sdap: a secure hop-by-hop data aggregation protocol for sensor networks
DESCRIPTION
SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks. Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007 Presented by Nicky Mahilani CSC 774 In-class presentation. Acknowledgement: Based on slides provided by Author. Outline. - PowerPoint PPT PresentationTRANSCRIPT
Computer Science
SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor
Networks
Yi Yang, Xinran Wang, Sencun Zhu and Guohong CaoApril 24, 2007
Presented by Nicky MahilaniCSC 774 In-class presentation
1•Acknowledgement: Based on slides provided by Author
Computer Science
Outline
• Data Aggregation in Sensor Networks
• Security Challenges
• SDAP Details
• Performance Evaluation
• Conclusion
• Future Work
2
Computer Science
Sensor Networks
• Group of sensor nodes
report to a Base Station(BS)• Without data aggregation
– Data redundancy
– Communication cost
– Energy expenditure
• Reporting raw data is
inefficient
•BS
3
Computer Science
Data Aggregation in Sensor Networks
• With data aggregation
we can reduce– Data redundancy
– Communication cost
– Energy expenditure
• A lossy data compression
process
•BS
4
Computer Science
Outline
• Data Aggregation in Sensor Networks
• Security Challenges
• SDAP Details
• Performance Evaluation
• Conclusion
• Future Work
5
Computer Science
Security Challenges in Data Aggregation?(1)
• A compromised intermediate
node may change the
aggregated data
• BS cannot verify the result
without knowing original
readings
False Alarm
•BS
Compromised node
6
Computer Science
• Hop-by-hop aggregation – Aggregates computed by a
higher-level node are from
‘more’ low-level nodes
– If a compromised node is
closer to BS, false value from
it has more impact on the final
result computed by BS
•Legitimate temperature (32F ~ 150F)
•BS
7
Security Challenges in Data Aggregation?(2)
Computer Science
Security Challenges in Data Aggregation?(3)
• Question:Can the BS obtain a good approximation of the fusion result when a fraction of nodes are compromised?
False Alarm
•BS
Compromised node
8
Computer Science
Outline
• Data Aggregation in Sensor Networks
• Security Challenges
• SDAP Details
• Performance Evaluation
• Conclusion
• Future Work
9
Computer Science
Network Model
•BS B S
. . . . . .
- An unbalanced tree rooted at BS
- Data is aggregated hop by hop
- Each aggregate is a tuple (value, count)
- Every node only forwards one copy
10
Computer Science
Attack Model
• Goal: Inject false data without being detected by BS
• Example:
– Without modifying the
received aggregate
• (98.7F~101F, 51)
– Count change attack
• (100F~150F, *)
– Value change attack
• (32F~150F, 51)
•Legitimate temperature (32F ~ 150F)
•BS
(100F, 50)
•(?, ?)
11
Computer Science
SDAP: Secure Hop-by-hop Data Aggregation Protocol
• Basic Principle– Divide and conquer
– Commit and attest
• Protocol Overview– Tree Construction & Query Dissemination
– Probabilistic grouping• Partition nodes into logical groups of similar size
– Hop-by-hop aggregation• Each group generates a commitment which cannot be denied later
– Verification & attestation• BS identifies suspicious groups
• Suspect groups attest correctness of commitments to BS
12
Computer Science
Tree Construction & Query Dissemination
• Tree construction• Query dissemination
– BS * : Fagg, Sg
• Fagg:
an aggregation function,
e.g., avg, count
• Sg:
a random number as
grouping seed
13
B S
. . . . . .
•Legitimate temperature (32F ~ 150F)
•avg •avg•avg •avg •avg
•avg •avg •avg •avg
•avg •avg•avg•avg•avg•avg•avg •avg
•avg•avg•avg•avg•avg•avg•avg•avg•avg
Computer Science
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)
• x : node id
• Kx : master key of x
• H : pseudorandom function, uniform output in [0,1)
• Sg : for security and load
balance• c : count
• Fg : grouping function, [0,1)
output increasing with c
14
•Legitimate temperature (32F ~ 150F)
B S
. . . . . .x
y
w '
•H(Kid, Sg|id) > Fg(1)
•H(Kw’, Sg|w’) < Fg(8)
•H(Kx, Sg|x) < Fg(15)
•H(Ky, Sg|y) < Fg(c)
Computer Science
Probabilistic grouping & data aggregation
• Probabilistic grouping is conducted through group leader selection– H(Kx, Sg|x) < Fg(c)
• x : node id
• Kx : master key of x
• H : pseudorandom function, uniform output in [0,1)
• Sg : for security and load
balance• c : count
• Fg : grouping function, [0,1)
output increasing with c
15
•Legitimate temperature (32F ~ 150F)
B S
x
D ef au lt L ead er
. . . . . .
y
w '
By choosing appropriate grouping functions, group sizes are roughly even with small deviation, providing good basis for attestation
Computer Science
Group Aggregation
16
• Format of aggregates
flag value count MAC id seed
•Encrypted
•Authenticated
Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments
B S
. . . . . .
u
v
w
x
y
– uv : u, 0, E(Kuv ,1|Ru|Sg)|MACu
• MACu=MAC(Ku, 0|1|u|Ru|Sg)
• Leaf node aggregation
Computer Science
Group Aggregation (2)
17
B S
. . . . . .
u
v
w
x
y
– vw : v, 0, E(Kvw ,3|Aggv|Sg)|MACv
• Aggv=Fagg(Rv, Ru, Ru’)
• MACv=MAC(Kv, 0|3|v|Aggv| MACu MACu’ |Sg)
MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data
H(Kv, Sg|v) > Fg(3)
• Immediate node aggregation
Computer Science
Group Aggregation (3)
18
B S
. . . . . .
u
v
w
x
y
– xBS : x, 1, E(Kx ,15|Aggx|Sg)|MACx
• Aggx=Fagg(Rx, Aggw, Aggw’)
• MACx=MAC(Kx, 1|15|x|Aggx|MACw MACw’|Sg)
H(Kx, Sg|x) < Fg(15)•Default leader of leftover nodes
•Tracking the forwarding path:• A forwarding table (incoming link, group id)• Group id is the id of group leader• Bloom filter may help scale up
• Leader node aggregation
Computer Science
Verification & attestation
• BS identifies suspicious groups for attestation• Outlier detection by Grubbs’ Test
– extensions: multiple outliers, bivariate• Pc * Pvalue <α? (significance level, e.g., 0.05)
– Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result
19
•(x, 142F, 50) •(y, 100F, 20)•(w’, 95F, 25) •(BS, 90F, 28)
Computer Science
Verification & attestation (2)
20
B S
. . . . . .
u
v
w
x
y
• Forwarding attestation requests from BS
• Suppose group x is under suspicion
BS y: x, Sa, Sg
Sa: a random number as attestation seed
Node y then forwards this request to leader x
Computer Science
• Group attestation− Probabilistic
attestation path selection• From x, each parent
sums up counts of all the children, then computes
• picks up ith child on the path, if
Verification & attestation (3)
21
d
kka cidSHw
1
)|(
),[1
1 1
i i
kk ccw
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
Computer Science
Verification & attestation (4)
22
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
• Attestation response from groups• Each node on the path sends back count and
reading• Sibling node sends back count, aggregate
and MAC (leaf only sends count and reading)
Computer Science
Verification & attestation (5)
• Group response validation by BS
• BS reconstructs Aggx and MACx based on responses– If both match the submitted values,
accepts them– Otherwise, rejects them
23
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
Computer Science
Outline
• Data Aggregation in Sensor Networks
• Security Challenges
• SDAP Details
• Performance Evaluation
• Conclusion
• Future Work
24
Computer Science
Detection Rate
25
• m is the number of attestation paths
B S
v '
w
x
u
v
w '
u '
y
. . . . . .
•Cv : Count value •m
• Det
ecti
on R
ate
Computer Science
Grouping Function (Fg)
• Goal: small variations on group sizes – if c = 1, Fg(c) = 0– if c infinite, Fg(c) = 1– increase slowly in the beginning,
approach to 1 quickly after a certain value above the mean
26
1 :1 : 0<
)1()( Cg ecF
Computer Science
Communication Overhead
• Packet*hop: 3.4k~4.4K • in a non-secure aggregation scheme: 3k • in a no aggregation secure scheme: 21k
27
12
34
56
78
910
30
35
40
45
503500
3600
3700
3800
3900
4000
4100
4200
4300
4400
Number of Attested Groups(ng): 1~10
n=3280, d=3, h=7, np=1
Group Sizes(g): 30~50
Overh
ead o
f O
ur
Pro
tocol
(packet*hop)
Computer Science
Outline
• Data Aggregation in Sensor Networks
• Security Challenges
• SDAP Details
• Performance Evaluation
• Conclusion
• Future Work
28
Computer Science
Conclusion & Future Work
• A probabilistic grouping based secure data aggregation protocol– Divide-and-conquer– Commit-and-attest – With adjustable detection rate– Low performance overhead
• Challenges:– Max/Min– Content-based attestation
• Readings from nodes in the same neighborhood should bear certain temporal/spatial correlations
29
Computer Science
Thank you !
• Questions ???
30