Pribadi: A decentralized privacy-preserving authentication in wireless multimedia sensor networks for smart cities

Abstract

Wireless Multimedia Sensor Network (WMSN) is a network of interconnected sensor nodes equipped with multimedia devices capable to retrieve multimedia as well as scalar sensor data in smart city scenarios. With the progress of smart city development, WMSNs are becoming points of interest. The existing research works on the security of WMSNs show some significant centralized solutions; they are prone to denial of service attacks, central failure, and privacy breaches. Also, these solution are having limitations because of their centralized nature.Therefore, the the proposed scheme adopted the concept of decentralization to achieve more effective and ubiquitous results. As per our best knowledge, we introduce the first decentralized privacy-preserving authentication framework for WMSNs to address the energy and storage challenges. We call our solution PRIvacy-preserving Blockchain-based Authentication for multimeDIa networks (PRIBADI). PRIBADI uses a blockchain framework for authenticated communication between sensor nodes and base stations (as a trusted authority) by using certification and access authentication schemes. We elect trustworthy cluster heads based on weight metrics and these cluster heads forward the information to the Trusted Authority (TA). Subsequently, TA forward large data to the cloud for storage, and the information relevant to certificates and hashes are recorded on the distributed blockchain. Moreover, TA revokes the certificates of malicious sensor nodes and eliminates them from the blockchain. We run a set of experiments on PRIBADI and compare the results with the state-of-the-art models. We use the evaluation criteria of detection accuracy, operation, and energy consumption. We find that PRIBADI is 31.7% better than the existing models.

1 Introduction

The Internet of Thing (IoT) has shown potential to empower the association among electronic devices and smart technologies using the Internet. IoT is the most popular among industry, researchers, and academia that renovates the traditional way of living to a high-tech lifestyle. The use of smart devices, sensors, and the Internet enables to the replenishment of innovative results by solving various challenges and issues faced by business, government, public sector, cities, and industries [1]. Nowadays, our lives are being renovated by the interconnection among smart technologies such as mobile networks, wireless communication, artificial intelligence, and IoTs leading to the transformation of conventional cities towards smart cities. Smart cities are the imperative aspect for facilitating sustainable growth within a city with the rapid development of the Internet and sensory innovative technology [2]. In recent times, smart cities have gained significant support from researchers due to intensified innovative ways to handle urbanization, lifestyle of citizens, and governance with minimal impact on environments [3]. As metropolitan are growing at an astonishing rate, cities have to focus adopting on advanced technologies that can enrich the safety, health, lifestyle, and overall well-being of their citizen. Smart technologies are dealing with city issues such as pollution, traffic management, energy efficiency, digital security, manage street lights and waste management etc. Therefore, the features of IoTs become the paramount for enriched growth of smart cities. The increasing development of smart cities also increases the use of multimedia. Thus, multimedia also becomes an integral part of smart cities’ data transmission. The researchers have considered the use of multimedia in IoTs as separate network applications as a conjunction of the sensor networks and the multimedia applications.

1.1 Wireless multimedia sensor network

In recent years, small multimedia sensor nodes come with more smartness and proficiency to collect data from the environment without human intervention, and thus, Wireless Multimedia Sensor Network (WMSNs) is also important for IoTs paradigm [4]. The fundamental ability to build a variety of applications has made WMSN an enticing framework for applications requiring ubiquitous access to multimedia content. Due to the low-cost and low maintenance in deployment, research and development in IoTs and sensors are widespread. WMSN integrates the network of portable sensors with multimedia and smart city applications. For example, a number of sensor nodes equipped with micro-cameras to perform activities in the city to monitor and manage traffic create a WMSN; these standard micro-cameras sensor nodes are deployed randomly [5]. During their operation, the small sensor nodes perform endogenously in nature and allow the collected data to be received, stored, and transmitted to the sink. Sensors nodes are contributing in an effective way for monitoring, generating, collecting, processing, and handover of information to the controlling devices for appropriate evolution of smart cities agenda and models [6].

Due to the availability of low-cost hardware such as CMOS and CCD cameras, WMSNs enable the transmission of numerous types of data such as still photos, video streaming, and speech. The emergence of multimedia sensor nodes combined with new dispersed signal processing and multimedia origin mapping algorithms have empowered WMSNs to capture, transmit, and receive interactive content [7]. Such types of operations need more energy to accomplish the task assigned to the nodes. For sustainable development of the technology, energy saving is a prime aspect around the world, therefore WMSNs show their potential towards the existing smart city structures. The proliferation of IoTs and WMSNs has also fixed its growing future [8]. Also, the requirement for a number of sensor nodes is increasing day by day, it is essential to maintain transparency and decentralization which is urging the incorporation of blockchain with WMSNs. From the existing literature, we observe that WMSN’s performance and recital can be improved by integrating blockchain within the system [9, 10].

WMSNs endure several limitations such as limited computing power, poor memory, low energy efficiency, physical sensitivity tremendous multimedia data transmission, and the use of unreliable wireless communication channels [9]. Moreover, security is also a crucial issue in WMSNs as it inherits the security risks of WSNs and IoTs. According to the studies, there are two fundamental threats faced by WMSNs [10]. First, the external adversary assaults the network, and the internal node is attacked and managed by the adversary and becomes a compromised node. This compromised node launches an attack within the network. It is therefore essential for WMSNs to be able to recognize and eradicate harmful nodes. The stable development of WMSNs depends on addressing the flaws. To overcome the security issues, WMSN’s network security has drawn the attention of a lot of researchers [11, 12]. The solutions are centralized and therefore, are prone to be biased and a point of attack.

1.2 Motivation and contribution

The existing solutions in the directions of WMSNs are noteworthy in terms of security and other network-related parameters such as latency, throughput, and overheads; however, the impact of these solutions is limited as the solutions are centralized. Moreover, the present computing paradigm is also looking forward to decentralization in every aspect to provide ubiquitous and pervasiveness in networking applications. It is true that decentralization may take more resources (e.g., blockchains); identifying an energy-efficient decentralization in terms of resource preservation is a challenging task. Also, storage of large amount of data is challenging issue in resources constrained scenario. So, the ongoing progress in the development of smart cities requires such decentralized WMSN solutions for daily operations for sustainable growth. The potentials of decentralization and the requirement of energy preservation for WMSNs motivate us to come up with a solution called as “PRIvacy-preserving Blockchain Authentication in Wireless MultimeDIa Sensor Networks (PRIBADI)” in smart cities. In the Indonesian language, “PRIBADI” means privacy. PRIBADI addresses the issues of energy-constraints and security in smart cities. To address the said issues, blockchain based decentralized and cloud-based storage scheme has been proposed. To this end, the main contributions of PRIBADI are as follows.

• Metrics calculation As we know, multimedia sensor-based devices are mostly used for smart city operation and the selection of cluster heads among all nodes is a challenging task. To nominate the most efficient and generic cluster head, PRIBADI considers various factors such as Degree of Connectivity (DoC), residual energy, distance from TA, reputation of the nodes, and composite weight matrix. The main motive of metrics computation is to elect most trusty and energy efficient cluster head for effectiveness of the proposed scheme.

• Certification Base station as TA is responsible for time-stamp-based certificate generation for each sensor node. Random keys and timestamps ensure the freshness of packets and the legitimacy of sensor nodes.

• Privacy preservation PRIBADI scheme ensures the privacy among parties during communication using timestamps inside request packets. The privacy preservation feature is essential to protect the information from adversaries.

• Authentication In PRIBADI, the authenticity of nodes is verified based on identity and control packets. Once the nodes prove their legitimacy, the nodes are able to communicate among the sensor nodes and TA; otherwise, the certificate of a node is revoked. Finally, the security of the PRIBADI is investigated with security and performance analysis.

1.3 Organization of the paper

We organize the rest of the paper in the following sections. Section 2 describes the extensive literature for the current research. In Sect. 3, we explain PRIBADI functionalities followed by the proposed framework. We explain the results and discussion are described in Sect. 4. In this section, the performance of PRIBADI is evaluated in terms of security analysis and performance metrics. Finally, Sect. 5 concludes our work.

2 Related work

In this section, we analyze the recent advancements and developments of smart cities in the direction WMSNs. As WMSNs are closely associated with the developments of smart cities, it is essential to understand the current trends and feasibilities possible in the direction of WMSNs’ security with data decentralization. Various secure and privacy-preserving WMSNs algorithms are available in the literature to overcome security issues. In this section, we segregate the review of relevant research papers into two parts: (i) secure and privacy-preserving WMSN techniques and (ii) the role of blockchain technology in WMSNs in the context of smart cities.

Blockchain-based conceptual framework based for smart cities basically entails three aspects such as human, technology and organization [13]. Also for erudite and smooth services, the financial sector endeavors to incorporate permission-less blockchain in smart cities. The procedure of data sharing and processing, the blockchain-based scheme provides more secure results with less time-consuming [14]. A different variant for secured smart cities with privacy, secure communication, various protocols and channels is presented in [15]. The data available from different parts of smart cities are large in volume and handling of this type of data is more challenging in smart cities. The problem of large data handling collected by sensor nodes is addressed by [16, 17]. In smart cities, various sensor nodes are deployed in the environment and their continuous data collection creates bulky records of data. Hence, the process of data transfer, storage, monitoring, management, control, and analysis is more challenging for burnish operations within smart cities. A detailed survey considers all such processes for data handling, security and usability with the incorporation of advanced technology IoTs in smart cities. The stored data would be more valuable if it is shared with all connected participants in a distributed manner [18].

Energy-efficient technique has been developed for target detection in WMSNs [19]. A trade-off between energy and detection accuracy has been addressed in this work. First, it executes clusterization of the network based on residual energy and location information. A further, cooperative communication feature is adopted for target identification. A Shift-Advanced Encryption Standard (Shift-AES) has been proposed to increase the lifetime of the network. The AES-based original algorithm is modified, which works well-matched manner with WMSNs networks [20]. WMSNs face various challenges during data exchange from one point to another. WMSNs are applicable for various real-time or non-real-time applications and attract the attention of researchers due to security aspects. Various proposed schemes for security have their own pros and cons [21]. Another secure technique has been investigated by researchers using watermarking for WMSNs. Due to resource-constrained WMSNs, the traditional secure approach is not compatible in terms of resource consumption [22, 23]. Another efficient secure method has been introduced for privacy-preserving of multimedia information [24, 25].

Due to random deployment and hostile network scenarios, WMSNs face various security threats during data sharing. A new security scheme uses quality-driven clustering for privacy-preserving and authentication in WMSNs. Security to data is provided using an error-concealment scheme which prolongs the network effectively [26, 27]. Another real-time key management scheme uses a rekey process on the basis of access-triggered splay tree architecture in which exchanges of keys take place during message exchanges step [28, 29]. Further, the concept of authentication is adopted for secure multimedia communication in IoT-based WSNs. An efficient authentication scheme has been proposed to address the security aspects of WMSNs. In this work, the concept of smartcards for authentication purposes is utilized with proof of correctness mutual authentication [30, 31]. Another password-based authentication comes for secure multimedia communication in hostile networks and a session key is established before broadcasting the data to ensure the privacy of data in this work. This scheme reduces the complexity and computational cost of wireless mobile networks [34, 35, 55]. A secure partial image-based encryption uses discrete wavelet transform, chaotic maps, and substitution box for WMSNs. Lifetime and secure compression of images are challenging concerns, which are addressed using chaotic maps and Hussain’s S-Box. To achieve higher security, the compressed image is XORed with a random key created by intertwining logistic map [36, 37, 56]. Another variation of energy-efficient with secure routing has shown in [38,39,40] for WMSNs.

Mentioning decentralization, the very first technology that comes to drive WMSNs is blockchain. This technology also creates a significant impact on the WMSNs performance in terms of security and interaction by providing decentralization [41,42,43]. A keyless signature method based on a decentralized blockchain has been developed for efficient and secure key management [44, 45]. We have considered the works of VANETs to emphasize on the aspect that VANETs are part of the Intelligent Transport System (ITS) and WSNs are integral part of ITS; VANETs also support multimedia transmissions. Therefore, it’s worth mentioning some significant works in the direction of VANETs. An authentication-based blockchain has been introduced for privacy preservation and transparency of vehicles in vehicular ad hoc networks (VANETs). Real identities of attackers have been identified using Authority (CA) and the Road Side Units (RSUs) [46, 47]. Blockchain-based anonymous reputation system (BARS) in [48] is beneficial for trust management in VANETs. The certificates of vehicles are revoked based on Proof of Presence (PoP) and Proof of Absence (PoA) and the real identities are stored in the decentralized blockchain [49,50,51]. Another blockchain-based trust model for trust and privacy management of vehicles has been produced in VANETs. Direct and indirect reputation make sure vehicle confidentiality using the blockchain certificate and revoking transparency [41, 52]. Emerging blockchain technology is also used for privacy-preserving purposes in telecommunications, internet and fog processing applications [53, 54]. The incorporation of WMSNs and IoTs with smart cities provides more reliable and erudite amenities to their citizen in terms of various functionalities [55]. The performance of smart cities in terms of energy and security can be evaluated using machine learning and artificial intelligence [56].

A detailed review of literature has been presented in Table 1, it is concluded that energy efficiency with privacy-preserving techniques is less considered for WMSNs-based smart cities. The incorporation and feasibility of blockchain in WMSNs-based smart cities is in the infancy stage due to high power consumption. On the other hand, blockchain possesses the potential for ensuring improved security of confidentiality, immutability, non-repudiation, and availability; however, resource consumption is large and the privacy of the transactions is a question. Therefore, in PRIBADI, we integrate WMSNs and blockchain for trust protection and trust management in smart cities; this leads to an improved and efficient WMSN framework.An existing problems are identified after analysis of the previous research works and these problems have been addressed by the proposed solution shown in Table 2.

Table 1 Summary of existing studies

Table 2 Addressing existing problem with proposed algorithm

3 Proposed framework: PRIBADI

PRIBADI addresses the problem of decentralized security and resource utilization in smart cities. In the following subsections, we first describe a network model followed for PRIBADI and then we explain the functionalities of PRIBADI.

3.1 Network model

WMSNs have a set of multimedia sensor nodes deployed with random mobility in smart cities, Base Stations which act as a Trust Authority (TA), and Cloud Network (CN) which may gather the information to TA. TA plays a crucial role of the administration in WMSNs and accomplishes the authentication of sensor nodes as well as cluster heads. TA performs all the major tasks of key generation, certificate distribution, and certificate revocation. The registration of sensor nodes is accomplished initially. The list of sensor nodes is preserved by TA and it has the capability to reveal the actual identities of adversary nodes and revoke the certificate of the same. The cluster heads are elected among all sensor nodes based on weight metrics. They communicate to TA through a wireless medium and the collected information from sensor nodes is forwarded to the TA for further activities. The holistic view of typical WMSNs-based smart city scenarios is depicted in Fig. 1.

Fig. 1

Holistic view of network architecture

The network model of PRIBADI shown in FIgure 1 aims to fulfill the security requirements such as: authentication, non-repudiation, protection of identification, and internal attack.

• Authentication PRIBADI addresses two types of authentication: information authentication and authentication of the sensor nodes. Information authentication validates information obtained during communication is created by the valid sensor nodes and unaltered. Authentication of the sensor nodes, also known as mutual authentication, involves two individual nodes identifying each other in a communication session.

• Non-repudiation This property contributes to a situation where the receiver may demonstrate to a third party that the sender cannot refuse his responsibility for the collection of information.

• Protection of identification It is necessary for each sensor node to broadcast frequent information regarding location, moving speed, and collected information. Preservation of identification confidentiality ensures that no one has been able to reveal the actual identities.

• Internal attack Internal attacks broadcast wrong information and hide the real identity of the certified node. These attacks intentionally gain control of other nodes and force them to act as malicious nodes.

PRIBADI achieves the process of certification in three phases as mentioned below.

• Generation \((K_{Gen})\): In this step, \(K_{Gen}\) is considered as a security input parameter and output key K \((K\in \kappa )\) is generated.

• Encryption \((K, \breve{I})\): Key K and information \(\breve{I}\) are considered as inputs, and output is generated in the form of ciphertext (\(\tilde{\tilde{C}}\)).

• Decryption (K, \(\tilde{\tilde{C}})\): Key K and \(\tilde{\tilde{C}}\) are considered as an input and original information is generated as output \(\breve{I}\).

In the PRIBADI framework, certifications of all the sensor nodes are achieved so that only legitimate nodes can communicate with each other. The framework consists of various phases explained as follows:

3.2 Initialization phase

In the proposed scheme, each TA has an identification (ID) and generates its personal private key with the help of a single hash function \(\{Hash(.)\}\).

$$\begin{aligned} K_{TA}=Hash(ID_{TA} \parallel \parallel {\dot{R}}_{TA}), \end{aligned}$$

(1)

where \(K_{TA}\) is the private key of TA and \(ID_{TA}\) represents the identification of TA. \({\dot{R}}_{TA}\) is the random number generated by TA. For hashing of the key, we use MD5 [57].

3.3 Registration phase

Each sensor node also has an identity \(ID_{SN}\) and secret key. Let us consider that \((ID_{(SN_ \varphi ))}\) is the identification of sensor node \(SN_\varphi\) and \(K_{SN_\varphi }\) represents the secret key of the sensor \(SN_\varphi\). Before applying the registration process to TA, the sensor nodes compute the combined parameter \(\vartheta _{SN_\varphi }\) using \(ID_{SN}\) and \(K_{SN_\varphi }\) as shown in the following equation.

$$\begin{aligned} \vartheta _{SN_\varphi }=Hash(ID_{SN_\varphi } \parallel K_{SN_\varphi } )). \end{aligned}$$

(2)

Further, \(SN_\varphi\) computes the integrated parameter \((\gamma _{SN_\varphi })\) using the following equation.

$$\begin{aligned} (\gamma _{SN_\varphi })= & {} A_{SN_\varphi } \bigoplus B_{SN_\varphi }. \end{aligned}$$

(3)

$$\begin{aligned} A_{SN_\varphi }= & {} Hash(ID_{SN_\varphi } \parallel \vartheta _{SN_\varphi }). \end{aligned}$$

(4)

$$\begin{aligned} B_{SN_\varphi }= & {} Hash(K_{SN_\varphi } \parallel \vartheta _{SN_\varphi }), \end{aligned}$$

(5)

where \(\bigoplus\) represents the XOR operation. After computing the integrated parameter, each sensor node \(SN_\varphi\) forwards \(\gamma _{SN_\varphi }\) to TA for registration. Once the \(\gamma _{SN_\varphi }\) is received by TA, it generates a random number \(\zeta _{TA}\) for sensor node \(SN_\varphi\). A parameter \({\mathbb {P}}_{TA}\) is computed by TA as follows.

$$\begin{aligned} {\mathbb {P}}_{TA}= & {} (Hash(\gamma _{SN_\varphi } \parallel {\mathbb {Q}}_{TA})\bigoplus K_{TA}). \end{aligned}$$

(6)

$$\begin{aligned} {\mathbb {Q}}_{TA}= & {} Hash(ID_{RA} \parallel \zeta _{TA}). \end{aligned}$$

(7)

The \({\mathbb {P}}_{TA}\) and \(\zeta _{TA}\) are broadcast to sensor node \(SN_\varphi\) and this information is stored by each sensor node. The process of registration is depicted in Fig. 2. Lists of Parameters (LoP) are stored by sensor node \(SN_\varphi\) using the following.

$$\begin{aligned} LoP=\{\gamma _{SN_\varphi },{\mathbb {P}}_{TA},\zeta _{SN_\varphi },\zeta _{TA}\} \end{aligned}$$

All this information is also stored by TA in the matrix as follows:

$$\begin{aligned} \varDelta _{TA}= \begin{pmatrix} \gamma _{SN_1},{\mathbb {P}}_{TA},\zeta _{SN_1},\zeta _{TA}\\ \gamma _{SN_2},{\mathbb {P}}_{TA},\zeta _{SN_2},\zeta _{TA}\\ \gamma _{SN_3},{\mathbb {P}}_{TA},\zeta _{SN_3},\zeta _{TA}\\ .........\\ \gamma _{SN_\varphi },{\mathbb {P}}_{TA},\zeta _{SN_\varphi },\zeta _{TA} \end{pmatrix} \end{aligned}$$

(8)

Fig. 2

Registration process

3.4 Cluster head selection

After successful registration and certification with TA authority, PRIBADI selects the Cluster Heads (CHs) among all sensor nodes for energy saving. The different parameters such as Degree of Connectivity (DoC), residual energy, distance from TA, and reputation of the nodes are considered for CH nodes selection.

Degree of Connectivity (DoC): DoC represents the total number of sensor nodes covered by a particular node within the one-hop neighbourhood. Mathematically, we can represent the one-hop neighbourhood as follows.

$$\begin{aligned} DoC_{SN_\varphi }^{conn}= \sum _{SN_\varphi ^j \in N, SN_\varphi ^j \ne SN_\varphi ^i} hop_{SN_\varphi ^j, SN_\varphi ^i }=1. \end{aligned}$$

(9)

Residual energy of node Another parameter for cluster head selection is the residual energy of the sensor nodes and PRIBADI computes it as follows.

$$\begin{aligned} {\left\{ \begin{array}{ll} E_{Tx} (n,Distance)=n \times E_{Elec}+n \times E_{FS} \times Distance^2, \\ Distance<d_0\\ E_{Tx} (n,Distance)=n \times E_{Elec}+n \times E_{MP}\times Distance^4, \\ Distance \ge d_0 \\ d_0= \sqrt{\frac{E_{FS}}{E_{MP}} } \end{array}\right. } \end{aligned}$$

where \(E_{Tx} (n,Distance)\) is the energy required for transmission of n bits data from one node to another node at a particular distance, \(E_{Rx}(n)\) represents the energy required for receiving n bits data, \(E_{Elec}\) is the energy consumed by electronic circuitry, \(E_{FS}\) is the energy required for free space model amplifier and \(E_{MP}\) is the required energy for multipath fading model amplifier. The average residual energy \((E_r^{avg})\) of each sensor node is an important parameter to evaluate the performance of any algorithm. The energy model used in the PRIBADI is the same as [23]. We use the following formula.

$$\begin{aligned} E_{total}^{SN_\varphi }=E_{Tx} (n,Distance)+E_{Rx} (n), \end{aligned}$$

(10)

where \(E_{total}\) represents the total energy consumed by sensor node and the remaining or residual energy of node is computed as:

$$\begin{aligned} E_{residual}^{SN_\varphi }= E_{initial}^{SN_\varphi }- E_{total}^{SN_\varphi }, \end{aligned}$$

(11)

where \(E_{residual}^{SN_\varphi }\) and \(E_{initial}^{SN_\varphi }\) are the residual and initial energy of sensor node \(SN_\varphi\) respectively.

Reputation of node: For cluster head selection, the behaviour of \(SN_\varphi ^j\) with another sensor node \(SN_\varphi ^i\) regarding the forwarding information is computed and the estimated factor is represented by \(R_{SN_\varphi }\). The range of reputation for sensor node lies in between [0, 1] and initially the reputation is considered 0.5 for all sensor nodes and \(R_{SN_\varphi }\) is computed as follows.

$$\begin{aligned} LU_{SN_\varphi }^{ij}=R_{SN_\varphi }^{ij} \times U_{SN_\varphi }^{ij}, \end{aligned}$$

(12)

where \(LU_{SN_\varphi }^{ij}\) is the local utility parameter and \(R_{SN_\varphi }^{ij}\) is the reputation of \(SN_\varphi ^j\) at \(SN_\varphi ^i\). \(U_{SN_\varphi }^{ij}\) represents the utility parameter of \(SN_\varphi ^j\). \(LU_{SN_\varphi }^{ij}\) defines the capability of broadcasting information of \(SN_\varphi ^j\) at \(SN_\varphi ^i\). The highest value of \(LU_{SN_\varphi }^{ij}\) represents the most trustworthy sensor node.

$$\begin{aligned} weight_{SN_\varphi }=\omega _1 \times DoC_{SN_\varphi }^{conn}+\omega \times E_{residual}^{SN_\varphi }+\omega \times LU_{SN_\varphi }^{ij}, \end{aligned}$$

(13)

and

$$\begin{aligned} \omega _1+\omega _2+\omega _3=1, \end{aligned}$$

(14)

where \(weight_{SN_\varphi }\) represents the weight metric of sensor node \(SN_\varphi\) and on the basis of value of \(weight_{SN_\varphi }\) cluster heads are selected. The \(SN_\varphi\) with \(weight_{SN_\varphi }\) values are nominated as a cluster head in the network and the cluster heads forward the collected information to TA. The cluster heads are represented by \(CH_{SN_\varphi }\).

3.5 Authentication

PRIBADI provides two types of authentication: authentication of sensor nodes (identification-based authentication) and information authentication.

3.5.1 Identification based authentication

After collecting the information from sensor nodes, \(CH_{SN_\varphi }\) forwards that information to TA. Before transmission, PRIBADI initiates the authentication process. \(CH_{SN_\varphi }\) produces the parameter \(\gamma\) with the help of its ID and its secret key. The generated parameter \(\gamma\) is compared with the stored value of the parameter in LoP. If both the values of the parameters are the same, \(CH_{SN_\varphi }\) is authenticated otherwise the request is rejected. Specifically, \(CH_{SN_\varphi }\) computes \(\vartheta _{SN_\varphi }^\prime =Hash(ID_{SN_\varphi } \parallel K_{SN_\varphi }), A_{SN_\varphi }^\prime =Hash(ID_{SN_\varphi } \parallel \vartheta _{SN_\varphi }^\prime\)) and \(A_{SN_\varphi }^\prime =Hash(K_{SN_ \varphi } \parallel \vartheta _{SN_\varphi })\). After that \(\gamma _{SN_\varphi }^\prime =A_{SN_\varphi } \bigoplus B_{SN_ \varphi }\) is computed and compared with the parameter value of \(\gamma\) stored in LoP.

3.5.2 Authentication based on control packets

In this authentication, the originality or security of transmitted data is ensured before further data transmission and the process is achieved as follows Fig. 3

Request packet \((\Re eq_{pkt})\) \(CH_{SN_\varphi }\) generates \(\Re eq_{pkt}\) with a timestamp \(({\mathbb {T}}_{stamp}^{tx})\) and a random key \(\zeta _{CH_{SN_\varphi }}^1\). At the same time, \(CH_{SN_\varphi }\) collects the parameters from LoP and computes the parameter \({\mathbb {Q}}_{TA}\) using \({\mathbb {Q}}_{TA}=Hash(ID_{RA} \parallel \zeta _{TA})\). \(CH_{SN_\varphi }\) computes the secret key of TA \((K_{TA})\) using \({\mathbb {P}}_{TA}, \gamma _{SN_\varphi }\), and \({\mathbb {Q}}_{TA}\) as in following equation.

$$\begin{aligned} K_{TA}=(Hash(\gamma _{SN_\varphi } \parallel {\mathbb {Q}}_{TA})\bigoplus {\mathbb {P}}_{TA}). \end{aligned}$$

(15)

\(CH_{SN_\varphi }\) computes the following metrics.

$$\begin{aligned} \phi _{CH_{SN_\varphi }}= & {} (Hash(K_{TA} \parallel {\mathbb {T}}_{stamp}^{tx}) \bigoplus \zeta _{CH_{SN_\varphi }}^1). \end{aligned}$$

(16)

$$\begin{aligned} {\mathcal {P}} _{CH_{SN_\varphi }}= & {} (\phi _{CH_{SN_\varphi }}\bigoplus \gamma _{CH_{SN_\varphi }} ^1 \bigoplus K_{TA}). \end{aligned}$$

(17)

$$\begin{aligned} {\mathcal {G}}_{CH_{SN_\varphi }}= & {} (\Re eq_{pkt}\bigoplus \phi _{CH_{SN_\varphi }} \bigoplus {\mathbb {T}}_{stamp}^{tx} \bigoplus K_{TA}). \end{aligned}$$

(18)

Finally, the request packet is broadcast as follows.

$$\begin{aligned} CH_{SN_\varphi }\rightarrow TA: \{\phi _{CH_{SN_\varphi }},{\mathbb {T}}_{stamp}^{tx},{\mathcal {G}}_{CH_{SN_\varphi }}\}. \end{aligned}$$

(19)

Reply packet (\(\Re ep_{pkt}\)) After receiving the \(\Re ep_{pkt}\) from \(CH_{SN_\varphi }\), TA records the receiving timestamp \({\mathbb {T}}_{stamp}^{rx}\). All the parameters such as \(\{\phi _{CH_{SN_\varphi }}, {\mathbb {T}}_{stamp}^{tx}, {\mathcal {G}}_{CH_{SN_\varphi }}\}\) are extracted from \(\Re ep_{pkt}\). To check the freshness of the packets, \({\mathbb {T}}_{stamp}^{rx}\) is compared with \({\mathbb {T}}_{stamp}^{tx}\); it must satisfy following condition.

$$\begin{aligned} {\mathbb {T}}_{stamp}^{rx}-{\mathbb {T}}_{stamp}^{tx} \ge \varDelta _T, \end{aligned}$$

(20)

where \(\varDelta _T\) is the threshold time upto that the packets are considered as fresh. If the above condition is not satisfied, then TA stops communication with that \(CH_{SN_\varphi }\) otherwise TA is ready for communication or transmission. TA computes \(\zeta _{CH_{SN_\varphi }}^1\) that is generated by \(CH_{SN_\varphi }\) during the request packet and is computed as follows.

$$\begin{aligned}{} & {} (\zeta _{CH_{SN_\varphi }}^1)^ \prime =Hash(K_{TA} \parallel {\mathbb {T}}_{stamp}^{tx})\bigoplus \phi _{CH_{SN_\varphi }}. \end{aligned}$$

(21)

$$\begin{aligned}{} & {} {\mathcal {P}}_{CH_{SN_\varphi }}^\prime =(\phi _{CH_{SN_\varphi }} \bigoplus (\zeta _{CH_{SN_\varphi }}^1)^\prime \bigoplus K_{TA}). \end{aligned}$$

(22)

TA also obtains \(\Re ep_{pkt}\) packets and collects the parameters such as:

$$\begin{aligned} \Re ep_{pkt}=({\mathcal {G}}_{CH_{SN_\varphi }} \bigoplus (\phi _{CH_{SN_\varphi }}\bigoplus {\mathbb {T}}_{stamp}^{tx} \bigoplus K_{TA}). \end{aligned}$$

(23)

Further, with the help of the above metrics, some of the new metrics are computed as follows.

$$\begin{aligned}{} & {} {\mathcal {F}}_{TA} =Hash\{(\phi _{CH_{SN_\varphi }}^1)^\prime \parallel Hash(\varDelta _T \parallel K_{TA})\}. \end{aligned}$$

(24)

$$\begin{aligned}{} & {} {\mathfrak {B}}_{TA}={\mathcal {F}}_{TA}\bigoplus K_{TA} \bigoplus \{({\mathcal {P}}_{CH_{SN_\varphi }})^\prime \bigoplus (\zeta _{CH_{SN_ \varphi }}^1)^\prime \}. \end{aligned}$$

(25)

After verification, TA broadcasts \(\Re ep_{pkt}\) to C\(CH_{SN_\varphi }\) by applying encryption on packets. For providing more security to \(\Re ep_{pkt}\) packets is formatted into encrypted form as follows.

$$\begin{aligned} \hbox {Encryption } (K,\Re ep_{pkt}) = Encryption(B_{TA},\Re ep_{pkt},{\mathbb {T}}_{stamp}^{tx}) \end{aligned}$$

Authentication of each entity Once process of exchanging control packets (request and reply packet) are completed, both \(CH_{SN_\varphi }\) and TA get information about each other. After getting reply packet, \(CH_{SN_\varphi }\) records the \({\mathbb {T}}_{stamp}^{rx}\) and receiveing time of packets \(\mathfrak {B}_{TA},{\mathbb {T}}_{stamp}^{rx }, \Re ep_{pkt}\). Then, \(CH_{SN_\varphi }\) check whether condition \({\mathbb {T}}_{stamp}^{rx}-{\mathbb {T}}_{stamp}^{tx} \ge \varDelta _T\) is satisfied or not. If condition is not fulfilled, the, \(CH_{SN_\varphi }\) will stop communicating with the TA. If condition is fulfilled, \(CH_{SN_\varphi }\) will extract packet from \(\Re ep_{pkt}\). For extracting the packet from the original \(\Re ep_{pkt}\), \(CH_{SN_\varphi }\) need to compute \({\mathcal {F}}_{TA}\) correctly and should be able to decrypt reply packet successfully. With the help of below given equation, \(CH_{SN_\varphi }\) will compute \({\mathcal {F}}_{TA}\) that can be written as \({\mathcal {F}}_{TA^{'}}\):

$$\begin{aligned} {\mathcal {F}}_{TA^{'}}= \mathfrak {B}_{TA} \bigoplus K_{TA} \bigoplus {\mathcal {P}}_{CH_{SN_\varphi }} \bigoplus \zeta _{CH_{SN_\varphi }}^1 \end{aligned}$$

(26)

Now, \({\mathcal {F}}_{TA^{'}}\) is used to decrypt \(\Re ep_{pkt}\) and it can be written as:

$$\begin{aligned} reply_{M}= decryption_{{\mathcal {F}}_{TA^{'}}} (\Re ep_{pkt}) \end{aligned}$$

(27)

Once decryption process completed properly, \(CH_{SN_\varphi }\) considers that TA is secure entity and share information with TA.

Fig. 3

Procedure of PRIBADI

3.6 Certificate revocation

After a successful registration process, once the TA comes to know about the misbehavior of \(CH_{SN_\varphi }\), TA revokes the certificate of \(CH_{SN_\varphi }\). The revoked certificate consists of \(\gamma _{CH_{SN_\varphi }}\), timestamp \({\mathbb {T}}_{stamp}^{CR}\), reason of revocation, and signature of TA \(({\mathbb {S}}_{TA})\). The revoked certificate is broadcast across the network. We summarize the process of certification, cluster head election, and authentication in Algorithm 1.

Algorithm 1

Certification, cluster head election and authentication process

3.7 Blockchain and cloud-based solution

The process of blockchain generation and data transmission to cloud is shown in Figure After gathering the information from \(CH_{SN_\varphi }\), TA broadcast the information to a cloud server and act as a fog node. The information at TA is divided into two parts i.e. (1) Data management and (2) Certificate management. All the large-size information or data is stored in a cloud network which has various benefits such as reduced latency, time consumption reduced due to the availability of information in the cloud, and storage efficiency. The certificates of registration, random key, and revocation certificate of all sensor nodes are managed by blockchain technology.

Fig. 4

Process of blockchain generation

4 Results and discussion

In this section, the performance of the PRIBADI is evaluated and compared with the existing secure WMSNs algorithm. The experimental setup and the performance metrics are also explained in this. For the performance of PRIBADI is analyzed with specification Intel (R) Core(TM) i3-3217 CPU @1.80 GHz and 4 GB RAM. Experimental parameters are tabulated in Table  3. Also, the system requirement for blockchain implementation is tabulated in Table 4.

Table 3 Simulation parameters

Table 4 System requirement for proposed PRIBADI

4.1 Security analysis

• Impersonation attack If a malicious node \(({\mathcal {M}})\) wants to get the devoted service of any sensor node, the \({\mathcal {M}}\) can impersonate the identity of sensor nodes and make a forge login request. If the request is successfully forged, the \({\mathcal {M}}\) can successfully introduce the impersonate attack. But in our scheme, for launching an impersonate attack, \({\mathcal {M}}\) needs to steal the various parameters \((K_{TA}, {\mathcal {P}} _{CH_{SN_\varphi }}, {\mathcal {G}}_{CH_{SN_\varphi }}, {\mathbb {T}}_{stamp}^{tx})\). Even if somehow, the \({\mathcal {M}}\) successfully get the secret key \(K_{TA}\) of TA, but cannot steal the parameters \(({\mathcal {P}} _{CH_{SN_\varphi }}, {\mathcal {G}}_{CH_{SN_\varphi }})\).

• Replay attack The replay attack is the process of intentionally sending the information by delaying or repeating the information to another node. When \({\mathcal {M}}\) gets the packets information that are transmitted from \(SN_\varphi ^a\) to \(SN_\varphi ^b\), then \({\mathcal {M}}\) will transmit the information to \(SN_\varphi ^b\). In this way, \({\mathcal {M}}\) can perform the replay attack. But in our scheme, the \(SN_\varphi ^b\) does not send the request directly but send it by using \({\mathcal {P}} _{CH_{SN_\varphi }}\) with a timestamp. Once the request is received, \(SN_\varphi ^a\) firstly check whether \({\mathbb {T}}_{stamp}^{rx}-{\mathbb {T}}_{stamp}^{tx} \le \varDelta _T\) is satisfied or not. Once the condition is not satisfied, \(SN_\varphi ^a\) stops communication, and that node will be be added in revoked list.

• Data unforgeability To manipulate the sensitive information of nodes without their permission is termed as forging. PRIBADI ensures that attacker will not be able to forge the sensitive data.For forging the data, firstly attacker get the parameters \(\{\phi _{CH_{SN_\varphi }}, {\mathbb {T}}_{stamp}^{tx}, {\mathcal {G}}_{CH_{SN_\varphi }}\}\) that is communicated by sender. Also, when attacker will send the reply packet, TA will also check the freshness of packet by comparing \({\mathbb {T}}_{stamp}^{rx}\) to \({\mathbb {T}}_{stamp}^{tx}\). If the condition is not fullfiled, the packets will be automatically terminated, communication among them will stop.

• Tampering attack Tampering the information of another sensor node without permission is called tampering. \({\mathcal {M}}\) can launch a tampering attack if the data of the sensor node is illegally modified. If two node \(SN_\varphi ^a\) and \(SN_\varphi ^b\) wants to communicate. Suppose, \({\mathcal {M}}\) has tampered the parameters \(\{\phi _{CH_{SN_\varphi }}, {\mathbb {T}}_{stamp}^{tx}, {\mathcal {G}}_{CH_{SN_\varphi }}\}\), which are communicated from \(SN_\varphi ^a\) to \(SN_\varphi ^b\). This distributes wrong information to \(SN_\varphi ^b\). The node \(SN_\varphi ^b\) can still compute the relevant parameters using false information using \({\mathcal {F}}_{TA}^{'}\) and \(\mathfrak {B}_{TA^{'}}\), because node \(SN_\varphi ^b\) is not aware about tampering. \(SN_\varphi ^b\) encrypt the parameters using \({\mathcal {F}}_{TA}^{'}\) and broadcast it towards \(SN_\varphi ^a\). Now, \(SN_\varphi ^a\) still calculate original \({\mathcal {F}}_{TA}\). Then it check whether \({\mathcal {F}}_{TA}^{'}={\mathcal {F}}_{TA}\) is satisfied or not. If the condition is not satisfied, \(SN_\varphi ^a\) does not send data to \(SN_\varphi ^b\).

• Privacy In privacy preservation, the privacy of the information is ensured when communication among original parties takes place. The proposed scheme PRIBADI comes up with the privacy preservation features that are essential to enhance the security of information. In PRIBADI, every time \(CH_{SN_\varphi }\) generates its generates \(\Re eq_{pkt}\) with a timestamp \(({\mathbb {T}}_{stamp}^{tx})\) and a random key \(\zeta _{CH_{SN_\varphi }}^1\). TA must check the freshness of the packets by comparing \({\mathbb {T}}_{stamp}^{rx}\) to \({\mathbb {T}}_{stamp}^{tx}\).The packets are considered fresh upto \(\varDelta _T,\) time. Thus, PRIBADI ensures the privacy-preserving property.

• Traceability and revocability These two properties are ensured by proposed PRIBADI. The proposed scheme ensures that only legitimates nodes get the access original identity of nodes. If a nodes intentionally shared secret key or misuse it, the proposed scheme revoked that particular node. In PRIBADI, request packets are transmitted by using \({\mathcal {P}} _{CH_{SN_\varphi }}\) with a timestamp. Then, \(CH_{SN_\varphi }\) check whether condition \({\mathbb {T}}_{stamp}^{rx}-{\mathbb {T}}_{stamp}^{tx} \ge \varDelta _T\) is satisfied or not. If condition is not fulfilled, the, \(CH_{SN_\varphi }\) will stop communicating with the TA and add that node into revoked list.

• Decentralization In decentralization, data is stored in a public ledger and that ledger is available to each participant. Decentralization preserves the level of trust and responsibility by eliminating the dependency on the central entity. In PRIBADI, blockchain is utilized that ensure the authentication among sensor nodes and base stations with the help of certification and authentication schemes.

• Cloud-storage The data collected by multimedia sensor nodes from different parts of smart cities are large in size and to handle and maintain such huge data is more challenging. So, to improve the reliability and efficiency of storage, bulky data is shared with the cloud for optimal storage. Emerging blockchain is utilized to record certificates and hashes of sensor nodes which efficiently protect the information from adversary attacks. A list of important notations and their descriptions used throughout the paper are shown in Table 5.

Table 5 List of notations and its description

4.2 Performance metrics

The performance of the PRIBADI is evaluated by considering different metrics discussed as follows:

1. 1.

   Average of energy consumption \(({\mathbb {E}}_{Average})\)

   \({\mathbb {E}}_{Average}\) defined as the ratio of energy consumption during authentication \({\mathbb {E}}_{Auth}\) and blockchain generation \({\mathbb {E}}_{BG}\) to the total energy consumed during information transmission \({\mathbb {E}}_{tx}\) and reception \({\mathbb {E}}_{rx}\). \({\mathbb {E}}_{Average}\) is computed as follows:

   $$\begin{aligned} {\mathbb {E}}_{Average}=\frac{\sum _n {\mathbb {E}}_{Auth}+{\mathbb {E}}_{BG}}{\sum _n {\mathbb {E}}_{Auth}+{\mathbb {E}}_{BG}} \end{aligned}$$

   (28)
2. 2.

   Detection accuracy (\({\mathcal {D}}_{accuracy}\)) The ratio of sensor nodes identified as malicious \(({\mathcal {M}}_{SN_\varphi }^{identified)}\) to the total number of malicious sensor nodes \(({\mathcal {M}}_{SN_\varphi }^{total})\) and computed as follows:

   $$\begin{aligned} ({\mathcal {D}}_{accuracy})=\frac{({\mathcal {M}}_{SN_\varphi }^{identified})}{({\mathcal {M}}_{SN_\varphi }^{total})} \times 100 \end{aligned}$$

   (29)

4.3 Performance analysis

The simulated results and features of the PRIBADI are compared with other existing algorithms described in I. T. Almalkawi et al. (2019) [24], M. Usman et al. (2016) [26], L. Fang et al. (2018) [40], and Y. Zhang et al. (2013) [28].

At first, we compare the features of the proposed scheme with existing methods in Table 6. We summarize that that I. T. Almalkawi et al.,(2019) [24] and M. Usman et al., (2016) [26] provide protection against privacy and tampering, but do not offer other features. Moreover, cloud utilization, decentralization, distributed storage, and protection against replay attacks are not considered by all the existing algorithms. Thus, the comparison states that PRIBADI is significant in terms of providing security. Also, a comparative analysis is done in terms of the time complexity of the operation by including three major tasks keys calculation, distribution of keys, and computation of hash. The time taken by different processes is shown in Table 7

Table 6 Comparison of security performance

Table 7 Time complexity of operation in Seconds

The effect of the mobility of nodes on average energy consumption is evaluated and the results are compared with existing ones. Each sensor node chooses its mobility within a range \((0,Velocity_{max.})\) and \(Velocity_{max.}\) is denoted in terms of transmission range \((T_R)\). Suppose, \(Velocity_{max.}=10\) and \(T_R=40\) then \(Velocity_{max.}\) is represented as \((Velocity_{max.}=0.25 T_R)\). The impact of mobility on \({\mathbb {E}}_{Average}\) is illustrated in Fig. 4. It is observed from Fig. 5 that the mobility of nodes affects \({\mathbb {E}}_{Average}\) significantly and \({\mathbb {E}}_{Average}\) reduces for all algorithms as the mobility increases.

Fig. 5

Impact of mobility of nodes on average energy consumption

The delay in registration and certificate distribution for all algorithms is depicted in Fig. 5 and the simulated results of PRIBADI are compared with I. T. Almalkawi et al.,(2019) [24], M. Usman et al., (2016) [26], L. Fang et al., (2018) [40] and Y. Zhang et al., (2013) [28].

Fig. 6

Impact of node density on distribution of certificate delay

It is explored from Fig. 6 that as the size of the network increases, the delay in certificate distribution also rises up for all algorithms. In other words, we can say that network size effectively controls the time of certificate distribution delay and a load of certificate distribution on TA increases as the number of multimedia sensor nodes increases. Therefore, the delay in certificate distribution of PRIBADI is least as compared to existing ones.

Further, the performance of the algorithms are examined in terms of detection accuracy and illustrated in Fig. 7. The simulated results of the PRIBADI are compared with existing algorithms such as I. T. Almalkawi et al.,(2019) [24], M. Usman et al., (2016) [26], L. Fang et al., (2018) [40] and Y. Zhang et al., (2013) [28]. The simulated results reveal that as the ratio of malicious increases, detection accuracy decreases for all algorithms. The PRIBADI perform 50.12%, 41.62%, 6.01% and 29.11% better as compared to I. T. Almalkawi et al.,(2019) [24], M. Usman et al., (2016) [26], L. Fang et al., (2018) [40] and Y. Zhang et al., (2013) [28] respectively.

Fig. 7

Impact of ratio of malicious nodes on Detection accuracy

The time taken by a sensor node for registration, certification, authentication and data transmission process is termed as operation time. It also indicates the complexity of the algorithm. More the time taken to complete the process expressed the higher the complexity of the algorithm. The simulated results of operation time are illustrated in Fig. 8 which reveals that operation time is significantly affected by the size of the network for all algorithms. The algorithm by M. Usman et al., (2016) [26] takes the least time to complete the process, but L. Fang et al. (2018) [40] scheme requires the highest time. We observe that the whole process of PRIBADI takes comparatively lesser time. However, our proposed PRIBADI takes more time compared to the methods shown in [24, 26], and [28] because of the blockchain generation process. We summarize the comparison of the performances in Table 8.

Fig. 8

Impact of number of multimedia sensor nodes on operation time

Table 8 Comparisons of different metrics

4.4 Evaluation metrics in terms of blockchain

In this section, we enlisted those metrics that are considered to evaluate the performance of the proposed scheme:

• Latency Latency is represented by a time taken by a packet from source to destination and it is measured in second. It is measured by: Latency= confirmation time- submission time Latency for is measured for all blocks for present experiment and the average of latency is calculated. It also considers the propagation time and intermediate time due to consensus mechanism. The analysis of PRIBADI in terms of latency is given in Table 9. Firstly maximum and minimum of latency is measured with respect to no. of sensor nodes and blocks. It can be interpreted that as the no. of nodes are increasing, average of latency is also increasing.So It can be concluded from the results that latency of PRIBADI depends total no. of nodes.

Table 9 Comparison of latency with respect to Nodes

• Throughput Throughput represents the rate of flow of all transactions in block with respect to time (sec.) in a cycle T. In other words, it can be defined as number of transactions flow for block in a given amount of time.

  $$\begin{aligned} Transactions \,throughput = Total \, transactions/ total \, time\, taken \,in\, seconds \end{aligned}$$

  (30)

  Further, the performance is evaluated in terms of throughput is shown in Table 10. As the number of sensor nodes increases, the sending rate changes because of that throughput increases with respect to sensor nodes. At last, the complexity of PRIBADI is evaluated in terms of computational cost and transactional cost as shown in Table 11. In computational cost various factors such as key generation, encryption, decryption, authentication, hashing and revocation are considered. Transactional cost consist cost of random key transmission, request and reply packets.

Table 10 Comparison of average throughput

Table 11 Comparison of complexity in terms of computational cost and transactional cost

5 Conclusion

The research work is based on blockchain-based WMSNs algorithm and is effectively and efficaciously executed for privacy preservation and authentication for smart cities. The present work provides ubiquitous and pervasiveness decentralized solution to make system energy-efficient and more secure. Further, adoption of blockchain ensures confidentiality, immutability, non-repudiation, and availability. Also,cloud storage is utilized as WMSNs are resources constrained. Firstly, Trusted Authority (TA) distributes the certificates to all sensor nodes using the least variable parameters. Further, the cluster heads are nominated based on their weight metrics which forward the collected information to TA. A large amount of information is shared with the cloud to improve the reliability and efficiency of storage. Emerging blockchain is utilized to record certificates and hashes of sensor nodes which efficiently protect the information from adversary attacks. Moreover, the certificates of malfunctioning cluster heads are revoked by TA for more privacy preservation. The simulated results demonstrate that the PRIBADI accomplishes 50.12%, 41.62%, 6.01% and 29.11% better results in terms of detection accuracy as compared to existing algorithms [24, 26, 40] and [28] respectively.