180 likes | 428 Views
SafeQ: Secure and Efficient Query Processing in Sensor Networks. Fei Chen and Alex X. Liu Department of Computer Science and Engineering Michigan State University. Two-tiered Sensor Network. A two-tiered sensor network [Ratnasamy et al. 2003] Benefits Power saving for sensors
E N D
SafeQ: Secure and EfficientQuery Processing in Sensor Networks Fei Chen and Alex X. LiuDepartment of Computer Science and EngineeringMichigan State University
Two-tiered Sensor Network • A two-tiered sensor network [Ratnasamy et al. 2003] • Benefits • Power saving for sensors • Memory saving for sensors • Query processing is efficient • Several products of storage nodes, such as StarGate and RISE, are commercially available Sensor Sensor Data Data Query Result Data Storage Node Sink Data Sensor Sensor
Storage nodes can be compromised • Storage nodes are attractive to be attacked • Sensitive data collected by sensors are stored in storage nodes • It raises two security problems if a storage node is compromised • How to preserve the privacy of sensor collected data and sink issued queries? • How to preserve the integrity of query result? Sensor Sensor Data Data Query Result Data Storage Node Sink Data Sensor Sensor
Problem Statement: Privacy and Integrity Preserving Range Queries Storage Node Sink Sensor • Preserving privacy • A compromised storage node cannot gain information from sensor collected data and sink issued queries • A storage node can perform query processing • Preserving integrity • The sink can detect whether a query result from a storage node • includes forged data items • excludes any data items that satisfy the query Collect n data items at time slot t Query d1, d2,…, dn t,[a,b]
Privacy Preserving Scheme • To protect the privacy of sensor collected data • Encrypt each data item individually • How does a storage node process a query over encrypted data? • Using prefix membership verification technique (1) ki,(4)ki,(5)ki,(7)ki,(9)ki Storage node Sensor (Key g ) Sink(Key g ) [3, 7] 5 (binary expression 101) Prefix family Prefix format PF(5)={101, 10*,1**,***} {011, 1**} Prefix numericalization Prefix numericalization {1011,1010, 1100,1000} {0111, 1100} HMAC hash HMAC hash {hg(1011), hg(1010), hg(1100), hg(1000)} {hg(0111), hg(1100)} If two sets have a common element, 5 [3,7]
Integrity Preserving Scheme [3, 7] Query: [3, 7] Query: [3, 7] • Neighborhood Chaining • Encrypt the data item with its neighbors (1)ki (4)ki (5)ki (7)ki (9)ki | | ( ) 5 5 min 1 1 4 7 9 max ki a. < b. < 3 7 1 (min|1|4)ki (1|4|5)ki (4|5|7)ki 9 (5|7|9)ki (7|9|max)ki (min|1)ki (1|4)ki (4|5)ki (5|7)ki (7|9)ki (9|max)ki Query Result Verification Object
What if the query result is empty? • Storage node only knows that no data item satisfies the query • It doesn’t know which is the verification object Query: [2,3] (min|1)ki (4|5)ki (5|7)ki min (1|4)ki (9|max)ki (7|9)ki Verification Object Storage node needs to know the position of the query among all data items.
Privacy Preserving Scheme V2 • How does a storage node process a query over encrypted data? Storage node Sink(Key g ) Sensor (Key g ) [2, 3] {1, 4, 5, 7, 9} 2 3 min 1 4 5 7 9 max Storage node returns (1|4)kias verification object
Multi-dimensional Data • To preserve privacy, we apply our 1-dimensional privacy preserving techniques to each dimension of multi-dimensional data. • To preserve integrity, we build a multi-dimensional neighborhood chain. (15,15) (1,11) Y dimension (6,8) (9,4) (3,5) (7,1) (0,0) X dimension The multi-dimensional neighborhood chain of the above example is (0|1, 9|11)ki, (1|3, 4|5)ki, (3|6, 5|8)ki, (6|7, 0|1)ki, (7|9, 1|4)ki, (9|15, 11|15)ki,
γ Range Queries in Event-driven Networks • We have assumed that at each time slot, a sensor sends data to a storage node. • However, in event-driven networks, a sensor only reports data to a storage node when certain event happens. • Our idea: Sensors report their idle period to the storage node when one of following two conditions holds: • Sensors submit data after an idle period • The idle period is longer than a threshold, say γ Time axis t1 t2 Idle period: [t1, t2]ki Idle period: [t1, t1+γ]ki A grey unit denotes that the sensor has data to submit at that time slot.A blank unit denotes that the sensor has no data to submit at that time slot
Optimization with Bloom Filters Index: 0 1 2 3 4 5 hg(p([min,1])), hg(p([1,4])), hg(p([4,5])), hg(p([5,7])), hg(p([7,9])), hg(p([9,max])) hg(00011) , hg(00110), hg(01001) h1 h1 h3 h3 h3 h1 h2 h2 h2 A B 1 1 1 1 1 1 1
Experimental Results (1/2) • We conducted experiments on both S&L (prior art) and our schemes • We use SafeQ-Basic and SafeQ-Bloom to denote our schemes without and with Bloom filters • In terms of power consumption, for 3-dimensional data • SafeQ-Bloom is 184.9 times less power for sensors and 76.8 times less power for storage nodes • SafeQ-Basic is 59.2 times less power for sensors and 76.8 times less power for storage nodes Power consumption for sensors Power consumption for storage nodes 3-dimensional data 3-dimensional data
Experimental Results (2/2) • In terms of space consumption, for 3-dimensional data • SafeQ-Bloom is 182.4 times less space for storage nodes • SafeQ-Basic is 58.5 times less space for storage nodes Space consumption for storage nodes 3-dimensional data
Prior work (1/2) • Sheng&Li scheme [Infocom 2008] • Two major drawbacks • Fairly accurate estimatingdata items and queries [Hore et al. VLDB 2004] • Power and space consumption grows exponentionally with the number of dimensions. Sensor Si (ki) Storage Node Sink (ki ) Data:{1, 4, 5, 7, 9} Query: [9,10] {1,4}ki {5}ki {7, 9}ki h(i||4||t||ki) 0 4 5 9 10 3, 4 Bucket IDs: 1 2 3 4 {7, 9}ki 7 is out of the range Prove empty bucket h(i||4||t||ki)
Prior work (2/2) • Shi et al.’s scheme [Infocom 2009] and Zhang et al.’s scheme [MobiHoc 2009] • Two major drawbacks • A compromised sensor could easily compromise the integrity verification functionality of the network by sending falsified bucket vectors to other sensors and storage nodes. • Fairly accurate estimatingdata items and quires [Hore et al. VLDB 2004] Data: {1, 4, 5, 7, 9} Storage Node Sensor Si (ki) 0 4 5 9 10 Bucket Vector Vi : 1 1 1 0 Vi (1110) Data: { 4, 8} {4, 1110}kj {8, 1110}kj Sensor Sj (kj) 0 4 5 9 10
Contributions • Propose a novel privacy and integrity preserving range query protocol for two-tiered sensor networks • Propose an optimization technique using Bloom filters to significantly reduce the communication cost between sensors and storage nodes • Propose a solution for event-driven sensor networks
Questions Thank you!