Abstract

In wireless sensor networks, the adversary can easily control the compromised nodes to inject false data reports. En-route filtering is an effective mechanism to resist such attacks, where the forwarding nodes of the reports can identify and drop the false reports. However, the existing en-route filtering strategies are vulnerable to report disruption attacks and selective forwarding attacks, and the probabilities and efficiencies of en-route filtering false reports are low. To address these problems, a precheck mechanism performed by the CoS (Center-of-Stimulus) node is presented to resist report disruption attacks, a report forwarding strategy with balancing the residual energy of the nodes is designed to resist selective forwarding attacks, and an en-route message authentication scheme (EMAS) based on monitoring and reporting mechanism is proposed to resist false data injection attacks. The theoretical analysis and simulation results show that in most cases, EMAS provides a higher security level and higher en-route filtering probability and efficiency and is very efficient in energy saving.

1. Introduction

Wireless sensor networks (WSNs) have been applied in various applications, including military application, industrial monitoring [1, 2], agricultural monitoring [3], and health care [4]. In these applications, a large number of sensor nodes with limited resources are deployed to detect events of interest and deliver data reports to the sink via multihop wireless communication. WSNs are often deployed in unattended or even hostile environments; therefore, the sensor nodes in WSNs are vulnerable. The adversary can compromise sensor nodes by means of node replication attacks and code injection attacks. Then, the adversary can control these compromised nodes to launch various outside attacks, including physical destruction of sensor nodes, security attacks on the routing and data link protocols, and resource consumption attacks. Besides, the adversary can use these compromised nodes to launch various insider attacks, including false data injection attacks, selective forwarding attacks, and report disruption attacks. These insider attacks can disrupt network function, induce network congestion, and waste network resources (e.g., energy, bandwidth, and storage space).

In order to resist false data injection attacks and filter out false data reports as early as possible, scholars have proposed a number of en-route filtering strategies, in which the forwarding nodes verify the data reports and discard the false ones. According to the adopted data encryption technology, the existing en-route filtering strategies can be classified into symmetric cryptography-based strategies [514] and asymmetric cryptography-based strategies [1522]. Among them, the symmetric cryptography-based strategies attract more attention because of their advantages in communication overhead, computation overhead, and storage overhead.

However, the existing symmetric cryptography-based schemes have some drawbacks. For example, SEF [5], PCREF [6], CFFS [7], GFFS [8], EGEFS [9], and NHFS [14] are vulnerable to report disruption attacks and selective forwarding attacks. Besides, most of the existing en-route filtering schemes adopt simple verification methods, such as MAC (message authentication code) verification, resulting in low probability and efficiency of en-route filtering false reports. To overcome these drawbacks, some effective techniques are proposed to resist various attacks, including false data injection attacks, report disruption attacks, and selective forwarding attacks, so as to improve the system security and the en-route filtering probability and efficiency. The major contributions of this paper are outlined as follows:(1)In order to resist report disruption attacks, a precheck mechanism performed by the CoS (Center-of-Stimulus) node is proposed. Before generating the event report, the CoS node checks the endorsements provided by the detection nodes and discards the illegitimate ones, thereby ensuring the correctness of the endorsements in the event report.(2)In order to defend against selective forwarding attacks, a report forwarding strategy with balancing the residual energy of the sensor nodes is proposed. When selecting a forwarding node, the sender prefers the upstream neighbor (the neighbor closer to the sink) with more residual energy, so as to balance the residual energy of nodes in the network and prolong the network life. If the report is not forwarded, the sender will try other upstream neighbors until the report is forwarded.(3)An en-route message authentication scheme (EMAS) based on monitoring and reporting mechanism for filtering false reports is proposed. EMAS improves the en-route filtering probability and efficiency by verifying more information carried in the event report (i.e., MACs, the IDs and locations of endorsing nodes, and the prev) and by using the monitoring and reporting mechanism. The theoretical analysis and simulation results demonstrate that, in most cases, EMAS outperforms SEF, GFFS, and EGEFS in terms of security, en-route filtering probability, en-route filtering efficiency, and energy expenditure.

The rest of this paper is organized as follows. In Section 2, the related works in the area of en-route filtering false reports are introduced. Section 3 presents the system models and threat models. The proposed scheme is detailed in Section 4, and its performance is analyzed and evaluated in Sections 5 and 6, respectively. Finally, Section 7 concludes this paper.

The existing en-route filtering strategies include symmetric cryptography-based strategies and asymmetric cryptography-based strategies. Due to the limited space, only the existing symmetric cryptography-based strategies that are more relevant to this research will be discussed.

Ye et al. [5] present a statistical en-route filtering (SEF) mechanism for forwarding nodes to identify and drop false reports. In SEF, each detecting node generates a keyed MAC for the event, and T (T > 1) MACs are attached to the event report. The forwarding nodes verify the correctness of the MACs in the report with certain probability. When any invalid MAC is found, the report will be discarded. The simulation results show that SEF can drop up to 70% of false reports within five hops. However, a few false reports with incorrect MACs may escape en-route filtering and reach the sink. Furthermore, SEF can only tolerate a small number of compromised nodes.

Yang et al. [6] proposed a polynomial-based, compromised, resilient en-route filtering scheme (PCREF), which adopts polynomials in place of MACs to endorse and verify reports. In PCREF, each node stores two types of polynomials: authentication polynomial and check polynomial derived from the primitive polynomial. PCREF can filter out false data effectively and achieve high resilience to the large number of compromised nodes without relying on fixed routes for data transmission. However, PCREF is prone to selective forwarding attacks and report disruption attacks, and it has T-threshold limitation.

Liu et al. [7] proposed a cluster-based false data filtering scheme (CFFS) for filtering false data efficiently. The nodes are organized into clusters and a sink-rooted tree of cluster heads is constructed. In addition, a distributed key assignment method is proposed, which assigns keys to upstream nodes based on the tree-like path to sink. Thus, false reports can be verified by several nodes during one hop. CFFS outperforms the existing schemes in terms of filtering efficiency and overhead balance. However, it is prone to T-threshold limitation, selective forwarding attacks, and report disruption attacks, and it cannot adapt to dynamic networks.

Wang et al. [8] considered a new type of false data injection attack called collaborative false data injection and proposed a geographical information-based false data filtering scheme (GFFS). In the predeployment phase, each node needs to distribute its location and key partition to the intermediate nodes. Each event report carries t (t > 1) MACs and locations. The forwarding nodes verify the correctness of MACs and locations and the legitimacy of the locations. GFFS can filter out the false reports injected collaboratively by compromised nodes. However, distributing the information of location and key partition incurs long latency and high-energy overhead.

Yi et al. [9] designed a new type of false data injection attack called collusion attack with forged locations and proposed an efficient geographical information-based en-route filtering scheme (EGEFS). In EGEFS, the MACs, the report identifier, and the legitimacy and authenticity of endorsing nodes’ locations in the event report will be verified by the forwarding nodes. EGEFS can resist various types of false data injection attacks and can perform better in terms of en-route filtering probability, en-route filtering efficiency, and energy overhead. However, EGEFS is prone to selective forwarding attacks.

Kumar and Pais [10] proposed a multisink en-route filtering mechanism where the network is divided into smaller networks, and a separate sink is assigned to each smaller network. This helps reduce the overall energy consumption of the network. They also proposed a novel deterministic en-route filtering scheme [11] and a partial key predistribution-based scheme [12], both of which assign the secret keys to cluster heads based on combinatorial design. These two schemes provide more effective en-route filtering of false reports. However, three copies of each event report with different endorsements forwarded in the network incurs high-energy expenditure. In addition, they propose a blockchain based deterministic en-route filtering scheme [13] which can also adapt to dynamic networks and mobile sinks.

Liu and Liu [14] proposed a neighbor information and one-way hash chain-based filtering scheme (NHFS), which binds the keys of sensor nodes to their geographical locations. Each report must carry the MACs and hash values from t detecting nodes. The forwarding nodes can filter out false reports by checking the correctness of the MACs, hash values, and the freshness of these hash values. However, NHFS is vulnerable to selective forwarding attacks and report disruption attacks.

It can be seen that the filtering technologies used in the existing en-route filtering strategies are weak, resulting in low en-route filtering probability and efficiency. In addition, most of them are vulnerable to selective forwarding attacks and report disruption attacks. In this paper, the en-route filtering scheme that can resist false data injection attacks, report disruption attacks, and selective forwarding attacks will be researched to improve the en-route filtering probability and efficiency, thereby saving the limited network resources.

3. System Models and Threat Models

In this section, system models and threat models will be introduced.

3.1. System Models

Suppose that q sensor nodes and one sink node are randomly deployed in the monitoring area. All the sensor nodes have the same communication range Rc and same sensing range Rs. Typically, Rc ≥ 2Rs [16]. After deployment, the sink and all the sensor nodes are static, and each node will obtain its location through GPS or the localization algorithms [23, 24].

Suppose that the sensor nodes in the network are dense enough so that each event can be detected simultaneously by multiple nodes. In order to make it difficult for the adversary to forge event reports, each event report needs to contain the endorsements of T (T ≥ 1) detecting nodes with different key partitions (called endorsing nodes). When an event occurs, each detecting node generates a MAC and sends it to the elected CoS node. The CoS node randomly chooses T MACs from the detecting nodes with different key partitions to produce an event report and then forwards the event report to the sink through multiple hops.

The system model considered in this paper is shown in Figure 1. The small black circles denote the sensor nodes, the square filled with blue color denotes the sink, the red triangle denotes the location of the event, the red circle denotes the sensing range of the event, and the small circle filled with blue color is the elected CoS node. Each detecting node sends its endorsement of the event to the CoS node. After generating the event report, the CoS node sends it to the sink along the routing path highlighted in red.


Figure 1 
System model.
3.2. Threat Models

Assume that the sink will not be compromised by the adversary, while other sensor nodes can be physically captured and compromised. After compromising a node, the adversary can obtain its related information (e.g., ID, location, key, and key index) and can control it to launch various attacks. The compromised node can pretend to be a CoS node, forge false events occurring around it, and generate false event reports with legitimate forms using the information (e.g., key) of other compromised nodes. The compromised node can also pretend to be a forwarding node to inject false reports into the network. Furthermore, the adversary can control the compromised nodes to launch selective forwarding attacks. In other words, the compromised nodes may selectively discard the received reports; thus, some legitimate reports cannot reach the sink, which will severely damage data availability and disrupt the event report service. The adversary can also control the compromised nodes to launch report disruption attacks by providing illegitimate endorsements for event reports, causing the reports of real events to be dropped by some forwarding nodes or the sink.

4. The Proposed Scheme

In this section, the design overview of the proposed scheme will be described first. Then, the process of predeployment and initialization, report generation and forwarding, en-route filtering, and sink verification will be introduced in turn.

4.1. Overview of Algorithm Design

The design overview of the proposed scheme will be described here, including the design of en-route filtering strategy, the design of method for resisting report disruption attacks, and the design of method for resisting selective forwarding attacks.

4.1.1. Design of En-Route Filtering Strategy

SEF [5] adopts MAC verification to filter out false reports. However, the malicious compromised node can utilize the keys of other compromised nodes to forge MACs in order to pass the MAC verification of SEF, which results in low en-route filtering probability. In order to effectively filter out the false reports collaboratively forged by multiple compromised nodes, GFFS [8] provides a method of verifying the legitimacy of the endorsing nodes’ locations. However, if the adversary forges the locations of endorsing nodes within the sensing range of the forged event, it will smoothly pass the legitimacy verification of the endorsing nodes’ locations by GFFS. In order to defend against such collusion attack by forging locations, a method of verifying the IDs of endorsing nodes is designed in this paper, which will be executed by the 1-hop forwarding node of the CoS node. Suppose that the malicious node pretends to be a CoS node, it forges an event report R by using the information of other compromised nodes and then sends R to its 1-hop forwarding node . Because the endorsing nodes in R should detect the same event as the distance between each endorsing node and should be less than or equal to 2Rs. Usually, Rc ≥ 2Rs [16], then the distance between each endorsing node and will be less than or equal to Rc, which means that each endorsing node should be a neighbor of . Therefore, can check the neighbor ID list of stored locally, and if any endorsing node in R is not in the neighbor ID list of , will drop R.

In order to pass the above verification of the endorsing nodes’ IDs by , might fraudulently use the IDs of its neighbors. To combat such attack, a monitoring and reporting mechanism is proposed. When the endorsing node sends its endorsement to , and the common neighbors of and (called the monitoring nodes of and ) will store the transmission record of this endorsement. Assume that fraudulently uses the ID of its neighbor as the endorsing node ID to forge the report R and sends R to . When or a common neighbor of and hears R, it will check the local endorsement transmission list, and if no record of sending its endorsement to is found, it will send an ALERT message to to report . When the number of valid ALERT messages for exceeds the preset threshold, will drop R.

In order to pass the verification of the endorsing nodes’ IDs and avoid being reported by the monitoring nodes, might pretend to be a forwarding node and inject false reports into the network. In order to defend against such attack, a prev field can be added to the head of the event report R to record the ID of previous hop node. When pretends to be a forwarding node of R and uses the ID of a nonneighbor node as the prev in R, then after receiving R from , only needs to check the neighbor ID list of stored locally, and if finds that the node prev is not the neighbor of , it will drop R.

In order to pass the above prev verification, might use a neighbor’s ID as the prev. The monitoring and reporting mechanism can resist such attack. When sends an event report to , both and the common neighbors of and will store the transmission record of this report. If uses the ID of its neighbor as the prev to forge the report R and sends R to , then after or a common neighbor of and hears R, it will check the local report transmission list. If no record of sending R to is found, an ALERT message will be sent to to report . When the number of valid ALERT messages for exceeds the preset threshold, will drop R.

4.1.2. Design of the Method for Resisting Report Disruption Attacks

The compromised nodes may launch report disruption attacks by providing false endorsements for the event. If the CoS node selects false endorsements to generate the event report, then the event report will be dropped by a forwarding node and cannot reach the sink. In order to resist such attack, a precheck mechanism for the CoS node is presented. When receiving an endorsement from a detecting node, the CoS node will verify the endorsement and discard the illegitimate one. In this way, the correctness of endorsements in the event report is guaranteed.

4.1.3. Design of the Method for Resisting Selective Forwarding Attacks

In order to resist selective forwarding attacks and balance the residual energy of nodes in the network to prolong the network life, an effective report forwarding strategy is designed in this paper. When choosing a forwarding node, the sender will prefer the upstream neighbor with more residual energy. If the chosen upstream neighbor does not forward the report, the sender will choose another upstream neighbor with more residual energy to forward the report. Unless all the upstream neighbors of the sender have been compromised, the legitimate report will be ultimately forwarded to the sink.

4.2. Predeployment and Initialization

Before deployment, key assignment and storage for each sensor node should be completed. As in SEF [5], a global key pool containing N keys with different indexes is generated and divided into n (n > T) nonoverlapping partitions with m keys in each partition. The user randomly picks one partition for each node and stores any k (k < m) keys of this partition and the associated key indexes into the node. The sink holds the global key pool and knows the secret information of each node.

After network deployment, each node calculates its level (its distance to the sink) using the method described by Yi et al. [25] and then broadcasts its ID, location, level, residual energy, key partition, and its neighbors’ IDs to its neighbors. Next, each node sends its location to the sink. As a result, each node stores the ID, location, level, residual energy, and key partition of all its neighbors, as well as the neighbors’ IDs of each neighbor.

4.3. Report Generation and Forwarding

When an event happens, an event report will be generated and forwarded to the sink. Next, how to generate and forward an event report will be detailed.

4.3.1. Report Generation

When an event occurs, a CoS node should be selected from the detecting nodes to generate the event report and send it to the sink. The CoS selection method in SEF [5] is adopted in this paper.

After the CoS node is selected, each detecting node randomly selects a locally stored key Ki (i is the key index of Ki) and generates a MAC: , where || denotes stream concatenation, LE and E denote the location and reading of the event, and {IDcos, C} denotes the report identifier, as in EGEFS [9]. The single-block encryption algorithm RC5 is adopted to compute the MAC. Then, sends its endorsement of the event, i.e., {IDCoS, C, IDvj, Lj, i, Mi}, to the CoS node. The CoS node, , and the common neighbors of the CoS node and store the transmission record of this endorsement (including {IDvj, IDcos, C}) into the local endorsement transmission list ETLT.

After receiving the endorsement from , the CoS node will verify this endorsement and discard it if the verification fails, as shown in the following.

First of all, the CoS node verifies whether Lj and the key partition of i are consistent with the corresponding information of stored locally, and if not, the endorsement will be discarded; otherwise, the CoS node checks whether the key partition of is the same as that of a selected endorsing node, and if it is, the endorsement will be discarded; otherwise, the CoS node checks whether , and if not, the endorsement will be discarded; otherwise, the CoS node selects as an endorsing node. After the number of selected endorsing nodes (including the CoS node) reaches T, the CoS node will no longer process the endorsements sent by other detecting nodes.

After selecting T endorsing nodes, the CoS node attaches the T endorsements of the endorsing nodes to the event report. In order to reduce the length of event report, the technique of Bloom filter described by Ye et al. [5] is adopted. The T MACs are mapped into a d-bit string: F = b0b1, …, bd−1, using z independent hash functions. In this way, the final event report R looks like {LE, tE, E, C, prev, ID1, L1, i1, …, IDT, LT, iT, F}, where tE refers to the time when the event is detected, ID1 is IDCoS, prev is the ID of the previous hop node (the CoS node sets the prev as −1, and each forwarding node sets the prev as the ID of its previous hop node before forwarding R). After generating the event report, the CoS node sends it to the next hop according to the report forwarding strategy detailed later.

4.3.2. Report Forwarding

When designing the report forwarding strategy, the main design concepts include the following: (1) The sender will select an upstream neighbor as the forwarding node to ensure that the path for forwarding the report to the sink is the shortest, thereby reducing the energy consumption for forwarding the report. (2) The sender will select the upstream neighbor with higher residual energy as the forwarding node, so as to balance the residual energy of nodes in the network and extend the network life. However, the upstream neighbor with highest residual energy should not always be selected; otherwise, it will become an explicit attack target for the adversary. (3) In order to resist selective forwarding attacks, the sender will select another upstream neighbor to forward the report if the selected upstream neighbor does not forward the report. In conclusion, the proposed report forwarding strategy is detailed as follows.

When a node needs to send a report to the sink, it will select kn neighbors with highest residual energy from its upstream neighbors. Then, it will randomly choose one from the kn neighbors as the forwarding node. If the number of upstream neighbors is less than kn, then will randomly choose one from the upstream neighbors as the forwarding node. Assume that chooses as the forwarding node and sends the report to . All the upstream neighbors of will temporarily store this report until it is forwarded or dropped. Then, will overhear the channel for a while. If finds that does not forward the report, another upstream neighbor will be chosen according to the above selection strategy to forward the report. Unless all the upstream neighbors of are compromised, the legitimate report will ultimately be forwarded to the sink.

4.4. En-Route Filtering

When sends an event report R to the forwarding node , (the specified receiver of R) and the neighbor of who hears R (the nonspecified receiver of R) will conduct different processing of R: (1)After hearing R, s neighbor (the nonspecified receiver of R) will conduct the following processing operation (the pseudocode of processing operation is described in Algorithm 1).If is a common neighbor of and , it will add the report transmission record {, , IDcos, C} to the local report transmission list RTLT. If is the CoS node in R and is an endorsing node in R or a common neighbor of and an endorsing node in R, will search the local endorsement transmission list ETLT. If does not find the record of sending its endorsement of the event to , it will send an ALERT message to for reporting , which contains {IDvt (the reporter’s ID), IDvj (the receiver’s ID), 0 (the report type), IDcos, C, and IDvi (the ID of the reported node)}. If is not the CoS node in R and is the node prev or a common neighbor of and the node prev in R, will search the local report transmission list RTLT. If does not find the record of the node prev sending R to , it will send an ALERT message to for reporting with the report type set to 1. Note: In order to reduce the communication overhead, before sending the ALERT message to , if has heard more than s same-type (0-type or 1-type) ALERT messages for , it will cancel sending the ALERT message.After receiving the ALERT message, will verify whether the reporter in the ALERT message is a neighbor of the reported node , and if not, the ALERT message will be discarded; otherwise, the ALERT message will be considered to be valid, and according to the report type x (x = 0 or 1) in the ALERT message, will increase the number of x-type ALERT messages for (denoted as count_ix) by 1.Furthermore, another problem needs to be addressed: the reporter that sends the ALERT message to is not necessarily a neighbor (i.e., 1-hop neighbor) of , or it may be a 2-hop neighbor (i.e., a neighbor’s neighbor) of , then how does transmit the ALERT message to ? A simple ALERT message transmission method is designed in this study. If is a neighbor of , will directly unicast the ALERT message to ; otherwise, will broadcast the ALERT message, and if a node receiving this broadcast ALERT message detects that as its neighbor, it will unicast the ALERT message to ; otherwise, it will not forward this ALERT message. In order to reduce energy consumption, if finds that another node has unicasted this ALERT message to , it will not unicast this ALERT message to .In conclusion, the pseudocode for processing the ALERT message is shown in Algorithm 2.(2)After receiving R from , the specified receiver will verify R according to the following steps.Step 1: initialize the numbers of 0-type and 1-type ALERT messages for (i.e., count_i0 and count_i1) to 0. Then, start a timer Ta during which receives and processes the ALERT messages for . When the timer Ta expires, execute Algorithm 3, and if the returned value of Algorithm 3 is 1, discard R.Step 2: check the freshness of R according to tE in R and discard R if it is an overdue report.Step 3: check the format of R is complete, the key indexes belong to different key partitions, and there are no more than z × T “1”s in F; discard R otherwise.Step 4: check the locations of endorsing nodes in R is legitimate, i.e., (1 ≤ i ≤ T); discard R otherwise.Step 5: if has a key , it calculates and the z hash values of M, then checks whether the corresponding bits in F are “1”s. If not, discards R.Step 6: if is the CoS node in R, checks the neighbor ID list of stored locally, and if any endorsing node in R is found not to be a neighbor of , will discard R. If is not the CoS node in R, verifies the prev in R. If the prev is found not in the neighbor ID list of , will discard R.If the report R has passed all the above checks, will set the prev in R to , then send R to the next hop according to the proposed report forwarding strategy, and add the report transmission record {, , IDcos, C} to the local report transmission list RTLT.

/∗When hears the report R sent by to ∗/
if ( is a common neighbor of and )
 Add the report transmission record {, , IDcos, C} to the local list RTLT;
if ( is the CoS node in R) {
 if ( is an endorsing node in R || is a common neighbor of and an endorsing node in R){
  Search the local list ETLT for the record of sending its endorsement of the event to .
  If not found, set flg0 = false, otherwise set flg0 = true;
  if (flg0 = false && count_i0 <s)
   //count_i0 is the number of 0-type ALERT messages for .
    sends a 0-type ALERT message for to ;
 }
}
else {
 if ( is the node prev in R || is a common neighbor of and the node prev in R){
  Search the local list RTLT for the record of the node prev sending report R to .
  If not found, set flg1 = false, otherwise set flg1 = true;
  if (flg1 = false && count_i1 <s)
   //count_i1 is the number of 1-type ALERT messages for .
    sends a 1-type ALERT message for to ;
  }
}
Algorithm 1 
Processing of a report on its nonspecified receiver (e.g., ).
/∗When hears an x-type ALERT message for reported by to .∗/
if ( has heard the ALERT message) ignore this ALERT message;
else if ( is exactly ){
 if ( is not a neighbor of ) discard this ALERT message;
 else {
  switch (x){
   case 0: count_i0++; break;
   case 1: count_i1++; break;
  }
 }
}
else if (it is a broadcast ALERT message) {
 //The ALERT message needs to be forwarded.
 if ( is a neighbor of && does not hear any node unicast this ALERT message to )
   unicasts this ALERT message to ;
}
Algorithm 2 
Processing of ALERT message.
 /∗ is processing the report R sent by .∗/
if ( is the CoS node in R) {
  if (count_i0 ≥ s) return 1;
}
else {// is a forwarding node.
  if (count_i1 ≥ s) return 1;
}
return 0;
Algorithm 3 
Processing of Ta’s expiration.
4.5. Sink Verification

In the worst case, a false report may escape en-route filtering by all the forwarding nodes and reach the sink. At this time, the sink will verify the report and discard the false one, thereby avoiding making wrong decisions.

When the sink receives an event report R from , it first verifies R according to Step 2, Step 3, and Step 4 in Section 4.4. Then, it checks whether {IDj, Lj, ij} (1 ≤ j ≤ T) in R are the same as the corresponding information stored locally. Next, for each key , it calculates , then regenerates the Bloom filter F′ and checks whether F′ = F. After that, it checks whether the endorsing nodes in R are all neighbors of the CoS node and the node prev in R is a neighbor of . Finally, it checks whether the numbers of 0-type and 1-type ALERT messages for are both less than s. If any of the above checks fails, the report R will be discarded.

5. Performance Analysis

In this section, the security features, communication overhead, and storage overhead for SEF [5], GFFS [8], EGEFS [9], and EMAS will be discussed.

5.1. Security Features

In order to evaluate the en-route filtering capabilities of SEF [5], GFFS [8], EGEFS [9], and EMAS, four types of false data injection attacks are designed as follows:(1)Collusion attack by forging locations.The malicious compromised node forges an event occurred around it and acts as the CoS node to forge a report for the event in a legitimate form. First, chooses T compromised nodes with different key partitions as the endorsing nodes of the forged event and then forges their locations within the sensing range of the forged event. When the number of compromised nodes with different key partitions is less than T, the information (e.g., IDs, key indices, locations, and MACs) of the rest required endorsing nodes will be forged. Among them, the IDs and MACs are forged randomly, the key indices are forged to belong to different key partitions from those of other endorsing nodes, and the locations are forged to be within the sensing range of the forged event. Then, sets the prev in the report as −1. After generating the forged report, sends it to its 1-hop forwarding node.For convenience of reference, the collusion attack by forging locations is denoted as the CAFL attack.(2)Collusion attack by fraudulently using neighbors’ information.The malicious compromised node forges an event nearby, making as many neighbors with different key partitions as possible within the sensing range of the forged event. Then, acts as the CoS node to forge a report for the event in a legitimate form, using the IDs and locations of the neighbors with different key partitions within the sensing range of the forged event, as well as the keys and key indices of the compromised nodes with the same key partitions as the selected neighbors. When there are insufficient available neighbors or insufficient available compromised nodes with different key partitions, will forge the rest required information of endorsing nodes by using the method in the CAFL attack. Then, sets the prev in the report as −1. After generating the forged report, sends it to its 1-hop forwarding node.For convenience of reference, the collusion attack by fraudulently using neighbors’ information is denoted as the CAUNI attack.(3)Collusion attack by acting as a forwarding node.The process of the malicious compromised node forging an event report is similar to that in the CAUNI attack. However, in order to pass the verification of the next-hop forwarding node, does not use itself as the CoS node but selects another endorsing node as the CoS node and sets the prev in the forged report as the ID of one of its neighbors. Then, pretends to be a forwarding node to send the forged report to the next hop.For convenience of reference, the collusion attack by acting as a forwarding node is denoted as the CAAFN attack.(4)Antireporting collusion attack by acting as a forwarding node.The process of the malicious compromised node forging an event report is similar to that in the CAAFN attack. The difference is that in order to avoid being reported by the surrounding nodes, sets the prev in the forged event report as the ID of a node more than 2 hops away.For convenience of reference, the antireporting collusion attack by acting as a forwarding node is denoted as the ACAAFN attack.

Next, the security features of SEF [5], GFFS [8], EGEFS [9], and EMAS will be compared based on the above four types of false data injection attacks, the selective forwarding attack, and the report disruption attack.

SEF, GFFS, EGEFS, and EMAS can resist the CAFL attack to a certain extent. SEF can filter out some false reports by verifying the MACs. In addition to the MAC verification, GFFS also verifies the legitimacy of the endorsing nodes’ locations, which will filter out some false reports that have passed the MAC verification. Therefore, GFFS is more resistant to the CAFL attack than SEF. Besides the MAC verification and the verification of legitimacy of the endorsing nodes’ locations, EGEFS also verifies the authenticity of the endorsing nodes’ locations, thereby filtering out every false report. By verifying the MACs and the endorsing nodes’ IDs, EMAS can also filter out each false report. Therefore, EGEFS and EMAS are more resistant to the CAFL attack than SEF and GFFS.

SEF, GFFS, EGEFS, and EMAS can resist the CAUNI attack to a certain extent. SEF can filter out some false reports through the MAC verification. GFFS also verifies the legitimacy of the endorsing nodes’ locations in addition to the MAC verification. However, under the CAUNI attack, the malicious compromised node fraudulently uses the IDs, locations, and key partitions of its neighbors to forge the endorsements; therefore, most false reports can pass the verification of legitimacy of the endorsing nodes’ locations and key partitions in GFFS. As a result, the capability of GFFS to resist the CAUNI attack is only slightly stronger than that of SEF. EGEFS can filter out all false reports through the MAC verification and the verification of authenticity of the endorsing nodes’ locations. EMAS can also filter out all false reports through the MAC verification and the monitoring and reporting mechanism. Therefore, EGEFS and EMAS are more resistant to the CAUNI attack than SEF and GFFS.

The capabilities of SEF and GFFS to resist the CAAFN attack are similar to their capabilities to resist the CAUNI attack, i.e., GFFS’s capability to resist the CAAFN attack is only slightly stronger than that of SEF. EGEFS performs the MAC verification, as well as the legitimacy and authenticity verification of the endorsing nodes’ locations; however, the authenticity verification of the endorsing nodes’ locations is performed only by the 1-hop forwarding node of the CoS node; therefore, some false reports may escape the authenticity verification of the endorsing nodes’ locations in EGEFS. Nevertheless, EGEFS is still more resistant to the CAAFN attack than SEF and GFFS. EMAS can filter out each false report through the MAC verification and the monitoring and reporting mechanism; therefore, EMAS is more resistant to the CAAFN attack than EGEFS, GFFS, and SEF.

The capability of GFFS to resist the ACAAFN attack is slightly stronger than that of SEF, and EGEFS is more resistant to the ACAAFN attack than SEF and GFFS (the specific analysis is similar to the analysis of resisting the CAAFN attack). EMAS can filter out all false reports through the MAC verification, the prev verification, and the monitoring and reporting mechanism. Therefore, EMAS is more resistant to the ACAAFN attack than EGEFS, GFFS, and SEF.

For the selective forwarding attack, none of EGEFS, GFFS, and SEF adopts any measure to resist such attack, whereas EMAS can resist such attack with the proposed report forwarding strategy.

For the report disruption attack, none of EGEFS, GFFS, and SEF provides any measure to combat such attack. In EMAS, the CoS node verifies the endorsements sent by the detecting nodes and discards the false endorsements; therefore, EMAS can resist the report disruption attack. In conclusion, the security features of SEF, GFFS, EGEFS, and EMAS are shown in Table 1.

Table 1 
Security features.
5.2. Communication Overhead

In this section, the communication overhead of SEF [5], GFFS [8], EGEFS [9], and EMAS will be discussed, including the predistribution communication overhead and the report-filtering communication overhead.

5.2.1. Predistribution Communication Overhead

The predistribution communication overhead refers to the communication overhead incurred by each node for distributing the location, key partition, and other information during the system initialization phase. Suppose that SEF, GFFS, EGEFS, and EMAS adopt the same forwarding node selection method, then the predistribution communication overhead for implementing the forwarding node selection method is the same for all the four algorithms and can therefore be ignored. Thus, SEF does not incur any additional predistribution communication overhead. In GFFS, each node needs to predistribute c packets containing its location and key partition. In EGEFS, each node needs to broadcast its location and send its location to the sink. In EMAS, each node needs to broadcast its location, key partition, and the IDs of all its neighbors and also needs to send its location to the sink.

It can be seen that SEF has the lowest predistribution communication overhead, and EMAS has higher predistribution communication overhead than EGEFS. Because each node in GFFS needs to broadcast its location and key partition throughout the entire network, GFFS usually has the highest predistribution communication overhead.

5.2.2. Report-Filtering Communication Overhead

The report-filtering communication overhead refers to the energy expenditure for filtering out a false report, which is affected by the report length and the number of hops that the report travels. The longer the report length, the higher the report-filtering communication overhead, and the more hops the report travels, the higher the report-filtering communication overhead.

For fairness, assume that SEF, GFFS, EGEFS, and EMAS all adopt Bloom filter. Denote the length of node ID, key index, location, the counter value C, a normal report without any extra field, and Bloom filter as LS, Lk, LL, LC, Lr, and LF, respectively. The length of prev in EMAS is denoted as Lp. Then, the length of a report in SEF, GFFS, EGEFS, and EMAS is LRSEF = Lr + T × Lk + LF, LRGFFS = Lr + T × (Lk + LS + LL) + LF, LREGEFS = Lr + LC + T × (Lk + LS + LL) + LF, and LREMAS = Lr + LC + T × (Lk + LS + LL) + LF + Lp, respectively. As an example, if T = 5, LS = 10 bits, Lk = 10 bits, LL = 16 bits, LC = 8 bits, Lr = 24 bytes [5], LF = 64 bits, and Lp = 9 bits, then LRSEF is about 39 bytes, LRGFFS is about 54 bytes, LREGEFS is about 55 bytes, and LREMAS is about 56 bytes.

Denote the energy consumption of transmitting and receiving one byte as et and er. Assume that each node has Cn neighbors on average. When a node sends a report, all its neighbors will hear the report and consume energy to receive it. Assume that the number of hops that a false report travels in SEF, GFFS, EGEFS, and EMAS is HSEF, HGFFS, HEGEFS, and HEMAS, respectively. Then, the energy consumption for filtering out a false report in SEF, GFFS, EGEFS, and EMAS is ECSEF = LRSEF × (et+Cn × er) × HSEF, ECGFFS = LRGFFS × (et+Cn × er) × HGFFS, ECEGEFS = LREGEFS × (et+Cn × er) × HEGEFS+EV, and ECEMAS = LREMAS × (et+Cn × er) × HEMAS+EA, respectively, where EV is the energy consumption for verifying the authenticity of locations in the report, and EA is the energy consumption caused by the monitoring nodes sending ALERT messages to the current forwarding node.

Although LREMAS is larger than LRSEF, LRGFFS, and LREGEFS, and EMAS has to spend communication overhead for ALERT messages; however, EMAS has stronger capability to resist the attacks than SEF, GFFS, and EGEFS, resulting in HEMAS usually being smaller than HSEF, HGFFS, and HEGEFS. Therefore, EMAS still has advantages in energy expenditure for filtering out a false report in most cases, and the simulation results also verify this conclusion.

5.3. Storage Overhead

Assume that SEF [5], GFFS [8], EGEFS [9], and EMAS all adopt the proposed report forwarding strategy, then the storage overhead for report forwarding strategy can be overlooked because it is almost the same for the four algorithms. Thus, the average storage overhead of each node for implementing the en-route filtering strategy is mainly considered here.

Each node in SEF needs to store k keys and k key indexes, while each node in GFFS needs to store extra c packets {Si, Li, Ui}. In EGEFS, each node needs to store k keys, k key indexes, and locations of its neighbors, whereas in EMAS, each node needs to additionally store the key partition and neighbor IDs of each neighbor.

Let the length of a key, key index, node ID, location, and Ui be Lb, Lk, LS, LL, and LU, respectively. Suppose each node has Cn neighbors on average, then, the average storage overhead of each node in SEF, GFFS, EGEFS, and EMAS is ASSEF = k × (Lb + Lk), ASGFFS = k × (Lb + Lk) + c × (LS + LL + LU), ASEGEFS = k × (Lb + Lk) + Cn × LL, and ASEMAS = k × (Lb + Lk) + Cn × (LL + LU + Cn × LS), respectively.

It can be seen that the average storage overhead in SEF is the smallest and that in EGEFS is smaller than that in EMAS. GFFS or EMAS has the highest average storage overhead, depending on the value of the parameter.

6. Performance Evaluation

In this section, the performance of SEF [5], GFFS [8], EGEFS [9], and EMAS will be evaluated from the aspects of average storage overhead of each node, average predistribution energy consumption of each node, and en-route filtering capability against the four types of false data injection attacks. Among them, the metrics for evaluating the en-route filtering capability include the following: (1)en-route filtering probability, measured as the percentage of false reports dropped by the forwarding nodes;(2)number of traveled hops, measured as the number of hops that a false report travels; and(3)filtering energy expenditure, measured as the energy expenditure for filtering out a false report.

6.1. Experimental Environment and Parameter Setting

Based on the WSN simulator explained by Yi et al. [9], extensive simulation experiments were conducted for SEF [5], GFFS [8], EGEFS [9], and EMAS. In the simulation experiments, 250 sensor nodes were randomly deployed in an area of 100 m × 300 m, and the sink was located at the edge of the area. A global key pool containing 1000 keys was generated, which was divided into 10 key partitions with 100 keys in each partition. Each node randomly stored 50 keys belonging to the same key partition. The report lengths in SEF, GFFS, EGEFS, and EMAS were 39 bytes, 54 bytes, 55 bytes, and 56 bytes, respectively, and the length of ALERT message in EMAS was 7 bytes. The settings for other simulation parameters are shown in Table 2.

Table 2 
Simulation parameters.

The performance of GFFS is affected by c (the number of predistributed packets). In the simulation experiments, the two cases of c = 20 and c = 40 were simulated for GFFS, which were denoted as GFFS_20 and GFFS_40, respectively. Furthermore, the performance of these algorithms is also affected by the number of hops between the malicious compromised node and the sink (denoted as MNHop). In the simulation experiments, the two cases of MNHop = 5 and MNHop = 10 were simulated.

Each simulation experiment was run 1000 times, and one false report was generated in each run. All the experimental results were averaged over 1000 runs.

6.2. Performance of Storage Overhead and Predistribution Energy Consumption

The experimental results of average storage overhead of each node and average predistribution energy consumption of each node are shown in Table 3. When arranged according to the average storage overhead of each node, the order from low to high is SEF, EGEFS, GFFS_20, GFFS_40, and EMAS. When arranged according to the average predistribution energy consumption of each node, the order from low to high is SEF, EGEFS, EMAS, GFFS_20, and GFFS_40. It can be seen that the experimental results are consistent with the conclusions of theoretical analysis.

Table 3 
Storage overhead and predistribution energy consumption.
6.3. Performance of En-Route Filtering

In this section, the performance of en-route filtering under the CAFL attack, the CAUNI attack, the CAAFN attack, and the ACAAFN attack will be evaluated for SEF [5], GFFS [8], EGEFS [9], and EMAS.

6.3.1. Algorithm Performance under the CAFL Attack

Figures 2(a) and 2(b), respectively, show the experimental results of how the en-route filtering probability varies with the number of compromised nodes cn when MNHop = 5 and MNHop = 10 under the CAFL attack. It can be seen that when MNHop = 5 and MNHop = 10, the en-route filtering probabilities of EMAS and EGEFS are not affected by cn, both of which are 100%, whereas those of SEF, GFFS_20, and GFFS_40 gradually decrease with the increase in cn. When MNHop = 5, the en-route filtering probabilities of EMAS and EGEFS are higher than those of SEF, GFFS_20, and GFFS_40 and that of GFFS_40 is higher than those of SEF and GFFS_20, while SEF has the lowest en-route filtering probability. When MNHop = 10, the en-route filtering probability of GFFS_40 is close to 100%, which is similar to those of EMAS and EGEFS and higher than those of SEF and GFFS_20, while SEF has the lowest en-route filtering probability.

(a)
(a)
(b)
(b)
Figure 2 
En-route filtering probability under the CAFL attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 3(a) and 3(b), respectively, show the experimental results of how the number of traveled hops varies with cn when MNHop = 5 and MNHop = 10 under the CAFL attack. When MNHop = 5 and MNHop = 10, the numbers of traveled hops of EMAS and EGEFS are not affected by cn, both are 1, which means that both EMAS and EGEFS can filter out false reports within 1 hop; the numbers of traveled hops of SEF, GFFS_20, and GFFS_40 gradually increase with the increase in cn and that of GFFS_40 is smaller than those of GFFS_20 and SEF, while SEF has the largest number of traveled hops.

(a)
(a)
(b)
(b)
Figure 3 
Number of traveled hops under the CAFL attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 4(a) and 4(b), respectively, show the experimental results of how the filtering energy expenditure varies with cn when MNHop = 5 and MNHop = 10 under the CAFL attack. It can be seen that when MNHop = 5 and MNHop = 10, the filtering energy expenditures of all the algorithms gradually increase with the increase in cn. Among them, the filtering energy expenditure of SEF shows the largest increase, whereas that of EMAS shows the smallest increase. When MNHop = 5, the filtering energy expenditures are in the following order from low to high: EMAS, GFFS_40, EGEFS, GFFS_20, and SEF, whereas when MNHop = 10, the order is EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

(a)
(a)
(b)
(b)
Figure 4 
Filtering energy expenditure under the CAFL attack. (a) MNHop = 5. (b) MNHop = 10.

By combining the above experimental results, it can be seen that under the CAFL attack, the en-route filtering capabilities of these algorithms are arranged in descending order as EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

6.3.2. Algorithm Performance under the CAUNI Attack

Figures 5(a) and 5(b), respectively, show the experimental results of how the en-route filtering probability varies with the number of compromised nodes cn when MNHop = 5 and MNHop = 10 under the CAUNI attack. It can be seen that when MNHop = 5 and MNHop = 10, the en-route filtering probabilities of EMAS and EGEFS are not affected by cn, both are 100%, which are higher than those of SEF, GFFS_20, and GFFS_40; the en-route filtering probabilities of SEF, GFFS_20, and GFFS_40 gradually decrease with the increase in cn and that of GFFS_40 is higher than those of SEF and GFFS_20, while SEF has the lowest en-route filtering probability.

(a)
(a)
(b)
(b)
Figure 5 
En-route filtering probability under the CAUNI attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 6(a) and 6(b), respectively, show the experimental results of how the number of traveled hops varies with cn when MNHop = 5 and MNHop = 10 under the CAUNI attack. It can be seen that when MNHop = 5 and MNHop = 10, the numbers of traveled hops of EMAS and EGEFS are not affected by cn, both are 1, whereas those of SEF, GFFS_20, and GFFS_40 gradually increase with the increase in cn and are all larger than 1. The numbers of traveled hops of EMAS and EGEFS are the smallest, whereas that of SEF are the largest, which means that EMAS and EGEFS have the highest en-route filtering efficiency, whereas SEF has the lowest en-route filtering efficiency.

(a)
(a)
(b)
(b)
Figure 6 
Number of traveled hops under the CAUNI attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 7(a) and 7(b), respectively, show the experimental results of how the filtering energy expenditure varies with cn when MNHop = 5 and MNHop = 10 under the CAUNI attack. It can be seen that when MNHop = 5 and MNHop = 10, the filtering energy expenditure of EMAS basically stays the same with the increase in cn, whereas those of EGEFS, GFFS_40, GFFS_20, and SEF gradually increase with the increase in cn. The filtering energy expenditure of EMAS is lower than that of EGEFS under some circumstance (e.g., when cn < 5) but higher than that of EGEFS under some other circumstance (e.g., when cn> 5). Therefore, EMAS and EGEFS can be considered to have similar performance of filtering energy expenditure. The filtering energy expenditures of EMAS and EGEFS are lower than those of GFFS_40, GFFS_20, and SEF and that of GFFS_40 is slightly lower than that of GFFS_20 but higher than that of SEF.

(a)
(a)
(b)
(b)
Figure 7 
Filtering energy expenditure under the CAUNI attack. (a) MNHop = 5. (b) MNHop = 10.

By combining the above experimental results, it can be seen that under the CAUNI attack, EMAS and EGEFS have similar en-route filtering capabilities, and the en-route filtering capabilities of these algorithms are arranged in descending order as EMAS and EGEFS, SEF, GFFS_40, and GFFS_20.

6.3.3. Algorithm Performance under the CAAFN Attack

Figures 8(a) and 8(b), respectively, show the experimental results of how the en-route filtering probability varies with the number of compromised nodes cn when MNHop = 5 and MNHop = 10 under the CAAFN attack. It can be seen that when MNHop is 5 or 10, the en-route filtering probability of EMAS is 100%, which is not affected by cn, whereas those of EGEFS, SEF, GFFS_20, and GFFS_40 gradually decrease with the increase in cn. The en-route filtering probabilities of these algorithms are arranged in descending order as EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

(a)
(a)
(b)
(b)
Figure 8 
En-route filtering probability under the CAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 9(a) and 9(b), respectively, show the experimental results of how the number of traveled hops varies with cn when MNHop = 5 and MNHop = 10 under the CAAFN attack. It can be seen that when MNHop is 5 or 10, the number of traveled hops of EMAS is 1, which is not affected by cn, whereas those of EGEFS, SEF, GFFS_20, and GFFS_40 gradually increase with the increase in cn and are all larger than 1. The numbers of traveled hops of these algorithms are arranged in ascending order as EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

(a)
(a)
(b)
(b)
Figure 9 
Number of traveled hops under the CAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 10(a) and 10(b), respectively, show the experimental results of how the filtering energy expenditure varies with cn when MNHop = 5 and MNHop = 10 under the CAAFN attack. It can be seen that when MNHop is 5 or 10, the filtering energy expenditure of EMAS gradually declines with the increase in cn, whereas those of EGEFS, GFFS_40, GFFS_20, and SEF gradually increase with the increase in cn. The filtering energy expenditure of GFFS_40 is slightly lower than that of GFFS_20, both of which are higher than those of EMAS, EGEFS, and SEF. The filtering energy expenditure of EMAS is the lowest in most cases (except when cn = 1) and that of EGEFS is lower than that of SEF in most cases. Therefore, the filtering energy expenditures of these algorithms are arranged in ascending order as EMAS, EGEFS, SEF, GFFS_40, and GFFS_20.

(a)
(a)
(b)
(b)
Figure 10 
Filtering energy expenditure under the CAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

By combining the above experimental results, it is clear that under the CAAFN attack, EMAS has the highest en-route filtering capability, followed by EGEFS; GFFS_40 has close en-route filtering capability to GFFS_20 (GFFS_40 is slightly better); although SEF has slightly poorer performance than GFFS_40 and GFFS_20 in the en-route filtering probability and the number of traveled hops, SEF has significantly better performance than GFFS_40 and GFFS_20 on the aspect of filtering energy expenditure. In general, SEF has higher en-route filtering capability than GFFS_40 and GFFS_20. Therefore, the en-route filtering capabilities of these algorithms are arranged in descending order as EMAS, EGEFS, SEF, GFFS_40, and GFFS_20.

6.3.4. Algorithm Performance under the ACAAFN Attack

Figures 11(a) and 11(b), respectively, show the experimental results of how the en-route filtering probability varies with the number of compromised nodes cn when MNHop = 5 and MNHop = 10 under the ACAAFN attack. When MNHop is 5 or 10, the en-route filtering probability of EMAS is 100%, which is not affected by cn, whereas those of EGEFS, SEF, GFFS_20, and GFFS_40 gradually decrease with the increase in cn. The en-route filtering probabilities of these algorithms are arranged in descending order as EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

(a)
(a)
(b)
(b)
Figure 11 
En-route filtering probability under the ACAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 12(a) and 12(b), respectively, show the experimental results of how the number of traveled hops varies with cn when MNHop = 5 and MNHop = 10 under the ACAAFN attack. When MNHop is 5 or 10, the number of traveled hops of EMAS is 1, which is not affected by cn, whereas those of EGEFS, SEF, GFFS_20, and GFFS_40 gradually increase with the increase in cn. The numbers of traveled hops of these algorithms are arranged in ascending order as EMAS, EGEFS, GFFS_40, GFFS_20, and SEF.

(a)
(a)
(b)
(b)
Figure 12 
Number of traveled hops under the ACAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

Figures 13(a) and 13(b), respectively, show the experimental results of how the filtering energy expenditure varies with cn when MNHop = 5 and MNHop = 10 under the ACAAFN attack. When MNHop is 5 or 10, the filtering energy expenditure of EMAS gradually declines with the increase in cn, whereas those of the other algorithms gradually increase with the increase in cn. By comprehensive consideration, the filtering energy expenditures of these algorithms can be arranged in ascending order as EMAS, EGEFS, SEF, GFFS_40, and GFFS_20.

(a)
(a)
(b)
(b)
Figure 13 
Filtering energy expenditure under the ACAAFN attack. (a) MNHop = 5. (b) MNHop = 10.

In conclusion, under the ACAAFN attack, EMAS has the highest en-route filtering capability, followed by EGEFS; GFFS_40 has slightly higher en-route filtering capability than GFFS_20; by comprehensively considering the results of the en-route filtering probability, the number of traveled hops, and the filtering energy expenditure, it is concluded that SEF has higher en-route filtering capability than GFFS_40 and GFFS_20. Therefore, the en-route filtering capabilities of these algorithms are arranged in descending order as EMAS, EGEFS, SEF, GFFS_40, and GFFS_20.

7. Conclusions

In this paper, an en-route filtering scheme called EMAS is proposed, which can improve the en-route filtering probability and efficiency via the MAC verification, the verification of the endorsing nodes’ IDs and locations, the prev verification, and the monitoring and reporting mechanism. Before generating an event report, the CoS node verifies the endorsements provided by the detecting nodes first and discards the illegitimate ones, so as to defend against report disruption attacks. Furthermore, a report forwarding strategy is proposed to resist selective forwarding attacks, which can balance the residual energy of nodes in the network and prolong the network life. Both theoretical analysis and simulation results show that compared with SEF [5], GFFS [8], and EGEFS [9]. EMAS has better performance on the aspects of security, en-route filtering probability, en-route filtering efficiency, and filtering energy expenditure in most cases.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The author declares that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (grant numbers 61572263 and 61872197); the General Program of Natural Science Foundation of the Jiangsu Higher Education Institutions of China (grant number 19KJB520007); and the High-level Talent Research Start-Up Project of Jinling Institute of Technology (grant number Jit-b-202023).