1 / 14

On Concealed Data Aggregation for Wireless Sensor Networks

On Concealed Data Aggregation for Wireless Sensor Networks. Steffen Peter Peter Langendörfer, Krzysztof Piotrowski. Outline. Concealed Data Aggregation? What does it mean? What is it for? Privacy homomorphism Example for an efficient CDA scheme CaMyTs-Algorithm

august-curry
Download Presentation

On Concealed Data Aggregation for Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Concealed Data Aggregation for Wireless Sensor Networks Steffen Peter Peter Langendörfer, Krzysztof Piotrowski

  2. Outline • Concealed Data Aggregation?What does it mean? What is it for? Privacy homomorphism • Example for an efficient CDA scheme CaMyTs-Algorithm • Discussion of security propertiesAwareness to passive and active attacks • Solution to overcome security problemsCascaded privacy homomorphism • Conclusions

  3. Scenario: WSN as movement/intruder detection Q: Sensed something since last request?

  4. In-Network-Aggregation (INA) 1 Without INA: With INA: 1 1,0 1,0,0,0 1 0 0 0,0 0 0 1 1,0 1 1,0,0,0,1,0,1,0  3 1,2  3 0 1,0,1,0 2 1 1,0 1 0  Reduced packet traffic

  5. Security Issues of in-network aggregation • Without cryptography No security • Classic End-to-End security (DES, AES, ECC) Encryption on sensor – decryption on sink + Very secure - No possibility of in-network aggregation • Hop-by-Hop encryption Packets are encrypted and decrypted on every routing node + In-network aggregation possible - No End-to-End security every routing node knows and can change every plaintext

  6. Concealed (In-netwok) Data Aggregation • We need: End-to-End security that allows aggregation on routing nodes = Routing nodes do not know what they aggregate = Ability to compute with encrypted values Only sink node can decrypt the aggregated value • Solution:Privacy Homomorphism Encryption Encryption Value1 Value2 Encryption Value1 + Value2

  7. CaMyTs (Castelluccia, Mykletun, Tsudik) Encryption: 1+15=16 (mod 32) Random Stream 1: 15 22 6 Random Stream: 15 22 6 Aggregation: 16+30+28 =74 =10 (mod 32) Random Stream 2: 30 9 11 Value: 1 Random Stream 3: 27 2 29 16 0+30=30 (mod 32) Random Stream: 30 9 11 10 30 Value: 0 Decryption: 10 - 15 – 30 - 27 = -62 =2 (mod 32) = 1 + 0 + 1 28 Random Stream: 27 2 29 Decryption: 16 – 15 = 1 Value: 1 1+27=28 (mod 32)

  8. Attack Scenarios • Passive Attacks Eavesdropping Ciphertext analysis Chosen/known plaintext attacks • Active Attacks Unauthorized aggregation Forged packets Replay attacks Malleability

  9. Active Attack - Replay Value: 1 (Previous: 0+15=15) 1+22=23 • ATTACK 1: • Take previous packet? • 15 insteadof 23 •  wrongkey Key Stream: 15 22 6 23 9 15 Value: 0 Key: 9 Attack 1: 26-34  24  no plausible value 0+9=9 26 20 3 9 Decr: 3-34  1 Attack 2: 20-34  18  no plausible value • ATTACK 2: • Take packet fromanothernode? • 9 insteadof 23 •  wrongkey Value: 0 Key: 2 2 0+2=2

  10. Active Attack - Malleability Value: 1 Key: 15 Encryption: 1+15=16 Key1: 15 Key2: 30 Key3: 27 Aggregation: 16+30+27 =73 =9 (mod 32) Decryption: 9 -15 – 30 - 27 = -62 = 1 (mod 32) = Alert 16 8 Value: 0 Key: 30 Encryption: 0+30=30 -63 8 0 9 30 NO ALERT • ATTACK: • Catch 9 • Subtract 1 (9-1=8) • Send 8 insteadof 9 Value: 0 Key: 27 27 Encryption: 0+27=27

  11. Evaluation

  12. Increase Security – Combination of two PHs Encryption 2 Domingo-Ferrer Encryption 2 Domingo-Ferrer Encryption 1 CaMyTs Encryption 1 CaMyTs Value1 Value2 Value1 Value2 Domingo-Ferrer Encryption 2 CaMyTs Encryption 1 Value1 + Value2 Value1 + Value2

  13. CaMyTs + DF combination

  14. Conclusions • Concealed Data Aggregation in WSNs is required Reduced network traffic End-to-End security • Concealed Data Aggregation in WSNs is possible Computation overhead is reasonable (e.g. with CaMyTs, DF) • There is not one perfect CDA schemeThere are still some security issues (e.g. integrity) Trade-off security/computation effort Evaluation helps selecting application-fitted scheme • Combined (cascaded) privacy homomorphism increases security with very low additional costs (e.g. CaMyTs/DF)

More Related