A Multipath Routing Approach for Secure and Reliable Data Delivery in Wireless Sensor Networks

The severe resource constraints and challenging deployment environments of wireless sensor networks (WSNs) pose challenges for the security and reliability of data transmission for these networks. In this paper, we present and evaluate a secure and reliable routing mechanism offering different levels of security in an energy-efficient way for WSNs. Our approach uses node-disjoint routing and the selection mechanism of these paths depends on different application requirements in terms of security. The original data message is split into packets that are coded using Reed-Solomon (RS) codes and, to provide diverse levels of security, different number of fragments is encrypted related to the requested security level before being transmitted along independent node-disjoint paths. This technique makes encryption feasible for energy-constrained and delay-sensitive applications while still maintaining a robust security protection. We describe how to find the secure multipath, the number of these paths, and how to allocate fragments on each path seeking to enhance security and improve data reliability. Extensive analysis and performance evaluation show that data transmission security and reliability can be enhanced while respecting the resource constraints of WSNs.


Introduction
Advances in wireless sensor networks have enabled a wide range of application across many fields.Many of these applications have high quality of service (QoS) requirements in terms of security and reliability of data transmission.
Wireless sensor networks (WSNs) are characterized by severe resource constraints of sensor nodes, unreliable nature of the wireless links, dynamic changing in the size and density of the network, and the high risk of physical attacks to sensors.Many routing protocols have been proposed to overcome these constraints and improve the QoS in wireless networks.However, most of the existing protocols provide either secure [1] or QoS [2][3][4][5] routing.Few protocols have combined these two requirements [6][7][8][9].
Secure multipath routing protocols in WSNs can be divided into three categories based on the security-related operational objective [1].The multipath routing protection only, the attack-specific, and the security operations support.The security-based multipath routing protection protocol is the interest of this paper in which the multipath routing is used to improve the security, increase reliability of data transmission, provide load balancing, and decrease the end-to-end delay.
A common approach to provide reliability in WSNs is to use forward error correction (FEC) technique as a replication mechanism in multipath routing to increase data transmission reliability, decrease energy consumption, and increase the network lifetime while avoiding the costly or impossible data retransmission due to the severe resource constraints of sensor nodes [10].However, this approach required sending more data than necessary over the multipath in order to tolerate a certain number of path failures.
This paper was motivated mainly by the observations that most traditional encryption algorithms are complex and may introduce a severe delay in sensor nodes.For instance, the encryption time of each 128-bit block using the AES algorithm is about 1.8 ms on a MicaZ platform [11].Our approach therefore proposes to encrypt only a certain fraction of the RS [12] codewords while the remaining portion is transmitted unprotected.Our scheme makes encryption feasible for energy-constrained and delay-sensitive applications while still maintaining a robust security protection.
International Journal of Distributed Sensor Networks Our major contributions in this paper are the following.First, we introduce a new mechanism for secure and reliable data transmission in WSNs multipath routing, derived from node-disjoint multipath and combined with source coding in order to enhance both security and reliability of data transmission in the network.Second, we define different levels of security requirements and depending on these requirements, a selective encryption scheme is introduced to encrypt selected number of coded fragments in order to enhance security and thereby reduce the time required for encryption.Finally, an allocation strategy that allocates fragments on paths is introduced to enhance both the security and probability of successful data delivery.
The remainder of this paper is organized as follows.In the next section, we review the related work on secure and reliable multipath routing protocols.The routing problem metrics are formulated in Section 3. Section 4 provides a detailed description of the proposed secure mechanism.In Section 5, we describe our methodology for evaluating the security and reliability.A detailed case study is presented with different required security levels and possible attack scenarios.The simulation model and the performance evaluation are presented.Finally, we conclude our work in Section 6.

Related Work
In the literature, encryption techniques have been developed for secure multipath routing protocols in WSNs.In [1], an extensive survey has been conducted on the current state of the art for secure multipath routing protocols.The securityrelated issues, threats, and attacks in WSNs and some of the solutions can be found in [13].
One of the possible solutions to support secure and reliable data transmission is to combine multipath routing protocols with secret sharing algorithm.In (, ) threshold secret sharing algorithm [14], the original data message is divided into  shares and sent to the destination over different paths.The original message can be reconstructed from any  shares, while no information about the original message can be obtained with less than  shares.The main drawback of using the secret sharing method is the large amount of traffic and redundancy involved.H-SPREAD [6] protocol is proposed as an extended version of SPREAD protocol [7] which used multipath between a single source-destination pair to deliver multiple secret message shares in order to enhance the data confidentiality in mobile ad hoc networks.H-SPREAD proposed for WSNs a distributed many-to-one multipath discovery protocol by employing two phases of flooding in order to enhance the security and reliability of data transmission.To enhance reliability, H-SPREAD uses an active per-hop packet salvaging strategy; the sender forwards the packet over another path instead of dropping it when unsuccessful transmission occurs to increase the probability that the data packet is delivered to the sink.Although, H-SPREAD protocol provides security in terms of resilience against node capture, it does not provide any authentication mechanism.Thus, many network layer attacks such as Sinkhole or Wormhole on routing protocols that attract traffic by advertising high-quality route to the sink are related with the goal of affecting the construction of paths.Furthermore, the construction of the spanning tree used in this protocol introduces high overhead.
Other possible solutions to support secure and reliable data transmission is the combination of data encryption and FEC technique [8,9].The main concept of this combination is to encrypt the original data message, encode the encrypted message using FEC coding, and then route it to the destination.A secure, multiversion, multipath protocol, MVMP, is proposed in [9] to offer a secure and reliable data communication in WSNs.MVMP consists of four steps: divide the original data message into groups, encrypt each group using different cryptographic algorithms, code the encrypted packets using RS codes, and transmit the coded packets on multiple disjoint paths that are assumed to be established before the data transmission.The data packet can be compromised when certain amount of codewords over different paths are intercepted and all the encryption algorithms used for the transmission are known.Moreover, to reconstruct the original message, the attacker needs to make all possible packet combinations, which is a resource challenging task.Although MVMP protocol uses different cryptographic algorithms in order to enhance data transmission security; this strategy could be expensive in resource-constrained environments such as WSN.
In [15], a secure and reliable node-disjoint multipath routing protocol is proposed in order to minimize the worst case security risk and to maximize the packet delivery ratio under attacks.The multipath routing problem is modeled as an optimization problem and solved by a heuristic algorithm using game theory, and a routing solution is derived to achieve a tradeoff between route security and delivery ratio in worst scenarios.The protocol focuses on the worst case attack scenarios to achieve the design objective of providing the best security and/or delivery ratio.Although the protocol assumes using link reliability history in the computations, in WSN the sensors and the communication links change frequently and are time varying.This required a frequent update of the computation of paths to discover the most reliable and secure paths.Also, the protocol assumes that each node has a full knowledge of the whole network topology which is considered an expensive assumption in WSN.
An intrusion-fault tolerant routing scheme proposed in [16] offers a high level of reliability by a secure multipath routing construction topology and uses one-way hash chains to secure the construction of a multipath, many-to-one dissemination topology.
A secure and energy-efficient multipath routing protocol for wireless sensor networks is proposed in [17].Disjoint and braided paths are constructed using a modification of the breadth first search algorithm.The sink executes the paths discovery, selection, and maintenance in a centralized way.The authors claim that network layer attacks such as Sinkhole and Wormhole are not related since routing paths are selected by the sink node and periodically changed to prolong the lifetime of the network.Also, the protocol addresses the replayed attack by having each packet identified by a unique sequence number to be transmitted only once.However, the protocol does not use any encryption and authentication mechanism to protect against a number of attacks; this means that an attacker can affect the paths construction process.Moreover, the sink needs to have information of the whole network topology which requires that each node sends its neighbors list to the sink, and this process consumes huge energy and introduces extra overhead.
Enhancing data security in ad hoc networks based on multipath routing is proposed in [18], which is designed on the multipath routing characteristics of ad hoc networks and uses a route selection based on the security costs without modifying the lower layer protocols.The authors claim that the proposed protocol can be combined with solutions which consider security aspects other than confidentiality to improve significantly the efficiency of security systems in ad hoc networks.The protocol in [18] is designed for an ad hoc network where the number of nodes in the network is considerably low and the capability of node is usually better than that of sensor networks.Thus, the protocol cannot directly fit the properties of sensor networks.
Our work differs from the above existing schemes by considering different levels of security requirements to encrypt limited number of packets contingent to these requirements in order to enhance data transmission security at lower cost than full packet encryption.The new mechanism proposed adapts to the resource constraints of WSNs by combining FEC technique and selective cryptographic algorithms to achieve secure and reliable data transmission in an energyefficient way for WSNs.Unlike [9], the original message is split into packets that are first coded using RS codes.Then depending on the required security level, the selective encryption scheme is used to encrypt a selected number of coded fragments before being transmitted along different disjoint paths.Thus, the security can be achieved while respecting the resource constraints of WSNs.

QoS Routing Problem Formulation
3.1.Replication and Erasure Coding.Erasure coding has been used in distributed systems to achieve load balancing and fault tolerance, but recently [10] it has been used for WSNs as a replication mechanism in multipath routing to increase the data transmission reliability while decreasing energy consumption and increasing network lifetime.The advantage of using data replication is to avoid the costly or impossible data retransmission in WSNs due to the severe resource constraints of sensor nodes.RS code is the simplest and the widely used FEC codes for achieving reliable data transmission in networks.
In the network layer, we assume that there are totally  available disjoint paths between the source node and the sink.Only the source node and the sink are active participants in the coding/decoding process while no processing is needed at the intermediate nodes.Using RS codes, the source node codes each data packet of size  bits it receives into  fragments each of size  bits and generates another  parity fragments to have in total a set of  +  fragments.If the sink receives any  fragments, it can recover the original data packet allowing at most  lost fragments.Denote the fragments allocation as  = [ 1 ,  2 , . . .,   ], where   is an integer and is the number of fragments allocated to path  and  is the number of node-disjoint paths from source node to sink, as shown in Figure 1 [10].The allocation of fragments on each path is determined with a load balancing algorithm where ∑  =1   =  + .The value of  determines the loss recovery capability of the code.Given a fixed value of  + , smaller  means less data information and more redundancy contained in each encoded block, thus the loss, recovery capability is better.If   is a random variable that indicates the number of fragments received on path  , then we have ∑  =1   ≥ .Typically, the code rate is  = /( + ), the redundancy ratio is  = /( + ), the maximum codeword length for a RS code is  = 2  − 1, and the coding overhead is ℎ = /.

Security.
A path is compromised when one or more node in the path is compromised.In this paper, node-disjoint paths are used; vthus the probability of compromising of a single path is not correlated with the probability of compromising of other paths.We assume that the source node and the sink are trustworthy.The source node selects  paths out of the  node-disjoint paths to route the data packet to the sink.The probability that the data packet is compromised,  pkt , is defined as where  path  is the probability that path  is compromised and is given as where   is the probability that a sensor node is compromised,  ∈ ,  is the number of sensor nodes on path  and 0 ≤  path  ≤ 1.
Note that the probability   indicates the security level of node  and could be estimated from the feedback of some security-monitoring software or hardware such as firewalls and intrusion detection devices [18].
The proposed mechanism uses RS coding to send the  +  fragments on  node-disjoint paths.To improve the security of the data transmission consider the following.
(1) Allocate fragments on as many paths as possible in order to minimize the probability  pkt .The total number of fragments for each packet is equal to , that is  +  = .In this case, one fragment is transmitted on each path.With such allocation, the probability that the data packet is compromised,  pkt , is equal to the probability that  out of  paths are compromised,  pkt = ∏  =1  path  .Thus, the more paths are used, the less  pkt is, and the better the security is, Figure 2.
However, this strategy could be expensive in resources constraint networks like WSNs since it introduces a large storage and communication overhead.Moreover, fragments might be dropped on some paths due to the error-prone nature of sensor nodes and wireless links and to reconstruct the original data packet, a minimum of  paths are needed  to successfully deliver the required number of fragments to the sink.
(2) To achieve the highest security level, the allocated fragments on any path,   , should be less than .With such allocation an attacker must intercept more than one path to get the  fragments required to reconstruct the data packet.The allocated fragments on each path should be as follows: This strategy is used in the proposed security mechanism.
(3) Minimize  path  such that  pkt is minimized, (1).By using a path that contains as few nodes as possible, the shortest path and/or, path that contains the highest secure nodes among others minimizes  path  , (2).

Reliability.
Multipath routing is one way of improving the reliability of data transmission by sending duplicated data via multiple paths.Thus, a packet is delivered to the destination even if some paths fail.The main drawbacks of the multipath routing are the higher energy consumption and the high probability of network congestion due to the increased number of messages which in turn impact the performance of the network.However, to improve the reliability of data transmission while respecting the network energy constraint, redundancy is applied using erasure coding on multipath routing.The idea is to send more fragments,  + , than the minimum required fragments, , to recover the original packet at the sink.In our proposed routing mechanism, the reliability of data transmission, the successful end-toend data delivery, is achieved by sending the fragments of RS codeword on  selected node-disjoint multipath and to guarantee that the codeword packet is recoverable from any ⌈/2⌉ paths, we need to ensure that fragments allocation on any ⌈/2⌉ paths follows, 3.4.Delay.The total path delay,  path , includes the sum of time required for processing, queuing, transmission and propagation for all the nodes along the path.If coding and encryption are used, the path delay equals ( path +  cod +  enc ), where  cod and  enc are the coding time and the encryption time, respectively. enc is related to number of bits to be encrypted,  bit , the unit-block encryption time,  blk , and the encryption block size,  blk , [19].This is given as follows, Encryption block size varies between different encryption algorithms and may also vary within the same encryption algorithm while the unit-block encryption time can be measured on specific platforms.Thus, choosing the appropriate block size as well as the total amount of bits to be encrypted can affect the delay performance of the network.Therefore, in our proposed selective encryption approach, a minimum amount of data is selected for encryption contingent to the security requirements.In this way, encryption time is reduced due to the need to encrypt fewer packets.Also, the energy required to encrypt the extra packets is conserved while still maintaining the required security level.

Proposed Protocol
An on demand routing protocol [20] is used to build multiple disjoint paths using route request/reply phases.Each sensor node is assumed to update the local states of its one-hop neighbors by broadcasting a HELLO message in which the links conditions are reported.Each node then maintains and updates its neighboring table information to record the link performance between itself and its direct neighbor nodes in terms of the probability that a sensor node is compromised,   .When the source node has data packet to transmit to the sink to which it has no available route, it starts the route discovery phase by transmitting a short route request message, RREQ, as shown in Figure 3(a).An RREQ message is broadcasted to all the neighbors of the source node within its transmission range, in which the required security level (in terms of message compromising probability),  req , the path information (ℎ,  path ) are transferred to the sink.Each intermediate node updates the information of its one-hop local states, including the path compromising probability and hop count information.The route discovery phase is therefore introduced.

Next Node Selection.
In order to achieve the shortest hop count from the current node to the sink, we assume that only the neighbors that are closer to the sink than the current node are added to the neighbor list as a candidate node.Since security is the essential metric in choosing different paths and to maximize the path security (Section 3), and to ensure constructing node-disjoint paths, each intermediate node selects one node as the next hop from its neighbor list to forward the RREQ, the neighbor with the highest security among all, smallest   .However, if the selected node is already reserved then the next neighbor with the smallest   will be selected and so on.The selected node then modifies the path information in the RREQ message (hop and  path  in Figure 3(a)), before forwarding the message to the next selected neighbor.The probability of path compromising,  path , is updated according to (2) and the value of hop count, hop, is increased by one.Note that the initial values of hop and  path  at the source node are zero.

Number of Path Selection.
The sink estimates the number of all available node-disjoint paths to the source from the number of the RREQ messages received to decide on choosing the first  most secure paths that satisfy the required security level.From these RREQ messages it obtains information about security and number of hops on each path.The sink sends back the route reply message, RREP, Figure 3(b), via the selected paths.Algorithm 1 is used to determine the number of node-disjoint multipath, , which are used to transmit data message between the source and the sink.For each data transmission, given  available nodedisjoint paths between the source and the sink, the sink sorts these available paths according to the security characteristics of each path (in terms of the probability that path  is compromised), such that the first path is the highest secure one and so on.The sink then calculates the probability that a packet is compromised,  pkt , using (1).According to (1) more paths are chosen to lower  pkt and enhance the security in order to deliver the data packet.Our proposed protocol only needs to select the first  paths ( ≥ 2) satisfying  pkt ≤ (1 −  req ).

Security Mechanism.
The following consecutive steps are involved in the routing mechanism to ensure the communication security level and are illustrated in Figure 4 [21].
(1) Divide the original data message of size  into  packets each of  fragments of size  bits.Assume the number of packets is equivalent to the number of paths used to transmit the data, , such that  = ⌈/⌉.If the last packet is less than  fragments, zero padding [9] is applied to meet the length requirements of RS codes.
(2) Encode each packet using RS codes to generate  data fragments and  parity fragments as a codeword of size + fragments such that  ≤ .For each codeword packet, allocate one fragment on each path starting from the highest secure path and repeat this process till all the + fragments are assigned on the selected multipath and ensure that the number of allocated fragments on each path,   , follows (3) Depending on the required security level, the number of fragments to be encrypted,  enc , is calculated as follows: where  is determined according to the required security level and 1 ≤  ≤ .As shown in Figure 4, for a low security requirement,  = 1, source node only encrypts any  enc =  + 1 of  +  fragments from the codeword.For each codeword, an attacker must receive at least  of the  +  fragments and be able to decrypt the encrypted fragments to restore the codeword.On the other hand, when the required security level is high, then  = , which requires to encrypt  enc =  +  fragments for each codeword.In order to compromise the data packet, the attacker must receive and be able to decrypt all  fragments to reconstruct the codeword.

International Journal of Distributed Sensor Networks
(4) Route all the fragments on the  node-disjoint paths to the sink with each path carrying   fragments according to (4) and (6).To enhance security the encrypted fragments from the same codeword are transmitted on different paths.
(5) At the sink side, the encrypted fragments are decrypted first and then all the fragments are decoded to reconstruct the original data packet.

Evaluation Methodology
In this section, we precisely explain the security and reliability behaviors of the proposed mechanism.For security metric, we describe different scenarios to compromise the data packet, and for the reliability metric, we describe the failure models for which we evaluate the resiliency of our mechanisms.

Case Study.
To help illustrate, we present an example on how the proposed mechanism functions with diverse security levels and attacker scenarios.Suppose we have a 9-byte data message to be transmitted to the sink.Let  = 3 and assume using packet-level RS (5, 3) code, where  = 3 and + = 5.Bit-level RS can also be used.The RS codeword packet has the following matrix format: where  ,1 ⋅ ⋅ ⋅  , and  ,1 ⋅ ⋅ ⋅  , are the data and parity fragments for codeword , respectively.
= number of available node-disjoint paths (source to sink) Sort for  path such that  path 1 <  path 2 < ⋅ ⋅ ⋅ <  path   = 1; //Initialization  pkt 1 =  path 1 //Calculate the probability of compromising a packet on the first path for ( = 2;  ≤ ; ++) //if the required security is reached { number of paths to be used = ; break; } } Algorithm 1: Calculating the number of paths related to the required security level.
Step 1 (division).For  = 3, divide the 9 byte data message to three packets of the size of 3-byte.
Step 2 (coding).The three packets are coded using RS code to generate three codewords each of the size of 5-byte as follows: ) , ) .

(9)
Step 3 and 4 (encryption and routing).Depending on the required security level, encrypt any  enc fragments, (7), for each codeword using any encryption algorithm and allocate fragments on  paths according to (4) and ( 6).Scenario 1.For low security requirement,  enc =  + 1,  enc = 3 fragments: ) In this scenario, the attacker must intercept at least two paths and decrypt six fragments to get the three codewords.Scenario 2. For moderate security requirement,  enc = +2,  enc = 4 fragments. ) The attacker must intercept at least two paths and decrypt eight fragments to get the three codewords.Scenario 3.For high security requirement,  enc =  + ,  enc = 5 fragments: ) In this scenario, the attacker needs to intercept at least two paths and be able to encrypt a total of ten fragments to get the three codewords.For all the above scenarios, an attacker needs to decode each codeword to be able to reconstruct the original data message and the allocation of fragments on the paths, allowing for  resilience to a failure of one path, which can be any path, since the three data fragments for each codeword can be obtained from the other two paths.

Multipath Protocol Performance Evaluation.
In this section, we evaluate the proposed mechanism using the same scenario presented in Section 5.1 and compare it with the protocols that used the (, ) threshold secret sharing scheme [6,7] and RS coding technique, MVMP [9].We present the comparison in Table 1 in terms of the total number of transmitted, redundant, and encrypted packets as well as the coding redundancy ratio.
Clearly, the number of encrypted packets in MVMP protocol is equal to the encrypted packet of our proposed protocol when the demanded security level is high.However, when the demanded security level is low, our proposed protocol encrypts only three packets while MVMP protocol has a fixed number of fifteen encrypted packets.Note that encrypted packets influence encryption time and energy consumption.We recognize that the encryption delay is related to the total amount of bits to be encrypted for each data packet (Section 3.4).Thus, the proposed security mechanism selects a minimum amount of data for encryption.In WSNs, if sensors run different encryption algorithms, like in MVMP protocol, it may lead to varying computational delays.For instance, the traditional RC4 algorithm takes 344 sec to encrypt a block on the Atmega103 processor; however, it only takes 10 Sec on the StrongARM processor [22].Also in [23], the experiment results show that the encryption process of RC5 algorithm consumes more energy than that of AES on MicaZ platform.Moreover, our proposed security mechanism uses one encryption algorithm while still maintaining a robust security protection unlike MVMP protocol where multiple versions of encryption algorithms are used to maintain the security.
We have conducted an extensive simulation study using C++ to evaluate the performance of our protocol.We adapted the same codes used in our previously published works [20,24].These papers illustrated the validity and comparability of our implementation, in which the validation tests cover  the basic functionality of the on-demand routing protocol in WSNs.In WSNs, the likelihood of finding node-disjoint paths increases at higher node densities [25].Thus, in order to increase the probability of finding these paths to evaluate the performance of our proposed protocol, we consider a network where 100 to 500 nodes are randomly scattered in a field of 500 m × 500 m area.We assume that all sensor nodes are static after deployment with transmission range of 100 m.
The simulation parameters that we use are as follows.Source nodes are picked randomly, at least two hops away from the sink, to transmit a data packet at fixed generation rate of 1 packet/sec.The simulation time is 750 sec.We use two types of security scenarios in each simulation.In Scenario 1, each node is assumed equally likely to be compromised with probability,   = 0.14.In the second scenario and to evaluate the worst case where the probability that a sensor node is compromised,   , is changed suddenly at any transmission instant and is randomly distributed as presented in Table 2. Simulation results are obtained from different configurations to reduce the effect of the position of sensors.The results shown are averaged over 10 simulation runs.
The proposed mechanism depends on the availability of finding multiple node-disjoint paths and to justify the possibility of finding these paths in WSNs, the security requirements are not considered in this step.Figure 5 shows the probability of finding the maximal number of node-disjoint paths between the source nodes and the sink.As the number of paths found in both scenarios is equal, we only report one result in Figure 5, and this indicates that the process of finding the maximum number of paths depends on the network topology only.
Figures 6 and 7 illustrate the security performance and the number of used paths for various network sizes (500 and It is clear that our mechanism is effective in increasing the security performance of a message according to the requested security.The probability that the message is compromised decreases with the increase of the security requirements since the number of paths used is related to these requirements.This result verifies the effectiveness of our mechanism.We also observe that when nodes are with different security levels (Scenario 2), our algorithm tends to select more secure paths compared to Scenario 1.However, in both scenarios, the probability that the message is compromised increases as the number of nodes increases.When the number of nodes increases, there are more sensor nodes available for forwarding packets.
In Figure 8, the number of encrypted fragments ( enc ) for different values of parity fragments ( = 1, 2, . . .,  ≤ ) are presented.The data packet is set to  = 10 fragments.The number of encrypted fragments used in MVMP mechanism is compared with the lowest and the highest security requirements in our proposed protocol.The other  req values show the same trend (between the two curves) and therefore are omitted.In MVMP mechanism all the fragments of the coded packet ( + ) are encrypted.Thus, the number of encrypted fragments using MVMP mechanism equals the number of encrypted fragments of the proposed mechanism at the highest security requirements.Clearly, the number of encrypted fragments is higher for the highest security requirement ( req = 1-10 −10 ) to the encrypted fragments of the lowest security requirement ( req = 1-10 −1 ); from 81.82% to 45% less fragments are encrypted for the lowest security requirement for  = 1 to 10, respectively.Obviously, when the demanded security level is high, our proposed protocol encrypts  +  fragments similar to MVMP mechanism.However, when the demanded security level is low,  + 1 are  encrypted.Note that encrypted packets influence encryption time and energy consumption; more encrypted fragments require more time and consume more energy.

Conclusions
In this paper, we propose and evaluate a secure and reliable routing protocol for WSNs that is designed to handle the application security requirements and reliable data transmission using coding and selective encryption scheme.In the proposed protocol, RS code is used to provide reliability and security.The proposed routing protocol is based on the node-disjoint multipath established depending on the link security parameters.The sink node decides on the paths selection process in order to satisfy the application requirements and the number of these paths is determined to enhance the security.Thus, different number of paths can International Journal of Distributed Sensor Networks be used for different security requirements.A novel security mechanism is proposed to support secure data transmission while respecting the network restrictions in terms of energy.The protocol reduces the energy consumption at sensor nodes by moving the path selection process to the sink node.Moreover, reducing the number of encrypted packets based on the required level of security limits energy consumption.Using different paths for different security requirements to route data and permitting the sink to be responsible for the path selection process, attacks such as the Sinkhole and Wormhole are no longer related, where in a Sinkhole attack the attacker tries to attract the traffic of surrounding neighbors by making itself look attractive to the surrounding neighbors with respect to the routing metric, and in a Wormhole attack two or more attackers may establish better communication tunnels between them in the path.

Figure 2 :
Figure 2: Relationship between data packet compromising probability,  pkt , and the number of used paths, , for different path compromising values,  path  [0.1, 0.9].
b e r o f a v a il a b le p a th s (  ) N um be r of no de s