RCDA: Recoverable Concealed DataAggregation for Data Integrity in

Wireless Sensor Networks

Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, and Hung-Min SunIEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 23, NO. 4, APRIL 2012Citation:42

Presenter:張哲豪Date:2014/9/22

2

Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions

Outline

3

To reduce the communication cost in WSN, data aggregation is performed by cluster head.

Problem◦ Adversary has the ability to capture cluster heads.

Introduction

4

Concealed Data Aggregation◦ data are encrypted during transmission◦ cluster heads directly aggregate encrypted data

without decryption(privacy homomorphism)

Problem◦ The usage aggregation functions is constrained◦ Base station can’t verify the integrity and

authenticity of each sensing data.

Introduction

5

Recoverable Concealed Data Aggregation◦ The base station can verify the integrity and

authenticity of all sensing data.◦ The base station can perform any aggregation

functions on them.

Introduction

6

Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions

Outline

7

Homogeneous WSN◦ cluster heads act as normal SNs.

Heterogeneous WSN◦ cluster heads act as by powerful high-end

sensors (H-Sensors)◦ Different types of SNs

Network Model

8

Without compromising any SN or CH◦ Forged messages with public information

Compromising SNs◦ Obtain sensing data or forge malicious data

Compromising CHs◦ Decrypt the ciphertext◦ Forged aggregation results

Attack Model

9

: is security parameter◦ Construct an elliptic curve over a finite field ◦ Select private key ◦ Generate public key where ,

is a generator on , ◦ Return key pair

◦ Select where ◦ Compute , where ◦ Output cipher

Mykletun et al.’s Encryption Scheme

10

◦ Compute

◦ Computer ◦ Reverse through ◦ Return the plaintext

Mykletun et al.’s Encryption Scheme

11

, where ◦ Generate private key ◦ Generate public key where ◦ Output key pair for entity

◦ Compute where ◦ Generate signature and return

Boneh et al.’s Signature Scheme

12

◦ Computer ◦ where

◦ , public key set ◦ Compute ,for

Boneh et al.’s Signature Scheme

13

Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions

Outline

14

Construction of RCDA-HOMO

15

Construction of RCDA-HOMO (BS generate)

◦ for each sensor ,where ◦ where ◦ Encoding : , where ◦ Signature: ,where ◦ Ciphertext:◦ sends the pair to

16

◦ Send to the BS

Construction of RCDA-HOMO

17

Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Implementation Comparisons Conclusions

Outline

18

RCDA-HETE

K11

19

◦ for each H-sensor ,where◦ where ◦ Each L-sensors share a pairwise key with its CH

◦ Secure channel between L-sensors and H-sensor (preferred aggregation)

◦ Encoding : , where ◦ Signature: ,where ◦ Ciphertext:◦ sends the pair to

RCDA-HETE

20

RCDA-HETE

21

allows to send and MAC(message authentication code) of to

Every H-Sensor is loaded several necessary aggregation functions before deployment

Recovery property

22

Introduction Preliminaries RCDA-HOMO RCDA-HETE Analysis Performance Comparisons Conclusions

Outline

23

Without compromising any SN or CH◦ Adversary can’t sign forged messages without

private keys Compromising SNs

◦ Signature required for each generated message Compromising CHs

◦ No decryption private key is stored in a cluster◦ Selective forwarding attack was defended

Analysis

24

Performance

25

Comparisons

26

The base station can securely recover all sensing data rather than aggregated results, but the transmission overhead is still acceptable.

The aggregate signature scheme to ensure data authenticity and integrity

Conclusions