Abstract-Sensor nodes are often organized into clusters for efficiency and scalability purposes. Every sensor cluster is managed by a cluster leader during the network operation such as routing and data aggregation. Since managing a cluster consumes substantial energy, the cluster leader needs to be re-elected from time to time for load balancing. In hostile environments, it is critical to ensure the security of such leader election. This paper proposes an efficient, resilient, and fully distributed leader election protocol for sensor networks. It only uses efficient symmetric key operations and guarantees that (i) benign cluster members will elect the same leader as long as they are wellconnected, and (ii) attackers cannot impact the leader election process to increase or decrease the chance of a benign member being elected as a cluster leader. In addition, the proposed method can quickly recover from message loss or malicious attacks. The evaluation results also demonstrate the efficiency and effectiveness of this approach.
I. INTRODUCTIONIn a densely-deployed sensor network, sensors are usually organized into clusters for efficiency and scalability purposes. Every cluster contains a number of sensors that are physically close to each other and is managed by a cluster leader to facilitate the network operation such as in-network aggregation and routing. For instance, in data aggregation, a cluster leader can serve as the aggregator that collects the sensing results from other cluster members, computes the aggregation result, and reports the result to the base station.Since managing a cluster consumes substantial energy, the cluster leaders need to be re-elected from time to time for load balancing. The leader election problem is to ensure that each cluster will have a suitable sensor node be selected as the cluster leader whenever needed. A common election metric to determine the new leader of a given cluster is the remaining energy on sensor nodes. For the sake of presentation, we call the values (on sensor nodes) used for election purpose as the election values. In the above case, the election values will be the remaining energy reported by sensor nodes.A number of secure clustering protocols have been proposed recently for organizing clusters in sensor networks [1], [2]. These protocols significantly improve the security of clustering in the presence of malicious attacks. However, they only focus on the formation of clusters and do not consider the security of cluster leader election. Without proper protection, an attacker can easily subvert the intended purpose of clustering. For example, if the protocol selects the node with the most remaining energy as the new cluster leader, an attacker can continuously hijack the leadership by always claiming more remaining energy than anyone else in the cluster.