*3.2.5 Point-to-point security solution*

Point-to-point security solution involves secure routing between every two nodes along the multi-hop path. To show the design and efficacy of point-to-point solution, we fully describe a typical point to point security solution for multi-hop based WSNs proposed in [9]. Olakanmi and Dada [9] proposed an effective pointto-point security scheme that engages point-to-point (PoP) mutual authentication scheme, perturbation, and pseudonym to overcome security and privacy issues in WSNs. To reduce computational cost and energy consumption, they used elliptic curve cryptography, hash function, and exclusive OR operations to evolve an efficient security solution for a decentralized WSNs. The network model, as shown in **Figure 3**, consists of base station (BS), immediate node (IN), source node (SN) or (sn), and destination node (DS) or (ds). The SNs and DSs are capable of multi-hop transmission; therefore any SN can become DS and vice versa.

The PoP security scheme consists of the following phases: registration and key management, secure data exchange, perturbs generation, signature and obfuscation, authentication, and verification and decryption phases.

### *3.2.5.1 Registration and key management phase*

The serial number ψ of each node is sent to BS. BS then generates unique pseudonym and network-node identity as follows:

i. BS randomly generates *s*, *ρ*∈ *Z* <sup>∗</sup> *<sup>q</sup>* ∗ , as its master secret key pair, and computes and distributes its public parameter *φ* = (*ρ* + *μ*)*P mod q*, where *P* is the generator of elliptic curve *Eq* and *q* is the order of *E*.

ii. Each node *i* randomly selects a unique *ri* ∈*Z* <sup>∗</sup> *<sup>q</sup>* , computes its two-way distribution parameter *β<sup>i</sup>* as *β<sup>i</sup>* = (*ri* + *μ*)*P mod q*, and broadcasts its *β<sup>i</sup>* to other nodes in the network.

a. Both the SN and destination nodes compute the source-destination shared

i. SN and destination nodes uniquely generate κ<sup>1</sup> and κ2, respectively. ii. SN extracts the two-way distribution parameter of destination node

b. Sign its data M using its source-destination shared session key ϕsn ! ds as

the pseudonyms of the source and destination nodes, respectively.

d. SN then performs PoP authentication with its IN, as described in the next

After the signature and perturbation phase, the source node initiates the PoP

*<sup>q</sup>* and ε ∈ *Z* <sup>∗</sup>

computes its PoP authentication parameter as *nsn* = (*υ* + *μ*)*P mod q*, while IN computes its own as *nin* = (*ε* + *μ*)*P mod q* and sends it to SN, who then computes its PoP session authentication key *φsn* ! *in* as *φsn* ! *in* = *υ.nin*.

iii. SN then encrypts the concatenated authentication token ω, pseudonym of source, pseudonym of IN, and time stamp as *Eφsn* ! *in* (*ω*||*Fsn*||*Fin*||*ts*), concatenates it with nsn as *Eφsn* ! *in*(*ω*||*Fsn*||*Fin*||*ts*))||*nsn*, and sends it to its IN.

iv. On the receipt of *Eφsn* ! *in*(*ω* ||*Fsn*||*Fin*||*ts*)||*nsn*, IN extracts *nsn* then computes its *φ in*!*sn* = ε.n*sn*. It decrypts the received *Eφsn* ! *in*(*ω*||*Fsn*||*Fin*||*ts*) using its *φsn* ! *in* to extract ω and ts. It, thereafter, re-encrypts the extracted ω and *ts*, using *φin* ! *sn*, and sends it back to the SN. The SN decrypts it using its *φsn* ! *in* and verifies it by comparing the ω and ts with their original values. If equal, SN hops its encrypted data packet σσ. The IN then becomes temporary SN and repeats this phase with its selected IN until the packet

Destination node extracts and authenticates the received data M by following

*βsn* and computes destination of the used perturb *P*.

i. Destination node extracts the two-way distribution parameter of SN and

*<sup>q</sup>* , respectively. SN

i. SN generates an authentication token *ω* and time stamp *ts*.

c. SN finally generates its message packet as *σ* = *δ*||*Pp*||*Fi*||*Fj*||*n*, and encrypts it as *σσ* = *σ* ⊕ *ϕsn* ! *ds* to further ensure second-tier data confidentiality and integrity of the message and communication information, where *Fi* and *Fj* are

session key *ϕsn* ! *ds* as follows:

*DOI: http://dx.doi.org/10.5772/intechopen.84989*

βds to compute *ϕsn* ! *ds* as *ϕsn* ! *ds* = *κ1βds*.

*Wireless Sensor Networks (WSNs): Security and Privacy Issues and Solutions*

*δ = H ϕsn* ! *ds* (*M*), perturbs M as *Pp* = *M* + *λn*.

section, before hopping *Pp* to the IN.

ii. SN and IN randomly generate υ ∈ *Z* <sup>∗</sup>

gets to the destination node.t

*3.2.5.6 Verification and decryption*

this procedure:

**25**

*3.2.5.5 Authentication phase*

authentication with the IN as follows:

