A Framework for Secure Data Aggregation in Sensor
Networks Yi Yang
Xinran Wang, Sencun Zhu and Guohong Cao
The Pennsylvania State UniversityMobiHoc’ 06
SDAP 2
Why data aggregation? (1)
• Without data aggregation– Data redundancy – Communication cost– Energy expenditure
BS• Many low-cost sensors• Some data sinks which subscribe to special data streams by distributing interests or querying
SDAP 3
Why data aggregation? (2)• With data
aggregation
Reduce data redundancy, communication cost and energy expenditure in data collection!
BS
SDAP 4
Network model
• An unbalanced tree rooted at BS• Data are aggregated hop by hop• Each aggregate is a tuple (value, count)• Every node only forwards one copy
BS B S
. . . . . .
SDAP 5
Security challenges in aggregation? (1)
• A compromised node may report a false fusion result, causing the final aggregation result to be much different from the true measurement.• Question:
– How can BS obtain a good approximation of the fusion result when a fraction of nodes are compromised?
Compromised node
False Alarm
BS
SDAP 6
Attack model• Example:
– Without modifying the received aggregate
• (98.7F~101F, 51)– Count change attack
• (100F~150F, *)– Value change attack
• (32F~150F, 51)
Goal: Inject false data without being detected by BS Legitimate temperature (32F ~ 150F)
BS
(100F, 50)
(?, ?)
The combination of count and value change attacks, and collusion among compromised nodes are more destructive!
SDAP 7
Our solutionsDivide and conquerCommit and attest• Tree construction and query dissemination• Probabilistic grouping
– Partition nodes in the tree into multiple logical groups (subtrees) of similar size• Hop-by-hop aggregation
– Each group generates a commitment which cannot be denied later• Attestation between BS and suspicious groups
– BS identifies abnormal groups from the set of received group commitments– Groups under suspicion prove the correctness of submitted commitments to BS
• BS discards commitments from groups failing to support previous values when computing final aggregates
SDAP 8
Tree Construction & Query Dissemination
• Tree construction– Similar to TAG
• Query dissemination– BS * : Fagg, Sg
• Fagg: an aggregation function, e.g., avg, count
• Sg: a random number as grouping seed
B S
. . . . . .
Legitimate temperature (32F ~ 150F)
avg avg
avg avg avg
avg avg avg avg
avg avg avg avg avg avg avg avg
avg avg avg avg avg avg avg avg avg
SDAP 9
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniformly maps the input into the range of[0,1) •Sg : for security and load balance•c : count value•Fg : grouping function, outputs a real number between [0,1) output increasing with c
Legitimate temperature (32F ~ 150F)
B S
. . . . . .x
y
w '
H(Kid, Sg|id) > Fg(1)
H(Kw’, Sg|w’) < Fg(8)
H(Kx, Sg|x) < Fg(15)
H(Ky, Sg|y) < Fg(c)
SDAP 10
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with cBy choosing appropriate grouping
functions, group sizes are roughly even with small deviation, providing good basis for attestation
Legitimate temperature (32F ~ 150F)
B S
x
D ef au lt Lead er
. . . . . .
y
w '
SDAP 11
B S
. . . . . .
u
v
w
x
y
Group aggregation (1)• Format of aggregates
flag valuecount MACid seed
Encrypted
Authenticated
• Leaf node aggregation– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu
MACu=MAC(Ku, 0|1|u|Ru|Sg)
Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments
H(Ku, Sg|u) > Fg(1)
SDAP 12
B S
. . . . . .
u
v
w
x
y
• Immediate node aggregation– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv
Aggv=Fagg(Rv, Ru, Ru’) MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)
Group aggregation (2)
MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data
H(Kv, Sg|v) > Fg(3)
SDAP 13
B S
. . . . . .
u
v
w
x
y
• Leader node aggregation– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx
Aggx=Fagg(Rx, Aggw, Aggw’) MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)
Group aggregation (3)
H(Kx, Sg|x) < Fg(15)
Default leader of leftover nodes
SDAP 14
Verification & attestation(1)
• Outlier detection by Grubbs’ Test an existing work
BS needs to verify the correctness of the aggregated value
SDAP 15
Verification & attestation(2)
Forwarding attestation requests from BS• Suppose group x is
under suspicion– BS y: x, Sa, Sg
– Node y then forwards this request to leader x
• Sa: a random number as attestation seed
B S
. . . . . .
u
v
w
x
y
SDAP 16
• Probabilistic attestation path selection– From x, each parent sums up
counts of all the children, then computes . Finally determine the path by picking up ith child on the path, if
Verification & attestation(3)
d
kka cidSHw
1
)|(
Group attestation
),[1
1 1
i i
kk ccw
A node with larger count has more chances to be attested
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 17
• Each node on the path sends back count and reading
• Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)
Verification & attestation(4)
Attestation response from groupsB S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 18
Verification & attestation(5)
Group response validation by BS• BS reconstructs Aggx and
MACx based on responses– If both match the submitted
values, accepts them– Otherwise, rejects them
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
SDAP 19
Security Analysis An attacker can not selectively compromise nodes to ensure his optimal attacking • A compromised node can not know in advance whether1. it will become a group leader or which group it will belong to 2. its aggregate will become an outlier by Grubbs’ test3. it will be selected on the attestation path
SDAP 20
Detection Rate
• m is the number of attestation paths
12
34
56
78
24
68
1012
1416
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
m=1~8cv: count value of node v
Det
ectio
n R
ate
SDAP 21
Communication Overhead
Packet*hop: 3.4k~4.4K • in a non-secure aggregation scheme: 3k • in a no aggregation secure scheme: 21k
12
34
56
78
910
30
35
40
45
503500
3600
3700
3800
3900
4000
4100
4200
4300
4400
Number of Attested Groups(ng): 1~10
n=3280, d=3, h=7, np=1
Group Sizes(g): 30~50
Ove
rhea
d of
Our
Pro
toco
l
(packet*hop)
SDAP 22
Thank you! •Questions?
•if a node has a larger count value, the probability for it to become a leader is higher. So if a compromised node with large count be-comes a leader, the BS will definitely reject it and the whole largegroup, which will also affect the quality of aggregation.