chien-ming chen, yue-hsun lin, ya-ching lin, and hung-min sun ieee transactions on parallel and...
TRANSCRIPT
RCDA: Recoverable Concealed DataAggregation for Data Integrity in
Wireless Sensor Networks
Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, and Hung-Min SunIEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,
VOL. 23, NO. 4, APRIL 2012Citation:42
Presenter:張哲豪Date:2014/9/22
2
Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions
Outline
3
To reduce the communication cost in WSN, data aggregation is performed by cluster head.
Problem◦ Adversary has the ability to capture cluster heads.
Introduction
4
Concealed Data Aggregation◦ data are encrypted during transmission◦ cluster heads directly aggregate encrypted data
without decryption(privacy homomorphism)
Problem◦ The usage aggregation functions is constrained◦ Base station can’t verify the integrity and
authenticity of each sensing data.
Introduction
5
Recoverable Concealed Data Aggregation◦ The base station can verify the integrity and
authenticity of all sensing data.◦ The base station can perform any aggregation
functions on them.
Introduction
6
Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions
Outline
7
Homogeneous WSN◦ cluster heads act as normal SNs.
Heterogeneous WSN◦ cluster heads act as by powerful high-end
sensors (H-Sensors)◦ Different types of SNs
Network Model
8
Without compromising any SN or CH◦ Forged messages with public information
Compromising SNs◦ Obtain sensing data or forge malicious data
Compromising CHs◦ Decrypt the ciphertext◦ Forged aggregation results
Attack Model
9
: is security parameter◦ Construct an elliptic curve over a finite field ◦ Select private key ◦ Generate public key where ,
is a generator on , ◦ Return key pair
◦ Select where ◦ Compute , where ◦ Output cipher
Mykletun et al.’s Encryption Scheme
10
◦ Compute
◦ Computer ◦ Reverse through ◦ Return the plaintext
Mykletun et al.’s Encryption Scheme
11
, where ◦ Generate private key ◦ Generate public key where ◦ Output key pair for entity
◦ Compute where ◦ Generate signature and return
Boneh et al.’s Signature Scheme
12
◦ Computer ◦ where
◦ , public key set ◦ Compute ,for
Boneh et al.’s Signature Scheme
13
Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions
Outline
14
Construction of RCDA-HOMO
15
Construction of RCDA-HOMO (BS generate)
◦ for each sensor ,where ◦ where ◦ Encoding : , where ◦ Signature: ,where ◦ Ciphertext:◦ sends the pair to
16
◦ Send to the BS
Construction of RCDA-HOMO
17
Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions
Outline
18
RCDA-HETE
K11
19
◦ for each H-sensor ,where◦ where ◦ Each L-sensors share a pairwise key with its CH
◦ Secure channel between L-sensors and H-sensor (preferred aggregation)
◦ Encoding : , where ◦ Signature: ,where ◦ Ciphertext:◦ sends the pair to
RCDA-HETE
20
RCDA-HETE
21
allows to send and MAC(message authentication code) of to
Every H-Sensor is loaded several necessary aggregation functions before deployment
Recovery property
22
Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Performance Comparisons Conclusions
Outline
23
Without compromising any SN or CH◦ Adversary can’t sign forged messages without
private keys Compromising SNs
◦ Signature required for each generated message Compromising CHs
◦ No decryption private key is stored in a cluster◦ Selective forwarding attack was defended
Analysis
24
Performance
25
Comparisons
26
The base station can securely recover all sensing data rather than aggregated results, but the transmission overhead is still acceptable.
The aggregate signature scheme to ensure data authenticity and integrity
Conclusions