An Efficient IntegrityPreserving Scheme for Hierarchical Sensor Aggregation

1
An Efficient Integrity-Preserving Scheme for
Hierarchical Sensor Aggregation
2
Integrity in Sensor Networks

• Environment Sensors deployed in hostile
  environment and base station wants to query
  network
• In-network aggregation useful for extending
  lifetime of the network
• Undesirable if adversary can corrupt a small
  number of nodes and convince querier of false
  result

3
Problem Description

• n sensors
• Each has value in range 0,r
• Goal Base station learns SUM of values
• Can be extended to COUNT, AVERAGE, F-QUANTILE
• Setup
• Nodes have key with base station
• Nodes form aggregation tree Madden et al, 2002
• Nodes can receive broadcasts from base station
  Perrig et al, 2002

4
Stealthy Attack

• M sum (uncorrupted)
• Corrupted can force M,M2r
• Should not be able to convince base station of
  value outside of this range

Base
5
Efficiency Goal

• Want to extend life of all nodes in network
• Node congestion Maximum information sent by any
  one node
• No expensive cryptography

6
Related Work

• Elect leader
• Heinzelmann et al, 2001, Qin and Zimmerman,
  2005
• Problem Single place of failure
• Resilience against leader corruption
• Du et al, 2003, Mahimkar and Rappaport, 2004,
  Yang et al, 2006, Przydatek, 2003
• High node congestion at leader

7
More Related Work

• Resilience against node failures
• Gupta et al, 2001, Nath et al, 2004, Chen et
  al, 2005, Manhji et al, 2005
• Does not consider malicious nodes
• Resilience against single malicious nodes
• Hu and Evans, 2003, Jadia and Mathuria, 2004
• What about multiple malicious nodes

8
Scheme by Chan et al--CCS 2006

• Provided protection against stealthy attacks with
  multiple malicious nodes
• Node congestion O(?log2n)
• ? degree of aggregation tree
• n number of sensors
• Our Goal Reduce network congestion with same
  resilience
• What we achieved O(?log n)

9
Is this Significant?

• Is it likely that n will be large enough to
  necessitate improvement from O(?log2n) to O(?log
  n)?
• Well if we ignore constants
• log2n gt sqrt(n) for nlt 65536
• n1024, log2n 100, log n 10
• n 128 log2n 49, log n 7

10
Review of CCS 2006 scheme

• Phase 1 Aggregation-Commit Phase
• Pass information up aggregation tree
• Aggregation similar to Merkle Tree aggregation
• Phase 2 Result-Broadcast Phase
• Base Station broadcasts commitment
• Phase 3 Result-Checking Phase
• Proofs of inclusion in broadcast passed down
  aggregation tree
• Proofs similar to inclusion of commitments in
  Merkle tree
• Phase 4 Agreement Phase
• Everyone confirms that they are in the result

11
Merkle Tree Merkle, 1980

• Parent value H(leftrightownValue)
• If given commitment of root, node needs
• Values of nodes on path to root
• Offpath values on path to root

12
Commitment Structure

• If we use aggregation tree, worst case
  communication cost is O(n) (average case
  O(sqrt(n))
• Idea of Previous Work Build an alternate
  commitment structure
• Forest of complete trees of unique heights

13
Example of structure

• To combine two forests
• While (two trees of same height)
• Combine into a single tree

14
Problem with Approach
15
Our Scheme from 10000 feet

• Avoid previous problem of close nodes being
  separated
• If this will happen we will add dummy nodes to
  keep things close
• Concerns
• How do we minimize dummy nodes?
• How many dummy nodes will be added?

16
Notation

• HEAD(F) largest tree in forest
• TAIL(F) F-HEAD(F)
• EXPAND(F) Add dummy nodes to make F into
  complete tree
• SIZE(F) Number of leaf nodes in F

17
Merge(F1,F2) size(F1)gtsize(F2)

• Case 1
• SIZE(HEAD(F1)) SIZE(HEAD(F2)
• TAIL(F1) and TAIL(F2) empty
• Result Combine F1 and F2 into a single tree

18
Merge(F1,F2) size(F1)gtsize(F2)

• Case 2
• SIZE(HEAD(F1)) SIZE(HEAD(F2)
• TAIL(F1) not empty
• Result EXPAND(F1) and concat with F2

19
Merge(F1,F2) size(F1)gtsize(F2)

• Case 3
• SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
• F3 MERGE(TAIL(F1),F2)
• SIZE(F3) SIZE(HEAD(F1))
• TAIL(F3) ! ()
• Result EXPAND(F1) and concat with F2

20
Merge(F1,F2) size(F1)gtsize(F2)

• Case 3
• SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
• F3 MERGE(TAIL(F1),F2)
• SIZE(F3) SIZE(HEAD(F1))
• TAIL(F3) ()
• Result Combine HEAD(F1) with F3 into a single
  tree

21
Merge(F1,F2) size(F1)gtsize(F2)

• Case 3
• SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
• F3 MERGE(TAIL(F1),F2)
• SIZE(F3) lt SIZE(HEAD(F1))
• Result Combine HEAD(F1) with F3

22
Properties of Merge

• Theorem Given any forest F produced from
  repeated merges that started from singleton
  trees, if n nodes in F, then height of F is
  O(log n)
• Crucial Insight A forest F is Fib-full if
  either
• F()
• Nodes(F) gt Fib(k1), TAIL(F) is Fib-full, and
  Nodes(Head(F)) gt Fib(k) where k height(F)

23
Closeness Properties

• Lemma 2 Given two forests F1 and F2, and where
  FMERGE(F1,F2) then the following properties
  hold
• Fi is containable in a tree of size EXPAND(Fi) in
  F
• All tails T of Fi are also containable inside of
  trees EXPAND(T) inside of F.

24
Commitment Structure

• Similar to Chan et al, 2006
• (height count sum complement commitment)
• Leaf node (0 1 vi r-vi I)
• Combine (h c1 V1 V1 O1) and (h c2 V2 V2
  O2)
• (h1 c1c2 V1V2 V1V2 O3)
• O3 H(Nh1 c1c2 V1V2 V1V2O1O2)
• Dummy nodes tree
• (h 0 0 2hr Dh)

25
Summary/Future Work

• Reduced node congestion from O(?log2n) to
  O(?logn)
• Future work
• Determining if there is an actual performance
  difference
• K-way merging