Literature DB >> 34914706

Compressive sensing based secure data aggregation scheme for IoT based WSN applications.

Ahmed Salim^1,2, Ahmed Ismail^3,4, Walid Osamy^5,3, Ahmed M Khedr^6,2.

Abstract

Compressive Sensing (CS) based data collection schemes are found to be effective in enhancing the data collection performance and lifetime of IoT based WSNs. However, they face major challenges related to key distribution and adversary attacks in hostile and complex network deployments. As a result, such schemes cannot effectively ensure the security of data. Towards the goal of providing high security and efficiency in data collection performance of IoT based WSNs, we propose a new security scheme that amalgamates the advantages of CS and Elliptic Curve Cryptography (ECC). We present an efficient algorithms to enhance the security and efficiency of CS based data collection in IoT-based WSNs. The proposed scheme operates in five main phases, namely Key Generation, CS-Key Exchange, Data Compression with CS Encryption, Data Aggregation and Encryption with ECC algorithm, and CS Key Re-generation. It considers the benefits of ECC as public key algorithm and CS as encryption and compression method to provide security as well as energy efficiency for cluster based WSNs. Also, it solves the CS- Encryption key distribution problem by introducing a new key sharing method that enables secure exchange of pseudo-random key between the BS and the nodes in a simple way. In addition, a new method is introduced to safeguard the CS scheme from potential security attacks. The efficiency of our proposed technique in terms of security, energy consumption and network lifetime is proved through simulation analysis.

Entities: Chemical

Mesh：

Year: 2021 PMID： 34914706 PMCID： PMC8675701 DOI： 10.1371/journal.pone.0260634

Source DB: PubMed Journal: PLoS One ISSN： 1932-6203 Impact factor: 3.240

1 Introduction

The evolution of IoT technology allows for networking and connectivity to billions of items, data, people, and applications. The capability of objects to communicate and collaborate in network opens the door to new innovations in different application domains. Moreover, in recent years, things have become major traffic generators and receivers over the Internet, with the increasing count of internet connections by things over humans [1-3]. Most of IoT devices engage in wireless communication with each other or with the Base Station (BS), and as a result, Wireless Sensor Networks (WSN) have become one of the most important constituent that enables the IoT model. Integration of WSN devices and other IoT enabling technologies lead the way for future innovations in various sectors including environmental conservation, green applications, etc. [4-9]. IoT based WSN devices are mainly responsible for sensing and sending the collected data to the BS where it will be further processed. Such data will often be sensitive and convey private information as well (e.g. e-health). Therefore, security and privacy are crucial in IoT-based applications. Encrypting data sent between the BS and the WSN nodes can improve security, however, it is challenging to implement on resource-constrained WSNs [10]. There are mainly two kinds of encryption algorithms. One is Private-key based, while the other is Public-key based. Even though public-key based encryption techniques (e.g. ECC, RSA, etc.) offer higher security [11], they are not preferred for use on resource-constrained WSN/IoT devices. The encryption strategy based on the private key (e.g. AES, DES, etc.) doesn’t need high computation power and memory [12], however, such keys are required to be pre-stored in nodes which are susceptible to be compromised when kept in unattended environments [13]. Another important concern regarding IoT devices is energy. IoT devices spent the major portion of their energy on wireless radio communication. Therefore, ensuring security and enhancing the lifetime of energy-constrained WSN/IoT simultaneously is a challenging problem. CS is considered as a symmetric-key cryptosystem that includes input signal x as plain-text, result sample y as cipher-text, and the measurement matrix as key; Also the, measurement process as encryption function, and reconstruction process as decryption function. According to CS theory, signals can be sampled at a sub-Nyquist rate (that is, at a rate smaller than that of the Nyquist theory of Shannon), where the signal can be sparse in nature or sparsified with respect to a basis. Using CS, a signal can be successfully recovered using samples, without any significant loss in the information. Moreover, in contrast to traditional compression methods, CS allows simultaneous sampling and compression, contributing to energy-efficiency [5, 8]. Compared to non-CS-based methods (the symmetric-key cryptosystem), the CS as a cryptosystem cannot be used for universal encryption. The general cryptosystems are not able to be quantized. However, the output of the CS can be quantized since robustness of CS can still guarantee a feasible signal reconstruction. Moreover, CS cryptosystem has the extra benefit of compression capability, i.e., it encrypts and compresses the data in one step [8]. To achieve high security and performance efficiency in IoT based WSN data collection, we present an efficient security scheme with the following objectives: As with any private key algorithms, CS-based encryption method requires that the two communication parties (sender and receiver) must agree and know the CS matrix. The sender will use it to encrypt and compress its data and the receiver will use it as an input for any CS reconstruction algorithm to reconstruct the original data. However, like any private key algorithm, CS also suffers from key sharing challenges where the sender and the receiver have to share the key through an insecure channel, intensifying the possibility of different security attacks. Elliptic-curve cryptography (ECC) [14] is a public-key cryptographic technique built on the algebraic structure of elliptic curves over finite fields. The ECC algorithm generates both public and private keys, which makes the encrypted data more safe (please refer to section 3.3 for ECC background). Public key algorithm such as ECC can be a choice to perform encryption at the node side and to provide data protection. However, this would cause Cipher-Text Expansion (the increment of the message length after it got encrypted, given by dividing the Plain-Text size by the Cipher-Text size), which has direct impact on increasing the communication load on resource constrained WSN nodes. Therefore, it is required to compress node data before encryption to reduce communication load; CS has such powerful properties as it can compress and work as a private key encryption algorithm simultaneously where the CS compression equation (Eq 2 is considered as encryption equation with plain-text x, cipher-text y, and secret private key the CS matrix Φ).

1.1 Motivation and contribution

Inspired by what have been discussed above, we provide a solution by integrating CS and ECC. We consider the benefits of each of them and devise a security technique for CS based data collection in IoT/WSNs, which provides security as well as energy efficiency for cluster-based WSNs. This can be achieved by lowering the data dimension using compressive data sampling in addition to securing the CS measurement matrix. A new key sharing method is introduced to exchange the pseudo-random key securely between the BS and the nodes in a simple way. It helps in solving the aggregation issue without requiring the private key at the Cluster Head (CH) side. Moreover, we introduce a new method to safeguard the CS scheme from the potential security attacks. The performance efficiency of the proposed technique is evaluated through simulation analysis. The contributions of the proposed technique can be summarized as follows: Improve security by introducing a technique that generates and exchanges the key between the WSN nodes and the BS in a simple and secure manner. Every WSN node uses a simple chaotic map and generates a random number, whereas two random numbers are generated by the BS (g and e2): the first one (g) acts as the CS matrix seed which should be shared by both sides to encrypt and decrypt sensors data and the second one (e2) is used by the BS to perform the sharing process during the proposed Key Exchange algorithm. This scenario would be used by both parties only once before any transmission. Provide security enhancement by withstanding CS-based security attacks using the newly introduced algorithm: Data Compression with Encryption”, which allows the WSN nodes to use their secret value to generate secret compressed samples. Utilize the security performance of the ECC algorithm against CS attacks and integrate it with CS method during the transmission process between the CHs and the BS. By this approach, our technique achieves high security performance against the possible attacks with low energy consumption. Improve security by solving the security threats facing CS with the help of the proposed Key Regeneration algorithm with which the BS and the WSN nodes regenerate the CS matrix seed dynamically and independently in every iteration. The paper is further structured as follows: Section 2 discusses the related work. Section 3 provides the background study on: CS, Different potential attacks facing CS-based IoT networks, and ECC. Section 4 explains the proposed security solution in detail. In Section 4.8, an example scenario is given. In Section 6, we provide the performance results of our method and compare it with the baseline algorithms. In Section 7, we conclude the paper.

2 Related work

Both data privacy and security have equal significance in wireless networks and IoT technologies [15] since a wide variety of vital applications (e.g. transportation) rely on low power and low data connectivity sensors to send important as well as confidential information [1, 16–18]. In Vehicular ad hoc network (VANET) environments, the security and intelligent decision making are two important challenges [19-25]. In [19], the authors proposed a trusted authority (TA) to provide a variety of online premium services to customers through VANETs and to maintain the confidentiality and authentication of messages exchanged between the TA and the VANET nodes. In [20], an efficient anonymous authentication scheme to avoid malicious vehicles entering into the VANET is proposed. In addition, the proposed scheme offers a conditional tracking mechanism to trace the vehicles or roadside units that abuse the VANET. In [21], a novel approach to improve the existing authentication support to VANETs. In this proposed framework, first an anonymous authentication approach for preserving the privacy is proposed which not only performs the vehicle user’s anonymous authentication but preserves the message integrity of the transmitting messages as well. In [22], a novel anonymous mutual and batch authentication schemes for improving VANET security is proposed. The proposed scheme makes use of some well-known cryptographic operations to authenticate vehicles. In this scheme, the vehicle users communicate with Road Side Units (RSUs) to get location based information (LBI) to enrich their driving comfort. The security strength of the proposed scheme is analyzed against the various security attacks to aid a better performance than the previously reported schemes. In [23], an efficient batch authentication and key exchange schemes are proposed to provide a high level security by evading communication with the malicious vehicle users. In [24], due to the decentralized nature of blockchain technology, rapid reauthentication of vehicles is achieved through secure authentication code transfer between the consecutive roadside units. security strength of the proposed blockchain-based anonymous authentication scheme against various harmful security attacks is proven. In addition, blockchain is used to substantially diminish the computational cost compared to conventional authentication schemes. Normally, a data encryption scheme can provide security between the IoT parties. Based on the encryption scheme, a lot of researches has been proposed [26-32]. The authors of [26] proposed an ECC and Diffie-Hellman based method that can be applied to different levels of the network. In [27], authors proposed a confidentiality and integrity algorithm that uses homomorphic encryption with a symmetric key for protecting data privacy. Suganthi et al. [28] presented a key-management strategy that uses three categories of keys shared by every sensor node. Kadri et al. [29] proposed an algorithm that uses a symmetric key between sensors and BS. It uses multi-hop transmission targeted to achieve minimum energy consumption, better scalability, and high security. In [30], the authors presented a symmetric key cryptographic scheme for hierarchical clustered WSN which uses single-hop transmission. The main target of the scheme is to reduce the probability of eavesdropping. In [33], the BS and the sensor nodes produce identical CS matrix in each round, rendering it susceptible to the Known Plain-text Attack (KPA). In [31], the authors proposed a symmetric key algorithm to reduce the number of operations per round and time. In this approach, some steps of the round function are merged and blended by randomly generated mixing bijection. The authors of [32] proposed a symmetric key-based cryptographic technique using Cellular Automata Rules (CA Rules) to encrypt and decrypt sensor data. All the above algorithms were able to provide data privacy and security, but, due to their high computational complexity, they cannot be considered as a security solution for IoT devices with limited power and storage. In the recent years, secure data collection by solving both the energy and security challenges have been investigated by the research community. CS based data collection schemes with the ability of simultaneous compression and encryption have been utilized for reducing data collection cost and improving the lifetime performance of the network. A lot of work has been proposed (e.g., [5, 13, 33–50] by utilizing CS as a security scheme regardless of its security degree to achieve data privacy, security, energy and efficiency. A cluster-based CS routing method to minimize the consumed energy by exploiting the temporal and spatial correlation, called EECSR, is presented in [44]. Semi-variance based CS (SCS) algorithm is proposed in [49]. Based on Spatio-temporal correlations between measurements, SCS gathers samples from nodes to monitor climatic data, and the use of spatio-temporal sparsification helped to reduce the energy usage of nodes that are associated in space and time. [48] introduced a model for energy consumption analysis. Relying on this model, the sources for energy usage in CS based WSNs are grouped into two categories: communication and computation, and are modeled using their components. Cluster-Tree based data routing scheme (CTRS-DG) of [46] includes two layers. Routing, and aggregation and reconstruction. A dynamic and self-organizing entropy-based method of clustering is introduced in the aggregation and reconstruction layer. At CHs, data is aggregated and compressed using the CS scheme. In [50], an economic theory integrated clustered routing with CS, called EIREC, is proposed to enhance WSN energy efficiency without any recharging equipment. The energy overhead resulting from spatio-temporal correlation is reduced using CS and the energy consumption in inter cluter communication is reduced using a new Energy Efficiency Welfare concept. In [34], a CDG algorithm (Compressive Data Gathering) has been proposed, that uses the CS method for data gathering in large-scale networks. Each node adopts the global seed to perform encryption and compression of its data. This seed is updated in each round by the BS to change the CS matrix. The schemes in [5, 44–50] adopt CS to save resources and extend the lifespan of WSNs, but they cannot offer good performance in providing security. In [51], a CS-based security strategy for data collection (SeDC) is proposed, where the authors integrated CS and public key algorithms to achieve a high-security level. However, performing computations such as encryption and compression besides the public key size at each node leads to a decrease in the network lifetime. El Gamal based sparse compressive data gathering (ESCDG) [43] is proposed with the objective to improve the performance of CDG by utilizing the sparsity of the perception matrix. ESCDG combines El Gamal encryption algorithm and sparse random matrix-based compressed sensing technology for secure data collection and reduced resource utilization in WSN. In [35], the authors improved the security level of CDG by proposing Secure CDG (SCDG). In each round of SCDG, the BS and the WSN nodes generate a global seed using the hash function. However, the communication cost of SCDG is high because, according to the SCDG security mechanism, some information is needed to be shared between BS and sensors in each round,. In [36], the authors proposed an algorithm that uses CS for security. They used random linear projections to generate the compressed samples for use as cipher-text. In [37], the authors used CS to find a solution for authentication and tamper detection problems. The key generation can be accomplished using RSS (Received Signal Strength) based techniques as presented in [38, 39]. However, the generated keys using such techniques are applicable for conventional cryptographic encryption algorithms such as ECC and RSA. Another work presented in [13, 40, 41] used channel measurements for generating keys suitable for CS-based cryptography, which doesn’t make use of any strategy for distribution of keys. However, the above techniques cannot be used in IoT because they involve a large number of steps for the key generation, which is difficult to be performed successfully in resource-constrained WSN nodes as it can result in increased power consumption. A CS aided data acquisition system is proposed in [52]. In this system, CS data is noised randomly to improve the security of data communication. However, owing to the use of a symmetric encryption key, this method has several problems with key management and storage space. In contrast to this, our proposed framework realizes all such complex mathematical computations for the generation and exchange of keys using BS. An Implementation scheme of Domingo-Ferrer’s Homomorphic Encryption for WSNs Integrated with Cloud Infrastructure is introduced in [53]. In [51] an adaptable secure compressive sensing-based data collection scheme for distributed WSN is proposed where both encryption and decryption are used by each node, but they are computationally intensive operations. The proposed algorithm in [54] shows that the decrypted data will be sparser than that of the actual data when an attacker tries to encrypt the data with a wrong encryption matrix. While [55] provides an insight that CS cannot be considered as immaculately secure, [54] demonstrates that the measurement matrix can facilitate secure computations from attacks such as Cipher-text Only Attack (COA) and brute force attack. Even though the encryption methods using CS can offer computational secrecy to withstand attacks such as COA and brute-force attacks, these schemes do not handle the case of CP-Attack (Chosen Plain-Text Attack). The CP-Attack (CPA) scenario was first addressed in [56] where the author used Fractional Fourier Transform (FRFT) as the secret basis for sparsifying. However, the complexity of this method restricted its applicability to power and storage constrained sensor nodes. The authors of [57] proposed another solution to address the CPA, efficient in terms of computation and memory, using chaotic sequences as secret values. However, they didn’t provide enough explanation on how the secret values are exchanged securely between legitimate users. In addition to this, [58] also uses a chaotic system to overcome challenges such as low-cost sampling and confidentiality. The authors in [59] proposed a cache decision system that operates over an smart buildings, which will offer the users safer and efficient environment for browsing the Internet, sharing and managing large-scale data in the fog. In [60] data mining classification technique has been used in order to group the connected devices based on the collected data and then detect the nodes which generate erroneous data. A multi-agent-based data collection and aggregation model is proposed for monitoring fog infrastructure in [61]. Secure decentralized spatial crowdsourcing scheme for 6G-Enabled Network is proposed in [62] in which nodes can gather and transmit information on the blockchain without depending on third party. The work presented in [63] introduced a new variant of the optimistic concurrency control protocol for validating the transactions that shall be carried out partially at the fog and globally at the cloud server. All of the above methods and techniques act as private key algorithms and they suffer from key distribution challenges. Moreover, all of the previous works are vulnerable to KPA attacks because they used a single CS matrix during their encryption and decryption process. In this paper, we propose a CS security scheme for IoT based WSNs. The proposed method integrates between CS-method (as encryption and compression method) and Elliptic-curve cryptography (ECC) (as public key algorithm), such that CS supports to solve the aggregation issue without requiring to store the private key at the CH side, and solves the CS- encryption key distribution problem by enabling the BS and nodes to securely exchange the pseudo-random key in a simple way. A new key sharing algorithm is introduced to address the key distribution challenge. Moreover, the proposed strategy improves security with its ability to withstand CPA and COA using the proposed Data Compression with an Encryption algorithm that allows the nodes to use a secret value to generate secret compressed samples. Finally, the proposed scheme provides resistance against the Known Plain-text Attack (KPA) using Key-Regeneration Algorithm. The notations used are provided in Table 1.

Table 1

Notations description.

Notation	Description
x	Sensors readings
g	Sparse presentation of x
Φ	Measurement matrix
ξ	Global seed
S	Sparse level (number of non zeros values)
Ψ	Transform matrix
r	Number of round
n_j.α	Coefficient vector for node n_j
Θ	M × N matrix such that Θ = ΦΨ
n_j.y	Compressed vector for node n_j
y	Measurement vector (compressed samples)
ECC	Elliptic-Curve Cryptography
Epr	ECC Private key
E _pu	ECC Public key

3 Background study

In this section, we first provide the background information on Compressive Sensing. Then, we discuss different possible attacks on the CS-based encryption method in IoT networks. Finally, we discuss the ECC algorithm, which is a public-key cryptographic technique built on the algebraic structure of elliptic curves over finite fields.

3.1 Compressive Sensing (CS)

The CS method allows sampling and compression to be executed in one step. This differentiates it from conventional techniques of compression where sampling and compression are performed in separate steps [64]. Also, the CS reconstruction technique often requires no prior expertise to retrieve the actual data from the compressed samples successfully [64]. Consider x[n] ∈ R be the reading vector obtained from N sensors, where n = 1, 2, …, N. A signal in R can be conveyed by utilizing a basis of N × 1 vectors . Let the basis be orthonormal for simplicity. Therefore, any signal x can be represented as given in Eq 1, where Ψ denotes N × N orthonormal matrix used for transformation, Ψ denotes a column of the matrix, g is an N × 1 matrix to store the sparse presentation of x [64]. Here, the CS focuses on signals that are sparse by nature or that can be sparsified with respect to some basis. That means, the signal x has just S basis vectors, S ≪ N, where, only S components of g are non-zeros and the remaining (N − S) components are zeros. Applying Eq 1, the compressed samples vector y ∈ R can be obtained using Eq 2: with M ≪ N, and Θ the M × N matrix.

3.1.1 CS signal reconstruction process

Consider the CS scenario which requires to reconstruct a larger and sparse signal using a few available measurements coefficients. One of the easiest solutions to reconstruct the signal from its available measurements using Eq 2 is to find a solution of the ∥L∥0 minimization issue which determines the non-zero entries count, and the problem of signal reconstruction becomes: Even though this works well theoretically, it is computationally NP-hard [8]. It is computationally hard to determine a solution to the issue (defined by Eq 3) for any vector or matrix. However, the CS framework provides efficient alternate solutions to Eq 2 by using Basic Pursuit (BP) [65] or Greedy Pursuit (GP). Examples of Greedy Pursuit includes Orthogonal Matching Pursuit (OMP) [66], ROMP [67, 68], and Stagewise Orthogonal Matching Pursuit (StOMP) [69].

3.2 Different potential attacks on CS-based IoT networks

The following three potential attacks on the CS-based encrytion method in IoT networks are briefly discussed in this section: Cipher-text-Only attack(COA) [70], Chosen-Plain-text Attack (CPA) [56] and Known Plain-text Attack (KPA) [52].

3.2.1 Ciphertext-only attack (COA)

In COA, the attacker is assumed to have access to only a limited set of cipher-texts. The attack is said to be successful if the matching plain-texts can be deduced/extracted. A success is described as the ability to extract any amount of information from the underlying cipher-text.

3.2.2 Chosen-plaintext attack (CPA)

In the CPA attack, the attacker uses his knowledge of the cipher data y and the original data x (by measurement) and tries to track the wireless link to obtain the private key Φ. Also, the node’s data x can be altered by the CPA attack in various ways, such as choosing one node as a CPA target node, and then the noise value for the target node is boosted by attaching a source of radiation close to the node. Therefore, in many situations, a CPA attack is possible. The goal of the attacker is to identify the secret key Φ from x to y. For this, he may repeat the attack several times, to obtain N distinct values of (x, y). Then by solving the least-squares method he can recover the private key Φ.

3.2.3 Known plain-text attack (KPA)

In the Known Plain-text Attack (KPA), it is assumed that both the cipher-text and the underlying plain-text are known by the attacker and that he tries to acquire the CS matrix (i.e., the private key). Thus, KPA focuses to derive the Φ (i.e. the key), the measurement matrix using the known measurement y (the cipher-text) and the sensing matrix x (the plain-text). In many situations, KPA are feasible at an acceptable cost, making CS encryption-based systems vulnerable to this attack. In this type of attack, multiple attempts made by the attacker let him to obtain at least k pairs of plain-text and the associated (p, q) cipher-text. For example, assume that the attacker succeeds to obtain Plain-text p = (p1, p2, p3, …‥, p) and associated Cipher-text q = (q1, q2, …‥, q) after repeating his attempt j rounds. Then, he can obtain the new linear equation given by q = Φp and can very well retrieve the Φ matrix (i.e., the secret key) by solving the least-squares problem.

3.3 Elliptic-curve cryptography (ECC)

ECC [15] is a public-key cryptographic technique built on the algebraic structure of elliptic curves over finite fields. The ECC algorithm generates both public and private keys, which makes the encrypted data more safe. In the public-key cryptography domain, ECC exhibit better performance than other public-key protocols such as RSA in terms of power usage, key sizes, memory and throughput. As a result, ECC provides a robust solution for resource-critical applications in terms of data transfer confidentiality, data reliability and authenticity, and non-repudiation, especially in the wireless communication system. The general equation of the elliptic curve can be expressed as follows (Eq 5): where A and B are constant. Taking a point on the curve (Fig 1) and multiplying it by a number yields another point on the curve. Even though you know the original point and the output, deciding what number was used is challenging. Elliptic curve based equations have a very useful property for cryptography: they are quite simple to execute but incredibly difficult to reverse. For example, in an elliptic curve, consider two points on the curve, P and Q. It is easy to combine P to obtain Q as nP = Q. However, it is very difficult to obtain P from Q. That is, given a point Q, finding the number of times P is combined with itself to obtain Q is hard. Finding n, when Q is given, is also impossible in a reasonable amount of time. The ECC algorithm consists of three steps: key generation, encryption, and decryption. The three steps can be expressed as follows:

Fig 1

ECC Curve [15].

3.3.1 ECC key generation

Key generation is the crucial aspect where ECC generates both private and public keys. The public key will be shared with the nodes for use in encrypting its data and the private key will be used only by the BS to decrypt the data. The key generation process can be summarized as follows: Select the random prime number as private key E Generate the public key E = E * p, where p is a point on the curve E.

3.3.2 ECC encryption process

Let D be the message sent by sensor nodes. This message needs to be represented on the curve. Consider the scenario where D has the point p1 on the curve E. Then, select q randomly from [1–(n − 1)]. C1 and C2 denotes the two cipher-texts generated using Eq 6

3.3.3 ECC decryption process

After receiving the encrypted data, the BS will use the Eq 7 to get back the message D,

4 Proposed security scheme for IoT-based WSNs

Here, we discuss the proposed CS security technique for IoT-based WSNs that integrates between CS-method (as encryption and compression method) and Elliptic-curve cryptography (ECC) (as public key algorithm). The use of CS helps to solve the aggregation issue without requiring the private key at the CH side. The proposed method solves the CS- encryption key distribution problem by enabling the BS and nodes to securely exchange the pseudo-random key in a simple way. Along with this, we introduce a new method to safeguard the CS scheme from all potential attacks. We first discuss the proposed system model and the problem statement. Then, we explain the design of the proposed technique and its different phases of operation in detail.

4.1 System model

Depending on the application, the WSN gather environmental data from the surrounding region. The selection of suitable routing protocol for data propagation is important because of its significance in optimizing the energy consumption in WSNs. The hierarchical cluster-based routing protocol is considered the most efficient protocol in terms of scalability and energy efficiency in WSNs [4]. There are several clustering protocols that have been specifically designed for WSNs(e.g., [4-6]). In this paper, we assume that WSN is split into several clusters. For each cluster, one unique node serves as the CH, while the other nodes behave as cluster members (CMs). CHs may be chosen by the cluster nodes or allocated by the network designer. CH gathers and compresses the data sent by the CMs, and the processed data is then transmitted to BS. In this way, the total data amount transmitted to the BS can be significantly reduced.

4.2 Problem statement

As discussed earlier, CS strategy has the ability to reduce the data size without involving complex mathematical computations and this makes CS a convenient solution for IoT data processing. Also, its potential to perform simultaneous compression and encryption makes it more attractive. However, depending only on CS-based encryption as a security method is not a good solution. Like any private key algorithm, CS method also suffers from a number of issues, including key distribution and sharing challenges. Although public key algorithms can alleviate these difficulties, their usage in WSNs has the following limitations, making them an inappropriate option. Each node generates two keys: (i) public and (ii) private. A node sends its public key to allow others to communicate with it, while it utilizes the private key for decryption purpose. This process is very complex and consumes huge energy. Hence it is not a wise solution to apply on low-powered WSN devices. BS generates the both public and private keys and then transmits the public one to the entire network so that each node can encrypt its data. But in order to aggregate the data at the CH side, the CH should first decrypt, then aggregate and encrypt again for transmission to the BS. This cause the CHs to consume more energy and also require that the CH should know the private key. This makes the employment of public-key algorithm insecure. To address these challenges, we introduce a CS Security Scheme for IoT-based WSNs with the following characteristics as given below: Integration of CS-method (encryption and compression) and Elliptic-curve cryptography (public key algorithm) such that CS can support to solve the aggregation issue without requiring the private key at the CH side. Solves the CS- Encryption key distribution problem by introducing a new key sharing method that enables BS and nodes to securely exchange the pseudo-random key in a simple way. Introduces a new method to safeguard the CS scheme from the potential security attacks. We consider the scenario between one node, the BS, and the attacker (refer Fig 2), for simplicity.

Fig 2

The proposed scenario: Two legitimate sides (sensor node and BS) and one malicious side (hacker).

4.3 Proposed algorithm design

The proposed scheme has mainly five stages of operation, as follows: (1) Key Generation, (2) CS-Key Exchange, (3) Data Compression with CS Encryption, (4) Data Aggregation and Encryption with ECC algorithm (5) CS Key Re-generation. The first two phases (Key generation and CS-Key exchange) are executed only once in the initial round, while the other three phases (Data Compression with CS Encryption, Data Aggregation and Encryption with ECC algorithm, and CS Key re-generation) are repeated in every round. The flow chart of our CS-Security Scheme for IoT based WSN is given in Fig 3.

Fig 3

Flow chart of the proposed scheme.

4.4 Key generation stage

This phase involves the generation of keys at the BS and the sensor nodes. The following are the tasks performed by the WSN nodes and the BS during the key generation process: At the Base Station: BS generates two types of keys: (i) CS- Matrix and (ii) ECC private and public keys. Firstly, for CS- Key, as mentioned in Section 3, Bernoulli or Gaussian distribution matrix are the most favourable choices. Any technique for pseudo-random number generation uses a vector or a number to start the process (known as seed), which can either be selected randomly or initialized. Therefore, if a node and BS uses identical values for seed, identical random matrix Φ will be generated for data encryption/ decryption. The main disadvantage of this is that: if the adversary guesses this seed successfully, he/she will be able to produce the same matrix. One goal of the proposed technique is to generate this seed reliably and make it difficult to be guessed by the attacker. We use 1D chaotic maps [57] to generate the seed g because we assume there are no resource restrictions at BS. Chaos describes certain non-linear dynamic systems that appear to be random and unpredictable, and we can define the 1-D Logistic mapping equations as follows [57]: Here, bd ≠ 0 ∈ R+ is referred to as the biotic potential and every value in Eq 8 is based on the previous value. Eq 8 attains a chaotic-state and produces a chaotic-sequence within the range (0, 1] [57]. Secondly, the BS generates ECC public E and private E keys as shown in 3.3.1. It keeps the E and sends the E to each CH. At the WSN node: CP-attack (CPA) will challenge the CS system by causing the adversary to get the cipher-text y for any plain-text x. In order to protect the CS scheme from such an attack, the proposed technique multiplies y with a secret value S and generates the secret compressed sample y′. To produce S, the node generates a random value e1 and multiplies it with the received seed from BS (g), i.e, . For generating e1, the node applies simple logistic chaotic map equation [57] given by the quadratic recurrence equation (refer Eq 8). The steps performed at a node and the BS can be summarized as follows: At BS: BS uses Eq 8 to produce e2 and g. Then generates E and E. At Sensor Node: Sensor node applies Eq 8 to produce e1 (given by e1 = c), and computes its inverse (given by ).

4.5 CS-Key exchange stage

The CS-based strategy for encryption depends on an assumption that only the BS and the node possess identical values for the seed to produce the same sensing matrix Φ. However, this assumption faces a serious problem if the adversary is listening to their communication channel. The nodes and the BS must adopt a strategy to exchange the seed securely. The scenario is illustrated in Fig 2. To prevent this issue, we propose a CS-Key Exchange Algorithm which is presented in Algorithm 1. The new algorithm permits a safe and simple exchange of the seed between the BS and a node as follows: BS computes and sends to the node. If adversary obtains k1 and uses it as the seed, the g will be hard to guess since BS uses a 1D chaotic map to create this number. Then the node computes and sends to BS. The adversary will encounter the same difficulty explained above if he/she uses k2. The BS calculates and sends the value of k3 to the node. The node can generate the seed by computing . Finally, BS and the node possess identical values for seed g; they initiate the succeeding phase. The steps involved in this phase is shown in Fig 4.

Fig 4

Procedures for CS-Key exchange phase.

Algorithm 1: CS Key Exchange Algorithm 1: BS calculates 2: BS sends k1 to the node. 3: Node computes . 4: Node transfers k2 to the BS. 5: BS computes . 6: BS sends k3 to the node. 7: Node computes . 8: Finally, both the node and the BS possess identical values for , and sensing matrix Φ is generated using g as seed.

4.5.1 CS Key exchange algorithm procedure

Here, we discuss the mathematical steps involved in Algorithm 1. The following steps help nodes and the BS for secure and easy exchange of the seed. First, as mentioned in the key generation phase, the node produces e1 and the BS produces e2 and g and safely sends g to the node. The BS computes and sends to the node. Node uses k1 to compute and sends to the BS. The BS calculates , then sends k3 to the node Finally using k3, the node calculates . At the end, the node and BS possess identical values for seed . The BS and the node initiate the next stage.

4.6 Data compression with CS-encryption stage

This stage aims to use the CS method in order to compress and encrypt the cluster member’s data. In addition, it targets to address the challenges in CS-based encryption and protects it from the potential security attacks. As we discussed above, the node and the BS possess identical values for seed. They use Algorithm 2 for encrypting the compressed data as follows: Each node i applies seed to produce the sensing matrix Φ for encrypting the compressed data to y using Eq 2. Each node i transfers this resultant y into secret compressed sample . A secret value S is multiplied with y to produce (refer Eq 9). This step makes the hacker’s task more complicated because CPA needs to obtain the same y each time in order to estimate the CS matrix. By using this secret value and one time sensing matrix, the attacker would not be able to get the same y each time. Here, . The node then transfers y′ to its CH. Now, if a CS-attacker generates any plain-text and send it to the sensor node, the sensor node may encrypt it and sends it back as y′ to the attacker. However he/she will generate the wrong cipher-text for the generated plain-text. Hence, the attacker can never generate the correct matrix Φ. Therefore, the proposed scheme is effective in safeguarding the CS scheme from the possible attacks.

4.7 Data aggregation and encryption with ECC algorithm

In this stage, the proposed algorithm aims to ensure the security by using the public key as the second encryption mechanism which makes the attacker’s mission impossible. The steps performed in this stage can be expressed as follows: Each CH aggregates the cipher data of its respective CMs. Then, each CH uses the public key E to encrypt y′ using Eq 6. The BS uses E to regenerate y′ using Eq 7. The BS calculates the secret value S given by and recomputes y from y′ (refer Eq 10). Finally, the BS applies the same seed g to produce Φ for encrypting and reconstructing the actual data using y. This can be achieved with the help of any algorithm for reconstruction, such as OMP algorithm [66]. It is impractical to produce the same Φ without knowing the seed g, and thus no one can reproduce y except BS. Algorithm 2: Data Compression with CS-Encryption 1: Each node i calculates the S given by . 2: Each node i applies the seed to produce Φ and then produce y. 3: The node computes given by 4: Each node i sends to its CH. 5: Each CH aggregates the cipher data of its respective CMs. 6: Each CH sends y′ to the BS. 7: BS calculates the secret value . 8: BS generates Φ by making use of g. 9: BS recomputes y such that y′ = y/S. 10: Lastly, the BS recovers the actual data with the help of any reconstruction algorithm.

4.8 CS Key re-generation stage

In this phase, the proposed scheme uses a simple and an efficient way to change the CS encryption key (CS matrix) in each iteration without requiring to share any additional information between BS and the nodes. Thus, it will be very difficult to launch an attack such as a Known Plain-text Attack (KPA) to predict the CS matrix. The key idea of this phase is based on the concept of using the random seed to generate the CS matrix. According to Eq 8, c is considered as initialization values to generate c. Without knowing the value of c, it will be very difficult to generate the same values of c especially when they are generated using chaotic maps equation, due to the sensitive properties, i.e., a small difference in c gives very far values to c. After the first iteration, both the node and the BS will possess the same seed g and this seed will be used as initiation value (g = c in Eq 8) by both sides to generate a new seed , and then generate a new CS matrix. In the next iteration, both sides will use as the new initiation value for Eq 8 and generate a new seed , and so on. After r rounds, each node and BS will have an identical value for seed to encrypt and decrypt respectively, without sharing any information or more complex computation. Algorithm 3 demonstrates the steps performed in this phase. Algorithm: CS Key Re-generation Algorithm 1: FOR each Iteration r = 1 to N (given that N is the number of iterations) 2: Each node and BS use as initialization value in Eq 8 to generate the new seed. 3: Each node and the BS use the new seed to generate new key Φ. 4: Repeat CS Encryption Phase (see Fig 3). 5: END

5 Example scenario

In this section, we elucidate our proposed technique by providing an example scenario. Here, we follow the same assumptions as given in Fig 2. A node that want to transfer its 12 × 1 sized data x = [100010001001] to BS and an adversary is listening to the communication channel. The execution of the developed algorithm will be as follows: Key Generation Stage: Using Eq 8, the generated value of e1 by the sensor node will be: e1 = 0.5636363626222726. BS generates two random numbers: e2 = 0.635801265819775 and g = 0.589524844461205 (using Eq 8). BS generates E and E and sends E to each CH. CS Key Exchange Stage: Algorithm 1 is executed by node and BS as follows: The BS calculates and then forwards it to the node. The node calculates and then transmits it to the BS. The BS compute and transmits k3 to the node. Lastly, the node calculates the seed by At the end of this stage, both sides have same values as g = . Data Compression and CS- Encryption Stage: Using , the measurement matrix Φ, where M = 3 and N = 12 by the sensor node will be: Φ3×12 = Then, the node calculates the secret value as follows: . Using Eq 2, the measurement y of the sensor node will be: y = Φ * x = [0.94246644037; −0.13876101067; 0.62116146902] The secret compressed sample y′ = y * S = [1.598688247365326; −0.235377714737061; 1.053664616268563]. The node transfers y′ to the CH. Data Aggregation and Encryption with ECC algorithm: The CH uses the public key E to encrypt y′ and the encrypted data is transmitted to the BS. Then the BS uses the private key E to regenerate y′. After that, the secret value at BS will be: to generate the actual compressed sample y using Eq 10 where, y = y′/S = [0.94246644037; −0.13876101067; 0.62116146902]. Lastly, the BS applies g to generate Φ with the help of any reconstruction algorithm, the BS recomputes x successfully. CS Key Re-generation Stage: Both node and BS applies the value of g = 0.589524844461205 as the seed in Eq 8 to generate the new seed . Then will be used by both sides for data encryption and decryption process. Repeat this stage in each iteration.

6 Simulation results

In this section, we present the performance results of our proposed algorithm, and compare the results with recent existing algorithms. This section is further organized as follows. In section 6.1, we analyze the security feature of the proposed scheme against various statistical inference attacks discussed in section 3.2 and provide the complexity analysis for the proposed scheme in comparison with the other security schemes. Finally, in section 6.2, performance comparison of the proposed technique with other existing algorithms (CDG [34], LSS [33], EIREC [50], SDC [42] and EECSR [44]) in terms of energy efficiency, alive nodes count and network lifetime is given.

6.1 Security analysis

This section is divided into two parts: first, the security feature of the proposed scheme against the statistical inference attacks, discussed in section 3.2, is evaluated. Second, the complexity of the proposed security scheme is evaluated and compared with the baseline security schemes.

6.1.1 Attacks analysis

As seen before, the proposed security scheme consists of two communication stages: Intra (from CMs to CH) and Inter (from CHs to BS) communication. During the Intra- communication stage, each node uses CS method to encrypt and compress the sensed data for transmission towards CH. During this time, statistical inference attacks can happen and the transmitted data can be obtained using the statistical inference attacks like Brute force, COA, CPA and KPA. To approximate the CS matrix (secret encryption key), the attacker may collect a large number of samples based on the style of the chosen statistical inference attack. In this section, we aim to evaluate the impact of the proposed security scheme against the most well known CS attacks such as brute force attack, CPA, COA and KPA attacks. Brute Force Attack: To withstand different types of brute-force model attacks, the key space must be significantly sized. Key space size can be defined as the total count of distinct keys used for encryption. In our work, to produce e1, e2 and g, the BS and the sensor nodes adopted the 1D chaotic map where precision equivalent to 10−14 is employed. Therefore, the size of key space reaches ≅ 2156, which is larger than 2128, i.e., the key space is relatively larger sized to withstand brute-force type of attacks. Even a very small change in the key used for encryption/decryption itself can produce a different cipher-text/data values. In this test, we aim to show the usefulness of using Chaotic maps in producing the seed and the keys. One of the most important properties of the Chaotic map is that it is very sensitive, i.e., a tiny change in initial value gives different values of random numbers. The proposed scheme uses this advantage of Chaotic map to generate the seed. Even if the attacker generates a number such that the difference between that number and the original seed is so tiny, the attacker will get a different matrix. Hence, he/she won’t be able to recover the correct data. To show this, we used the CS method to encrypt and decrypt 512 × 512 first author image using the original seed, and then the same seed is used to reconstruct the image. Fig 5 shows that we can successfully reconstruct the original image with different quality depending on the compression ratio (CR), where the lowest reconstruction quality is when CR = 5% and the best reconstruction quality is when CR = 25%. In contrast, if we make a very small change in the original seed (g = g − 0.00000000000001) as shown in Fig 6, we cannot reconstruct the original image.

Fig 5

Decryption process using correct seed.

Fig 6

Decryption process using tiny change in seed value.

CPA and KPA attacks: These types of attacks require to collect a large number of samples to estimate the CS matrix (encryption key). The proposed security scheme depends on One Time Sense (OTS) method to protect the data from these types of attacks [52, 56, 70–72]. That is, the CS matrix is changed in each round to make these types of attacks infeasible. That is because, based on OTS method, the sensors will have different cipher-text data in each round. Hence the attackers are not able to get the actual CS matrix as well as the information of the plaintext, resulting the CPA and KPA attacks to fail. However, OTS needs the sensor nodes and the BS to exchange the CS matrix (its size is much bigger than the CS samples) in each round, which leads to increase the communication cost and reduce the network lifetime. As a solution to this issue, the proposed scheme uses a simple and efficient way to generate the CS encryption key (CS matrix) in each iteration without sharing any additional information between BS and the nodes as shown in section 4.8, where the sensors nodes and the BS use the CS global seed of the current round as the new initiation value for Eq 8 and generate a new seed separately without sharing any information. Therefore, it will be very difficult to launch an attack such as CPA and KPA to predict the CS matrix and the data is protected. Thus, the proposed system achieves the security goal and at the same time reduces the communication costs and prolongs the IoT network lifetime. Ciphertext-only attack (COA): In the COA attack model, the attacker is assumed to have access only to a set of ciphertexts. An adversary tries to figure out a plaintext by observing the corresponding ciphertext only. The security mechanism of the proposed security scheme encrypts the compressed samples at every node using a key (secret) value technique to ensure security. And if the COA attacker obtains the samples, he can only receive the encrypted version and not the original, making it impossible for him to achieve his goal. In addition, this secret value is a changeable value because the secret value depends on the global seed value that dynamically change in each round. Thus, increasing the security performance of the proposed scheme against COA. Finally, during the inter- communication stage (from the CH to the BS) the proposed technique utilizes the public key algorithm which isn’t affected by the statistical inference attacks discussed above. Furthermore, the private key is only used at the BS to decrypt data; there is no need to exchange it inside the network.

6.1.2 Complexity analysis

Table 2 gives a comparison of the proposed technique with other CS-based schemes in terms of different factors: Security technique, Attack model, CS OTS, and Encryption overload (which we calculate as the unencrypted text size divided by the encrypted text size). From Table 2, we can notice that the encryption overhead of our approach is equal to M/(N − K) + k/K, where N, M, k and k represents the nodes count, sample size, clusters count and ECC key size respectively.

Table 2

Proposed scheme and other related approaches: A comparison.

Approach	Security technique	CS OTS	Attack Model	Encryption overhead
[49]	CS encryption	Not considered	Not proposed	M/N
[48]	CS encryption	Not considered	Not proposed	M/N
[50]	CS encryption	Not considered	Not proposed	M/N
[42]	CS based encryption and Public Key	Not considered	Not Proposed	M + k_H/N
[47]	CS encryption	Not considered	Not proposed	M/N
[46]	CS encryption	Not considered	Not proposed	M/(N − k)
[33]	CS encryption	Not considered	CPA	M/N
[52]	Public Key	Not considered	CPA, KPA	Mk_H/N
[51]	Public Key	Not Considered	CPA	\|R\|/N + 2M(log₂ q + 1)/n
Proposed	CS based encryption and Public Key	Achieved	All	M/(N − K) + k_s/K

In the CS schemes [33, 47–50], the Encryption overload is expressed as M/N. It is equal to M/(N − k) for [47], and for Public key based schemes of [52] and [51], it is given by Mk/N, where k denotes the key size of additive homomorphism algorithm adopted in them and |R|/N+ 2M(log2 q+ 1)/n, where q, R represents the prime power used for encryption and Cipher-Text expansion, respectively. Finally, [42] used CS and Homomorphic public algorithm with M + k/N Encryption overhead where, k is Homomorphic key size. Based on the previous calculations, we may infer that the CS scheme has the lowest communication cost, but does not provide adequate performance with respect to security concerns. However, in the proposed scheme, the public key is only used by the CHs, rather than by all nodes as in other schemes [51, 52]. Because of this, the Encryption overhead of our technique is less than the others, which reduces the communication cost. As a result, the proposed technique outperforms the other CS schemes in terms of security. This demonstrates that the suggested technique has both good security and load balancing resulting from the use of a public-key based encryption method and the data size reduction through the use of CS.

6.2 Performance comparison

In this section, we provide the performance comparison between the proposed technique and CDG [34], LSS [33], EIREC [50], SDC [42] and EECSR [44] algorithms in terms of metrics: (i) energy efficiency, (ii) alive nodes count and (iii) network lifetime. We first discuss the simulation environment, followed by the performance evaluation in terms of the aforementioned metrics.

6.2.1 Simulation settings

The simulation settings used are same as that of EECSR [44] scheme, where N = 100 sensor nodes are deployed in the network region of size 100m × 100m. The BS position is the center of the network. For our technique, we used the PMLEACH algorithm [73] to organize the nodes into clusters, where N nodes are grouped into different clusters. The CMs of every cluster transfer their data to respective CHs. The CHs perform aggregation and transmit the resultant data to BS.

6.2.2 Network lifetime performance

Compared to other schemes, Fig 7 gives the effectiveness of the proposed technique in enhancing the lifetime of WSN with respect to first, half, and last node dead. That is because the proposed technique is based on the PMLEACH algorithm, which has an advantage over other routing protocols in terms of extending network lifetime. In addition, the proposed technique doesn’t share huge information between the BS and nodes which has significant effect on the performance of PMLEACH.

Fig 7

FND, HND and LND results.

6.2.3 Alive nodes count

We can find a comparison of the alive nodes count per round in Fig 8. From Fig 8, it is clear that the proposed solution lowers the count of dead nodes per round compared to the other schemes. The reason is that the suggested technique doesn’t need to exchange the CS matrix in each round, but instead uses the proposed key re-generation process, which leads to the reduction of communication cost in each round and improves the lifetime of the network.

Fig 8

The count of alive nodes versus round.

6.2.4 Energy efficiency

From Figs 9 and 10, we can recognize that the proposed strategy achieves the best results than the other schemes in minimizing the average energy expended. This is due to the fact that all complex computations (such as seed generation and CH selection) are transferred to the BS side, which has no energy constraint, resulting in enhanced energy performance of the proposed scheme. Moreover, Fig 9 clearly indicates that the proposed solution still achieves the best performance than others. That’s because the proposed system does not require extra memory to pre-load the secret key, which decreases the energy utilization and prolongs the lifetime of the WSN.

Fig 9

Average energy consumed until FND.

Fig 10

Average Energy of Network vs. Rounds.

In summary, from the previous results, we can conclude that the proposed algorithm utilizes both CS-based encryption method and public key algorithm to accomplish high-security performance with less communication cost, that’s achieved by using the CS scheme to encrypt and compress the sensor data through the data compression and CS-based encryption stage and Key sharing stage. In addition, to improve the security performance of this stage, the proposed scheme uses a efficient key sharing method and secret value technique which protects CS method from the different attacks model. Furthermore, the suggested scheme encrypts the cluster data using a public-key mechanism, preventing CS attacks at the data aggregation and ECC encryption phases. As a result, the proposed scheme outperforms the other CS schemes in terms of security and lifetime performance of WSN.

7 Conclusion

We have presented a security technique using the CS-based encryption/decryption method in combination with Elliptic Curve Cryptography (ECC) algorithm. This technique operates in five phases, namely, Key generation, CS-Key exchange, Data Compression with CS Encryption, Data Aggregation and Encryption with ECC algorithm and CS Key re-generation. The BS and the nodes adopt the use of two distinct chaotic maps to produce random numbers and seed. Besides this, the BS and the nodes securely exchange the seed in a simplified manner. Finally, the Compression with encryption concept produces secret compressed samples and offer protection against CPA, COA, and KPA attacks. The simulation results clearly depict that our technique can protect the CS matrix and prolong the WSN lifetime compared to existing algorithms. 7 Jul 2021 PONE-D-21-19240 Compressive sensing based secure data aggregation scheme for IoT enabled WSNs applications PLOS ONE Dear Dr. Ismail, Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process. Please submit your revised manuscript by Aug 21 2021 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file. Please include the following items when submitting your revised manuscript: A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'. A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'. An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'. If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter. If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: http://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols. Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols. We look forward to receiving your revised manuscript. Kind regards, Pandi Vijayakumar, Ph.D Academic Editor PLOS ONE Journal Requirements: When submitting your revision, we need you to address these additional requirements. 1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at and https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf 2. PLOS requires an ORCID iD for the corresponding author in Editorial Manager on papers submitted after December 6th, 2016. Please ensure that you have an ORCID iD and that it is validated in Editorial Manager. To do this, go to ‘Update my Information’ (in the upper left-hand corner of the main menu), and click on the Fetch/Validate link next to the ORCID field. This will take you to the ORCID site and allow you to create a new iD or authenticate a pre-existing iD in Editorial Manager. Please see the following video for instructions on linking an ORCID iD to your Editorial Manager account: https://www.youtube.com/watch?v=_xcclfuvtxQ 3. Please amend the manuscript submission data (via Edit Submission) to include author Ahmed Salim, Ahmed Aziz. 4. Please amend your authorship list in your manuscript file to include author Ahmed Ismail, Ahmed Salem. 5. We note that Figures 5 and 6 includes an image of a participant in the study. As per the PLOS ONE policy (http://journals.plos.org/plosone/s/submission-guidelines#loc-human-subjects-research) on papers that include identifying, or potentially identifying, information, the individual(s) or parent(s)/guardian(s) must be informed of the terms of the PLOS open-access (CC-BY) license and provide specific permission for publication of these details under the terms of this license. Please download the Consent Form for Publication in a PLOS Journal (http://journals.plos.org/plosone/s/file?id=8ce6/plos-consent-form-english.pdf). The signed consent form should not be submitted with the manuscript, but should be securely filed in the individual's case notes. Please amend the methods section and ethics statement of the manuscript to explicitly state that the patient/participant has provided consent for publication: “The individual in this manuscript has given written informed consent (as outlined in PLOS consent form) to publish these case details”. If you are unable to obtain consent from the subject of the photograph, you will need to remove the figure and any other textual identifying information or case descriptions for this individual. [Note: HTML markup is below. Please do not edit.] Reviewers' comments: Reviewer's Responses to Questions Comments to the Author 1. Is the manuscript technically sound, and do the data support the conclusions? The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented. Reviewer #1: Partly Reviewer #2: Yes ********** 2. Has the statistical analysis been performed appropriately and rigorously? Reviewer #1: No Reviewer #2: Yes ********** 3. Have the authors made all data underlying the findings in their manuscript fully available? The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified. Reviewer #1: Yes Reviewer #2: Yes ********** 4. Is the manuscript presented in an intelligible fashion and written in standard English? PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here. Reviewer #1: Yes Reviewer #2: Yes ********** 5. Review Comments to the Author Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters) Reviewer #1: The picture quality of the fig.3 is very poor. The authors should redraw the figure properly. The novelty of the work is moderate. The authors should give the brief explanation about the IoT enabled WSNs in the introduction. Why the authors keep the title as IoT enabled WSNs? The authors should make formal security analysis. Reviewer #2: Compressive sensing based secure data aggregation scheme for IoT enabled WSNs applications is presented in this paper. This paper has not clearly shown the advantages in performance of their approach with respect to others from the literature in this field. Indeed, I found the paper a little bit difficult to read, due not only to the poor grammar used throughout, but also the unclear structure of the argument being put across. In particular, the quality of the presentation should be improved in this paper. This paper would be substantially improved by thoroughly rewriting the prose with the help of a good English-language writer. In general, this paper needs such a treatment before being considered any further. Furthermore, presentation aside, by reading the paper, it still was not entirely clear what to expect with the direction of the article. Indeed, the contribution proposed in this paper should properly be compared and contextualized with respect to state of the art. The aspects mentioned above should be carefully addressed before the paper can be considered any further. Please consider the following remarks to improve your article: Explain novelty of your work presented in this work. Paper needs to polish and provide a detailed explication of theoretical aspects such as conditions and theorems, and practical issues like algorithms, rules and possible applications. Introduction section needs to be re-written to improve its quality and readability. Improve the quality of figures and explain those properly. Following are some of relevant and recent references which need to be discussed in the revised manuscript: IoT-based Big Data secure management in the Fog over a 6G Wireless Network. Using Clustering for Forensics Analysis on Internet of Things A multi-agent-based data collection and aggregation model for fog-enabled cloud monitoring Security in Internet of Things: issues, challenges, taxonomy, and architecture A Secure Decentralized Spatial Crowdsourcing Scheme for 6G-Enabled Network in Box IoT transaction processing through cooperative concurrency control on fog–cloud computing environment Many references are with incomplete bibliographic information (like lack of publication venue, for instance). This must be corrected There are many English and grammatical issues in the paper which needs to be rectified. The formula character format is best to be different from the main text, and mathematical characters are recommended. In the related works, "et al" should be "et al.". It seems that the contribution points of the article are a little bit few. After or in the section of Motivation, it is recommended that the authors summarize the contribution points of their work, which clearly demonstrate the innovations. ********** 6. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files. If you choose “no”, your identity will remain anonymous but your review may still be made public. Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy. Reviewer #1: No Reviewer #2: No [NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.] While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/. PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org. Please note that Supporting Information files do not need this step. 8 Oct 2021 Compressive sensing based secure data aggregation scheme for IoT enabled WSNs applications Revised title: Compressive sensing based secure data aggregation scheme for IoT Based WSN applications Reviewers' comments Reviewer #1 Question Answer The picture quality of the fig.3 is very poor. Fixed, the figures are redrawn with better quality The authors should redraw the figure properly. Fixed, the figures are redrawn with better quality The novelty of the work is moderate. We have revised the paper to highlight the significance of the proposed scheme and create a separate subsection called Motivation and Contribution please see section 1.1 The authors should give the brief explanation about the IoT enabled WSNs in the introduction. The paper is revised for better understanding and the details about IoT enabled WSNs are provided in introduction: lines 5-12 Why the authors keep the title as IoT enabled WSNs? now, and we changed it into IoT based WSNs instead of Fixed, the title is revised IoT enabled WSNs The authors should make formal security analysis. Thanks for the valuable comments, we have modified the security analysis section accordingly. Please see section 5.1 Reviewer #1 Question Answer This paper has not clearly shown the advantages in performance of their approach with respect to others from the literature in this field. Fixed the Related Work section is revised to highlight the benefits of our scheme. Moreover, a formal security analysis is added see section 5.1 to give bit understanding on the security feature of the proposed work. Indeed, I found the paper a little bit difficult to read, due not only to the poor grammar used throughout, but also the unclear structure of the argument being put across. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding In particular, the quality of the presentation should be improved in this paper. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding This paper would be substantially improved by thoroughly rewriting the prose with the help of a good English-language writer. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding In general, this paper needs such a treatment before being considered any further. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding Furthermore, presentation aside, by reading the paper, it still was not entirely clear what to expect with the direction of the article. Fixed, the paper is revised for better readability. Moreover, the significance of the proposed work are highlighted in section 1.1 Indeed, the contribution proposed in this paper should properly be compared and contextualized with respect to state of the art. Fixed the Related Work section is revised to highlight the benefits of our scheme. Moreover, a formal security analysis is added see section 5.1 to give bit understanding on the security feature of the proposed work. The aspects mentioned above should be carefully addressed before the paper can be considered any further. Fixed Please consider the following remarks to improve your article: Explain novelty of your work presented in this work. We have revised the paper to highlight the significance of the proposed scheme and create a separate subsection called Motivation and Contribution please see section 1.1 Following are some of relevant and recent references which need to be discussed in the revised manuscript:: 1-IoT-based Big Data secure management in the Fog over a 6G Wireless network 2- Using Clustering for Forensics Analysis on Internet of Things 3- A multi-agent-based data collection and aggregation model for fog-enabled cloud monitoring 4- Security in Internet of Things: issues, challenges, taxonomy, and Architecture 5- A Secure Decentralized Spatial Crowdsourcing Scheme for 6G-Enabled Network in Box 6- IoT transaction processing through cooperative concurrency control on fog–cloud computing environment Thanks for the valuable comments, we have added the mentioned references please check the related work section. Paper needs to polish and provide a detailed explication of theoretical aspects such as conditions and theorems, and practical issues like algorithms, rules and possible applications. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding Introduction section needs to be re-written to improve its quality and readability. Fixed, this section is now revised to improve the readability and understanding Improve the quality of figures and explain those properly. Fixed, the figures are redrawn with better quality Following are some of relevant and recent references which need to be discussed in the revised manuscript: Many references are with incomplete bibliographic information (like lack of publication venue, for instance). This must be corrected. There are many English and grammatical issues in the paper which needs to be rectified. Fixed, we have done a major revision of the language as well as the flow of the paper for better readability and understanding The formula character format is best to be different from the main text, and mathematical characters are recommended. In the related works, "et al" should be "et al.". Fixed It seems that the contribution points of the article are a little bit few. After or in the section of Motivation, it is recommended that the authors summarize the contribution points of their work, which clearly demonstrate the innovations. We have revised the paper to highlight the significance of the proposed scheme and create a separate subsection called Motivation and Contribution please see section 1.1 Submitted filename: report.pdf Click here for additional data file. 22 Oct 2021 PONE-D-21-19240R1Compressive sensing based secure data aggregation scheme for IoT based WSNs applicationsPLOS ONE Dear Dr. Ismail, Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process. Please submit your revised manuscript by Dec 06 2021 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file. Please include the following items when submitting your revised manuscript:If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter. A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'. A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'. An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'. If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols. Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols. We look forward to receiving your revised manuscript. Kind regards, Pandi Vijayakumar, Ph.D Academic Editor PLOS ONE Journal Requirements: Please review your reference list to ensure that it is complete and correct. If you have cited papers that have been retracted, please include the rationale for doing so in the manuscript text, or remove these references and replace them with relevant current references. Any changes to the reference list should be mentioned in the rebuttal letter that accompanies your revised manuscript. If you need to cite a retracted article, indicate the article’s retracted status in the References list and also include a citation and full reference for the retraction notice. Additional Editor Comments: The authors should give more stress for novelty part. [Note: HTML markup is below. Please do not edit.] Reviewers' comments: Reviewer's Responses to Questions Comments to the Author 1. If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation. Reviewer #1: (No Response) Reviewer #2: All comments have been addressed ********** 2. Is the manuscript technically sound, and do the data support the conclusions? The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented. Reviewer #1: (No Response) Reviewer #2: Yes ********** 3. Has the statistical analysis been performed appropriately and rigorously? Reviewer #1: (No Response) Reviewer #2: Yes ********** 4. Have the authors made all data underlying the findings in their manuscript fully available? The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified. Reviewer #1: (No Response) Reviewer #2: Yes ********** 5. Is the manuscript presented in an intelligible fashion and written in standard English? PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here. Reviewer #1: (No Response) Reviewer #2: Yes ********** 6. Review Comments to the Author Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters) Reviewer #1: The novelty of the work is limited. The following papers should be discussed in the related work section properly. 1.Comprehensive survey on security services in vehicular ad-hoc networks, IET Intelligent Transport Systems. 2. Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks 3.EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks 4.Computationally efficient privacy preserving authentication and key distribution techniques for vehicular ad hoc networks 5.An Anonymous Batch Authentication and Key Exchange Protocols for 6G Enabled VANETs 6.BBAAS: Blockchain-Based Anonymous Authentication Scheme for Providing Secure Communication in VANETs 7.EMBA: An efficient anonymous mutual and batch authentication schemes for vanets. Reviewer #2: Compressive sensing based secure data aggregation scheme for IoT based WSNs applications is presented in this paper and it is revised well. ********** 7. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files. If you choose “no”, your identity will remain anonymous but your review may still be made public. Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy. Reviewer #1: No Reviewer #2: No [NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.] While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/. PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org. Please note that Supporting Information files do not need this step. 30 Oct 2021 Q1.The authors should give more stress for novelty part: Answer: We have revised the paper to highlight the significance of the proposed scheme, please see section 1.1 Q2. properly. 1.Comprehensive survey on security services in vehicular ad-hoc networks, IET Intelligent Transport Systems. 2. Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks 3.EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks 4.Computationally efficient privacy preserving authentication and key distribution techniques for vehicular ad hoc networks 5.An Anonymous Batch Authentication and Key Exchange Protocols for 6G Enabled VANETs 6.BBAAS: Blockchain-Based Anonymous Authentication Scheme for Providing Secure Communication in VANETs 7.EMBA: An efficient anonymous mutual and batch authentication schemes for vanets. Answer: Thanks a lot for the suggestion, Fixed the Related Work section is revised and the proposed papers have been added and discussed. Submitted filename: Reviewers respond.docx Click here for additional data file. 15 Nov 2021 Compressive sensing based secure data aggregation scheme for IoT based WSNs applications PONE-D-21-19240R2 Dear Dr. Ismail, We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements. Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication. An invoice for payment will follow shortly after the formal acceptance. To ensure an efficient process, please log into Editorial Manager at http://www.editorialmanager.com/pone/, click the 'Update My Information' link at the top of the page, and double check that your user information is up-to-date. If you have any billing related questions, please contact our Author Billing department directly at authorbilling@plos.org. If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org. Kind regards, Pandi Vijayakumar, Ph.D Academic Editor PLOS ONE Additional Editor Comments (optional): Both the reviewers have recommended the paper for acceptance. Hence, this paper can be accepted for publication. Reviewers' comments: Reviewer's Responses to Questions Comments to the Author 1. If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation. Reviewer #1: All comments have been addressed Reviewer #2: (No Response) ********** 2. Is the manuscript technically sound, and do the data support the conclusions? The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented. Reviewer #1: Yes Reviewer #2: (No Response) ********** 3. Has the statistical analysis been performed appropriately and rigorously? Reviewer #1: (No Response) Reviewer #2: Yes ********** 4. Have the authors made all data underlying the findings in their manuscript fully available? The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified. Reviewer #1: (No Response) Reviewer #2: Yes ********** 5. Is the manuscript presented in an intelligible fashion and written in standard English? PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here. Reviewer #1: (No Response) Reviewer #2: Yes ********** 6. Review Comments to the Author Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters) Reviewer #1: (No Response) Reviewer #2: Compressive sensing based secure data aggregation scheme for IoT based WSNs applications is presented in this paper. Paper is revised well. It can be accepted now. ********** 7. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files. If you choose “no”, your identity will remain anonymous but your review may still be made public. Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy. Reviewer #1: No Reviewer #2: No 29 Nov 2021 PONE-D-21-19240R2 Compressive sensing based secure data aggregation scheme for IoT Based WSN applications Dear Dr. Ismail: I'm pleased to inform you that your manuscript has been deemed suitable for publication in PLOS ONE. Congratulations! Your manuscript is now with our production department. If your institution or institutions have a press office, please let them know about your upcoming paper now to help maximize its impact. If they'll be preparing press materials, please inform our press team within the next 48 hours. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information please contact onepress@plos.org. If we can help with anything else, please email us at plosone@plos.org. Thank you for submitting your work to PLOS ONE and supporting open access. Kind regards, PLOS ONE Editorial Office Staff on behalf of Dr. Pandi Vijayakumar Academic Editor PLOS ONE

1 in total

1. On the routing protocol influence on the resilience of wireless sensor networks to jamming attacks.

Authors: Carolina Del-Valle-Soto; Carlos Mex-Perera; Raul Monroy; Juan Arturo Nolazco-Flores
Journal: Sensors (Basel) Date: 2015-03-27 Impact factor: 3.576

1 in total