130 likes | 141 Vues
This paper discusses the secure aggregation of information in large-scale sensor networks, with a focus on limited computation and communication resources. It presents an aggregate-commit-prove approach to ensure the correctness of aggregated data. The paper also covers secure computation of median, min/max, and distinct elements, as well as the use of hash trees for commitment. Other topics include query estimation, secure median computation, and secure computation of min/max. The paper concludes with a discussion of secure hierarchical aggregation using multiple aggregators.
E N D
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003
Large Scale Sensor Networks • Monitoring Purposes • Limited Computation Resources • Limited Communication Resources • Query Processing over Sensor data
Aggregation • In-network processing and aggregation • Reduces volume of raw data • Aggregators do aggregation • Aggregators or sensors may be compromised • DDoS Attacks • Stealthy Attacks
Objectives • Secure Information Aggregation • Aggregate-commit-prove approach • Aggregators commit data from the sensors • Aggregator proves the correctness to Home Server • Secure computation of • Median • Min/Max • Distinct elements and other queries
Model Home server • Each sensor has unique ID • Home server and Aggregator store master keys, KB and KA • Each sensor stores shared keys MACKA(node ID) and MACKB(node ID) • Adversarial attacks on sensor values, {1,..,m} aggregator
Assumptions • Aggregator is resources-enhanced • Uncorrupted sensors are not disconnected from the aggregators • Home Server and Aggregators can broadcast to sensors • Only a small no. of sensors can be attacked • Many kinds of attacks but focus is on stealthy attacks
General Approach • Three phases: aggregate, commit and prove • Aggregator aggregates raw data with a commitment • Computation of results • Commitment to data • Home server and aggregator perform interactive proofs to verify reportedresults • Report results • Prove the correctness (committed data represents true sensor values, aggregate is accurate)
Commit Merkle hash tree used to commit to a set of values
Query Estimation • Secure Computation of Median on (ai, IDi) pairs • Median by Random sampling • Theorem: The median of a uniform sample of l out of n elements a1,..,an with probability at least 1-2/exp(2l2) yields an element whose position in the sorted sequence a1,..,an is with n of n/2. • Proof: Pr[|X – n/2| > n ] exp(-2l2) [ and using Hoeffding bound] • Sample size needed (1/ 2) by Bar-Yossef et. al.
Secure Median Computation • Aggregator, A commits the measured values (sorted) using a hash-tree construction • Home server, B gets an alleged median, a • B verifies (using Spot-Check-II by Ergun et. Al) • Commited sequence is sorted • All elements are distinct • B checks that a is close to the median of committed sequence • By randomly picking elements from the sequence and comparing elements from the left and right parts
Secure Computation of Min/Max procedure MinRootedTree(d) /* code for sensor I */ pi = Si, vi = ai, idi = Si for i = 1..d do send(vi, idi) to all neighbors receive (vj, idj) from neighbors if vj < vi for some j then pi = Sj, vi = aj, idi = Sj procedure FindMin() /* code for home server */ request construction of a tree using MinRootedTree if tree construction failed then return REJECT request number n of the nodes in the tree For I = 1…(1/ ) do pick j {1,..,n} request j-th node from the tree follow path to the root if path is inconsistent then return REJECT return ACCEPT
Other queries and issues • Random Node Selection • Home Server distributes hash function h • Sensors compute MIN using h, ID and time interval • Distinct number of elements can be found by finding the lower (Bar-Yossef ) and upper bound (using sampling). • Network size is a special case • = {(i,j) | 1 i n, 1 j aj } • Forward Secure Authentication by changing keys in every time interval • Secure Hierarchical Aggregation using multiple aggregators
Conclusion • Secure Aggregate Information • Computation of Estimates • Protocol for secure aggregation