In digital communication, Hamming codes are used to detect and correct the errors; as a result, all the communication systems are aware of these codes. WSNs are autonomous and require less energy consumption, and such codes can be used to secure WSN system without any additional infrastructure. In the presented approach, initial security bits (users define) are used and a set of additional security check bits is appended to it for generating the security codeword. Depending on the security codeword length “*n*” and a number of initial security bits “*k*,” Hamming codes (*n*, *k*) (such as (6, 3) and (7, 4) codes) can be used or many more. The security codeword “*W*” is obtained by appending *n − k* security check bits “*SC*” to the initial security bits “*S*” (refer to Eq. 1)

$$ W={W}_1..{W}_2..{W}_3\dots {W}_n={S}_1..{S}_2..{S}_3\dots {S}_k{SC}_1..{SC}_2..{SC}_3\dots {SC}_p $$

(1)

where *p* = *n − k*

“*S*_{i}” is *i*th bit of “*S*,” *i* = 1, 2, 3…. *k*

“*SC*_{j}” is *j*th bit of “*SC*,” *j* = 1, 2, 3… *p*

“*W*_{m}” is *m*th bit of “*W*,” *m =* 1, 2, 3... *n*

If the number of initial security bits is *k*, then the possible initial security bits matrix block “S_{B}” is represented as

$$ {\mathrm{S}}_{\mathrm{B}}=\left(\begin{array}{c}{\mathrm{S}}_{11}\kern1em {\mathrm{S}}_{12}\cdot \cdots {\mathrm{S}}_{1k}\\ {}{\mathrm{S}}_{21}\kern1em {\mathrm{S}}_{22}\cdot \cdots {\mathrm{S}}_{2k}\\ {}\dots \dots \dots \dots \dots \dots \dots \\ {}{\mathrm{S}}_{q1}\kern1em {\mathrm{S}}_{q2}\cdot \cdots {\mathrm{S}}_{qk}\end{array}\right) $$

(2)

where S_{ab} represents the element of *a*th row and *b*th column, *q* = 2^{k} = total number of rows, and *k* = total number of columns in S_{B}.

In this approach, (7, 4) Hamming code is used to generate the security codeword “*W*.” However, one can select the Hamming code according to the desired initial security bits and security codeword length. Here, initial security bits are 4 and the possible initial security bits matrix block is (i.e., 0–15 represented in binary bits)

$$ {\mathrm{S}}_{\mathrm{B}}=\left(\begin{array}{c}0\kern0.5em 0\kern0.5em 0\kern0.5em 0\\ {}0\kern0.5em 0\;0\kern0.5em 1\\ {}0\kern0.5em 0\;1\kern0.5em 0\\ {}\begin{array}{l}..\dots \dots \\ {}1\kern0.5em 1\kern0.5em 11\end{array}\end{array}\right) $$

(3)

Here, in the presented approach, the initial security bits at source node are 0 0 0 0 (i.e., hop 0), so at hop 1, security bits are 0 0 0 1 so on till hop 15 as the proposed approach is designed up to 15 hops only. Thus, simply one can say that the initial security bits are binary equivalent of hop number.

$$ \mathrm{Initial}\ \mathrm{Security}\ \mathrm{bits}=\mathrm{hop}\ \mathrm{number}\ \left(\mathrm{represented}\ \mathrm{in}\ \mathrm{a}\ \mathrm{binary}\ \mathrm{system}\right) $$

After obtaining the initial security bits, the security check bits are added to them. These check bits are generated by multiplying and performing modulo 2 additions of the initial security bits with the security matrix as represented in Eq. 4

$$ SC=S\times {SP}_m $$

(4)

where *SP*_{m} is (*k* × *p*) security matrix represented as

$$ {SP}_m=\left(\begin{array}{c}{l}_{11}\kern1em {l}_{12}\kern0.5em \cdot \cdots {l}_{1p}\\ {}{l}_{21}\kern1em {l}_{22}\cdot \cdots {l}_{2p}\\ {}\dots \dots \dots \dots \dots \dots \\ {}{L}_{k1}\kern1em {l}_{k2}\cdot \cdots {k}_{kp}\end{array}\right) $$

(5)

where “*l*_{rf}” represents the element of *r*th row and *f*th column.

The security matrix is the parity matrix of (7, 4) Hamming code which is obtained either from its parity check matrix or from its generator matrix. These two matrices are already defined for the Hamming codes. In the presented model, the *SP*_{m} is common to all the source nodes in the network and is defined as

$$ {SP}_m=\left(\begin{array}{c}1\kern0.62em 1\kern1em 0\\ {}0\kern1em 1\kern1em 1\\ {}1\kern1em 1\kern0.62em 1\\ {}1\kern1em 0\kern1em 1\end{array}\right) $$

For example, at source node, the initial security bits are (0 0 0 0); hence, the security check bits are

$$ {SC}_{h0}={S}_{h0}\times {SP}_m=\left[0\kern1em 0\kern0.62em 0\kern0.62em 0\right]\times \left(\begin{array}{c}1\kern1em 1\kern1em 0\\ {}0\kern1em 1\kern0.24em 1\\ {}1\kern0.24em 1\kern0.24em 1\\ {}1\kern0.24em 0\kern0.24em 1\end{array}\right)=\left(0\kern0.62em 0\kern0.24em 0\right) $$

where SC_{hr} are the check bits at *r*th hop

*S*_{hr} are the security bits at *r*th hop, *r* = 0, 1, 2, 3 ….

Hence, the security codeword at the source node is obtained by appending SC_{ℎ0} to the security bits of the source node and can be represented as

$$ {W}_{h0}={S}_1\kern0.5em {S}_2\kern0.5em {S}_3\kern0.5em {S}_4\kern0.5em {C}_1\kern0.5em {C}_2\kern0.5em {S}_3=0\kern0.5em 0\kern0.5em 0\;0\kern0.5em 0\kern0.5em 0\kern0.5em 0 $$

where W_{ℎr} is the security codeword at hop *r*, *r* = 0, 1, 2,….

After evaluating the security codeword, the quadratic residue is used to provide additional security as only Hamming codes may not be efficient to provide the desired security to WSNs. Quadratic residues are user-defined, secure, easy to implement, and are readily available. In this approach, the residue of 7 is considered, as the length of security codeword obtained is 7 and covers maximum bits in the security codeword to enhance the security. Residues of 7 are 1, 2, and 4; here, in the presented approach, these bit positions (i.e., 1, 2, and 4) are complemented in the codeword. So, the generated final security codeword can be represented as

$$ {R}_{w0}=1\kern1em 1\kern0.24em 0\kern0.62em 1\kern0.62em 0\kern0.62em 0\kern0.24em 0 $$

where “*R*_{w0}” is the final security codeword (after complementing residue positions in Wℎ0) at the *r*th hop. Apart from synchronization of the final security codeword, the packet delivery ratio (PDR) (see Eq. 6) of the nodes is continuously being monitored. If PDR value is acceptable, only then that the data is transferred, and if it is beyond the acceptable limit, data is not passed further. In similar fashion, this process continues until the destination node.

$$ \mathrm{PDR}=\mathrm{No}.\mathrm{of}\ \mathrm{R}.\mathrm{P}/\mathrm{No}.\mathrm{of}\ \mathrm{T}.\mathrm{P} $$

(6)

where R.P is the received packets and T.P is the transmitted packets

### Node matching process

Figure 1 depicts a multi-hop network in which the source node communicates with the destination node through intermediate nodes. The source node sends *R*_{w0} to all its neighboring nodes which are one hop away from the source node. The required operation at various hops is discussed in Sections 4.1.1 and 4.1.2.

#### At hop 1

The initial security bits are 0 0 0 1; the security check bits are generated by multiplying these bits with 푆푃푚

$$ {C}_{h1}{\displaystyle \begin{array}{c}={S}_{h1}\times {SP}_m\\ {}=\left(1\kern1.12em 0\kern1.5em 1\right)\end{array}} $$

And the codeword at hop 1 can be evaluated as below

$$ {W}_{h1}=0\kern1em 0\kern0.62em 0\kern0.24em 1\kern0.62em 1\kern0.5em 0\kern0.24em 1 $$

Complementing the residue (of 7) positions (i.e., first, second, and fourth positions) in *W*ℎ1, the final security codeword at hop 1 is represented as

$$ {R}_{w1}=1\kern1em 1\kern1em 0\kern1em 0\kern1em 1\kern1em 0\kern1em 1 $$

If the neighboring node sends *Rw*1 as an acknowledgement to the source node and its PDR value is acceptable, then the source node will transfer the original data to that neighboring node. The acknowledgement should not exceed the provided time to live (TTL). Now, this neighboring node becomes the source node for other nodes in the network and transmits *Rw*1 to its neighboring nodes.

#### At hop 2

The security bits are 0 0 1 0, and the check bits are

$$ {\displaystyle \begin{array}{l}{C}_{h2}={S}_{h2}\times {SP}_m\\ {}\kern2.5em =\left(1\kern1em 1\kern0.62em 1\right)\end{array}} $$

$$ {W}_{h2}=0\kern1em 0\kern0.62em 1\kern0.62em 0\kern1em 1\kern1em 1\kern1em 1 $$

Complementing the residue positions in *W*ℎ2, the final security codeword at hop 2 can be calculated as

$$ {R}_{w2}=1\kern0.5em 1\kern0.5em 1\kern0.5em 1\kern0.5em 1\;1\;1 $$

If the source node is acknowledged with *Rw*2, then it will pass the data to the node from which it has received the acknowledgement. If not, the node is considered to be a rival node and the data is not transmitted to that node. This process is continued till the information or data is received by the destination node. This process can be easily understood by using protocol diagram (see Fig. 2). As the security codeword is changed at every hop and becomes very difficult to the rival nodes to mislead the active node in the network, so the presented approach not only improves the authentication of the active node but also gives more confidentiality to end nodes by designing multiple codewords in the network. From Fig. 2, it is observed that the data is transferred to intermediate node 1 (IN1) from the source node as it gives the positive acknowledgment (+ACK), i.e., 푅푤1, to the source node. Once the data is received by IN1, it acts as the source node for its neighboring nodes and transmits 푅푤1 to them. The data is not transferred to intermediate node 2 (IN 2) as it gives negative acknowledgement (−ACK) to IN1, hence considered to be a rival node.