Title: SIA: Secure Information Aggregation in Sensor Networks
1SIA Secure Information Aggregation in Sensor
Networks
- Dhiman Barman
- Authors Bartosz Przydateck, Dawn Song, and
Adrian Perrig - CMU
- SenSys 2003
2Large Scale Sensor Networks
- Monitoring Purposes
- Limited Computation Resources
- Limited Communication Resources
- Query Processing over Sensor data
3Aggregation
- In-network processing and aggregation
- Reduces volume of raw data
- Aggregators do aggregation
- Aggregators or sensors may be compromised
- DDoS Attacks
- Stealthy Attacks
4Objectives
- Secure Information Aggregation
- Aggregate-commit-prove approach
- Aggregators commit data from the sensors
- Aggregator proves the correctness to Home Server
- Secure computation of
- Median
- Min/Max
- Distinct elements and other queries
5Model
Home server
- Each sensor has unique ID
- Home server and Aggregator store master keys, KB
and KA - Each sensor stores shared keys MACKA(node ID) and
MACKB(node ID) - Adversarial attacks on sensor values, 1,..,m
aggregator
6Assumptions
- Aggregator is resources-enhanced
- Uncorrupted sensors are not disconnected from the
aggregators - Home Server and Aggregators can broadcast to
sensors - Only a small no. of sensors can be attacked
- Many kinds of attacks but focus is on stealthy
attacks
7General Approach
- Three phases aggregate, commit and prove
- Aggregator aggregates raw data with a commitment
- Computation of results
- Commitment to data
- Home server and aggregator perform interactive
proofs to verify reported results - Report results
- Prove the correctness (committed data represents
true sensor values, aggregate is accurate)
8Commit
Merkle hash tree used to commit to a set of values
9Query Estimation
- Secure Computation of Median on (ai, IDi) pairs
- Median by Random sampling
- Theorem The median of a uniform sample of l out
of n elements a1,..,an with probability at least
1-2/exp(2l?2) yields an element whose position in
the sorted sequence a1,..,an is with ?n of n/2. - Proof PrX n/2 gt ?n ? exp(-2l?2) and
using Hoeffding bound - Sample size needed ?(1/ ?2) by Bar-Yossef et. al.
10Secure Median Computation
- Aggregator, A commits the measured values
(sorted) using a hash-tree construction - Home server, B gets an alleged median, a
- B verifies (using Spot-Check-II by Ergun et. Al)
- Commited sequence is sorted
- All elements are distinct
- B checks that a is close to the median of
committed sequence - By randomly picking elements from the sequence
and comparing elements from the left and right
parts
11Secure Computation of Min/Max
procedure MinRootedTree(d) / code for sensor I
/ pi Si, vi ai, idi Si for i
1..d do send(vi, idi) to all neighbors
receive (vj, idj) from neighbors if vj lt
vi for some j then pi Sj, vi aj,
idi Sj
procedure FindMin(?) / code for home server
/ request construction of a tree using
MinRootedTree if tree construction failed then
return REJECT request number n of the nodes in
the tree For I 1(1/ ?) do pick j ?1,..,n
request j-th node from the tree follow path
to the root if path is inconsistent then return
REJECT return ACCEPT
12Other queries and issues
- Random Node Selection
- Home Server distributes hash function h
- Sensors compute MIN using h, ID and time interval
- Distinct number of elements can be found by
finding the lower (Bar-Yossef ) and upper bound
(using sampling). - Network size is a special case
- ? (i,j) 1 ? i ? n, 1 ? j ? aj
- Forward Secure Authentication by changing keys in
every time interval - Secure Hierarchical Aggregation using multiple
aggregators
13Conclusion
- Secure Aggregate Information
- Computation of Estimates
- Protocol for secure aggregation