Liu 2019

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2019.2957396, IEEE Internet of
Things Journal
IEEE INTERNET OF THINGS JOURNAL, VOL. **, NO. **, *** 2019 1
Data Aggregation in Wireless Sensor Networks:

From the Perspective of Security
Xiaowu Liu, Jiguo Yu, Senior Member, IEEE, Feng Li, Member, IEEE,
Weifeng Lv, Yinglong Wang, Xiuzhen Cheng, Fellow, IEEE
Abstract—Nodes in Wireless Sensor Networks (WSNs) are DA has a wide spectrum of applications due to its advan-
usually deployed in an unattended even hostile environment. tages in energy efficiency. However, guaranteeing its security
What is worse, these nodes are equipped with limited battery, is a highly non-trivial issue, especially considering WSNs are
storage, computation and communication resources. Therefore, it
is challenging to ensure the security of a WSN without decreasing usually deployed in an unattended even hostile environment,
its network performance. Data Aggregation (DA) combined with such that data may be falsified during delivery process or even
security mechanism can provide a good scheme for solving the sensor nodes may be captured. In the traditional sense, the goal
aforementioned problems. This paper presents a comprehensive of network security is to guarantee Confidentiality, Integrity
review of Secure Data Aggregation (SDA) in WSNs, including its and Availability (CIA) and many methods are proposed such as
security goals together with existing problems. The traditional
network topologies as well as new emerging ones are discussed encryption, authentication, attack detection and vulnerability
and compared in order to indicate the application scenes and analysis. However, traditional security schemes cannot be
security levels of different topologies. Meanwhile, the contrastive directly applied to DA, since they may be conflicted in a
analyses of security strategies are presented which divides SDA WSN with DA. Taking encryption as an example, the original
protocols into five categories according to different security plaintext is needed when the aggregation operations (e.g., Add,
mechanisms, security goals and network topologies. Besides, the
discussion points out some open issues which may be valuable Subtract, Multiply, Divide, Max/Min, Sum and Average) are
topics of SDA in the future. performed, while encryption prevents the plaintext from being
accessed by relay nodes. A feasible solution is that two nodes
Index Terms—Wireless sensor network; Data aggregation;
Security. firstly negotiate a sharing key, the sender encrypts its sensing
data to a ciphertext and the receiver receives the ciphertext
and decrypts it with the sharing key. In this way, the plaintext
I. I NTRODUCTION may not be exposed to other nodes.
Wireless Sensor Networks (WSNs) have been attracting The penetration of WSNs gives rise to the extensive studies
increasing concerns in both theoretical research and practical on Secure Data Aggregation (SDA). Most of the surveys
development in the past decades [1]. A WSN is composed related to the security of WSN concentrate on the attack
of a large number of sensor nodes that are usually densely resistance of non-DA WSN [3, 4]. Although there is a survey
deployed in a certain geographical region to acquire the data paper on SDA in 2009 [5], it focuses on traditional network
of interest, which are collected from the source nodes to a topology (tree and cluster), plain sensor data aggregation and
Base Station (BS) through multi-hop transmission. encrypted sensor data aggregation. In the past decade, SDA
Due to the dense deployment of sensor nodes (which leads was pushed forward in an amazing manner and many valuable
to the fact that the sensing ranges of sensor nodes are highly schemes were proposed along with the emerging malicious
overlapped), the sensed data are of significant redundancy. activities. Meanwhile, more application scenarios stimulate
Delivering all the raw data to BS results in a heavy energy SDA to enrich the connotations of security goals, provide
consumption, which may gravely threaten the lifetime of the the complex network topologies and explore the sophisticated
sensor network [2]. Data Aggregation (DA) can effectively aggregation strategies. Therefore, we believe that it is the right
improve the energy efficiency of data collection where the time to review the existing SDA proposals and motivate future
sensed data are “aggregated” by relaying nodes. research directions. Taking the new development trends of
X. Liu is with the School of Information Science and Engineering, Qufu SDA into consideration, we extend the definition of SDA in
Normal University, Rizhao, 276826, PR China. E-mail: ycmlxw@126.com. [6] as the process of eliminating data redundancy (and thus
J. Yu (corresponding auhtor) and Y. Wang are with School of Computer prolonging the lifetime of the network) without sacrificing the
Science and Technology, Qilu University of Technology (Shandong Academy
of Sciences), Jinan, 250253, P.R. China; Shandong Computer Science Center security in terms of integrity, accuracy, robustness and so on.
(National Supercomputer Center in Jinan), Jinan, 250014, PR China and Shan- Based on such a new paradigm, we investigate state-of-the-art
dong Provincial Key Laboratory of Computer Networks, Jinan, Shandong, of SDA, and make the following contributions.
250014, PR China. E-mail: jiguoyu@sina.com, wangyl@sdas.org.
F. Li is with the School of Computer Science and Technology, Shandong
University, Qingdao, 266237, PR China. E-mail: fli@sdu.edu.cn. • We investigate the security problems in DA and provide
W. Lv is with School of Computer Science and Engineering, Beihang comprehensive discussions of security goals. In particular,
University, Beijing, 100191, PR China. E-mail: lwf@buaa.edu.cn. we formalize the process of DA and explain the severe
X. Cheng is with the Department of Computer Science, The George
Washington University, Washington DC 20052. E-mail: cheng@gwu.edu. security issues in WSNs through a discussion between a
Copyright (c) 2019 IEEE WSN with DA and that without DA.
2327-4662 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2019.2957396, IEEE Internet of
Things Journal
TABLE I: List of notations

Non-DA Network
Notation Definition
WSNs Wireless Sensor Networks
BS Base Station
DA Data Aggregation Eventt S
Source
SDA Secure Data Aggregation
AN Aggregation Node
MN Member Node
DoS Denial of Service
CH Cluster Head
DA Network n1 ANv
LN Leaf Node
di The sensing data of node ni ANu
ni Node i n2
BS
Eres The estimated current residual energy nk
Event Source
Eini The initial energy of a sensor node ni+j MN
The probability that ID of nj is included in the key-ring ni
Pinc ni+1 AN
of ni
The probability that a pairwise key can be established
Euv
between ni and nj
AN ()
Dagg The aggregation result in AN Fig. 1: DA and non-DA network
BS ()
Dagg The aggregation result in BS
Hash(x) The hash value of x
The direct trust value in ni for neighboring
Ti,j A. Data aggregation
node nj
fi,j The good behaviors of nj from the perspective of ni
di,j The bad behaviors of nj from the perspective of ni DA technique can decrease the traffic, save the energy,
increase the accuracy and expand the lifetime of WSN. There
are huge differences between a WSN with DA and a WSN
without DA, which can be illustrated using Fig.1. The sensor
• We perform varied analyses of traditional network topolo- nodes send their sensing data to BS hop-by-hop separately in a
gies and the emerging ones which are not discussed non-DA network, which is an energy intensive communication
in other survey papers for different topologies may process. Six nodes around the event source need to individually
have different application scenes. What’s more, different transmit six packets to BS in Fig. 1. This may be improved
topologies may demonstrate different performances in by DA for the sensor nodes are correlated in a temporal and
terms of integrity, lifetime and other security indexes even spatial context. Therefore, the sensing data (e.g., temperature
the same security strategy is applied. and humidity) may be identical or similar and transmitting
• We address the latest security strategies in SDA by them directly to BS is unnecessary. The data of sensors can be
making a contrast according to different security schemes fused to a single packet. As a result, the energy consumption
and this provides an explicit identification of advantages can be decreased comparing with non-DA network. Let there
and performance of different approaches in the same be k sensor nodes in a monitoring area. di (1 ≤ i ≤ k) are
category. collected by k sensors around the event source. f is a pre-
These contributions cover most of the critical problems of defined aggregation function which may be linear or nonlinear,
SDA and we hope that pioneers can regard this survey as a such as Mean, Add, Count and Max/Min. Then, the data
useful reference for subsequent research. For easy understand- aggregation may be defined as Equation (1),
ing, the notations will be used in this paper can be found in
dagg = f (d1 , d2 , ..., dk ). (1)
Table I.
This paper is organized as follows: in Section II, the Taking Mean function as an instance, k nodes send their
data aggregation as well as security goals are discussed. In sensing data di (1 ≤ i ≤ k) to an Aggregation Node (AN)
Section III, network topologies are provided. The strategies of instead of transmitting them to BS individually. AN computes
SDA are classified into five categories and their characteristics the mean of k sensing data, dagg = (d1 + d2 + ... + dk )/k =
Pk
are compared in Section IV. An exhaustive description of i=1 di /k. After that, the aggregation result dagg is encap-
future direction is performed in Section V. Finally, Section VI sulated in a packet and sent to BS in a multi-hop manner.
presents the conclusion of this paper. Compared with a non-DA network, this is a more effective
mechanism to monitor the interesting area.
Although DA can improve the effectiveness of network,
II. DATA AGGREGATION AND S ECURITY G OALS it may lead to more serious security issues. If a node in
a non-DA network is compromised, only the data of this
Data are aggregated from source nodes towards base s- node will be affected. However, the whole network may lose
tation through multi-hop communications in a WSN with its effectiveness if an AN (ANu in Fig. 1) is attacked by
DA. Although DA is a preferred technique to promote the adversaries. Furthermore, many raw data were deserted after
effectiveness of WSNs, it brings many secure issues due to the aggregation was executed. Therefore, the data accuracy is
the open transmission mode. We will discuss the connotation interesting topic in a WSN with DA and it is a important goal
of DA and the security goals respectively in this section. of SDA which we will discuss in Section II.B.
Things Journal
B. Security Goals regarded as having the same meaning with the integrity,
By taking the characteristics of WSNs and DA into account, significant differences can be found in some specific scenarios
the data aggregation in WSNs should be secured from the [5]. For example, if using broadcasting as the communication
following aspects. model, a sender may have its transmitted data packets received
1) Confidentiality: Confidentiality is defined as the proper- by all of its one-hop neighbors. The malicious node may
ty that transmitted messages are supposed to be understandable perform Replay attack to compromise the communication
and accessible only to intended receivers [7]. It ensures between the sender and the receiver by replaying the data
that sensor readings, network topologies and data flows are packets. In this case, the malicious nodes do not change the
prohibited from being spied on by malicious entities. In content of the data packets, which does not break the law of
SDA, the confidentiality is usually implemented by encrypting integrity. Nevertheless, ANs may receive duplicated packets
the packets before sending them to a desirable destination. and thus calculate incorrect aggregation results, especially for
Specifically, the encryption/decryption methods can be divided some DA functions sensitive to Replay attack (e.g., sum or
into two categories. The first one is based on symmetric keys, counting functions).
i.e., the same key is used in both encryption and decryption. 5) Lifetime: Lifetime has various representations in the
Nevertheless, each pair of transmitter and receiver need a exiting literature. In WSNs, it can be defined as First Node
secret key, and how to distribute the keys in WSNs is a very Dies (FND), All Nodes Die (AND), K% Die Time (KDT) or
challenging issue. The other one adopts asymmetric keys to Half Die Time (HDT) [13]. The difference of these definitions
acquire higher security guarantee. However, the price we have actually comes down to the number of dead nodes. Taking
to pay is much more computations and thus higher energy FND as an example, it is interpreted as the time span until the
consumption as well as longer latency. Therefore, it is an first node dies [5]. As a natural extension, lifetime can also be
inevitable issue to design light-weight schemes for resource- described as “the time during which we can gather information
limited WSN. from all sensors to base station” [14] in DA. This definition
2) Integrity: The goal of integrity is to prohibit data packets of FND actually has been widely adopted in SDA [15, 16].
from being tampered or deleted by unauthorized entities during Nevertheless lifetime is usually regarded as a measure of net-
communications [8, 9]. In WSNs, a sensor node broadcasts work performance, it is also an important security requirement
data packets into the air and all the other nodes within in of DA, especially when the ultimate aim of intruders is to
its communication range can hear the packets. Therefore, decrease the feasibility of the network, e.g., through decreasing
the integrity of the packets may be impaired by malicious the network lifetime. Furthermore, the packet transmissions
intermediate nodes. Two complementary conditions for data account for nearly 70% of power consumption in a WSN
integrity are taken into account and at least one of them [17]. Obviously, one of the choices to prolong the lifetime
should be respected: i) the original content of the packet is of network is to guarantee the transmission quality of data
maintained with no change; ii) the changes of the packets packets at a “secure” level [18, 19]. The Jamming attack [20–
can be detected by receivers. To this end, many schemes 22] and Path DoS [23] are typical ones to decrease the the
have been proposed in order to preserve the data integrity, energy efficiency of WSN. The common result of these attacks
such as message authentication code [9, 10] and XOR [7]. is to exhaust the energy of nodes and decrease the lifetime of
Unfortunately, even for integrity preservation in a hop-by-hop WSN. Therefore, lifetime is doubtlessly the primary goal of
manner, an additional verification operation is required, which SDA and other security goals are meaningless if the lifetime
may result in energy consuming and data delivery delay [11]. is compromised.
3) Availability: Availability implies that users can access 6) Accuracy: Accuracy can be used to measure the differ-
resources and services in face of attacks, e.g., Denial of Service ences between aggregation results and ground truths. It is a
(DoS), flooding, selective forwarding etc. Since sensor nodes crucial index of decision-making in some application scenarios
usually have limited resources, they are of considerable vul- [24]. For example, for military applications, an inaccurate
nerability when suffering from malicious activities launched aggregation result at AN may result in the false deployment
by adversaries. Moreover, sensor nodes in a WSN may play of troops. WSNs with DA are generally supposed to obtain
different roles in some application scenarios, and attacking more accurate aggregation results than those without DA.
different parts of the sensor network may produce various Nevertheless, sensor nodes are usually deployed in wild fields
influences. The communication channel may be fully occupied and are very likely to suffer from attacks such as node capture.
by receiving or transmitting data if a Monitoring Node (MN) The captured nodes may provide forged data and thus falsify
is compromised by attackers. This may lead to unavailability AN or BS to produce a false aggregation result. Therefore, we
of the compromised node as well as its neighbors. What is should introduce secure schemes into DA, so as to prohibit the
worse, if an Aggregation Node (AN) is attacked, the cluster aggregation results from being spoiled in the face of attacks.
associated with the AN or the whole network is prone to be Furthermore, a scheme to determine the accuracy level is
unavailable. Therefore, SDA scheme for availability is not an required, due to the resource limit of the sensor nodes, so as
arbitrary one and the diverse strategies may be required when to make a tradeoff between aggregation accuracy and resource
different malicious activities emerge in a WSN in order to consumption.
restrain the impact of compromised nodes. 7) Robustness: Robustness, also called fault-tolerance, can
4) Freshness: Freshness is to ensure that data packets are be defined as “the ability of a system to resist change without
not replayed [12]. Although the freshness is to some extent adapting its initial stable configuration” [25]. It implies that
Things Journal
network systems should run at an acceptable level and need

not to modify the network parameters of SDA even in the
condition that the confidentiality, integrity, freshness, accuracy
and other security goals are deviated by abnormal activities
or attacks. In WSNs, adversaries usually destroy the network
through various approaches, e.g., DoS [26] or DDoS [27],
Jamming or Collision [28], Flooding [29], Sinkhole or Selec-
tive Forwarding [30], Node Capture or Compromised Node
[31]. All of these attacks can severely limit the functionality
of WSN and compromise the efficacy of DA. Although some CH MN
solutions have been designed for specific linear-based [32] and
tree-based [33, 34] topologies, how to guarantee the robustness Fig. 2: Cluster-based topology
of sensor networks with other generalized topologies is still
an open issue.
III. T OPOLOGY OF SDA

where Eres is the estimated current residual energy and
WSNs can be regarded as a distributed system, where each
Eini is the initial energy of a sensor node. A CH not only
node covers a geographical region in a stochastic manner. The
communicates with MNs, but also serve as AN to fuse the
sensor nodes are organized according to specific topologies,
data received from the MNs in the same cluster. Therefore,
based on which data are aggregated. In SDA, different topolo-
the power consumption of CH is significant and the problem
gies are employed for the purpose of improving the concerns
of single point failure is a huge challenge for SDA.
in Section II. The aggregation topology plays a significant
role in SDA and even the same SDA method in different In comparison with single CH topology, double CH topolo-
aggregation topologies may have volatile performances. In the gy has the advantage of overcoming single point failure. The
following, we will discuss five kinds of topologies, analyze Double Cluster Heads Model (DCHM) is proposed in [39]
their characteristics and compare their differences in the as- where two nodes are selected as CHs in a cluster randomly. If
pects of formation difficulty, application scene and security the running time of current CHs exceeds a default threshold
goals. or the residual energy is below a given level, DHCM will
reselect two candidate CHs. However, DCHM attaches great
A. Cluster-based topology importance to the accuracy of SDA and consumes more than
1.2 to 1.3 times energy comparing with SDA without double
The efficacy of the Cluster-based Topology (CT) in terms of
CHs.
accuracy and energy consumption (lifetime) has been verified
in the existing literature on DA [15]. Taking lifetime as an After one or more CHs are selected, the cluster formation
instance, the energy consumption of a cluster-based protocol is another critical stage in CT. In the existing literature, new
may reduce by over seven times [35] compared with that of cluster formation mechanisms have been developed such as
the direct communication with BS. The lifetime extension ratio the periodical clustering [40], the hierarchical clustering [41],
may exceed eleven if DA and virtual grid clustering techniques the square clustering [36], the variable size clustering [42]
are applied [36]. A typical cluster-based protocol consists of and the node connectivity clustering [43]. These proposals
three steps: Cluster Head (CH) selection, cluster formation and share the same goal of minimizing the cost of intra-cluster
steady state [37]. As shown in Fig. 2, the sensor nodes can communication without compromising the effectiveness of
be divided into two categories, i.e., CHs (or ANs) and MNs. DA. Note that although these cluster formation algorithms
MNs send their sensing data to CHs instead of transmitting may provide better performances in terms of confidentiality,
them to BS directly. Then, CHs aggregate the data collected integrity, accuracy, lifetime and so on than the algorithm in
from MNs and forward the aggregation result to BS through [37], they are susceptible to higher computation and message
multi-hop transmissions among CHs. complexities. It is an interesting issue to decrease the difficulty
CT is able to improve the lifetime of WSN through decreas- of cluster formation without losing the network performance.
ing energy consumption and the CH selection is one of the Furthermore, a CT for SDA must take security into con-
crucial concerns in cluster-based SDA [13]. Many variations sideration and can be integrated with other techniques, e.g.
are proposed, e.g. the single CH and double CHs. As to the encryption [43] or anomaly detection [44] in the processes
single CH, the node with the highest residual energy has a high of CH election and data transmission. In addition, the grid
probability to serve as a CH, so as to guarantee the WSN to run topology is also a feasible choice in SDA [36, 45]. In this
in a sustainable state [38]. Assuming that there are N nodes survey, we argue that the grid topology is composed of many
in a WSN and the number of the potential CHs is n. Then, a cells which are considered as a special kind of clusters. The
node, np , may be selected as a CH with the probability CHp . only difference between CT and grid topology is that the
n Eres grid topology usually needs the geographic information to
CHp = ∗ . (2) determine the edge among cells.
N Eini
Things Journal
X1
BS
X2
AN LN
Z1 Y X3
Fig. 3: Tree-based topology Z2
Z3
B. Tree-based topology
Tree-based Topology (TT) is one of the commonly used
network topologies in WSNs for DA [46, 47], which demon- Fig. 4: Synopsis diffusion with ring topology
strates a good performance especially in a sparse network [48].
As illustrated in Fig. 3, besides AN and BS, another type of
sensor nodes is used in the tree topology, i.e., Leaf Node (LN)
which has no child nodes. TT usually forms an aggregation Ă
ni
Ă
ni-1 ni+1
tree rooted at BS in a dynamic changing network in which
the ANs and LNs may leave or join the network randomly.
Several messages are needed in the process of tree construction Fig. 5: Simple linear topology
and the intuitive method includes three steps [49]. Firstly, BS
broadcasts “Hello” message to the direct neighbors in the
scope of radio range and the neighbors accept the message inner rings layer by layer until they arrive at BS. In contrast
if they are isolated and do not belong to any parents in the with TT where each sensor node has only one parent node as
network. After that, the neighbors respond “Parent Request” the next hop, a sensor node in the RT may have multiple next
to BS. Finally, BS sends “Join” message back to the neighbors hop nodes, e.g., node Y in Fig. 4, and the system robustness
and confirms the relation between parent and child which against node failure can be enhanced by such a multi-path
are assigned different duties as AN and LN respectively. The routing strategy. Nevertheless, we have to deal with the data
directed child of BS recurses this process until all sensor nodes duplication issue in this case. To this end, synopsis diffusion
belong to the same tree. is firstly proposed in [55] for computing duplicate-sensitive
The above-mentioned scheme is a simple construction aggregation. Unfortunately, it has no resilience to false sub-
method in TT. Many complex methods such as the shortest aggregation values and node compromises [32]. It has been
path tree [50–52], the energy-effective tree [24] and the greedy drawing increasing attention to improve RT in the current
incremental tree [48] have been proposed with the aim of literature, e.g., RT resisting hybrid faults [56] and malicious
reducing the construction cost and decreasing the transmission attacks [57], where it is manifested both survivability and
latency. attack-resilience of SDA can be improved if the number of
To realize the security goals in a tree-based sensor network faulty or compromised nodes are below some threshold.
for aggregation (e.g., accuracy, integrity and etc.), two mech-
anisms are usually adopted. One choice is to verify the ag- D. Linear-based topology
gregation results in BS only, which may save the computation
All the topologies described from Section III-A to III-C
resources of ANs [53]. However, adversaries could mislead
are applicable in most of scenarios, while in some special
AN even BS to acknowledge the falsified aggregation results
application fields (e.g. pipeline maintenance, driver alerting,
by attacking LNs. The other one is to perform recognition
streetlight monitoring and border monitoring [58]), sensor
operations in each AN [54], which entails extensive data
nodes are deployed linearly and the resulting Linear-based
traffic for verification and thus results in significant energy
Topology (LT) demonstrates better performance than other
consumption at ANs.
network topologies. We show an example of LT in Fig. 5,
where the data acquired by each sensor are aggregated in a
C. Ring-based topology linear manner. A node, ni , can only communicated with its
As demonstrated by Fig. 4, in a Ring-based Topology (RT), 1-hop neighbors, ni−1 and ni+1 , which are responsible for
sensor nodes are divided into a set of rings centering around forwarding the received data to the 2-hop neighbors of ni . In
BS. The data sensed by the outer nodes are aggregated and this case, the network may be disconnected even though there
delivered to the ones in the inner rings until reaching the is only one sensor node corrupted. Therefore, how to deal with
central BS. For example, the data sensed by nodes Z1 , Z2 the system vulnerability is a very challenging problem for LT
and Z3 in the outer ring can be relayed by the nodes in the to guarantee its security. To address this issue, sophisticated
Things Journal
Fig. 6: (7, 2)-linear topology CH MN
Fig. 8: Cluster-Tree-Based Topology
of WSN and different topologies have specific characteristics

in themselves.
Cluster and Tree based algorithm for Data Aggregation
(CTDA) integrates TT and CT into a Hybrid-based Topology
(HT), where the cluster topology is adopted in the sub-zone
Fig. 7: Hole-free linear topology of the whole targeted area and the clusters are organized as
a tree topology [62]. The critical idea in CTDA is to execute
DA in CHs in order to decrease the traffic between sensors
communication patterns are developed in practical systems, and BS. In the step of clustering, CHs are elected using a
if each sensor node has sufficiently long radio range to have novel method different from the one described in [37]. Firstly,
multiple neighbors. A term called (N, d)-linear network means each sensor node generates a random number between 0 and
that a node is capable of communicating with direct or indirect 1. This number is compared with a threshold T (n):
neighbors at most d-hop away in a WSN containing N nodes.
(
Fig. 6 is a (7, 2)-linear network and each node can transmit P
,n ∈ G
T (n) = 1−P ∗[r mod (P1 )] (3)
its sensing data to 2-hop neighbors. In LT, security attracts
0, otherwise
special attention and a Key Pre-distribution Scheme (KPS) is
proposed [59]. (N, r)-KPS can prevent the network from being where P is the ratio of the number of CHs to the number of
compromised and provide high security in the condition that senor nodes, r is the current round number and G is the set
less than r malicious nodes appear. of nodes except the CHs. If a random number generated by a
LT can be applied not only in the sensor networks where node ni (1 ≤ i ≤ N ) is less than T (n), ni is declared to be a
the nodes are deployed in a linear pattern but also in the CH and every MN chooses the closest one as its CH. Then, A
ones where the nodes are placed randomly. Let N nodes be Minimum Spanning Tree (MST) rooted at BS is constructed
distributed in a geographical area and the goal of aggregation is based on CHs as demonstrated in Fig. 8.
to travel all the nodes in the network following a certain linear The Cluster-based and Tree-based Power Efficient Data
path in which each node is visited only once. The traversal Collection and Aggregation protocol (CTPEDCA) [63] is also
issue usually needs to construct a Hamiltonian path which a cluster-tree-based one. It utilizes a distributed clustering
has been proved to be a NP-Complete problem. As a feasible algorithm to divide a network into a lot of clusters according to
solution, the peeling algorithm is proposed in order to form a the autonomous decision of MN without the intervention from
hole-free linear topology [60] as shown in Fig. 7. BS. In CTPEDCA, the CH with maximum residual energy is
LT has been proved effective in communication cost, energy selected as the root of MST. Different from CTDA, CTPEDCA
consumption and response time, especially in a WSN with demands that the root should be able to communicate with
DA [61]. However, the query accuracy and the robustness of BS directly in each round and other clusters should only
aggregations (Max, Min, Count, etc.) need to be improved in transmit message to the root. In CTDA and CTPEDCA, CH
LT. is responsible for data collection and DA. Thus, it is prone to
lose its efficacy with the dissipating of the energy and become
a vulnerable point. The changeable CH may be a solution to
E. Hybrid-based topology this problem. BS only forms the primal clusters in the first
WSNs are deployed in various environments and are faced round and CH in each cluster may be reselected in subsequent
with multitudinous applications. In many scenes, sensor nodes rounds [64].
cover different geographical regions which monitor different It has been proved that cluster-tree-based topology inte-
environmental parameters (temperature, humidity or pressure) grated with DA can minimize the communications among
and possess dissimilar distribution patterns (uniform distri- sensors and reduce the energy consumption [62, 63]. This
bution or random distribution). Due to this reason, network also provides a new way of thinking for other topologies, for
topology plays a significant role in improving the performance example, tributaries-deltas topology shown in Fig. 9. It is a HT
Things Journal
methods have been proposed. Different from those in tradi-

Tributary Region (Tree) Delta Region (Multi-path)
tional networks, the security strategies of DA in WSNs take
both resource constraints and security goals into consideration.
It should be noted that SDA strategies may show distinct
performances in terms of lifetime, robustness and so on if
different topologies are adopted. Namely, these strategies are
topology-dependent in the current contributions. For example,
Relay Node the RT and tributaries-deltas topology in HT are more robust
Normal Node
than TT because a node may have multiple parents and the
failure of one parent may be tolerated in these topologies.
Fig. 9: Tributaries-deltas topology Thus, the topology formation is indispensable before SDA
strategies is implemented. In the following discussion, we
will focus on analyzing the security mechanisms of SDA and
omit the topology formation which readers can look up in
Section III and determine the specific formation technique.
Furthermore, we can also apply these mechanisms into other
topologies and verify their performances with the aim of
CH
expanding the practicability of SDA strategies in future study.
MN
Fig. 10: Cluster-linear topology A. Anomaly Detection SDA

Due to the increasing diversity of the emerging threats to
WSNs, we cannot solely rely on passive system prevention.
which combines the advantages of tree topology and multi- Therefore, Anomaly Detection (AD) techniques are usually
path and can offer the highly efficient and robust aggregation utilized to exploit the system events that have potentials of
[33]. HT may not be limited to the above-mentioned topologies threatening the security of WSNs. For the applications of data
because of the complexity of application. Taking reference aggregation, they can be divided into two categories: behavior-
[65] as an example, the monitoring nodes are deployed in based AD and data-centric AD.
some independent subzones which need to be integrated into
In Behavior-based Anomaly Detection (BAD), sensor nodes
an interconnected system. A path-connected-cluster topology
are classified into normal nodes and monitoring nodes [66] as
with the characteristic of cluster and linear topology may be
shown in Fig. 11. The normal nodes are deployed to perform
a favorite one as demonstrated in Fig. 10. In fact, there is not
ordinary WSN functions (including sensing, communicating,
a uniform HT that is suitable for any application scene and
aggregating, etc.), while the monitoring nodes are employed
what type of HT is a good design depends on the specific
to supervise the behaviors of the neighboring normal nodes.
requirement.
In particular, the malicious activities of the normal nodes are
We call all the topologies in this section structured ap-
evaluated by some anomaly detection methods, e.g., Kalman
proaches which have been used in both practical applications
filters. A normal node is labeled as a malicious node if the
and theoretical analyses. Table II analyzes the differences
monitoring nodes detect sufficient abnormal behaviors, and the
among the five types of topology in the aspects of energy
data from the malicious node are excluded from DA process.
consuming, application scene and security goal. It is hoped
Such a mechanism can be used to deal with many adversary
that this analysis may provide a useful guide for researchers
attacks, such as Selective Forwarding Attack, Sybil Attack,
in SDA to choose a reasonable topology for their contributions
Black Hole Attack and Grey Hole Attack. Furthermore, a mon-
under investigation. Note that we only compare some security
itoring node may be compromised by adversaries. Therefore,
goals which have been used in the current literature of topol-
it detects not only the malicious activities of normal nodes but
ogy and the other ones discussed in Section II.B are closely
also the behaviors of monitoring nodes in its radio coverage
related to security method which will be examined in Section
(dashed circle in Fig. 11).
IV.
However, this strategy depends on the assumption that the
number of normal nodes far exceeds that of malicious ones
IV. SDA S TRATEGIES [66, 67]. Moreover, BAD is sensitive to the threshold which
To guarantee the security of the data aggregation in WSNs, can be used in a detection algorithm to confirm whether a
numerous strategies have been proposed in the existing lit- node is a malicious one or not, especially considering the
erature. Different from the ones designed for traditional ad- aggregation accuracy is closely related to it [68]. The higher
hoc networks, SDA in WSNs is supposed to take resource threshold may result in the ignorance of some malicious nodes
constraints into account. and the lower threshold may lead to misunderstanding of a
DA must face security issues because it is almost impossible normal node as an abnormal one. No matter whether the
to ensure absolute security in the process of aggregation. SDA randomized threshold or optimal threshold [69] is used, setting
is one of the basic requirements to protect the sensor reading an appropriate one is a challenging issue in the process of
from being compromised. For the sake of security, numerous neighbor monitoring.
Things Journal
TABLE II: Comparison of different topologies

Topology Formation Difficulty Application Scene Integrity Lifetime(FND) Accuracy Robustness
CT[8, 13, 36–42, 44, 45] Low Dense High Low Low High
TT[14, 24, 46–49, 51–54] High Sparse Medium High High Low
RT[32, 55–57] High Dense/Sparse High Medium Medium High
LT[58–60] Medium Linear/Sparse Low Low Low Low
HT[62–65] High Dense/Sparse/Linear Medium Medium Medium Medium
Outerlier data Valid data
Monitoring Node Aggregation and Normal Node
Fig. 12: Elliptical AD

Fig. 11: Behavior monitoring in WSNs.
MD is regarded as a decision function (threshold) to evaluate

Different from BAD, Data-centric Anomaly Detection whether x is a valid data or an outlier as shown in Fig. 12.
(DAD) aims at verifying whether the aggregation value is As to SDA, the aggregator only needs to fuse the correct
the anticipated one [32] so as to guarantee data accuracy, sensor readings and deserts outliers which may be injected or
considering that the compromised nodes in a WSN may inject modified by adversaries. Most currently, other schemes, such
false data. A typical example of DAD is Data Aggregation and as interquartile analysis [73] and support degree function [74],
Authentication (DAA) protocol [70]. In DAA, the monitoring are designed to eliminate outlier from the valid data. These
nodes of each aggregator are paired with the sensor nodes contributions promote the network lifetime, energy efficiency
along the route towards the next aggregator. They not only and accuracy of DA.
perform data aggregation, but also calculate corresponding Many schemes have been proposed such as mutual defense
message authentication code. Thus their pairmates can verify [75], interval analysis [76] and Markov chain [77] to detect
the data integrity of the encrypted data instead of the plain data anomaly or faulty nodes in SDA and provide resilient defense
for the purpose of confidentiality. The false data cannot pass for false data injection and compromised nodes. Table III
the verification and will be dropped during the data forwarding presents a detailed comparison of ASDA methods and their
process as early as possible so as to decrease data traffic. limitations may be avoided by designing new AD schemes in
In terms of the communication and computation complexity, order to meet the security goals of specific scene in future
the elliptical AD has been proved to be an efficient method study.
which shows good adaptability not only in behavior-based AD
but also in data-centric AD [71]. Using the elliptical detec-
tion mechanism, the behavior-based AD can detect malicious B. Encryption SDA
activities and construct the model of normal behavior [72], Encryption Security Data Aggregation (ESDA) is usually
while data-centric AD can remove the outlier value in sensor applied to guarantee the confidentiality of DA. Two kinds
readings. Taking reference [71] as an example, a sensor node of encryption mechanisms are often adopted in ESDA, i.e.,
(ni ) calculates a local ellipse with radius Ri based on its symmetric key and asymmetric key.
own data with mean µi and covariance matrix Σi . All the In the symmetric-key mechanism, all the nodes in a WSN
parameters are sent to BS which merges these parameters with share the same key to encrypt and decrypt data packets.
other sensor nodes. Then, a global ellipse with radius R is However, this scheme even cannot tolerate single-point-failure.
formed in BS and sent back to each sensor node. After that, In particular, once a single node is compromised (e.g., it
each new sensor reading x is tested on whether it falls inside is captured by adversaries), the confidentiality of the overall
this ellipse or not by computing the Mahalanobis Distance network is violated. To handle this issue, in the asymmetric-
(MD) with Equation (4) as follows. key mechanism, each sensor node shares a private key with
q BS. It offers better security, but can be applied only in small-
M D(x) = (x − µ)Σ−1 (x − µ)T . (4) scale networks, due to the resulting difficulty in storing and
Things Journal
TABLE III: Comparison of different ASDA methods

Research Category Algorithm Decision Network Aggregation Limitation Security
Proposal Topology Function Goal
Accuracy
Kalman
IDS[66] BAD Theoretical Tree Average sum Overwhelming majority of nodes are Integrity
filter
threshold secure;other security schemes are need- Robustness
ed to protect nodes from being compro-
mised.
ERD[69] BAD Distributed Optimal Cluster – Only adapt to the condition of static Robustness
bayesian threshold fault or 0-1 failures.
Genetic
ED[18] BAD Adaptation Hybrid Average Insensitive to instantaneous changes. Accuracy
algorithm
threshold
Integrity
Count sum
Synopsis DAD MAC – Ring A node having multiple parents in ring Accuracy
max min
Diffusion[32] topology may lead to message duplica- Lifetime
tion.
Accuracy
Integrity
DAA[70] DAD SDFC – – – Aggregator has at least T neighbors;
Confidentiality
group communication vulnerability.
Lifetime
Ellipse[71, DAD Mahalanobis Predefined Cluster – Boundary and similarity computation Accuracy
72] distance threshold have higher complexity; data distribu- Roubustness
tion in each sensor node is needed.
Mutual DAD SSGF MTD thresh- Cluster Average Do not consider the security of CH; not Integrity
Defense[75] old suitable for contingent event. Freshness
Accuracy
SDAIA[76] DAD Interval anal- Lower bound Cluster Average More reasonable confidence interval Accuracy
ysis and upper and bound are needed.
bound
Faulty node DAD Markov Interval test – – Only detect the gradual degradation of Accuracy
detection[77] chain and state sensor ability; faulty nodes may not be Lifetime
transition detected if half or more nodes are mal-
functioned within a small time period.
Lifetime
Outlier elim- DAD Interquartile Upper and Cluster SOM The limitation of SOM such as local
Accuracy
ination [73] analysis lower range optimum may have negative effect on
DA.
SDAF [74] DAD Support de- Threshold Cluster Add Higher computation complexity. Accuracy
gree function
distributing a large number of keys that are entailed in large- pairwise key can be established between ni and nj , and the
scale networks. probability is
To guarantee both security and efficiency, the key pool pij = 1 − (1 − pinc )2 . (6)
mechanism discussed in [78] is one of the choices. However, The pairwise key mechanism can keep high secrecy even
it may bring negative effect on the connectivity of network when the compromised nodes appear in the condition of big
because the probability of sharing key in two nodes keeps n and m (e.g. n > 500, m > 200) [79].
falling with the expansion of key pool. The pairwise keys are In the existing literature, many encryption algorithms have
usually adopted in the exiting proposals to assure the SDA been explored in order to verify their adaptability and produce
without losing of connectivity [59, 79]. Assume there are n+1 the strength keys in SDA, such as AES [81], RC5[82], Hash
keys in the key-ring and each key is related to the node ID. [83], q-composite [84] and XOR [7]. The nature of these
For nodes ni and nj , each of them selects m IDs from the symmetric encryption schemes is to search for a lightweight
key-ring. method which can be employed in ESDA with fewer re-
m
The different ways of selecting m IDs in node i are Cn+1 . quirements on computation complexity, storage and energy
The prerequisite for security communication is that m IDs consumption under the constraint of security level [81].
in node j contain a common ID with m IDs in node i. Generally speaking, symmetric key has more adaptability in
On the contrary, the secure communication is difficult to be SDA because asymmetric key is very expensive in terms of
m
established if there is no ID of i in m IDs of node j, C(n+1)−1 . system overhead [12] including computing complexity, energy
Then, the probability that ID of nj is included in the key-ring consumption and real-time nature. However, asymmetric key
of ni is is stronger than symmetric key. The lightweight asymmetric
( Cm key has been well-studied [85, 86] and many encouraging
1 − (n+1)−1
m
Cn+1 , m < n + 1. results have been continuously proposed, especially elliptic
Pinc = (5)
1, otherwise. curve cryptography (ECC) [87].
Table IV provides a summary of the above-discussed en-
The secure communication will be formed if and only if cryption methods and their application scenes in SDA. En-
there is at least one common ID in their key-rings, namely a cryption is in contradiction with DA because no matter what
Things Journal
TABLE IV: Comparison of different methods of ESDA

Research Proposal Key Category Encryption Network Aggregation Limitation Security
method Topology Function Goal
Unconditional key Symmetric key Pairwise key Cluster – Store too many keys Confidentiality
[79] Lifetime
Lightweight security Symmetric key XOR Cluster Average Depend on cluster topology; Only take Confidentiality
[7] replay attack into consideration. Integrity
freshness
Lifetime
Max, min,
SDAP [80] Symmetric key Pairwise key Tree Hop by hop security; expensive com- Confidentiality
mean, add
putation for count and sum aggregation Integrity
function. Lifetime
Resilient aggregation Symmetric key Pairwise key Linear Sum Vulnerable to consecutive malicious n- Confidentiality
[59] odes. Integrity
Lifetime
Distributed DA [83] Symmetric key Secret Tree, cluster Sum Sink must know the structure of tree; Confidentiality
perturbation Need high cost if topology changes Lifetime
frequently.
GABs [128] Symmetric key Pairwise key Hybrid(Mesh) – Better performance in strong link net- Confidentiality
work; neglect the interference. Integrity
Lifetime
Secure clustering [82] Symmetric key AES Cluster – Only consider cluster topology Confidentiality
Lifetime
SHIA [85] Asymmetric key – Tree Sum Only consider tree topology Integrity
Confidential-
ity
Node level security Asymmetric key Elliptic – – Huge number of keys; one-hop key Confidentiality
[87] curve establishment. Integrity
Secure hierarchical Asymmetric key Elliptic Tree Sum Reduction in throughput; reconfigura- Confidentiality
DA [86] curve tion has negative effect on connectivity. Integrity
Lifetime
kind of key it is (symmetric key or asymmetric key), the and the aggregation is executed at BS according to these
plaintext is needed in the process of aggregation. This may coefficients [91–93]. The sensor node i conceals its sensing
lead to two negative effects: i) AN decrypts the received data with size n into an m-degree polynomial in Equation (7)
data before aggregation is executed and the aggregation result using curve fitting algorithm.
needs to be encrypted before it is sent to next hop, which is
prone to increase the computing complexity of AN; ii) the fi (x) = ai0 + ai1 x + ai2 x2 + · · · + aim xm
m
plaintext emerges in the intermediate nodes (AN) which may X (7)
be exposed to the adversary if the AN is compromised or = aij xj
j=0
captured. According to these disadvantages, DA is difficult to
ensure at a high security level only by depending on either where m < n. f and x are the function and the argument of
symmetric key or asymmetric key. polynomial respectively.
Each node shares a random number, Rid , with BS in dth ag-
C. Privacy SDA gregation round. The sensor node, ni , adds the random number
Rid to its coefficients and the Equation (7) is transformed to
As elaborated in Section IV-B, ESDA has the disadvantage Equation (8).
that the plaintext emerges in intermediate nodes so that the
m
private sensor readings may be exposed to unauthorized users. X
What’s more, the compromising of even a single node would fid (x) = (aij + Rid )xj . (8)
j=0
reveal the overall system in some extreme situation [31]. Due
to the unattended even hostile environment and the disad-
Then, Each node ni sends fid (x) to AN. For Rid is only
vantages of ESDA, the privacy of SDA is almost impossible
shared by ni and BS, the sensor reading of ni is unknown
without the help of additional security mechanism. This huge
to AN and the privacy is guaranteed in the intermediate
challenge attracts much attention and some Privacy Secure
node. Take addition aggregation function into consideration,
Data Aggregation (PSDA) methods have been developed to
the private sensing data from all sensors are aggregated at AN
prevent the sensing data from being eavesdropped on or
as shown in Equation (10).
tampered. PSDA is an open issue both in WSNs and its typical
application fields, such as Internet of Things [88, 89] and smart AN
X X X
Dagg (x) = fsd (x) = [( (asj + Rid )xj ]. (9)
grid [90]. s s
j
The polynomial regression is one of the most popular
mechanisms to address the privacy issue in SDA. The sensor where s represents that there are s nodes sending data in
readings are represented by the coefficients of a polynomial aggregation round d. The concealed aggregation result of
Things Journal
AN is forwarded to BS hop-by-hop and BS obtains the final

AN D7=23
aggregation result after receiving the Dagg (x).
X 7
BS
Dagg (x) = fs (x) SUM=49
s 30 BS
X X
= [( (asj + Rid − Rid )xj ] D12=23
(10)
j s
X X 12
= [( (asj )xj ]
j s
The contributions of PSDA based on polynomial are t- Fig. 13: A redraw perturbation example from [83]
wofold. On one hand, the original sensor readings are hidden
in the polynomial coefficients, so as to guarantee the privacy
of the SDA. On the other hand, the polynomial coefficients The relay node j aggregates the items in Mj by Equation
(instead of sensor readings) are transmitted in this scheme, (13), 
D̂j = {Dj + Σm ˆ
which considerably reduces the communication overhead. k=0 Dck }mod q


Furthermore, by integrating the polynomial aggregation with  A0 = b{D̂ + Σm Dˆ } div qc

j j k=0 ck
ˆ0 = {Â + A0 + Σm Aˆ } mod q (13)
other security techniques (e.g., encryption [91, 93] and secure A j
 j j k=0 ck

pseudorandom function [92]), we can achieve other security 

listj = listj ∪ {c0 , c1 , · · · , cm }
goals (e.g., confidentiality, integrity, etc.).
Another thread of realizing privacy protection in SDA is to The < D̂0 , Â0 , list0 > is computed by Equation (13) if BS
elaborately insert perturbation value [83] or forged data [94] arrives. BS obtains the aggregation result (e.g. sum) of original
into the sensor readings. Although adversaries may eavesdrop data from < D̂0 , Â0 , list0 > using Equation (14).
on the transmitted data packets, the forged data can protect the
A0 = {Â0 − Σt∈list0 hash(St,1 |R) mod q}
information carried in the data packets from being revealed to (14)
unauthorized users. Taking perturbation [83] as an example, let sum = D̂0 + q × A0 − Σt∈list0 hash(St,0 |R)
Di denote the sensed data of node ni . Node ni first computes a This process can be illustrated as Fig. 13 with 4 nodes (node
permutation value D̂i through hash function Hash according 7, node 12, node 30 and BS) where q = 65521, D7 = 23,
to D12 = 26, hash(S7,0 |R) = 65519, hash(S7,1 |R) = 64830,
D̂i ← {Di + h(si,0 |r)} mod q hash(S12,0 |R) = 40865 and hash(S12,1 |R) = 23779.
The nature of perturbation privacy preserving is to avoid
where si,0 is a secrete value, r is a random number, and q is
transmitting the real sensing data. Instead of adding perturba-
a prime number. Suppose
tion value or forged data into sensor readings [83, 94], CH only
Ai = b{Di + Hash(si,0 |r)} div qc forwards the partial data to BS where the final aggregation
is an data item to initialize the auxiliary variable Âi , and can be recovered using an elegant Chinese remainder theorem
[95]. Namely, two completely different mechanisms may be
Âi ← {Ai + Hash(si,1 |r)} mod q considered (inserting data into sensing data or transmitting part
is a permutation value of Ai which will be used at BS in order of data to BS) if the perturbation PSDA is adopted.
to recover the sum of original sensor readings form perturbed In SDA, the aggregator usually fuses data received from
ones, where si,1 is another secrete value. different sensors in plaintext and the decryption is always
The perturbation privacy preserving scheme includes three indispensable if the sensor node encrypts its sensing data
stages, sending perturbation value to AN, aggregation in AN before sending them to the aggregator. This may result in the
and recovering true aggregation result in BS. If node ni wants disclosure of privacy and confidentiality when the aggregator is
to send its sensing data Di to BS, it will compute perturbation compromised. As a natural requirement, the risk of disclosure
value D̂i , two secret values Si,0 and Si,1 (preloaded before should be avoided if the aggregation algorithm is performed
network deployment), hash function hash(x), random number only by depending on the ciphertext.
R, module q, storing list of perturbation values listi and Privacy Homomorphism (PH) is a typical end-to-end se-
auxiliary data item Ai respectively. curity mechanism and the concealed DA can be executed in
 relay node without the decryption operation [96]. Moreover,

 D̂i ← {Di + Hash(Si,0 |R)} mod q PH offers a characteristic that the algebraic aggregation oper-

 Ai ← b{Di + Hash(Si,0 |R)} div qc ations (Add, Multiply, etc.) on ciphertext have corresponding
(11) operations on plaintext. Namely, the Equation (15) is satisfied

 Âi ← {Ai + Hash(Si,1 |R)} mod q
 [97].
listi ← {i}

Dk (Ek (m1 ) Ek (m2 )) = m1 ⊕ m2 . (15)
Node ni transmits < D̂i , Âi , listi > instead of original
where E and D are the encryption and decryption operation of
sensing data to its AN, nj . The node nj receives the message
PH, k is the key, and ⊕ present operations on ciphertext and
set Mj from its m child nodes (c0 , c1 , · · · , cm ) as follows,
plaintext respectively. This characteristic ensures the privacy
Mj = {< Dˆck , Aˆck , listck > |k = 0, 1, · · · , m}. (12) of SDA and avoids the issue of data disclosure in relay
Things Journal
data
ta noise
BS
1
2
Aggregator 1 2
.. a31
. a41 a51 a62
a72
3 7
a34 a67
n
a45 a65 a77
a33 a43 a76
4 5 6
a54 a56
Fig. 14: A redraw privacy-preserving aggregation example a44 a55 a66
(a) Slicing
from [105]
BS BS
A1=a31+a44+a51 A2=a62+a72 A1 A2
nodes. PH has been studied intensively for the purpose of 1 2
A7=a67+a77
A3=a33+a43 1 2
providing SDA with privacy and other security properties 7
A3
A7
3
such as the robustness [98], the end-to-end data confidentiality A5=a45+a55+a65 3 A4 A5 A6
7
[17, 99] and the integrity [100–102]. Although some PH- 4 5 6
4 5 6
based SDA mechanisms have the disadvantages of unautho- A4=a34+a44+a54 A6=a56+a66+a76
(c) Aggregation
rized aggregation and limited aggregation functions, newly (b) Mixing
emerging PH schemes provide good solutions and broaden

its application in SDA [103]. PH is usually classified into Fig. 15: SMART scheme
two different mechanisms including symmetric-key based PH
and asymmetric-key based PH. Thus, the weakness existing in
these cryptography systems may be introduced to PSDA, i.g. aggregates the slices to a mixing value after all the pieces
vulnerability to chosen-ciphertext attack [104]. of data arrive at the desired node. The mixing result can be
In PSDA, it is a challenging work if AN is untrusted. calculated using Equation (16) as shown in Fig.15(b).
The distributed differential privacy can be used to tackle Ai = Σnj=1 aij . (16)
this issue [105] as shown in Fig. 14. The sensing data of
each participant are mixed with random noise produced by In the aggregation step, the mixing values are delivered to
symmetric geometric distribution instead of directly sending their parents until BS receives all of them. BS computes the
them to AN. In this way, the differential privacy is ensured mixing values by Equation (17) and the final aggregation result
even though some nodes in a WSN are compromised or is obtained as illustrated in Fig.15(c).
colluded. In addition, the aggregation on encrypted data [106]
A = Σni=1 Ai = Σni=1 Σnj=1 aij . (17)
or data blocking [107] are also good choices to improve the
performance of aggregation in terms of privacy preserving and
accuracy. The original intention of SMART is to provide the privacy-
The comparison of different methods of PSDA is presented persevering for SDA. Many studies suggest that SSDA should
in Table V and the limitations of PSDA may be overcome be promoted to meet other security goals such as the lifetime
through designing novel mechanisms such as stateful public [49, 78, 111, 112], the integrity [113], the accuracy [24]
key [108], authentication [109] and elliptic curve cryptosystem even the privacy preserving [114]. Table VI compares the
[110] to provide a high security level with low overhead. contributions of SSDA in detail. More attention should be
paid to the slicing method which is a critical issue because the
D. Slicing SDA different slicing schemes are closely related to the properties
of the privacy, the integrity, the accuracy and the lifetime of
Slicing is an approach which divides the packet into several SDA.
pieces and each piece is sent to different neighbor instead of
transmitting the whole packet to one neighbor. The aggregation
is executed until all the pieces arrive at the aggregator or E. Confidence SDA
BS. In this way, the security may be guaranteed unless the Confidence SDA (CSDA) is a method which uses the
adversaries eavesdrop on all the slices and decrypt them at confidence level as an important index of determining whether
the same time. Slice-Mix-AggRegaTe (SMART) [47] scheme the sensor readings are aggregated into the final result or not.
is a typical one of Slicing SDA (SSDA). It is composed of The confidence level can be obtained through two schemes
three steps including slicing, mixing and aggregation. In the including trust system and reputation mechanism.
slicing step, node i cuts its reading into s slices randomly. The core of trust system is how to formalize the model
Node i holds one slice and s − 1 slices are sent to a neighbor of trust value. The trust value will keep increasing when the
set Ni (|Ni | = s − 1) within one hop or multiple hops. Take sensor node behaves in an expected way; on the contrary, it
one hop neighbor for example. The slicing can be illustrated will remain decreasing when the sensor node performs in an
with Fig.15(a). aij denotes a slice which is sent from node i unexpected way. Trust can be classified into two categories,
to node j and it is initialized to 0 (aij = 0) if node i does direct trust and indirect trust [115, 116] . Direct trust means
not send any slice to node j. In the mixing step, each node that the trust value is generated by the sensor node itself and
Things Journal
TABLE V: Comparison of different PSDA methods

Research
Network Topolo- Aggregation Limitation Security
Proposal
gy Function Goal
Polynomial [91–93] Cluster Add Need other security mechanisms. Confidentiality
Lifetime
Min, max,
Perturbation[83, 94, 95] Tree,cluster Additional communication; Complex computing. Confidentiality
add
Lifetime
Accuracy
Linear,
PH [17, 96–104, 108] Tree, cluster Complex computing in asymmetric-key based PH; Confidentiality
nonlinear
Difficult to verify integrity in aggregator or relay Robustness
nodes; Energy inefficiency in key distribution; vul- Integrity
nerability to certain attacks. Accuracy
Differential privacy [105] – Sum Focus on sum aggregation function. Confidentiality
TABLE VI: Comparison of different SSDA schemes

Research Proposal Slicing Method Network Aggregation Limitation Security Goal
Topology Function
SMART[47] Random slicing Tree Add Data collision; lower accuracy; communica- Confidentiality
tion overhead. Accuracy
Lifetime
iPDA [113] Random slicing Tree Add Two disjointed aggregation trees reduce en- Confidentiality
ergy efficiency. Integrity
Accuracy
Lifetime
ESMART [78] Variable slicing Tree Add Aggregation tree construction needs more Confidentiality
communication; aggregator failure does not Integrity Lifetime
take the residual energy into consideration.
HEEPP [49] Random distribu- Tree Add Higher computation overhead. Confidentiality
tion slicing Accuracy
Lifetime Integrity
EEHA [24] Random slicing Tree Add The level of privacy is lower than that of Confidentiality
SMART; time delay is longer. Accuracy
Lifetime
BPDA [111] Balance slicing Tree Add Privacy exposure probability is higher. Confidentiality
Lifetime
D-SMART [112] Dynamic slicing Tree Add Slicing number may be controlled by faked Lifetime
data provided by compromised node. Confidentiality
indirect trust is formed from the neighbor nodes. Then, a trust SDA, other trust models such as the Fast-Detection-and-Slow-
model may be based on direct trust or indirect trust or both Recovery (FDSR) [45] and the Energy Trust System (ETS)
with the aim of measuring the trustworthiness of a node in a [121] can also improve the detection ability against Sybil and
reasonable way. The Beta trust model and the entropy trust On-Off attacks.
model are widely used in WSNs particularly in the aspect The direct trust is constructed from the perspective of a
of sensor network security. Taking Beta trust model as an single node and it cannot guarantee to be a reasonable one in
example [117, 118], it can be constructed in a node as follows. some circumstances and a tied trust (indirect trust) mechanism
is always needed in order to achieve higher data accuracy of
f +1
Ti,j = . (18) aggregation [122]. As an extension of Equation (18), another
f +d+2 monitoring node k evaluates the trustworthiness of node j and
where Ti,j is the direct trust value in node i for a neighbor records the trust value Tk,j in its trust table. After node k
node j, f and d are the numbers of forwarding and dropping exchanges the trust table with node i, node i receives the trust
packets of node j respectively. Ti,j inclines to a lower value if value Tk,j which is an indirect trust value for node j from
the compromised node carries out some malicious activities, the perspective of node i. Then, the trust value of node j is
e.g. Selective forwarding and Greyhole. BS conserves the a composite one that can be calculated by fusing direct trust
trust records which are used for deciding whether the data with indirect trust as follows.
from a certain node can be aggregated or not. In this way,
Ti,j = Σnk=1 ωk Tk,j . (19)
the trust system can eliminate the outliers and prevents the
compromised node from misleading the aggregation result. where Σnk=1 ωk
= 1.
In the trust model, the trust value may be computed through Reputation mechanism has a close relationship with trust
other parameters different from Equation (18), e.g. the residual system, which has been demonstrated by some researchers
energy [119] and the activity expectation [120], and what who attempt to integrate trust with reputation. In their studies,
kind of parameter is adopted depends on the specific security the trust can be derived from reputation in combination with
goals. Although the Beta model is a frequently-used one in external evidence [123]. Some studies indicate that the trust is
Things Journal
an expectation of reputation [39]. Let fi,j and di,j be the good their excellent contributions to enhance the security of DA and
and bad behaviors of node j from the perspective of node i. push the research in this area to a higher level in their future
Node i generates the reputation of node j as works.
Ri,j = Beta(p|fi,j + 1, di,j + 1). (20)
V. D ISCUSSION
where Beta distribution can be represented as Equation (21)
which satisfies Gamma function, 0 ≤ p ≤ 1 and fi,j , di,j ≥ 0. We discuss the security issues in DA from the perspective of
security in this paper. Although the challenges in SDA have
Γ(fi,j + di,j + 2)
Beta(p|fi,j + 1, di,j + 1) = × been addressed and some proposals have been put forward
Γ(fi,j + 1)Γ(di,j + 1) (21) in relevant research directions, many important and valuable
pfi,j (1 − p)di,j researches are still left for further study concerning security
The corresponding trust is a transformation of Equation (18) goal, network topology, security strategy and so on.
described as Equation (22). Security goals are the research requirement of SDA. It
is almost impossible and unnecessary that all of them are
fi,j + 1
Ti,j = E(Ri,j ) = . (22) satisfied at the same time. In fact, searching for SDA scheme
fi,j + di,j + 2 is a process of objective optimization which explores a rea-
Some contributions exploit security issues of DA which are sonable tradeoff among security goals. Take reference [59] as
not limited to the reputation mechanism, and reputation in an example. The end-to-end encryption is a preferable choice
combination with Watch Dog monitoring has been proved to which can provide better confidentiality for DA among most
be an effective SDA method [6, 124, 125]. Watch Dog usually of the studies. However, the hop-by-hop encryption may save
buffers the packets before the node sends them to its neighbor more energy compared with the end-to-end encryption for
nodes. After that, Watch Dog node overhears the behaviors the hop-by-hop encryption permits DA to continuously fuse
of neighbor nodes to determine the number of good and bad multiple data packet into an aggregation message in relay
behaviors, fi,j and di,j , with Equation (20). The reputation nodes. Thus, the hop-by-hop encryption is adopted in [59] with
value Ri,j is the evidence used to judge which neighbor is the aim of ensuring the security without losing the lifetime of
a malicious node whose sensing data need to be eliminated SDA. Namely, a certain security goal may not be a best one
before the data are aggregated. Most recently, a monitoring in a proposal, but the overall performance of the network is
mechanism, dynamic behavior monitoring game, has been optimal. To the best of our knowledge, no formal model or
proposed and proved to efficient at improving the performance algorithm in the released literature has tackled the issue of
of CSDA [118]. The compromised node is a huge challenge optimal tradeoff in SDA. This makes it difficult to determine
in SDA and the monitoring-based reputation mechanism has the correlation effect among different security goals. And
been proved to be a good solution. However, for the sake of the optimal tradeoff is a critical problem which needs to be
eliminating the negative effects of compromised nodes, more urgently solved.
complex reputation models (e.g. Iterative Filtering model [126] As regards security strategy, we can draw a conclusion from
and composite Beta model [127]) are needed in comparison Table III to Table VII that any security mechanism is topology
with other reputation models in Table VII. dependent and the topology independent algorithm is a chal-
Many novel SDA methods have been proposed besides the lenging work in the subsequent research, especially Table VII
above-mentioned schemes from Section IV-A to Section IV-E in which all the proposals are adapted to tree-based topology.
with the aim of achieving different security goals. These meth- This is due to the fact that the practical applications are diverse
ods include genetically derived SDA [8], game-based SDA while some algorithms can only be deployed in a specific
(GABs)[128], hierarchical SDA [86, 129] and compressed scene, which limits the application scope of proposed schemes.
sensing based SDA [130, 131] which can be used to prevent In addition, most of the contributions focus their attention
the deployed network from being compromised by DoS, Node on the fixed nodes in a network topology. However, the new
capture, Sybil, Selective forwarding, Replay, Jamming, Black applications such as Connected Autonomous Vehicles (CAVs)
hole and False data injection attacks. [138], Mobile WSN (MWSN) [139], Internet of Vehicles (IoV)
SDA exhibits a prominent role and an outstanding perfor- [140] and Vehicular Ad hoc NETwork (VANET) [141–143] are
mance in resource-constrained WSNs. This motivates many dynamically changing with the time elapsing. Both the mobile
ongoing approaches to improve the ability and expand the BS and the mobile nodes make the maintenance of topology
application scenes of SDA. Most recently, authentication SDA a job with high overhead which is impracticable for energy-
[132], fuzzy knowledge SDA [133], cryptographic primitives constrained sensor nodes. Although the structure-free DA has
SDA [134], multi-party computing SDA [135], approximate demonstrated a significant performance in terms of energy
SDA [136] and hybrid SDA [137] are proposed. Although consumption, real-time nature and DA gain [65], it is far from
these researches are relatively few in number, they provide being introduced into SDA directly because SDA is confronted
some novel research perspectives and promote SDA to be an with more serious challenges than DA. The challenge faced by
energetic technique with broad application prospects. As a SDA method is not limited to the topology and the aggregation
summary of SDA, we demonstrate the relations among securi- function is also an interesting issue. All the SDA methods we
ty goals, security strategies and network topologies reviewed in have described from Section IV-A to Section IV-E mainly sup-
this paper with Fig. 16. We hope that the readers will dedicate port one or a few aggregation functions such as Section IV-E
Things Journal
TABLE VII: Comparison of different CSDA methods

Research Propos- Category Confidence Network Aggregation Limitation Security
al Model Topology Function Goal
EETDFCA [119] Trust Energy Cluster Cellular Trust model depends on many experimental co- Lifetime
trust model Automata efficients.
TMS [120] Trust Beta Cluster Interaction Direct trust value needs interaction computing. Lifetime
expectation
model
iRTEDA [122] Trust Tied Beta Cluster – Monitoring neighbors and exchanging trust table Accuracy
model need storages and communications. Lifetime
ETS [121] Trust Multi-level Cluster – The static positions of nodes are needed. Accuracy
trust model Lifetime
Game Trust [118] Trust Beta model Cluster – Complex parameter computing. Lifetime
FDSR [45] Reputation Beta model Grid – Trust values change sharply and only adapt to Accuracy
detect On-Off attack. Lifetime
DCHM [39] Reputation Beta model Cluster Bayesian Aggregation needs prior distribution. Accuracy
Lifetime
RDIF [125] Reputation Beta model Cluster Bayesian Watch dog needs storage; monitoring neighbor Accuracy
consumes energy.
RSDA [124] Reputation Beta model – – Binary decision-making approach is prone to Accuracy
On/Off attack. Availability
Integrity
Freshness
Lifetime
SRDA [6] Reputation Beta model Grid – Monitoring neighbors and sending behavior ta- Integrity
ble need storage and communication. Accuracy
IF [126] Reputation Iterative – Sum The effectiveness against compromised aggrega- Accuracy
model tor is to be verified; the computing complexities Robustness
of IF and bias estimation are higher.
E-RSDA [127] Reputation Composite – Average Only On/Off or abrupt change from one child Accuracy
Beta model cell can be detected.
Security goals
Confidentiality Integrity Availability Lifetime Accuracy Robustness Freshness
Anomaly
Encryption SDA Privacy SDA Slicing SDA Confidence SDA
detection SDA
Cluster-based Tree-based Ring-based Linear-based Hybrid-based
Network topologies
Fig. 16: Security Goals, network topologies and strategies in SDA
Things Journal
where only the addition aggregation function can be adopted in too much on the privacy preserving at the expense of
SSDA. Although a pioneer scheme has been proposed to tackle losing other security goals such as lifetime, integrity and
the issue of multi-functional SDA [144], more sophisticated freshness [104]. Although the end-to-end privacy and
mechanisms are hoped to be designed. For example, we need confidentiality are discussed as a hot research direction,
to design new DA approach when DA is applied into other the end-to-end integrity is nearly untouched in SDA.
fields, such as eHealth[145] and cloud storage systems[146]. We should pay more attention to design new end-to-
This inspires us to design a SDA protocol which may be end integrity mechanism which can decrease the energy
embedded in more aggregation functions without sacrificing consumption and network delay without losing other
the network performance. This is a valuable research direction. security goals at the same time.
Different from cable networks, packet loss of WSN is a
serious problem which is ignored by many SDA algorithms. VI. C ONCLUSION
The schemes proposed in these algorithms focus on evaluating
the performance in ideal conditions, but the applicability in a This paper presents a review of security data aggregation
practical environment needs to be tested. Some researchers and points out the security goals according to the charac-
have verified their networks and the experiments indicate that teristics of WSNs. We analyze the topologies widely used
more than 50% of packets are deserted in nearly 35% of links in the existing literature and compare them in the aspects
at a low load of 0.5 packet per second [66] and the packet loss of formation difficulty, application scene and security goals.
rate may be up to 70% in a real WSN [147]. For this reason, With the security goals and network topologies in mind, we
the packet loss must be taken into consideration in the study of classify the research proposals into five categories based on
SDA, especially the packet loss sensitive aggregation functions the security methods and address their differences accordingly.
(e.g. Add and Sum) are employed in DA. WSN should be Finally, we present the discussion and recommend the future
able to tolerate the network faults and ensure that the network research directions by summarizing the literatures discussed
system can run in a severe environment [56] in order to in this paper.
improve the practicability of SDA algorithm. Hybrid topology Based on this survey, we know that SDA has been a critical
is a choice to decrease the packet loss rate [33], but it has technology and will continue to be an important research area.
higher complexity in forming a hybrid network structure. Also, Sensor is everywhere and interconnection is a general trend.
the consistency of security mechanism in hybrid topology However, we are a long way from a good solution to make
needs to be solved in future study. the network run in a reasonable way. It is our hope that
SDA is becoming one of the most vigorous research fields this survey of state-of-the-art in SDA may serve as a quick
and it is expected to take on more responsibilities in improving guide with the role of inspiring more readers to develop new
the security of WSN. However, other major challenging issues solutions towards providing a low-cost, efficient and secure
need to be solved. communication among nodes in WSNs.
• Real-time. DA and relative security schemes may cause
extra delay and introduce bottlenecks into the network ACKNOWLEDGMENT
[42]. This may place a heavy burden on event-based This work was supported by NSF of China under Grants
applications [141] and prevent SDA from being applied 61672321, 61832012, 61771289, 61373027 and the Shandong
into some time-sensitive scenes. Province Graduate Student Tutor Guidance Ability Promotion
• Key distribution. Most of the studies tend to provide
Project under Grant SDYY17138.
confidentiality with key distribution mechanism but it is
proved to be energy inefficient [100] and storage occu-
pied (e.g. pairwise key [79]). The lightweight symmetric R EFERENCES
key and asymmetric key are the valuable issues to be [1] C. Tsai, Y. Tseng. A path-connected-cluster wireless
conquered in SDA. sensor network and its formation, addressing, and routing
• Availability. As a core security property of CIA in cable protocols. IEEE Sensors Journal, 2012, 12(6): 2135-
networks, availability is an unevadable research topic in 2144.
SDA. However, it is neglected in most of the existing [2] S. Halder, S. Dasbit. Enhancement of wireless sensor net-
researches (from Fig. 16). Availability is closely related work lifetime by deploying heterogeneous nodes. Journal
to the application prospect of theoretical algorithm. It of Network and Computer Applications, 2014, 38: 106-
should be given more attention and remains part of future 124.
research. [3] N. Alrajeh, S. Khan, B. Shams. Intrusion detection sys-
• End-to-end security. PH is the first choice of PSDA tems in wireless sensor networks: a review. International
and many contributions of aggregation mechanisms are Journal of Distributed Sensor Networks, 2013, 2013: 1-7.
derived from PH to guarantee end-to-end security in [4] J. Granjal, E. Monteiro, J. Silva. Security in the inte-
SDA. However, it is vulnerable when a WSN is faced gration of low-power wireless sensor networks with the
with attacks such as vulnerable node [96] and node Internet: a survey. Ad Hoc Networks, 2015, 24: 264-287.
capture [31] because the data confidentiality depends [5] S. Ozdemir, Y. Xiao. Secure data aggregation in wireless
on symmetric encryption [148] and the compromised sensor networks: a comprehensive overview. Computer
node may reveal the private key. In addition, PH focuses Networks, 2009, 53: 2022-2037.
Things Journal
[6] C. Li, Y. Liu. SRDA: smart reputation-based data aggre- [21] O. Osanaiye, A. Alfa, G. Hancke. A statistical approach
gation protocol for wireless sensor network. International to detect jamming attacks in wireless sensor networks.
Journal of Distributed Sensor Networks, 2015, 2015: 1- Sensors, 2018, 18(6): 1691-1706.
10. [22] Y. Guan, X. Ge. Distributed secure estimation over
[7] A. Ghosal, S. DasBit. A Lightweight security scheme for wireless sensor networks against random multichannel
query processing in clustered wireless sensor networks. jamming attacks. IEEE Access, 2017, 5: 10858-10870.
Computers and Electrical Engineering, 2015, 41: 240- [23] D. Chen, Z. Zhang, F. Tseng, C. Chao, D. Chou. A novel
255. method defends against the path-based DoS for wireless
[8] L. Bhasker. Genetically derived secure cluster-based data sensor network. International Journal of Distributed Sen-
aggregation in wireless sensor networks. IET Information sor Networks, 2014, 2014(2): 1-10.
Security, 2014, 8(1): 1-7. [24] H. Li, K. Lin, K. Li. Energy-efficient and high-accuracy
[9] G. Jeong, Y. Seo, H. Yang. Impersonating-resilient dy- secure data aggregation in wireless sensor networks.
namic key management for large-scale wireless sensor Computer Communications, 2011, 34: 591-597.
networks. International Journal of Distributed Sensor [25] A. Wieland, M. Wallenburg. Dealing with supply chain
Networks, 2013, 2013(2): 141-169. risks: linking risk management practices and strategies
[10] J. Cui, L. Shao, H. Zhong H, et al. Data aggregation to performance. International Journal of Physical Distri-
with end-to-end confidentiality and integrity for large- bution & Logistics Management, 2012, 42(10): 887-905.
scale wireless sensor networks. Peer-to-Peer Networking [26] F. Wang, H. Wang, X. Wang, J. Su. A new multistage
and Applications, 2018, 11(5): 1022-1037. approach to detect subtle DDoS attacks. Mathematical
[11] L. Zhu, Z. Yang, M. Li, et al. An efficient data aggrega- and Computer Modelling, 2012, 55: 198-213.
tion protocol concentrated on data integrity in wireless [27] G. Liu, W. Quan, N. Cheng N, et al. Efficient DDoS
sensor networks. International Journal of Distributed attacks mitigation for stateful forwarding in Internet of
Sensor Networks, 2013, 2013(7): 718-720. Things. Journal of Network and Computer Applications,
[12] A. Ghosal, S. Halder, S. Dasbit. A dynamic tdma based 2019, 130: 1-13.
scheme for securing query processing in WSN. Wireless [28] A. Alrajeh, S. Khan, B. Shams. Intrusion detection sys-
Network, 2012, 18: 165-184. tems in wireless sensor networks: a review. International
[13] A. Liu, P. Zhang, Z. Chen. Theoretical analysis of the Journal of Distributed Sensor Networks, 2013, 2013(6):
lifetime and energy hole in cluster based wireless sensor 1-7.
networks. Journal of Parallel Distributed Computing, [29] G. Liu, W. Quan, N. Cheng, et al. Accuracy or delay?
2011, 71: 1327-1355. A game in detecting interest flooding attacks. Internet
[14] K. Kalpakis, K. Dasgupta, P. Namjoshi. Efficient algo- Technology Letters, 2018, 1(2): e31.
rithms for maximum lifetime data gathering and aggre- [30] F. Fessant, A. Papadimitriou, A. Viana, C. Sengul, E.
gation in wireless sensor networks. Computer Networks, Palomar. A sinkhole resilient protocol for wireless sensor
2003, 42: 697-716. networks: performance and security analysis. Computer
[15] D. Izadi, J. Abawajy, S. Ghanavati, T. Herawan. A data Communications, 2012, 35: 234-248.
fusion method in wireless sensor networks. Sensors, [31] A. Perrig, J. Stankovic, D. Wagner. Security in wireless
2015, 15: 2964-2979. sensor networks. Communications of ACM, 2004, 47(6):
[16] J. Koh, J. Teo, W. Wong. Mitigating byzantine attacks 53-57.
in data fusion process for wireless sensor networks [32] S. Roy, M. Conti, S. Setia, S. Jajodia. Secure data ag-
using witnesses. In Proceedings of IEEE International gregation in wireless sensor networks. IEEE Transactions
Conference on Communication Systems (ICCS), 2015: on Information Forensics and Security, 2012, 7(3): 1040-
263-267. 1052.
[17] X. Li, D. Chen, C. Li, L. Wang. Secure data aggregation [33] A. Manjhi, S. Nath, B. Gibbons. Tributaries and deltas:
with fully homomorphic encryption in large-scale wire- efficient and robust aggregation in sensor network
less sensor networks. Sensors, 2015, 15: 15952-15973. streams. In Proceedings of ACM International Confer-
[18] P. Zou, Y. Liu. An efficient data fusion approach for event ence on Management of Data (SIGMOD), 2005: 287-
detection in heterogeneous wireless sensor networks. Ap- 298.
plied Mathematics & Information Sciences, 2015, 9(1): [34] A. Alrajeh, S. Alabed, S. Elwahiby. Secure ant-based
517-526. routing protocol for wireless sensor network. Interna-
[19] H. Bao, R. Lu. DDPFT: secure data aggregation scheme tional Journal of Distributed Sensor Networks, 2013,
with differential privacy and fault tolerance. In Proceed- 2013(4): 761-764.
ings of IEEE Communication and Information Systems [35] R. Heinzelman, A. Chandrakasan, H. Balakrishnan.
Security Symposium, 2015: 7240-7245. Energy-efficient communication protocol for wireless mi-
[20] M. Li, I. Koutsopoulos, R. Poovendran. Optimal jamming crosensor networks. In Proceedings of the 33rd Hawaii
attacks and network defense policies in wireless sensor International Conference on System Sciences (HICSS),
networks. In Proceedings of IEEE International Confer- 2000: 1-10.
ence on Computer Communications (INFOCOM), 2007: [36] J. Al-Karaki, R. Ul-Mustafa, A. Kamal. Data aggregation
1307-1315. and routing in wireless sensor networks: optimal and
Things Journal
heuristic algorithms. Computer Networks, 2009, 53(7): [51] X. Qi, Z. Zhang, L. Liu, et al. The degree-constrained
945-960. adaptive algorithm based on the data aggregation tree.
[37] W. Heinzelman, A. Chandrakasan, H. Balakrishnan. An International Journal of Distributed Sensor Networks,
application-specific protocol architecture for wireless 2014, 2014(1): 1-7.
microsensor networks. IEEE Transactions on Wireless [52] X. Cheng, J. Xu, J. Pei, et al. Hierarchical distributed
Communications, 2002, 1(4): 660-670. data classification in wireless sensor networks. Computer
[38] S. Wang, Z. Chen. LCM: a link-aware clustering mech- Communications, 2010, 33(12): 1404-1413.
anism for energy-efficient routing in wireless sensor [53] H. Sun, C. Chen, P. Li. A lightweight secure data
networks. IEEE Sensors Journal, 2013, 13(2): 728-736. aggregation protocol for wireless sensor networks. In
[39] S. J. Fu, Y. Liu. Double cluster heads model for secure Proceedings of International Conference on Parallel Pro-
and accurate data fusion in wireless sensor networks. cessing Workshops, 2011: 101-107.
Sensors, 2015, 15(1): 2021-2040. [54] M. Biglarbegian, W. Melek, J. Mendel. On the robustness
[40] H. Lu, J. Li, M. Guizani. Secure and efficient data of type-1 and interval type-2 fuzzy logic systems in
transmission for cluster-based wireless sensor networks. modeling.Information Science, 2011, 181: 1325-1347.
IEEE Transactions on Parallel & Distributed Systems, [55] S. Nath, P. Gibbons, S. Seshan, et al. Synopsis diffusion
2013, 25(3): 750-761. for robust aggregation in sensor networks. In Proceedings
[41] P.Zahariev, G. Hristov, I. Tsvetkova. An approach to- of International Conference on Embedded Networked
wards balanced energy consumption in hierarchical Sensor Systems, 2008: 250-262.
cluster-based wireless sensor networks. In Proceedings [56] S. Srinivasan, A. Azadmanesh. Survivable data aggrega-
of IEEE International Conference on Information Tech- tion in multiagent network systems with hybrid faults.
nology Interfaces, 2012: 123-128. IEEE Transactions on Computers, 2013, 62(10): 2054-
[42] C. Cheng, H. Leung, P. Maupin. A delay-aware network 2068.
structure for wireless sensor networks with in-network [57] S. Roy, M. Conti, S. Setia, et al. Secure data aggregation
data fusion. IEEE Sensors Journal, 2013, 13(5): 1622- in wireless sensor networks: filtering out the attacker’s
1631. impact. IEEE Transactions on Information Forensics and
[43] L. Bhasker. Genetically derived secure cluster-based data Security, 2014, 9(4): 681-694.
aggregation in wireless sensor networks. IET Information [58] K. Shah, D. C. Jinwala. A secure expansive aggregation
Security, 2014, 8(1): 1-7. in wireless sensor networks for linear infrastructure. In
[44] Y. Lu, X. Feng, K. Yi, et al. Secure data aggregation Proceedings of IEEE Region 10 Symposium (TENSYM-
based on interval analysis for wireless sensor networks. P), 2016: 207-212.
In Proceedings of the Sixth IEEE International Confer- [59] K. Henry, D. Stinson. Linear approaches to resilient
ence on Intelligent Human-Machine Systems and Cyber- aggregation in sensor networks. Journal of Mathematical
netics, 2014: 305-308. Cryptology, 2015, 9(4): 245-272.
[45] X. Dong, S. Li. A secure data aggregation approach [60] A. Mostefaoui, A. Boukerche, M. Merzoug, et al. A
based on monitoring in wireless sensor networks. In Pro- scalable approach for serial data fusion in wireless sensor
ceedings of the Seventh IEEE International Conference networks. Computer Networks, 2015, 79: 103-119.
on Mobile Ad-Hoc and Sensor Networks, 2011: 122-129. [61] M. A. Merzoug, A. Boukerche, A. Mostefaoui, et al.
[46] J. Sen. Secure and energy-efficient data aggregation Spreading aggregation: a distributed collision-free ap-
in wireless sensor networks. In Proceedings of IEEE proach for data aggregation in large-scale wireless sensor
Computational Intelligence and Signal Processing, 2012: networks. Journal of Parallel and Distributed Computing,
23-30. 2019, 125: 121-134.
[47] W. He, X. Liu, H. Nguyen, et al. PDA: privacy-preserving [62] H. Sajedi, Z. Saadati. A hybrid structure for data aggre-
data aggregation in wireless sensor networks. In Pro- gation in wireless wensor network. Journal of Computa-
ceedings of IEEE International Conference on Computer tional Engineering, 2014, 2014(5): 513-520.
Communications (INFOCOM), 2006: 2045-2053. [63] W. Wang, B. Wang, Z. Liu, et al. A cluster-based and
[48] C. Intanagonwiwat, D. Estrin, R. Govindan R, et al. tree-based power efficient data collection and aggrega-
Impact of network density on data aggregation in wireless tion protocol for wireless sensor networks. Information
sensor networks. In Proceedings of IEEE International Technology Journal, 2011, 10(3): 557-564.
Conference on Distributed Computing Systems, 2002: [64] G. Chabra, D. Sharma. Cluster-tree based data gathering
457-458. in wireless sensor networks. International Journal of Soft
[49] C. Liu, Y. Liu, Z. Zhang, et al. High energy-efficient and Computing and Engineering, 2011, 1: 27-31.
privacy-preserving secure data aggregation for wireless [65] H. Yousefi, M. Yeganeh, N. Alinaghipour, et al.
sensor networks. International Journal of Communication Structure-free real-time data aggregation in wireless sen-
Systems, 2013, 26(3): 380-394. sor networks. Computer Communications, 2012, 35(9):
[50] X. Qi, Z. Zhang, L. Liu, et al. The degree-constrained 1132-1140.
adaptive algorithm based on the data aggregation tree. [66] B. Sun, X. Shan, K. Wu, et al. Anomaly detection
International Journal of Distributed Sensor Networks, based secure in-network aggregation for wireless sensor
2014, 2014(1): 1-7. networks. IEEE Systems Journal, 2013, 7(1): 13-25.
Things Journal
[67] A. Alrajeh, J. Lioret. Intrusion detection systems based 54(17): 2967-2978.

on artificial intelligence techniques in wireless sensor [82] A. Pokharel, E. Nigussie. Energy consumption analysis
networks. Journal of Mass Spectrometry, 2013, 48(2): of secure and clustered wireless sensor network. Interna-
250-254. tional Journal of Embedded and Real-Time Communica-
[68] P. Zou, Y. Liu. An efficient data fusion approach for event tion Systems, 2016, 5(1): 15-36.
detection in heterogeneous wireless sensor networks. Ap- [83] T. Feng, C. Wang, W. Zhang, et al. Confidentiality
plied Mathematics & Information Sciences, 2015, 9(1): protection for distributed sensor data aggregation. In Pro-
517-526. ceedings of IEEE International Conference on Computer
[69] B. Krishnamachari, S. Iyengar. Distributed bayesian algo- Communications(INFOCOM), 2008: 56-60.
rithms for fault-tolerant event region detection in wireless [84] H. Chan, A. Perrig, D. Song. Random key predistribution
sensor networks. IEEE Transactions on Computers, 2004, schemes for sensor networks. In Proceedings of IEEE
53(3): 241-250. Symposium on Security and Privacy, 2003:197-213.
[70] S. Ozdemir, H. Am. Integration of false data detection [85] K. Shah. Secure data aggregation protocol for sensor
with data aggregation and confidential transmission in networks (Ph. D Dissertation). Purdue University, 2015.
wireless sensor networks. IEEE/ACM Transactions on [86] V. Kumar, S. Madria. Secure hierarchical data aggrega-
Networking, 2010, 18(3): 736-749. tion in wireless sensor networks: performance evaluation
[71] Y. Zhang, N. Meratnia, P. Havinga. Distributed online and analysis. In Proceedings of the 13th IEEE Interna-
outlier detection in wireless sensor networks using ellip- tional Conference on Mobile Data Management, 2012:
soidal support vector machine. Ad Hoc Networks, 2013, 196-201.
11(3): 1062-1074. [87] W. Claycomb, D. Shin. A novel node level security
[72] M. Moshtaghi, C. Leckie, S. Karunasekera, et al. An policy framework for wireless sensor networks. Journal
adaptive elliptical anomaly detection model for wireless of Network & Computer Applications, 2011, 34(1): 418-
sensor networks. Computer Networks, 2014, 64(2): 195- 428.
207. [88] J. He, L. Cai, P. Cheng, et al. Distributed privacy-
[73] I. Ullah, H. Y. Youn. A novel data aggregation scheme preserving data aggregation against dishonest nodes in
based on self-organized map for WSN. The Journal of network systems. IEEE Internet of Things Journal, 2019,
Supercomputing, 2019, 75: 3975-3996. 6(2): 1462-1470.
[74] R. Wan, N. Xiong, Q. Hu, et al. Similarity-aware data [89] Z. Guan, Y. Zhang, L. Wu L, et al. APPA: an anony-
aggregation using fuzzy c-means approach for wireless mous and privacy preserving data aggregation scheme
sensor networks. EURASIP Journal on Wireless Com- for fog-enhanced IoT. Journal of Network and Computer
munications and Networking, 2019, 2019(1): 59. Applications, 2019, 125: 82-92.
[75] R. Hu, X. Dong, D. Wang. Mutual defense scheme [90] L. Zhu, M. Li, Z. Zhang, et al. Privacy-preserving
for secure data aggregation in wireless sensor networks. authentication and data aggregation for fog-based smart
International Journal of Distributed Sensor Networks, grid. IEEE Communications Magazine, 2019, 57(6): 80-
2014, 2014(1): 275-288. 85.
[76] Y. Lu, X. Feng, K. Yi, et al. Secure data aggregation [91] S. Ozdemir, Y. Xiao. Polynomial regression based se-
based on interval analysis for wireless sensor networks. cure data aggregation for wireless sensor networks. In
In Proceedings of the Sixth International Conference Proceedings of IEEE Global Telecommunications Con-
on Intelligent Human-Machine Systems and Cybernetics, ference (Globecom), 2011: 1-5.
2014: 305-308. [92] T. Jung, X. Mao, X. Li, et al. Privacy-preserving data
[77] H. Artail, A. Ajami, T. Saouma, et al. A faulty node aggregation without secure channel: multivariate poly-
detection scheme for wireless sensor networks that use nomial evaluation. In Proceedings of IEEE International
data aggregation for transport. Wireless Communications Conference on Computer Communications (INFOCOM),
and Mobile Computing, 2016, 16: 1956-1971. 2013: 2634-2642.
[78] C. Li, Y. Liu. ESMART: energy-efficient slice-mix- [93] S. Ozdemir, M. Peng, Y. Xiao. PRDA: polynomial re-
aggregate for wireless sensor network. International Jour- gression based privacy preserving data aggregation for
nal of Distributed Sensor Networks, 2013, 2013(2): 1-9. wireless sensor networks. Wireless Communications &
[79] A. Das. An unconditionally secure key management Mobile Computing, 2015, 15(4): 615-628.
scheme for large-scale heterogeneous wireless sensor [94] M. Groat, W. Hey, S. Forrest. KIPDA: k-
networks. In Proceedings of the First international con- indistinguishable privacy-preserving data aggregation
ference on Communication Systems and networks, 2009: in wireless sensor networks. In Proceedings of IEEE
653-662. International Conference on Computer Communications
[80] Y. Yang, X. Wang, S. Zhu, G. Cao. SDAP: A secure hop- (INFOCOM), 2011: 2024-2032.
by-hop data aggregation protocol for sensor networks. [95] M. Raja, R. Datta. Efficient aggregation technique for
ACM Transactions on Information and Systems Security, data privacy in wireless sensor networks. IET Networks,
2008, 11(4): 1-43. 2018, 7(5): 287-293.
[81] J. Lee, K. Kapitanova, H. Sang. The price of security [96] X. Jian, G. Yang, Z. Chen, et al. A survey on the privacy-
in wireless sensor networks. Computer Networks, 2010, preserving data aggregation in wireless sensor networks.
Things Journal
China Communications, 2015, 12(5): 162-180. 2015, 2015: 1-10.

[97] Y. Lin, S. Chang, H. Sun. CDAMA: concealed data [112] J. Wang, Y. Chen. Research and improvement of wire-
aggregation scheme for multiple applications in wireless less sensor network secure data aggregation protocol
sensor networks. IEEE Transactions on Knowledge & based on SMART. International Journal of Wireless
Data Engineering, 2013, 3(3): 1471-1483. Information Networks, 2018, 25(3): 232-240.
[98] M. Conti, L. Zhang, S. Roy, et al. Privacy-preserving [113] W. He, H. Nguyen, X. Liu, et al. iPDA: an integrity-
robust data aggregation in wireless sensor networks. protecting private data aggregation scheme for wireless
Security & Communication Networks, 2009, 2(2): 195- sensor networks. In Proceedings of IEEE Military Com-
213. munications Conference, 2007: 1-7.
[99] K. Parmar, D. Jinwala. Symmetric-dey based homomor- [114] T. Wang, X. Qin, Y. Ding, et al. Privacy-preserving and
phic primitives for end-to-end secure data aggregation in energy-efficient continuous data aggregation algorithm in
wireless sensor networks. Journal of Information Securi- wireless sensor networks. Wireless Personal Communi-
ty, 2015, 6(1): 38-50. cations, 2018, 98(1): 665-684.
[100] D. Boubiche, S. Boubiche, A. Bilami. A cross-layer [115] S. Rajaram, A. Karuppiah, K. Kumar. Secure routing
watermarking-based mechanism for data aggregation in- path using trust values for wireless sensor networks.
tegrity in heterogeneous WSNs. IEEE Communications International Journal on Cryptography and Information
Letters, 2015, 19(5): 823-826. Security, 2014, 4(2): 27-36.
[101] S. Papadopoulos, A. Kiayias, D. Papadias. Exact in- [116] Z. Ye, T. Wen, Z. Liu, et al. An efficient dynamic trust
network aggregation with integrity and confidentiality. evaluation model for wireless sensor networks. Journal
IEEE Transactions on Knowledge & Data Engineering, of Sensors, 2017, 2017(2): 1-16.
2012, 24(10): 1760-1773. [117] Y. Cho, G. Qu. Detection and prevention of selective
[102] X. Zhao, J. Zhu, X. Liang, et al. Lightweight and forwarding-based denial-of-service attacks in WSNs. In-
integrity-protecting oriented data aggregation scheme ternational Journal of Distributed Sensor Networks, 2013,
for wireless sensor networks. IET Information Security, 2013: 264-273.
2017, 11(2): 82-88. [118] L. Yang, Y. Lu, S. Liu, et al. A dynamic behavior
[103] H. Zhong, L. Shao, J. Cui, et al. An efficient and secure monitoring game-based trust evaluation scheme for clus-
recoverable data aggregation scheme for heterogeneous tering in wireless sensor networks. IEEE Access, 2018,
wireless sensor networks. Journal of Parallel and Dis- 6: 71404-71412.
tributed Computing, 2018, 111: 1-12. [119] S. Jaberi, A. M. Rahmani. An energy efficient and
[104] K. Parmar, D. Jinwala. Concealed data aggregation trusted data fusion by using cellular automata in wireless
in wireless sensor networks: a comprehensive survey. wensor networks. In Proceedings of the Fifth Internation-
Computer Networks, 2016, 103: 207-227. al Conference on Sensor Technologies and Applications
[105] E. Shi, T. H. Chan, E. Rieffel, R. Chow, D. Song. (SENSORCOMM), 2011: 203-208.
Privacy-preserving aggregation of time-series data. In [120] P. Vamsi, L. Kant. Secure data aggregation and intrusion
Proceedings of Annual Network & Distributed System detection in wireless sensor networks. In Proceedings
Security Symposium (NDSS), 2011: 1-17. of International Conference on Signal Processing and
[106] E. Shi, J. Bethencourt, T. H. Chan, D. Song, A. Perrig. Communication, 2015: 127-131.
Multi-dimensional range query over encrypted data. In [121] N. Alsaedi, F. Hashim, A. Sali, et al. Detecting sybil
proceedings of IEEE Symposium on Security and Privacy attacks in clustered wireless sensor networks based on
(SP’07), 2007: 350-364. energy trust system (ets). Computer Communications,
[107] P. Mohan, A. Thakurta, E. Shi, D. Song, D. Culler. 2017, 110: 75-82.
GUPT: privacy preserving data analysis made easy. In [122] Y. Liu, C. Liu, Q. Zeng. Improved trust management
Proceedings of ACM SIGMOD International Conference based on the strength of ties for secure data aggregation
on Management of Data, 2012: 349-360. in wireless sensor networks. Telecommunication System-
[108] L. Wang, L. Wang, Y. Pan, et al. Discrete logarithm s, 2016, 62(2): 319-325.
based additively homomorphic encryption and secure [123] S. Ganeriwal, L. K. Balzano, M. B. Srivastava.
data aggregation. Information Sciences, 2011, 181(16): Reputation-based framework for high integrity sen-
3308-3322. sor networks. ACM Transactions on Sensor Networks
[109] X. Li, J. Peng, J. Niu, et al. A robust and energy efficient (TOSN), 2008, 4(3): 1-37.
authentication protocol for industrial internet of things. [124] H. Alzaid, E. Foo, J. G. Nieto. RSDA: reputation-based
IEEE Internet of Things Journal, 2018, 5(3): 1606-1615. secure data aggregation in wireless sensor networks. In
[110] A. Dariush, M. Nikooghadam. Efficient design of a Proceedings of the Ninth International Conference on
novel ecc-based public key scheme for medical data pro- Parallel and Distributed Computing, Applications and
tection by utilization of nanopi fire. IEEE Transactions Technologies (PDCAT), 2008: 419-424.
on Reliability, 2018, 99: 1-12. [125] T. Ma, Y. Liu, J. Fu, et al. A reliable information fusion
[111] C. Zhang, C. Li, Y. Zhao. A balance privacy-preserving algorithm for reputation based wireless sensor networks.
data aggregation model in wireless sensor networks. International Journal of Future Generation Communica-
International Journal of Distributed Sensor Networks, tion & Networking, 2015, 8(1): 114-118.
Things Journal
[126] M. Rezvani, A. Ignjatovic, E. Bertino, et al. Secure data 656.

aggregation technique for wireless sensor networks in [141] L. Zhang, Q. Wu, J. Domingo-Ferrer, et al. Distributed
the presence of collusion attacks. IEEE Transactions on aggregate privacy-preserving authentication in VANETs.
Dependable & Secure Computing, 2015, 12(1): 98-110. IEEE Transactions on Intelligent Transportation Systems,
[127] H. Alzaid, E. Foo, J. Nieto, et al. Mitigating on-off 2017, 99: 1-11.
attacks in reputation-based secure data aggregation for [142] D. He, S. Zeadally, B. Xu, et al. An efficient
wireless sensor networks. Security & Communication identity-based conditional privacy preserving authentica-
Networks, 2012, 5(2): 125-144. tion scheme for vehicular ad hoc networks. IEEE Trans-
[128] T. Engouang, Y. Liu, Z. Zhang. GABs: a game-based actions on Information Forensics and Security, 2015,
secure and energy efficient data aggregation for wireless 10(12): 2681-2691.
sensor networks. International Journal of Distributed [143] J. Zhang, J. Cui, H. Zhong, et al. PA-CRT: chinese
Sensor Networks, 2015, 2015: 1-17. remainder theorem based conditional privacy-preserving
[129] W. Min, R. Chen, S. He. A secure data aggregation authentication scheme in vehicular ad-hoc networks.
approach in hierarchical wireless sensor networks. In IEEE Transactions on Dependable and Secure Comput-
Proceedings of ACM International Conference on U- ing, 2019:1-1.
biquitous Information Management and Communication, [144] P. Zhang, J. Wang, K. Guo, et al. Multi-functional
2016: 89-95. secure data aggregation schemes for WSNs. Ad Hoc
[130] R. Gao, Y. Wen, H. Zhao. Secure data fusion in wireless Networks, 2018, 69: 86-99.
multimedia sensor networks via compressed sensing. [145] Y. Zhang, C. Xu, H. Li, et al. HealthDep: an efficient
Journal of Sensors, 2015, 2015: 1-7. and secure deduplication scheme for cloud-assisted e-
[131] E. Gilbert, B. Kaliaperumal, E. B. Rajsingh, et al. Trust Health systems. IEEE Transactions on Industrial Infor-
based data prediction, aggregation and reconstruction matics, 2018, 14(9):4101-4111.
using compressed sensing for clustered wireless sensor [146] Y. Zhang, C. Xu, X. Lin, et al. Blockchain-based public
networks. Computers & Electrical Engineering, 2018, 72: integrity verification for cloud storage against procrasti-
894-909. nating auditors. IEEE Transactions on Cloud Computing,
[132] K. Parmar, D. Jinwala. Malleability resilient concealed 2019:1-1.
data aggregation in wireless sensor networks. Wireless [147] J. Zhang, J. Long, C. Zhang, et al. A delay-aware
Personal Communications, 2016, 87(3): 971-993. and reliable data aggregation for cyber-physical sensing.
[133] S. Acharya, C. Tripathy. A fuzzy knowledge based Sensors, 2017, 17(2): 395-416.
mechanism for secure data aggregation in wireless sensor [148] S. Boubiche, D. Boubiche, A. Bilami, et al. An outline
networks. Computational Intelligence in Data Mining. of data aggregation security in heterogeneous wireless
Springer, 2017: 77-88. sensor networks. Sensors, 2016, 16(4): 525-545.
[134] K. Shim, C. Park. A secure data aggregation scheme
based on appropriate cryptographic primitives in hetero-
geneous wireless sensor networks. IEEE Transactions on
Parallel & Distributed Systems, 2015, 26(8): 2128-2139.
[135] M. Rahman, M. Manshaei, E. Al-Shaer, et al. Secure
and private data aggregation for energy consumption
scheduling in smart grids. IEEE Transactions on Depend-
able & Secure Computing, 2017, 14(2): 221-234.
[136] E. Prathima, T. Prakash, K. Venugopal, et al. SADA:
secure approximate data aggregation in wireless sensor
networks. In Proceedings of International Conference on
Data Science and Engineering (ICDSE), 2016: 1-6.
[137] S. Gopikrishnan, P. Priakanth. HSDA: hybrid commu-
nication for secure data aggregation in wireless sensor
network. Wireless Networks, 2016, 22(3): 1061-1078.
[138] W. Quan, N. Cheng, P. Jing, et al. VeData: promoting AI
assisted autonomous vehicles. In Proceedings of the 24th
Annual International Conference on Mobile Computing
and Networking, 2018: 771-773.
[139] A. Mehrabi, K. Kim. General framework for network
throughput maximization in sink-based energy harvesting
wireless sensor networks. IEEE Transactions on Mobile
Computing, 2017, 99: 1881-1896.
[140] W. Quan, N. Cheng, M. Qin, et al. Adaptive trans-
mission control for software defined vehicular networks.
IEEE Wireless Communications Letters, 8(3), 2018: 653-

Liu 2019

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Liu 2019

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Data Aggregation in Wireless Sensor Networks:

TABLE I: List of notations

network systems should run at an acceptable level and need

III. T OPOLOGY OF SDA

Fig. 3: Tree-based topology Z2

Fig. 6: (7, 2)-linear topology CH MN

Fig. 8: Cluster-Tree-Based Topology

of WSN and different topologies have specific characteristics

methods have been proposed. Different from those in tradi-

Fig. 10: Cluster-linear topology A. Anomaly Detection SDA

TABLE II: Comparison of different topologies

Outerlier data Valid data

Monitoring Node Aggregation and Normal Node

Fig. 12: Elliptical AD

MD is regarded as a decision function (threshold) to evaluate

TABLE III: Comparison of different ASDA methods

TABLE IV: Comparison of different methods of ESDA

AN is forwarded to BS hop-by-hop and BS obtains the final

emerging PH schemes provide good solutions and broaden

TABLE V: Comparison of different PSDA methods

TABLE VI: Comparison of different SSDA schemes

TABLE VII: Comparison of different CSDA methods

Confidentiality Integrity Availability Lifetime Accuracy Robustness Freshness

Cluster-based Tree-based Ring-based Linear-based Hybrid-based

Fig. 16: Security Goals, network topologies and strategies in SDA

[67] A. Alrajeh, J. Lioret. Intrusion detection systems based 54(17): 2967-2978.

China Communications, 2015, 12(5): 162-180. 2015, 2015: 1-10.

[126] M. Rezvani, A. Ignjatovic, E. Bertino, et al. Secure data 656.

You might also like