research article a secure privacy-preserving data
TRANSCRIPT
Research ArticleA Secure Privacy-Preserving Data Aggregation Model inWearable Wireless Sensor Networks
Changlun Zhang Chao Li and Jian Zhang
Science School Beijing University of Civil Engineering and Architecture Beijing 100044 China
Correspondence should be addressed to Changlun Zhang zclunbuceaeducn
Received 29 June 2015 Accepted 13 September 2015
Academic Editor Jiang Zhu
Copyright copy 2015 Changlun Zhang et al This is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in any medium provided the original work is properlycited
With the rapid development and widespread use of wearable wireless sensors data aggregation technique becomes one of themost important research areas However the sensitive data collected by sensor nodes may be leaked at the intermediate aggregatornodes So privacy preservation is becoming an increasingly important issue in security data aggregation In this paper we proposea security privacy-preserving data aggregation model which adopts a mixed data aggregation structure Data integrity is verifiedboth at cluster head and at base station Some nodes adopt slicing technology to avoid the leak of data at the cluster head in inner-cluster Furthermore a mechanism is given to locate the compromised nodes The analysis shows that the model is robust to manyattacks and has a lower communication overhead
1 Introduction
Recently the wearable wireless sensors become powerful andrapidly expanding in healthcare monitoring [1ndash3] The wear-able sensors can be used to collect and transmit the data to theusers Sometimes the data collected from some near placesare similar to each other Meanwhile the powers of sensorsare limited Therefore the data aggregation techniques areused to reduce the communication overhead [4 5] In theprocess of data aggregation data need to be aggregated bythe aggregation nodes Unfortunately data aggregation isvulnerable to some attacks because the data are sensitive orprivy If the sensitive data are revealed this may bring seriousthreat or economic loss So the security data aggregation isplaying an important role in wearable sensors
In this paper a security privacy-preserving data aggre-gation model is proposed The model adopts a mixed dataaggregation structure of tree and cluster Data integrity isverified both at cluster head and at base station Moreovera locating mechanism is provided which can locate the com-promised node
The remainder of this paper is organized as follows InSection 2 the related work is summarized A new secureprivacy-preserving data aggregation model (SPPDA) is
proposed and analyzed in Section 3 In Sections 4 and 5 thesecurity and performance of the model are analyzed Finallythe conclusion of this paper is given
2 Related Work
Recently secure data aggregation is becoming an impor-tant issue for wearable sensors Cryptographic is an effi-cient mechanism to secure data aggregation Moreover thehomomorphic encryption can aggregate encrypted messagesdirectly from sensors without decrypting so that it has a shortaggregation delay
Castelluccia et al [6] proposed a simple and provablysecure additively homomorphic stream cipher which isslightly less efficient on bandwidth than the hop-by-hopaggregation scheme described previously Girao et al [7]proposed an approach that conceals sensed and aggregateddata end-to-end which is feasible and frequently even moreenergy efficient than hop-by-hop encryption addressing amuchweaker attackermodel Feng et al [8] proposed a familyof secret perturbation-based schemes which can protectsensor data confidentiality without disrupting additive dataaggregation
Hindawi Publishing CorporationJournal of Electrical and Computer EngineeringVolume 2015 Article ID 104286 9 pageshttpdxdoiorg1011552015104286
2 Journal of Electrical and Computer Engineering
All the homomorphic encryption schemes above use thesymmetric keyThe securities of these schemes depend on thelength of the keyMeanwhile the security of the asymmetricalsecret key schemes depends on the intractability of thealgorithms So the asymmetrical secret key schemes aredesigned
Boneh et al [9] proposed a homomorphic public keyencryption scheme which improved the efficiency of electionsystems based on homomorphic encryption Mykletun et al[10] revisited and investigated the applicability of addi-tively homomorphic public-key encryption algorithms forcertain classes of wireless sensor networks and providerecommendations for selecting the most suitable public keyschemes for different topologies and wireless sensor networkscenarios Girao et al [11] provided an approach for atiny Persistent Encrypted Data Storage (tinyPEDS) of theenvironmental fingerprint Bahi et al [12] proposed a secureend-to-end encrypted data aggregation scheme which signif-icantly reduces computation and communication overheadand can be practically implemented in on-the-shelf sensorplatforms Ozdemir and Xiao [13] proposed a novel integrityprotecting hierarchical concealed data aggregation protocolwhich is more efficient than other privacy homomorphicdata aggregation schemes Lin et al [14] proposed a newconcealed data aggregation scheme which is robustness andefficiency Zhou et al [15] proposed a Secure-EnhancedData Aggregation which can achieve the highest securityon the aggregated result compared with other asymmetricschemes
However the models above can only detect the compro-mised nodes in verifying the data integrity at most withoutlocating the compromised nodes In this paper we presenta new secure privacy-preserving data aggregation model(SPPDA) which adopts a mixed data aggregation structureThe network is divided into clusters and the data aggregationtrees are used in inner-cluster and interclusters Firstly someof nodes adopt slicing technology to avoid the leak of data atthe cluster head Secondly data in the cluster are aggregatedand sent to the cluster head and cluster head verifies thedata integrity to restrict the range of compromised nodeLastly the cluster heads continue to send the data to the basestation and the data integrities are verified at the base stationagain Furthermore the model gives a mechanism to locatethe compromised nodes The analysis shows that this modelhas lower communication overhead
3 SPPDA Model
The model uses the cluster structure network which con-tains three kinds of nodes base station cluster headsand cluster nodes The network is divided into two layersinner-cluster and intercluster In the inner-cluster data aresent to the cluster head and the cluster head verifies thedata integrity to restrict the range of compromised nodeIn the intercluster data are sent to the base station andthe integrity is verified at the base station Furthermore amechanism is proposed to locate the compromised nodeSPPDA model can be divided into initialization the key
distribution inner-data aggregation and interdata aggrega-tion
31 Initialization The initialization of SPPDA model in-cludes three parts cluster head voting inner-cluster dataaggregation tree and intercluster data aggregation tree
(1) Cluster Head Voting Using the existing cluster protocols[16 17] the network can be divided into many clusters Inthe process of cluster the trust management mechanism [1819] can be used to help the selection of the cluster headerGenerally it satisfied two conditions as follows
(1) The cluster head has higher trust values
(2) The clusters are evenly distributed in the monitoringarea
(2) Inner-Cluster Data Aggregation Tree In each cluster thedata are sent to the cluster head along the data aggregationtree [20]The inner-cluster data aggregation tree is structuredby a certain data aggregation tree protocol It satisfied twoconditions as follows
(1) The degree of cluster head is large enough
(2) Thenumber of aggregation nodes is notmore than theleaf nodes
Lastly cluster heads set the compromising threshold ℎchwhich is used to judge whether a branch in the cluster iscompromised
(3) Intercluster Data Aggregation Tree When the clusterheads aggregated the data of their cluster the data in clusterheads are sent to the base station along the intercluster dataaggregation tree The intercluster data aggregation tree issimilar to the structure of the inner-cluster data aggregationtree Lastly base station set the compromising thresholdℎch which is used to judge whether a branch of the BS iscompromised
32 The Key Distribution In SPDSA model there are threesets of key BS (base station) key CH (cluster head) key and119873 (neighbor) keyThe BS key is generated by the base stationwhich is used to ensure the security of the communicationbetween the cluster heads and the base station The CH keyis generated by each cluster head which is used to ensure thesecurity of the communication between cluster nodes and thecluster head The neighbors key is generated offline which isused to ensure the security of the communication between anode and its neighborsThe structure of each key is describedas follows
(1) BS Key Distribution BS generates three primes (1199021 1199022 1199023)
and 119898 = 119902111990221199023order elliptic curve (119864) Then according to
the degree of BS which is defined as degree BS degree BSgroups of points 119883
119897 119884119897 119885119897degree BS are selected from 119864 and
the order of those points is 119898
Journal of Electrical and Computer Engineering 3
For each group 119897 we get three new points according to theformula as follows
119875119897= 11990211199022119883119897
119876119897= 11990221199023119884119897
119877119897= 11990231199021119885119897
(1)
Here 119875119897is used to encrypt the aggregated data 119876
119897is used
to record the number of the cluster and 119877119897is used to mix the
encrypted result and enhance the security of the dataThen the BS gets a group of keys The public key is (119898
119875119897 119876119897 119877119897 119864) and the private key is (119902
1 1199022 1199023) The public
key is distributed to the cluster heads in a secure way and theprivate key is reserved by the BS
(2) CH Key Distribution When the BS generates thekey each cluster head begins to generate the CH keyFor example CH(119894) generates three primes (119901
(119894)
1 119901(119894)
2 119901(119894)
3)
and an elliptic curve (119864(119894)) firstly The order of 119864(119894) is
119898(119894)
= 119901(119894)
1119901(119894)
2119901(119894)
3 According to the degree of CH which
is defined as degree 119862(119894) degree 119862(119894) groups of points119881(119894)
1198951 119881(119894)
1198952 119881(119894)
1198953degree 119862(119894)
are selected from 119864(119894) and the order
of those points is 119898(119894)
For each group 119895 we get three new points according tothe formula as follows
119865(119894)
119895= 119901(119894)
1119901(119894)
2119881(119894)
1198951
119866(119894)
119895= 119901(119894)
2119901(119894)
3119881(119894)
1198952
119867(119894)
119895= 119901(119894)
3119901(119894)
1119881(119894)
1198953
(2)
Here 119865(119894)119895
is used to encrypt the aggregated data 119866(119894)119895
isused to record the number of the cluster and 119867
(119894)
119895is used to
mix the encrypted result and enhance the security of the dataThen CH(119894) gets a group of keys The public key is
(119898(119894)
119865(119894)
119895 119866(119894)
119895 119867(119894)
119895 119864(119894)
)degree 119862(119894)
and the private key is (119901(119894)1
119901(119894)
2 119901(119894)3) Lastly the public key is distributed to the cluster
nodes in a security way and the private key is reserved by theCH(119894)
(3) N Key 119873 key distribution consists of five steps [21]
(1) Generation of a large pool of 119875 keys and their keyidentifiers
(2) Random drawing of 119896 keys out of 119875 without replace-ment to establish the key ring of a sensor
(3) Loading of the key ring into the memory of eachsensor
(4) Saving of the key identifiers of a key ring and associ-ated sensor identifier on a trusted controller node
(5) For each node loading the 119894th controller node withthe key shared with that node
Therefore a secure link exists between two neighboringnodes only if they share a key If two neighboring nodes
Cluster 1
Cluster 2Cluster 3
CH2
CH3
CH1
CN12
CN11
CN13
CN14CN21
CN22
CN31
Figure 1 The slicing scheme
cannot share a key but they can be connected by a linkconsisting of some nodes this link can be the secure linkbetween these two nodes
33 Inner-Cluster Data Aggregation In the inner-cluster dataaggregation the cluster heads can obtain the plaintext whichis not secure enough for the dataTherefore before the inner-cluster data aggregation the slicing and mixing scheme [22]is used in each cluster
(1) Slicing In each cluster we call one node ldquoleaf noderdquo ifsome neighbors of this node belong to other clusters Andthe leaf node slice its data into two parts One slice is sentto the other node in another cluster and the other is kept byitself Figure 1 shows the slicing scheme The solid line is theroute in which the data is transmitted to the cluster headThedotted line is the route in which the leaf nodes send the slicesto the neighbor nodes in other clusters In Cluster 1 there are4 leaf nodes CN
11 CN12 CN13 and CN
14 According to the
rule above these nodes divide their data into two slices Oneis kept by itself another is sent to the neighbor nodes in otherclusters along the dotted line CN
11and CN
12send the slices
to the neighbor nodes in other clusters not drawn in Figure 1CN13sends the slices to the CN
22in Cluster 2 and receives the
slices from CN21in Cluster 2 CN
14sends the slices to CN
31
in Cluster 3
(2) Mixing When all the leaf nodes send the slice all nodesrecomputed the data of it If a node receives the slices it addsall the slices to get a new data
After the slicing and the mixing the data119872(119894)
119895119904is encrypt-
ed into 119862(119894)
119895119904according to formula (3) at each cluster node in
cluster 119894
119862(119894)
119895119904= 119872(119894)
119895119904times 119865(119894)
119895+ 119866(119894)
119895+ 119903(119894)
119895119904times 119867(119894)
119895 (3)
4 Journal of Electrical and Computer Engineering
Here + is the summation in elliptic curve times is the scalarmultiplication in elliptic curve and 119903
(119894)
119895119904is random
Then the encrypted data is transmitted to the clusterhead And the data are aggregated by the intermediate nodesThe aggregation of the 119895th branch in cluster 119894 is
119862(119894)
119895agg = sum
119904
119872(119894)
119895119904times 119865(119894)
119895+ 119896(119894)
119895times 119866(119894)
119895+ sum
119904
119903(119894)
119895119904times 119867(119894)
119895 (4)
sum119904119872(119894)
119895119904is the aggregation plaintext of branch 119895 119896(119894)
119895is the
number of the nodes in branch 119895 sum119904119903(119894)
119895119904is the aggregation of
the random and 119862(119894)
119895agg is the ciphertext of the aggregation inbranch 119895
The cluster head in cluster 119894 receives the aggregation ofeach branch Then the cluster head decrypts the 119896
(119894)
119895of each
branch using the privacy key The plaintext 120585(119894)119895is
120585(119894)
119895= log119866(119894)1015840
119895
119901(119894)
2119901(119894)
3times 119862(119894)
119895agg (5)
Here 119866(119894)1015840119895
= 119901(119894)
2119901(119894)
3times 119866(119894)
119895
The cluster head judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872(119894)
= sum
119895
119872(119894)
119895= sum
119895
log119865(119894)1015840
119895
119901(119894)
1119901(119894)
2times 119862(119894)
119895agg (6)
Here 119865(119894)1015840119895
= 119901(119894)
1119901(119894)
2times 119865(119894)
119895
At last the data 119872(119894) is encrypted into 119862
(119894)
agg by the clusternode according to formula (7) in cluster 119894
119862(119894)
agg = 119872(119894)
times 119875(119894)
+ 119896(119894)
times 119876(119894)
+ 119903 times 119877(119894)
(7)
Here 119896(119894) is the number of the cluster nodes in cluster 119894 119903is random
34 Intercluster Data Aggregation After the inner-clusterdata aggregation the encrypted data is transmitted to thebase station And the data are aggregated by the intermediatenodes The aggregation of the 119892th branch of base station is
119862119892agg = sum
119904
119872119892119904
times 119865119892+ 119896119892times 119866119892+ sum
119904
119903119892119904
times 119867119892 (8)
sum119904119872119892119904is the aggregation plaintext of branch 119895 119896
119892is the
number of the nodes in branch 119895 sum119904119903119892119904is the aggregation of
the random and 119862(119894)
119892agg is the ciphertext of the aggregation inbranch 119892
The base station receives the aggregation of each branchThen the base station decrypts 119896
119892of each branch using the
privacy key The plaintext 120585119892is
120585119892
= log119876101584011989411990221199023times 119862119892agg (9)
Here 1198761015840119894= 11990221199023times 119876119894
The base station judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872119892
= sum
119904
119872 = sum
119904
log119875101584011989411990211199022times 119862119892agg (10)
Here 1198751015840119894
= 11990211199022times 119875119894
35 Locating Mechanism Locating mechanism is used tolocate the compromised nodes in the intermediate nodesThelocating mechanism works as follows
We assume that the numbers of leaf nodes and intermedi-ate nodes are119898 and 119899Thenwe have119898 ge 119899The branchwhichdoes not pass the integrity verification is reconstructed into 119899
branches where there is only one intermediate node in eachbranch The new intermediate nodes are the same as in oldbranch And the data integrity is verified in the root node Ifone branch does not pass the verification the intermediatenode in this branch is a compromised node and the locatingmechanism ends
Figure 2 shows the locating mechanism in a cluster Inthe left part of Figure 2 CH finds a branch which consistsof the red compromised nodes So this branch needs to bereconstructed Obviously CH
1and CH
4are two interme-
diate nodes Therefore this branch is divided into two newbranches CH
1and CH
4are also the intermediate nodes
and they are in the different branches Then these twobranches transmit the data to the CH according to the ruledescribed in inner-cluster data aggregation And the CHchecks their integrities If a branch is still compromised theonly intermediate node in this branch is the compromisednode
36 A Case Study In this section we give a detailed exampleof SPPDA model with initialization the key distributioninner-cluster data aggregation and intercluster data aggrega-tion
(1) Initialization In Figure 3 there are 25 sensor nodesdistributed in themonitor area and the base station is locatedin the left of the monitor area These nodes are divided into5 clusters Then the inner-cluster data aggregation tree andthe intercluster data aggregation tree are constructed In theintercluster data aggregation tree there are 2 branches whichare BSB
1and BSB
2from BS BSB
1consisted of BS CH
1
CH2 and CH
3 BSB2consisted of BS CH
4 and CH
5 In each
cluster there are 4 CNs and 1 CHThen the cluster nodes aredivided into 2 branches Using the 119894th cluster as an examplethe branches are CBi1 and CBi2 The CBi1 consisted of CHiCNi1 and CNi2 The CBi2 consisted of CHi CNi3 and CNi4When the data aggregation trees are completed CH recordsthe amount of the CNs in its cluster and the BS records theamount of the CHs in the network
(2) The Keys Distribution According to the structure ofthe network in Figure 3 the BS generates 2 pairs of keys
Journal of Electrical and Computer Engineering 5
CHCH
CN3
CN4
CN2
CN1
CN3
CN4
CN1
CN2
Figure 2 Locating mechanism
CH1
CH4
CH5
CH3
CH2
CN12
CN14
CN13
CN11
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN51
CN53
CN54
Figure 3 Initialization
The public keys are (119898 1198751 1198761 1198771 119864) and (119898 119875
2 1198762 1198772
119864) and the privacy keys are always (1199021 1199022 1199023) Meanwhile
according to the amount of the branches the 119894th cluster headCHi generates 2 pairs of keys The public keys are (119898(119894) 119865(119894)
1
119866(119894)
1119867(119894)1 119864(119894)) and (119898(119894) 119865(119894)
2119866(119894)2119867(119894)2 119864(119894))The privacy keys
are always (119901(119894)1 119901(119894)2 119901(119894)3)
In order to reduce the computing overhead the points 119875119897
119876119897 and 119877
119897 (119897 = 1 2) use some small prime numbers And
119901(119894)
1= 1199021 119901(119894)2
= 1199022 119901(119894)3
= 1199023 and the elliptical curve119864 is same
as1198641015840 Table 1 shows the values of thosemajor parametersTheorders of 119875
1 1198752 119865(119894)1 and 119865
(119894)
2are 17The orders of119876
11198762119866(119894)1
and 119866(119894)
2are 13 The orders of 119877
1 1198772 119867(119894)1 and 119867
(119894)
2are 19 The
orders of two elliptical curves are 4199
(3) Inner-Cluster Data Aggregation Firstly the edge nodesare confirmed in each cluster by its CH In this case theedge nodes are CN
13 CN14 CN22 CN24 CN32 CN33 CN41
Table 1 The values of the major parameters
Parameters Values119864 = 119864
1015840119898 = 119902
111990221199023= 4199
(119875119897 119876119897 119877119897)2
1199021= 13 119902
2= 19 119902
3= 17
(119865(119894)
119895 119866(119894)
119895 119867(119894)
119895)2
119901(119894)
1= 13 119901(119894)
2= 19 119901(119894)
3= 17
CH1
CH4
CH3
CH2
CH5
CN12 CN11
CN14
CN13
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN53CN51
CN54
Figure 4 The slices of the edge nodes
CN42 CN52 and CN
53 Secondly each edge node generates
a slice from its data Then each edge node sends its slice toits neighbor randomly which belongs to a different clusterFigure 4 shows the process of the slicing The full linesexpress the inner-cluster data aggregation tree and the dashlines express the flow of the slices After slicing the nodeswhich receive the slices add them into their data In Table 2
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 Journal of Electrical and Computer Engineering
All the homomorphic encryption schemes above use thesymmetric keyThe securities of these schemes depend on thelength of the keyMeanwhile the security of the asymmetricalsecret key schemes depends on the intractability of thealgorithms So the asymmetrical secret key schemes aredesigned
Boneh et al [9] proposed a homomorphic public keyencryption scheme which improved the efficiency of electionsystems based on homomorphic encryption Mykletun et al[10] revisited and investigated the applicability of addi-tively homomorphic public-key encryption algorithms forcertain classes of wireless sensor networks and providerecommendations for selecting the most suitable public keyschemes for different topologies and wireless sensor networkscenarios Girao et al [11] provided an approach for atiny Persistent Encrypted Data Storage (tinyPEDS) of theenvironmental fingerprint Bahi et al [12] proposed a secureend-to-end encrypted data aggregation scheme which signif-icantly reduces computation and communication overheadand can be practically implemented in on-the-shelf sensorplatforms Ozdemir and Xiao [13] proposed a novel integrityprotecting hierarchical concealed data aggregation protocolwhich is more efficient than other privacy homomorphicdata aggregation schemes Lin et al [14] proposed a newconcealed data aggregation scheme which is robustness andefficiency Zhou et al [15] proposed a Secure-EnhancedData Aggregation which can achieve the highest securityon the aggregated result compared with other asymmetricschemes
However the models above can only detect the compro-mised nodes in verifying the data integrity at most withoutlocating the compromised nodes In this paper we presenta new secure privacy-preserving data aggregation model(SPPDA) which adopts a mixed data aggregation structureThe network is divided into clusters and the data aggregationtrees are used in inner-cluster and interclusters Firstly someof nodes adopt slicing technology to avoid the leak of data atthe cluster head Secondly data in the cluster are aggregatedand sent to the cluster head and cluster head verifies thedata integrity to restrict the range of compromised nodeLastly the cluster heads continue to send the data to the basestation and the data integrities are verified at the base stationagain Furthermore the model gives a mechanism to locatethe compromised nodes The analysis shows that this modelhas lower communication overhead
3 SPPDA Model
The model uses the cluster structure network which con-tains three kinds of nodes base station cluster headsand cluster nodes The network is divided into two layersinner-cluster and intercluster In the inner-cluster data aresent to the cluster head and the cluster head verifies thedata integrity to restrict the range of compromised nodeIn the intercluster data are sent to the base station andthe integrity is verified at the base station Furthermore amechanism is proposed to locate the compromised nodeSPPDA model can be divided into initialization the key
distribution inner-data aggregation and interdata aggrega-tion
31 Initialization The initialization of SPPDA model in-cludes three parts cluster head voting inner-cluster dataaggregation tree and intercluster data aggregation tree
(1) Cluster Head Voting Using the existing cluster protocols[16 17] the network can be divided into many clusters Inthe process of cluster the trust management mechanism [1819] can be used to help the selection of the cluster headerGenerally it satisfied two conditions as follows
(1) The cluster head has higher trust values
(2) The clusters are evenly distributed in the monitoringarea
(2) Inner-Cluster Data Aggregation Tree In each cluster thedata are sent to the cluster head along the data aggregationtree [20]The inner-cluster data aggregation tree is structuredby a certain data aggregation tree protocol It satisfied twoconditions as follows
(1) The degree of cluster head is large enough
(2) Thenumber of aggregation nodes is notmore than theleaf nodes
Lastly cluster heads set the compromising threshold ℎchwhich is used to judge whether a branch in the cluster iscompromised
(3) Intercluster Data Aggregation Tree When the clusterheads aggregated the data of their cluster the data in clusterheads are sent to the base station along the intercluster dataaggregation tree The intercluster data aggregation tree issimilar to the structure of the inner-cluster data aggregationtree Lastly base station set the compromising thresholdℎch which is used to judge whether a branch of the BS iscompromised
32 The Key Distribution In SPDSA model there are threesets of key BS (base station) key CH (cluster head) key and119873 (neighbor) keyThe BS key is generated by the base stationwhich is used to ensure the security of the communicationbetween the cluster heads and the base station The CH keyis generated by each cluster head which is used to ensure thesecurity of the communication between cluster nodes and thecluster head The neighbors key is generated offline which isused to ensure the security of the communication between anode and its neighborsThe structure of each key is describedas follows
(1) BS Key Distribution BS generates three primes (1199021 1199022 1199023)
and 119898 = 119902111990221199023order elliptic curve (119864) Then according to
the degree of BS which is defined as degree BS degree BSgroups of points 119883
119897 119884119897 119885119897degree BS are selected from 119864 and
the order of those points is 119898
Journal of Electrical and Computer Engineering 3
For each group 119897 we get three new points according to theformula as follows
119875119897= 11990211199022119883119897
119876119897= 11990221199023119884119897
119877119897= 11990231199021119885119897
(1)
Here 119875119897is used to encrypt the aggregated data 119876
119897is used
to record the number of the cluster and 119877119897is used to mix the
encrypted result and enhance the security of the dataThen the BS gets a group of keys The public key is (119898
119875119897 119876119897 119877119897 119864) and the private key is (119902
1 1199022 1199023) The public
key is distributed to the cluster heads in a secure way and theprivate key is reserved by the BS
(2) CH Key Distribution When the BS generates thekey each cluster head begins to generate the CH keyFor example CH(119894) generates three primes (119901
(119894)
1 119901(119894)
2 119901(119894)
3)
and an elliptic curve (119864(119894)) firstly The order of 119864(119894) is
119898(119894)
= 119901(119894)
1119901(119894)
2119901(119894)
3 According to the degree of CH which
is defined as degree 119862(119894) degree 119862(119894) groups of points119881(119894)
1198951 119881(119894)
1198952 119881(119894)
1198953degree 119862(119894)
are selected from 119864(119894) and the order
of those points is 119898(119894)
For each group 119895 we get three new points according tothe formula as follows
119865(119894)
119895= 119901(119894)
1119901(119894)
2119881(119894)
1198951
119866(119894)
119895= 119901(119894)
2119901(119894)
3119881(119894)
1198952
119867(119894)
119895= 119901(119894)
3119901(119894)
1119881(119894)
1198953
(2)
Here 119865(119894)119895
is used to encrypt the aggregated data 119866(119894)119895
isused to record the number of the cluster and 119867
(119894)
119895is used to
mix the encrypted result and enhance the security of the dataThen CH(119894) gets a group of keys The public key is
(119898(119894)
119865(119894)
119895 119866(119894)
119895 119867(119894)
119895 119864(119894)
)degree 119862(119894)
and the private key is (119901(119894)1
119901(119894)
2 119901(119894)3) Lastly the public key is distributed to the cluster
nodes in a security way and the private key is reserved by theCH(119894)
(3) N Key 119873 key distribution consists of five steps [21]
(1) Generation of a large pool of 119875 keys and their keyidentifiers
(2) Random drawing of 119896 keys out of 119875 without replace-ment to establish the key ring of a sensor
(3) Loading of the key ring into the memory of eachsensor
(4) Saving of the key identifiers of a key ring and associ-ated sensor identifier on a trusted controller node
(5) For each node loading the 119894th controller node withthe key shared with that node
Therefore a secure link exists between two neighboringnodes only if they share a key If two neighboring nodes
Cluster 1
Cluster 2Cluster 3
CH2
CH3
CH1
CN12
CN11
CN13
CN14CN21
CN22
CN31
Figure 1 The slicing scheme
cannot share a key but they can be connected by a linkconsisting of some nodes this link can be the secure linkbetween these two nodes
33 Inner-Cluster Data Aggregation In the inner-cluster dataaggregation the cluster heads can obtain the plaintext whichis not secure enough for the dataTherefore before the inner-cluster data aggregation the slicing and mixing scheme [22]is used in each cluster
(1) Slicing In each cluster we call one node ldquoleaf noderdquo ifsome neighbors of this node belong to other clusters Andthe leaf node slice its data into two parts One slice is sentto the other node in another cluster and the other is kept byitself Figure 1 shows the slicing scheme The solid line is theroute in which the data is transmitted to the cluster headThedotted line is the route in which the leaf nodes send the slicesto the neighbor nodes in other clusters In Cluster 1 there are4 leaf nodes CN
11 CN12 CN13 and CN
14 According to the
rule above these nodes divide their data into two slices Oneis kept by itself another is sent to the neighbor nodes in otherclusters along the dotted line CN
11and CN
12send the slices
to the neighbor nodes in other clusters not drawn in Figure 1CN13sends the slices to the CN
22in Cluster 2 and receives the
slices from CN21in Cluster 2 CN
14sends the slices to CN
31
in Cluster 3
(2) Mixing When all the leaf nodes send the slice all nodesrecomputed the data of it If a node receives the slices it addsall the slices to get a new data
After the slicing and the mixing the data119872(119894)
119895119904is encrypt-
ed into 119862(119894)
119895119904according to formula (3) at each cluster node in
cluster 119894
119862(119894)
119895119904= 119872(119894)
119895119904times 119865(119894)
119895+ 119866(119894)
119895+ 119903(119894)
119895119904times 119867(119894)
119895 (3)
4 Journal of Electrical and Computer Engineering
Here + is the summation in elliptic curve times is the scalarmultiplication in elliptic curve and 119903
(119894)
119895119904is random
Then the encrypted data is transmitted to the clusterhead And the data are aggregated by the intermediate nodesThe aggregation of the 119895th branch in cluster 119894 is
119862(119894)
119895agg = sum
119904
119872(119894)
119895119904times 119865(119894)
119895+ 119896(119894)
119895times 119866(119894)
119895+ sum
119904
119903(119894)
119895119904times 119867(119894)
119895 (4)
sum119904119872(119894)
119895119904is the aggregation plaintext of branch 119895 119896(119894)
119895is the
number of the nodes in branch 119895 sum119904119903(119894)
119895119904is the aggregation of
the random and 119862(119894)
119895agg is the ciphertext of the aggregation inbranch 119895
The cluster head in cluster 119894 receives the aggregation ofeach branch Then the cluster head decrypts the 119896
(119894)
119895of each
branch using the privacy key The plaintext 120585(119894)119895is
120585(119894)
119895= log119866(119894)1015840
119895
119901(119894)
2119901(119894)
3times 119862(119894)
119895agg (5)
Here 119866(119894)1015840119895
= 119901(119894)
2119901(119894)
3times 119866(119894)
119895
The cluster head judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872(119894)
= sum
119895
119872(119894)
119895= sum
119895
log119865(119894)1015840
119895
119901(119894)
1119901(119894)
2times 119862(119894)
119895agg (6)
Here 119865(119894)1015840119895
= 119901(119894)
1119901(119894)
2times 119865(119894)
119895
At last the data 119872(119894) is encrypted into 119862
(119894)
agg by the clusternode according to formula (7) in cluster 119894
119862(119894)
agg = 119872(119894)
times 119875(119894)
+ 119896(119894)
times 119876(119894)
+ 119903 times 119877(119894)
(7)
Here 119896(119894) is the number of the cluster nodes in cluster 119894 119903is random
34 Intercluster Data Aggregation After the inner-clusterdata aggregation the encrypted data is transmitted to thebase station And the data are aggregated by the intermediatenodes The aggregation of the 119892th branch of base station is
119862119892agg = sum
119904
119872119892119904
times 119865119892+ 119896119892times 119866119892+ sum
119904
119903119892119904
times 119867119892 (8)
sum119904119872119892119904is the aggregation plaintext of branch 119895 119896
119892is the
number of the nodes in branch 119895 sum119904119903119892119904is the aggregation of
the random and 119862(119894)
119892agg is the ciphertext of the aggregation inbranch 119892
The base station receives the aggregation of each branchThen the base station decrypts 119896
119892of each branch using the
privacy key The plaintext 120585119892is
120585119892
= log119876101584011989411990221199023times 119862119892agg (9)
Here 1198761015840119894= 11990221199023times 119876119894
The base station judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872119892
= sum
119904
119872 = sum
119904
log119875101584011989411990211199022times 119862119892agg (10)
Here 1198751015840119894
= 11990211199022times 119875119894
35 Locating Mechanism Locating mechanism is used tolocate the compromised nodes in the intermediate nodesThelocating mechanism works as follows
We assume that the numbers of leaf nodes and intermedi-ate nodes are119898 and 119899Thenwe have119898 ge 119899The branchwhichdoes not pass the integrity verification is reconstructed into 119899
branches where there is only one intermediate node in eachbranch The new intermediate nodes are the same as in oldbranch And the data integrity is verified in the root node Ifone branch does not pass the verification the intermediatenode in this branch is a compromised node and the locatingmechanism ends
Figure 2 shows the locating mechanism in a cluster Inthe left part of Figure 2 CH finds a branch which consistsof the red compromised nodes So this branch needs to bereconstructed Obviously CH
1and CH
4are two interme-
diate nodes Therefore this branch is divided into two newbranches CH
1and CH
4are also the intermediate nodes
and they are in the different branches Then these twobranches transmit the data to the CH according to the ruledescribed in inner-cluster data aggregation And the CHchecks their integrities If a branch is still compromised theonly intermediate node in this branch is the compromisednode
36 A Case Study In this section we give a detailed exampleof SPPDA model with initialization the key distributioninner-cluster data aggregation and intercluster data aggrega-tion
(1) Initialization In Figure 3 there are 25 sensor nodesdistributed in themonitor area and the base station is locatedin the left of the monitor area These nodes are divided into5 clusters Then the inner-cluster data aggregation tree andthe intercluster data aggregation tree are constructed In theintercluster data aggregation tree there are 2 branches whichare BSB
1and BSB
2from BS BSB
1consisted of BS CH
1
CH2 and CH
3 BSB2consisted of BS CH
4 and CH
5 In each
cluster there are 4 CNs and 1 CHThen the cluster nodes aredivided into 2 branches Using the 119894th cluster as an examplethe branches are CBi1 and CBi2 The CBi1 consisted of CHiCNi1 and CNi2 The CBi2 consisted of CHi CNi3 and CNi4When the data aggregation trees are completed CH recordsthe amount of the CNs in its cluster and the BS records theamount of the CHs in the network
(2) The Keys Distribution According to the structure ofthe network in Figure 3 the BS generates 2 pairs of keys
Journal of Electrical and Computer Engineering 5
CHCH
CN3
CN4
CN2
CN1
CN3
CN4
CN1
CN2
Figure 2 Locating mechanism
CH1
CH4
CH5
CH3
CH2
CN12
CN14
CN13
CN11
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN51
CN53
CN54
Figure 3 Initialization
The public keys are (119898 1198751 1198761 1198771 119864) and (119898 119875
2 1198762 1198772
119864) and the privacy keys are always (1199021 1199022 1199023) Meanwhile
according to the amount of the branches the 119894th cluster headCHi generates 2 pairs of keys The public keys are (119898(119894) 119865(119894)
1
119866(119894)
1119867(119894)1 119864(119894)) and (119898(119894) 119865(119894)
2119866(119894)2119867(119894)2 119864(119894))The privacy keys
are always (119901(119894)1 119901(119894)2 119901(119894)3)
In order to reduce the computing overhead the points 119875119897
119876119897 and 119877
119897 (119897 = 1 2) use some small prime numbers And
119901(119894)
1= 1199021 119901(119894)2
= 1199022 119901(119894)3
= 1199023 and the elliptical curve119864 is same
as1198641015840 Table 1 shows the values of thosemajor parametersTheorders of 119875
1 1198752 119865(119894)1 and 119865
(119894)
2are 17The orders of119876
11198762119866(119894)1
and 119866(119894)
2are 13 The orders of 119877
1 1198772 119867(119894)1 and 119867
(119894)
2are 19 The
orders of two elliptical curves are 4199
(3) Inner-Cluster Data Aggregation Firstly the edge nodesare confirmed in each cluster by its CH In this case theedge nodes are CN
13 CN14 CN22 CN24 CN32 CN33 CN41
Table 1 The values of the major parameters
Parameters Values119864 = 119864
1015840119898 = 119902
111990221199023= 4199
(119875119897 119876119897 119877119897)2
1199021= 13 119902
2= 19 119902
3= 17
(119865(119894)
119895 119866(119894)
119895 119867(119894)
119895)2
119901(119894)
1= 13 119901(119894)
2= 19 119901(119894)
3= 17
CH1
CH4
CH3
CH2
CH5
CN12 CN11
CN14
CN13
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN53CN51
CN54
Figure 4 The slices of the edge nodes
CN42 CN52 and CN
53 Secondly each edge node generates
a slice from its data Then each edge node sends its slice toits neighbor randomly which belongs to a different clusterFigure 4 shows the process of the slicing The full linesexpress the inner-cluster data aggregation tree and the dashlines express the flow of the slices After slicing the nodeswhich receive the slices add them into their data In Table 2
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Electrical and Computer Engineering 3
For each group 119897 we get three new points according to theformula as follows
119875119897= 11990211199022119883119897
119876119897= 11990221199023119884119897
119877119897= 11990231199021119885119897
(1)
Here 119875119897is used to encrypt the aggregated data 119876
119897is used
to record the number of the cluster and 119877119897is used to mix the
encrypted result and enhance the security of the dataThen the BS gets a group of keys The public key is (119898
119875119897 119876119897 119877119897 119864) and the private key is (119902
1 1199022 1199023) The public
key is distributed to the cluster heads in a secure way and theprivate key is reserved by the BS
(2) CH Key Distribution When the BS generates thekey each cluster head begins to generate the CH keyFor example CH(119894) generates three primes (119901
(119894)
1 119901(119894)
2 119901(119894)
3)
and an elliptic curve (119864(119894)) firstly The order of 119864(119894) is
119898(119894)
= 119901(119894)
1119901(119894)
2119901(119894)
3 According to the degree of CH which
is defined as degree 119862(119894) degree 119862(119894) groups of points119881(119894)
1198951 119881(119894)
1198952 119881(119894)
1198953degree 119862(119894)
are selected from 119864(119894) and the order
of those points is 119898(119894)
For each group 119895 we get three new points according tothe formula as follows
119865(119894)
119895= 119901(119894)
1119901(119894)
2119881(119894)
1198951
119866(119894)
119895= 119901(119894)
2119901(119894)
3119881(119894)
1198952
119867(119894)
119895= 119901(119894)
3119901(119894)
1119881(119894)
1198953
(2)
Here 119865(119894)119895
is used to encrypt the aggregated data 119866(119894)119895
isused to record the number of the cluster and 119867
(119894)
119895is used to
mix the encrypted result and enhance the security of the dataThen CH(119894) gets a group of keys The public key is
(119898(119894)
119865(119894)
119895 119866(119894)
119895 119867(119894)
119895 119864(119894)
)degree 119862(119894)
and the private key is (119901(119894)1
119901(119894)
2 119901(119894)3) Lastly the public key is distributed to the cluster
nodes in a security way and the private key is reserved by theCH(119894)
(3) N Key 119873 key distribution consists of five steps [21]
(1) Generation of a large pool of 119875 keys and their keyidentifiers
(2) Random drawing of 119896 keys out of 119875 without replace-ment to establish the key ring of a sensor
(3) Loading of the key ring into the memory of eachsensor
(4) Saving of the key identifiers of a key ring and associ-ated sensor identifier on a trusted controller node
(5) For each node loading the 119894th controller node withthe key shared with that node
Therefore a secure link exists between two neighboringnodes only if they share a key If two neighboring nodes
Cluster 1
Cluster 2Cluster 3
CH2
CH3
CH1
CN12
CN11
CN13
CN14CN21
CN22
CN31
Figure 1 The slicing scheme
cannot share a key but they can be connected by a linkconsisting of some nodes this link can be the secure linkbetween these two nodes
33 Inner-Cluster Data Aggregation In the inner-cluster dataaggregation the cluster heads can obtain the plaintext whichis not secure enough for the dataTherefore before the inner-cluster data aggregation the slicing and mixing scheme [22]is used in each cluster
(1) Slicing In each cluster we call one node ldquoleaf noderdquo ifsome neighbors of this node belong to other clusters Andthe leaf node slice its data into two parts One slice is sentto the other node in another cluster and the other is kept byitself Figure 1 shows the slicing scheme The solid line is theroute in which the data is transmitted to the cluster headThedotted line is the route in which the leaf nodes send the slicesto the neighbor nodes in other clusters In Cluster 1 there are4 leaf nodes CN
11 CN12 CN13 and CN
14 According to the
rule above these nodes divide their data into two slices Oneis kept by itself another is sent to the neighbor nodes in otherclusters along the dotted line CN
11and CN
12send the slices
to the neighbor nodes in other clusters not drawn in Figure 1CN13sends the slices to the CN
22in Cluster 2 and receives the
slices from CN21in Cluster 2 CN
14sends the slices to CN
31
in Cluster 3
(2) Mixing When all the leaf nodes send the slice all nodesrecomputed the data of it If a node receives the slices it addsall the slices to get a new data
After the slicing and the mixing the data119872(119894)
119895119904is encrypt-
ed into 119862(119894)
119895119904according to formula (3) at each cluster node in
cluster 119894
119862(119894)
119895119904= 119872(119894)
119895119904times 119865(119894)
119895+ 119866(119894)
119895+ 119903(119894)
119895119904times 119867(119894)
119895 (3)
4 Journal of Electrical and Computer Engineering
Here + is the summation in elliptic curve times is the scalarmultiplication in elliptic curve and 119903
(119894)
119895119904is random
Then the encrypted data is transmitted to the clusterhead And the data are aggregated by the intermediate nodesThe aggregation of the 119895th branch in cluster 119894 is
119862(119894)
119895agg = sum
119904
119872(119894)
119895119904times 119865(119894)
119895+ 119896(119894)
119895times 119866(119894)
119895+ sum
119904
119903(119894)
119895119904times 119867(119894)
119895 (4)
sum119904119872(119894)
119895119904is the aggregation plaintext of branch 119895 119896(119894)
119895is the
number of the nodes in branch 119895 sum119904119903(119894)
119895119904is the aggregation of
the random and 119862(119894)
119895agg is the ciphertext of the aggregation inbranch 119895
The cluster head in cluster 119894 receives the aggregation ofeach branch Then the cluster head decrypts the 119896
(119894)
119895of each
branch using the privacy key The plaintext 120585(119894)119895is
120585(119894)
119895= log119866(119894)1015840
119895
119901(119894)
2119901(119894)
3times 119862(119894)
119895agg (5)
Here 119866(119894)1015840119895
= 119901(119894)
2119901(119894)
3times 119866(119894)
119895
The cluster head judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872(119894)
= sum
119895
119872(119894)
119895= sum
119895
log119865(119894)1015840
119895
119901(119894)
1119901(119894)
2times 119862(119894)
119895agg (6)
Here 119865(119894)1015840119895
= 119901(119894)
1119901(119894)
2times 119865(119894)
119895
At last the data 119872(119894) is encrypted into 119862
(119894)
agg by the clusternode according to formula (7) in cluster 119894
119862(119894)
agg = 119872(119894)
times 119875(119894)
+ 119896(119894)
times 119876(119894)
+ 119903 times 119877(119894)
(7)
Here 119896(119894) is the number of the cluster nodes in cluster 119894 119903is random
34 Intercluster Data Aggregation After the inner-clusterdata aggregation the encrypted data is transmitted to thebase station And the data are aggregated by the intermediatenodes The aggregation of the 119892th branch of base station is
119862119892agg = sum
119904
119872119892119904
times 119865119892+ 119896119892times 119866119892+ sum
119904
119903119892119904
times 119867119892 (8)
sum119904119872119892119904is the aggregation plaintext of branch 119895 119896
119892is the
number of the nodes in branch 119895 sum119904119903119892119904is the aggregation of
the random and 119862(119894)
119892agg is the ciphertext of the aggregation inbranch 119892
The base station receives the aggregation of each branchThen the base station decrypts 119896
119892of each branch using the
privacy key The plaintext 120585119892is
120585119892
= log119876101584011989411990221199023times 119862119892agg (9)
Here 1198761015840119894= 11990221199023times 119876119894
The base station judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872119892
= sum
119904
119872 = sum
119904
log119875101584011989411990211199022times 119862119892agg (10)
Here 1198751015840119894
= 11990211199022times 119875119894
35 Locating Mechanism Locating mechanism is used tolocate the compromised nodes in the intermediate nodesThelocating mechanism works as follows
We assume that the numbers of leaf nodes and intermedi-ate nodes are119898 and 119899Thenwe have119898 ge 119899The branchwhichdoes not pass the integrity verification is reconstructed into 119899
branches where there is only one intermediate node in eachbranch The new intermediate nodes are the same as in oldbranch And the data integrity is verified in the root node Ifone branch does not pass the verification the intermediatenode in this branch is a compromised node and the locatingmechanism ends
Figure 2 shows the locating mechanism in a cluster Inthe left part of Figure 2 CH finds a branch which consistsof the red compromised nodes So this branch needs to bereconstructed Obviously CH
1and CH
4are two interme-
diate nodes Therefore this branch is divided into two newbranches CH
1and CH
4are also the intermediate nodes
and they are in the different branches Then these twobranches transmit the data to the CH according to the ruledescribed in inner-cluster data aggregation And the CHchecks their integrities If a branch is still compromised theonly intermediate node in this branch is the compromisednode
36 A Case Study In this section we give a detailed exampleof SPPDA model with initialization the key distributioninner-cluster data aggregation and intercluster data aggrega-tion
(1) Initialization In Figure 3 there are 25 sensor nodesdistributed in themonitor area and the base station is locatedin the left of the monitor area These nodes are divided into5 clusters Then the inner-cluster data aggregation tree andthe intercluster data aggregation tree are constructed In theintercluster data aggregation tree there are 2 branches whichare BSB
1and BSB
2from BS BSB
1consisted of BS CH
1
CH2 and CH
3 BSB2consisted of BS CH
4 and CH
5 In each
cluster there are 4 CNs and 1 CHThen the cluster nodes aredivided into 2 branches Using the 119894th cluster as an examplethe branches are CBi1 and CBi2 The CBi1 consisted of CHiCNi1 and CNi2 The CBi2 consisted of CHi CNi3 and CNi4When the data aggregation trees are completed CH recordsthe amount of the CNs in its cluster and the BS records theamount of the CHs in the network
(2) The Keys Distribution According to the structure ofthe network in Figure 3 the BS generates 2 pairs of keys
Journal of Electrical and Computer Engineering 5
CHCH
CN3
CN4
CN2
CN1
CN3
CN4
CN1
CN2
Figure 2 Locating mechanism
CH1
CH4
CH5
CH3
CH2
CN12
CN14
CN13
CN11
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN51
CN53
CN54
Figure 3 Initialization
The public keys are (119898 1198751 1198761 1198771 119864) and (119898 119875
2 1198762 1198772
119864) and the privacy keys are always (1199021 1199022 1199023) Meanwhile
according to the amount of the branches the 119894th cluster headCHi generates 2 pairs of keys The public keys are (119898(119894) 119865(119894)
1
119866(119894)
1119867(119894)1 119864(119894)) and (119898(119894) 119865(119894)
2119866(119894)2119867(119894)2 119864(119894))The privacy keys
are always (119901(119894)1 119901(119894)2 119901(119894)3)
In order to reduce the computing overhead the points 119875119897
119876119897 and 119877
119897 (119897 = 1 2) use some small prime numbers And
119901(119894)
1= 1199021 119901(119894)2
= 1199022 119901(119894)3
= 1199023 and the elliptical curve119864 is same
as1198641015840 Table 1 shows the values of thosemajor parametersTheorders of 119875
1 1198752 119865(119894)1 and 119865
(119894)
2are 17The orders of119876
11198762119866(119894)1
and 119866(119894)
2are 13 The orders of 119877
1 1198772 119867(119894)1 and 119867
(119894)
2are 19 The
orders of two elliptical curves are 4199
(3) Inner-Cluster Data Aggregation Firstly the edge nodesare confirmed in each cluster by its CH In this case theedge nodes are CN
13 CN14 CN22 CN24 CN32 CN33 CN41
Table 1 The values of the major parameters
Parameters Values119864 = 119864
1015840119898 = 119902
111990221199023= 4199
(119875119897 119876119897 119877119897)2
1199021= 13 119902
2= 19 119902
3= 17
(119865(119894)
119895 119866(119894)
119895 119867(119894)
119895)2
119901(119894)
1= 13 119901(119894)
2= 19 119901(119894)
3= 17
CH1
CH4
CH3
CH2
CH5
CN12 CN11
CN14
CN13
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN53CN51
CN54
Figure 4 The slices of the edge nodes
CN42 CN52 and CN
53 Secondly each edge node generates
a slice from its data Then each edge node sends its slice toits neighbor randomly which belongs to a different clusterFigure 4 shows the process of the slicing The full linesexpress the inner-cluster data aggregation tree and the dashlines express the flow of the slices After slicing the nodeswhich receive the slices add them into their data In Table 2
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 Journal of Electrical and Computer Engineering
Here + is the summation in elliptic curve times is the scalarmultiplication in elliptic curve and 119903
(119894)
119895119904is random
Then the encrypted data is transmitted to the clusterhead And the data are aggregated by the intermediate nodesThe aggregation of the 119895th branch in cluster 119894 is
119862(119894)
119895agg = sum
119904
119872(119894)
119895119904times 119865(119894)
119895+ 119896(119894)
119895times 119866(119894)
119895+ sum
119904
119903(119894)
119895119904times 119867(119894)
119895 (4)
sum119904119872(119894)
119895119904is the aggregation plaintext of branch 119895 119896(119894)
119895is the
number of the nodes in branch 119895 sum119904119903(119894)
119895119904is the aggregation of
the random and 119862(119894)
119895agg is the ciphertext of the aggregation inbranch 119895
The cluster head in cluster 119894 receives the aggregation ofeach branch Then the cluster head decrypts the 119896
(119894)
119895of each
branch using the privacy key The plaintext 120585(119894)119895is
120585(119894)
119895= log119866(119894)1015840
119895
119901(119894)
2119901(119894)
3times 119862(119894)
119895agg (5)
Here 119866(119894)1015840119895
= 119901(119894)
2119901(119894)
3times 119866(119894)
119895
The cluster head judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872(119894)
= sum
119895
119872(119894)
119895= sum
119895
log119865(119894)1015840
119895
119901(119894)
1119901(119894)
2times 119862(119894)
119895agg (6)
Here 119865(119894)1015840119895
= 119901(119894)
1119901(119894)
2times 119865(119894)
119895
At last the data 119872(119894) is encrypted into 119862
(119894)
agg by the clusternode according to formula (7) in cluster 119894
119862(119894)
agg = 119872(119894)
times 119875(119894)
+ 119896(119894)
times 119876(119894)
+ 119903 times 119877(119894)
(7)
Here 119896(119894) is the number of the cluster nodes in cluster 119894 119903is random
34 Intercluster Data Aggregation After the inner-clusterdata aggregation the encrypted data is transmitted to thebase station And the data are aggregated by the intermediatenodes The aggregation of the 119892th branch of base station is
119862119892agg = sum
119904
119872119892119904
times 119865119892+ 119896119892times 119866119892+ sum
119904
119903119892119904
times 119867119892 (8)
sum119904119872119892119904is the aggregation plaintext of branch 119895 119896
119892is the
number of the nodes in branch 119895 sum119904119903119892119904is the aggregation of
the random and 119862(119894)
119892agg is the ciphertext of the aggregation inbranch 119892
The base station receives the aggregation of each branchThen the base station decrypts 119896
119892of each branch using the
privacy key The plaintext 120585119892is
120585119892
= log119876101584011989411990221199023times 119862119892agg (9)
Here 1198761015840119894= 11990221199023times 119876119894
The base station judges whether the result of each branchis compromised according to the threshold ℎch If a branch iscompromised the locating mechanism is used to locate thecompromised node If not continue to aggregation
The cluster head gets the plaintext of the aggregationresult in the cluster That is
119872119892
= sum
119904
119872 = sum
119904
log119875101584011989411990211199022times 119862119892agg (10)
Here 1198751015840119894
= 11990211199022times 119875119894
35 Locating Mechanism Locating mechanism is used tolocate the compromised nodes in the intermediate nodesThelocating mechanism works as follows
We assume that the numbers of leaf nodes and intermedi-ate nodes are119898 and 119899Thenwe have119898 ge 119899The branchwhichdoes not pass the integrity verification is reconstructed into 119899
branches where there is only one intermediate node in eachbranch The new intermediate nodes are the same as in oldbranch And the data integrity is verified in the root node Ifone branch does not pass the verification the intermediatenode in this branch is a compromised node and the locatingmechanism ends
Figure 2 shows the locating mechanism in a cluster Inthe left part of Figure 2 CH finds a branch which consistsof the red compromised nodes So this branch needs to bereconstructed Obviously CH
1and CH
4are two interme-
diate nodes Therefore this branch is divided into two newbranches CH
1and CH
4are also the intermediate nodes
and they are in the different branches Then these twobranches transmit the data to the CH according to the ruledescribed in inner-cluster data aggregation And the CHchecks their integrities If a branch is still compromised theonly intermediate node in this branch is the compromisednode
36 A Case Study In this section we give a detailed exampleof SPPDA model with initialization the key distributioninner-cluster data aggregation and intercluster data aggrega-tion
(1) Initialization In Figure 3 there are 25 sensor nodesdistributed in themonitor area and the base station is locatedin the left of the monitor area These nodes are divided into5 clusters Then the inner-cluster data aggregation tree andthe intercluster data aggregation tree are constructed In theintercluster data aggregation tree there are 2 branches whichare BSB
1and BSB
2from BS BSB
1consisted of BS CH
1
CH2 and CH
3 BSB2consisted of BS CH
4 and CH
5 In each
cluster there are 4 CNs and 1 CHThen the cluster nodes aredivided into 2 branches Using the 119894th cluster as an examplethe branches are CBi1 and CBi2 The CBi1 consisted of CHiCNi1 and CNi2 The CBi2 consisted of CHi CNi3 and CNi4When the data aggregation trees are completed CH recordsthe amount of the CNs in its cluster and the BS records theamount of the CHs in the network
(2) The Keys Distribution According to the structure ofthe network in Figure 3 the BS generates 2 pairs of keys
Journal of Electrical and Computer Engineering 5
CHCH
CN3
CN4
CN2
CN1
CN3
CN4
CN1
CN2
Figure 2 Locating mechanism
CH1
CH4
CH5
CH3
CH2
CN12
CN14
CN13
CN11
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN51
CN53
CN54
Figure 3 Initialization
The public keys are (119898 1198751 1198761 1198771 119864) and (119898 119875
2 1198762 1198772
119864) and the privacy keys are always (1199021 1199022 1199023) Meanwhile
according to the amount of the branches the 119894th cluster headCHi generates 2 pairs of keys The public keys are (119898(119894) 119865(119894)
1
119866(119894)
1119867(119894)1 119864(119894)) and (119898(119894) 119865(119894)
2119866(119894)2119867(119894)2 119864(119894))The privacy keys
are always (119901(119894)1 119901(119894)2 119901(119894)3)
In order to reduce the computing overhead the points 119875119897
119876119897 and 119877
119897 (119897 = 1 2) use some small prime numbers And
119901(119894)
1= 1199021 119901(119894)2
= 1199022 119901(119894)3
= 1199023 and the elliptical curve119864 is same
as1198641015840 Table 1 shows the values of thosemajor parametersTheorders of 119875
1 1198752 119865(119894)1 and 119865
(119894)
2are 17The orders of119876
11198762119866(119894)1
and 119866(119894)
2are 13 The orders of 119877
1 1198772 119867(119894)1 and 119867
(119894)
2are 19 The
orders of two elliptical curves are 4199
(3) Inner-Cluster Data Aggregation Firstly the edge nodesare confirmed in each cluster by its CH In this case theedge nodes are CN
13 CN14 CN22 CN24 CN32 CN33 CN41
Table 1 The values of the major parameters
Parameters Values119864 = 119864
1015840119898 = 119902
111990221199023= 4199
(119875119897 119876119897 119877119897)2
1199021= 13 119902
2= 19 119902
3= 17
(119865(119894)
119895 119866(119894)
119895 119867(119894)
119895)2
119901(119894)
1= 13 119901(119894)
2= 19 119901(119894)
3= 17
CH1
CH4
CH3
CH2
CH5
CN12 CN11
CN14
CN13
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN53CN51
CN54
Figure 4 The slices of the edge nodes
CN42 CN52 and CN
53 Secondly each edge node generates
a slice from its data Then each edge node sends its slice toits neighbor randomly which belongs to a different clusterFigure 4 shows the process of the slicing The full linesexpress the inner-cluster data aggregation tree and the dashlines express the flow of the slices After slicing the nodeswhich receive the slices add them into their data In Table 2
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Electrical and Computer Engineering 5
CHCH
CN3
CN4
CN2
CN1
CN3
CN4
CN1
CN2
Figure 2 Locating mechanism
CH1
CH4
CH5
CH3
CH2
CN12
CN14
CN13
CN11
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN51
CN53
CN54
Figure 3 Initialization
The public keys are (119898 1198751 1198761 1198771 119864) and (119898 119875
2 1198762 1198772
119864) and the privacy keys are always (1199021 1199022 1199023) Meanwhile
according to the amount of the branches the 119894th cluster headCHi generates 2 pairs of keys The public keys are (119898(119894) 119865(119894)
1
119866(119894)
1119867(119894)1 119864(119894)) and (119898(119894) 119865(119894)
2119866(119894)2119867(119894)2 119864(119894))The privacy keys
are always (119901(119894)1 119901(119894)2 119901(119894)3)
In order to reduce the computing overhead the points 119875119897
119876119897 and 119877
119897 (119897 = 1 2) use some small prime numbers And
119901(119894)
1= 1199021 119901(119894)2
= 1199022 119901(119894)3
= 1199023 and the elliptical curve119864 is same
as1198641015840 Table 1 shows the values of thosemajor parametersTheorders of 119875
1 1198752 119865(119894)1 and 119865
(119894)
2are 17The orders of119876
11198762119866(119894)1
and 119866(119894)
2are 13 The orders of 119877
1 1198772 119867(119894)1 and 119867
(119894)
2are 19 The
orders of two elliptical curves are 4199
(3) Inner-Cluster Data Aggregation Firstly the edge nodesare confirmed in each cluster by its CH In this case theedge nodes are CN
13 CN14 CN22 CN24 CN32 CN33 CN41
Table 1 The values of the major parameters
Parameters Values119864 = 119864
1015840119898 = 119902
111990221199023= 4199
(119875119897 119876119897 119877119897)2
1199021= 13 119902
2= 19 119902
3= 17
(119865(119894)
119895 119866(119894)
119895 119867(119894)
119895)2
119901(119894)
1= 13 119901(119894)
2= 19 119901(119894)
3= 17
CH1
CH4
CH3
CH2
CH5
CN12 CN11
CN14
CN13
CN22
CN21
CN23
CN24
CN32
CN31
CN33
CN34
CN41
CN43
CN42
CN44
CN52
CN53CN51
CN54
Figure 4 The slices of the edge nodes
CN42 CN52 and CN
53 Secondly each edge node generates
a slice from its data Then each edge node sends its slice toits neighbor randomly which belongs to a different clusterFigure 4 shows the process of the slicing The full linesexpress the inner-cluster data aggregation tree and the dashlines express the flow of the slices After slicing the nodeswhich receive the slices add them into their data In Table 2
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 Journal of Electrical and Computer Engineering
Table 2 Data processing of edge nodes
Cluster nodes Original data Slices Mixing dataCN13
119872119875(1)
3= 6 119878
13= 5 119872
(1)
3= 5
CN14
119872119875(1)
4= 7 119878
14= 5 119872
(1)
4= 4
CN22
119872119875(1)
2= 8 119878
22= 3 119872
(2)
4= 5
CN24
119872119875(2)
1= 6 119878
21= 4 119872
(2)
1= 7
CN32
119872119875(3)
2= 7 119878
32= 1 119872
(3)
2= 10
CN34
119872119875(3)
4= 7 119878
34= 4 119872
(3)
4= 6
CN41
119872119875(4)
1= 7 119878
41= 2 119872
(4)
1= 10
CN42
119872119875(4)
2= 5 119878
42= 3 119872
(4)
2= 4
CN52
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 5
CN53
119872119875(5)
2= 2 119878
52= 1 119872
(5)
2= 1
Table 3 The encryption in inner-cluster data aggregation
Cluster nodes Plaintext 119872(1) Ciphertext 119862(1)
CN11
119872(1)
1= 4 119862
(1)
1= 41198651
(1)+ 119866(1)
1+ 9119867(1)
1
CN12
119872(1)
2= 6 119862
(1)
2= 6119865(1)
1+ 119866(1)
1+ 4119867(1)
1
CN13
119872(1)
3= 5 119862
(1)
3= 5119865(1)
2+ 119866(1)
2+ 5119867(1)
2
CN14
119872(1)
4= 4 119862
(1)
4= 4119865(1)
2+ 119866(1)
2+ 2119867(1)
2
the operations of slicing and mixing are shown with specificnumbers
Using the first cluster as an example the inner-cluster dataaggregation is shown as follows There are 4 CNs in the firstcluster and these CNs collect the data around themThen thedata is encrypted according to formula (3) The plaintext andciphertext of data are shown in Table 3
After the encryption all of the CNs send their encrypteddata to the CH along the inner-cluster aggregation treeThen the CH receives two aggregation data items from itstwo branches Table 4 shows the aggregation results in eachbranch
When the CH receives the aggregation data it decrypts 119905
aggregation data according to formula (5)We get the amountof CNs in two branches as follows
323119862(1)
1agg = 3230119865(1)
1+ 646119866
(1)
1+ 4199119867
(1)
1
323119862(1)
2agg = 2907119865(1)
2+ 646119866
(1)
2+ 2261119867
(1)
2
(11)
According to the orders of these nodes we have 17119865(1)
119895=
0 13119866(1)119895
= 0 and 19119867(1)
119895= 0 So
323119862(1)
1agg = 646119866(1)
1
323119862(1)
2agg = 646119866(1)
2
(12)
Then CH decrypts the aggregation again according toformula (6) We get the aggregation data of two brancheswhich is 10 and 9 CH aggregates these two data items andencrypts them with the public key from BS
119862(1)
= 191198751+ 41198761+ 23119877
1 (13)
Table 4 The intercluster data aggregation
Cluster branch Aggregation resultsCB11
119862(1)
1agg = 10119865(1)
1+ 2119866(1)
1+ 13119867
(1)
1
CB12
119862(1)
2agg = 9119865(1)
2+ 2119866(1)
2+ 7119867(1)
2
Table 5 The encryption in intercluster data aggregation
Cluster heads Plaintext 119872 Ciphertext 119862CH1
119872(1)
= 19 119862(1)
= 191198751+ 41198761+ 23119877
1
CH2
119872(2)
= 19 119862(2)
= 191198751+ 41198761+ 17119877
1
CH3
119872(3)
= 23 119862(3)
= 231198751+ 41198761+ 21119877
1
CH4
119872(4)
= 17 119862(4)
= 171198752+ 41198762+ 19119877
2
CH5
119872(5)
= 20 119862(5)
= 201198752+ 41198762+ 12119877
2
Table 6 The intercluster data aggregation
Base station branch Aggregation resultsBSB11
1198621agg = 61119875
1+ 12119876
1+ 61119877
1
BSB12
1198622agg = 37119875
2+ 81198762+ 31119877
2
The inner-cluster data aggregation in other four clustersis done in the same way Table 5 shows the plaintext andciphertext of aggregation data in those five clusters
(4) Intercluster Aggregation Data After the encryption allof the CHs send their encrypted data to the BS alongthe intercluster aggregation tree Then the BS receives twoaggregation data items from its two branches Table 6 showsthe aggregation results in each branch
When the BS receives the aggregation data it decryptsthese two aggregation data items according to formula (9)We get the amount of CHs in two branches as follows
3231198621agg = 19703119875
1+ 3876119876
1+ 19703119877
1
3231198622agg = 11951119875
2+ 2584119876
2+ 10013119877
2
(14)
According to the orders of these nodes we have
17119875119895= 0
13119876119895= 0
19119877119895= 0
(15)
So
3231198621agg = 3876119876
1
3231198622agg = 2584119876
2
(16)
CH decrypts the aggregation again according to formula(10) We get the aggregation data of two branches which is61 and 37 BS aggregates these two data items and gets theaggregation data of the whole network which is 87
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Electrical and Computer Engineering 7
Table 7 The computation overhead of IPHCDA and SPPDA
Operation IPHCDA SPPDAEncryption 119873 sdot (119864Add + 2119864Mul) 119873 sdot (2119864Add + 3119864Mul)
Aggregation (119873 minus 1) sdot 119864Add + 119866 sdot 119864MAC + 119896 sdot 119864oplus
(119873 minus 1) sdot 119864Add
Decryption 119866 sdot 119864log 2119866 sdot 119864log
4 The Security Analysis
41 Ciphertext Only Attack Ciphertext only attack is a basicattack in wearable sensors When attackers use this attackthey only can try to get the plaintext by analyzing theciphertext
SPPDAmodel uses the elliptic curve cryptography whichis an asymmetric encryption model Its security is based onthe intractability in decomposition of large prime numbersSo SPPDA model can resist this attack well as long as thesuitable prime numbers are used
42 Chosen-Plaintext Attack In chosen-plaintext attackattackers can get some plaintexts and the ciphertexts Attack-ers want to get the secret key by analyzing these texts so thatthe other ciphertexts can be cracked rapidly by using thissecret key
SPPDA model uses the elliptic curve encryption withthree parameters and one of them is used to add the randomdisturbance In this way even the same plaintexts can beencrypted to the different ciphertexts So no matter howmany plaintext-ciphertexts the attackers get they cannot getthe secret key by analyzing the plaintext-ciphertexts
43 Data Injection Attack In data injection attack theattackers send the unauthorized data to the aggregation nodeIf the aggregation aggregates this data the result will bedifferent from the real result So the base station gets a faultresult
SPPDA model uses the elliptic curve encryption Sothe ciphertext is satisfied with the structure of the ellipticcurve encryption If the attackers send the data which lacksstandardization the aggregation can recognize it easily andremove it by the aggregation node
44 Aggregation Node Compromised Attack In the nodecompromised attack model attackers can compromise someaggregation nodes in thewearable sensorsThen attackers getthe key of these nodes and perform unauthorized aggrega-tion So the base station gets the fault result
SPPDA model verifies the data integrities both in clusterheads and in base station If the aggregation node in clusteris compromised cluster head can recognize the fault of thebranch at which the compromised node stays If the clusterhead is compromised base station can recognize the fault ofbranch at which the compromised cluster head stays Thenthe cluster head or base station uses the locating mechanismto locate the compromised node and remove it
5 Performance Analysis
In this section the computation overhead and the communi-cation overhead of SPPDAmodel are analyzed and comparedwith the IPHCDA model
51 The Computation Overhead The computation overheadincludes encryption aggregation anddecryptionWe assumethat the overhead of addition scalar multiplication MACXOR and the decryption are expressed as 119864Add 119864Mul 119864MAC119864oplus and 119864log 119866 is the amount of clusters and 119873 is the
amount of the nodes in wearable sensors Table 7 shows thecomputation overhead in IPHCDAmodel and SPDA model
In encryption operation IPHCDA model needs twice119864Mul and once 119864Mul in each node while SPPDAmodel needsthree times 119864Mul and twice 119864Mul In aggregation operationIPHCDA model needs (119873 minus 1) times 119864Add 119866 times 119864MACand 119896 times 119864
oplus while SPPDA model only needs (119873 minus 1)
times 119864Add The number of XOR operations is decided by thestructure of the aggregation treeThe constant 119896 is no less than1 and no more than 119866 minus 1 In decryption operation IPHCDAmodel needs 119866 times 119864log while SPPDA model needs 2119866times 119864log
In general the computation overhead of IPHCDAmodelis lower than SPPDA model in encryption and decryptionThe computation overhead of SPPDA model is lower thanIPHCDAmodel in aggregation But there are two aspects notdescribed in Table 7
(1) The orders of the elliptic curve are not the same inboth models The order in IPHCDA is larger thanin SPPDA So the 119864Add 119864Mul and 119864log in IPHCDAmodel are larger
(2) The computation overhead which is extra in SPPDAmodel is undertaken by the whole network so theaverage overhead to each node is lowerSo the computation overheads in both models arealmost the same
52 The Communication Overhead In this section the com-munication overhead between SPPDA model and IPHCDAmodel is compared It is assumed that these two models areused in the same network structure Therefore the compari-son of the communication is the same as the comparison oflength of ciphertext
It is assumed 120582 is the length of each prime in bothmodelsand the number of the clusters in the network is 119866 So thelength of ciphertext in IPHCDA model is (119866 + 1)120582 and thelength of ciphertext in SPPDA model is 3120582 In general case
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 Journal of Electrical and Computer Engineering
Table 8 The length of ciphertext in two models (120582 = 256 unit isbit)
Models 119866 = 1 119866 = 2 119866 = 3 119866 = 4
SPPDA 768 768 768 768IPHCDA 512 768 1024 1280
120582 = 256 is safe enough to a ciphertext and Table 1 shows thecomparison of the length of ciphertext in two models when120582 = 256
In Table 8 the length of ciphertext increases with 119866 inIPHCDA model and the length of ciphertext is constant 768when 119866 increases So when 119866 gt 2 the length of ciphertextin IPHCDA model is larger than that in SPPDA model thatmeans the communication overhead of IPHCDA model islarger Actually a cluster-based network usually consists ofplenty of clusters Therefore the SPPDA model has lowercommunication overhead
6 Conclusion
In this paper we present a new secure privacy-preserving dataaggregation model which adopts a mixed data aggregationstructure of tree and cluster The proposed model verifiesthe data integrity both at the cluster nodes and at the basestation Meanwhile the model gives a mechanism to locatethe compromised nodes Lastly the detail analysis showsthat this model is robust to many attacks and has lowercommunication overhead
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by Beijing Natural Science Founda-tion under Grant 4132057 National Natural Science Foun-dation of China under Grant 61201159 Beijing MunicipalEducation Commission on Projects (SQKM201510016013)and Foundation of MOHURD (2015-K8-029)
References
[1] J Yick B Mukherjee and D Ghosal ldquoWireless sensor networksurveyrdquoComputerNetworks vol 52 no 12 pp 2292ndash2330 2008
[2] C J Deepu and Y Lian ldquoA Joint QRS detection and datacompression scheme for wearable sensorsrdquo IEEE Transactionson Biomedical Engineering vol 62 no 1 pp 165ndash175 2015
[3] P Picazo-Sanchez J E Tapiador P Peris-Lopez and G Suarez-Tangi ldquoSecure publish-subscribe protocols for heterogeneousmedical wireless body area networksrdquo Sensors (Switzerland)vol 14 no 12 pp 22619ndash22642 2014
[4] R Di Pietro P Michiardi and R Molva ldquoConfidentiality andintegrity for data aggregation in WSN using peer monitoringrdquoSecurity amp Communication Networks vol 2 no 2 pp 181ndash1942009
[5] A Zambrano F Derogarian R Dias et al ldquoA wearable sensornetwork for human locomotion data capturerdquo in pHealth vol177 of Studies inHealth Technology and Informatics pp 216ndash223IOS Press Amsterdam The Netherlands 2012
[6] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous SystemsmdashNetworking and Services (MobiQuitousrsquo05) pp 109ndash117 New York NY USA July 2005
[7] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 May 2005
[8] T Feng C Wang W Zhang and L Ruan ldquoConfidentialityprotection for distributed sensor data aggregationrdquo in Proceed-ings of the 27th IEEE Conference on Computer Communications(INFOCOM rsquo08) pp 56ndash60 IEEE Phoenix Ariz USA April2008
[9] D Boneh E-J Goh and K Nissim ldquoEvaluating 2-dnf formulason ciphertextsrdquo in Theory of Cryptography Second Theory ofCryptography Conference TCC 2005 Cambridge MA USAFebruary 10-12 2005 Proceedings Lecture Notes in ComputerScience pp 325ndash341 2005
[10] E Mykletun J Girao and D Westhoff ldquoPublic key basedcryptoschemes for data concealment in wireless sensor net-worksrdquo in Proceedings of the IEEE International Conference onCommunications (ICC rsquo06) vol 5 pp 2288ndash2295 IstanbulTurkey July 2006
[11] J Girao D Westhoff E Mykletun and T Araki ldquoTinyPEDStiny persistent encrypted data storage in asynchronous wirelesssensor networksrdquo Ad Hoc Networks vol 5 no 7 pp 1073ndash10892007
[12] J M Bahi C Guyeux and A Makhoul ldquoEfficient and robustsecure aggregation of encrypted data in sensor networksrdquo inProceedings of 4th International Conference on Sensor Technolo-gies andApplications (SENSORCOMM rsquo10) pp 472ndash477VeniceItaly July 2010
[13] S Ozdemir and Y Xiao ldquoIntegrity protecting hierarchical con-cealed data aggregation forwireless sensor networksrdquoComputerNetworks vol 55 no 8 pp 1735ndash1746 2011
[14] Y-H Lin S-Y Chang and H-M Sun ldquoCDAMA concealeddata aggregation scheme for multiple applications in wirelesssensor networksrdquo IEEE Transactions on Knowledge and DataEngineering vol 25 no 7 pp 1471ndash1483 2013
[15] Q Zhou G Yang and L He ldquoA secure-enhanced data aggre-gation based on ECC in wireless sensor networksrdquo Sensors vol14 no 4 pp 6701ndash6721 2014
[16] O Younis and S Fahmy ldquoHEED a hybrid energy-efficientdistributed clustering approach for ad hoc sensor networksrdquoIEEE Transactions on Mobile Computing vol 3 no 4 pp 366ndash379 2004
[17] S Lindsey and C S Raghavendra ldquoPEGASIS power-efficientgathering in sensor information systemsrdquo in Proceedings of theEEE Aerospace Conference vol 3 pp 1125ndash1130 IEEE Big SkyMont USA March 2002
[18] Y Rebahi V E Mujica-V and D Sisalem ldquoA reputation-based trust mechanism for ad hoc networksrdquo in Proceedings ofthe 10th IEEE Symposium on Computers and Communications(ISCC rsquo05) pp 37ndash42 Cartagena Spain June 2005
[19] L I Yong-Jun ldquoResearch on trust mechanism for peer-to-peernetworkrdquo Chinese Journal of Computers vol 40 no 5 pp 805ndash809 2010
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Electrical and Computer Engineering 9
[20] S Madden M J Franklin and J M Hellerstein ldquoTAG a tinyaggregation service for ad-hoc sensor networksrdquo in Proceedingsof the 5th Usenix Symposium on Operating Sysems Design ampImplementation (OSDI rsquo02) vol 3 pp 131ndash146 Boston MassUSA December 2002
[21] L Eschenauer and V D Gligo ldquoA key-management schemefor distributed sensor networksrdquo in Proceedings of the 9thACM Conference on Computer and Communications Security(CCS rsquo02) pp 41ndash47 Washington DC USA November 2002
[22] W He X Liu H Nguyen K Nahrstedt and T AbdelzaherldquoPDA privacy-preserving data aggregation in wireless sensornetworksrdquo in Proceedings of the 26th IEEE Conference onComputer Communications pp 2045ndash2053 Anchorage AlaskaUSA May 2007
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of