**2. Related works**

In this setting, the adversary may have different goals. Reactive adversary is the adversary who starts compromising sensors after he identifies the target. More exactly, such an adversary is inactive until it gets a signal that certain data must be erased, then it wakes up and starts compromising up to *l* sensors per round unlike the proactive adversary who can compromise sensors before identifying the target i.e. he essentially starts compromising sensors at round 1, *before* receiving any information about the target sensor and the target data collection round. He would choose and compromise different sensors in a geographic area even before such signal is received. This powerful adversary who usually referred to as mobile adversary can even roam around the network and change from one set of compromised nodes to another, making such attacks more difficult to delete and prevent.

Di Pietro et al. in [1] investigated the data survival for the first time. They proposed a straight-forward non-cryptographic technique to hide the sensed data from the adversary. In [1], the adversary was actively hunting data and was not afraid to delete/erase any data he found. They claimed that they could achieve surprising degree of data survival with respect to the time between successive sink visits but they considered small number of compromised sensors including k=2, 3, 5, 10 which make it non-realistic. So when *l* increases, the benefits of replication attack are magnified. Observing that the simple technique has certain basic limitations, they proposed a more advanced approach based on standard cryptographic tools. They discussed the effects of encryption and claimed that regardless of the encryption type, the adversary has equally diminished capacity to detect and erase target data as it inspects the memory of compromised nodes.

To defend reactive adversary, many papers have been proposed encryption based schemes. Encryption can be employed to hide the collected information as well as the identity of the sensors that collect it. If the key of compromised node is not available, the reactive adversary is unable to distinguish the specific piece of collected data but proactive adversary can restore the keys of the other earlier compromised nodes to memorize encrypted data. These keys help adversary to encrypt some forged data and place them with the target data. Therefore encryption is not enough to defend proactive adversary.

Mateus et al. in [2] evaluated proposed cryptographic based schemes on a real sensor platform. They measured some basic operation usage and presented results for encryption, super-encryption and key evolution which are feasible for protecting UWSNs against mobile adversary. Encryption is the central tool in the design of any symmetric scheme and is usually implemented by means of a block-cipher. Therefore, it becomes necessary to choose a suitable block-cipher for the development of secure and efficient schemes for super encryption.

Finally they calculated that if super-encryption is applied many rounds by different nodes, an adversary would have to make a great effort in order to find and destroy the targeted data. However the number of rounds and the payload size in super-encryption have significant impact over the performance of this technique. These disadvantages presented in figure 1 and table 1 in terms of time and energy consumption.

214 Real-Time Systems, Architecture, Scheduling, and Application

In this setting, the adversary may have different goals. Reactive adversary is the adversary who starts compromising sensors after he identifies the target. More exactly, such an adversary is inactive until it gets a signal that certain data must be erased, then it wakes up and starts compromising up to *l* sensors per round unlike the proactive adversary who can compromise sensors before identifying the target i.e. he essentially starts compromising sensors at round 1, *before* receiving any information about the target sensor and the target data collection round. He would choose and compromise different sensors in a geographic area even before such signal is received. This powerful adversary who usually referred to as mobile adversary can even roam around the network and change from one set of compromised nodes to another, making such attacks more difficult

Di Pietro et al. in [1] investigated the data survival for the first time. They proposed a straight-forward non-cryptographic technique to hide the sensed data from the adversary. In [1], the adversary was actively hunting data and was not afraid to delete/erase any data he found. They claimed that they could achieve surprising degree of data survival with respect to the time between successive sink visits but they considered small number of compromised sensors including k=2, 3, 5, 10 which make it non-realistic. So when *l* increases, the benefits of replication attack are magnified. Observing that the simple technique has certain basic limitations, they proposed a more advanced approach based on standard cryptographic tools. They discussed the effects of encryption and claimed that regardless of the encryption type, the adversary has equally diminished capacity to detect

To defend reactive adversary, many papers have been proposed encryption based schemes. Encryption can be employed to hide the collected information as well as the identity of the sensors that collect it. If the key of compromised node is not available, the reactive adversary is unable to distinguish the specific piece of collected data but proactive adversary can restore the keys of the other earlier compromised nodes to memorize encrypted data. These keys help adversary to encrypt some forged data and place them with the target data. Therefore encryption is not enough to defend proactive

Mateus et al. in [2] evaluated proposed cryptographic based schemes on a real sensor platform. They measured some basic operation usage and presented results for encryption, super-encryption and key evolution which are feasible for protecting UWSNs against mobile adversary. Encryption is the central tool in the design of any symmetric scheme and is usually implemented by means of a block-cipher. Therefore, it becomes necessary to choose a suitable block-cipher for the development of secure and efficient schemes for super

Finally they calculated that if super-encryption is applied many rounds by different nodes, an adversary would have to make a great effort in order to find and destroy the targeted data. However the number of rounds and the payload size in super-encryption have significant impact over the performance of this technique. These disadvantages presented in

and erase target data as it inspects the memory of compromised nodes.

figure 1 and table 1 in terms of time and energy consumption.

**2. Related works** 

to delete and prevent.

adversary.

encryption.

Fig. 1. Time costs for super-encryption (100 executions)


Table 1. Super-encryption energy consumption (100 executions)

[2] In order to implement and evaluate some key operations for re-encryption process, the code of the MIRACL library [3] is adapted. They measure inversion and exponentiation operations through the polynomial arithmetic which depend on the field chosen. The algorithm used for inversion is a polynomial version of the Extended Euclidian algorithm from Lim and Hwang [4]. They have chosen a general algorithm for exponentiation. Although the symmetric algorithms are not expensive, the re-encryption strategy is still the main alternative against proactive adversaries. Moreover, according to [2], the Elliptic Curve Cryptography (ECC) schemes show an important drawback of the re-encryption solutions,since the exponentiation is not as suitable as polynomial operations. Hence Public Key Cryptography (PKC) should be considered.
