1 / 30

SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks

SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks. Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007 Presented by Nicky Mahilani CSC 774 In-class presentation. Acknowledgement: Based on slides provided by Author. Outline.

lonna
Download Presentation

SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007 Presented by Nicky Mahilani CSC 774 In-class presentation • Acknowledgement: Based on slides provided by Author

  2. Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work

  3. Sensor Networks • BS Group of sensor nodes report to a Base Station(BS) Without data aggregation • Data redundancy • Communication cost • Energy expenditure Reporting raw data is inefficient

  4. Data Aggregation in Sensor Networks • BS With data aggregation we can reduce • Data redundancy • Communication cost • Energy expenditure A lossy data compression process

  5. Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work

  6. Security Challenges in Data Aggregation?(1) • BS Compromised node False Alarm A compromised intermediate node may change the aggregated data BS cannot verify the result without knowing original readings

  7. Security Challenges in Data Aggregation?(2) • Legitimate temperature (32F ~ 150F) • BS Hop-by-hop aggregation • Aggregates computed by a higher-level node are from ‘more’ low-level nodes • If a compromised node is closer to BS, false value from it has more impact on the final result computed by BS

  8. Security Challenges in Data Aggregation?(3) • BS Compromised node False Alarm Question: Can the BS obtain a good approximation of the fusion result when a fraction of nodes are compromised?

  9. Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work

  10. BS Network Model - An unbalanced tree rooted at BS - Data is aggregated hop by hop - Each aggregate is a tuple (value, count) - Every node only forwards one copy

  11. Legitimate temperature (32F ~ 150F) • BS • (?, ?) (100F, 50) Attack Model Goal: Inject false data without being detected by BS Example: • Without modifying the received aggregate • (98.7F~101F, 51) • Count change attack • (100F~150F, *) • Value change attack • (32F~150F, 51)

  12. SDAP: Secure Hop-by-hop Data Aggregation Protocol Basic Principle • Divide and conquer • Commit and attest Protocol Overview • Tree Construction & Query Dissemination • Probabilistic grouping • Partition nodes into logical groups of similar size • Hop-by-hop aggregation • Each group generates a commitment which cannot be denied later • Verification & attestation • BS identifies suspicious groups • Suspect groups attest correctness of commitments to BS

  13. avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg • avg Tree Construction & Query Dissemination • Legitimate temperature (32F ~ 150F) Tree construction Query dissemination • BS  * : Fagg, Sg • Fagg: an aggregation function, e.g., avg, count • Sg: a random number as grouping seed

  14. Probabilistic grouping & data aggregation • Legitimate temperature (32F ~ 150F) • H(Ky, Sg|y) < Fg(c) • H(Kx, Sg|x) < Fg(15) • H(Kw’, Sg|w’) < Fg(8) • H(Kid, Sg|id) > Fg(1) Probabilistic grouping is conducted through group leader selection • H(Kx, Sg|x) < Fg(c) • x : node id • Kx : master key of x • H : pseudorandom function, uniform output in [0,1) • Sg : for security and load balance • c : count • Fg : grouping function, [0,1) output increasing with c

  15. Probabilistic grouping & data aggregation • Legitimate temperature (32F ~ 150F) By choosing appropriate grouping functions, group sizes are roughly even with small deviation, providing good basis for attestation Probabilistic grouping is conducted through group leader selection • H(Kx, Sg|x) < Fg(c) • x : node id • Kx : master key of x • H : pseudorandom function, uniform output in [0,1) • Sg : for security and load balance • c : count • Fg : grouping function, [0,1) output increasing with c

  16. Authenticated id flag count value seed MAC • Encrypted Group Aggregation Format of aggregates Flag: initialized to 0, set to 1 after leadersfinish group aggregation, so that other nodes on the path just forward group commitments Leaf node aggregation • uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu • MACu=MAC(Ku, 0|1|u|Ru|Sg)

  17. Group Aggregation (2) Immediate node aggregation • vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv • Aggv=Fagg(Rv, Ru, Ru’) • MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’|Sg) MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data H(Kv, Sg|v) > Fg(3)

  18. Group Aggregation (3) Leader node aggregation • xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx • Aggx=Fagg(Rx, Aggw, Aggw’) • MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg) • Default leader of leftover nodes H(Kx, Sg|x) < Fg(15) • Tracking the forwarding path: • A forwarding table (incoming link, group id) • Group id is the id of group leader • Bloom filter may help scale up

  19. Verification & attestation • (w’, 95F, 25) • (x, 142F, 50) • (y, 100F, 20) • (BS, 90F, 28) BS identifies suspicious groups for attestation Outlier detection by Grubbs’ Test • extensions: multiple outliers, bivariate • Pc * Pvalue <α? (significance level, e.g., 0.05) • Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result

  20. Verification & attestation (2) • Forwarding attestation requests from BS • Suppose group x is under suspicion BS  y: x, Sa, Sg Sa: a random number as attestation seed Node y then forwards this request to leader x

  21. Verification & attestation (3) • Group attestation • Probabilistic attestation path selection • From x, each parent sums up counts of all the children, then computes • picks up ith child on the path, if

  22. Verification & attestation (4) • Attestation response from groups • Each node on the path sends back count and reading • Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

  23. Verification & attestation (5) Group response validation by BS BS reconstructs Aggx and MACx based on responses • If both match the submitted values, accepts them • Otherwise, rejects them

  24. Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work

  25. Detection Rate • Detection Rate • m • Cv : Count value m is the number of attestation paths

  26. Grouping Function (Fg) Goal: small variations on group sizes • if c = 1, Fg(c) = 0 • if c  infinite, Fg(c) = 1 • increase slowly in the beginning, approach to 1 quickly after a certain value above the mean

  27. Communication Overhead Packet*hop: 3.4k~4.4K in a non-secure aggregation scheme: 3k in a no aggregation secure scheme: 21k

  28. Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work

  29. Conclusion & Future Work A probabilistic grouping based secure data aggregation protocol • Divide-and-conquer • Commit-and-attest • With adjustable detection rate • Low performance overhead Challenges: • Max/Min • Content-based attestation • Readings from nodes in the same neighborhood should bear certain temporal/spatial correlations

  30. Thank you ! Questions ???

More Related