SIA: Secure Information Aggregation in Sensor Networks

1
SIA Secure Information Aggregation in Sensor
Networks

• Dhiman Barman
• Authors Bartosz Przydateck, Dawn Song, and
  Adrian Perrig
• CMU
• SenSys 2003

2
Large Scale Sensor Networks

• Monitoring Purposes
• Limited Computation Resources
• Limited Communication Resources
• Query Processing over Sensor data

3
Aggregation

• In-network processing and aggregation
• Reduces volume of raw data
• Aggregators do aggregation
• Aggregators or sensors may be compromised
• DDoS Attacks
• Stealthy Attacks

4
Objectives

• Secure Information Aggregation
• Aggregate-commit-prove approach
• Aggregators commit data from the sensors
• Aggregator proves the correctness to Home Server
• Secure computation of
• Median
• Min/Max
• Distinct elements and other queries

5
Model
Home server

• Each sensor has unique ID
• Home server and Aggregator store master keys, KB
  and KA
• Each sensor stores shared keys MACKA(node ID) and
  MACKB(node ID)
• Adversarial attacks on sensor values, 1,..,m

aggregator
6
Assumptions

• Aggregator is resources-enhanced
• Uncorrupted sensors are not disconnected from the
  aggregators
• Home Server and Aggregators can broadcast to
  sensors
• Only a small no. of sensors can be attacked
• Many kinds of attacks but focus is on stealthy
  attacks

7
General Approach

• Three phases aggregate, commit and prove
• Aggregator aggregates raw data with a commitment
• Computation of results
• Commitment to data
• Home server and aggregator perform interactive
  proofs to verify reported results
• Report results
• Prove the correctness (committed data represents
  true sensor values, aggregate is accurate)

8
Commit
Merkle hash tree used to commit to a set of values
9
Query Estimation

• Secure Computation of Median on (ai, IDi) pairs
• Median by Random sampling
• Theorem The median of a uniform sample of l out
  of n elements a1,..,an with probability at least
  1-2/exp(2l?2) yields an element whose position in
  the sorted sequence a1,..,an is with ?n of n/2.
• Proof PrX n/2 gt ?n ? exp(-2l?2) and
  using Hoeffding bound
• Sample size needed ?(1/ ?2) by Bar-Yossef et. al.

10
Secure Median Computation

• Aggregator, A commits the measured values
  (sorted) using a hash-tree construction
• Home server, B gets an alleged median, a
• B verifies (using Spot-Check-II by Ergun et. Al)
• Commited sequence is sorted
• All elements are distinct
• B checks that a is close to the median of
  committed sequence
• By randomly picking elements from the sequence
  and comparing elements from the left and right
  parts

11
Secure Computation of Min/Max
procedure MinRootedTree(d) / code for sensor I
/ pi Si, vi ai, idi Si for i
1..d do send(vi, idi) to all neighbors
receive (vj, idj) from neighbors if vj lt
vi for some j then pi Sj, vi aj,
idi Sj
procedure FindMin(?) / code for home server
/ request construction of a tree using
MinRootedTree if tree construction failed then
return REJECT request number n of the nodes in
the tree For I 1(1/ ?) do pick j ?1,..,n
request j-th node from the tree follow path
to the root if path is inconsistent then return
REJECT return ACCEPT
12
Other queries and issues

• Random Node Selection
• Home Server distributes hash function h
• Sensors compute MIN using h, ID and time interval
• Distinct number of elements can be found by
  finding the lower (Bar-Yossef ) and upper bound
  (using sampling).
• Network size is a special case
• ? (i,j) 1 ? i ? n, 1 ? j ? aj
• Forward Secure Authentication by changing keys in
  every time interval
• Secure Hierarchical Aggregation using multiple
  aggregators

13
Conclusion

• Secure Aggregate Information
• Computation of Estimates
• Protocol for secure aggregation