380 likes | 549 Views
Secure In-Network Aggregation for Wireless Sensor Networks. Bo Sun Department of Computer Science Lamar University. Research Supported by Texas Advanced Research Program under Grant 003581-0006-2006. Outline of Presentation. Introduction and Motivation Assumptions and Network Model
E N D
Secure In-Network Aggregation for Wireless Sensor Networks Bo Sun Department of Computer Science Lamar University Research Supported by Texas Advanced Research Program under Grant 003581-0006-2006
Outline of Presentation • Introduction and Motivation • Assumptions and Network Model • Local Detection • Challenges • Extended Kalman Filter based Monitoring • CUSUM GLR based Monitoring • Collaboration between Intrusion Detection Module (IDM) and System Monitoring Module (SMM) • Performance Evaluation • Conclusions and Future work
Wireless Sensor Networks (WSNs) • Many simple nodes with sensors deployed throughout an environmentSensing + CPU +Radio = Thousands of Potential Applications
1 2 3 4 5 Why do we need Aggregation in WSNs? • Example Query: • What is the maximum temperature in area A between 10am and 11am? • Redundancy in the event data • Solution: Combine the data coming from different sources • Eliminate redundancy • Minimize the number of transmissions
Observation • There is very little work that aims at addressing secure in-network aggregation problem from the intrusion detection perspective • Our Work • We set up the normal range of the neighbor’s future transmitted values • We propose the integration between System Monitoring Modules and Intrusion Detection Modules
Why do we need IDSs? Intrusion Detection Systems (IDSs) • Goal: Highly secured Information Systems
Challenges • It is difficult to achieve the real aggregated values • High packet loss rate • Individual sensor readings are subject to environmental noise • Uncertainty of the aggregation function • Sensor nodes suffer from stringent resources
Assumptions • The majority of nodes around some unusual events are not compromised • Falsified data inserted by compromised nodes are significantly different from real values
Kalman Filter • Aset of mathematical equations • Recursively estimate the state of a process • Time Update: Project the current state estimate ahead of time • Measurement Update: Adjust the projected estimate by an actual measurement
Extended Kalman Filter based Monitoring – System Dynamic Model • Process Model • Measurement Model
Extended Kalman Filter based Monitoring – System Equations • Time Update • State Estimate Equations: • Error Project Equations: • Measurement Update • Kalman Gain Equation: • Estimate Update with Measurement: • Error Covariance Update Equation:
CUSUM GLR based Location Detection • EKF based solution ignores the information given by the entire data sequence • EKF based solution is not suitable if an attacker continuously forge values with small deviations • Solution • Cumulative Summation (CUSUM)Generalized Likelihood Ratio (GLR)
An Example of CUSUM • Cumulative sum: Source: D.C. Montgomery (2004).
Collaboration between IDM and SMM to Differentiate Malicious Events from Emergency Events
Simulation Setup • Aggregation Function • Average, Sum, Min, and Max • Simulation • Different packet loss ratio: 0.1, 0.25, 0.5 • D: Attack Intensity • The difference between attack data and normal data • Performance Metric • False Positive Rate • Detection Rate
Related Work • Hu and Evans’ secure Aggregation • Secure Information Aggregation • Secure Hierarchical In-Network Aggregation • Secure hop-by-hop data aggregation • Topological Constraints based Aggregation • Resilient Aggregation
Conclusions and Future Work • Conclusions • Extended Kalman Filter based approach can provide an effective local detection algorithm • Intrusion Detection Module and System Monitoring Modules should work together to provide intrusion detection capabilities • Future Work • Large scale test of the proposed approach • Further elaboration of interactions between IDM and SMM