dos-resilient secure aggregation queries in sensor networks haifeng yu national university of...
TRANSCRIPT
DoS-Resilient Secure Aggregation DoS-Resilient Secure Aggregation Queries in Sensor NetworksQueries in Sensor Networks
Haifeng YuNational University of Singapore
http://www.comp.nus.edu.sg/~yuhf
Haifeng Yu (National University of Singapore) 2
Background: Secure Aggregation QueriesBackground: Secure Aggregation Queries Sensor networks often queries
for aggregate information Predicate count, sum, avg, etc
Usually obtained via in-network aggregation
Need for security: Malicious sensors may report
arbitrary readings – not much we can do
Malicious sensors may manipulate other sensors readings – want to prevent this
Entire sub-tree affected
2
68
2
16
31
63
810 8
28
Haifeng Yu (National University of Singapore) 3
Previous Work and Our GoalPrevious Work and Our Goal [Chan’06,Chan’07,Yang’06]
Enables the detection of an incorrect result – user will then reject the result
But, attacker can keep corrupting the result and cause result to be rejected DoS attack!
Analogy: Safety without liveness …
Our goal: Secure and highly-available aggregation queries Tolerate the attacker instead of just detect it
This talk will use predicate count as an example…
Haifeng Yu (National University of Singapore) 4
Protocol One: Set Sampling (Broadcast Sampling)Protocol One: Set Sampling (Broadcast Sampling)
Sampling: More robust that aggregation
Challenge: If count is b, then # samples needed to obtain an approximation is
Solution: Set sampling (Broadcast sampling) Sample a set of sensors in a single sample
Leverages special properties of sensor networks
1log
12b
n
),(
n
nnOloglog
loglogloglog1
log11
log1
log12
Haifeng Yu (National University of Singapore) 5
Protocol Two: Verifiable Aggregate SynopsisProtocol Two: Verifiable Aggregate Synopsis
Light-weight detection-only protocols But maintain audit trails
Adopt ideas from duplicate-insensitive counting
Failure-free message complexity FM synopsis [Flajolet’85]:
Exp synopsis [Mosk-Aoyama’06]:
Generate audit trails when under attack Pinpointing protocol can later revoke malicious sensors
nlog1
log12
1log
12