An efficient cryptographic technique using modified Diffie–Hellman in wireless sensor networks

In wireless sensor networks, the sensors transfer data through radio signals to a remote base station. Sensor nodes are used to sense environmental conditions such as temperature, strain, humidity, sound, vibration, and position. Data security is a major issue in wireless sensor networks since data travel over the naturally exposed wireless channel where malicious attackers may get access to critical information. The sensors in wireless sensor networks are resource-constrained devices whereas the existing data security approaches have complex security mechanisms with high computational and response times affecting the network lifetime. Furthermore, existing systems, such as secure efficient encryption algorithm, use the Diffie–Hellman approach for key generation and exchange; however, Diffie–Hellman is highly vulnerable to the man-in-the-middle attack. This article introduces a data security approach with less computational and response times based on a modified version of Diffie–Hellman. The Diffie–Hellman has been modified to secure it against attacks by generating a hash of each value that is transmitted over the network. The proposed approach has been analyzed for security against various attacks. Furthermore, it has also been analyzed in terms of encryption/decryption time, computation time, and key generation time for different sizes of data. The comparative analysis with the existing approaches shows that the proposed approach performs better in most of the cases.


Background
The security of data is a foremost topic in every arena since the data are sent over an unreliable network. Numerous approaches have been proposed to protect data; however, cryptography is one of the most dependable approaches used to secure data. Cryptographic techniques help in altering the original data into incomprehensible data. Two major approaches to cryptography are symmetric key and asymmetric keys. The symmetric key uses only one key for both encryption and decryption of the data, which consumes less energy and memory. The asymmetric key uses two keys, where the private key is used for decryption and the public key is used for encryption. The asymmetric cryptographic approach is much secure than symmetric because it uses two keys. The generation of two keys will cause high energy, time, and memory consumption. Cryptographic algorithms can be in either block or 1 International Islamic University Islamabad, Islamabad, Pakistan 2 Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia

Introduction
The WSN is a versatile network as shown in Figure 2, there exist multiple types of sensor nodes: sink node, base station (BS), sensor nodes, and cluster heads depending upon which routing methodology is used. The data are sent from the sensor node to the cluster node which is then forwarded to BS for the advanced communication process. Sensor nodes are used to sense and transmit data in different situations. In many realtime packages, the sensor nodes are performing one of a kind duty like neighbor node discovery, clever sensing, data confidentiality goal monitoring, tracking, node localization, synchronization, and efficient routing among nodes and BSs. 1 Secure data transmission is a major issue in WSN since over the network there exist many attackers that can attack or forge the data. This research of WSN data security focuses on research published during the years 2016 to 2019. The number of articles studied from the years 2016 to 2019 is mentioned in Table 1. Furthermore, section ''System architecture'' gives a detailed description of these articles.
Sensor nodes have limited computational capacity, memory, and power. 2 There is a significant amount of research published to handle data security in WSNs. Elliptic curve cryptography (ECC) is used by a variety of research methods proposed. 3,4 It is also used in combination with Advance Encryption Standard (AES) by Ullah et al., 5 where the key is generated by ECC. However, AES is a block cipher algorithm, which is high in computational time depending on the size of keys and plaintext. ECC is also combined with deoxyribonucleic acid (DNA), 6 to assure secure data communication. The chaotic map is a highly secure statistical method and Rivest-Shamir-Adleman (RSA) is also used for data security in WSNs. 7,8 Since the WSN is a complicated environment, few proposed research approaches like AES-hybrid elliptic curve cryptography (HECC) 5 and elliptic curve cryptography genetic algorithm (EGASON) 3

considered most appropriate.
This article introduced a new cryptographic approach for data security in WSNs. The low-energy adaptive clustering hierarchy (LEACH) protocol is used for data routing. The proposed research approach uses Diffie-Hellman for key generation. Since Diffie-Hellman is an asymmetric approach, it gives high security. This encryption approach has less response and computational time.
The rest of the document is divided as follows: section ''Literature review'' discusses the Literature Review, where each research paper is discussing in detail. Section ''Previous research analysis'' discusses the previous research analysis. Section ''Motivation '' tells about the contribution to this research. Section ''Proposed scheme '' discusses the proposed approach in detail. Section ''Experimental results and discussions'' shows the experimental results. Finally, section ''SMDH versus Diffie-Hellman'' shows the references.

System architecture
The WSN contains various nodes known as sensor nodes which communicate with each other. The communication between two nodes involves a sink node and a BS that help route the data from one sensor node to another. The basic idea of WSNs is route data between nodes wirelessly. Figure 3 shows an overview of WSNs where various nodes such as sink node, sensor node, and BS are displayed.

Literature review
Data security is a major issue in WSNs. The foremost vital challenge to secure information using an algorithm which has less computational time, less response time, low power consumption, and limited bandwidth. A variety of algorithms is planned to secure knowledge to conquered problems such as overcoming lack of power, coverage issues, and creating restricted use of information measure. This section is generalized into multiple sections as follows: an elliptic curve, AES, RSA, chaotic maps, efficient block ciphers, and various other techniques. Figure 4 gives a summary of multiple analysis approaches studied for data security in WSNs.
The analysis in Elhoseny et al. 3 introduced a new technique named as EGASON. This approach uses ECC for a key generation 4 and then the genetic algorithm approach is used for the encryption and decoding of information. While using ECC, this approach may suffer from brute-force attack and high computation cost in comparison with symmetric key functions. 9,10 The use of pseudo-random number generator (PRNG) can be broken with the help of the method in Somsuk and Sanemueang. 11 Secure encryption is presented in Santhosh and Shalini. 12 In terms of security, this algorithm only uses exclusive or (XOR) operation for the encryption, making it uncertain against the known-plaintext and chosen-plaintext attacks. 13 Additional research proposed elliptic curve cryptography-key management (E-KM) 14 where a key organizing procedure is presented. This research methodology is insecure against a collision search attack. 15 The latest studies verify that using ECC makes it at risk to invalid curve attacks occur. 16 The analysis in Viswanathan and Kannan 17 uses elliptic curve key cryptography with beta and gamma functions for secure routing in WSNs. There are many approaches that use ECC for WSNs and which is why there is a need for a new secure encryption algorithm for WSNs.
Research in Ghani et al. 18 used the symmetric cryptography approach for sensor authentication in WSNs and the generation of shared key for encryption and decryption as a new key generation approach. The use of a random number generator in this research can be fragmented by the technique given in Reeds. 19 A study in Ullah et al. 5 introduced HECC as a new key generation approach. This key supports encryption/decryption and node authentication. The use of a random number generator in this research can be fragmented by the technique given in Reeds. 19 In this method, AES is used to provide data security, making this method susceptible to biclique attacks. 20 Research in Tiwari and Kim 6 uses ECC and DNA for data encryption and decryption. DNA is castoff to assign genes, and these genes are used for data encryption. This study is protected against timing and simple power analysis (SPA) attacks. However, this procedure is susceptible to man-in-the-middle (MIM) attack. 21 The research in Suresh and Hegadi 22,23 focused on the IoT environment. Dual cryptography architecturesecure network communication (D-SN) is a data security method that uses DNA genes sequence for encryption with RSA and Data Encryption Standard (DES). The use of a minor public and private key size will be led to a security issue. 24 The research in De Weger, 25 uses RSA which is divided into four phases: key distribution and generation phase, encryption phase, enroute filtering phase, and routing phase. RSA in this algorithm makes it prone to Wiener and Boneh-Durfee attacks. 26   Modified Rivest-Shamir-Adleman (MRSA) is an additional encryption approach, which modifies the existing RSA. 27 This research method is insecure against chosen-ciphertext attack. 28 Moreover, energy consumption also increases because of three prime numbers. 29 Novel research in Babu and Balasubadra 30 uses elliptic-curve Diffie-Hellman-Key Extraction (ECDH-KE) procedure to deliver end-to-end confidentiality, guaranteeing authentication, and integration. However, the use of RSA makes this approach susceptible to chosen-ciphertext attack. 28 ECDH makes it vulnerable to MIM attack. 31 Elliptic Curve Cryptography-Advance Encryption Standard (E-AES) is an additional study approach that uses ECC to generate keys for encryption and decryption. This procedure is very secure, however, has high complexity and large communication overhead. 5 Another research in Li 32 provides an enhanced version of AES. However, AES is prone to biclique attacks. 20 The key used in this method is uncertain from relatedkey attack. 33 Advance Encryption Standard-Quadrature Phase Shift Keying (AES-QPSK) without and with lowdensity parity check (LDPC) is one more study approach that uses AES. 34 There is a possibility that this procedure insecure against biclique attacks. 20 This study method is also susceptible to related related-key attack. 33 Another research 35 uses AES for data encryption, with a mixture of mutation technique. This procedure is not safe against the differential attacks. 36 Additional research in Vangala and Parwekar 37 uses mutation with AES for the generation of factors and initial seed. This approach is highly apprehensive about biclique attacks. 20 PRNG makes this procedure susceptible to direct cryptanalytic attack, input-based attack, backtracking attack, and several more. 38 PRNG can be broken down using the method in Reeds. 19 Hybrid chaotic cryptosystem tent piecewise linear chaotic map (HTPW) is an innovative research method for key managing which uses skew and the maps. 39 This method is insecure to chosen-and known-plaintext attacks 13 because only XOR procedure is used in terms of security. enhanced secure data using chaotic-based encryption (EDCB) is an additional method for securing data in WSNs. 40 This method uses chaotic maps for the generation of keys. Chaotic maps can surely produce unique numbers, but the use of chaotic maps makes this technique apprehensive against ciphertext only, known plaintext, chosen plaintext and chosen ciphertext. 41 The study in Nidarsh and Devi 42 practices LEACH protocol for data routing and then uses chaotic maps for the data encryption and decryption Chaotic maps are breakable from numerous methods in Sobhy and Shehata. 43 Another research uses logistic and Kent chaotic maps. 7 This methodology has few drawbacks containing weak keys, fixed chaotic sub-matrices, and plain-image insensitivity. 8 A lightweight block cipher (QTL) is an ultralightweight block cipher approach presented in Li et al. 44 However, this approach is not secure from differential and linear attack. 45 Linear cryptanalysis (LC) is another ultra-lightweight block cipher approach, presented in Patil et al. 46 This algorithm is insecure against known-plaintext attack and chosen-plaintext attack. 47 A new lightweight algorithm lightweight pseudorandom number generator (LGA) is introduced in Maity et al. 48 With the use of permutation, it is possible to launch a known/chosen-plaintext attack on this technique. 49 Another research in Solomon and Elias 50 introduces ciphertext-policy attribute-based (C-AB) encryption lightweight encryption and authentication code generation scheme. Data encryption with this algorithm, secure data against eavesdrop attack. Secure hash algorithm (SHA)-3 may get effected by differential attack. 51 Decision support system (DSS) is not secure from to timing attack. 52 The research in Praveena 53 presents Ultra-Encryption Standard Version 4 (UES-4) scheme. Numerous present cryptographic techniques are united to produce UES-4. 53 Bit-wise reorganizing is performed on the plaintext, then bitwise columnar transportation is performed for unreadable text. In the meantime, multiple encryptions are performed; it becomes very tough to predict the plaintext, making UES-4 safe against brute-force attack. This method is not secure against ciphertext-only attack (COA). 54 Low complexity security algorithm (LSA) is a different data security research method. 55 The progress of the nodes is the first step. The key is XORed with the plaintext. Since nodes are only XORed, they take less computational time. XOR has a weak defense against brute-force attack. 56 This research presents Modified Rotation XOR (MR-XOR), which is an altered version of simple XOR. 57 XOR operation is vulnerable to brute-force attack. 56,58 Research in Praveena and Smys 59 proposed Modern Encryption Standard-Version 4 (MES-IV) using Trisha, Tomodep, Jayshree, Shayan and Asoke (TTJSA) and Dripto, Jayshree, Soumitra, Suvadeep, Asoke (DJSA) for the key generation. 59 This procedure has strong protection against known-plaintext, bruteforce, and differential attacks. This research method is prone to side-channel attacks since the ciphertext can be attained. 60 This study presents digital signature based on key management (DK) for data security. 61 Asymmetric method doubles the computation time. [62][63][64] Research in Gracy and Venkatesan 65 uses honey encryption (HoneyE) procedure to create misperception. A key recovery attack on this cipher can certainly be launched as well. 66 In research Yue et al., 67 a hybrid approach is used. This algorithm uses Advanced Encryption Standard (AES) and elliptic curve encryption (ECC) algorithm to encrypt plaintext blocks, then uses data compression technology to get ciphertext blocks. After this, it connects the MAC address and AES key encrypted by ECC to form a complete ciphertext message. After using this technique, the author of this research claims to reduce the time encryption time and increase security. Even though the encryption is reducing but using AES and ECC for the sensor can reduce the sensor's lifetime which can result in a dead sensor node and communication problem.
The research in Luo et al. 68 uses RC5 and chaotic maps in terms of security. The classical Feistel network structure is employed in the proposed algorithm since it is an extensively used block encryption structure with low source consumption. Moreover, to generate the key chaotic map and RC5 is used. Experimental results show the proposed technique in the research gives better performance than existing algorithms in terms of security and efficiency. However, the use of chaotic maps and RC5 can result in high complexity which could be a drawback for this approach.
The research Laouid et al. 69 of this work lies in two main facts: first, place the master key in a subset of sensors; second, the master keys are unstable. Our extensive simulations have shown the effectiveness of this approach.
Research in Fotohi et al. 70 introduces the abnormal sensor detection accuracy (ASDA-RSA) method. The ASDA-RSA schema in this article consists of two phases to improve security in the WSNs. The first is a clustering approach based on energy and distance and in the second, the RSA cryptography algorithm is used.
Chaotic block encryption is introduced in Luo et al. 68 RC5 is used to generate round keys using a hybrid chaotic map. Experimental results have a better performance than conservative algorithms in terms of security and efficiency. The author claims that the proposed approach is better before the existing approaches.
In Boubiche et al., 71 the author talks about several studies that have been conducted for lightweight and efficient security protocols for WSNs. In this paper, the author reviews the most important protocols and categorize them based on the addressed security issue. The author also outlines the main security restrictions and challenges and existing future research directions.
In Pooja and Chauhan, 72 AES, DES, and modified Rivest-Shamir-Adleman (m-RSA) are used to provide a high level of security. This research algorithm is then compared with existing techniques in terms of total execution time and decryption time, and the author claims that this algorithm provides a better result than the existing algorithm.

Previous research analysis
Based on research done in past years, it is considered that this research can be analyzed from the perspective of security. While most of the given approaches prevent from multiple attacks. The security analysis of the studied literature is given in Table 2. The table compares the literature in terms of data security and routing protocol. Manifold deliberate literature does not give both routing and data security approach. Table 3 briefly discusses multiple attacks that can be prevented using different approaches. Even after protecting the data against multiple attacks, these mentioned approaches suffer from multiple disadvantages. The research in Ullah et al. 5 uses AES for encryption of the data, and keys are generated through HECC. The given approach is secure from forward and backward-secrecy; however, using the Random number generator, this approach can be broken. The use of AES makes this approach vulnerable to biclique attacks. Another approach in Manger 27 modifies the RSA where three prime numbers are used instead of two, which makes brute-force attack difficult to occur. The use of RSA, however, makes this approach prone to chosen-ciphertext attack.

Motivation
Data security in WSNs is a major issue, where the security is low which led to related-key, plaintext, or MIM attacks. EGASON 1 could be affected by a plaintext attack and MIM attack. Another major issue of data security in WSNs is that the existing data encryption approaches have either very high response time or high computational time. AES-HECC 54 has high computation time and EGASON 1 led to high response time. A new secure algorithm that will consume less computational time and less response time is introduced. Based on the above literature, a new approach for data encryption is proposed

Proposed scheme
In this section, system architecture and proposed schemes are discussed. First, secure efficient encryption algorithm (SEEA) is discussed. SEEA uses secure modified Diffie-Hellman (SMDH) approach for key generation, which is then used in SEEA. The data are encrypted using SEEA and SMDH, then that data are routed with LEACH. All these approaches are discussed in detail in the following. A notation table is given in Table 4. The following paper shows the procedure of how the RSA is attackable. 79 Small public and private key are can also occur as given in Biham 80 18 E-KM 14 -Because of ECC collision attack occur. 15 And invalid curve attack can also occurs 16 19 ECB_PU 81 -Vulnerable to chosen-plaintext attack 82 20 M.XOR 27 -This proposed algorithm uses PRNG, to randomly generate number uniquely, which make this algorithm suffer from direct cryptanalysis attack, input-based attack, meet-in-the-middle attack, and many more, as proved in Kelsey et al. 38

21
C-AB 50 Eavesdrop does not occur SHA-3 can get effected from differential attack 51 22 E-AES 83 -The problem occurred in the planned procedure is security, high complexity and has high communication overhead, as mentioned in Ullah et al. 5 (continued) The proposed approach is divided into three phases. Each phase is designed to have less computational and response time. The three phases designed are given below. LEACH for WSNs is introduced to provide secure data communication between two parties. LEACH delivers secure communication between sensor nodes and protects from various attacks.

SEEA
SEEA is a new efficient encryption algorithm for WSNs. This method is designed in terms of less computational and less response time. Since the proposed approach does not require additional complex steps, this gives advantages in reducing the computational time. The proposed approach is divided into two phases: in the first phase, the key is generated and in the second phase, the proposed encryption algorithm is applied.

Phase 1: key generation
In the key generation phase, two parties who want to build communication decide a common p and g value, The new algorithm is given using honey encryption, which uses hash function making the whole algorithm at risk Wagner's generalized attack as proved in Coron and Joux 84 A recovery attack can also occur 66 28 ECDH-KE 30 -This algorithm uses RSA, which makes it is insecure from a chosen-ciphertext attack. 28 The proposed algorithm also uses ECDH, which makes this vulnerable to man-in-themiddle attack 31 29 AES-HECC 5 Protection against forward-secrecy, and backward secrecy Uses Random number generator, there exist methods that can be used to decrypt a random number generator. 19 Usage of AES makes that biclique attacks can occur in AES, as proved in Bogdanov et al. 20 30 XOR-Chaotic maps 7 -Having some fundamental security faults that make it weak and almost infeasible for securing medical images. Disadvantages of weak keys, fixed chaotic sub-matrices, and plain-image insensitivity as mentioned in Ahmad et al. 8  SMDH MIM attack is a very common attack over the network, where data can be easily changed. SMDH helps prevents MIM attack in Diffie-Hellman. The generated key of any encryption needs to be secure unless the security of any algorithm will fall apart.
Hashing is used for the longest time to provide secure communication between communicating parties. The basic concept of hashing is to make the original data convert into a format that is meaningless and difficult to break. Only the communicating parties can break the hashing, which allows hashing to work as an authentication method. The hash value can only be calculated if the right method and values are used, and only the communicating parties are able to perform this task.
SMDH approach modifies Diffie-Hellman using a hashing function to overcome the MIM attack. The receiver is the only person who can generate correct hashing value due to the knowledge of knowing correction function and parameters. To calculate the hashing value, an efficient hashing function is introduced.
All values in Diffie-Hellman, such as P1, P2, P, and G, are insecure. Before passing these values over the network, a hash value is calculated. Any value (e.g. P1) is first converted into binary form. After this conversion number of 1's is calculated and stored that number into a temporary variable such as Temp. The mod is then calculated of P1 and Temp. The outcome from mod value is attached to the original P1 binary value. To separate the hash value from the original P1 value, the number of zero's is calculated. The number of zeros will help to add that specific amount of special character in between the original P1 value and hash value. This minor hash value calculation will help to protect those flaws in Diffie-Hellman, and at the same time keeping the computation time low. The algorithm of SMDH is given in Table 5. In Figure 4, an overview of the modified Diffie-Hellman approach is given. The proposed approach will help to prevent MIM attack. The following steps discuss the working of the SMDH approach.
1: Person A and Person B decide two common parameters, known as P and G.   Table 5. Secure modified Diffie-Hellman.
Key generation (using secure modified Diffie-Hellman) Step 1. Two communicating parties select common P and G Step 2. h(P) and h(G) are calculated Step 2.1. P and G value convert to binary Step 2.2. Temp = Calculate number of 1's in P and G (e.g. Temp = 3) Step 2.3. P = (P mod Temp) and G = (G mod Temp) Step 3. Both parties select a private number, which is not shared over the network ever (e.g. person 1 chooses a, and person 2 chooses b) * NOTE (private numbers are chosen randomly) Step 4. The receiver calculates the hash value again using steps 2.1 to 2.3 Step 5. Now generate the key in a fashion that Person1Key = G a modPandPerson2Key = G b modP (a) Step 5.1. Person1Key and Person2Key value convert to binary Step 5.2. 1 = Calculate the number of 1's in Person1Key and same for Person2Key (e.g. Temp1 = 3) Step 5.3. Person1Key = (Person1Key mod Temp1) and Person2Key = (Person2Key mod Temp1) Step 6. exchange (Person1Key with person2 and Person2Key with person1) Step 7. Received keys are (person1 = Person2Key) and (person2 = Person1Key) Step 8. The receiver calculates the hash value again using steps 5.1 to 5. 3 Step 9. Now use the obtain value to generate the official key.
Step 10. Key a = Person2Key a modP and Key b = Person1Key b modP Step 11. Therefore Key a = Key b Step 12. Both parties use the generated key for the encryption and decryption 4: Person B will calculate the hash value of both P and G using the same process from steps a to g. 5: Person A calculates P1 = G A mod P.
6: Then takes hash of P1 using steps a to g. 7: Person B calculates P2 = G B mod P. 8: Then takes hash of P2 using steps a to g. 9: Both parties than pass these values to each other. 10: After receiving these values at appropriate place, the hash is again calculated. 11: Person A then calculates KeyA = P2 A mod P. 12: Person B then calculates KeyB = P2 B mod P.

Phase 2: encryption algorithm
In Figure 5, the proposed encryption and decryption approach is given. The plaintext is first converted into ASCII decimal values and then converted into binary values. The key is also converted into binary. After obtaining the binary values of both plaintext and key, they are XNORed. Since the key is never able to be known by the attacker, the XNORed will take the plaintext complex and unable to be read. After the XNORed is performed, obtain unreadable data are shifted once toward the left side. This will generate a new unreadable text. Then 1's complement is performed on the obtained text. The final stage is dividing the temporary ciphertext into two subsets; these subsets swap their positions with each other. The final obtain ciphertext is then passed converted back into ASCII values and passed to the destination.
In the decryption phase, the ciphertext is converted into binary. The obtained data are used, where the text is divided into two subsets. These subsets' positions are swapped with each other. Then one's complement is taken of this text to process the decryption. The text obtains from the last step is then shifted once toward the right bit by bit. This text will then be XNORed with the key, which was generated through the Diffie-Hellman. After all this process the original message is generated back again. Using Diffie-Hellman for the key generation, it is not possible to break this cipher. Using multiple operations, the cipher is built more secure.
Since the plaintext is XNORed with the key, therefore it is not able to break until the key is known, and the key will not be known unless the secret variable of either of the parties is known, which is not possible since it is never sent over the network. Table 6 describes the working of the proposed algorithm in steps. The step is discussed in detail underneath. First, the key is generated using Diffie-Hellman and converted into binary. After the key generation, encryption is performed.

Encryption process
Step 1. Any plaintext is decided which the sender wants to send to the receiver end.
Step 2. After the plaintext is decided, each letter of the plaintext is converted into an ASCII decimal value (e.g. a = ''97''). After the decimal value is calculated, this specific value is then converted into an 8-bit binary (e.g. ''97'' = 1100001).
Step 4. Results attain from step 3 is shifted on the left side once (e.g. 101 = 011) Step 5. One's complement is taken of output obtained from step 4.
Step 6. The above-generated output is divided into two subsets (e.g. 1011 = 10 and 11). These subsets then change places as (e.g. 1110). This step changes the binary overall, making the algorithm difficult to break.
Step 7. After all the encryption steps are performed, there last obtain value in step 6 is converted into ASCII decimal and then into the alphabetic letter. Table 6 also discusses the decryption process of the proposed algorithm. Decryption is the inverse of encryption steps. The decryption process steps are discussed below in detail.

Decryption process
Step 1. The receiver obtains ciphertext, which held not any meaning.
Step 2. After receiving the ciphertext, each letter of the ciphertext is converted into an ASCII decimal value. After the decimal value is calculated, this value is then converted into 8-bit binary Step 3. The results from step 2 are then divided into two subsets (e.g. 1110 = 11 and 10).
Step 5. One's complement is taken of results gained from step 4.
Step 6. This output is then shifted toward right once.
Step 7. This result generated in step 6 is XNORed with the private key of the receiver side.
Step 8. After all the decryption steps are performed, the value is then converted into ASCII decimal and then into character (letters).
SEEA is not a heavy encryption algorithm since the encryption steps are kept simple yet the hashing in key generation makes SEEA difficult to break. Hashing appends the data so that the original length of any specific data becomes unknown and make it difficult for the attacker to know the original data. SEEA will reduce have less computational and response time because of its simplicity.

Phase 3: LEACH
LEACH for WSNs is introduced to provide secure data routing between two parties. LEACH delivers secure communication between sensor nodes and protect it from various attacks. The working of SEEA on LEACH is given in Table 7. This research approach uses the LEACH protocol for routing. The working of the whole approach is given in Table 7. LEACH protocol uses clustering approach, where clusters heads are selected randomly. After the selection of the cluster head, the communication starts. Multiple steps are discussed in Table 7. These steps show the path of how the communication is built between two nodes using the LEACH protocol and are discussed in detail in the following.
Step 1. The sender sends data or key parameters to its closest cluster head.
Step 2. This sender cluster head sends the data to sink node Step 3. The sink node route the data to the receiver cluster head Step 4. This receiver cluster head than forward the data to the receiver node.
The steps 1 to 4 are repeated accordingly. The same process is used when is key is being generated between two nodes and when the communication between two nodes is being formed. An overview of LEACH working is also given in Figure 6.
Step 3. Sender node selects two random number P and G and calculates the hash of both values h[(P|| h(P)) & h(G|| h(G))]; here P and G are random prime if t is part of array then 4: temp 3 = divide data in two sets in (temp 4 ) and store as: set1 = n 2 tonandset2 = 1to n 2 5: temp 2 = swap (Set1, Set2) 6: temp 1 = take1 0 scomplimentof (temp 2 ) 7: temp = left shift each bit once in (temp 1 ) 8: Plaintext = XNOR key, plaintext ð Þ 9: end if 10: end for 11: else 12: generate key first, then go to step 1 13: end Table 7. Secure efficient encryption algorithm.   Step 5. Sender node cluster head sends the hash of P, G, sender node cluster head ID to sink node here h is again used for hashing and P and G are randomly generated prime numbers. Finally, ID CH N 1 is the ID of the sender node cluster head.
Step 6. Sink node sends the hash of P, G, sink node ID to receiver node cluster head h[(ID SN || (P|| h(P)|| ID SN ) & (G|| h(G)|| ID SN )]; here h, P, and G are the same as mentioned in the above steps. Then, ID SN is the ID of the sink node.
Step 7. Receiver node cluster head sends the hash of P, G, receiver node cluster head ID to receiver node h[(ID CH N 2 || (P|| h(P)|| ID CH N 2 ) & (G|| h(G)|| ID CH N2 )]; here, h, P, and G are the same as mentioned in the above steps. Then, ID CH N 2 is the ID of receiver node cluster head.
Step 8. Receiver node sends the hash of (K2 temp = G B mod p) receiver node ID to receiver node cluster head where h is used for generating hash value. K2 temp is the temp value which will be later used for key generation. B is the secret value of the receiver node. Finally, ID N2 is receiver node ID.
Step 9. Receiver node cluster head sends the hash K2 temp = G B mod p receiver node ID to sink node h[K2 temp || ID CH N 2 || h(K2 temp = G B mod p|| ID CH N2 )], where h is used for generating hash value. K2 temp is the temp value which will be later used for key generation. B is the secret value of the receiver node. Finally, ID CH N 2 is receiver node cluster head ID.
Step 10. Sink node sends the hash of K2 temp = G B mod p and sink node ID to sender node cluster head h[K2 temp || ID SN || h(K2 temp = G B mod p|| ID SN )]; here all variables such as h, K2 temp , and B are the same as above, and ID SN is the ID of the sink node.
Step 11. Sender node cluster head sends the hash of h(K2 temp = G B mod p), and sender node cluster head ID to sender node. h[K2 temp || ID CH N1 || h(K2 temp = G B mod p|| ID CH N 1 )]; here, all variables such as h, K2 temp , and B are the same as above, and ID CH N 1 is the ID of the cluster head of the sender node.
Step 12. Sender node sends the hash of (K1 temp = G A mod p) sender node ID to sender node cluster head h[K1 temp || ID N1 || h(K1 temp = G A mod p|| ID N1 )], where variable h is then used to generate a hash value and K1 temp is the temporary value which is later used for key generation. A is the secret value of the sender node. Finally, ID CH N 1 is sender node cluster Step 13. Sender node cluster head sends the hash K1 temp = G A mod p, sender node cluster ID to sink node h[K1 temp || ID CH N 1 || h(K1 temp = G A mod p|| ID CH N 1 )]; here all variables such as h, K1 temp , and A are same as above, and ID CH N 1 is the ID of the sender node cluster head.
Step 14. Sink node sends the hash of K2 temp = G B mod p and Sink node ID to receiver node cluster head. h[K1 temp || ID SN || h(K1 temp = G A mod p|| ID SN )]; here all variables such as h, K1 temp , and A are same as above, and ID SN is the ID of the sink node.
Step 15. Receiver node cluster head sends a hash of h(K2 temp = G B mod p), and receiver node cluster head ID to receiver node h[K1 temp || ID CH N2 || h(K1 temp = G A mod p|| ID CH N 2 )], where all variables such as h, K1 temp , and A are same as above, and ID CH N 2 is the ID of the cluster head of the receiver node.
Step 16. Sender node calculates its key by K N1 = K2 temp^A mod P; here K N1 is the sender node key. K2 temp is the temporary value generated from the above steps. A and P are the same as mentioned in the above steps.
Step 17. Receiver node calculates its key by K N2 = K1 temp^B mod P; here K N2 is the receiver node key. K1 temp is the temporary value generated from the above steps. B and P are the same as mentioned in the above steps.
Step 18. Sender node selects any plaintext for sending.
Step 19. Sender node then converts that plaintext into ASCII value Step 20. Then that ASCII value to binary.

If Key is generated
Step 21. Sender node then uses the key generated in step 16 and XNOR it with the binary value in step 20 Step 22. This temporary ciphertext is then left shift by 1 bit.
Step 23. One's complement of ciphertext in step 22 is taken Step 24. Text in step 23 is divided into two subsets and then the places of these subsets are swapped.
Step 25. After performing all the encryption steps, the obtain binary is then converted into ASCII value.
Step 26. Sender node then converts that text into character and this is the finally obtained ciphertext.
ELSE (if the key not generated then generate key first then go to step 22) Step 27. Sender node then sends the encrypted text and sender node ID to the sender node cluster head.
[ID N1 || Encry (ciphertext|| h (ID N1 ))]; here h is the variable used for hashing. Encry is used to mention that the text is encrypted. ID N1 is the ID of the sender node.
Step 28. Sender node cluster head sends encrypted text and sender node cluster node Id to sink node.
[ID CH N 1 || Encry (ciphertext|| h (ID CH N 1 ))]; here h is the variable used for hashing. Encry is used to mention that the text is encrypted. ID CH N 1 is the ID of the cluster head of the sender node.
Step 29. Sink node then sends that encrypted text and sink node ID receiver node cluster head. [ID SN || Encry (ciphertext|| h (ID SN ))]; here h is the variable used for hashing. Encry is used to mention that the text is encrypted. ID SN is the ID of the sink node.
Step 30. The receiver node cluster head then sends the encrypted text and receiver node cluster head ID to the receiver node. [ID CH N 2 || Encry (ciphertext|| h (ID CH N 2 ))]; here h is the variable used for hashing. Encry is used to mention that the text is encrypted. ID CH N 2 is the ID cluster head of the receiver node.
Step 31. After the receiver node had obtained the encrypted text, it then redoes all steps 19-28 in backward positions.

Experimental results and discussion
The results are measured based on multiple parameters, such as encryption time, decryption time, response time, and computational cost.

Simulation setup
The proposed approach uses the LEACH protocol for routing as described in section ''Proposed scheme.'' It is workable for 5-100 nodes and can run 10 or more rounds in the LEACH protocol. The simulation area on which algorithm was tested is 100 3 100. MATLAB is used for implementation. A testbed setup is given in Table 8. An overview of this setup is given in Table 9.

Setup /environment phase
The platform used is MATLAB 2013a. The proposed approach uses the LEACH protocol for routing. The simulation area on which the algorithm is tested is 100 3 100. The number of nodes used is at most 100 nodes and at least 5 nodes. In terms of key, the size can be 2 10 maximum and 2 5 minima. In terms of plaintext, the size can be 2 10 maximum and 2 5 minima.

Computational time
The parameter calculates the amount of time an algorithm takes on a specific amount of data. The results of the proposed approach are compared with the research results in the study by Singh et al. 14 Table 2 in the study by Singh et al. 14 shows the performance of their proposed scheme. Where the key generation, encryption, and decryption are performed on 10-byte length of data where the key varies in terms of different ECC values generated. Our proposed approach is tested on three different data lengths, and the key size is the same, yet secure at the same time. The proposed approach updates the key at every round and performs  Table 9. Protocol working.
Secure efficient encryption algorithm (SEEA) Step 1. N1 N1-CH Step 2. N1-CH SN Step 3. SN N2-CH Step 4. N2-CH N2 better than the research approach in the study by Singh et al. 14 Since the key is generated through the SMDH approach, it is highly difficult to break because the private key of both parties is never passed over the network and random numbers are used to generate common parameters for the public key. Table 10 explains the length of the data versus the amount of time taken to generate key, encryption, and decryption. In Figure 7, the computational time of the SEEA algorithm is given using the data in Table 10.

Key generation time
This parameter calculates the time required to generate a key for each round. In Figure 8, key generation time is calculated for different lengths of data given in Table  10. The time is measured in nanoseconds. Diffie-Hellman is used for the unique key generation. Different amount of key length is tested in terms of the amount of time it takes for different lengths of data.
The key generation time for data length10 is about 37,333 nanoseconds, which is suitable for the WSN environment.

Encryption time
This parameter calculates the time required for the execution of the proposed methodology of encryption and decryption. The algorithm that takes less encryption time is considered efficient. This proposed encryption algorithm is tested for different lengths of data in terms of the amount of time it takes for each data. Figure 9 discusses the multiple data length versus the amount it takes for them to encrypt. If the data length is 15 bytes, the proposed encryption scheme will take about 59,000 ns to encrypt. 59,000 is 5.9E-5 in seconds, which is very faster. The proposed approach takes very little time to encrypt; therefore, this approach can be considered a better approach for the WSN environment.

Decryption time
This parameter calculates the time required for a message to generate plaintext from the obtained ciphertext. This proposed algorithm is tested for different lengths of data in terms of the amount of time it takes for each data to decrypt if the key is known. Figure 10 discusses the multiple data length versus the amount it takes for them to encrypt. If the data length is 45 bytes, the proposed scheme will take about 122,990 ns to decrypt. The time is possible only if the key is known, without knowing the key the decryption would not be possible. Figures 9 and 13 show the encryption and decryption time of the proposed approach. As the amount of the increase in terms of bytes, encryption, and decryption time increases as well. Proposed approaches take less time as compared to the approach given in Singh et al. 14 The proposed encryption methodology provides data security, has less encryption time and decryption as shown in Figure 10.

Key generation time comparison
The results in the study by Singh et al. 14 are compared with the proposed approach on behalf of one string of length 10. The word ''Networking'' is testing both the existing algorithm and the proposed algorithm. The proposed approach takes less time in key generation, encryption, and decryption compared to the existing approach. Figure 11 shows an overview of the existing approaches versus the key generation approach used in the proposed approach. This figure clearly shows that Diffie-Hellman works faster than the key generation approach in the study by Singh et al. 14 Since our approach takes less time, therefore, could be considered a better approach than the approach discussed in the study by Singh et al. 14 As shown in the figure, ECC-109 in the study by Singh et al. 14 takes 8,975,762 ns and Diffie-Hellman takes 37,333 ns, which is far less than the approach used in the study by Singh et al. The next values, however, are assumed by calculating the percentage of data that are increasing significantly. The equation used to calculate the percentage between the generated data and the existing data as given in equation (1). Where V1 is the value of the proposed algorithm result, which is in this case 37,333, and V2 is the other value, such as 7,029,520. To calculate the new value with the percentage, equation (2) is used. In equation (2), V2 is the existing algorithm values, and the percentage is the value obtained from equation (1). After using these equations, new assumption values are calculated. After the calculation, it can be clearly seen that the proposed algorithm will work better even if the data are increasing significantly.    Percentage calculation New value calculation Encryption time comparison The proposed encryption approach is compared with the encryption algorithm given in the study by Singh et al. 14 The word ''Networking'' is testing both the existing algorithm and the proposed algorithm. Figure  12 shows the proposed approach works far better than the approach in the study by Singh et al. 14 The proposed approach takes less time to encrypt the word ''Networking.'' The proposed approach takes 16,450 ns to encrypt and the existing approach takes more than 1,285,000 ns. The next values, however, are assumed by calculating the percentage of data that are increasing significantly. The equation used to calculate the percentage between the generated data and the existing data is given in equation (1). Where V1 is the value of the proposed algorithm result, which is in this case 16,450, and V2 is the other value, such as 1,793,860. To calculate the new value with the percentage, equation (2) is used. In equation (2), V2 is the existing algorithm values, and the percentage is the value obtained from equation (1). After using these equations, new assumption values are calculated. After the calculation, it can be clearly seen that the proposed algorithm will work better even if the data are increasing significantly.

Decryption time comparison
The proposed approach is compared with the algorithm given in the study by Singh et al. 14 The word ''Networking'' is testing both the existing algorithm and the proposed algorithm. Figure 13 shows the proposed approach works far better in terms of decryption time than the approach in the study by Singh et al. 14 The given time in Figure 11 is only possible if the key is known to the receiver; otherwise, the decryption process will not be possible. If the key is known, the proposed approach takes 25,853 ns to decrypt, whereas the existing approach in Singh et al. 14 takes more than 1,244,000 ns. The next values, however, are assumed by calculating the percentage of data that are increasing significantly. The equation used to calculate the percentage between the generated data and the existing data is given in equation (1). Where V1 is the value of the proposed algorithm result, which is in this case 25,853, and V2 is the other value, such as 2312532. To calculate the new value with the percentage, equation (2) is used. In equation (2), V2 is the existing algorithm values, and the percentage is the value obtained from equation (1). After using these equations, new assumption values are calculated. After the calculation, it can be clearly seen that the proposed algorithm will work better even if the data are increasing significantly.

Response time
This parameter is used to calculate the time that is taken to react to a given stimulus or event. The response is measured to check how much time does the algorithm takes to execute. In Figure 14, we gave the response time of the proposed approach. As the amount of data increases the response time increases as well. This result showed that the proposed scheme takes less response time for different lengths of data for different rounds, as claimed above in section ''Decryption time.'' The results are measured in seconds. The results in Figure 15 are calculated in terms of the amount of data versus the number of rounds. As it can be viewed that as the number of rounds increases, the time decreases because, in the first round, the data are being gathered which takes up a few times. In round 1, the time is less than 3 s for the highest byte of data, but as the number of rounds increases the  time is about less than 1 s for the highest byte of data.
The reason for the decrement in time is that the calculations of the whole algorithm get less as the number of round increases and fewer calculations will result in less response time.

SMDH versus Diffie-Hellman
SMDH is a modified version of Diffie-Hellman. Diffie-Hellman is highly vulnerable to MIM attack because this approach shares values over an unauthorized network. the values which are shared over an unreliable network can be accessed by an attacker and the values, therefore, can be modified. To prevent this scenario, SMDH is introduced. SMDH uses hashing approach to produce a hash of each value that will be shared over the network as discussed under section ''Proposed scheme.'' Hashing helps prevent MIM, which solves the problem in Diffie-Hellman.

Security and attacks analysis
There are multiple measurements used to check the security of algorithm against multiple attacks. When working with cryptography, multiple attacks can occur through on the network, which needs to be taken care when providing a secure cryptography approach

Plaintext attack
This attack occurs when the attacker can access both the plaintext and the ciphertext. This attack is considered a very basic attack on cryptography algorithm. When the sender sends data for encryption, the attacker can capture chunks of that plaintext. The key is sent over the secure channel, so it is never known to the attacker. With the help of some known cipher and plaintext, the attacker tries to generate the method used for encryption, which is later used for further decryption of ciphertext. Proposed approach does not send plaintext over the network at all, only ciphertext is sent.
Since the key is also never sent over the network, it becomes very difficult for this attack to occur. If the attacker can capture some chunk of ciphertext, it will still be impossible for this attack to occur since the key is updated at each round and the ciphertext changes at each round. An overview of how this attack is not possible while following the proposed approach is given in Figure 15.

COA
In cryptography, a COA or known-ciphertext attack is an attack model for cryptanalysis where the attacker is presumed to have access only to a set of ciphertexts.
The attack is completely successful if the corresponding plaintexts can be deduced (extracted) or, even better, the key. It is very difficult for this attack to occur, because even though ciphertext is passed over the network, but the key is never sent over the network. Proposed approach shares key through common parameters rather than using a secure channel. Since secure channel is not used to pass the key, key will not be known to the attacker which makes it very difficult for the ciphertext to decrypt. Without the key, it is not possible for the ciphertext to be decrypted there is a high chance that this attack will not occur while using the proposed scheme. Figure 16 shows an over of how this attack is not possible on the proposed approach. Analyzing the   ciphertext is possible if key can be recovered. It is very difficult to recover key while using the proposed approach and this makes it very challenging for this attack to occur.

Related-key attack
In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. In Figure 17, we show a scenario of how this attack is not possible on proposed approach. For example, the attacker might know that the last 80 bits of the keys are always the same, even though they do not know, at first, what the bits are. Since proposed approach does not use the same key at each round of LEACH protocol, this attack becomes difficult to occur. In case if the key is known to the attacker, that key will only work for one encrypted text, since new key is generated at every round. It is very difficult for the attacker to obtain the key because only specific parameters are used to generate unique and the private parameters are always kept secret.

MIM attack
A MIM attack involves three players. There is the victim, the entity with which the victim is trying to communicate, and the ''man in the middle,'' who's interrupting the victim's communications. In Figure 18, a scenario of how this attack is not possible on proposed algorithm is given.
Diffie-Hellman is highly vulnerable to MIM. This attack will lower the security level by accessing all the private parameter values. To secure proposed approach from this attack, hashing is used in Diffie-Hellman. After modifying Diffie-Hellman using hash function, this proposed is secure from MIM attack. Only two communicating parties can generate the correct hash value, which is why this attack becomes meaningless in proposed approach.
Further man in the middle attack is possible if the attacker can hear the secret conversion between the two communicating parties. In proposed scenario, if the attacker can capture the packets being sent between the two parties, the obtain packets will be encrypted. The encrypted data can only be decrypted if the key and the encryption algorithm is known. Since private and public key concepts are used for the generation of keys, it is very difficult to know the key because the private key is never sent over the network. If the key is not known, it becomes very difficult for an unauthentic person to recover the data. Symmetric key is share over the network, where the attacker can obtain the key can use it to recover the data. However, asymmetric approach   does not require the key to be sent over the network, which makes proposed approach more secure against man in the middle attack.

Conclusion
A WSN is a spread network and it contains a large amount of circulated, self-focused, tiny, low motorized devices called sensor nodes. Even though the sensor network is commonly being used, they are very complex due to the limited amount of energy and memory they can use. With multiple other issues, data security is one of the major issues in WSNs, since the data traveling over the network is never safe due to the reason that multiple attackers can access the data. The data need to be protected from the attacker, which is why the data are encrypted to turn it into a form that is not readable. Multiple approaches have been used to encrypt the data for security, but due to some flaws, these approaches are not considered suitable for WSNs. In the study by Elhoseny et al., 3 approach is given where the author uses the ECC, node ID, and distance between the node to generate the key and then this key is used for encryption and decryption. This method is helpless to brute-force attack. 4 The usage of PRNG in this approach can help the intruder to use the short period of pseudo-random number generator (PRNG) to generate private keys. 21 In the study by Ullah et al., 5 another technique of data security for WSNs is given. The following approach uses HECC for key generation and AES is used for the encryption of the data. The high computational time of AES is a major flaw with additional flaw usage of random number generator, there exist methods that can be used to decrypt a random number generator 21 and usage of AES makes that biclique attacks occur in AES, as proved in the study by Bogdanov et al. 20 To overcome the drawbacks mentioned above, a secure light data encryption approach is proposed. This approach will have less computational time. Since proposed methodology has less computational and response time, it can be considered the best fit for WSN security. The proposed approach also prevents plaintext, ciphertextonly, related-key, and man in the middle attacks.

Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding
The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This project was funded by the Deanship of Scientific Research (DSR), King Abdul-Aziz University, Jeddah, funded this project under grant no. (D-370-611-1441). The authors, therefore, gratefully acknowledge DSR technical and financial support.