on concealed data aggregation for wireless sensor networks
DESCRIPTION
On Concealed Data Aggregation for Wireless Sensor Networks. Steffen Peter Peter Langendörfer, Krzysztof Piotrowski. Outline. Concealed Data Aggregation? What does it mean? What is it for? Privacy homomorphism Example for an efficient CDA scheme CaMyTs-Algorithm - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/1.jpg)
IHPIm Technologiepark 2515236 Frankfurt (Oder)
Germany
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
On Concealed Data Aggregation for Wireless Sensor Networks
Steffen Peter
Peter Langendörfer, Krzysztof Piotrowski
![Page 2: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/2.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Outline
• Concealed Data Aggregation?What does it mean? What is it for?
Privacy homomorphism
• Example for an efficient CDA schemeCaMyTs-Algorithm
• Discussion of security propertiesAwareness to passive and active attacks
• Solution to overcome security problemsCascaded privacy homomorphism
• Conclusions
![Page 3: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/3.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Scenario: WSN as movement/intruder detection
Q: Sensed something since last request?
![Page 4: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/4.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
In-Network-Aggregation (INA)
1
0
0
0
1
0
0
11,0
1,0
0,0
1,0
1,0,1,0
1,0,0,0
1,0,0,0,1,0,1,0 3
Without INA:
Reduced packet traffic
![Page 5: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/5.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Security Issues of in-network aggregation
• Without cryptographyNo security
• Classic End-to-End security (DES, AES, ECC)Encryption on sensor – decryption on sink
+ Very secure- No possibility of in-network aggregation
• Hop-by-Hop encryptionPackets are encrypted and decrypted on every routing node
+ In-network aggregation possible- No End-to-End security
every routing node knows and can change every plaintext
![Page 6: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/6.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Concealed (In-netwok) Data Aggregation
• We need:
End-to-End security that allows aggregation on routing nodes
= Routing nodes do not know what they aggregate
= Ability to compute with encrypted values
Only sink node can decrypt the aggregated value
• Solution:Privacy Homomorphism
Encryption
Value1
Encryption
Value2
Encryption
Value1 + Value2
![Page 7: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/7.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
CaMyTs (Castelluccia, Mykletun, Tsudik)
Random Stream:15226
Random Stream:30911
Random Stream:27229
Value:1
Value:0
Value:1
Encryption:1+15=16 (mod 32)
Aggregation:16+30+28=74=10 (mod 32)
10
Decryption:10 - 15 – 30 - 27= -62=2 (mod 32)= 1 + 0 + 1
16
30
28
Random Stream 1:15226
Random Stream 2:30911
Random Stream 3:27229
0+30=30 (mod 32)
1+27=28 (mod 32)
Decryption:16 – 15= 1
![Page 8: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/8.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Attack Scenarios
• Passive Attacks
Eavesdropping
Ciphertext analysis
Chosen/known plaintext attacks
• Active Attacks
Unauthorized aggregation
Forged packets
Replay attacks
Malleability
![Page 9: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/9.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
23
Active Attack - ReplayValue:1
Value:0
Key:9
Value:0
Key:2
(Previous: 0+15=15)
1+22=23
3
15
9
2
0+9=9
0+2=2
Key Stream:15226
Decr: 3-34 1
Attack 1: 26-34 24 no plausible value
Attack 2: 20-34 18 no plausible value
9
2620
![Page 10: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/10.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Active Attack - Malleability
Value:1
Key:15
Value:0
Key:30
Value:0
Key:27
Encryption:1+15=16
Aggregation:16+30+27=73=9 (mod 32)
9
Decryption:9 -15 – 30 - 27= -62= 1 (mod 32)= Alert
16
30
27
Key1: 15Key2: 30Key3: 27
Encryption:0+30=30
Encryption:0+27=27
8
8
NO ALERT0-63
![Page 11: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/11.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Evaluation
Domingo-Ferrer(DF)
CaMyTs Elliptic CurveElGamal (ECEG)
Ciphertext size - + o
Encryption o + -
Decryption o - -
Aggregation o + -
Security/Resistance
Ciphertext only attack + + +
Chosen plaintext attack - + +
Replay attack - + -
Malleability + - -
Malicious aggregation - + -
Forged packets + + -
Captured Sensors - + +
![Page 12: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/12.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Increase Security – Combination of two PHs
Encryption 2
Encryption 1
Value1
Encryption 2
Encryption 1
Value2
Encryption 2
Encryption 1
Value1 + Value2
Domingo-Ferrer
CaMyTs
Value1
Domingo-Ferrer
CaMyTs
Value2
Domingo-Ferrer
CaMyTs
Value1 + Value2
![Page 13: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/13.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
CMT/DFcombination
CMT/DFcombination
-
o
-
o
CMT/DFcombination
-
o
-
o
+
+
+
+
+
+
+
CaMyTs + DF combination
Domingo-Ferrer(DF)
CaMyTs
Ciphertext size - +
Encryption o +
Decryption o -
Aggregation o +
Security/Resistance
Ciphertext only attack + +
Chosen plaintext attack - +
Replay attack - +
Malleability + -
Malicious aggregation - +
Forged packets + +
Captured Sensors - +
![Page 14: On Concealed Data Aggregation for Wireless Sensor Networks](https://reader036.vdocuments.mx/reader036/viewer/2022062517/5681351e550346895d9c7c89/html5/thumbnails/14.jpg)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 - All rights reserved
Conclusions
• Concealed Data Aggregation in WSNs is required
Reduced network trafficEnd-to-End security
• Concealed Data Aggregation in WSNs is possibleComputation overhead is reasonable (e.g. with CaMyTs,
DF)
• There is not one perfect CDA schemeThere are still some security issues (e.g. integrity)
Trade-off security/computation effort
Evaluation helps selecting application-fitted scheme
• Combined (cascaded) privacy homomorphism increases security with very low additional costs (e.g. CaMyTs/DF)