Lightweight load-balanced and authentication scheme for a cluster-based wireless sensor network

Clustering technology is one of the crucial technologies to prolong the lifetime in wireless sensor networks. However, most cluster schemes choose cluster head randomly to send data without considering load balancing and security. In addition, some cluster heads in the highly active area may be overloaded, while others in the low active area may be overloaded, which may easily lead to extreme imbalance in task allocation. Our research on relevant literature shows that the existing authentication schemes do not fully consider the load balancing of cluster heads, while the load balancing schemes ignore the security authentication of cluster heads. Therefore, this article effectively combines load balancing and security verification, and proposes a lightweight load balancing and verification scheme (secure load and energy balancing) based on clustered wireless sensor networks. Secure load and energy balancing implements cluster head’s authentication and confidentiality and integrity of all messages in load balancing. This scheme not only effectively maintains the energy balance of the whole network but also successfully improves the security overhead, thus prolonging the network lifetime. The simulation results show that compared with other similar schemes, this scheme has higher packet forwarding rate, longer network life, and lower overhead. This further proves that the scheme is energy-saving, safe, dynamic, stable, and sustainable.


Introduction
Wireless sensor network (WSN) consists of a variety of sensors distributed in space, which are used to monitor and sense the environment, such as temperature, humidity, light, sound, vibration, pressure, location, and even military terrain, and to transmit data to the base station (BS) through the network for processing. 1 For many researchers, WSN is a challenging research field, and it plays an important role in the Internet of Things, cloud computing, edge computing, and other fields. 2 WSNs may be deployed in harsh remote environments. 3 The network is more vulnerable to some malicious attacks due to its unattended policy of deployment. Moreover, sensor nodes have limited resources and battery powered, so energy efficiency is one of the most critical problems faced by any WSN.
The energy consumption over a wireless network can be minimized by partitioning the sensor nodes as cluster heads (CHs). These CHs require more energy for data gathering and transmitting to BS. There are many routing protocols in WSN to distribute the energy consumption to CHs. CH is also responsible for authenticating the nodes that are allowed to join in a cluster and communicate with a network. Consuming more resources may result in a negative impact on lifespan of a network. Therefore, WSN need to use the smallest power consumption to achieve maximum security in order to achieve secure communication among nodes. 4 When a network is said to have secure data transmission, it obviously results in energy consumption by providing authenticity, confidentiality, and integrity to the nodes. Hence, optimal energy utilization, thereby maximizing the network lifetime and insuring safety, is of prime importance in environments requiring high security.
However, when many sensors send a lot of data to the same CH, it is easy for the CH's energy to be exhausted if it does not offload the neighbor CHs. 5 The availability of CH services in data fusion, routing switching, and other technologies has also been greatly improved. At the same time, the energy-saving problem of sensor networks has also attracted people's attention to the load balancing problem faced by CH. In order to solve the problem of load and energy balance, various new research technologies have been proposed, but they cannot solve the problem of CH security deployment and verification at the same time. Since CH deployment is usually in remote unattended scenarios, deployment is an important step before any load and energy balancing. In addition, because the network structure of CH deployment is distributed, load balancing can also be applied to distributed scenarios, which can be divided into dynamic load balancing and static load balancing. 6 A major disadvantage of static load balancing is that it does not take into account the state of the target CH when determining load balancing. Dynamic load balancing uses a more real-time approach by considering the current load and energy on a single CH and recommending the target CH accordingly. This enables tasks to be dynamically allocated from overloaded CH to lower load or idle CH. Compared with the static method, the dynamic method is difficult to implement, but it poses a higher challenge and value for the dynamic solution of load and energy balance. In view of the above advantages, this article considers dynamic load and energy balance as well as security verification issues.
The node energy limitation requires that microcontroller has less compute power. Various encryption and decryption algorithms-such as Data Encryption Standard (DES), Rivest-Shamir-Adleman (RSA), Advanced Encryption Standard (AES)-are highly secure, but the nodes may require higher amounts of energy and additional computational capabilities. RC4 is a stream encryption algorithm, which originated in 1987 and is now considered unsafe. Compared with RC4, the key length of RC5 is 128 bits, but RC5 still needs only basic addition, exclusive, or cyclic operations and can be implemented on many hardware. 7 Hence, encryption algorithms RC5 are well suited for implementation using WSN nodes. In this work, RC5 algorithm is considered.
A suitable network deployment in addition to energy-aware protocols is very important in the cases mentioned above. There are many solutions to implement authentication in existing distributed systems, but they are not suitable for CH deployment and authentication in WSNs. Due to the hostility of CH deployment, authentication becomes the main problem in identifying target CH for load and energy allocation. Existing deployment technologies authenticate network nodes without obtaining target loading information and residual energy. This poses new challenges in building dynamic load and energy balance through appropriate deployment and authentication. In this article, we propose a secure deployment scheme to select CH for load and energy balancing. The following is a summary of the main contributions of this proposed methodology: The proposed approach is an adaptive CH deployment and authentication technique which once initiated enables the CHs to authenticate each other using the BS credentials. We propose an adaptive CH deployment and authentication technology in WSNs. Once deployment is started, CH can use BS credentials to authenticate each other. The scheme also considers the real-time load and energy on each destination CH to achieve dynamic load and energy balance. During the deployment process, the scheme especially considers the minimization of communication overhead. The approach combines the above dynamic load and energy balancing data with deployment and authentication, and applies them to clustered WSNs. The performance of the scheme is evaluated and simulated, and the effectiveness and stability of the scheme are verified.
The rest of this article is structured as follows: section ''Related works'' discusses the related work of this article. Section ''Proposed solution'' elaborates on a secure dynamic load and energy balancing solution. Section ''Security evaluation'' presents the evaluation of our model. Section ''Performance simulation'' simulates the performance and efficiency of the proposed solution through simulation experiments. Section ''Conclusion'' gives the conclusions and future work.

Related works
This section briefly introduces the background research of related work, and analyzes the problems faced by the proposed solutions. When sensor nodes unload their tasks to neighbor CHs, there are differences in load, energy, location, especially security on different CHs. Because some CHs in high activity areas may be overloaded, while others in low activity areas may be idle or have very small workload, this can easily lead to extreme imbalance in task allocation. At present, researchers have put forward many strategies to solve the load balancing problem and security deployment and verification.
In order to overcome the excessive load in the high active area of WSNs, Palani et al. 5 proposed a load balancing technology combined with routing protocol, which can effectively utilize multiple mobile sensors and use load balancing technology to balance the load of sensor nodes. However, there are congestion problems in the sink nodes of multiple mobile sensors, which increases the energy consumption of sensor nodes. Masdari and Naghiloo 6 proposed a receiver selection algorithm based on distributed fuzzy logic, which can effectively prevent the congestion of sink nodes and load balancing between receivers. In order to reduce the discarding problem caused by the overflow of data queue in CH, Gherbi et al. 7 proposed a hierarchical energy balanced multipath (HEBM) routing protocol, which balances the energy dissipation between sensor nodes and prolongs the lifetime of the network. Gherbi et al. 8 also proposed a distributed energy efficient adaptive clustering protocol (DEACP), which has the characteristics of load balancing and self-adaptation. It can reduce the energy consumption of the whole network, balance the energy consumption between sensors, and prolong the lifetime of the network. Neamatollahi et al. 9 proposed a distributed energy efficient protocol using two techniques: local reclustering and multi-criteria cluster formation. The protocol prolongs the lifetime of WSNs by decreasing clustering overhead. In order to minimize data redundancy and maximize network lifetime, Hassan and Abdellah 10 proposed an enhanced clustering hierarchy (ECH) method to achieve energy efficiency of WSNs by sleeping and waking overlapping nodes and adjacent nodes. In order to design an efficient cluster for load balancing, Edla et al. 11 proposed a new fitness function based on the number of gateway loads and overloaded nodes. The cluster algorithm based on shuffled complex evolution of particle swarm optimization (SCE-PSO) improved the lifetime of WSNs. In order to minimize the communication distance between CH and BS using multi-hop technology, Al-Zubi et al. 12 designed a new method to select the initial CH, and proposed an improved energy-aware routing protocol for fixed cluster. The protocol balances the workload of all nodes in the network and reduces the energy consumption in the network. Samal et al. 13 implemented a stable selection protocol (SEP) and a load balancing protocol, and proposed a new method to maximize the lifetime of WSN by combining energy sensing and load balancing in heterogeneous WSN, which achieves a uniform load distribution of each node's energy capability. CALB algorithm is a fully distributed algorithm that only needs to communicate with adjacent sensors. Khoulalene et al. 14 proposed a cluster-based load balancing clustering algorithm, which optimizes other resources and prolongs the lifetime of no network. In order to optimize the transmission of network control messages and reduce network overhead, TTall et al. 15 proposed a collaborative load balancing algorithm (CoLBA), which uses prediction method to avoid packet queue overflow and optimize the transmission of control messages.
Similarly, CH's security authentication and deployment are as important as its load balancing in WSN. In order to develop a security authentication protocol for WSNs in coal mine safety monitoring, Kumari et al. 16 proposed an authentication protocol to overcome security problems by authenticating users. Broadcast authentication is a basic security service in WSNs. Benzaid et al. 17 proposed a pair-less identity-based signature verification based on the cooperation between sensor nodes. In order to implement the authentication of real-time applications in WSN, Gope et al. 18 proposed a lightweight anonymous authentication protocol for real-time applications based on WSN to resist denial-of-service (DoS) attacks. Razaque and Rizvi 19 introduced the use of access control and authentication protocols for secure data aggregation (SDAACA), SDAACA protocol by dividing data into small pieces to hide opponent's data, can timely and effectively identify malicious nodes. Zawaideh and Salamah 20 proposed an effective malicious node detection (WT-MND) scheme based on weighted trust, which can detect malicious nodes in cluster WSNs. Khan et al. 21 proposed an LEACH+ + protocol based on intrusion detection framework, which can resist black holes and selective forwarding attacks. Gaber et al. 22 used residual energy, trust value, and neighborhood number to select a CH, and proposed a method of CH selection based on bio-inspiration and trust in WSN. Hima and Rama et al. 23 proposed a lightweight secure and energy-saving LEACH protocol (LS-LEACH), which integrates broadcast authentication algorithms to authenticate users. Kumar and Umamakeswari 24 proposed a general specification-based intrusion detection model (SS-LEACH). SS-LEACH uses signature-based broadcast authentication to distribute code and data, which improves security, but requires high computational complexity. Afianti and Wirawan Suryani 25 used threshold function to limit the number of hash iterations, and proposed a dynamic cryptographic puzzle (DCP). DCP increases the probability of attack and the complexity of signature-based DoS attack. In 2017, Mohit et al. proposed an authentication protocol for wireless sensors in vehicle communication, which guarantees the security of mutual authentication for vehicle communication users. In order to solve the security vulnerability of Mohit et al.'s scheme, S Yu et al. 26 proposed a secure mutual authentication and anonymity security authentication protocol by changing dynamic parameters.
From the above discussion and analysis, these security authentication and deployment schemes do not adequately consider the load balancing of CHs, while the load-balanced schemes neglect the security authentication and deployment of CHs. For CH nodes in WSN, energy and security are equally important. Load balancing is to balance load and energy to secure neighbor nodes, while minimizing overhead as much as possible. This will be a more challenging design. Therefore, a new security authentication and deployment scheme is proposed in this article.

Network architecture
In this section, a well-known clustering mechanism for WSNs is adopted, and a large number of sensor nodes are clustered hierarchically. As shown in Figure 1, each cluster consists of multiple sensor nodes and a CH.
Suppose that all CHs need to be deployed remotely, and each CH uses code division multiple access (CDMA) technology to transmit data to BS. Assuming that all sensor nodes are secure, they can perceive all kinds of data and transmit data to their CHs in the form of time division multiple access (TDMA). In order to balance energy and reduce transmission delay, each channel may choose its secure neighbors to help data aggregation and fusion.
As compared with previous literature review, authentication is not considered in CH load balancing. Therefore, the author designs a cluster-based WSN architecture as shown in Figure 1, and proposes a new deployment scheme, which can not only verify the performance of CHs but also collect the current load information and residual energy of CHs before assigning tasks.
The following sections elaborate on the implementation process of load balancing and authentication scheme based on clustering network, including CH security deployment and authentication process, and how to combine authentication with dynamic load balancing. The notation used in the presented solution description is listed in Table 1.

Secure deployment and authentication
As per CH deployment in WSN, all the CH information must be stored and processed in the BS. In such a clustering WSN, CHs are intermediate layers that collect and fuse data for BS. The scheme assumes that BS is completely trusted, while CH of WSN is considered to be partially trusted at the edge of the network. Accordingly, the authors consider the BS for the initiation of the authentication process. This process starts with the assignment of an initial ID (P i ) linked to the key (K i ) and the session key (K s ) for each CH during the CH deployment (BS!CHs {P i //K i //K s }). It is very important to store secret information and updated keys provided by BS. CHs use trusted modules, such as trusted platform module (TPM). 18 Once initialized, a single CH initiates the deployment and validation process to validate other CH in the neighborhood. This can effectively prevent malicious CHs from being added to load and energy balancing. The key exchange of CHs is determined and updated by BS and CHs.
Assuming that CH-i starts the secure deployment and authentication process. It associates its ID with the relevant key, and then encrypts it with the session key sent by BS (E K s (P i ==K i )). Then, CH-i broadcasts the ciphertext to all neighbor CHs in WSN. Once receive the ciphertext, CH will decrypt it using the session key (D K s (P i ==K i )) issued by BS. A common session key (K s ) is, however, initiated by the BS and provided to individual CHs and is also trusted by other CHs. When the target CH (CH-j) receives the source ID associated with the key, it checks them with the BS to verify the authenticity of the source CH (CH À j ! BSfE K s (P j ==E K j (P i ))g). If BS decrypts the ciphertext and found the ID of the CH-i by checking its' own database, BS then encrypts the ACK packet (E K j (P i ==K i )) with recipient's secret key and sends to CH-j. If CH-i is a node that has not passed the authentication, BS will also respond to the authentication request of CH-j and inform the verification result that it failed. Then CH-j connects the relevant key with its own ID and encrypts them using source relevant key such as (E K i (P j //K j )). Once receiving the ciphertexts, CH-i decrypts it with own secret key and get the P j . The ciphertext is of the format E K s (P i ==E K i (P j )), where P j is encrypted with relevant key K i of CH-i. This integrates own ID to generate a ciphertext using session key of BS. CH-j decrypts the ciphertext using own session key after receiving acknowledgment from BS and then retrieves the relevant key of P j (P j !K j ) and authenticates CH-j. Once the process is authenticated, BS links P j with the relevant key (K j ) and encrypts with relevant key (K i ) of CH-i to send it back to CH-i. After receiving the ciphertext, CH-i decrypts it to get the key (K ' j ), then compares with the relevant key from CH-j. If the match is successful, that is, K j = K ' j , CH-i binds the ID of CH-i and CH-j and encrypts them using the destination's relevant key (K j ). This combination of cipher packets is sent to CH-j, which confirms that both CH-i and CH-j have now been verified by load and energy balancing. The proposed authentication model adopts a method of obtaining authentication information directly from secure BS. Algorithm 1 gives the mutual authentication steps between CHs. Followed by, CH-i links relevant key between it and CH-j (K ij ) with its ID P i and encrypts them with CH-j key such as (E K j (P i ==K ij )), and CH-j responds to CH-i with ACK (E K ij (P j ==P i )). Thus, the newest real-time session key between CH-i and CH-j is generated and stored separately. Finally, there are different session keys between any two neighbor nodes. The process information of security authentication is shown in Figure 2.

Secure load balancing
If a CH CH-i overloads, it will broadcast a control package containing its load information (L i ) and its own ID (P i ) and residual energy (R i ), as a request to other adjacent CHs. Each CH receives a load and energy balancing request package from its neighbor CHs. Here, the P i defines the ID of the CH-i sending the request and L i defines the received load information. A adjacent CH (called CH-j) checks it by comparing the received ID with its own database. If a match is found, CH-j will look for load information and residual energy from the control packets, however. If a match is found, CH-j will look for load and energy information to avoid a possible network attack.
While recipient CH-j processes the load balancing information at CH-i, it checks the load and residual energy information using value of parameters q m and Session key between BS and each CH K i /K j Key of CH-i and CH-j Secret key of ith CH //

Concatenation operation K ij
Session key between CH-i and CH-j AC Acknowledgment q e . If the value of parameter q m is less than or equal to 0.7 (i.e. close to 30% of free processing resources) and the value of parameter q e is more than or equal to 0.5 (i.e. close to 50% of free energy resources), and the energy and computing resource available index (i.e. m c 2 m l and e c 2 e l ) to perform this application task from CH-i, then CH-j initiates to prepare the positive ACK to CH-i. If residual energy and resource of recipient CH-j is more than the required resource to process the application task, then CH-j sends the reply packet to the CH-i. Otherwise, CH-j never responds to the CH-i. If all conditions satisfy, CH-j sends response packet including own identity (P j ), relevant key (K j ) and resource parameters q m and q e . Finally, the response packet is encrypted with the session key K ij of CH-i (E K ij (P j //K j //q m //q e )) and sends it to the CH-i for next processing of load balancing. Once receiving the ciphertexts, CH-i applies corresponding session key that is, K ij to decrypt the data packets (D K ij (P j //K j //q m //q e )). CH-i then authenticates the source ID (P j ) with its own database to find matching ID. If the match is successful, CH-i is then compared with the previously saved key (K ' j ) in own database and the received key (K j ) of the packets decrypted. If the match is also successful, CH-i accepts the response information ACK from CHj, otherwise it is ignored to avoid network attack. In the same way, CH-i receives a large number of replies from different CH in the region. CH-i compares the values of Algorithm 1. Secure deployment and authentication.

Input: BS initialized the shared key and identification to all CHs
Output: all the CHs are authenticated with each other to securely balance the load and energy consumption, and generate shared common keys between any two neighbor nodes. Procedure: 1. BS unicasts the individual CH's ID, key and common shared key: BSÕCH-i{P i //K i //K s } 2. CH-i broadcasts the generated packets: E Ks (P i ==K i ) 3. Recipient CH-j verifies the authenticity of CH-i: CH-jÕBS fE Ks (P j ==E Kj (P i ))g 4. Check CH-i in BS' database 5. If BS found CH-i is a authenticated node, then BS responds the ACK to CH-j: E Kj (P i ==K i ) 6. Else the BS responds to CH-j declining the authentication request. 7. CH-j decrypts the packet: D Kj (P i ==K i ) it to find the key (K ' i ) 8. CH-j matches K j and K ' j . If K j == K ' j , then send the CH-i: E Ki (P i ==K i )) Else don't respond.
9. CH-i authenticates CH-j with BS by following step 3, then GO TO STEP 3. 10. CH-i generates new shared key with CH-j (K ij ), send to CH-j: E Kj (P i =K ij ). 11. CH-j responds to CH-i with ACK: E K ij (P j //P i ). q m and q e from all the authenticated responses (ACK) to find the more residual energy CH with maximum value of q e . If more than two CHs have the same value of q e , then CH-i will select the less loaded CH with minimum value of q m . Finally, CH-i sends load tasks to the most qualified CHs to process them. Algorithm 2 shows the step-by-step process of the SLEB scheme described above.

Security evaluation
By combining theoretical analysis with formal verification, the proposed security deployment and authentication mechanism are evaluated, and the details are discussed as follows.

Security proof
Definition (authentication attacker). Authentication attacker ''Ma'' can initiate attacks on the authenticity of identity, can impersonate the authenticated CH, and can also start the load and energy balancing process. 20 Definition (confidentiality attacker). Confidentiality attacker ''Mc'' refers to the unauthorized person who can identify information when load balancing between CH-i and CH-j. 20 Definition (attacker of integrity). Information integrity attacker ''Mi'' can monitor load information and residual energy, and try to access or modify messages between CHs. 20 Theorem 1. The malicious attacker Ma cannot read the secret vouch of the CH to impersonate the CH to participate in the load and energy balance.
Proof. According to the above definition of the authenticity of the TPM module (the security module of the CH), the attacker Ma cannot obtain secret information such as P i , K i , and K s initiated by the BS. All security information for authentication is initiated by the BS during CH deployment. When the CH starts mutual authentication, they use the BS session key (K s ) to encrypt the initial authentication packet E K c (CH i //K i ), and then use CHs (K i/j ). Each associated key is used to encrypt the communication packet. During authentication, the keying technique used follows RC5 encryption, which is a lightweight, symmetric block cipher with a variable-length key that takes years to decipher.
Hence, it is almost impossible for Ma to obtain authentication credentials. During the authentication process, each CH uses its security module (such as TPM) to retain its key for encryption or decryption. Thus, after the TPM attribute, it is almost impossible to get a process or key from the security module. Therefore, attacker Ma is unable to impersonate CH to participate in load and energy balance. Proof. During SLEB execution, the load and energy balance mechanisms use a new session key for encryption and decryption. The load and energy balance messages are up to date and no old messages are replayed. While load and energy are equalized, CH-i broadcasts the request packet with its own identification and load information and residual energy, that is, (P i , L i ) in the format of Algorithm 1 E K c (P i //K i ). Since the authenticity of the CH identity has been proved in Theorem 1, the authenticity of the message is ensured. Upon receiving the load information and the remaining energy, the recipient CH-j responds to CH-i by encrypting with the new session key K ij of the destination CH. Subsequently, CH-i uses its K ij to decrypt. According to Algorithm 2, in the key exchange and load and energy balance process, due to the authenticity of the CH identity and the new session key, intruders Mc and Mi cannot participate in the load and energy balance process. Therefore, SLEB can resist attacks on confidentiality and integrity. then response packet: {(E K ij (P j //K j //q m //q e ))}. Else ignore the packet: {P i ,Li i }. 5. CH-i performs D K ij (P j //K j //q m //q e ) 6. If ((P j, Kj j ) is in database) then CH-j executes step 7. Else CH-j doesn't continue to process the packet. 7. CH-i selects CHs with maximum value of q e in all neighbors. 8. If (exist more than two maximum value of q e ) then selects the CH with minimum value of q m for load balancing.
Theorem 3. SLEB is a dynamic, sustainable and efficient safe operation mechanism by choosing CH with less load and more energy to balance the load.
Proof. SLEB uses a BFS (broadness first search) solution to balance the load between CHs in the sensor network to ensure efficient operation. Wherein, the searched network is defined as G (V, E), and N(v) defines the number of neighboring nodes, where V is CH. R(CH 1 , CH 2 , ..., CH n ) is the set of neighboring CHs from the network. CH 2 V, all CHs are within the range of load and energy sharing. The source CH broadcasts overload information so that the receiver CH may share the load and energy. Next, the CH receives x responses, where 1 ł x ł n. As follows the technique proposed by the authentication solution during the initial broadcast (refer to Algorithm 1), CH-i receives the response with E K ij (P j //K j //q m //q e ), reflecting the security of SLEB. The data packet queries real-time information about the current load (q m ) of the recipient CH and the current energy (q e ) after identifying the authenticity of the received data packet. It reflects the combination of SLEB's security and dynamic data, making SLEB run more efficiently. More importantly, the CH will respond to this request only when the receiver has sufficient resources (q m ł 0.7 and q e ø 0.5) to handle multiple loads, ensuring the subsequent operational capability of the CH. This in turn ensures the stability and sustainability of SLEB. Moreover, the symmetric encryption method adopted in this mechanism has the advantages of less computation, faster encryption, and decryption speed, and its efficiency is more than 1000 times of asymmetric encryption, which greatly improves the processing speed of packets and the response time of nodes, consequently saves the energy of nodes, and prolongs the lifetime of nodes. In summary, this mechanism not only ensures the security and efficiency of load balancing but also ensures that CH with less load and more residual energy can actively share its load and energy.

Forward secrecy
By following the standard symmetric key encryption algorithm, the initial identity of CH is verified. Since authentication occurs only once at the beginning of CH's initialization, CH identical key is used to verify the CH's authentication of the receiver. However, if an intruder acquires the key for authentication, it will not be useful after the initial authentication. After the deployment of CH is completed, fresh and real-time symmetric key pairs will be generated among different neighbors, so that the information of CH in load and energy balance can be securely encrypted.

Formal security verification
The Scyther simulation environment can verify the security of the protocol. The authors write simple code with the security protocol description language (SPDL) of Scyther to test the proposed security scheme (SLEB). Two roles are defined: CH-i and CH-j, and CH-i initiates authentication and sends data to CH-j. The authentication process starts with sending a packet from CH-i to CH-j. Next, CH-j responds to the load information and residual energy sent by CH-i. Because of the existence of malicious attackers for authentication in this authentication scenario, a malicious attack packet is sent to CH-j in an attempt to start the load and energy balancing process. The scenario runs 200 times and checks every 10 times to verify any possible attack on identity authenticity.
For this particular test scenario, the authors ignore all kinds of non-authentication attacks that may be included in the attack model and focus only on the authentication attacks of CH nodes. It is assumed that the attacker can observe and replicate the communication between CH and try to achieve load and energy balance between CH. The solution proposed by the authors is to use the trusted modules mentioned above (such as the TPM of CH) to store sensitive information, including updating the key process and key.
The authors run 200 iteration experiments in the Scyther environment, and check them every 10 times. Throughout the runtime, tests found that SLEB did not cause any successful authentication attacks. Figure 3 shows SLEB verification result page in Scyther environment, demonstrating that the proposed security solution SLEB has the ability to withstand authentication attacks.

Performance simulation
The purpose of the experiments was to evaluate the performance of the SLEB compared to the other protocols or technology such as S-LEACH, MS-LEACH, and SS-LEACH. 24 To simplify the simulation experiment, we generated random nodes and defined some of them as malicious nodes. In the following sections, we measured the packet forwarding ratio, protocol overhead, and network lifetime by malicious attacks during data forwarding for CHs in WSNs, 23 and for different scenarios, we then show the following simulation results.

Simulation metrics
In order to evaluate the performance of security load and energy balance mechanism in the presence of malicious nodes that affect network performance, we simu-  Tables 2 and 3.

Packet forwarding ratios
In this scenario, for every test case, we increased some malicious CHs into the WSN. In Figure 4, there are some malicious CHs from 3 to 30 presented in the WSN, and we show the packet forwarding rates of MS-LEACH, S-LEACH, and SS-LEACH protocols. From the figure, all the time the SLEB achieves better packet forwarding ratio than the other schemes MS-LEACH, S-LEACH, and SS-LEACH protocols. This is because in SLEB, malicious CHs cannot join into the network through authentication, the identity of all malicious nodes cannot be verified, and sending data packets will be ignored by normal CH. Therefore, the packet forwarding rate of SLEB is higher than that of other protocols.
With the increase in the number of malicious nodes, the packet forwarding rate of the four protocols decreases, because malicious nodes may carry out   various destructive activities. Instability of the packet forwarding ratio for S-LEACH, MS-LEACH, and SS-LEACH protocols is due to the instability of the environment including malicious nodes. Especially, the packet forwarding ratio for S-LEACH protocol descends obviously. That malicious CHs may occupy a key position in data transmission because some malicious CHs are randomly selected. In SLEB, malicious CHs cannot pass authentication and decrypt data packets due to security authentication and deployment mechanisms. In addition, SLEB will spend a certain amount of time establishing connections and possibly processing packets sent by malicious nodes, and the packet forwarding rate of SLEB will decrease slightly.

Protocol overhead
The overhead of SLEB is a key parameter to prove whether SLEB is lightweight. We have performed the experiments to measure the overhead of SLEB. Figure  5 plots the average number of packets exchanged during neighbor discovery phase as a function of the number of malicious CHs in WSNs. For a given number of nodes, 10 different network topologies are generated at random, and WSNs of each topology placed 6% of malicious nodes. The average number shown by asterisks in Figure 5 is the average number of packets exchanged over these 10 different network topologies. We compare SLEB with S-LEACH, MS-LEACH, and SS-LEACH protocols in Figure 5. It is clear that SLEB sends more packets than S-LEACH, MS-LEACH, and SS-LEACH protocols, and the difference increases with increasing numbers of nodes in the network. The overhead for the SLEB goes up smoothly and increases from 13% to 20% while LEACH and S-LEACH protocols increase from 14% to 28%. In SLEB, when deployment is complete, most broadcasting of control packages is done only in load balancing. When malicious nodes are detected, CH does not need any additional overhead and ignores the message directly. In LEACH and S-LEACH protocols, when a misconduct is found, a third party is needed to deal with it, which consumes communication overhead. To do this, the CH simply sends the same interest with a monotonically increasing timestamp attribute. This is necessary because interests are not reliably transmitted throughout the network. The refresh rate is a protocol design parameter that trades off overhead for increased robustness to lost interests. Further flooding is needed to find new path. This difference is attributed to the overhead involved in dealing with security and intrusion detection issues.

Network lifetime
One of the most important performance parameters in WSN is the network lifetime. In Figure 6(a), compared with S-LEACH, the network lifetime of SLEB increases by more than 25%, and is much longer than that of SS-LEACH and MS-LEACH. Although the rules for enforcing specific paths are different, S-LEACH, SS-LEACH, and MS-LEACH always use the same path for all communications between the same source and BS. The direct consequence is that the nodes on this particular path may quickly run out of energy, and SLEB will choose the neighbors who have the ability to share the load and balance according to their own and neighbor's energy situation, and have a dynamic array of neighbor energy, which can avoid the rapid energy exhaustion of a single node. Figure 6(b) shows a simulation of the network lifetime in WSN when there are 6% malicious nodes in the  network. As can be seen from the graph, the network lifetime of S-LEACH, SS-LEACH, and MS-LEACH decreased significantly, while that of SLEB decreased slightly. The lifetime of SLEB was 37% longer than that of S-LEACH, SS-LEACH, and MS-LEACH. The authors analyze that when CH detects malicious, S-LEACH, SS-LEACH, and MS-LEACH protocols must choose a new path, and the communication load propagates between a small number of available paths. However, SLEB can reject malicious CH and resist its attack. Furthermore, according to Algorithm 2, the result of load balancing is the routing transfer of multipath shared packets.

Conclusion
Because of the limited resources of WSNs, network security and network life cycle are very important. In this article, a secure load balancing scheme for clustered WSNs is proposed, which combines load balancing and security verification effectively, and achieves CH authentication while balancing CHs load. SLEB also considers the real-time load and energy on each destination CHs to achieve dynamic balance. The SLEB we proposed is completely different from the well-known LEACH and S-LEACH protocols and other routing protocols that contain security. SLEB not only implements the identity authentication of CH and the confidentiality and integrity of all messages but also implements the identity authentication and packet encryption between any two CHs in data load balancing. SLED reduces the load of CHs while authenticating CHs. It not only effectively maintains the energy balance of the whole network and prolongs the network lifetime but also successfully improves the security mechanism, guarantees the real-time security, and low overhead. The proposed load balancing solution has been theoretically analyzed and experimentally evaluated and simulated from multiple perspectives. Based on the results of performance evaluation and comparison, we can conclude that the proposed solution is safe, dynamic, stable, and sustainable. The simulation results show that the performance evaluation of SLEB is better than that of S-LEACH, SS-LEACH, and MS-LEACH in the presence of malicious nodes. Our protocol surpasses S-LEACH, SS-LEACH, and MS-LEACH in terms of packet forwarding rate, protocol overhead, network lifetime, and nodes attacked during data forwarding. However, we still have a lot of research works to continue to explore. For the data fusion mechanism of WSNs, we can refine the characteristics of data and achieve load balancing more efficiently. For the security mechanism of WSNs, we can refine the specific attack behavior of malicious nodes, so as to better. Load balancing combines with security. In addition, according to the characteristics of wireless sensor, the integrated test platform of data and security is also worth studying.

Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding
The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the National Natural Science Foundation of China under grant no. 61562073, the