pDCS: Security and Privacy Support for Data-Centric Sensor Networks

Min Shao, Sencun Zhu,Wensheng Zhang, and Guohong

CaoPenn State University

2

Roadmap Introduction to Data-Centric Sensor Networks Characteristics, motivation, security attacks

Design Goals of pDCS pDCS

Overview Privacy Enhanced Data-Location Mapping Improving the Query Efficiency

Performance Evaluation Conclusions

3

A Data-centric Sensor Network

A new paradigm for data dissemination

Through a DCS a zoologist knows the locations of all animals

u

v

H(deer)

4

Security Attacks

Passive attacklisten to the communication only

Query attacksend a query to sensor nodes to obtain the data

Readout attackread out the data/key in the captured sensor nodes

Mapping attackidentify the mapping relation between two cells

5

Design Goals of pDCS

Mapping RandomizationBackward Event Privacy

Preventing an attacker from compromising previous data

Forward Event PrivacyPreventing an attacker from compromising future data

Query ImprovementQuery Privacy

the probability that an attacker cannot find the ids of the storage cells from eavesdropping query messages

Query Efficiency

Event Privacy Level (EPL): the probability that an attacker cannot obtain both the sensor data and the encryption keys for an event of his interest

6

pDCS Overview Cell u first determines the location of

the storage cell v through a keyed hash function.

u encrypts the recorded information (Me) with its own cell key.

u then forwards the message towards the destination storage cell.

On receiving the message, v stores it locally

If an authorized user is interested in the event E in cell u, he determines v and sends a query to v.

u

v

7

Scheme I: Group-Key-Based Mapping

Mapping Function

Nr, Nc: number of rows and columns

K: a group-wide shared key

E: an event

Type I Querywhat is the information about an event E?

)mod()||1(),mod()||0( ccrr NEKHLNEKHL

8

BEPL & FEPL of Scheme I

p f1 (m,s)1 (ms /N) /m1 s /N

pb1 (m,s)1

1

N(i

m)(N 1 ms 1 i

)(m

i) /(N 1s 1

)i1

B1

N 1N

(i

m)(N 2 ms 2 i

)(m

i) /(N 2s 2

)i1

B2

B1 min(s 1,m),B2 min(s 2,m)

•m – #source cells•s - #compromised cells

9

Scheme II: Time-Based Mapping

Mapping Function

Group key KT is updated every T seconds. When its timer fires, a node derives the next group key KT=H(KT) and erases the previous key KT

Type II Query

what is about the event E during the time interval T?

Security Analysis higher BEPL than in Scheme I higher FEPL than in Scheme I

Lr H(0 |KT | E |T)mod(Nr )

T1

T2

v1

v2

10

Scheme III: Cell-Based Mapping

Mapping Function

Kij: the cell key of cell (i, j), updated in

every T seconds

Type III Queryhas event E happened in cell L(i, j)during the time interval T?

Security AnalysisBEPL=1the same FEPL as Scheme II

Lr H(0 | i | j | E |K ij |T)mod(Nr)

T1

T1

T2

T2

11

Mapping Schemes Summary

Scheme II

Time-Based

Scheme III

Cell-Based

Scheme I

Group-Key-Based

Query Granularity

low high

Privacy

low high

Message Overhead

low high

12

Secure Query and Improve efficiency

high message overhead query privacy=0

Basic Scheme

13

Secure Query and Improve efficiency (2)

Euclidean Steiner Tree (EST) Scheme

low message overhead

query privacy

22

2

n

n

14

Secure Query and Improve efficiency (3)

Keyed Bloom Filter (KBF) Scheme

Hi(x|kp) (i=1,…,k)

xkp

15

Secure Query and Improve efficiency (3)

Keyed Bloom Filter (KBF) Scheme

Hi(cj|kX)(j=1,2,…,7)

kX

c1 c2 c3

c4

c5c6c7

16

Performance Evaluation (1)

Query bandwidth overhead 20x20 cells

17

Performance Evaluation (2)

Query Delay

18

Performance Evaluation (3)

Query Privacy

19

Query Techniques Summary

EST Scheme KBF SchemeBasic Scheme

low high

Query Privacy

Message Overhead

high

low

low high

Query Delay

20

Conclusions

The first work to provide security and privacy to DCS

Propose solutions for building a secure data-centric sensor network (pDCS)Offer different levels of privacy in data-location mapping

Offer several query optimization techniques

Future Workimprove forward event privacy

Thank You!