1 / 13

SIA: Secure Information Aggregation in Sensor Networks

This paper discusses the secure aggregation of information in large-scale sensor networks, with a focus on limited computation and communication resources. It presents an aggregate-commit-prove approach to ensure the correctness of aggregated data. The paper also covers secure computation of median, min/max, and distinct elements, as well as the use of hash trees for commitment. Other topics include query estimation, secure median computation, and secure computation of min/max. The paper concludes with a discussion of secure hierarchical aggregation using multiple aggregators.

neilsen
Télécharger la présentation

SIA: Secure Information Aggregation in Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003

  2. Large Scale Sensor Networks • Monitoring Purposes • Limited Computation Resources • Limited Communication Resources • Query Processing over Sensor data

  3. Aggregation • In-network processing and aggregation • Reduces volume of raw data • Aggregators do aggregation • Aggregators or sensors may be compromised • DDoS Attacks • Stealthy Attacks

  4. Objectives • Secure Information Aggregation • Aggregate-commit-prove approach • Aggregators commit data from the sensors • Aggregator proves the correctness to Home Server • Secure computation of • Median • Min/Max • Distinct elements and other queries

  5. Model Home server • Each sensor has unique ID • Home server and Aggregator store master keys, KB and KA • Each sensor stores shared keys MACKA(node ID) and MACKB(node ID) • Adversarial attacks on sensor values, {1,..,m} aggregator

  6. Assumptions • Aggregator is resources-enhanced • Uncorrupted sensors are not disconnected from the aggregators • Home Server and Aggregators can broadcast to sensors • Only a small no. of sensors can be attacked • Many kinds of attacks but focus is on stealthy attacks

  7. General Approach • Three phases: aggregate, commit and prove • Aggregator aggregates raw data with a commitment • Computation of results • Commitment to data • Home server and aggregator perform interactive proofs to verify reportedresults • Report results • Prove the correctness (committed data represents true sensor values, aggregate is accurate)

  8. Commit Merkle hash tree used to commit to a set of values

  9. Query Estimation • Secure Computation of Median on (ai, IDi) pairs • Median by Random sampling • Theorem: The median of a uniform sample of l out of n elements a1,..,an with probability at least 1-2/exp(2l2) yields an element whose position in the sorted sequence a1,..,an is with n of n/2. • Proof: Pr[|X – n/2| > n ]  exp(-2l2) [ and using Hoeffding bound] • Sample size needed (1/ 2) by Bar-Yossef et. al.

  10. Secure Median Computation • Aggregator, A commits the measured values (sorted) using a hash-tree construction • Home server, B gets an alleged median, a • B verifies (using Spot-Check-II by Ergun et. Al) • Commited sequence is sorted • All elements are distinct • B checks that a is close to the median of committed sequence • By randomly picking elements from the sequence and comparing elements from the left and right parts

  11. Secure Computation of Min/Max procedure MinRootedTree(d) /* code for sensor I */ pi = Si, vi = ai, idi = Si for i = 1..d do send(vi, idi) to all neighbors receive (vj, idj) from neighbors if vj < vi for some j then pi = Sj, vi = aj, idi = Sj procedure FindMin() /* code for home server */ request construction of a tree using MinRootedTree if tree construction failed then return REJECT request number n of the nodes in the tree For I = 1…(1/ ) do pick j {1,..,n} request j-th node from the tree follow path to the root if path is inconsistent then return REJECT return ACCEPT

  12. Other queries and issues • Random Node Selection • Home Server distributes hash function h • Sensors compute MIN using h, ID and time interval • Distinct number of elements can be found by finding the lower (Bar-Yossef ) and upper bound (using sampling). • Network size is a special case •  = {(i,j) | 1  i  n, 1  j  aj } • Forward Secure Authentication by changing keys in every time interval • Secure Hierarchical Aggregation using multiple aggregators

  13. Conclusion • Secure Aggregate Information • Computation of Estimates • Protocol for secure aggregation

More Related