Académique Documents
Professionnel Documents
Culture Documents
20 www.ijeas.org
Security of Aggregated Data in Wireless Sensor Network
II. SYNOPSIS DIFFUSION We further assume that each pair of neighbouring nodes has a
pair-wise key to authenticate its mutual communication.
B. Goal
The goal of this paper mainly includes two major points: (a)
the first goal is to detect if ^B, the synopsis received at BS is
the same as the true nal synopsis B,(b) the second goal is to
compute B from B, and other received information.
Here, we are considering the Sum aggregate (if not otherwise
specied). As Count is a special case of Sum, the algorithm
mentioned in this paper is also applicable to the Count
aggregate also.
A comparison between the proposed algorithm and previous
works is shown later.
C. The Attack Details
Fig.1 Synopsis Diffusion over a ring topology
Since the lowest-order bit z, i.e. 0 in the final synopsis is
The synopsis diffusion uses ring topology as well as multipath estimated for the aggregate by the BS, so a compromised node
routing and helps in calculating duplicate sensitive aggregates C tends to falsify its data, BC , in such a way that it would
even in the presence of the attacks caused by compromised affect the value of z. The node C does so by injecting 1s in one
nodes distributed uniformly in the network. The synopsis or more bits in positions j, where z j , into B c which C
diffusion is shown in fig.1. Here, when the ring formation broadcasts to its parents. Let BC denote the synopsis nally
phase called query distribution phase starts, nodes form a set broadcast by node C.
of rings around the base station (BS) based on their distance in
terms of hops from BS. As can be seen from the figure, T i Besides this, the synopsis fusion function is a bitwise Boolean
denotes the ring consisting of the nodes which are i hops away OR so, the fused synopsis computed at any node which is at
from BS. After this, the data aggregation as well as the higher level than node C on the aggregation hierarchy will
transmission starts from the outermost ring to the BS. Each contain the false contributions of node C.
node generates as well as broadcasts its local synopsis.
The synopsis diffusion includes mainly three functions, The 1 bits which are present in B but not in B are
namely, Synopsis Generation function, SG (v); Synopsis considered as false 1s in the rest of this paper.
Fusion function, SF (v) and Synopsis Evaluation function, SE
(v), where v is the sensor value relevant to the query. Each C can attack by introducing a false 1 at bit j in B^C through
node generates and broadcasts its local synopsis using SG (v). any of the following two attacks:
The SF (v) is used to combine the local data of a node in a ring
as well as the data received from the previous ring. This can (a) Falsified sub-aggregate attack: in this attack C flips bit j in
be explained through the fig.1., where a node in ring T i, B^C from 0 to 1, disallowing the local aggregate to justify
receives data from the nodes in its communication range in that 1 in the synopsis B^C.
ring Ti+1 and combines it with its own data using the fusion
function, SF (v) and then further broadcast this fused synopsis (b) Falsified local value attack: in this attack, C injects a false
until it reaches the BS where again it combines this received 1 at bit j in its QC . This falsified Q^C thus induces the j bit ib
synopsis using SF (v). SE (v) function is used finally to B^C to be 1.
translate the final synopsis to answer the query.
Fig.2 below shows an example of falsified sub-aggregate
X
A node Xs fused synopsis, B , is recursively dened as attack.
follows. If X is a leaf node (i.e., X is in the outermost ring), BX
is its local synopsis QX. If X is a non- leaf node and suppose it
receives synopses BX1, BX2,...,BXd from d child nodes X1, X2,
... , Xd, respectively, then X computes B X as follows:
A. Assumptions
It is assumed that BS cannot be compromised. Also
compromised nodes are distributed uniformly.
Besides this, each node shares a pair-wise key with BS. Let
the key of the node with ID X be denoted as KX. To
authenticate a message to BS, a node X sends a MAC
(Message Authentication Code) generated using the key KX. Fig.2. Falsied Sub-aggregate Attack
21 www.ijeas.org
International Journal of Engineering and Applied Sciences (IJEAS)
ISSN: 2394-3661, Volume-2, Issue-6, June 2015
In the above fig., P node has three child X, Y and Z . Consider QX[i] =1}, where elements of the set are enumerated with
P as the compromised node and it receives synopses B^X, B^Y respect to X. As an example, if two nodes X1 and X2 set bit i to
and B^Z respectively. The local synopsis of P is QP. So, the be 1 in their local synopses, then Mi corresponds to either
fused synopsis B^P will be : MiX1 or MiX2 . We assume that a node Xs message to one of
its parents, P, can be lost due to communication failure but it
B^P = QP || B^X|| B^Y|| B^Z. cannot be partially or wrongly receivednode-to-node
authentication and acknowledgement mechanisms can be
Let R = z1, where z be the lowest-order bit that is 0 in used to enforce this property. It implies that if B X reaches P,
the received nal synopsis B. Also, let R = z1, where z is all of the MACs sent by X also reach P.
the lowest-order bit that is 0 in the correct nal synopsis B.
Then BSs estimate of the aggregate will be larger than the C. The Main Idea of the Protocol
correct estimate by a factor of 2 RR. So, a large amount of Before discussing the attack-resilient protocol, lets take a
error will appear in the nal estimate of BS. simpler protocol where each node X forwards one MAC for
each of the 1 bits in B^X and BS will verify all of the final
III. COMPUTING SUM DESPITE ATTACK synopsis received B^. If a compromised node, C injects a
false MAC for in few 1 bits. Then, with some probability,
these false MACs may get selected at each hop before
As mentioned, here, the attack-resilient algorithm is explained reaching BS. If for a bit in nal synopsis B, say bit i, BS does
to compute duplicate-sensitive aggregates in the presence of not receive a valid MAC but only false MACs, then BS cannot
attacks caused by compromised node (X).The node attacks by determine the real state of bit i. In fact, this can be the
inserting one or more 1s in the local value or the consequence of either of the following two scenarios: (i)
sub-aggregate value. B[i]=0 and a false MAC has been generated; (ii) a source
An obvious solution to guard against this attack is as follows. node (possibly a few hops away from BS) has sent a valid
BS broadcasts an aggregation query message containing a MAC for bit i (B[i]=1, indeed), but this MAC lost the race to
random value i.e. Seed which is associated to the current false MACs in the random selection procedure en-route BS.
query. After this, the sub-aggregation phase starts in which However, we observe that the probability of this undecided-
every node X, besides B^X, also sends a MAC (Message ability problem to arise is not the same for all of the bits. In
Authentication Code) to the Base Station, thus authenticating fact, a false MAC is not equally likely to get selected for all of
its sensed value vx. Generally, every node uses Seed and its the bits because the number of source nodes that contribute to
own ID to compute its MAC Node X uses Seed and its own ID a bit (hence, the number of valid MACs) varies with the bit
to compute its MAC. As a result, BS is able to detect and lter position.
out any false 1 bits inserted in the nal synopsis B.
Also, if the number of compromised nodes, t, is small
A. Introducing Message Authentication Code (MAC) compared to the total number of nodes, N, we expect that BS
The Message Authentication Code (MAC) is generated as will receive a valid MAC for the left bits far from bit r, but
follows: if X contributes to bits b1,b2,...,b in its local synopsis may not receive a valid MAC for the other bits.
QX, it generates a MAC, M = MAC(KX, L), where KX is the
key that node X shares with BS and the content of L is < X, vX D. Protocol Details
, b1, b2,..., b, Seed >. Each node X sends a message (L, M) An attack- resilient protocol having two phases as follows:
where L =< X, vX, b1, b2,..., b > might be needed by BS to
regenerate the MAC for the verication. It is observed that Phase One: run the simple protocol described above. First,
this approach is not suitable for a WSN as it requires O(N) BS broadcasts a query message:
MACs to be forwarded to BS. The attack-resilient algorithm BS:<PhaseOne,Sum,Seed,>
presented below also uses similar MACs but reduces the total
number of them. where Phase One is a ag indicating that phase one is going
to begin, and is the synopsis length.
Also, when we say that a message contains MAC, M, it is
understood that L is already present. In this phase, nodes basically execute the original synopsis
diffusion algorithm (for the Sum aggregate) with the Seed
A false MAC can be associated either to a false 1 or to a being used in the hash function in the CoinToss i.e.
non-false 1 bit. Specically, a compromised node X can
generate a false MAC (in the context of computing the
begin
function MAC(KX, L)) in four ways(i) by using a false L,
(ii) by using a false key KX, (iii) by doing both of (i) and (ii) QX[index]=0 index, 1 index ;
above, or (iv) by simply sending a bogus array of bits. As BS i=1;
re-executes the MAC generation process for each received while i vX do
MAC, any false MAC will be detected by BS. keyi =< X,i >;
index = CoinToss(keyi ,);
B. Notations
QX[index]=1;
Let MX i denotes the MAC, generated by node X, i = i +1;
authenticating the i-th bit of its local synopsis QX. Note that end
MX i is required to be generated only if QX[i]=1, i.e. there are return QX;
no MAC for 0 bits. Furthermore, for a particular i, Mi end
denotes one arbitrary element of the following set: {MiX |
22 www.ijeas.org
Security of Aggregated Data in Wireless Sensor Network
The nodes also do additional transmission of some MACs. In IV. RESULTS AND DISCUSSION
particular, each node X randomly selects one MAC for each
1 bit in synopses BX from the MACs received from its A. Error in Estimate r^
child nodes (possibly including Xs own MAC). X forwards
the selected MACs to its parents. The message broadcast by X The performance of the above protocol depends on the
to its parent nodes is as follows: looseness of the estimate, r^ as mentioned in the phase 1.
Furthermore, the maximum deviation in estimate r from
X:BX,{Mi|BX[i]=1,1i} correct r (which is obtained in phase two) depends on how
, where BX represents the fused synopsis at node X, Mi many compromised nodes participate in the false MAC
represents a MAC corresponding to B x [i]. After all of the injection attack during phase one. The analysis mentioned
MACs have been received by BS, for any 1 bit, say bit Bi, above states that the deviation obeys the following inequality
in the synopses B for which no valid MAC has been with high probability, (r r)log 2 t+1 wheret is the number
received, BS resets Bi to 0. The resulting set of synopses of compromised nodes. For any particular value of t (0, 25,
after this ltering process has been performed are denoted by 50, 100, 200, and 400), simulation of the false MAC injection
B, respectively. Now, BS makes an estimate of the expected attack during phase one was done 300 times. We measured (r
length of prex of all 1s, r using B. Let r be the estimate of r) for each t, and we observed that (r r) was low as
r. We observe that there is one factor which could possibly expected.
deviate the estimate r from r: injection of false MACs by the
adversarywhich can cause BS not receiving any valid MAC
for a few 1 bits near bit r in synopsis B. We observe that this
factor could contribute to a deviation to the left only (i.e.
making r less than r)
BS:<PhaseTwo,r>
23 www.ijeas.org
International Journal of Engineering and Applied Sciences (IJEAS)
ISSN: 2394-3661, Volume-2, Issue-6, June 2015
The above Fig. 4 plots the number of unique MACs sent over [18] B. Chen and H. Yu, Secure aggregation with malicious node
revocation in sensor networks, in Proc. 31st Int. Conf. Distrib. Comput.
the whole network during phase two as a function of t. The
Syst. (ICDCS), 2011, pp. 581592.
99% condence intervals are within 20% of the reported [19] D. Wagner, Resilient aggregation in sensor networks, in Proc. ACM
value. We observe that the number of MACs increases Workshop Security Sensor Adhoc Netw. (SASN), 2004, pp. 6879.
linearly with t, which conrms the analysis. [20] L. Buttyan, P. Schaffer, and I. Vajda, Resilient aggregation with attack
detection in sensor networks, in Proc. 2nd IEEE Workshop Sensor
Netw. Syst. Pervasive Comput., Mar. 2006, pp. 331336.
V. CONCLUSION [21] B. Przydatek, D. Song, and A. Perrig, SIA: Secure information
aggrega- tion in sensor networks, in Proc. 1st Int. Conf. Embedded
Netw. Sensor Syst. (SenSys), 2003, pp. 255265.
Firstly, the security issues of in-network aggregation [22] K. Frikken and J. A. Dougherty, An efcient integrity-preserving
algorithms to compute aggregates such as predicate Count scheme for hierarchical sensor aggregation, in Proc. 1st ACM Conf.
and Sum were discussed. In particular, the falsied Wireless Netw. Security (WiSec), 2008, pp. 6876.
sub-aggregate attack launched by a few compromised nodes [23] S. Nath, H. Yu, and H. Chan, Secure outsourced aggregation via one-
way chains, in Proc. 35th SIGMOD Int. Conf. Manag. Data, 2009, pp.
which can inject arbitrary amount of error in the base stations 3144.
estimate of the aggregate, were shown. An attack-resilient [24] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar, SPINS:
computation algorithm was explained so as to guarantee the Security protocols for sensor networks, in Proc. Int. Conf. Mobile
successful computation of the aggregate even in the presence Comput. Netw. (MobiCOM), 2001, pp. 189199.
[25] W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T. F. Abdelzaher, PDA:
of the attack. Privacy-preserving data aggregation in wireless sensor networks, in
Proc. IEEE Int. Conf. Comput. Commun. (INFOCOM), May 2007, pp.
20452053.
REFERENCES [26] S. Roy, M. Conti, S. Setia, and S. Jajodia. (2013). Secure Data
Aggregation in Wireless Sensor Networks: Filtering out the Attackers
[1] M. Liu, N. Patwari, and A. Terzis, Scanning the issue, Proc. IEEE, vol. Impact. An Extended and Online Version [Online]. Available:
98, no. 11, pp. 18041807, Apr. 2010. http://people.cis.ksu.edu/~sroy/attackResilientAgg.pdf
[2] T. Ko, J. Hyman, E. Graham, M. Hansen, S. Soatto, and D. Estrin,
Embedded imagers: Detecting, localizing, and recognizing objects and
events in natural habitats, Proc. IEEE, vol. 98, no. 11, pp. 19341946, Surabhi Singhal is the author of this paper. She has done her B.tech in
Nov. 2010. Computer Science from Galgotias College of Engineering and Technology.
[3] P. Corke, T. Wark, R. Jurdak, W. Hu, P. Valencia, and D. Moore, This is her first paper.
Environmental wireless sensor networks, Proc. IEEE, vol. 98, no. 11,
pp. 19031917, Nov. 2010.
[4] (2006). James Reserve Microclimate and Video Remote Sensing
[Online]. Available: http://research.cens.ucla.edu/
projects/2006/terrestrial/microclimate/defau%lt.htm
[5] S. Madden, M. J. Franklin, J. Hellerstein, and W. Hong, TAG: A tiny
aggregation service for ad hoc sensor networks, in Proc. 5th USENIX
Symp. Operating Syst. Des. Implement., 2002, pp. 13.
[6] J. Zhao, R. Govindan, and D. Estrin, Computing aggregates for
monitoring sensor networks, in Proc. 2nd Int. Workshop Sensor Netw.
Protocols Appl., 2003, pp. 139158.
[7] J. Considine, F. Li, G. Kollios, and J. Byers, Approximate aggregation
techniques for sensor databases, in Proc. IEEE 20th Int. Conf. Data
Eng. (ICDE), 2004, pp. 449460.
[8] S. Nath, P. B. Gibbons, S. Seshan, and Z. Anderson, Synopsis diffusion
for robust aggregation in sensor networks, in Proc. 2nd Int. Conf.
Embedded Netw. Sensor Syst. (SenSys), 2004, pp. 250262.
[9] M. Garofalakis, J. M. Hellerstein, and P. Maniatis, Proof sketches:
Veriable in-network aggregation, in Proc. 23rd Int. Conf. Data Eng.
(ICDE), 2007, pp. 9961005.
[10] Y. Yang, X. Wang, S. Zhu, and G. Cao, SDAP: A secure hop-by- hop
data aggregation protocol for sensor networks, in Proc. ACM
MOBIHOC, 2006, pp. 356367.
[11] H. Yu, Secure and highly-available aggregation queries in large-scale
sensor networks via set sampling, in Proc. Int. Conf. Inf. Process.
Sensor Netw., 2009, pp. 112.
[12] S. Roy, M. Conti, S. Setia, and S. Jajodia, Secure data aggregation in
wireless sensor networks, IEEE Trans. Inf. Forensics Security, vol. 7,
no. 3, pp. 10401052, Jun. 2012.
[13] S. Roy, S. Setia, and S. Jajodia, Attack-resilient hierarchical data
aggregation in sensor networks, in Proc. ACM Workshop Security
Sensor Adhoc Netw. (SASN), 2006, pp. 7182.
[14] M. B. Greenwald and S. Khanna, Power-conservative computation of
order-statistics over sensor networks, in Proc. 23th SIGMOD
Principles Database Syst. (PODS), 2004, pp. 111.
[15] P. Flajolet and G. N. Martin, Probabilistic counting algorithms for
data base applications, J. Comput. Syst. Sci., vol. 31, no. 2, pp.
182209, 1985.
[16] L. Hu and D. Evans, Secure aggregation for wireless networks, in
Proc. Workshop Security Assurance Ad Hoc Netw., 2003, pp. 384391.
[17] H. Chan, A. Perrig, and D. Song, Secure hierarchical in-network
aggregation in sensor networks, in Proc. ACM Conf. Comput.
Commun. Security (CCS), 2006, pp. 278287.
24 www.ijeas.org