natalia stakhanova cs610
DESCRIPTION
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003. Natalia Stakhanova cs610. Sensor networks. wireless network consisting of large number of small sensor devices Main objective : data collection - PowerPoint PPT PresentationTRANSCRIPT
SIA: Secure Information Aggregation in Sensor Networks
B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003
Natalia Stakhanovacs610
Sensor networks
wireless network consisting of large number of small sensor devicesMain objective: data collection
Sensors are severely constrained: Low memory Low power Limited bandwidth
Transfer of raw information is expensive (often individual readings are not needed)
Solution: aggregate data and transfer the result only!
Data aggregation
Selected nodes are aggregators responsible for
data collection computation of aggregated result result transfer to the user (home server)
Security concern: compromised aggregator compromised sensors
Proposed approach
Previous works assumed honest sensors
This work’s focus: stealthy attacks If user accepts the aggregation result, then there isa
high probability that the reported result is “close” to the true result value
Considered model
single home server (user) single aggregator
more powerful than sensor has information about size and
topology of the network
sensors have unique ids share a key with server and
aggregator
Both home server & aggregator have master key and able to compute key for each sensor
aggregator
home server
sensorsa1 a2
a3
A= ?A= (a1, a2, a3)
Aggregate-Commit-Prove approach
aggregate aggregator collect the data from sensors compute aggregated result
commit aggregator commits to the data
guarantee that result is computed using sensors’ data
prove aggregator send the aggregate result and commitment
to home server home server
checks if commitment is good representation of the sensor data
aggregation result is close to the committed data values
Commit phase
Merkle hash tree – to commit to the data
a1a2 a3 ... an - sensors’ data placed at the leaves
each internal node is hash of its children root value is a commitment
Considered …
Most commonly used aggregation operations: Compute median Compute min, max Counting distinct elements
Computing median Securely compute median of a1a2 a3 ... an Aggregate phase:
take median of a random sample of sensor values commits to a sorted sequence using a Merkle hash
tree Prove phase:
home server receives the commitment and computed median amed
home server performs 2 tests: requests an/2 and compares it with amed picks an element from a random position
Checks if elements picked from left half is < than median Checks if elements picked from right half is > than median
Computing min/max Securely compute min of a1a2 a3 ... an Assumption – sensors will not provide fake values
Computing min/max by sensors MinRootedTree protocol
construct minimum spanning tree rooted at the minimum value
each round node broadcast (min, id) pair fills the table by smallest received value
Final state is authenticated and sent to aggregator
p min idS1 S1 3 id1S2 S2 1 id2S3 S2 1 Id2
S1 S2
S3
Reading: 3 Reading: 1
Reading: 5 p – id of the current parentmin – min value so farid – id of the node with min
p min idS1 S1 3 id1S2 S2 1 id2S3 S3 5 id3
p min idS1 S2 1 id2S2 S2 1 id2S3 S2 1 Id2
Computing min/max
Aggregate phase: aggregator commits to the list of the
states reports the root of the tree to the server
Prove phase: home server randomly picks a node in the
list traverses the path from the node to the
root If unsuccessful - rejects
Counting distinct elements
Securely determine number of distinct values given a1a2 a3 ... an
Basic protocol: Pick random hash function h Apply to all elements ai Keep v=mini=1
n h(ai) Number of distinct elements can be estimated by 1/v
Protocol can be used for: computing the size of the network computing average value
Conclusion
Hierarchical aggregation for very large networks the proposed protocols need to be slightly modified
Consider forward secure authentication for past results querying sensor’s key is recomputed each time interval using
one-way function past readings are secure in case sensor is
compromised
This is the first work that allows existence of malicious sensors