A novel watermarking scheme for authenticating individual data integrity of WSNs

Abstract

The limited computing power of sensor nodes in wireless sensor networks (WSNs) and data tampering during wireless transmission are two important issues. In this paper, we propose a scheme for independent individual authentication of WSNs data based on digital watermarking technology. Digital watermarking suits well for WSNs, owing to its lower computational cost. The proposed scheme uses independent individual to generate a digital watermark and embeds the watermark in current data item. Moreover, a sink node extracts the watermark in single data and compares it with the generated watermark, thereby achieving integrity verification of data. Inherently, individual validation differs from the grouping-level validation, and avoids the lack of grouping robustness. The improved performance of individual integrity verification based on proposed scheme is validated through experimental analysis. Lastly, compared to other state-of-the-art schemes, our proposed scheme significantly reduces the false negative rate by an average of 5%, the false positive rate by an average of 80% of data verification, and increases the correct verification rate by 50% on average.

1. Introduction

Currently, wireless sensor networks (WSNs) [1-5] have been widely used in the era of big data. Analyzing the various data collected in life can not only provide effective information but also help people improve their living standards. For example, when analyzing medical conditions [6], the data collected through the Internet can help doctors discover and resolve patients' diseases. In daily life, the smart home system [7] monitors the living conditions by analyzing the data collected by special sensors deployed in home appliances or living environments. In different applications, the security of the data stream is very important. Several methods have been proposed for protecting data.

For instance, Verma et al. [8] designed a unique type of encryption scheme, which implements privacy homomorphic encryption and end-to-end data protection. In work [9], the aggregate over multi-hop homomorphic encrypted data scheme is proposed. This scheme's principal goal is to ensure that each sensor data is aggregated within the WSN in a secure fashion, while fully preserving its privacy and integrity. Different from the traditional encryption fusion mechanism [10-13], the privacy scheme of wireless sensor network integrity verification based on homomorphic encryption has been studied. These protocols implement end-to-end security checks to ensure that data is not perceived during transmission. For wireless sensor networks, whether it is a conventional encryption algorithm or a data hiding security algorithm, communication capacity and computational overhead are inevitable. The application of cryptographic operations to computationally limited wireless sensors remains a challenge. Current research on low power devices [14] has done a lot of work including reducing energy consumption. It is well known that digital watermarking technology [15-16] is characterized by security, concealment and robustness. Some literature proposes simple and secure authentication schemes for data streams based on digital watermarking technology.

Digital watermarking based data integrity authentication of WSNs is mainly performed by data grouping. Likewise, Guo et al. [17] provided a chained group authentication scheme, which uses synchronization points to group data and achieves data integrity authentication. Hameed et al. [18] introduced a zero-watermark strategy, which is lightweight and robust against multiple types of data attacks compared with other schemes. Although grouping reduces the computational overhead of the sensor during the watermark calculation process, if one data in a group is abnormal, the data of the entire group will fail to be verified. In addition, if the flag of the group is tampered with, then at least two adjacent groups of data will be considered as tampered with. Therefore, data integrity authentication for wireless sensor networks requires a new solution to solve these problems.

The study of individual authentication of wireless sensor network data based on digital watermarking can solve the problems such as poor grouping robustness and high false positive during verification in grouping schemes. Recently, many attempts in literature have further studied the concept of individual authentication. For example, Zhang et al. [19] used a position random watermark to complete the data integrity authentication, which guarantees zero data interference at a reasonable cost. In addition, Hoang et al. [20] proposed a lightweight hybrid security scheme based on watermarking technology to protect perception data and defend nodes from cloning attacks. In the scheme [21], the signal is embedded into digital watermarking technique to uniquely represent the signal to identify the category of the vehicle. Chen et al. [22] proposed a WSN watermarking cryptosystem that provides lightweight data compression through zero-cost encryption. This scheme reduces the complexity of sensor node design and saves transmission power. Since no grouping is involved, the key advantage linked to individual integrity certification is free from the vulnerability of group tags to potential attacks. Even so, efficiency improvement for individual certification is a challenging task and serves as a bottleneck problem to be solved.

Data integrity authentication [23-25] is a network security requirement that cannot be ignored. Identity verification is a key technology for security measures. However, due to the limitations of memory, computing, and energy consumption, further research on the integrity of sensor data is particularly important. Hence, to overcome the current gap for the extra overhead of the grouping scheme and the high false positive rate of the individual verification scheme, a novel watermarking scheme for authenticating the individual data integrity of WSNs is proposed in this paper, where the integrity verification of each data item is carried out independently. The system model of the proposed algorithm is shown in Fig. 1, which is primarily composed of sensor nodes and a sink node. Initially, the Hash operation is conducted on a data item, and the obtained result is segmented. Next, each segment is folded into 1 bit, respectively, and the generated bit string is divided into two parts. Subsequently, two decimal numbers are calculated. The utilized embedding method replaces the lowest fractional parts of the data item with two generated decimal numbers, respectively. Finally, the order of fractional parts is randomly scrambled.

Fig. 1. Diagram of proposed scheme.

Experimental results show that the proposed scheme is better than previous work in terms of data integrity authentication. The proposed method can be well applied to the wireless sensor network, and the data obtained by the user after transmission through the network can be real and effective. In order to retain more useful data, we perform individual authentication on the data to be transmitted.

The main contributions of this paper can be summarized as follows:

(1) The proposed method avoids the correlation between data, which makes the false positive rate equal to zero and greatly reduces the false negative rate in the verification process. Therefore, the ability to identify tampered data has been significantly improved.

(2) A novel watermarking scheme for authenticating individual data integrity of WSNs is proposed. In addition, compared with the grouping scheme, the proposed scheme improves the robustness of data integrity verification and reduces the computational overhead and storage capacity.

The rest of the paper is organized as follows: Section 2 thoroughly illustrates the proposed algorithm and theory analysis. In Section 3, the experimental results are presented and compared with other reported schemes. Lastly, the work is concluded in Section 4.

2. Related work

In this section, a comprehensive review to the previous related watermarking schemes in WSN is given. At the same time, the related work of different attacks on watermarking schemes in WSN is introduced.

2.1Attacks of WSNs

When sensors are exposed to external areas, they are often subject to malicious attacks. At the WSN network layer, the main attack methods are discarding, tampering and selective forwarding. Data tampering includes modifying data, deleting data, and adding data. Selective forwarding attacks result in some data packets not being sent to the base station, which destroys the integrity of the data. When data is intentionally modified during transmission to the receiving node, the results of data analysis can deviate from authenticity. When important data is deleted, it also affects the analysis of the problem. In addition, if data is deliberately inserted into the data stream, the extra data affects the analysis at the receiving end. Data integrity certification ensures that no changes have been made during data transfer. By verifying the watermark information, the authenticity of the data packet can be easily found. During group authentication, if the data of a certain group is tampered with, the data of this group will be discarded. For individual authentication, when a data item is tampered with, only the current data is discarded.

2.2 Previous WSNs Watermarking Schemes

Jiang et al. [26] processed the data stream through chaotic sequences and introduced homomorphic encryption to prevent valid data from being intercepted. Shi [27] generated watermarks by randomly selecting the data in queue. Due to existence of correlation among the data, the reported scheme greatly reduced false negative r ate but elevated the false positive rate, simultaneously. To improve further, Xiao et al. [28] first divided the data stream into arrays of length N and converts the arrays into character arrays. Then they multiplied the N×N matrix B and the groupings to select the data items for computing the watermark. Next, the hexadecimal number generated by the hash function is converted into a binary number. 128 bits are folded into 1 bit number by XOR operation for a total of n bits. Finally, n bits are embedded into n data items in the packet, respectively. If the watermark value is 1, a space is added after the data character, and if the watermark is 0, it is not added. When extracting a watermark, the watermark is extracted according to whether there is a space at the end of the character data. Xiao et al. [28] refined Shi’s [27] method and reduced the overall error rate of data tampering detection. Although Xiao [28] embeds watermark on individual data to verify data integrity and improve the performance of the scheme, generating watermark by grouping increases memory consumption. In scheme Shi [29], sensor nodes first group data, and two adjacent data groups form a non-overlapping authentication group. The watermark bits are calculated from the first data group through the hash function, and the watermark is embedded in the second data group by the prediction error expansion technique. On the other hand, the receiver verifies the calculated and extracted watermark bits after synchronizing the data group, and finally restores the original data. However, if the group flag is corrupted then both groups of data will be authenticated incorrectly. Next, we will detail the specific steps of two related work, which are grouping scheme and individual work namely Jiang et al.’s method [26] and Shi’s method [27], respectively.

2.2.1 Jiang et al.’ method [26]

A. Watermark generating and embedding

All nodes are clustered according to LEACH protocol, then the sensor data N is divided into n₁ and n₂ at the sensor node. Next, the watermark w is embedded into n₁ and n₂ using differential expansion technology:

h = n₁ - n₂       (1)

h' = 2h + w       (2)

At the same time, the original data is homomorphically encrypted based on the elliptic curve at the sensor node. If n₁, n₂∈Q and k∈K, K is the key space. Then the additive homomorphic operation and multiplication homomorphic operation are respectively:

EK(n₁ + n₂) = EK(n₁) ⊕ EK(n₂)       (3)

EK(n₁ x n₂) = EK(n₁) ⊗ EK(n₂)       (4)

where ⊕, ⊗ represent some kind of operation. Encryption technology can provide end-to-end data privacy protection.

Then, the watermark data and encrypted data are sent to the cluster head. The cluster head merges the received encrypted data to obtain aggregated ciphertext C, then arranges the received watermark data in a matrix manner. Finally, the aggregated ciphertext and watermark data are sent to the base station.

B. Data integrity authentication

The base station first decrypts the encrypted data, and then restores it to the original data through reverse mapping. In addition, the mapping table of cluster ID and node ID is searched in the base station to obtain the embedded watermark data. Next, the data is fragmented into n′₁ and n′₂, and the difference h′ of the fragmented data is calculated. Finally, the node ID is determined and extracts the watermark data w′ :

w' = h′ mod 2       (5)

The base station calculates the chaotic sequence to obtain the embedded watermark W and compares it with the extracted w′ to verify the integrity of the data.

2.2.2 Shi et al.’ method [27]

A. Watermark generating and embedding

For the sender's data element d_i, its copy c_i is first added to the queue buffer of length N. Then data is selected from the queue with probability p, which is used as the hash candidate set C. Next, calculate the hash value H of C and convert it to binary. H is folded into one watermark bit w by XOR operation:

w = b₁ ⊕ b₂ ⊕ ⋯ ⊕ b_i       (6)

Finally, each data element carrying watermark information is transmitted to the receiving end.

B. Watermark extraction and comparison

When the receiving end processes watermarked data d′, it is first stored in the queue as the sending end. At the same time, the length of the queue is the same as that of the sender. Next, the candidate data is selected from the queue to participate in the hash calculation. H′ calculated by Hash is also folded into one watermark bit w₁. Then, w₂ is taken from the LSB of the data and compared with the calculated w₁. If the calculated w₁ is equal to the extracted w₂, the data has not been tampered with during transmission.

Next, we briefly compare the main techniques of several previous WSN-based watermarking schemes. Table 1 lists several main watermark-related operations in different schemes.

Table 1. Comparison of existing watermarking schemes

As can be observed from Table 1, most of the watermarking schemes use group to process data, in which the grouping flag is easily corrupted and the grouping consumes memory, which is not suitable for low consumption WSNs. To solve the problems and deficiencies in the above literature, we propose the integrity verification of individual data items based on watermarking.

3. Proposed algorithm

This section describes the details of generating digital watermarking from data. Each sensor data not only generate corresponding watermark information, but also serve as a carrier for embedding watermarking. Therefore, the information embedding method must satisfy security and small volume capacity. Taking into account the comparison of watermarks in the scheme, we have made a new design for the position of the embedded watermark in the data. The watermark at the receiving end does not involve data calculation, it is placed in the meaningless decimal place of the sensor data and then randomly scrambled. Fig. 2 shows the partial actual sensor data from Intel Berkeley Research Labs [30].

Fig. 2. Partial sensor data records of the experimental simulation.

3.1 Watermark generation and embedding

As depicted in Fig. 3, the sensor nodes collect N data records, which are denoted as S_i, S_i+1, ..., S_i+N-1. The array caches one record at a time. Each data record S_i collected by the sensor node includes the actual sensor data item d_i and time t_i, which arrives at the sink node through an insecure channel transmission.

Fig. 3. Watermark generation and embedding.

All relevant functions are listed in Table 2. First, we multiply sensor data item d_i by 100, which is then rounded down to an integer m. Later on, d_i is restricted to four decimals, either by zero padding or deleting fractional parts, where the third and fourth decimals are denoted as l₁ and l₂, respectively. In general, only first two fractional parts of d_i are considered meaningful. The watermark generation algorithm generates a 128-bits binary number M by Hash operation and m as shown in Eq. (7), and divides averagely M into six segments by Slice function (Eq. (8)). Correspondingly, the obtained six segments are folded to form six bits b₁, b₂, ......, b₆, as expressed in Eq. (9).

Table 2. The system functions

For example, considering d_i to be 19.7336, then m is 1973, and l₁, l₂ are 3 and 6, respectively.

M = Hash(m)       (7)

X_i=Slice(M)(i=1,2⋯6)       (8)

b_i=Folding(X_i)(i=1,2⋯6)       (9)

Finally, the six bits are divided into two equal segments (three bits each). The first three bits (b₁, b₂, b₃) and last three bits (b₄, b₅, b₆) are converted into decimal numbers B₁ and B₂, respectively, which are noted as watermark, as given in Eq. (10).

B_k = Dec[b(k² : 3k)](k =1,2)       (10)

The watermark embedding is implemented by replacing the lowest two fractional parts i.e., l₁ and l₂ are replaced with B₁ and B₂, respectively (Eq. (11)). Eventually, after embedding, the order of fractional parts of a data item is randomly scrambled as expressed in Eq. (12). The function of the RanScram(x) that the order of bit string x is randomly changed. Therefore, the position of watermark is changed randomly to prevent the watermark from being identified and attacked, intentionally. Moreover, the final generated data item is indicated as ir d′_ir.

d'_i = Replace(B₁,B₂,l₁,l₂,d_i)       (11)

d'_ir = RanScram(d'_i)       (12)

Since six bits are generated by folding during the watermark generation process, two decimal numbers (B₁ and B₂) generated by the segment are in a range 0⩽B₁, B₂⩾7. Furthermore, the detailed process of watermark generation and embedding is described in Algorithm 1.

Algorithm 1: Watermark generation and embedding

Input: data item d_i; data stream length N; decimals l₁, l₂.

Output: embedded watermarked packet d′_ir.

1: for i← 1 to N do

2: m←floor (d_i×100)

3: M←Hash (m)

4: X_j ←Slice(M) (j =1, 2…,6)

5: b←null

6: for j←1 to 6 do

7: b←Merge (b, Folding (X_j))

8: end for

9: B₁ ←Dec (b (1: length(b)/2))

10: B₂ ←Dec (b (length(b)/2+1: end))

11: d′_i←Replace (B₁, B₂, l₁, l₂, d_i)

12: d′_ir ←RanScram (d′_i)

13: end for

3.2 Watermark extraction and comparison

When the sink node receives data items d′′_ir, it first restores fractional parts of sensor data item to the original order by an inverse scrambling as shown Eq. (13). Progressively, a watermark is generated (using an identical method employed in sensor node watermark generation) and compared with extracted watermark. The process for extracting and comparing the watermark for data stream can be viewed in Fig. 4.

d"_i=RanScramInv(d"_ir)       (13)

Fig. 4. Watermark extraction and comparison.

Next, a detailed description is presented for this process. The currently collected data item is computed in a same way as described for sensor node, and two decimal numbers are obtained denoted as B′₁ and B′₂. Simultaneously, the lowest two fractional parts of this data item are extracted, labelled as l′₁ and l′₂. Afterwards, the generated and extracted watermarks are compared to check for any possible malicious tampering.

If non-watermarked part of the data item is tampered during transmission, the generated B′₁ and B′₂ will be different from original watermark. Similarly, tampering of watermarked part of data item results in a variation of extracted watermark information l′₁ and l′₂, compared with the original content. Hence, proposed scheme detects the data tampering in two ways described above. The comprehensive process of watermark extraction and comparison for the given data stream is described in Algorithm 2.

Algorithm 2: Watermark extraction and comparison

Input: data item d′′_ir ; data stream length N.

Output: watermark comparison result res.

1: d′′_i ←RanScramInv (d′′_ir)

2: for i← 1 to N do

3: m←floor (d′′_i ×100)

4: M←Hash (m)

5: X_j ←Slice (M) (j =1, 2…,6)

6: b'←null

7: for j←1 to 6 do

8: b'←Merge (b', Folding (X_j))

9: end for

10: B′₁ ←Dec (b' (1: length(b')/2))

11: B′₂ ←Dec (b'(length(b')/2+1: end))

12: l′₁ ←mod (floor ( d′′_i ×1000), 10)

13: l′₂ ←mod (floor ( d′′_i ×10000), 10))

14: if B′₁ == l′₁ && B′₂ == l′₂ then

15: res←0

16: else

17: res←1

18: end if

19: end for

3.3 False negative rate analysis

False negative occurs when a tampered data item is not recognized as a tampered one at the sink node. Although the Hash value calculated for tampered data items changes, bit flipping keeps the generated watermark value unchanged. Folding operation causes the generated bits of watermark information to shift from 0 to 1 or vice versa, with a probability of 1/2 for each bit shifting. It is not difficult to know that the number of bits flipped K follows a binomial distribution, where the probability distribution of ‘K’ can be calculated using Eq. (14).

\(\begin{aligned}P(K=k)=\left(\begin{array}{l}M \\ k\end{array}\right)\left(\frac{1}{2}\right)^{M}(k=0,1,2 \cdots M)\end{aligned}\)       (14)

where M is the number of all watermark bits.

There exist three cases for data modification. The first case corresponds to modifying the data used to generate watermark only. In such case, computed six bits from the tampered data are flipped in a Folding process, and the decimal numbers generated by six bits are still equal to the relevant numbers of extracted watermark. The false negative rate (FNR) for this case is shown in Eq. (15). Likewise, the second case involves the modification of watermark part only. Since the watermark information is a decimal digit, ranging from 0 to 7, a changed watermark information will not be equal to the generated watermark, so FNR is 0 in this case. Ultimately, last case refers to modifying both data used to generate watermark and watermark part. Since the data of both parts are modified, FNR in this case is lower than the first case.

\(\begin{aligned}F N R=1-\sum_{k=1}^{M} P(k)\end{aligned}\)       (15)

Insertion operation is similar to the last case of data modification. Since the inserted data items are not embedded with watermark information (i.e., extracting the watermark may be equivalent to computing the watermark), the FNR in this case is lower than that of data modification. Moreover, when a data item is deleted, it does not affect the authentication of other data items. Thus, deletion operation cannot generate false negative for the other data items, and FNR is 0.

3.4 False positive rate analysis

A false positive appears when a non-tampered data item is detected as a tampered item during extraction and comparison. For a data item d_i that is not tampered with, generated watermark is only related to the item itself, therefore, an extracted watermark from data item d_i will be equal to the generated watermark, i.e., a correct data item cannot be misjudged as a tampered item.

In terms of the analysis given above, all three tamper operations only influence the value of current data item. False positive cannot occur if the data items are not associated. Similarly, the false positive rate (FPR) is expressed in Eq. (16). According to above analysis, we conclude that FPR of the proposed scheme is 0.

\(\begin{aligned}F P R=\frac{n}{\text { Truenum }}\end{aligned}\)       (16)

where n is the number of all non-tampered data items misjudged as tampered items and Truenum is the number of all true non-tampered items.

3.5 Correct verification rate analysis

The correct verification rate (CVR) is an indicator, which represents the ratio of the number of correctly verified data items to all test data items. To further explain, for different cases of tampering, the data verified by CVR is the total number of data received by the receiving end. The calculation of CVR is shown in Eq. (17). This indicator can measure the performance of the proposed solution to verify the integrity of each data item.

In addition, different from the two evaluation indicators mentioned above, CVR is also an evaluation to verify the integrity of all data. This indicator not only considers the case of false negative, but also involves the case of data being misjudged. Therefore, in the three cases of data tampering in the proposed scheme, the total number of correctly verified data is the total amount of data without false negatives.

\(\begin{aligned}C V R=\frac{v}{\text { Allnum }}\end{aligned}\)       (17)

where v is the number of correct verified data items and Allnum is a number of all test data items. Algorithm 3 is presented to explain the details for the proposed calculation of evaluation indicators.

Algorithm 3: Calculation of evaluation indicators

Input: comparison results res; data stream length N.

Output: FNR; FPR; CVR.

1: for i← 1 to N do

2: if res (i) == 0 then

3: ischange←0

4: // ischange is intermediate record variable

5: for j← 1 to length (numorder) do // numorder is the index of all tampered data items

6: if i == j then

7: ischange←1

8: break

9: end if

10: end for

11: if ischange==1 then

12: fn_num←fn_num +1 // fn_num is the number of false negative records

13: else

14: fp_num←fp_num+1 // fp_num is the number of false positive records

15: end if

16: end for

17: CVR← (N-fn_num - fp_num) / N

18: FNR←fn_num /td_num

19: FPR←fp_num / (N- td_num) // td_num is the number of all tampered data items

4. Experiment results

In our experiments, the tampering attacks are divided into three categories i.e., modification, insertion, and deletion of data. The performance of the proposed scheme is tested by means of MATLAB simulations. The raw data stream used in experiments is from a real wireless sensor network deployed at Intel Berkeley Research Labs [30]. The experimental data is composed of 10,000 records collected by wireless sensors, where each data record includes some data items e.g., air temperature, voltage humidity, and time. For the sake of description, experimental results presented in this paper are only for one type of data item (temperature).

The performance of the proposed independent individual integrity authentication scheme is evaluated through tampering experiments and comparisons with other individual schemes. Experimental framework tests the capability of each scheme for data integrity authentication by relevant values of FNR, FPR and CVR.

4.1 Tampering detection

The independent variable for this experiment is tampering rate, which indicates the rate of the total amount of tampered data item divided by the total amount of data items. Additionally, the tampering rate is set from 10% to 50%. Fig. 5 (a-c) demonstrates the experimental results for the three cases of modification attacks, respectively.

Fig. 5. FNR and FPR tests for the three cases of modification attacks. (a) Test results for the first case of modification attack, (b) Test results for the second case of modification attack, (c) Test results for the third case of modification attack.

Modifications to different parts of the data are divided into three cases to illustrate. In the first case, the data used to generate watermark is only modified. As seen in Fig. 5 (a), FPR remains at 0 and FNR approaches 0.02 when the modification rate increases. In the second case, the watermark part of the data is only modified. Fig. 5 (b) shows that the FNR and FPR always stay as 0. In the third case, both data used to generate watermark and watermark part are modified. In this case, the generation watermark and the extraction watermark for part of the data is consistent. It can be seen from Fig. 5 (c) that the value of FNR is between the first and second cases.

Fig. 6 (a-b) shows the experimental results of data insertion and data deletion. At different insertion rates, FNRs of the scheme were greater than 0 and less than 0.015. For all different insertion rates, the FNRs of the proposed scheme are larger than 0 and lower than 0.015. The FNRs values are 0 for all different deletion rates. Results explained in Fig. 6 indicate a good performance for the proposed scheme in verifying data integrity with different tampering attacks.

Fig. 6. FNR and FPR tests for insertion and deletion attack. (a) Test results for the insertion attack, (b) Test results for the deletion attack.

It can be seen from Fig. 7 (a, c) that for all the different insertion rates and modification rates, CVR gradually decreases as the modification rate and insertion rate increase. At the same time, the accuracy of verifying the integrity of the tampered data exceeds 0.99. It can be observed from Fig. 7 (b) that the results of the CVR is always equal to 1. The reason is that if a data item is deleted during transmission, the receiving end cannot verify the integrity of the deleted data and can only verify the received data items. When data is subject to tampering attacks during transmission, the proposed scheme will detect each data item. CVR means verifying the integrity of all received data. In the verification process, because there is no data being discarded, this scheme has a good advantage in verifying individual data. In addition, it can be seen that the proposed scheme has good performance in verifying the integrity of all test data.

Fig. 7. CVR tests for tampering attacks. (a) Insertion attack test, (b) Deletion attack test, (c) Modification attack test.

4.2 Performance evaluation comparison among individual schemes

For experimental comparison, the data stream is modified with an attack rate r. Next, about 10000r data are tampered in each experimental data stream. The corresponding FNR and FPR values highlight the ability of various schemes for identifying 10000r tampered data. For a fair comparison, the method in [27] which the LSB ratio p=0.3, the threshold T=4, and queue length N=60. In [28], the threshold M=4, group length N=70, and LSB ratio pp=0.2.

4.2.1 Comparison of tamper detection

Fig. 8 shows that the FPRs for schemes reported in [27] and [28] are more than 0.8, and approach 1 as the modification rate increases. The FNRs for scheme in [27] are around 0, while for scheme in [28] are between 0-0.2. However, FNR of the proposed scheme is smaller and more stable when compared to other two schemes. Furthermore, in the schemes proposed in [27] and [28], for related data items, the watermark generated by them is consistent. Hence, when one of the data items is tampered with, authentication of the other related non-tampered data items fails. Consequently, data-independent authentication has a higher tamper detection rate than data-associated authentication.

Fig. 8. Comparison among individual schemes.

In addition, queue caching data consumes more storage room in the scheme proposed in [27]. By contrast, the proposed scheme only caches one data item, hence having lower resource consumption. To sum up, it can be clearly observed from Fig. 8 that the scheme proposed in this work outperforms the compared schemes from literature, in terms of performance of data integrity verification.

It can be seen from Fig. 9 that the CVR of the scheme [27] and scheme [28] increases with the increase of the modification rate. As the modified data increases, the total number of correct data will decrease. The changing trend of the false positive rate is relatively stable, so the number of misjudged data will be significantly reduced. It can be seen that the CVR will increase as the modification rate increases. The CVR of the proposed scheme is stable and close to 1 under the change of the modification rate. Because the proposed scheme has no false positive, the trend of CVR changes is only related to false negative.

Fig. 9. CVR comparison among individual schemes.

From Fig. 10, it can be seen that, under the same conditions, encoding computation time of the proposed scheme is generally equal to that of scheme proposed in [28] and much lower than reported in scheme [27]. Since the data used to generate watermark in the scheme proposed in [27] repeatedly moves in and out of the queue, it consumes large time on computation. Although the computation time of the scheme [28] is lower than that of the proposed scheme when the data stream is 8000, the computation time of the proposed scheme is even shorter when the data stream reaches 10000. Overall, the computation time of the proposed scheme and scheme [28] is similar. Furthermore, the scheme proposed in [28] groups the data, which increases the overhead and has higher FNR and FPR. Conclusively, the proposed scheme improves the performance of data integrity verification without increasing the computational costs.

Fig. 10. Comparison of encoding computation time.

4.2.2 Computation and communication overhead

In the proposed scheme, the security of data is considered at the network layer, and the data collected from sensor nodes are sent to the sink node for verification. Because the computing resources of the base station are sufficient, the resource consumption of the sensing node is mainly compared. This subsection mainly analyzes the computational overhead, storage overhead and transmission energy consumption of the proposed scheme and the other two individual schemes at the sensor nodes. For the communication overhead, in the research results of the literature [31], the node consumes 0.6 nJ of energy per sending 1 bit of data, and consumes 0.67 nJ of energy per 1 bit of data received. Table 3 presents the simulated parameters and settings to evaluate the performance of different schemes.

Table 3. Simulation parameter settings

The proposed scheme and Shi [27] and Xiao [28] mainly use the hash function to generate watermark. Although the computational cost of the hash function is relatively large compared to other operations, the hash function is a relatively low-cost function in the encryption method. Meanwhile, the literature [32] proved that hash function can be applied to WSN. In addition, the proposed scheme is simple arithmetic operation, logical operation and bit operation except hash operation. The overhead of generating a watermark includes multiplying, adding, and XOR operation. The process of embedding watermark is mainly two operations of converting three bits into decimals, including multiplication and addition. The proposed scheme does not need to cache data items in the sensor node, as long as the sensing data of the current data item is embedded with watermark and the data is sent out immediately. Therefore, there is no memory overhead in this scheme.

For the scheme proposed by Shi [27], firstly, the perceptual data items are copied and stored in a cache queue of length n, and then the matrix B_nm generated by probability P is used to randomly select m data for calculating watermark, which includes dot product operation. The watermark is generated by hash and XOR operation. Embedding the watermark using the LSB method only requires multiplication and addition operations. In the scheme Xiao [28], similar to Shi [27], a dot product operation is performed on the group of length n to select data items. The data is then converted into a character array and the bits are embedded in the grouped data items, respectively. The embedding operation adopts the method of adding spaces, and the process is mainly that the assignment operation can be ignored. It is generally assumed that a data record contains temperature and time, and one data record converted to binary is 50 bits. Table 4 lists the computational overhead and memory overhead of the proposed scheme and the compared individual schemes in the sensor according to the analysis results, where M represents the multiplication operation, N represents the dot multiplication operation, A represents the addition operation, H represents a hash operation.

Table 4. Comparison of computation and communication costs of three methods in sensor nodes

When considering the communication energy consumption, the time stamps of the data in each scheme are consistent, regardless of the packet length, only the size of the sent message is analyzed, and the extra overhead is not compared. The sensing node sends a data record with a watermark each time. Assuming that the data record transmitted by Shi [27] is a decimal, the size of the sent message is 50 bits. Since the data records transmitted in the Xiao [28] scheme are character types, the transmitted information needs to be converted from characters to corresponding integers and then to binary, and spaces are added to some character data, so a total of 67 bits need to be transmitted. The proposed scheme is similar to Shi [27], the information transmitted by a node each time is mainly a data item with a watermark, and the watermark is embedded in the data and no additional information needs to be transmitted. Table 5 mainly compares the energy consumed by the three schemes in transmitting information.

Table 5. Energy consumption comparison

It can be seen from Table 5 that the proposed scheme is similar to scheme of Shi [27] in transmission energy consumption, but better than scheme of Xiao [28]. In general, the proposed scheme is better than the comparison scheme in energy consumption and computational overhead. Since there is no redundant grouping and encryption overhead, the proposed scheme is very suitable for application in wireless sensor networks.

4.3 Comparison among grouping schemes

The comparison between the grouping scheme and the proposed scheme is shown in Table 6, where the tampering rate is set to 20%. The table analyzes the advantages and disadvantages of grouping schemes and individual schemes through four indicators. Comparison of different watermarking methods can reflect the performance of different schemes for integrity verification.

Table 6. Comparison between other grouping schemes and proposed schemes

In the grouping scheme, if one of the nodes is attacked, the packets related to the node will be discarded, which will result in packet loss and misidentification of data. Moreover, the proposed scheme can identify all data items. It can be seen from Table 6 that the proposed scheme has a higher recognition rate of data tampering than the grouping scheme.

5. Conclusion

In this paper, both watermark generation and embedding for authentication of data are studied based on individual data items. As a result, the proposed scheme can effectively verify the integrity of the data under tampering attacks, while reducing the overall false negative rate by an average of 5% and avoiding false positives. Compared with other reported individual schemes, the proposed scheme has higher data integrity recognition ability and increases the correct verification rate by 50% on average. In addition, no flag bits and buffer areas are required for data processing, which reduces computational and communication overhead.