a framework for secure data aggregation in sensor networks yi yang xinran wang, sencun zhu and...
TRANSCRIPT
A Framework for Secure Data Aggregation in Sensor
Networks Yi Yang
Xinran Wang,
Sencun Zhu and Guohong Cao
The Pennsylvania State University
MobiHoc’ 06
SDAP 2
Why data aggregation? (1)
• Without data aggregation– Data redundancy – Communication cost– Energy expenditure
BS• Many low-cost sensors• Some data sinks which subscr
ibe to special data streams by distributing interests or querying
SDAP 3
Why data aggregation? (2)
• With data aggregation
Reduce data redundancy, communication cost and energy expenditure in data collection!
BS
SDAP 4
Network model
• An unbalanced tree rooted at BS• Data are aggregated hop by hop• Each aggregate is a tuple (value,
count)• Every node only forwards one copy
BS B S
. . . . . .
SDAP 5
Security challenges in aggregation? (1)
• A compromised node may report a false fusion result, causing the final aggregation result to be much different from the true measurement.
• Question:– How can BS obtain a
good approximation of the fusion result when a fraction of nodes are compromised?
Compromised node
False Alarm
BS
SDAP 6
Attack model
• Example:– Without modifying the
received aggregate• (98.7F~101F, 51)
– Count change attack• (100F~150F, *)
– Value change attack• (32F~150F, 51)
Goal: Inject false data without being detected by BS
Legitimate temperature (32F ~ 150F)
BS
(100F, 50)
(?, ?)
The combination of count and value change attacks, and collusion among compromised nodes are more destructive!
SDAP 7
Our solutionsDivide and conquerCommit and attest
• Tree construction and query dissemination• Probabilistic grouping
– Partition nodes in the tree into multiple logical groups (subtrees) of similar size
• Hop-by-hop aggregation– Each group generates a commitment which cannot be denied later
• Attestation between BS and suspicious groups– BS identifies abnormal groups from the set of received group commitments– Groups under suspicion prove the correctness of submitted commitments to BS
• BS discards commitments from groups failing to support previous values when computing final aggregates
SDAP 8
Tree Construction & Query Dissemination
• Tree construction– Similar to TAG
• Query dissemination– BS * : Fagg, Sg
• Fagg: an aggregation function, e.g., avg, count
• Sg: a random number as grouping seed
B S
. . . . . .
Legitimate temperature (32F ~ 150F)
avg avg
avg avg avg
avg avg avg avg
avg avg avg avg avg avg avg avg
avg avg avg avg avg avg avg avg avg
SDAP 9
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniformly maps the input into the range of[0,1) •Sg : for security and load balance•c : count value•Fg : grouping function, outputs a real number between [0,1) output increasing with c
Legitimate temperature (32F ~ 150F)
B S
. . . . . .x
y
w '
H(Kid, Sg|id) > Fg(1)
H(Kw’, Sg|w’) < Fg(8)
H(Kx, Sg|x) < Fg(15)
H(Ky, Sg|y) < Fg(c)
SDAP 10
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with cBy choosing appropriate grouping
functions, group sizes are roughly even with small deviation, providing good basis for attestation
Legitimate temperature (32F ~ 150F)
B S
x
D ef au lt L ead er
. . . . . .
y
w '
SDAP 11
B S
. . . . . .
u
v
w
x
y
Group aggregation (1)• Format of aggregates
flag valuecount MACid seed
Encrypted
Authenticated
• Leaf node aggregation– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu
MACu=MAC(Ku, 0|1|u|Ru|Sg)
Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments
H(Ku, Sg|u) > Fg(1)
SDAP 12
B S
. . . . . .
u
v
w
x
y
• Immediate node aggregation– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv
Aggv=Fagg(Rv, Ru, Ru’)
MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)
Group aggregation (2)
MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data
H(Kv, Sg|v) > Fg(3)
SDAP 13
B S
. . . . . .
u
v
w
x
y
• Leader node aggregation– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx
Aggx=Fagg(Rx, Aggw, Aggw’)
MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)
Group aggregation (3)
H(Kx, Sg|x) < Fg(15)
Default leader of leftover nodes
SDAP 14
Verification & attestation(1)
• Outlier detection by Grubbs’ Test an existing work
BS needs to verify the correctness of the aggregated value
SDAP 15
Verification & attestation(2)
Forwarding attestation requests from BS
• Suppose group x is under suspicion– BS y: x, Sa, Sg
– Node y then forwards this request to leader x
• Sa: a random number as attestation seed
B S
. . . . . .
u
v
w
x
y
SDAP 16
• Probabilistic attestation path selection– From x, each parent sums up
counts of all the children, then computes . Finally determine the path by picking up ith child on the path, if
Verification & attestation(3)
d
kka cidSHw
1
)|(
Group attestation
),[1
1 1
i i
kk ccw
A node with larger count has more chances to be attested
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 17
• Each node on the path sends back count and reading
• Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)
Verification & attestation(4)
Attestation response from groups
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 18
Verification & attestation(5)
Group response validation by BS
• BS reconstructs Aggx and MACx based on responses– If both match the submitted
values, accepts them– Otherwise, rejects them
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 19
Security Analysis An attacker can not selectively compromise no
des to ensure his optimal attacking • A compromised node can not know in advanc
e whether1. it will become a group leader or which group i
t will belong to 2. its aggregate will become an outlier by Grubb
s’ test3. it will be selected on the attestation path
SDAP 20
Detection Rate
• m is the number of attestation paths
12
34
56
78
2
4
6
8
10
12
14
160.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
m=1~8c
v: count value of node v
Det
ectio
n R
ate
SDAP 21
Communication Overhead
Packet*hop: 3.4k~4.4K • in a non-secure aggregation scheme: 3k • in a no aggregation secure scheme: 21k
12
34
56
78
910
30
35
40
45
503500
3600
3700
3800
3900
4000
4100
4200
4300
4400
Number of Attested Groups(ng): 1~10
n=3280, d=3, h=7, np=1
Group Sizes(g): 30~50
Ove
rhea
d of
Our
Pro
toco
l
(packet*hop)
SDAP 22
Thank you!
•Questions?
•if a node has a larger count value, the probability for it to become a leader is higher. So if a compromised node with large count be-comes a leader, the BS will definitely reject it and the whole largegroup, which will also affect the quality of aggregation.