A Framework for Secure Data Aggregation in Sensor

Networks Yi Yang

Xinran Wang,

Sencun Zhu and Guohong Cao

The Pennsylvania State University

MobiHoc’ 06

SDAP 2

Why data aggregation? (1)

• Without data aggregation– Data redundancy – Communication cost– Energy expenditure

BS• Many low-cost sensors• Some data sinks which subscr

ibe to special data streams by distributing interests or querying

SDAP 3

Why data aggregation? (2)

• With data aggregation

Reduce data redundancy, communication cost and energy expenditure in data collection!

BS

SDAP 4

Network model

• An unbalanced tree rooted at BS• Data are aggregated hop by hop• Each aggregate is a tuple (value,

count)• Every node only forwards one copy

BS B S

. . . . . .

SDAP 5

Security challenges in aggregation? (1)

• A compromised node may report a false fusion result, causing the final aggregation result to be much different from the true measurement.

• Question:– How can BS obtain a

good approximation of the fusion result when a fraction of nodes are compromised?

Compromised node

False Alarm

BS

SDAP 6

Attack model

• Example:– Without modifying the

received aggregate• (98.7F~101F, 51)

– Count change attack• (100F~150F, *)

– Value change attack• (32F~150F, 51)

Goal: Inject false data without being detected by BS

Legitimate temperature (32F ~ 150F)

BS

(100F, 50)

(?, ?)

The combination of count and value change attacks, and collusion among compromised nodes are more destructive!

SDAP 7

Our solutionsDivide and conquerCommit and attest

• Tree construction and query dissemination• Probabilistic grouping

– Partition nodes in the tree into multiple logical groups (subtrees) of similar size

• Hop-by-hop aggregation– Each group generates a commitment which cannot be denied later

• Attestation between BS and suspicious groups– BS identifies abnormal groups from the set of received group commitments– Groups under suspicion prove the correctness of submitted commitments to BS

• BS discards commitments from groups failing to support previous values when computing final aggregates

SDAP 8

Tree Construction & Query Dissemination

• Tree construction– Similar to TAG

• Query dissemination– BS * : Fagg, Sg

• Fagg: an aggregation function, e.g., avg, count

• Sg: a random number as grouping seed

B S

. . . . . .

Legitimate temperature (32F ~ 150F)

avg avg

avg avg avg

avg avg avg avg

avg avg avg avg avg avg avg avg

avg avg avg avg avg avg avg avg avg

SDAP 9

Probabilistic grouping & data aggregation

• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniformly maps the input into the range of[0,1) •Sg : for security and load balance•c : count value•Fg : grouping function, outputs a real number between [0,1) output increasing with c

Legitimate temperature (32F ~ 150F)

B S

. . . . . .x

y

w '

H(Kid, Sg|id) > Fg(1)

H(Kw’, Sg|w’) < Fg(8)

H(Kx, Sg|x) < Fg(15)

H(Ky, Sg|y) < Fg(c)

SDAP 10

Probabilistic grouping & data aggregation

• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with cBy choosing appropriate grouping

functions, group sizes are roughly even with small deviation, providing good basis for attestation

Legitimate temperature (32F ~ 150F)

B S

x

D ef au lt L ead er

. . . . . .

y

w '

SDAP 11

B S

. . . . . .

u

v

w

x

y

Group aggregation (1)• Format of aggregates

flag valuecount MACid seed

Encrypted

Authenticated

• Leaf node aggregation– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu

MACu=MAC(Ku, 0|1|u|Ru|Sg)

Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments

H(Ku, Sg|u) > Fg(1)

SDAP 12

B S

. . . . . .

u

v

w

x

y

• Immediate node aggregation– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv

Aggv=Fagg(Rv, Ru, Ru’)

MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)

Group aggregation (2)

MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data

H(Kv, Sg|v) > Fg(3)

SDAP 13

B S

. . . . . .

u

v

w

x

y

• Leader node aggregation– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx

Aggx=Fagg(Rx, Aggw, Aggw’)

MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)

Group aggregation (3)

H(Kx, Sg|x) < Fg(15)

Default leader of leftover nodes

SDAP 14

Verification & attestation(1)

• Outlier detection by Grubbs’ Test an existing work

BS needs to verify the correctness of the aggregated value

SDAP 15

Verification & attestation(2)

Forwarding attestation requests from BS

• Suppose group x is under suspicion– BS y: x, Sa, Sg

– Node y then forwards this request to leader x

• Sa: a random number as attestation seed

B S

. . . . . .

u

v

w

x

y

SDAP 16

• Probabilistic attestation path selection– From x, each parent sums up

counts of all the children, then computes . Finally determine the path by picking up ith child on the path, if

Verification & attestation(3)

d

kka cidSHw

1

)|(

Group attestation

),[1

1 1

i i

kk ccw

A node with larger count has more chances to be attested

B S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 17

• Each node on the path sends back count and reading

• Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

Verification & attestation(4)

Attestation response from groups

B S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 18

Verification & attestation(5)

Group response validation by BS

• BS reconstructs Aggx and MACx based on responses– If both match the submitted

values, accepts them– Otherwise, rejects them

B S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 19

Security Analysis An attacker can not selectively compromise no

des to ensure his optimal attacking • A compromised node can not know in advanc

e whether1. it will become a group leader or which group i

t will belong to 2. its aggregate will become an outlier by Grubb

s’ test3. it will be selected on the attestation path

SDAP 20

Detection Rate

• m is the number of attestation paths

12

34

56

78

2

4

6

8

10

12

14

160.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

m=1~8c

v: count value of node v

Det

ectio

n R

ate

SDAP 21

Communication Overhead

Packet*hop: 3.4k~4.4K • in a non-secure aggregation scheme: 3k • in a no aggregation secure scheme: 21k

12

34

56

78

910

30

35

40

45

503500

3600

3700

3800

3900

4000

4100

4200

4300

4400

Number of Attested Groups(ng): 1~10

n=3280, d=3, h=7, np=1

Group Sizes(g): 30~50

Ove

rhea

d of

Our

Pro

toco

l

(packet*hop)

SDAP 22

Thank you!

•Questions?

•if a node has a larger count value, the probability for it to become a leader is higher. So if a compromised node with large count be-comes a leader, the BS will definitely reject it and the whole largegroup, which will also affect the quality of aggregation.