1 / 31

Secure Data Aggregation in Wireless Sensor Networks: A Survey

Secure Data Aggregation in Wireless Sensor Networks: A Survey. Yingpeng Sang, Hong Shen Yasushi Inoguchi, Yasuo Tan, Naixue Xiong Proceedings of the Seventh International Conference on Parallel and Distributed Computing,Applications and Technologies (PDCAT'06) Presented by kevin wang. Preview.

josiah-burks
Télécharger la présentation

Secure Data Aggregation in Wireless Sensor Networks: A Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Data Aggregation in Wireless Sensor Networks: A Survey Yingpeng Sang, Hong Shen Yasushi Inoguchi, Yasuo Tan, Naixue Xiong Proceedings of the Seventh International Conference on Parallel and Distributed Computing,Applications and Technologies (PDCAT'06) Presented by kevin wang

  2. Preview • Main contributions • Outline • Classify by infrastructure in WSNs • Classify by encryption in WSNs • Proposed two general schemes • Hop by hop • End to end • Conclusions

  3. Main contributions • Past • Only focus on data confidentiality or data integrity • Now • Survey the work • Hop-by-hop • End-to-end • Propose security frameworks respectively for • Hop-by-hop • End-to-end • Both on Data confidentiality and Data integrity

  4. What is confidentiality • Confidentiality • Ensuring that information is accessible only to those authorized to access • One of the cornerstones of Information security • The delivering data is confidential in WSNs • For avoiding to leak secret information, the sensed data have to encrypt to keep confidentiality Sensor or aggregator  sink node M Enk(M)  Dnk(M)=M

  5. What is integrity • Integrity • Ensuring that only authorized parties are able to modify computer system assets and transmitted information • One of the cornerstones of Information security • The delivering data is sensitive in WSNs • For avoiding to modify the secret information, the sensed data have to keep integrity • Especially, in a cheaper and simple device

  6. Outline in this paper • A survey paper for data aggregation in WSN • Proposed two data aggregation scheme for HBH and ETE respectively

  7. Problem definition • How to satisfy the confidentiality and integrity in WSN

  8. Server Server Header Sensor Nodes Sensor Nodes Sacrificed Node Classify with Infrestructure • Wireless sensor networks • HWSN • Hierarchical Wireless Sensor Networks • DWSN • Distributed Wireless Sensor Networks

  9. Classify with Data aggregation • Hop-by-hop • Adv: deliver package size small • Disadv: key management • Pair wise key dist.  DWSN • Group wise key dist.  HWSN • perform operators: sum, min, max, avg, count, median…

  10. Classify with Data aggregation • End-to-end • Adv: the secrets share between sink and sensor • Disadv: much redundant are sent • Can not perform above operators • The sensed data have been encrypted

  11. Server Header Sensor Nodes Sacrificed Node Background-network model-HWSN R S A F A

  12. Server Sensor Nodes Background-network model-DWSN R s S

  13. Background-security requirements • Confidentiality • Eavesdropping • Compromised node’s key • Using the compromised node’s keys to deduce all secret information in entire network • Using the compromised key to inject unauthorized malicious nodes in network. • Integrity • Injecting arbitrary chosen malicious data into the compromised S. • Modifying, forging, or discarding messages in the compromised A and F.

  14. Background-aggregation functions • Sum • Average • Median • Minimum • Maximum • Count

  15. Hop-by-hop encrypted data aggregation in WSN • 1.Security bootstrapping • 1.1Pair-wise key distribution  DWSN (confidentiality) • Master key based solution [14] • All nodes use one key • Pair-wise key pre-distribution solution • Each node shares one key with sink • Random key pre-distribution solution [10] [7] • Using key ring to find one common key • Key pre-distribution schemes with deployment knowledge [15][10] • DDHV’s scheme • Other solution [5][9][16]

  16. Hop-by-hop encrypted data aggregation in WSN • 1.Security bootstrapping • 1.2Group-wise key distribution  HWSN (confidentiality) • Symmetric group-wise key distribution [2],1992 • A symmetric key can be generate among t nodes • Asymmetric group-wise key distribution [18], 2004 • ECC • EC-public/private

  17. Hop-by-hop encrypted data aggregation in WSN • 2.Data integrity • Some related work assume that confidentiality is protected by pre-deployed key. • [12], L. Hu and D. Evans, “Secure aggregation for wireless networks”, In Workshop on Security and Assurance in Ad hoc Networks, Jan 2003. • [18], A. Mahimkar, T. S. Rappaport, “SecureDAV: A Secure Data Aggregation and Verification Protocol for Sensor Networks”, Proceedings of IEEE GlobalTelecommunications Conference (Globecom) 2004,Nov, 2004, Dallas, TX, USA. • [21], B. Przydatek, D. Song, and A. Perrig, “SIA: Secure Information Aggregation in Sensor Networks”,In Proc. of ACM SenSys 2003, 2003.

  18. Sum(Aggr) MAC(KASi,Aggr) KASi Secure aggregation for wireless networks, 2003 • Node A, deployment, symmetric pair-wise key, KAS, RA=reading data from node A • Data transmission phase • KASi=E(KAS, i) • Parent node B and aggregated result =Aggr • MAC(KASi,Aggr) • Data validation phase • R will verifies the final aggregated results using the pair-wise keys • Lower communication cost • Vulnerable • Nodes, aggregators, forwarding nodes are easy to be compromised

  19. Sum(Aggr) MAC(KASi,Aggr) KASi SecureDAV: A Secure Data Aggregation and Verification Protocol for Sensor Networks, 2004 • Using Merkle Hash Tree to improve [12] • Data transmission phase • A: MAC (KASi=E(KAS, i), RA) • Parent node B and aggregated result =Aggr, generate a hash value of RA by Merkle Hash function: H(RA) • Aggregator sends MAC (Aggr, H(RA, i)) to sink node, R • Data validation phase • R will verifies the final aggregated results using the pair-wise keys and queries the aggregators what hash values did they sent • The queries is to check individual readings • Vulnerable • high communication cost

  20. SIA: Secure Information Aggregation in Sensor Networks,2003 • It can engage an interactive proof with the aggregator and check whether the aggregator result is correct. • Key point • Their correct build on the related trust Sum(Aggr) MAC(KASi,Aggr) KASi

  21. Consequence • Communication cost • [21]<[18]<[12]

  22. End-to-end data aggregation in WSN • Network-wise key distribution • Master key based solutions, 2005, CEG[6], 2005, CDA[11] • Public key based solution, 2006[19] • Data integrity • Compared to HBH, there is no efficient scheme to protect integrity in ETE • In [23], 2004, each node sends its reading to R using ETE, • The R employs truncation and trimming on the RA’s to achieve robust aggregation result against spoofed sensor.

  23. Proposed two frameworks for data aggregation in WSN-HBH • Framework 1: Hop-by-hop encrypted data aggregation • 1.The bootstrapping phase • For controlled environment HWSN, • group-wise key can be generated for all nodes within each cluster • For uncontrolled environment DWSN, • Pair-wise key can be distributed among each pair of sensor node • 2.The aggregator selection phase • R can select aggregators to construct a transmission structure with minimum energy cost

  24. Proposed two frameworks for data aggregation in WSN • Framework 1: Hop-by-hop encrypted data aggregation • 3.The data aggregation phase • EKai,A(xi)A:(DKai,A(xi)):sum then R • 4.The data transmission phasec • EKai,A(xi)+MHT(EKsi,R, (xi)) • 5.The data integrity verification phase • R hashes all (EKsi,R) to check again • Decrypt (EKsi,R) and aggregate to check correct?

  25. Consequence • Framework 1. • Confidentiality • For HWSN group-wise key • For DWSN Pair-wise key • Integrity • Merkle Hash Tree

  26. Proposed two frameworks for data aggregation in WSN-ETE • Framework 2: End-to-end encrypted data aggregation • 1.The bootstrapping phase and the aggregator selection phase • For HWSN and DWSN use network-wise public key K • 2.The data aggregation phase • Using ECC-ElGamal to aggregate and reach homomorphic encryption

  27. Proposed two frameworks for data aggregation in WSN • Framework 2: End-to-end encrypted data aggregation • 3.The data transmission phase • Noses will commit all (EKsi,R,(xi)) of its children by MHT to R • 4.The data integrity verification phase • R check the commitment hash of all (EKsi,R,(K))

  28. Consequence • Confidentiality • network-wise public key K • Integrity • Merkle Hash Tree

  29. Security analysis • Compromised some nodes, R will detect with Merkle hash tree • Compromised some aggregators, R will detect with Merkle hash tree • Compromised some nodes and aggregators, R will not detect with Merkle hash tree • HBH more efficient than ETE • HBH less secure than ETE, in compromised some nodes.

  30. Conclusions • Survey and classify the related work into HBH and ETE data aggregation scheme • Proposed two schemes for data aggregation in HBH and ETE, respectively.

  31. Comment • Good • Know the data aggregation field • Research history • More • This schemes did not consider the no response nodes problem • Consider MST + dynamic routing path to reduce the end-to-end communication cost to increase entire lifetime • Past did not consider nodes will be exhausted, then have to change path in end to end environment.

More Related