A Framework for Secure Data Aggregation in Sensor

Networks Yi Yang

Xinran Wang, Sencun Zhu and Guohong Cao

The Pennsylvania State UniversityMobiHoc’ 06

SDAP 2

Why data aggregation? (1)

• Without data aggregation– Data redundancy – Communication cost– Energy expenditure

BS• Many low-cost sensors• Some data sinks which subscribe to special data streams by distributing interests or querying

SDAP 3

Why data aggregation? (2)• With data

aggregation

Reduce data redundancy, communication cost and energy expenditure in data collection!

BS

SDAP 4

Network model

• An unbalanced tree rooted at BS• Data are aggregated hop by hop• Each aggregate is a tuple (value, count)• Every node only forwards one copy

BS B S

. . . . . .

SDAP 5

Security challenges in aggregation? (1)

• A compromised node may report a false fusion result, causing the final aggregation result to be much different from the true measurement.• Question:

– How can BS obtain a good approximation of the fusion result when a fraction of nodes are compromised?

Compromised node

False Alarm

BS

SDAP 6

Attack model• Example:

– Without modifying the received aggregate

• (98.7F~101F, 51)– Count change attack

• (100F~150F, *)– Value change attack

• (32F~150F, 51)

Goal: Inject false data without being detected by BS Legitimate temperature (32F ~ 150F)

BS

(100F, 50)

(?, ?)

The combination of count and value change attacks, and collusion among compromised nodes are more destructive!

SDAP 7

Our solutionsDivide and conquerCommit and attest• Tree construction and query dissemination• Probabilistic grouping

– Partition nodes in the tree into multiple logical groups (subtrees) of similar size• Hop-by-hop aggregation

– Each group generates a commitment which cannot be denied later• Attestation between BS and suspicious groups

– BS identifies abnormal groups from the set of received group commitments– Groups under suspicion prove the correctness of submitted commitments to BS

• BS discards commitments from groups failing to support previous values when computing final aggregates

SDAP 8

Tree Construction & Query Dissemination

• Tree construction– Similar to TAG

• Query dissemination– BS * : Fagg, Sg

• Fagg: an aggregation function, e.g., avg, count

• Sg: a random number as grouping seed

B S

. . . . . .

Legitimate temperature (32F ~ 150F)

avg avg

avg avg avg

avg avg avg avg

avg avg avg avg avg avg avg avg

avg avg avg avg avg avg avg avg avg

SDAP 9

Probabilistic grouping & data aggregation

• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniformly maps the input into the range of[0,1) •Sg : for security and load balance•c : count value•Fg : grouping function, outputs a real number between [0,1) output increasing with c

Legitimate temperature (32F ~ 150F)

B S

. . . . . .x

y

w '

H(Kid, Sg|id) > Fg(1)

H(Kw’, Sg|w’) < Fg(8)

H(Kx, Sg|x) < Fg(15)

H(Ky, Sg|y) < Fg(c)

SDAP 10

Probabilistic grouping & data aggregation

• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)•x : node id•Kx : master key of x•H : pseudorandom function, uniform output in [0,1) •Sg : for security and load balance•c : count•Fg : grouping function, [0,1) output increasing with cBy choosing appropriate grouping

functions, group sizes are roughly even with small deviation, providing good basis for attestation

Legitimate temperature (32F ~ 150F)

B S

x

D ef au lt Lead er

. . . . . .

y

w '

SDAP 11

B S

. . . . . .

u

v

w

x

y

Group aggregation (1)• Format of aggregates

flag valuecount MACid seed

Encrypted

Authenticated

• Leaf node aggregation– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu

MACu=MAC(Ku, 0|1|u|Ru|Sg)

Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments

H(Ku, Sg|u) > Fg(1)

SDAP 12

B S

. . . . . .

u

v

w

x

y

• Immediate node aggregation– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv

Aggv=Fagg(Rv, Ru, Ru’) MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)

Group aggregation (2)

MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data

H(Kv, Sg|v) > Fg(3)

SDAP 13

B S

. . . . . .

u

v

w

x

y

• Leader node aggregation– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx

Aggx=Fagg(Rx, Aggw, Aggw’) MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)

Group aggregation (3)

H(Kx, Sg|x) < Fg(15)

Default leader of leftover nodes

SDAP 14

Verification & attestation(1)

• Outlier detection by Grubbs’ Test an existing work

BS needs to verify the correctness of the aggregated value

SDAP 15

Verification & attestation(2)

Forwarding attestation requests from BS• Suppose group x is

under suspicion– BS y: x, Sa, Sg

– Node y then forwards this request to leader x

• Sa: a random number as attestation seed

B S

. . . . . .

u

v

w

x

y

SDAP 16

• Probabilistic attestation path selection– From x, each parent sums up

counts of all the children, then computes . Finally determine the path by picking up ith child on the path, if

Verification & attestation(3)

d

kka cidSHw

1

)|(

Group attestation

),[1

1 1

i i

kk ccw

A node with larger count has more chances to be attested

B S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 17

• Each node on the path sends back count and reading

• Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

Verification & attestation(4)

Attestation response from groupsB S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 18

Verification & attestation(5)

Group response validation by BS• BS reconstructs Aggx and

MACx based on responses– If both match the submitted

values, accepts them– Otherwise, rejects them

B S

v '

w

x

u

v

w '

u '

y

. . . . . .

SDAP 19

Security Analysis An attacker can not selectively compromise nodes to ensure his optimal attacking • A compromised node can not know in advance whether1. it will become a group leader or which group it will belong to 2. its aggregate will become an outlier by Grubbs’ test3. it will be selected on the attestation path

SDAP 20

Detection Rate

• m is the number of attestation paths

12

34

56

78

24

68

1012

1416

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

m=1~8cv: count value of node v

Det

ectio

n R

ate

SDAP 21

Communication Overhead

Packet*hop: 3.4k~4.4K • in a non-secure aggregation scheme: 3k • in a no aggregation secure scheme: 21k

12

34

56

78

910

30

35

40

45

503500

3600

3700

3800

3900

4000

4100

4200

4300

4400

Number of Attested Groups(ng): 1~10

n=3280, d=3, h=7, np=1

Group Sizes(g): 30~50

Ove

rhea

d of

Our

Pro

toco

l

(packet*hop)

SDAP 22

Thank you! •Questions?

•if a node has a larger count value, the probability for it to become a leader is higher. So if a compromised node with large count be-comes a leader, the BS will definitely reject it and the whole largegroup, which will also affect the quality of aggregation.