A framework for secure data aggregation in sensor networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

A Framework for Secure Data Aggregation in Sensor Networks PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

A Framework for Secure Data Aggregation in Sensor Networks. Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06. Why data aggregation? (1). Many low-cost sensors

Download Presentation

A Framework for Secure Data Aggregation in Sensor Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A framework for secure data aggregation in sensor networks

A Framework for Secure Data Aggregation in Sensor Networks

Yi Yang

Xinran Wang,

Sencun Zhu and Guohong Cao

The Pennsylvania State University

MobiHoc’ 06


Why data aggregation 1

Why data aggregation? (1)

  • Many low-cost sensors

  • Some data sinks which subscribe to special data streams by distributing interests or querying

BS

  • Without data aggregation

    • Data redundancy

    • Communication cost

    • Energy expenditure

SDAP


Why data aggregation 2

Why data aggregation? (2)

BS

  • With data aggregation

Reduce data redundancy, communication cost and energy expenditure in data collection!

SDAP


Network model

BS

Network model

  • An unbalanced tree rooted at BS

  • Data are aggregated hop by hop

  • Each aggregate is a tuple (value, count)

  • Every node only forwards one copy

SDAP


Security challenges in aggregation 1

Security challenges in aggregation? (1)

BS

  • A compromised node may report a false fusion result, causing the final aggregation result to be much different from the true measurement.

  • Question:

    • How can BS obtain a good approximation of the fusion result when a fraction of nodes are compromised?

Compromised node

False Alarm

SDAP


Attack model

Legitimate temperature (32F ~ 150F)

BS

(?, ?)

(100F, 50)

Attack model

Goal: Inject false data without being detected by BS

  • Example:

    • Without modifying the received aggregate

      • (98.7F~101F, 51)

    • Count change attack

      • (100F~150F, *)

    • Value change attack

      • (32F~150F, 51)

The combination of count and value change attacks, and collusion among compromised nodes are more destructive!

SDAP


Our solutions

Our solutions

  • Divide and conquer

  • Commit and attest

  • Tree construction and query dissemination

  • Probabilistic grouping

    • Partition nodes in the tree into multiple logical groups (subtrees) of similar size

  • Hop-by-hop aggregation

    • Each group generates a commitment which cannot be denied later

  • Attestation between BS and suspicious groups

    • BS identifies abnormal groups from the set of received group commitments

    • Groups under suspicion prove the correctness of submitted commitments to BS

  • BS discards commitments from groups failing to support previous values when computing final aggregates

SDAP


Tree construction query dissemination

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

avg

Tree Construction & Query Dissemination

  • Tree construction

    • Similar to TAG

  • Query dissemination

    • BS   * : Fagg, Sg

      • Fagg: an aggregation function, e.g., avg, count

      • Sg: a random number as grouping seed

Legitimate temperature (32F ~ 150F)

SDAP


Probabilistic grouping data aggregation

Probabilistic grouping & data aggregation

  • Probabilistic grouping is conducted through group leader selection

    • H(Kx, Sg|x) < Fg(c)

Legitimate temperature (32F ~ 150F)

  • x : node id

  • Kx : master key of x

  • H : pseudorandom function,

  • uniformly maps the input into the range of[0,1)

  • Sg : for security and load balance

  • c : count value

  • Fg : grouping function, outputs a real number between[0,1)

  • output increasing with c

H(Ky, Sg|y) < Fg(c)

H(Kx, Sg|x) < Fg(15)

H(Kw’, Sg|w’) < Fg(8)

H(Kid, Sg|id) > Fg(1)

SDAP


Probabilistic grouping data aggregation1

Probabilistic grouping & data aggregation

  • Probabilistic grouping is conducted through group leader selection

    • H(Kx, Sg|x) < Fg(c)

Legitimate temperature (32F ~ 150F)

  • x : node id

  • Kx : master key of x

  • H : pseudorandom function,

  • uniform output in [0,1)

  • Sg : for security and load balance

  • c : count

  • Fg : grouping function, [0,1)

  • output increasing with c

By choosing appropriate grouping functions, group sizes are roughly even with small deviation, providing good basis for attestation

SDAP


Group aggregation 1

Authenticated

id

flag

count

value

seed

MAC

Encrypted

Group aggregation (1)

  • Format of aggregates

Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments

  • Leaf node aggregation

    • uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu

      MACu=MAC(Ku, 0|1|u|Ru|Sg)

H(Ku, Sg|u) > Fg(1)

SDAP


Group aggregation 2

Group aggregation (2)

  • Immediate node aggregation

    • vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv

      Aggv=Fagg(Rv, Ru, Ru’)

      MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’|Sg)

MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data

H(Kv, Sg|v) > Fg(3)

SDAP


Group aggregation 3

Group aggregation (3)

  • Leader node aggregation

    • xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx

      Aggx=Fagg(Rx, Aggw, Aggw’)

      MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)

Default leader of leftover nodes

H(Kx, Sg|x) < Fg(15)

SDAP


Verification attestation 1

Verification & attestation(1)

  • BSneeds to verify the correctness of the aggregated value

  • Outlier detection by Grubbs’ Test

    an existing work

SDAP


Verification attestation 2

Verification & attestation(2)

  • Forwarding attestation requests from BS

  • Suppose group x is under suspicion

    • BS  y: x, Sa, Sg

    • Node y then forwards this request to leader x

  • Sa: a random number

  • as attestation seed

SDAP


Verification attestation 3

Verification & attestation(3)

  • Group attestation

  • Probabilistic attestation path selection

    • From x, each parent sums up counts of all the children, then computes . Finally determine the path by picking up ith child on the path, if

A node with larger count has more chances to be attested

SDAP


Verification attestation 4

Verification & attestation(4)

  • Attestation response from groups

  • Each node on the path sends back count and reading

  • Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

SDAP


Verification attestation 5

Verification & attestation(5)

  • Group response validation by BS

  • BS reconstructs Aggx and MACx based on responses

    • If both match the submitted values, accepts them

    • Otherwise, rejects them

SDAP


Security analysis

Security Analysis

An attacker can not selectively compromise nodes to ensure his optimal attacking

  • A compromised node can not know in advance whether

  • it will become a group leader or which group it will belong to

  • its aggregate will become an outlier by Grubbs’ test

  • it will be selected on the attestation path

SDAP


Detection rate

Detection Rate

  • m is the number of attestation paths

SDAP


Communication overhead

Communication Overhead

Packet*hop: 3.4k~4.4K

  • in a non-secure aggregation scheme: 3k

  • in a no aggregation secure scheme: 21k

SDAP


Thank you

Thank you!

  • Questions?

  • if a node has a larger count value, the probability for it to become

  • a leader is higher. So if a compromised node with large count be-

  • comes a leader, the BS will definitely reject it and the whole large

  • group, which will also affect the quality of aggregation.

SDAP


  • Login