A Range Query Method with Data Fusion in Two-Layer Wire-Less Sensor Networks

Abstract

Wireless sensor networks play a crucial role in IoT applications. Traditional range query methods have limitations in multi-sensor data fusion and energy efficiency. This paper proposes a new range query method for two-layer wireless sensor networks. The method supports data fusion operations directly on storage nodes. Communication costs between sink nodes and storage nodes are significantly reduced. Reverse Z-O coding optimizes the encoding process by focusing only on the most valuable data. This approach shortens both encoding time and length. Data security is ensured using the Paillier homomorphic encryption algorithm. A comparison chain for the most valuable data is generated using Reverse Z-O coding and HMAC. Storage nodes can perform multi-sensor data fusion under encryption. Experiments were conducted on Raspberry Pi 2B+ and NVIDIA TX2 platforms. Performance was evaluated in terms of fusion efficiency, query dimensions, and data volume. The results demonstrate secure and efficient multi-sensor data fusion with lower energy consumption. The method outperforms existing approaches in reducing communication and computational costs.

1. Introduction

Wireless sensor networks (WSNs) have become indispensable for applications ranging from environmental monitoring to industrial automation [1,2,3]. Among various architectures, two-layer WSNs [4] offer unique advantages in scalability and deployment simplicity, making them ideal for large-scale data collection. However, the growing complexity of IoT systems demands advanced range query methods capable of secure multi-sensor data fusion—a critical capability lacking in current solutions.

In two-layer WSNs, sensor nodes generate vast amounts of sensitive data (e.g., temperature, humidity, or motion metrics). Efficiently querying this data while preserving privacy poses three fundamental challenges: (1) Privacy Risks: Traditional methods expose raw data during fusion, risking eavesdropping or inference attacks [5,6,7]. (2) Energy Constraints: Cryptographic operations (e.g., homomorphic encryption) drain limited battery resources [8,9]. (3) Functionality Gaps: Existing techniques support only basic equality checks, failing to enable complex analytical queries on encrypted data [10,11,12,13,14].

Current approaches—classified into three categories—fall short in addressing these challenges: (1) Encryption-based methods (e.g., [15,16,17,18]) either support homomorphic fusion or range queries, but not both, incurring bandwidth overhead. (2) Bucket-based techniques [19,20,21] reduce communication costs but lack secure fusion capabilities, requiring iterative decryption–aggregation cycles. (3) Lightweight schemes (e.g., [10]) optimize energy use but compromise security, with ≤ four-dimensional query support and vulnerability to tampering [22,23,24].

To bridge these gaps, we propose a privacy-preserving range query method with built-in fusion for two-layer WSNs, combining the following: (1) Hybrid Paillier–ZO Architecture: Uniquely integrates Paillier homomorphic encryption (for additive fusion) with reverse Z-O encoding (for order-preserving comparisons). This eliminates iterative decryption, reducing energy use by 38% versus BGN-based schemes; (2) Energy-Optimized Encoding: Focuses on critical data values, cutting encoding length by 25% and latency to 28 ms on Raspberry Pi 2B+; and (3) HMAC Authentication Chain: Lightweight tamper-proofing detects > 99% attacks without signature overhead, achieving 92% query success under packet loss.

Our method is the first to simultaneously achieve (1) security: end-to-end encrypted fusion via Paillier, with HMAC-verified range queries; (2) efficiency: 35–40% lower energy use and support for 8D queries; (3) deployability: <15 KB memory footprint and dynamic key scaling, validated on NVIDIA Jetson TX2.

These advances resolve the longstanding trade-off between security and efficiency in WSNs, enabling real-world adoption for privacy-sensitive applications like healthcare and smart infrastructure.

2. Related Work

Existing range query methods primarily focus on privacy preservation and energy efficiency but lack support for secure data fusion. Below, we summarize key prior works and their limitations: (1) Nguyen et al. [16] proposed PDPRQ, an order-preserving encryption-based method that enables ciphertext comparisons. However, it relies on a d-disjunct matrix and transposition functions, which introduce high computational overhead. (2) Dai et al. [17] introduced EPRQ, a 0–1 encoding-based approach for privacy-preserving range queries. While efficient, it does not support multi-sensor data fusion. (3) Dong et al. [18] developed SEMR, a multidimensional query method using eigenvalue matrices. Though scalable, it requires extensive pre-processing, increasing latency. (4) Sheng et al. [19] and Shi et al. [20] proposed bucket-based range query methods using symmetric encryption. These approaches reduce communication costs but lack homomorphic properties, preventing secure in-network fusion. (5) SafeQ [7,21] introduced a ciphertext-comparison mechanism with prefix membership verification. While privacy-preserving, it does not optimize for energy efficiency. (6) Dai et al. [10] presented CSRQ, leveraging 0–1 coding and encryption constraints. However, it imposes high storage overhead due to comparison chains. (7) Hu et al. [22] proposed a compressed HMAC-based method with reverse 0–1 coding, improving efficiency but still lacking fusion capabilities.

A common limitation across these works is their inability to perform secure, energy-efficient data fusion while supporting complex queries. Our method bridges this gap by combining Paillier encryption, optimized reverse Z-O encoding, and HMAC authentication, enabling privacy-preserving fusion at storage nodes with lower energy consumption.

Table 1. Comparative analysis of range query methods in WSNs.

Method	Encryption Type	Data Fusion Support	Query Dimensions	Computational Complexity	Energy Efficiency	Storage Overhead
PDPRQ [16]	Order-preserving	✗	1D	O(n2)	Low	Medium
EPRQ [17]	0–1 encoding	✗	2D	O(n)	High	Low
SEMR [18]	Eigenvalue matrices	✗	3D+	O(k3)	Medium	High
Sheng/Shi [19,20]	Symmetric	✗	2D	O(1)	Medium	Low
SafeQ [7,21]	Prefix verification	✗	1D	O(log n)	Low	Medium
CSRQ [10]	0–1 + constraints	✗	4D	O(n)	Medium	High
Hu et al. [22]	Compressed HMAC	✗	1D	O(1)	High	Low
Our Method	Paillier + Z-O	✓	8D	O(n)	High	Low

contrasts seven state-of-the-art methods against our proposed solution across six critical metrics:

3. System Model and Problem Elaboration

This section formally characterizes the operational paradigm of our two-tiered wireless sensor network architecture. As illustrated in Figure 1, the system comprises three functionally specialized components: (1) perception nodes that collect raw sensor data through heterogeneous sensing modules, (2) storage nodes that perform encrypted data fusion and range query processing, and (3) sink nodes that coordinate secure query dissemination and result verification. The architecture fundamentally diverges from conventional clustered WSNs by decoupling data acquisition, computation, and control planes—a design choice that yields 40–60% energy savings compared to cluster-head-based approaches [4,15].

3.1. Network Model

To ensure reviewers can easily understand the proposed method, the system architecture and behavior are presented through a well-defined model and visual aids. The two-layer wireless sensor network model, illustrated in Figure 1, fundamentally differs from conventional clustered WSN architectures through its decoupled design that separates data collection, storage, and processing into dedicated tiers. This architecture eliminates the dual-role burden found in clustered designs, where resource-constrained nodes must serve as both data aggregators and relays. Instead, it introduces specialized components: perception nodes equipped with low-power MCUs and heterogeneous sensors (e.g., temperature, humidity, and gas detectors) focus exclusively on data acquisition; storage nodes with persistent storage and advanced computing capabilities handle all fusion and query operations; and sink nodes specialize in query initiation and validation rather than network coordination.

Figure 1 clearly depicts this tiered structure and component relationships. The architecture′s separation of responsibilities yields significant advantages—reducing energy consumption by 40–60% compared to clustered WSNs where cluster heads must perform local fusion before transmission. Furthermore, the dedicated storage tier enables parallel processing that overcomes scalability limitations inherent in clustered systems, particularly the bottlenecks during cross-cluster queries. By consolidating fusion and storage at this specialized tier, the system efficiently handles complex analytical operations that traditional clustered WSNs cannot support due to their focus on simple data forwarding rather than in-network computation.

While Figure 1 illustrates the physical topology and component distribution of our two-layer WSN, it inherently lacks the expressiveness to capture three critical behavioral dimensions: (1) the cryptographic workflows enabling privacy-preserving operations, (2) the energy-optimized communication protocols between tiers, and (3) the threat mitigation mechanisms active during data fusion. To bridge this representational gap, we present a comprehensive system model that formalizes the interplay of security, efficiency, and functionality. The architecture operates through four interlocked phases: (i) Perception Layer Obfuscation, where sensor nodes apply Paillier encryption with dynamic key scaling (Section 4.1) to raw measurements before transmission; (ii) Storage Layer Computation, featuring our novel hybrid Z-O encoding that allows simultaneous range query evaluation and homomorphic aggregation (Section 4.2); (iii) Control Plane Verification, wherein sink nodes validate HMAC-authenticated query results while detecting data tampering (Section 4.3); and (iv) Adaptive Energy Management, which dynamically adjusts cryptographic parameters based on residual node energy (Section 6). This behavioral framework—visually abstracted in Figure 2—resolves the static limitations of Figure 1 by explicitly modeling the system’s security guarantees (Lemma 1), energy consumption profiles (Theorem 2), and privacy preservation bounds (Corollary 3).

The system behavior follows a well-orchestrated workflow: perception nodes continuously collect and transmit raw sensor data to storage nodes, which perform encrypted data fusion and range query processing. Sink nodes then verify and deliver query results to end users. This streamlined data flow, combined with the architectural separation of concerns, addresses key limitations of conventional approaches while maintaining compatibility with existing WSN deployment paradigms.

3.1.1. Range Query Model

The range query model consists of sink nodes and storage nodes. The data package of the query request contains the device number, query time period, sensor type, and sensor data range. The two-dimension sensor data query model is shown in Equation (1):

$$querry=\{ID,T,S_1,[{d1}_{low},{d1}_{high}],S_2,[{d2}_{low},{d2}_{high}\left]\right\}$$

(1)

Here, T is the time period to be queried, $T=\{T_{start},T_{end}\}$, $S_1$ is the sensor type 1 to be queried, and $[{d1}_{low},{d1}_{high}]$ is the range of value queries for the sensor type 1.

For example, if the query device 002 queries the temperature value from 20 °C to 30 °C from 10 November 2023 to 11 November 2023, the following command is used:

$$querry=\{“002”,“2023-11-\mathrm{10,2023}-11-11”,T,[\mathrm{20,30}\left]\right\}$$

3.1.2. Sensor Data Fusion Query Model

The sensor data fusion query model adds data fusion operation commands on the basis of the range query. The one-dimensional data fusion query can be formulated as

$$querry=\{ID,T,S1,[{d1}_{low},{d1}_{high}],cmd\}$$

Here, cmd is a command for the data fusion, commanding sql-based statements. Based on the query, the temperature is queried and obtained as follows:

$$\begin{gathered} querry=\{“002”,“2023-11-\mathrm{10,2023}-11-11”,temperature,\left[\mathrm{20,30}\right], \\ “select sum\left(temperature\right) as temp”\} \end{gathered}$$

3.2. Energy Consumption Model

The energy consumption model in this study focuses on the perception nodes within the two-layer wireless sensor network architecture, as these nodes represent the most energy-constrained elements that directly impact overall network lifetime. The total energy consumption ($E$) of a perception node is expressed in Equation (2) as the sum of computation energy ($E_{comp}$) and communication energy ($E_{comm}$). This formulation specifically examines the algorithm-dependent energy components that can be optimized through our proposed method, rather than including the fixed sensing energy costs that remain constant regardless of the query processing approach.

$$E=E_{comp}+E_{comm}$$

(2)

The exclusion of sensing operations from our energy model is based on several important considerations. First, the energy consumption of sensor hardware for data acquisition is determined by physical characteristics and environmental conditions that are independent of the subsequent data processing algorithms. For example, a temperature sensor will consume essentially the same amount of energy to collect a sample whether the data is later processed using our method or alternative approaches. Second, in typical wireless sensor network deployments, the communication and computation costs associated with data transmission and processing account for the vast majority of a node′s energy expenditure, often exceeding 80% of total consumption, while sensing operations generally represent a much smaller and relatively fixed portion of the energy budget.

This modeling approach aligns with established practices in wireless sensor network research, where the variable costs of data processing and transmission are the primary focus for optimization, while the fixed costs of sensing are typically considered separately. By concentrating on these algorithm-dependent energy components, we can more effectively evaluate and compare the efficiency improvements offered by our proposed range query method with data fusion capabilities. The experimental results presented in Section 5 demonstrate that our approach achieves significant energy savings precisely in these areas that are most amenable to optimization through algorithmic improvements.

3.3. Problem Elaboration

In two-layer wireless sensor networks, storage nodes face significant security vulnerabilities as they aggregate and process large volumes of sensitive data from perception nodes. This centralized architecture makes them prime targets for various cyber attacks, including data interception, false data injection, and privacy breaches. Considering the actual status of the storage node and combining the literature [,9], the unreliable model of the storage node is proposed. It is assumed that the storage node is an unreliable node in line with the honest-but-curious threat model [23] in the two-layer wireless sensor network proposed in this paper.

In the process of the sink node query and data fusion, if the perceptual data is not protected effectively and the storage node is attacked, the attacker can acquire the perceptual data easily. Therefore, it is necessary to take protective measures to guarantee the privacy security of the perceptual data and data fusion. In such cases, if the data fusion range query method with privacy protection function is realized, it must ensure that the query processing process will satisfy the following:

(1)

Core Challenges. WSNs face inherent security vulnerabilities due to their distributed architecture and resource constraints, particularly during data aggregation and query processing.

(2)

Threat Model. Three primary threats are considered: (1) transmission eavesdropping, (2) inference attacks by compromised storage nodes, and (3) malicious query injection and data tampering.

(3)

Privacy Risks. Unencrypted perceptual data remains vulnerable to leakage during fusion, while query patterns may expose sensitive information.

(4)

Design Requirements. The solution must guarantee (1) plaintext accessible only to authorized nodes, (2) ciphertext-only processing at storage nodes, and (3) authenticated query results.

(5)

Homomorphic Encryption Necessity. Paillier′s additive homomorphism enables direct computation on encrypted data, fulfilling privacy-preserving requirements.

To enable secure data fusion while accommodating the computational and storage constraints of sink nodes, our design performs encrypted data aggregation at the storage node level. This architecture requires the perceptual data encryption scheme to support homomorphic operations, allowing meaningful computations to be performed directly on ciphertexts.

3.4. Computational Complexity

The proposed algorithm carefully balances security and efficiency for resource-constrained sensor nodes. The Paillier encryption introduces moderate computational overhead (O(k³) for k-bit keys), but this is mitigated through several optimizations. The reverse Z-O encoding operates in linear time (O(n)), while the HMAC verification adds minimal processing load. By offloading data fusion to storage nodes, we reduce the computation burden on sensor nodes.

Memory usage is optimized through fixed-length encoding outputs and pre-distributed keys, keeping RAM usage below 15 KB. Experimental results show the complete processing takes under 30 ms per reading, with encryption accounting for less than 10% of total node energy consumption. This makes the approach practical for real-world deployment while maintaining strong security guarantees.

The trade-off between security strength and resource usage is carefully managed, as demonstrated in Section 5′s performance evaluation. The algorithm′s lightweight design ensures it can run efficiently on typical sensor hardware without compromising functionality.

4. Security Range Query Method with Data Fusion Function

The proposed method operates through a streamlined four-phase protocol that enables secure and efficient range queries with data fusion in two-layer WSNs: (1) Secure Data Upload, where perception nodes encrypt sensor readings using optimized Paillier scheme and generate authenticated reverse Z-O codes for extreme values; (2) Query Initialization, where sink nodes formulate HMAC-signed range queries with fusion commands; (3) Encrypted Processing, where storage nodes perform both range matching (via Z-O code comparison) and homomorphic fusion operations directly on ciphertexts; and (4) result verification, ensuring end-to-end integrity through HMAC validation. This workflow uniquely integrates Paillier homomorphism for encrypted fusion, reverse Z-O encoding for efficient range queries, and lightweight HMAC for tamper-proofing—achieving simultaneous security, functionality, and energy efficiency, as demonstrated in Section 5.

Unlike the existing range query methods, an encryption model based on the Paillier algorithm is proposed in this paper so as to ensure the homomorphism and privacy security of sensor data in the ciphertext operation. This model consists of two parts. Part 1 is used to encrypt the sensor data, while Part 2 is used to encrypt the maximum value comparison chain of the sensor data in order to realize the range query matching mechanism for a reliable storage node.

4.1. Paillier Encryption Model

Paillier is a probabilistic public key encryption algorithm, which is based on the difficult problem of composite remaining type and a homomorphic encryption algorithm that satisfies the addition.

4.1.1. Key Generation

(1)

Randomly select two independent large prime numbers $p,q$, where the length of $p$ and $q$ is the same, i.e., it satisfies Equation (3):

$$gcd(pq,(p-1\left)\right(q-1\left)\right)=1$$

(3)

Here, the function $\mathrm{g}\mathrm{c}\mathrm{d}(\mathrm{x},\mathrm{y})$ is used to solve the highest common factor of $\mathrm{x},\mathrm{y}$.

(2)

Calculate $n=pq$, $\lambda =lcm(p-1)(q-1)$.

(3)

Randomly select an integer $g,g\in {\mathbb{z}}_{n^2}^{*}$

(4)

$\mu ={\left(\phi \right(g^{\lambda }) mod n^2)}^{-1}$, $\phi$ is here defined as $\phi (\mathcal{x})={\displaystyle \frac{\mathcal{x}-1}{n}}$.

(5)

After the calculation, the public key is obtained: $(n,g)$; the private key is$(\lambda ,\mu )$.

4.1.2. Data Encryption

(1)

Set the acquired sensor data to be $m$, herein $0\le m\le n$.

(2)

Randomly select an integer $r, 0\le r\le n,r\in {\mathbb{Z}}_{n^2}^{*}$, which is the prime number with $n$, namely $gcd(r,n)=1$.

(3)

The calculated ciphertext is shown in Equation (4):

$$c={\rm E}(m,r)=g^{m }·r^n mod{ n}^2$$

(4)

4.1.3. Data Decryption

Assuming that $\mathrm{c}$ is the ciphertext to be decrypted, where $\mathrm{c}\in {\mathbb{z}}_{{\mathrm{n}}^2}^{*}$, the calculation plaintext is shown in Equation (5):

$$m=D\left(c\right)=L(c^{\lambda } mod n^2)·\mu mod n$$

(5)

4.1.4. Homomorphic Calculation

(1)

Homomorphic addition

The sum of the two perceptual data plaintexts corresponds to the product of the two perceptual data ciphertexts, namely, Equation (6) is true:

$$m_1+m_{2}mod n=D\left(E\right(m_1,r_1)·E(m_2,r_2) mod n^2)$$

(6)

(2)

Homomorphic multiplication

The product of the two perceptual data plaintexts corresponds to the power of the plaintexts of the perceptual data ciphertexts, namely, Equations (7) and (8) are true:

$$D({E(m_1,r_1)}^{m_2}mod n^2)=m_1{m}_{2}mod n$$

(7)

$$D({E(m_2,r_2)}^{m_1}mod n^2)=m_1{m}_{2}mod n$$

(8)

4.2. Optimized Comparison Model Using Reverse Z-O Encoding

Based on the literature [24], a numerical comparative encryption model of reverse Z-O coding is proposed in this paper. The reverse Z-O coding still has isotonicity after ciphertext encryption, and the coding method effectively reduces the calculation energy consumption of perceptual nodes without the numerical comparison calculation.

4.2.1. Reverse Z-O Encoding

Now, it is assumed that there is a binary sequence of length $\mathrm{B}$, namely:

$$B=\{b_{n-1},b_{n-2},\dots b_1,b_0\}$$

where ${\mathrm{b}}_{\mathrm{n}-1}$ is the highest bit of value $\mathrm{B}$, and ${\mathrm{b}}_0$ is the lowest bit of value $\mathrm{B}$.

The reverse 1 encoding of the binary sequence is shown in Equation (9):

$$Z\left(B\right)=\{b_{n-1},b_{n-2},\dots ,b_{i-1},1|b_i=0\bigwedge 1\le i\le n\}$$

(9)

The reverse 0 encoding of the binary sequence is shown in Equation (10):

$$O\left(B\right)=\{b_{n-1},b_{n-2},\dots {,b}_i|b_i=1\bigwedge 1\le i\le n\}$$

(10)

Nature 1: For the value $\mathsf{\xi }$ and value $\mathsf{\nu }$ with the same binary length when $\mathrm{O}\left(\mathsf{\xi }\right)$ and $\mathrm{Z}\left(\mathsf{\nu }\right)$ are disjointed, $\mathsf{\xi }$>$\mathsf{\nu }$ is true, namely, Equation (11) is true;

$$\xi >\nu ⟺O\left(\xi \right)\cap Z\left(\nu \right)\ne \mathbf{\varnothing }$$

(11)

Nature 2: For the value $\mathsf{\xi }$ and value $\mathsf{\nu }$ with the same binary length, when there is a non-empty intersection between $\mathrm{O}\left(\mathsf{\xi }\right)$ and $\mathrm{Z}\left(\mathsf{\nu }\right)$, $\mathsf{\xi }\le \mathsf{\nu }$ is true, namely, Equation (12) is true;

$$\xi \le \nu ⟺O\left(\xi \right)\cap Z\left(\nu \right)=\mathbf{\varnothing }$$

(12)

Nature 3: For the value $\mathsf{\xi }$ and value $\mathsf{\nu }$ with the same binary length, when $\mathrm{O}\left(\mathsf{\xi }\right)$ is the same as $\mathrm{O}\left(\mathsf{\nu }\right)$, or $\mathrm{Z}\left(\mathsf{\xi }\right)$ is the same as $\mathrm{Z}\left(\mathsf{\nu }\right),\mathsf{\xi }$=$\mathsf{\nu }$ is true, namely, Equations (13) and (14) are true:

$$\xi =\nu ⟺O\left(\xi \right)=O\left(\nu \right)$$

(13)

$$\xi =\nu ⟺Z\left(\xi \right)=Z\left(\nu \right)$$

(14)

From Natures 1–3, we can see that the problem of comparing the value $\mathsf{\xi }$ with value $\mathsf{\nu }$ can be converted into finding the intersection of the inverse Z-O encoding of the value $\mathsf{\xi }$ and the value $\mathsf{\nu }$.

4.2.2. HMAC Algorithm

HMAC is the key-related hash computation message authentication code. With the hash algorithm, the HMAC calculation takes a key and a message as input and generates a message authentication as output. The HMAC algorithm is a verification method based on the key insulation integrity and its security is based on the hash encryption algorithm. HMAC can be defined as shown in Equation (15):

$$HMAC\left(K,M\right)=H\left(\right(K_f\oplus opad\left)\right|H\left(\right(K_f\oplus ipad\left)\right|M\left)\right)$$

(15)

The symbols of Equation (15) and their definitions are shown in

Table 2. HMAC algorithm symbols and definitions.

Symbol	Definition
H	Hash function (such as MD5, SHA512, etc.)
M	The HMAC function needs to encrypt the message
K	Enter the key
$K_f$	The final key
L	Output string length
Opad	The external filling constant, t, is 0 × 5 C repeated L times
Ipad	The external filling constant is 0 × 5 C repeated L times

.

The steps of the HMAC calculation are as follows:

(1)

Fill 0 × 00 after the key K until its length is equal to L, and the final key $K_f$ is obtained;

(2)

The result of Step 1 is exclusive OR operation with $ipad$, namely, ${ K}_f\oplus ipad$;

(3)

The message to be encrypted is attached to the result of Step 2, namely $K_f\oplus ipad|msg$;

(4)

Apply the hash function corresponding to H, namely, ${H(K}_f\oplus ipad\left|msg\right)$;

(5)

The result of Step 1 and $ipad$ is differentiated or operated, namely, $K_f\oplus opad$;

(6)

The result of Step 4 is attached to that of Step 5, namely ${(K}_f\oplus opad\left)\right|H\left(\right(K_f\oplus ipad|msg$));

(7)

Apply the hash function corresponding to H, namely, ${H\left(\right(K}_f\oplus opad\left)\right|H\left(\right(K_f\oplus \mathrm{i}pad|msg$)).

The calculation method of the HMAC algorithm determines the one-way and collision nature. With the one-way nature of HMAC, even if the attacker has the key K, the plaintext information cannot be restored in reverse.

4.3. Protocol Process

There are two main stages in the process of achieving privacy-protected range query and sensor data fusion.

4.3.1. Sensor Data Uploading Stage

Within the given time, the sensor node encrypts the sensor data by the Paillier algorithm. Compare the data obtained within this period numerically to obtain the maximum and the minimum. The maximum data is Z-O encoded in reverse; the encrypted sensor data and the maximum value processed by reverse Z-O encoding are uploaded to the storage node. After receiving the data, the storage node saves the data and the time stamp of the data to the database. The specific processing process is shown as below:

Now there is a group $\mathrm{G}$ containing perception nodes and one storage node:

$$G=(M,\left\{S_1,S_2,S_3,S_4,S_5,...,S_n\right\})$$

In the group, there is any sensor node ${\mathrm{S}}_{\mathrm{i}}$,$\mathrm{i}\in (1,\mathrm{n})$ and P two-dimensional sensor data:

$$\{t_1,t_2,t_3,t_4,t_5,\dots ,t_p\}$$

$$\{h_1,h_2,h_3,h_4,h_5,\dots ,h_p\}$$

(1)

We take one-dimensional sensor data as an example; firstly, we encrypt the data $\{t_1,t_2,t_3,t_4,t_5,...,t_p\}$ in Paillier and obtain:

$$\{P\left(t_1\right),P\left(t_2\right),P\left(t_3\right),P\left(t_4\right),P\left(t_5\right),\dots ,P(t_p\left)\right\}$$

(2)

Calculate the maximum and the minimum of the sensor data set $\{{\mathrm{t}}_1,{\mathrm{t}}_2,{\mathrm{t}}_3,{\mathrm{t}}_4,{\mathrm{t}}_5,\dots ,{\mathrm{t}}_{\mathrm{p}}\}$ and obtain $\{{\mathrm{t}}_{\mathrm{m}\mathrm{i}\mathrm{n}},{\mathrm{t}}_{\mathrm{m}\mathrm{a}\mathrm{x}}\}$, then encode $\{{\mathrm{t}}_{\mathrm{m}\mathrm{i}\mathrm{n}},{\mathrm{t}}_{\mathrm{m}\mathrm{a}\mathrm{x}}\}$ with reverse Z-O encoding and obtain reverse 0 encoding:

$${RZO}_0\left(t_{min}\right), {RZO}_0\left(t_{max}\right)$$

and the reverse 1 encoding:

$${RZO}_1\left(t_{min}\right), {RZO}_1\left(t_{max}\right)$$

In order to reduce the energy consumption of the data transmission of the sensing node and the capacity of upload data packets, the data encoding with the smallest length is selected to obtain the data encoding set:

$$\{MIN\left({RZO}_0\left(t_{max}\right),{RZO}_1\left(t_{max}\right)\right),MIN({RZO}_0\left(t_{min}\right),{RZO}_1\left(t_{min}\right)\left)\right\}$$

(3)

After obtaining the minimum data set with the reverse Z-O encoding, the digest processing is conducted on the HMAC-MD5 data message, which is to protect the maximum data from being cracked. After the digest processing, the data set is obtained:

$$\left\{HMAC\right(MIN\left({RZO}_0\right(t_{max}),{RZO}_1(t_{max}\left)\right)),HMAC\left(MIN\right({RZO}_0\left(t_{min}\right),{RZO}_1\left(t_{min}\right)\left)\right)\}$$

(4)

Combine the encrypted sensor data and the maximum value encoding of the sensor group to obtain Set D:

$$\left\{\right\{P\left(t_1\right),P\left(t_2\right),P\left(t_3\right),P\left(t_4\right),P\left(t_5\right),\dots ,P\left(t_p\right)\}$$

$$\left\{HMAC\right(MIN\left({RZO}_0\right(t_{max}),{RZO}_1(t_{max}\left)\right)),HMAC\left(MIN\right({RZO}_0\left(t_{min}\right),{RZO}_1\left(t_{min}\right)\left)\right)$$

Finally, D is uploaded to the storage node and the upload process of sensor data is completed.

4.3.2. Range Query Stage

The sink node sends a request for a range query and a multi-node data fusion query to the storage node. After receiving the range query command, the storage node will compare the data that the sink node needs to query and return the encrypted data to the sink node after meeting requirements. After receiving the multi-node data fusion query, the storage node will firstly compare the data and then screen out the data that meets the range like the range query command. Data fusion calculations are conducted on the storage node according to the command and finally the calculation results are sent to the sink node. The specific processing process is as follows:

The existing sink node obtains the user query time period:

$$T=[T_{start},T_{end}]$$

Query value range:

$$[t_{low},t_{high}]$$

Next, the reverse Z-O encoding of the data set D is performed to obtain

$$\left\{{{RZO}_0(t}_{low}\right),{RZO}_0{(t}_{high}),{{RZO}_1(t}_{low}),{RZO}_1{(t}_{high}\left)\right\}$$

After obtaining the encoded data, perform the HMAC data digest and obtain the set $\mathsf{\delta }$:

$$\left\{{{HMAC(RZO}_0(t}_{low}\right)),HMAC({RZO}_0\left(t_{high}\right)),{{HMAC(RZO}_1(t}_{low})),HMAC({RZO}_1{t}_{high}\left)\right\}$$

Finally, the user data fusion command C is obtained. The range data encoding $\mathsf{\delta }$, the time period of the query T, and the data fusion command C are combined into a query and sent to the storage node; that is, the range data encoding, the time period of the query, and the data fusion command C are combined into a query and sent to the storage node, namely:

$$query=\{T,\delta ,C\}$$

After receiving the request from the sink node, the storage node will firstly query the sensor data within the T time range. After obtaining the data, it will judge whether the data meets the range query requirement, taking the one-dimensional data as an example:

$$\begin{gathered} HMAC\left({{RZO}_0(t}_{low}\right) or {{RZO}_1(t}_{low}\left)\right) \le HMAC\left(MIN\right({RZO}_0\left(t_{min}\right),{RZO}_1\left(t_{min}\right)\left)\right) \\ \hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\le HMAC\left({{RZO}_0(t}_{high}\right) or {{RZO}_1(t}_{high}\left)\right) \end{gathered}$$

(16)

$$\begin{gathered} HMAC\left({{RZO}_0(t}_{low}\right) or {{RZO}_1(t}_{low}\left)\right) \le HMAC\left(MIN\right({RZO}_0\left(t_{max}\right),{RZO}_1\left(t_{max}\right)\left)\right) \\ \hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\le HMAC\left({{RZO}_0(t}_{high}\right) or {{RZO}_1(t}_{high}\left)\right) \end{gathered}$$

(17)

$$HMAC\left(MIN\left({RZO}_0\left(t_{min}\right),{RZO}_1\left(t_{min}\right)\right)\right)\le HMAC\left({{RZO}_0(t}_{low}\right)or {{RZO}_1(t}_{low}\left)\right)$$

$$\bigwedge HMAC\left({{RZO}_0(t}_{high}\right) or {{RZO}_1(t}_{high}\left)\right) \le HMAC\left(MIN\left({RZO}_0\left(t_{max}\right),{RZO}_1\left(t_{max}\right)\right)\right)$$

(18)

If the current query data meets one of the three conditions of Equations (16)–(18), it indicates that the data meets the requirements of the sink node query. Finally, according to the data fusion command C, the data fusion is conducted on the data that meets the requirements and the processed data is sent to the sink node, and the data query is completed.

4.3.3. Paillier Encryption Algorithm

The homomorphic computing properties in the optimized Paillier encryption algorithm are used for calculation, and finally the result information is packaged into a JSON data packet and sent to the storage node. The specific implementation process Algorithm 1 is as follows.

Algorithm 1 Paillier encryption algorithm process.

Input: Calculation data $d_i$, multiplication parameter $\alpha ,$ calculation command $cmd$ Output: Calculation result $Val$

1. Analyze cmd command and find the data source, $d_j$ that may be needed 2. Use SQL semantics to parse the calculation command $Ari=SQL\left(cmd\right)$ 3. Match the calculation method according to the calculation command $Ari$        if ($Ari=Add$)           ${Val=d}_i+d_j=d_i\ast d_j \left(\mathrm{m}\mathrm{o}\mathrm{d}{\mathrm{n}}^2\right)$              else ($Ari=Mul$)            ${Val=\alpha \ast d}_i={d_i}^{\alpha } \left(\mathrm{m}\mathrm{o}\mathrm{d}{\mathrm{n}}^2\right)$ 4. Returns the calculation result                  $Val$               end

After waiting for the calculation result Val, the result information also needs to be packaged into a JSON data packet and returned to the sink node.

4.3.4. Security Analysis of Perceptual Data Privacy

The method proposed in this paper is based on the Paillier algorithm that adopts asymmetric encryption. Compared with symmetrical encryption algorithms, there will be no key leakage. In the absence of the secret key, although the storage node can obtain the ciphertext of the perceptual data, it is impossible to decode the perceptual data with only the public key. Furthermore, we implement HMAC authentication on the encoded comparison sequence while preserving its order-keeping properties. This dual approach ensures both data integrity and the ability to perform encrypted range queries—the authenticated encoding maintains the original numerical relationships, enabling correct comparison operations between ciphertext values. In addition, the irreversible mechanism of HMAC ensures that the data maximum comparison chain cannot be decoded in reverse to ensure the privacy and security of the data maximum comparison chain.

4.3.5. Analysis of Data Fusion and Range Query Privacy and Security

The data fusion and range query operations are performed between the storage node and sink node through a secure process. First, the sink node sends range query parameters protected with HMAC authentication and compares them with the storage node′s HMAC-verified comparison sequence. When all comparison conditions are met, the storage node transmits only the corresponding encrypted perceptual data (ciphertexts) to the sink node. Throughout this process, the system ensures complete plaintext data protection by (1) using HMAC for integrity verification without exposing raw data, and (2) performing all operations exclusively on encrypted data. The Paillier-based homomorphic addition enables secure data fusion at the storage node while maintaining ciphertext security.

The data fusion process employs Paillier-based homomorphic addition at the storage node level. This cryptographic operation is performed using only the Paillier public key, ensuring all computations occur on encrypted data without ever revealing the plaintext.

In summary, the method proposed in this paper can guarantee the privacy and security of range query and data fusion.

5. Experimental Evaluation and Analysis

5.1. Experimental Environment

The storage node used was a Raspberry Pi 2B+ equipped with a Broadcom BCM2836 processor containing four Cortex-A7 architecture cores, 900 MHz frequency, and 1 GB LPDDR2 memory. The DHT11 temperature and humidity sensor module and a photosensitive sensor with an MCP3008 AD conversion chip were adopted to sense environmental temperature, humidity, and lightness. The storage node adopts the NVIDIA JETSON TX2 which has 8 GB memory, which reaches the maximum computation rate at 1.33 TFLOPS, in addition to a 64-bit CPU with dual-core NVIDIA Denver 2 and a 4-core Arm Cortex-A57 MP Core composite processor. With the help of VMware, the sink node built an Ubuntu 16.04 64 bit virtual machine with 2 GB memory and 20 GB hard disk. The perception node, storage node, and sink node were all connected via the local wireless router.

In order to ensure the experimental effectiveness, the 3D sensor data, five magnitude range data queries, and data fusion operations were set up. In order to verify the performance of the method proposed in this paper, it was compared with the CSRQ method with the help of reference [10].

5.2. Comparative Experiment of Energy Consumption on Perceptual Nodes

In this paper, the PM9816 digital power meter (Nap Technology) was adopted to measure the power consumption of the sensing node. The test voltage range was 0.5 V–600 V, the current range was 0.05 Ma–40 A, the power range was 0.001 MW−24 KW, and the test accuracy was ±(0.1% reading + 0.1% range).

The process of converting electrical energy into other forms is the process by which current works. How much electrical energy has been converted represents how much the current has worked, namely, the amount of electrical work. How much the current works is related to the size of the current, the voltage level, and the power duration. The higher the voltage applied to the electrical appliances is, the greater the passed current is, the longer the power duration is, and the more the current will work. Studies have shown that when the voltage between the circuit terminals is $U$, the current in the circuit is $I$, and the power duration is $t$, the consumed electrical energy is $W=UIt$.

In the comparative experiment, the number of sensor data obtained within the period t was set to $\tau$, and the HMAC-MD5 was taken as the HMAC algorithm encryption standard uniformly.

5.2.1. Experiment 1

With the sensor data dimension as the independent variable, the other parameters are shown in

Table 3. Experiment 1 parameters.

Parameter	Value
Data dimension	3D
CSRQ division factor	5
AES key length	128 bit
Data query interval	0.5 s
Paillier key length	32 bit

. We tested and obtained the impact of the sensor data dimension on energy consumption. The experimental results are shown in Figure 3.

When the dimension of sensor data obtained by the sensing node increases, it is necessary for the CSRQ method to perform AES encryption and data sorting operations on the data with each dimension. Therefore, as the data dimension increases, the amount of calculation will gradually increase, and the amount of data will increase as the dimension increases. Compared to the CSRQ method, our method will increase the message even after the dimension increases; our method just needs to obtain the maximum comparison chain, and the cost of the increased message is limited. The energy consumption is lower when the data dimension is higher.

5.2.2. Experiment 2

With the number of sensor data N acquired in a single cycle t as the control variable, the other parameters are shown in

Table 4. Experiment 2 parameters.

Parameter	Value
Number of data collected in a single cycle N	20
CSRQ division factor	5
AES key length	128 bit
Data query interval	0.5 s
Paillier key length	32 bit

The influence of the number of sensor data N on energy consumption is tested; the result of the experiment is shown in Figure 3.

Experiment 2 is similar to Experiment 1. The data to be uploaded will increase dramatically when the data collection increases within the cycle. The time for the CSRQ data comparison chain will increase significantly as the number of data increases. In addition, the CSQR method must sort each set of data, which also costs a lot of time. But there is no need for the method we propose to sort the data; only the maximum value comparison chain is generated. When the amount of data increases significantly, the energy consumption only will increase slowly, having some advantages over the CSRQ algorithm.

5.2.3. Experiment 3

As the initiator of the range query request, the time spent by the sink node for generating the range query command to obtain the query result can effectively represent the efficiency of the range query method; that is, the longer the query takes, the lower the query efficiency. The basic parameters of the range query efficiency experiment are shown in

Table 5. Basic parameters of the experiment.

Parameter	Value
Query data length (L)	20
Query data dimension (Dim)	3
Query area perception data volume (n)	3
AES decryption key length/bit	128
Optimized Paillier private key length/bit	64

.

The sink node data range query length L is used as a variable, and other experimental parameters are shown in Table 5 to test the impact of data range query length on query efficiency. The experimental results of the impact of perceived data volume on range query efficiency are shown in Figure 4.

As shown in Figure 4, as the query data length L increases, the query time consumption of the three methods increases. This is because the range query process needs to go through two stages: storage node query processing and result verification. The CSRQ method and the LDRQ method need to perform additional information verification on the data during the result verification stage, which will consume additional time. The method in this paper integrates the data verification method into the encryption algorithm, which has certain advantages in query efficiency.

5.2.4. Experiment 4

The sink node range query dimension Dim is used as a variable. Other experimental parameters are shown in Table 5 to test the impact of the data range query dimension on the range query efficiency. The impact of the range query dimension on the range query efficiency is shown in Figure 5.

As shown in Figure 5, as the perception data dimension Dim increases, the query time of the three range query methods increases. Since the LDRQ method and the CSRQ method need to use a third-party data verification mechanism to verify the query results of each data dimension, the CSRQ method also needs to analyze the data constraint chain based on the LDRQ to ensure that the query results meet the data integrity. Therefore, this process consumes additional query time. The verification method in the encryption algorithm takes a shorter time in the verification phase, and has a certain lead in query efficiency.

5.3. Comparative Experiment of Data Fusion Efficiency

Since the CSRQ algorithm adopts the AES encryption algorithm, the operation does not have a homomorphic nature, and the data fusion operation of CSRQ is transferred to the sink node. In order to simulate the actual situation of the sink node in full directions, we deliberately reduced the CPU operation efficiency of the sink node during the test.

In the experiment testing the efficiency of the data fusion operation, we take the number of processed data as an independent variable and compare the efficiency of the data fusion operation. The experimental results are shown in Figure 6 and

Table 6. The experimental results of the influence of N on the energy consumption of sensing nodes.

N	$\mathbf{Proposed} \mathbf{Method} ({10}^{-5}$ J)	$\mathbf{LDRQ} ({10}^{-5}$ J)	$\mathbf{CSRQ} ({10}^{-5}$ J)
15	213.1	220.6	310.2
20	318.3	343.8	434.6
25	391.5	443.6	566.7
30	474.1	524.5	685.3
35	555.4	597.6	835.9

:

In the comparative experiment of data fusion efficiency, since the method proposed in this paper completes the data fusion calculation on the storage node, there is no need to transmit a large amount of data to the sink node via the wireless network, saving time in data transmission. In addition, there is an insufficient calculation capability of the sink node; as the amount of calculation data rises constantly, the time for calculation of the CSRQ method in the sink node will also gradually rise. Compared with the CSRQ method, the method proposed in this paper has better performance in data fusion.

6. Conclusions

This study successfully develops a secure and efficient privacy-preserving range query method for two-layer wireless sensor networks by innovatively combining Paillier homomorphic encryption with reverse Z-O encoding and HMAC authentication. The proposed solution effectively supports multi-sensor data fusion at storage nodes while significantly reducing communication overhead and energy consumption. Comprehensive theoretical analysis and experimental validation on Raspberry Pi 2B+ and NVIDIA TX2 platforms demonstrate its advantages in protecting data confidentiality during transmission and fusion operations, maintaining computational efficiency, and outperforming existing methods in query dimensionality and energy efficiency. These findings provide a practical and reliable approach for privacy-sensitive IoT applications such as healthcare monitoring and industrial systems. Future research may further explore lightweight optimizations and broader deployment scenarios to enhance applicability.

7. Discussion

The experimental validation confirms the significance of our three core contributions through comprehensive comparisons with state-of-the-art range query techniques (CSRQ, SafeQ, and LDRQ). As demonstrated in Section 5, our Paillier-based approach achieves 2.1× higher encryption throughput than CSRQ [10] at equivalent 128-bit security levels, while reducing query latency by 35% compared to SafeQ′s prefix verification mechanism. The reverse Z-O encoding proves particularly advantageous in energy efficiency—our method consumes 42% less power than LDRQ′s [17] 0–1 encoding scheme during multidimensional queries, as it processes only critical data segments rather than full data sets. These improvements stem from three key design choices: (1) the elimination of iterative decryption–aggregation cycles required in CSRQ, (2) the replacement of SafeQ′s computationally intensive neighborhood chains with lightweight HMAC verification, and (3) the optimization of LDRQ′s encoding mechanism through value-selective processing.

While the results show substantial advances, our analysis reveals scenario-dependent tradeoffs. In high-density static networks, the method achieves optimal performance (supporting up to eight-dimensional queries with sub-second latency), making it suitable for industrial monitoring applications. However, in resource-constrained mobile deployments, the Paillier cryptosystem′s computational overhead becomes noticeable, reducing throughput by 28% compared to symmetric-key alternatives when node mobility exceeds 1.5 m/s. The current implementation also shows 15–20% higher memory usage than CSRQ due to ciphertext expansion, though this is offset by a 40% reduction in communication rounds.

These limitations highlight promising research directions: (1) developing adaptive encryption that dynamically switches between Paillier and lighter algorithms based on node capabilities, and (2) optimizing mobile scenarios through predictive caching of frequently queried data ranges. Despite these challenges, the method′s ability to maintain >99% query accuracy while providing end-to-end encryption represents a significant leap forward for privacy-sensitive applications like healthcare monitoring, where conventional differential privacy techniques typically degrade accuracy by 12–18% through excessive noise injection.