Integrated Protocols to Ensure Security Services in Wireless Sensor Networks

Security in current/next generation wireless sensor network (WSN) is challenging, due to its special characteristics and the scarcity of energy, and processing power. Thus, many security methods are trying to solve the problem of security in wireless sensor networks. Many of these methods use symmetric cryptography, and others use asymmetric cryptography. Security in WSN demands authentication, confidentiality, integrity, balancing the energy cost, nonreputation, and scalability services. In this paper, we introduce two protocols to address these main security services. The proposed protocols integrate public key and symmetric key algorithms to ensure optimal usage of sensors’ energy and processing power to provide adequate security in next generation WSN. The proposed protocols utilize Elliptic Curve Cryptography (ECC), Advanced Encryption Standard (AES), Certification Authority (CA), and Registration Authority (RA) to achieve a reasonable tradeoff.


Introduction
WSNs are infrastructureless and fully distributed systems of self-configurable and self-organizing. WSNs are used in industry process control, military sensing and tracking, environmental monitoring, patient monitoring, and so forth [1]. In the last two decades, many research efforts proposed various security services for WSNs [2][3][4][5][6]. These works used symmetric or asymmetric cryptography along with other tools to handle security needs for WSNs [7,8]. In this paper, we integrate the symmetric and asymmetric key cryptography to ensure security and optimize energy usage. The proposed protocols focus on creating a Light Public Key Infrastructure protocol and Special Cluster based Multipath Routing Protocol. The proposed protocols are Light Public Key Infrastructure (L-PKI) protocol and Secure and Energy-efficient Cluster based Multipath Routing (SECMRP) protocol.
Our main contribution is integrating a lightweight PKI that utilizes ECC and AES crypto algorithms with a secure data transmission service via multipath in an efficient manner, in terms of resource and power consumption. The proposed protocols enhance the security of WSN by providing mutual authentication between neighbor nodes and sending the data via multipath for redundancy. This paper is organized as follows. Section 2 talks about related work. Section 3 explains the WSN architecture. Section 4 gives an overview of the proposed protocols. Section 5 presents the L-PKI protocol. Section 6 presents the SECMRP protocol. Section 7 describes system's experimentation and results. Section 8 compares results between our work and related work. Finally, Section 9 concludes.

Related Work
This work combines key management and route discovery protocols in WSN. Thus, related work can be divided into two major subsections: key management protocols and route discovery protocols.

Key Management Protocols.
Using public key cryptography, we can ensure confidentiality, authentication, and integrity. A PKI is an efficient tool for achieving key management in networks [9]. PKI is greedy in terms of resources. It typically consumes a lot of energy and bandwidth through extensive use of public key crypto. Thus, using PKI in WSN is challenging. Many studies focuses on developing public key cryptographic algorithms that are more efficient energy efficient such as Elliptic Curve Cryptography (ECC) [10]. Several 2 International Journal of Distributed Sensor Networks research groups have successfully implemented public key cryptography in WSNs [4][5][6].
TinyPK attempts to secure sensor networks with publickey cryptography and implements a public key-based protocol that allows authentication and key exchange between an external party and a sensor network [11]. TinyPK focuses on supporting confidentiality and source authentication for sensor network traffic. TinyPK is based on RSA 1024 bits [12]. TinyPK is implemented on UC Berkeley MICA2 motes using the TinyOS development environment. TinyPK uses other symmetric encryption and Diffie-Hellman key agreement algorithm [13] to exchange secret keys. TinyPK uses a CA whose public key has to be preloaded into the nodes during preconfiguration phase. In our approach we use ECC instead of RSA, which would give an advantage for performance and battery consumption. Also, we avoid overusing Diffie-Hellman key exchange to avoid potential man-in-the-middle attacks.
PKI [9] is a lightweight implementation of PKI for WSNs. In this protocol, two handshakes are used: the first handshake between the BS and each sensor in the network and the second handshake between each pair of node in the network intended to secure sensor to sensor communication.
In PKI, only the BS needs to be authenticated. PKI uses the public key cryptography in the key distribution operation.
PKI assumes the existence of an offline communication protocol to distribute the public key of the BS to each sensor in the network. Thus, PKI uses the public key in the handshake between the BS and sensors. In this handshake, each sensor generates and encrypts the session key using the public key of the BS. The purpose of the first handshake is to create a secure end-to-end transmission between each node and the BS. The second handshake, which is between each pair of node, is used to establish a secure channel between them. In this handshake, one of these nodes sends request to the BS. This request contains the identifier of the corresponding node. The BS responds to this request by generating a random key then encrypts a copy for each sensor using the corresponding session key, which has been created in the first handshake. Actually, in PKI protocol the security can be broken by knowing the public key of the BS. Any malicious node can then encrypt a session key using the BS's public key. The BS plays the main role in the operation of creating the session key between each pair of nodes. Thus, a lot of traffic exists.

Route Discovery Protocols.
Routing in WSNs is challenging, as there are many routing protocols: some producing a single path only, while others produce multipath. To ensure the security of WSNs, the scheme should ensure the security of route discovery and data transmission. Several protocols have been proposed for route discovery.
Secure and Energy-Efficient Multipath Routing Protocol (SEEM) [14] proposed multipath routing protocols where instead of using the initial lowest energy route for communication, the BS finds multipath to the source of the data and selects one to use during the communication. Furthermore, the BS updates the available energy of each node along the path depending on the amount of packets being sent and received [14]. The BS then uses the updated energy state of each node to select new paths. BS in SEEM works as a server, which floods the query to the network. The node that satisfies the query will send a request to the BS for sending a path. SEEM does not use any cryptographic mechanisms to address confidentiality. SEEM constructs disjoint and braided paths using a modification of the Breadth First Search algorithm [14].
INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS) proposes a multipath routing protocol that minimizes the computation, communication, storage, and bandwidth required at the sensor nodes in the operation of route discovery [15]. INSENS does not rely on detecting intrusions but rather tolerates intrusions by bypassing the malicious nodes. An important property of INSENS is that while a malicious node may be able to compromise a small number of nodes in its vicinity, it cannot cause widespread damage in the network [15]. In INSENS, the BS plays an important role in the operation of routing discovery. The BS always receives knowledge of the topology of the network and finds multipath to each node in the network, and then the BS unicasts the multipath table to each corresponding node [15].
SECMRP uses the concept of multipath and clustering to deal with security and efficiency. SECMRP enhances the security issue of SEEM and, at the same time, uses two disjointed paths to send sensed data to the CH. In SEEM, the BS works as a server, which floods the query to the network, and the node which satisfies the query will send a request to the BS for a path, but CH in SECMRP periodically sends paths to each node. SEEM increases the network lifetime about 35% as compared to directed diffusion. So that we can say that SECMRP is energy efficient and is able to enhance network lifetime due to the roles of CH.
Early preliminary motivation and design for this work were published in [8]. In this paper, we revise the design, provide full implementation, and compare results with related work.

The Proposed WSN Architecture
In order to ensure the security services, we divide the sensor network into many clusters and assume the existence of three types of nodes ( Figure 1 illustrates the proposed architecture): (1) sensing nodes; (2) cluster heads (CH) (one or more); (3) base stations (BS) (One or more). Table 1 includes the tasks of WSNs components.

Proposed Protocols
The proposed protocols are designed to ensure authentication, confidentiality, balancing the energy cost, nonrepudiation, scalability, and integrity in WSNS. This is done by proposing two protocols, Light Public Key Infrastructure L-PKI protocol and Secure and Energy-efficient Cluster based Multipath Routing SECMRP.
International Journal of Distributed Sensor Networks 3

Member Explanation
Base station (i) Collects and processes information from CH.
(ii) Assigns identifier ID to both CHs and ordinary nodes.
(iii) Determines the CH of each node in the network by assigning the CH's ID and public key to each node, so each node knows its cluster, and each cluster knows its nodes. CA roles (i) Issues and delivers the digital certificate of both CHs and ordinary nodes "offline. " (ii) Signs the digital certificate "offline. " CH RA roles Binds the digital certificates and ID of both CHs and ordinary nodes. Other roles (i) Ensures the security of proposed WSNs via (a) using its public key for authentication operation of each node and its neighbors (in all nodes that belong to the same cluster), (b) validating the certification of node if the node belongs to other cluster via cross-authentication. (ii) Aggregates the sensed information.
(iii) Sends the sensed information to the BS. (iv) Acts as a gateway between the sensed region and the BS.

Ordinary nodes
Sense or monitor (according to the application requirement) information and send it to the BS via secure disjoint multipath through the CHs. 13 19 Sensor node 17 Base station Cluster header The proposed protocols (L-PKI and SECMRP) prevent from several types of attacks, internal, passive, and impersonation (spoofing) attacks. Also, modification of protocol messages and routing table overflow attacks are addressed in the proposed protocols.

L-PKI Protocol
L-PKI proposes a lightweight implementation of PKI, suitable for WSNs. L-PKI proposes a protocol that utilizes public key cryptography only in authentication and in generating a session key between the cluster head (CH) and each sensor node in the cluster. L-PKI sets up secured links between each node and its neighbors, each node and its CH, and each CH and the BS. These secured links are used to transmit data to the BS via CHs.
For L-PKI, we assume the following: (1) CHs have more computational and energy power compared to other sensor nodes, which allow them to work as a limited Certification Authority (CA) and Registration Authority (RA); (2) the BS and CHs are trusted entities; (3) each sensor node has the capability to use symmetric encryption and Elliptic Curve Cryptography (ECC) operations (hardware or software).
It is established that ECC is a relatively efficient public key crypto, relevant to RSA and other popular algorithms, thus it is suitable for WSNs [4-6, 16, 17]. L-PKI utilizes ECC with keys of 160 bits [18]. There are many symbols used in this protocol. To simplify the description of the L-PKI protocol, Table 2 explains the meaning of the symbols used in the protocol description. L-PKI is composed of two phases as follows: (1) initial authentication and Key establishment phase, which contains (a) predeployment step, (b) authentication and key establishment step, (2) addition of new node phase.

Predeployment
Step. In order to increase the live time of the WSNs, L-PKI moves most of the load of the PKI operations to the CHs. According to the proposed protocol, the CHs will work as a lightweight PKI. Predeployment step includes the following: (1) each CH and node generate its private and public keys (CHK pub , CHK prv ), (NK pub , NK prv ); (2) BS generates a unique identifier, CH-ID (  The signature of CH (N can be any letter according to the name of node) 320 bits N sig The signature of node (N can be any letter according to the name of node) 320 bits SH XYK AES shared key between neighbors node (X and Y can be any letter according to the name of nodes) 128 bits NBR LIST List contains all neighbors of each node (3) BS generates a unique ID (N-ID) (8 bits) to each sensor node in the network; (4) each CH delivers its public key to BS, as illustrated in Figure 2(a); (5) each node delivers its public key to its CH. As illustrated in Figure 2(b); (6) BS issues digital certificates for each CH (CH cer) and signs it; (7) BS delivers the digital certificates to each corresponding CH; (8) CHs issue digital certificates for each sensor nodes (N cer) and sign it. Figure 3(a) illustrates this step; (9) CHs deliver the digital certificates to each corresponding node. Figure 3(b) illustrates this step.
We recommend using Elliptic Curve Digital Signature Algorithm (ECDSA-160) as a signature algorithm [16,18], so that the size of the signature will be 320 bits, because we use ECC-160. Figure 4 illustrates thesignature operation.
After applying the predeployment step, each node has its own digital certificate N cer, public key NK pub , and private key NK prv and also knows the public key (CHK pub ) and the CH-ID of its CH.

Authentication and Key Establishment
Step. At this step, each node in the same cluster must authenticate each other. Figure 5 illustrates the authenticate operation. After the authentication step, each node will trust its neighbor. After the predeployment step, each node will have its own digital certificate N cer, public key NK pub , private key NK prv , the public key (CHK pub ) of its CH, and the CH-ID of its CH. Each node must do the following steps in order to authenticate with its neighbors: (1) node "A" sends its digital certificate A cer to its neighbor "B"; (2) node B receives the certificate of node A "A cer" and verifies it by using the public key of its CH CHK pub as follows: (i) Size of message = 192 bits "A cer" = 192 bits; International Journal of Distributed Sensor Networks (3) at node B, if A cer is valid, node B creates and encrypts a session key SH ABK. This key is encrypted by using the public key of node A "AK pub " as follows: (i) L-PKI uses AES-128, and thus the key size is 128 bits; (ii) size of message = key 128 bits "SH ABK" + 192 bits "A cer" + 128 bits MAC = 448 bits. Figure 5 illustrates the authentication operation; (4) node B sends its digital certificate B cer with its session key "SH ABK" and MAC; (5) node A receives the certificate of node B "B cer" and verifies it by using the public key of the CH CH Kpub ; (6) if B cer is valid, node A decrypts SH ABK by using its private key AK prv ;

Adding New Node Phase.
In case of a new node joining the network, it must be prepared by the BS and CH; that is, it must follow the predeployment step and authentication and key establishment step. At first, the new node has to create NK pub , NK prv and loads the public key of the CH. The BS must assign CH-ID and assign node identifier N-ID. Then, the node must communicate with its CH to prepare its certificate N cer and determine the cluster of the node. After this, the new node is deployed to the network. The location of the new node is not relevant here, because it can authenticate with any node even a node from another cluster. In the authentication step, if the node belongs to another cluster, the other node sends the node's certificate to the CH. Thus, the CH verifies the certificate by using the public key of the CH which the node belongs to. Figure 6 shows this situation. After the authentication, the new node can establish a new session key.

SECMRP Protocol
SECMRP enhances the security issue of SEEM [14] and at the same time uses disjointed paths to send data to the CH. In SEEM, the BS works as a server, which floods the query to the network, and the node which satisfies the query will send a request to the BS for a path. In SECMRP, each CH collects a neighbor table of each node in its cluster then creates and delivers two disjointed paths from CH to each node. SECMRP assumes that each node knows its neighbors, has a shared key with each neighbor and a shared key with its CH. This is done after applying L-PKI protocol. After L-PKI, each node has a unique ID N ID, a digital certificate N cer signed by its CH, list of all authenticated neighbors NBR LIST, public keys of CH CHK pub , and shared key with each  neighbor node SH XYK. Table 3 describes all symbols used in SECMRP. SECMRP has three phases secure route discovery, secure data transmission, and route maintenance. Secure route discovery phase is responsible for finding secure disjoint multipath or partially disjoint multipath between each node and its CH. Data transmission phase is responsible for transmitting the sensing data. At route maintenance phase, each CH updates available energy of each node, which is participating in the communication and according to the available energy on each node reselects a new path to the source node.
6.1. Secure Route Discovery. Secure route discovery phase starts by applying the L-PKI. Secure route discovery has three steps: NBR LIST requesting, NBR LIST sending, and NBR LIST receiving and paths creation steps. Each node receiving NBR SEN packet does the following: (1) checks if the node has received this NBR SEN by searching P SEQ NUM in the  The first step ensures that no NBR LIST packet is broadcasted more than one time for each node. The second step ensures the integrity and avoids replay attaches. Thus the communication overheads for transmitting and receiving packets are reduced. The following packets and Figure 8 show this operation (X is the current node, and A, B are its neighbors) as follows: The format "data type" of the NBR SEN packet is shown in Data Structure 1. Each node which has received the NBR SEN packet responds by sending a neighbor list (NBR LIST) packet to the CH.

NBR LIST Sending.
After each node has received the NBR SEN packet and completed all operations that belong to the NBR SEN packet, it becomes able to send the NBR LIST packet. Each node prepares the NBR LIST packet and sends it directly to the node, which has already sent the NBR SEN packet as follows: for all i where i is any node in the cluster, j is the node, which has sent the NBR SEN packet to the node i. Data Structure 2: NBR LIST packet data type.

Sensor node
Cluster header Each node has its neighbor list as a result from applying the L-PKI protocol. Each node receiving NBR LIST packet does the following (i is the previous node, and j is the current node): (1) check if node has received this NBR LIST by searching P SEQ NUM in the table received pkts; if the packet has been received once, then drop this packet; Otherwise store P SEQ NUM in received pkts table of the node; (2) compute the MAC value of i ID and P SEQ NUM by using the shared key SH ijK MAC (SH ijK, i ID | P SEQ NUM) and comparing it with the MAC value of the NBR LIST; if equal, it moves to the next step; otherwise drop the packet; (3) compute the MAC value of j ID and P SEQ NUM by using the shared key between the node and the node, which sends the NBR SEN packet; (4) send the NBR LIST packet to node, which sends the NBR SEN packet, until the packet reach the CH; (5) if the current node is the CH, then decrypt "E (CHK pub , SH iCHK)" by using its private key, check the integrity by computing the MAC of MAC (SH iCHK, P SEQ NUM | i ID | E (SH iCHK, i NBR)), and compare it with the MAC value of the NBR LIST packet. If the MAC values are equal, then CH decrypts neighbor information using the session key between the sender node and the CH; otherwise drop the packet. The format "data type" of the NBR LIST packet is illustrated in Data Structure 2.
The following packets and Figure 9 explain this operation:  packet. If the AMC values are equal, then CH decrypts neighbor information using the session key between the sender node and the CH; otherwise, drop the packet. After each CH has received neighbors' information and the state of power of all nodes on the cluster, each CH has a "vision" of the topology of the cluster nodes. Thus, CH is able to find secure disjoint multipath or partially disjoint multipath between each node and CH and select one of them according to specific algorithm.

Finding Secure Disjoint/Partially Disjoint Multipath.
According to neighbors information each CH constructs a weighted directed graph and finds the multipath from the CH to every source node. SECMRP finds disjoint/partially disjoint multipath and selects N of them according to the minimum hops or the maximum energy available for each node on the path. Figure 10 shows a weighted directed graph G (V, E) of one cluster in the proposed WSNs. The weight of an edge in the corresponding graph of the network represents the available energy on the source (head) node. Due to the high energy of the CH, its weight is infinite. We assume that all other edges have the same weights 5000 mJ (the power state, which was sent from each node) after the CH has received NBR LIST packets of all nodes.
As mentioned before, when the CHs receive the NBR LIST packets, they start to calculate the shortest path among the available multipath to each node. The shortest path has the minimum sum of energy consumed for transmission of the packet, which is the path with minimum hops or the path with maximum energy available for each node. SECMRP modifies the Breadth First Search (BFS) algorithm (MBFS), similar to [14], but SEEM selects one path while SECMRP selects two paths. The main points of MBFS algorithm are as follows (assuming we need to transmit data from node 4 to CH, as shown in Figure 11): (1) whenever it finds " = 2" shortest two paths to node number 4, the MBFS algorithm checks if the weight of each edge on the paths is greater than the predefined level (SECMRP uses five define levels of energy limitation, which is similar to SEEM [14]. Each level is twice of the lower level). If the weight of each edge on the path is greater than the predefined level MBFS returns these paths as the shortest paths. Otherwise go to next step; (2) if there is any node in the path, whose weight is less than the predefined level, MBFS does not select it and continues the searching until it finds the second shortest path. Thus, MBFS tries to balance the energy cost in the whole cluster; (3) if MBFS cannot find any shortest path under current level of the energy limitation, it means that each path has at least one node whose energy is less than current energy limitation; (4) thus MBFS algorithm uses the lower energy limitation and resumes the searching operation with the new level of energy limitation; (5) if MBFS algorithm cannot find any path under any level of the energy limitation, it means that node 4 is unreachable and the CH cannot get the data from this node.
Periodically, each node sends its power state to the CH, and CH performs the MFBS for all nodes in the cluster and selects the best two paths between each node and CH then sends them to the corresponding node. In the previous example, the energy limitation levels are 2500, 1250, 652, 312, and 156. We can realize that the path from source node to the CH goes through different nodes. Therefore, sometimes under specific energy limitation levels, we cannot find a path to specific node, but we can find multipath for other sensor nodes. Thus, each node must have its own energy limitation array. The maintaining and updating operations of this energy limitation array must be independent to each node. This ensures a high lifetime for the sensor network by balancing the energy cost.

Secure Data Transmission.
In the secure route discovery phase each CH is responsible for finding secure disjoint multipath or partially disjoint multipath between each node and its CH. Thus, each node becomes able to transmit its sensed data securely. After the secure route discovery phase and upon the application. CH must have sent the best ( = 2) energy efficient paths to each node. Now, nodes become able to send the sensed data to the CH. Secure data transmission phase has two steps: (1) in the first step, the sensor node encrypts and sends data to the CH; (2) the second step takes place at the CH; CH aggregates, compresses the received data, which can be from more than one node, and sends the aggregated data to the BS.
By applying the MBFS algorithm, the paths will be "4 → 2 → CH" and "4 → 1 → CH". According to the paths, the source node divides the data to N parts "in this example = 2", and makes the following two packets, and sends them to the nodes number 1 and 2. The data packets "DATA PACKET" have the following formats: To avoid several type of attacks and to balance the power conception in the network, SECMRP divides the data to two parts and sends them via two disjointed paths "4 → 2 → CH and 4 → 1 → CH. " As we can see in the first packet the 4 ID is the ID of the source node. SECMRP uses the MAC (SH 41K, P SEQ NUM | 4 ID | Path) to insure the authentication between it and node number 1 and to avoid several types of attacks. SECMRP ensures the confidentiality by encrypting the DATA PART1 by using the shared key of node 1 and CH E (SH ACHK, DATA PART1). To insure the integrity between the source node 1 and the destination "CH, " SECMRP uses the MAC function and using the shared key of source node and the CH (MAC (SH ACHK, | P SEQ NUM | 4 ID | E (SH ACHK, DATA PART1))).
The following section explains the operation of one packet, and the other packet has the same operation. Each intermediate node, which receives the DATA PACKET packet, does the following things: (1) checks if it has received this DATA PACKET by searching P SEQ NUM in the received pkts table; if the packet has been received once, then drop this packet. Otherwise store P SEQ NUM in received pkts table and move to next step; (2) computes the MAC value of 4 ID, P SEQ NUM, and Path by using the shared key SH 41K MAC (SH 41K, 4 ID | P SEQ NUM | Path) and compares it with the MAC value of the DATA PACKET packet. If they are equal, it moves to next step; (3) computes the MAC value 4 ID, P SEQ NUM. In the first step, the source sensor node sends the data packet to the CH via the secure path that CH has sent to the source node.
Let us take the example of Figure 11. The initial multipath from the source node 4 to CH is illustrated in Table 4. Assume that the number of paths, which is needed to send data is two P = 2 and the levels of energy limitation are 2500, 1250, 652, 312, and 156. And Path MAC (SH 1CHK, 4 ID | P SEQ NUM | Path) by using the shared key between it and next node in the path "i", in this example CH "SH 1CHK". And add it to the DATA PACKET packet. The following packet explains this step: (4) sends the new DATA PACKET packet to the next node "next hop" in the path; (5) at the CH, CH performs step 2, 3 and checks the integrity by comparing the MAC values MAC (SH 4CHK, P SEQ NUM | 4 ID | E (SH 4CHK, DATA PART1)), and decrypts E (SH 4CHK, DATA PART1) using the shared key between source node and CH D (SH 4CHK, E (SH 4CHK, DATA PART1/2)). After the decryption operation, CH sends an acknowledgement (ACK) to the source node. The format "data type" of the DATA PACKET packet is illustrated in Data Structure 3.
The second step starts after the data becomes available at the CH. CH becomes able to aggregate and compress the received data, which can consist of more than one node. After aggregation and compression operations, the CH encrypts the aggregated data and sends it to BS. The following packet illustrates the aggregated data packet: From the DATA PACKET packet, we can realize that the communication is between the CH and the BS. In this step, SECMRP ensures the authentication and integrity between the CH and BS using MAC and ensure confidentiality by encrypting the DATA PACKETE (SH CHBSK, DATA) using the shared key between CH and the BS.

Route Maintenance.
In SECMRP, each CH has a vision of the topology of its members, and knows the available energy of each node. All this information allows the CH to become able to maintain the route as needed. As discussed, each CH constructs a weighted directed graph and finds the multipath from the CH to every source node by using the MBFS algorithm. The initial information of the power state of each node has been received with the NBR LIST packet. In the route maintenance phase, each node sends periodically the state of its power to the CH, so each CH can get updated information of power state of each node on the cluster.
SECMRP can maintenance the route by decreasing the weight when the source node sends or receives packets. If the available energy of the node reaches to the energy limitation level, then it uses another path. It means that if one node on the shortest path has energy less than the specific level, then the MBFS discards this path and continues searching for the second shortest path.

Experimentation
To validate our proposed protocols, we used OMNeT++4.1 as a simulator, C++ as a programming language, and Crypto++ 5.6.1 as a library for cryptographic algorithms. OMNeT++ provides an integrated development environment based on the eclipse platform and C++ simulation library and framework [20]. OMNeT++ is used for simulating wired and wireless communication networks. Crypto++ 5.6.1 is a C++ library for cryptographic algorithms which implements ECC, AES-128, ECDSA-160 [16,18,21], and the other crypto functions needed by the protocols.

L-PKI Experimentation Results
. L-PKI is tested in two different scenarios: the first one was with 10 sensor nodes, two CHs and one BS, and the second scenario was with 5 sensor nodes, one CHs and one BS. In both scenarios, nodes are connected with a channel that has a data rate of 250 Kbps and 100 Mbps for CHs and base stations. Figure 12 illustrates the experimental work of L-PKI protocol.
Energy Cost in L-PKI. We can estimate the energy cost of any key management scheme by calculating the energy required for the execution of cryptographic operation and the energy needed for transmitting the required data. There are many studies, which concentrate on computing the energy cost in WSNs [4,6,16,19]. Each study uses different models. To analyze the energy cost of L-PKI, we can compute the energy    Table 5 shows the power which MICAz, TelosB, and MICA2DOT needs for computation and transmission operations [16,19]. Table 6 illustrates the cost of each computation operation. In Table 6, MICAz running at 7.37 MHz and TelosB at 4 MHz for application data rates, respectively 108 kbps and 75 kbps [19]. Also Table 5 shows the equivalence number of cycles of computation, which is indicated in parenthesis for each operation.
We are going to use the MICAz and TelosB [19] models to calculate the required power. According to [19], the transmission of a single bit of data requires 0.60 J and 0.67 J for reception. We can calculate the energy cost of L-PKI by calculating the energy required for the execution of cryptographic operation and the energy needed for transmitting the required data. We can conclude the energy consumption of L-PKI for each node in Table 7.

SECMRP Experimentation
Results. SECMRP is tested in two different scenarios. The first one was with 10 sensor nodes, two CHs and one BS. The second scenario was with 5 sensor nodes, one CHs and one BS. In both scenarios, nodes are connected with a channel that has a data rate of 250 Kbps and 100 Mbps for CHs and base stations. In the rest of this section, we are going to concentrate on the first scenario.
Energy Cost in SECMRP. We calculated the energy cost of SECMRP by calculating the energy required for the execution of cryptographic operations and the energy needed for transmitting the required data. SECMRP has three phases secure route discovery, secure data transmission, and route maintenance. We are going to calculate the energy cost of each phase in SECMRP. We can conclude the energy consumption of SECMRP for each node in Table 8.
As we can see from Table 8, secure data transmission phase requires just 845.54 J in MICAz and 908.28 J in TelosB.

Discussion and Analysis
8.1. Protocol Security. The proposed protocols provide several security services, including mutual node authentications, confidentiality, and integrity for sensitive data, while balancing energy cost and performance. The proposed protocols prevent several attacks, such as passive attacks by dividing the sensed data into two parts and encrypting these parts. The protocols utilize multipath to make it difficult for the attacker to capture the whole data. The protocols protect against impersonation or spoofing attacks by invoking mutual authentication using certificates. Modification of protocol messages attacks can be avoided by authentication using nodes' certificates and integrity using MAC. The proposed Table 9: L-PKI, TinyPK, and PKI comparison based on security services.

Authentication Confidentiality Nonrepudiation Scalability
method clusters the network and uses the certifications to avoided routing table overflow attacks. Replay attacks can be avoided in the proposed method using timestamp and checking the integrity.

Comparison with Related Works.
Our proposed L-PKI protocol provides enhancments over other related work, like TinyPK and PKI. In PKI, the BS plays the main role in creating the session keys between each pair of nodes. As a result, a lot of traffic is created. In addition, a somewhat weak authentication exists between nodes in the network (as discussed in the Section 2). Table 9 provides a comparison between L-PKI, TinyPK, and PKI, based on security services. Our proposed SECMRP protocol enhances several security issues over other route discovery protocols like SEEM and INSENS. SECMRP uses the concept of multipath and clustering to deal with security and efficiency. SECMRP enhances the security issue of SEEM and at the same time uses two disjointed path to send sensed data to the CH. In SEEM, BS works as a server, which floods the query to the network and the node which satisfies the query will send a request to BS for a path, but CH in SECMRP periodically sends two paths to each node. Table 10 provides a comparison between SECMRP, SEEM, and INSENS based on security services.

Conclusion and Future Work
Our work improves existing related work by integrating a lightweight PKI with a secure data transmission service via multipath in an efficient manner in terms of resource and power consumption. The proposed protocols enhance the security of WSN by providing mutual authentication between neighbor nodes and sending the data via multipath. We have provided extensive simulation and evaluation for the proposed protocols and contrasted them with related work. The results are encouraging.
In future work, we plan to enhance the MBFS algorithm to optimize power efficiency as much as possible. We also plan to actually deploy the proposed algorithms on actual sensors in a typical WSN environment.