a framework for secure data aggregation in sensor networks yi yang joint work with xinran wang,...
TRANSCRIPT
A Framework for Secure Data Aggregation in Sensor
Networks Yi Yang
Joint work with Xinran Wang,
Sencun Zhu and Guohong Cao
Dept. of Computer Science & Engineering
The Pennsylvania State University
Yi Yang - SDAP 2
Sensor networks• Functions
– Sensing– In-network processing– Ad-hoc communication
• Applications– Real-time traffic monitor– Military surveillance– Homeland security
Berkeley Mica Motes
BS
Yi Yang - SDAP 3
Why data aggregation? (1)
• Without data aggregation– Data redundancy – Communication cost– Energy expenditure
BS
Reporting raw data is unnecessary!
Yi Yang - SDAP 4
Why data aggregation? (2)
• With data aggregation
Reduce data redundancy, communication cost and energy expenditure in data collection!
BS
Yi Yang - SDAP 5
Security challenges in aggregation? (1)
• A lossy data compression process– Individual sensor readings
are lost in aggregation
• A compromised intermediate node may change the aggregated data
• BS cannot verify the result without knowing original readings
Compromised node False Alarm
BS
Yi Yang - SDAP 6
Security challenges in aggregation? (2)
• Question:– How can BS obtain a
good approximation of the fusion result when a fraction of nodes are compromised?
Compromised node False Alarm
BS ?
Yi Yang - SDAP 7
Network model
• An unbalanced tree rooted at BS• Data are aggregated hop by hop• Each aggregate is a tuple (value,
count)• Every node only forwards one copy
BS B S
. . . . . .
Yi Yang - SDAP 8
Attack model
• Example:– Without modifying the
received aggregate• (98.7F~101F, 51)
– Count change attack• (100F~150F, *)
– Value change attack• (32F~150F, 51)
Goal: Inject false data without being detected by BS
Legitimate temperature (32F ~ 150F)
BS
(100F, 50)
(?, ?)
The combination of count and value change attacks, and collusion among compromised nodes are more destructive!
Yi Yang - SDAP 9
Observations• Hop-by-hop aggregation
– Aggregates computed by a higher-level node are from more low-level nodes
– If a compromised node is closer to BS, false value from it has more impact on the final result computed by BS
Legitimate temperature (32F ~ 150F)
BS
Yi Yang - SDAP 10
Our solutionsDivide and conquerCommit and attest
• Tree construction and query dissemination• Probabilistic grouping
– Partition nodes in the tree into multiple logical groups (subtrees) of similar size
• Hop-by-hop aggregation– Each group generates a commitment which cannot be denied later
• Attestation between BS and suspicious groups– BS identifies abnormal groups from the set of received group commitments– Groups under suspicion prove the correctness of submitted commitments to BS
• BS discards commitments from groups failing to support previous values when computing final aggregates
Yi Yang - SDAP 11
Tree Construction & Query Dissemination
• Tree construction– Similar to TAG
• Query dissemination– BS * : Fagg, Sg
• Fagg: an aggregation function, e.g., avg, count
• Sg: a random number as grouping seed
B S
. . . . . .
Legitimate temperature (32F ~ 150F)
avg avg
avg avg avg
avg avg avg avg
avg avg avg avg avg avg avg avg
avg avg avg avg avg avg avg avg avg
Yi Yang - SDAP 12
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with c
Legitimate temperature (32F ~ 150F)
B S
. . . . . .x
y
w '
H(Kid, Sg|id) > Fg(1)
H(Kw’, Sg|w’) < Fg(8)
H(Kx, Sg|x) < Fg(15)
H(Ky, Sg|y) < Fg(c)
Yi Yang - SDAP 13
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with cBy choosing appropriate grouping
functions, group sizes are roughly even with small deviation, providing good basis for attestation
Legitimate temperature (32F ~ 150F)
B S
x
D ef au lt L ead er
. . . . . .
y
w '
Yi Yang - SDAP 14
B S
. . . . . .
u
v
w
x
y
Group aggregation (1)• Format of aggregates
flag valuecount MACid seed
Encrypted
Authenticated
• Leaf node aggregation– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu
MACu=MAC(Ku, 0|1|u|Ru|Sg)
Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments
H(Ku, Sg|u) > Fg(1)
Yi Yang - SDAP 15
B S
. . . . . .
u
v
w
x
y
• Immediate node aggregation– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv
Aggv=Fagg(Rv, Ru, Ru’)
MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)
Group aggregation (2)
MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data
H(Kv, Sg|v) > Fg(3)
Yi Yang - SDAP 16
B S
. . . . . .
u
v
w
x
y
• Leader node aggregation– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx
Aggx=Fagg(Rx, Aggw, Aggw’)
MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)
Group aggregation (3)
H(Kx, Sg|x) < Fg(15)
Default leader of leftover nodes
Tracking the forwarding path:• A forwarding table (incoming link, group id)• Group id is the id of group leader• Bloom filter may help scale up
Yi Yang - SDAP 17
Verification & attestation(1)
• Outlier detection by Grubbs’ Test– Hypothesis test: H0 vs. H1
– Our extensions: multiple outliers, bivariate• Pc * Pvalue <α? (significance level, e.g., 0.05)
• One-sided test for count and two-sided test for values
– Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result
BS identifies suspicious groups for attestation
(x, 142F, 50) (y, 100F, 20)(w’, 95F, 25) (BS, 90F, 28)
Yi Yang - SDAP 18
Verification & attestation(1)
• Outlier detection by Grubbs’ Test– Hypothesis test: H0 vs. H1
– Our extensions: multiple outliers, bivariate• Pc * Pvalue <α? (significance level, e.g., 0.05)
• One-sided test for count and two-sided test for values
– Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result
BS identifies suspicious groups for attestation
(x, 142F, 50) (y, 100F, 20)(w’, 95F, 25) (BS, 90F, 28)
Yi Yang - SDAP 19
Verification & attestation(2)
Forwarding attestation requests from BS
• Suppose group x is under suspicion– BS y: x, Sa, Sg
– Node y then forwards this request to leader x
• Sa: a random number as attestation seed
B S
. . . . . .
u
v
w
x
y
Yi Yang - SDAP 20
• Probabilistic attestation path selection– From x, each parent sums
up counts of all the children, then computes , picks up ith child on the path, if
Verification & attestation(3)
d
kka cidSHw
1
)|(
Group attestation
),[1
1 1
i i
kk ccw
A node with larger count has more chances to be attested
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
Yi Yang - SDAP 21
• Each node on the path sends back count and reading
• Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)
Verification & attestation(4)
Attestation response from groups
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
Yi Yang - SDAP 22
Verification & attestation(5)
Group response validation by BS
• BS reconstructs Aggx and MACx based on responses– If both match the submitted
values, accepts them– Otherwise, rejects them
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
Yi Yang - SDAP 23
Conclusion & future work
• Analysis and simulation results are skipped
• A probabilistic grouping based secure data aggregation protocol– Divide-and-conquer– Commit-and-attest
• Challenges:– Max/Min– Content-based attestation
• Readings from nodes in the same neighborhood should bear certain temporal/spatial correlations