster, sensor nodes employ the common ECDH session key to protect and securely transmit data. Our designed scheme is both straightforward and efficient, and offers secure data transmissions of peer-to-peer. Figure 7 indicates that M 11 is located in the left cluster and would like to forward the sensed data to M 14 . The following is the procedure of secure data transmissions. Initially, the sensor node M 11 adds its sensed message DM 11 and its own ID to the routing path. Subsequently, we use the descendent cluster key KC 1 P (not session key SK 1,12 of two nodes, where 1 denotes the cluster ID and 12 denotes node 1 and node 2) for later secure verification of inter-cluster. Then, M 11 takes DM 11 as an input and executes a hash function to generate HMAC (DM 11 ). Eventually, M 11 puts the above data into the relevant fields, uses session key SK 1,12 to encipher them, and then forwards the enciphered result to the next M 12 . Upon receipt of the transmitted data, M 12 utilises the SK 1,12 session key to decipher it and inspects the HMAC(DM 11 ) integrity through the descendent cluster key KC 1 P. After that, M 12 aggregates sensed data DM 12 with DM 11 as (DM 12 ||DM 11 ), calculates HMAC (DM 12 ||DM 11 ) using KC 1 P, and puts its own ID in the routing path. Finally, M 12 uses the SK 1,2BS1 session key to encipher the above fields, thereafter and sends the enciphered result to the subsequent BS 1 base station. Upon receipt of the transmitted data, BS 1 utilises the SK 1,2BS1 session key to decipher it. Then, BS 1 checks the integrity of HMAC, combines sensed data DBS 1 with DM 12 ||DM 11 , generates HMAC(DBS 1 ||DM 12 ||DM 11 ), and puts its own ID into the routing path. Eventually, BS 1 enciphers these fields using session key SK 1,BS13 , thereafter and sends the enciphered result to the subsequent M 13 . This system duplicates the above procedures until the transmitted data arrives at the target M 14 . Upon receipt of the transmitted data, M 14 utilises the SK 1,34 session key to decipher the incoming data, employs descendent cluster key KC 1 P to examine the integrity of the aggregated data HMAC (DM 13 ||BS 1 ||DM 12 ||DM 11 ), and then identifies if the original data were modified during communication. As such, this system can accomplish secure data transmissions for Intra-cluster.

Transmission mode of data security for inter-cluster
Figure 7 depicts when M 11 would like to send a message to M 24 . Because two nodes are situated in separate clusters, the procedures for securely transmitting data are similar to those described above steps in session 4.2 (1) (a)-(b) until the delivered message reaches BS 1 . Subsequently, BS 1 executes a hash function for the accumulated message DBS 1 ||DM 12 ||DM 11 , and utilises the system cluster key KP to product HMAC (DBS 1 ||DM 12 ||DM 11 ) for the later inspecting the HMAC integrity. Finally, BS 1 utilises the session key SK BS1,BS2 to decipher the received message, and performs the following steps (c)-(e) to secure data transmission until the transmitted message arrives in BS 2 , which is located in a different cluster.
After receiving the enciphered messages, BS 2 utilises the SK BS1,BS2 session key to decipher them, and inspects the HMAC integrity through the system cluster key KP. After that, BS 2 accumulates the sensed message DBS 2 with DBS 1 ||DM 12 ||DM 11 , utilises the descendent cluster key KC 2 P to compute HMAC (DBS 2 ||DBS 1 ||DM 12 ||DM 11 ) for the internal cluster security, appends self-identification to the routing path, puts them into the relevant fields, and enciphers all fields using the session key SK 2,BS23 . Eventually, BS 2 sends the enciphered result to the next M 23 .
After receiving the enciphered messages, M 23 utilises the SK 2,BS23 session key to decipher them, and adopts KC 2 P to inspect the HMAC(DBS 2 ||DBS 1 ||DM 12 ||DM 11 ) integrity. Subsequently, M 23 accumulates the sensed message DM 23 with DBS 2 ||DBS 1 ||DM 12 ||DM 11 , uses the descendent cluster key KC 2 P to generate HMAC (DM 23 ||DBS 2 ||DBS 1 ||DM 12 ||DM 11 ), puts its own ID M 23 into the routing path, enciphers all fields using the session key SK 2,34 , and subsequently forwards the enciphered result to the following M 24 . After receiving the enciphered messages, the target node M 24 utilises the SK 2,34 session key for deciphering the enciphered message and inspecting the HMAC (DM 23 ||DBS 2 ||DBS 1 || DM 12 ||DM 11 ) integrity by the descendent cluster key KC 2 P to verify if the data has been modified during data transmissions.
In this secure inter-cluster data transmission, the transmitted message goes through various clusters, and therefore BS 1 and BS 2 take charge of the secure data transmission for inter-cluster, and inspect the integrity of the HMAC during the passage of the various clusters. Thus, BS 1 and BS 2 can utilise the system cluster key KP to compute HMAC and inspect the received HMAC integrity.

Transmission mode of data security via gateway nodes
In this mode, Figure 7 depicts if two different clusters have common gateway nodes, the source node can pass through gateway nodes to reach the target node. Under this situation, the secure transmission procedure is similar to the secure data transmission mode of inter-cluster. When the transmitted message passes through the gateway (M 14 →M 21 ), this mode utilises the system cluster key KP to generate and inspect HMAC, and employs the session key SK 1,2 of gateway nodes to en/deciphered the transmitted messages. Since the other nodes do not have the session key SK 1,2 of gateway nodes, then cannot decipher the enciphered message. Eventually, the target node receives the transmitted message and inspects the HMAC integrity by the system cluster key KP, and identifies if the original data has been modified during transmissions.

Urgent transmission mode of data security
Between clusters, delivering urgent data enciphered by the system key is efficient, but probably not secure, since each member equipped with the system key can reveal the urgent data. Therefore, this study exploits session keys to achieve advanced protection. Suppose that M 11 delivers urgent data to RBS using session keys belonging to participants in the routing path. The following is the detailed procedure. Sensor node M 11 adds emergency message EM 11 , adopts the system cluster key KP for later confirmation and EM 11 as inputs to execute hash functions and generates HMAC KP (EM 11 ), and then places its own ID to the routing path. After that, M 11 puts those data into the relevant fields, subsequently utilises the session key SK 1,12 to encipher all fields, and then transmits the enciphered result to the next M 12 .
Once M 12 obtains the transmitted message, it utilises the SK 1,12 session key to decipher the received message, and then adopts the system cluster key KP to inspect the integrity of the received HMAC. After that, M 12 calculates HMAC KP (EM 11 ) and appends its own ID to the router. Eventually, M 12 employs SK 1,2BS1 for encryption of the whole message, subsequently and forwards the enciphered result to BS 1 .
When BS 1 receives the transmitted message, BS 1 utilises the session key SK 1,2BS1 to decipher them, and verifies the HMAC integrity. Subsequently, BS 1 puts its own ID to the routing path, and generates HMAC of the emergency message. Eventually, BS 1 enciphers all fields using the session key SK SK 1,BS1RBS , and then forwards the result to RBS. When RBS receives the enciphered message, subsequently deciphers them and inspects the integrity of the transmitted emergency message EM 11 sent from M 11 .

Secure data transmission analyses and computing evaluations
This research investigates the effectiveness evaluation of the above models of secure data transmissions, and performs several security analyses. Additionally, we also demonstrate that the proposed methods indeed decrease key resynchronisation time when nodes are leaving or joining, enhance the performance of secure data transmissions, and decrease key resynchronisation time when nodes are leaving or joining. Additionally, we also provides the decentralised key management with a scalable and flexible infrastructure. The detailed security analysis is as below.
(1) Authentication and confidentiality During the transmission, this study secures transmitted messages using a session key. Upon receipt of the enciphered message, it can only be deciphered by the owner of the same session key. However, since the other nodes have different session keys, they cannot decipher the enciphered message.
(2) Failure tolerance of the transmission path In the proposed mechanism, there are multiple routing paths that exist among sensors. If the original selected path is interrupted, the gateway mode will be the alternative route to execute information security transmissions, and therefore the entire system reverts to regularity. In addition, when transmitting data securely between peers, this mechanism makes it possible to carry out fast and efficient fault-tolerant routing protocols without a single point of failure.
(3) Correctness and integrity of data transmitted While transmitting, the present study examines the correctness and integrity of the transmission of the message by HMAC. Where two nodes are situated in separate clusters, the sender utilises the descendent or system cluster key to generate HMAC for later verification. As a result, the system prevents malware nodes from utilising the session keys to pass HMAC inspection. After reception of the enciphered message, the recipient deciphers the enciphered message, subsequently adopts the related cluster key and plain messages as inputs to compute and inspects the HMAC integrity. As we know, the hash function H is a non-reversible operation to generate HMAC. Where i = j is H(i) = H(j). A random number i and j cannot be taken into consideration in such a way that H(i) = H(j). Consequently, while transmitting, there is a sensor node which changes the delivered message, and the recipient immediately inspects the unequal HMAC and determines the altered data.
(4) Operations of data encryption and decryption As we know, PKI and asymmetric key schemes need lots of computing power. However, sensor nodes have no sufficient computing resources, and thus asymmetric key infrastructures are unsuitable for WSNs. In the proposed design, every sensor retains only one system group key, one descending group key and one session key for securing the delivered message, subsequently and adopts like MD5, SHA-3 or RIPEMD-160 hash functions to inspect the delivered message correctness and integrity. Additionally, session key operations and hash functions only consume few resources. As a result, the proposed schemes are plain, straightforward and quite appropriate for WSNs.
Moreover, this study simulates performance evaluation and analyses of various public key cryptosystems, and compares key operating costs and key communication costs. Here we assume that RBS and BS are absolutely secure and have constant power. The study performs a few ECDH processes on the sensor node, which utilises the prime field to establish an ECDH session key, subsequently and figures out a point multiplication on a SECP-160 curve.
Regarding the simulation scenarios of intra-cluster and inter-cluster infrastructures, this study evaluates the data transmission time and the key synchronisation time, and adopts the descendent cluster key and the system cluster key to achieve secure data transmissions of intra-cluster and inter-cluster. Moreover, we employ an ECDH session key for securely transmitting messages, which is similar to estimate the efficiency of gateway, inter-clusters and intra-clusters modes. For simplicity, this study utilises < x, y > pair to denote the length of the key of a security level, where x corresponds to the length of one HCECKA private key, and y corresponds to the length of one Diffie-Hellman (DH) private key. The mechanism of the DH key agreement is for both parties to find a shared private key to securely exchange and transmit the message in non-secure connections. Additionally, both the receiver and the sender own key pairs in the DH key protocol. Two parties combine one's private key with the other's public key to identify the shared common session key (Zhong et al., 2014). GDH extends the renowned two-party DH key protocol to n parties. The several versions of GDH, including GDH.2 and GDH.3, are considered to be particular group protocols. GDH places all members of a group into a binary tree or a logic ring. When increasing the quantity of group members, the quantity of communication rounds and the computing cost seriously influence the efficiency of the GDH key agreement.
To evaluate the efficiency and scalability of our proposed schemes in WSNs, this scenario adopts different cluster member nodes (1, 2, 4, and 8) to simulate various numbers of sensor nodes in WSNs (1,4,8,16,32,and 64), and compares various scenarios of the system cluster key convergence time for 1-64 members in WSNs. When the number of a cluster member node is 1, which means that each node is similar to a cluster head (BS); this is a special case. Simulation results in Figure 8 indicate that when member nodes of a cluster increase, the system cluster key synchronisation time for the cluster scheme outperforms that of the non-cluster schemes. The non-cluster scheme performs more operations in stages 1-7 to achieve key synchronisation.
In the same cluster, the simulated network of nodes (5, 10, 15, 20, 25, and 30) is used to build the descendent cluster key, and determines the synchronisation time. This study compares our proposed HCECKA with DH and GDH schemes on different key lengths. Simulation results indicate that GDH and DH must execute exponent operations. However, HCECKA needs only multiplication operations. Consequently, GDH requires significantly more computing time than HCECKA. Figure 9 illustrates the results of the simulation and shows the synchronisation time for constructing the descendant cluster key on HCECKA is less than GDH for < 224, 2048 bits > and < 160, 1024 bits > . Therefore, HCECKA exceeds DH in computing the descendent key on the synchronisation time.   In Figure 10, this study evaluates the time to synchronise the system cluster key construction for HCECKA and GDH. Initially, this study divides a network into two clusters containing member nodes (1, 2, 3, 4, 5, and 6). For two clusters, simulation results reveal that GDH takes more time than HCECKA to converge the system cluster key. The main reason is that every cluster head (BS) is the controller of the descendent cluster key. Consequently, in HCECKA, the entire system can rapidly synchronise the system cluster key, and only need both cluster heads to interchange their descendent cluster keys. However, in this GDH mechanism, each pair of nodes must exchange their keys, and therefore GDH takes more time than HCECKA. Figures 11 and 12 demonstrate that when a node is added or removed, the system must resynchronise the system cluster key. The simulation result shows that HCECKA spends less time than GDH to resynchronise the new system cluster key. The main factor is because multiplications spend significantly less time than exponential operations. Moreover, in the Figure 11. When one node participates in the system, the time to resynchronise the generation of the system cluster key. Figure 12. When a node departs from the system, the time to resynchronise the system cluster key.
HCECKA scheme, only a cluster with nodes leaving must recalculate the descendent cluster key, and the main loading focuses on three steps in stage 3 of section 3 for the purpose of recalculating the descendent cluster key. Subsequently, the system can determine the system cluster key within a few operations. However, in the non-cluster scheme for GDH, each node must perform all stages; thus the system requires many operations to calculate the system cluster key.
In different key management schemes, Figure 13 demonstrates the elapsed time of secure data transmission for gateway, inter-cluster, intra-cluster modes. Initially, HCECKA takes more time than ECDH to derive the system cluster key. After synchronisation, each node performs secure data transmission using the system cluster key. However, the ECDH scheme must perform session key operations during each secure data transmission phase. Comparison results demonstrate that the intra-cluster equipped with the mechanism using the system cluster key is more efficient than other mechanisms. Figure 14 illustrates the consuming time of intra-cluster secure data transmissions. This investigation compares ECDH with the system cluster key scheme of HCECKA, and finds that the transmission time of ECDH is almost 3.5 times that of the system cluster key scheme. These simulation results demonstrate that members of an intra-cluster exploit the descendent cluster key to secure transmitted messages without maintaining the session key for each transmission and take a lower time than ECDH. Additionally, our proposed scheme contains the single master key agreement, which is a particular case of HCECKA. Therefore, the Elliptic Curve Cryptography indeed reduces the key operation time. Figure 15 depicts the inter-cluster secure data transmission time. After the system cluster key synchronisation, each node enciphers the transmitted message, and adopts the H. Y. LIN Figure 13. Compare secure data transmission time for gateway, inter-cluster and intra-cluster modes.  same system cluster key (KP) between distinct clusters to generate HMAC. However, ECDH exchanges a session key between two linked sensors within the routing path, causing the system cluster key scheme to outperform ECDH. Figure 16 illustrates the time to securely transmit inter-cluster data through the gateway approach. That is this mode. The proposed approach exploits the shortest routing path to secure data transmissions between two distinct clusters using the ECDH session key. Meanwhile, this investigation provides a system cluster key option to improve the secure Figure 16. Pass through the gateway nodes, the time required to securely transmit data within an intercluster. data transmission efficiency. As the results of these simulations demonstrate that the system cluster key scheme using the gateway mode outperforms ECDH. The transmission time of using ECDH is nearly 4.2 times that of the system cluster key scheme with the gateway mode.
Based on the proposed scheme, this study demonstrates that the main computing load of each base station (BS) performs n-1 times multiplication operations to determine the descendent cluster key (for nodes 1 ∼ n-1), and two multiplication operations in order to determine the system cluster key. Additionally, during transmissions, a routing path includes the cluster head that requires the cluster head to encipher and decipher transmitted data and calculate the HMAC code. Moreover, the sensor nodes are responsible for two multiplication operations to assist in determining the descendent cluster key, encipher and decipher transmitted data, and estimate HMAC. The root base station (RBS) performs n-1 times multiplication operations to determine the system cluster key (for base stations 1 ∼ n-1). Consequently, the computing overhead of cluster heads is larger than that of others.
This study surveys various ID-Based Cryptography (IBC) schemes (Sumalatha & Sathyanarayana, 2015). M. Arifi et al. utilised a ternary tree to come up with an authenticated group key agreement based on identification (ID-AGKA) (Bala et al., 2016;Mandal et al., 2020), which was also considered when a member takes part in or departs from the group, and this system needed to reconstruct the group key. Contrary to conventional public key cryptosystems, non-certified public key cryptographic systems assure the authenticity of non-certified public keys. A similar protocol "Certificateless Authenticated Group Key Agreement protocol for dynamic groups" (CAGKA) was considered. Sungchul et al. (2007;Yong et al., 2013) proposed CAGKA to overcome the shortcomings of CL-PKC and to support changing group membership (joining or leaving). Debabrat et al. (2014) implemented the ElGamal Elliptic Curve Cryptography over prime field using C. The Distributed Local Key Hierarchy (DLKH) such as the Group Tree-based Diffie-Hellman (TGDH) (Ranjani et al., 2011;Lin et al., 2011) agreement and the Distributed One-way Function Trees (DOFT) (Hajyvahabzadeh et al., 2012; were also considered.
Since HCECKA is enhanced DH and GDH version, they use a key exchange protocol. So we use DH and GDH as evaluated standards to prove that our proposed scheme outperforms DH and GDH. Here, we survey the additional ECC EIgama scheme that is approximate to our  proposed scheme, and ECC EIgama uses additions, minuses and multiplications without exponentiations to achieve the entire operations. This study adds the comparison of key operating costs and communication costs between HCECKA and ECC EIgama, and proves that our proposed architecture is better than traditional DH and GDH as well as ECC EIgama. Table 2 compares key operating costs and communication costs of these schemes.

Conclusions
This study employs the elliptic curve cryptography to integrate a key management scheme, and furthermore propose a hierarchy-based key agreement named HCECKA to deal with secure group data transmission. The mechanism that we propose utilises shorter keys to reach the same security level as RSA and Diffe-Hellman (Wei et al., 2021;Li et al., 2017). Furthermore, this study implements HCECKA on large-scale WSNs to perform key management very well suited. The simulation result shows that HCECKA is quite appropriate for resourceconstrained environments such as Internet of Things (IoT) , Ad Hoc networks and WSNs. Moreover, during the secure data transmission, HCECKA indeed consumes less resynchronisation time of constructing the system key than GDH and DH key agreement.
Moreover, we also propose a distributed group key agreement protocol with scalable and flexible capabilities. This mechanism utilises multiplications instead of exponential operations when performing ECDH (Jiang et al., 2021;Xiao et al., 2018), and therefore effectively lowers the CPU overhead (Alessandro et al., 2020;Tingting et al., 2020). The mechanism we offer is very well suited to implement on a large scale WSNs carrying out dynamic key operations.
This research offers multiple communication modes to increase the performance for securely transmitting data. Within the same cluster, this study provides the intra-cluster mode to secure transmitted data among nodes. When the source node and the target node are located in different clusters, the proposed inter-cluster mode or gateway mode also can accomplish secure data transmissions. Our method employs an efficient hash function and simple key operations to inspect the integrity of transmitted data and secure the transmitted data, respectively, and therefore reduce the requirement of complicated operations in WSNs.
Eventually, the analyses of simulation results demonstrate that HCECKA exceeds other mechanisms on rekeying efficiency and communication overhead. Therefore, HCECKA is quite suited for the large scale of IoT or WSNs without sufficient resources. Especially, in industry, IoT is a tendency. However, IoT is exposed to an open environment. Our proposed approach could be applied to many industrial fields, and significantly improve the security issues.

Disclosure statement
No potential conflict of interest was reported by the author.

Data availability statement
The data that support the findings of this study are available on request.