Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.

Published byIris Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007."— Presentation transcript:

1 Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007 Presented by Nicky Mahilani CSC 774 In-class presentation 1 Acknowledgement: Based on slides provided by Author

2 Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 2

3 Computer Science Sensor Networks Group of sensor nodes report to a Base Station(BS) Without data aggregation –Data redundancy –Communication cost –Energy expenditure Reporting raw data is inefficient BS 3

4 Computer Science Data Aggregation in Sensor Networks With data aggregation we can reduce –Data redundancy –Communication cost –Energy expenditure A lossy data compression process BS 4

5 Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 5

6 Computer Science Security Challenges in Data Aggregation?(1) A compromised intermediate node may change the aggregated data BS cannot verify the result without knowing original readings False Alarm BS Compromised node 6

7 Computer Science Hop-by-hop aggregation –Aggregates computed by a higher-level node are from ‘more’ low-level nodes –If a compromised node is closer to BS, false value from it has more impact on the final result computed by BS Legitimate temperature (32F ~ 150F) BS 7 Security Challenges in Data Aggregation?(2)

8 Computer Science Security Challenges in Data Aggregation?(3) Question: Can the BS obtain a good approximation of the fusion result when a fraction of nodes are compromised? False Alarm BS Compromised node 8

9 Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 9

10 Computer Science Network Model BS - An unbalanced tree rooted at BS - Data is aggregated hop by hop - Each aggregate is a tuple (value, count) - Every node only forwards one copy 10

11 Computer Science Attack Model Goal: Inject false data without being detected by BS Example: –Without modifying the received aggregate (98.7F~101F, 51) –Count change attack (100F~150F, *) –Value change attack (32F~150F, 51) Legitimate temperature (32F ~ 150F) BS (100F, 50) (?, ?) 11

12 Computer Science SDAP: Secure Hop-by-hop Data Aggregation Protocol Basic Principle –Divide and conquer –Commit and attest Protocol Overview –Tree Construction & Query Dissemination –Probabilistic grouping Partition nodes into logical groups of similar size –Hop-by-hop aggregation Each group generates a commitment which cannot be denied later –Verification & attestation BS identifies suspicious groups Suspect groups attest correctness of commitments to BS 12

13 Computer Science Tree Construction & Query Dissemination Tree construction Query dissemination –BS  * : F agg, S g F agg : an aggregation function, e.g., avg, count S g : a random number as grouping seed 13 Legitimate temperature (32F ~ 150F) avg

14 Computer Science Probabilistic grouping & data aggregation Probabilistic grouping is conducted through group leader selection –H(K x, S g |x) < F g (c) x : node id K x : master key of x H : pseudorandom function, uniform output in [0,1) S g : for security and load balance c : count F g : grouping function, [0,1) output increasing with c 14 Legitimate temperature (32F ~ 150F) H(K id, S g |id) > F g (1) H(K w’, S g |w’) < F g (8) H(K x, S g |x) < F g (15) H(K y, S g |y) < F g (c)

15 Computer Science Probabilistic grouping & data aggregation Probabilistic grouping is conducted through group leader selection –H(K x, S g |x) < F g (c) x : node id K x : master key of x H : pseudorandom function, uniform output in [0,1) S g : for security and load balance c : count F g : grouping function, [0,1) output increasing with c 15 Legitimate temperature (32F ~ 150F) By choosing appropriate grouping functions, group sizes are roughly even with small deviation, providing good basis for attestation

16 Computer Science Group Aggregation 16 Format of aggregates flag value count MAC id seed Encrypted Authenticated Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments –u  v : u, 0, E(K uv,1|R u |S g )|MAC u MAC u =MAC(K u, 0|1|u|R u |S g ) Leaf node aggregation

17 Computer Science Group Aggregation (2) 17 –v  w : v, 0, E(K vw,3|Agg v |S g )|MAC v Agg v =F agg (R v, R u, R u’ ) MAC v =MAC(K v, 0|3|v|Agg v | MAC u MAC u’ |S g ) MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data H( K v, S g |v) > F g (3) Immediate node aggregation

18 Computer Science Group Aggregation (3) 18 –x  BS : x, 1, E(K x,15|Agg x |S g )|MAC x Agg x =F agg (R x, Agg w, Agg w’ ) MAC x =MAC(K x, 1|15|x|Agg x |MAC w MAC w’ |S g ) H( K x, S g |x) < F g (15) Default leader of leftover nodes Tracking the forwarding path: A forwarding table (incoming link, group id) Group id is the id of group leader Bloom filter may help scale up Leader node aggregation

19 Computer Science Verification & attestation BS identifies suspicious groups for attestation Outlier detection by Grubbs’ Test –extensions: multiple outliers, bivariate P c * P value <α? (significance level, e.g., 0.05) –Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result 19 (x, 142F, 50)(y, 100F, 20)(w’, 95F, 25)(BS, 90F, 28)

20 Computer Science Verification & attestation (2) 20 Forwarding attestation requests from BS Suppose group x is under suspicion BS  y: x, S a, S g S a : a random number as attestation seed Node y then forwards this request to leader x

21 Computer Science Group attestation −Probabilistic attestation path selection From x, each parent sums up counts of all the children, then computes picks up i th child on the path, if Verification & attestation (3) 21

22 Computer Science Verification & attestation (4) 22 Attestation response from groups Each node on the path sends back count and reading Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

23 Computer Science Verification & attestation (5) Group response validation by BS BS reconstructs Agg x and MAC x based on responses –If both match the submitted values, accepts them –Otherwise, rejects them 23

24 Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 24

25 Computer Science Detection Rate 25 m is the number of attestation paths C v : Count value m Detection Rate

26 Computer Science Grouping Function (F g ) Goal: small variations on group sizes –if c = 1, Fg(c) = 0 –if c  infinite, Fg(c) = 1 –increase slowly in the beginning, approach to 1 quickly after a certain value above the mean 26

27 Computer Science Communication Overhead Packet*hop: 3.4k~4.4K in a non-secure aggregation scheme: 3k in a no aggregation secure scheme: 21k 27

28 Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 28

29 Computer Science Conclusion & Future Work A probabilistic grouping based secure data aggregation protocol –Divide-and-conquer –Commit-and-attest –With adjustable detection rate –Low performance overhead Challenges: –Max/Min –Content-based attestation Readings from nodes in the same neighborhood should bear certain temporal/spatial correlations 29

30 Computer Science Thank you ! Questions ??? 30

Download ppt "Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Supporting Cooperative Caching in Disruption Tolerant Networks

Supporting Cooperative Caching in Disruption Tolerant Networks
An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.

An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.
Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.

Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.
1 Routing Techniques in Wireless Sensor networks: A Survey.

1 Routing Techniques in Wireless Sensor networks: A Survey.
1 Distributed Adaptive Sampling, Forwarding, and Routing Algorithms for Wireless Visual Sensor Networks Johnsen Kho, Long Tran-Thanh, Alex Rogers, Nicholas.

1 Distributed Adaptive Sampling, Forwarding, and Routing Algorithms for Wireless Visual Sensor Networks Johnsen Kho, Long Tran-Thanh, Alex Rogers, Nicholas.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.

Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.

IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
©NEC Laboratories America 1 Hui Zhang Samrat Ganguly Sudeept Bhatnagar Rauf Izmailov NEC Labs America Abhishek Sharma University of Southern California.

©NEC Laboratories America 1 Hui Zhang Samrat Ganguly Sudeept Bhatnagar Rauf Izmailov NEC Labs America Abhishek Sharma University of Southern California.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Similar presentations

Ads by Google