SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610
Sensor networks wireless network consisting of large number of small sensor devices Main objective: data collection Sensors are severely constrained: Low memory Low power Limited bandwidth Transfer of raw information is expensive (often individual readings are not needed) Solution: aggregate data and transfer the result only!
Data aggregation Selected nodes are aggregators responsible for data collection computation of aggregated result result transfer to the user ( home server ) Security concern: compromised aggregator compromised sensors
Proposed approach Previous works assumed honest sensors This work’s focus : stealthy attacks If user accepts the aggregation result, then there isa high probability that the reported result is “close” to the true result value
Considered model single home server (user) single aggregator more powerful than sensor has information about size and topology of the network sensors have unique ids share a key with server and aggregator Both home server & aggregator have master key and able to compute key for each sensor aggregator home server sensors a1 a2 a3 A= ? A= (a1, a2, a3)
Aggregate-Commit-Prove approach aggregate aggregator collect the data from sensors compute aggregated result commit aggregator commits to the data guarantee that result is computed using sensors’ data prove aggregator send the aggregate result and commitment to home server home server checks if commitment is good representation of the sensor data aggregation result is close to the committed data values
Commit phase Merkle hash tree – to commit to the data a 1 a 2 a 3... a n - sensors’ data placed at the leaves each internal node is hash of its children root value is a commitment
Considered … Most commonly used aggregation operations: Compute median Compute min, max Counting distinct elements
Computing median Securely compute median of a 1 a 2 a 3... a n Aggregate phase: take median of a random sample of sensor values commits to a sorted sequence using a Merkle hash tree Prove phase: home server receives the commitment and computed median a med home server performs 2 tests: requests a n/2 and compares it with a med picks an element from a random position Checks if elements picked from left half is < than median Checks if elements picked from right half is > than median
Computing min/max Securely compute min of a 1 a 2 a 3... a n Assumption – sensors will not provide fake values Computing min/max by sensors MinRootedTree protocol construct minimum spanning tree rooted at the minimum value each round node broadcast (min, id) pair fills the table by smallest received value Final state is authenticated and sent to aggregator p minid S1 3id1 S2 1id2 S3S21Id2 S1S2 S3 Reading: 3Reading: 1 Reading: 5 p – id of the current parent min – min value so far id – id of the node with min p minid S1 3id1 S2 1id2 S3 5id3 p minid S1S21id2 S2 1id2 S3S21Id2
Computing min/max Aggregate phase: aggregator commits to the list of the states reports the root of the tree to the server Prove phase: home server randomly picks a node in the list traverses the path from the node to the root If unsuccessful - rejects
Counting distinct elements Securely determine number of distinct values given a 1 a 2 a 3... a n Basic protocol: Pick random hash function h Apply to all elements a i Keep v=min i=1 n h(a i ) Number of distinct elements can be estimated by 1/v Protocol can be used for: computing the size of the network computing average value
Conclusion Hierarchical aggregation for very large networks the proposed protocols need to be slightly modified Consider forward secure authentication for past results querying sensor’s key is recomputed each time interval using one-way function past readings are secure in case sensor is compromised This is the first work that allows existence of malicious sensors