Title: An Efficient IntegrityPreserving Scheme for Hierarchical Sensor Aggregation
1An Efficient Integrity-Preserving Scheme for
Hierarchical Sensor Aggregation
2Integrity in Sensor Networks
- Environment Sensors deployed in hostile
environment and base station wants to query
network - In-network aggregation useful for extending
lifetime of the network - Undesirable if adversary can corrupt a small
number of nodes and convince querier of false
result
3Problem Description
- n sensors
- Each has value in range 0,r
- Goal Base station learns SUM of values
- Can be extended to COUNT, AVERAGE, F-QUANTILE
- Setup
- Nodes have key with base station
- Nodes form aggregation tree Madden et al, 2002
- Nodes can receive broadcasts from base station
Perrig et al, 2002
4Stealthy Attack
- M sum (uncorrupted)
- Corrupted can force M,M2r
- Should not be able to convince base station of
value outside of this range
Base
5Efficiency Goal
- Want to extend life of all nodes in network
- Node congestion Maximum information sent by any
one node - No expensive cryptography
6Related Work
- Elect leader
- Heinzelmann et al, 2001, Qin and Zimmerman,
2005 - Problem Single place of failure
- Resilience against leader corruption
- Du et al, 2003, Mahimkar and Rappaport, 2004,
Yang et al, 2006, Przydatek, 2003 - High node congestion at leader
7More Related Work
- Resilience against node failures
- Gupta et al, 2001, Nath et al, 2004, Chen et
al, 2005, Manhji et al, 2005 - Does not consider malicious nodes
- Resilience against single malicious nodes
- Hu and Evans, 2003, Jadia and Mathuria, 2004
- What about multiple malicious nodes
8Scheme by Chan et al--CCS 2006
- Provided protection against stealthy attacks with
multiple malicious nodes - Node congestion O(?log2n)
- ? degree of aggregation tree
- n number of sensors
- Our Goal Reduce network congestion with same
resilience - What we achieved O(?log n)
9Is this Significant?
- Is it likely that n will be large enough to
necessitate improvement from O(?log2n) to O(?log
n)? - Well if we ignore constants
- log2n gt sqrt(n) for nlt 65536
- n1024, log2n 100, log n 10
- n 128 log2n 49, log n 7
10Review of CCS 2006 scheme
- Phase 1 Aggregation-Commit Phase
- Pass information up aggregation tree
- Aggregation similar to Merkle Tree aggregation
- Phase 2 Result-Broadcast Phase
- Base Station broadcasts commitment
- Phase 3 Result-Checking Phase
- Proofs of inclusion in broadcast passed down
aggregation tree - Proofs similar to inclusion of commitments in
Merkle tree - Phase 4 Agreement Phase
- Everyone confirms that they are in the result
11Merkle Tree Merkle, 1980
- Parent value H(leftrightownValue)
- If given commitment of root, node needs
- Values of nodes on path to root
- Offpath values on path to root
12Commitment Structure
- If we use aggregation tree, worst case
communication cost is O(n) (average case
O(sqrt(n)) - Idea of Previous Work Build an alternate
commitment structure - Forest of complete trees of unique heights
13Example of structure
- To combine two forests
- While (two trees of same height)
- Combine into a single tree
14Problem with Approach
15Our Scheme from 10000 feet
- Avoid previous problem of close nodes being
separated - If this will happen we will add dummy nodes to
keep things close - Concerns
- How do we minimize dummy nodes?
- How many dummy nodes will be added?
16Notation
- HEAD(F) largest tree in forest
- TAIL(F) F-HEAD(F)
- EXPAND(F) Add dummy nodes to make F into
complete tree - SIZE(F) Number of leaf nodes in F
17Merge(F1,F2) size(F1)gtsize(F2)
- Case 1
- SIZE(HEAD(F1)) SIZE(HEAD(F2)
- TAIL(F1) and TAIL(F2) empty
- Result Combine F1 and F2 into a single tree
18Merge(F1,F2) size(F1)gtsize(F2)
- Case 2
- SIZE(HEAD(F1)) SIZE(HEAD(F2)
- TAIL(F1) not empty
- Result EXPAND(F1) and concat with F2
19Merge(F1,F2) size(F1)gtsize(F2)
- Case 3
- SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
- F3 MERGE(TAIL(F1),F2)
- SIZE(F3) SIZE(HEAD(F1))
- TAIL(F3) ! ()
- Result EXPAND(F1) and concat with F2
20Merge(F1,F2) size(F1)gtsize(F2)
- Case 3
- SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
- F3 MERGE(TAIL(F1),F2)
- SIZE(F3) SIZE(HEAD(F1))
- TAIL(F3) ()
- Result Combine HEAD(F1) with F3 into a single
tree
21Merge(F1,F2) size(F1)gtsize(F2)
- Case 3
- SIZE(HEAD(F1)) gt SIZE(HEAD(F2))
- F3 MERGE(TAIL(F1),F2)
- SIZE(F3) lt SIZE(HEAD(F1))
- Result Combine HEAD(F1) with F3
22Properties of Merge
- Theorem Given any forest F produced from
repeated merges that started from singleton
trees, if n nodes in F, then height of F is
O(log n) - Crucial Insight A forest F is Fib-full if
either - F()
- Nodes(F) gt Fib(k1), TAIL(F) is Fib-full, and
Nodes(Head(F)) gt Fib(k) where k height(F)
23Closeness Properties
- Lemma 2 Given two forests F1 and F2, and where
FMERGE(F1,F2) then the following properties
hold - Fi is containable in a tree of size EXPAND(Fi) in
F - All tails T of Fi are also containable inside of
trees EXPAND(T) inside of F.
24Commitment Structure
- Similar to Chan et al, 2006
- (height count sum complement commitment)
- Leaf node (0 1 vi r-vi I)
- Combine (h c1 V1 V1 O1) and (h c2 V2 V2
O2) - (h1 c1c2 V1V2 V1V2 O3)
- O3 H(Nh1 c1c2 V1V2 V1V2O1O2)
- Dummy nodes tree
- (h 0 0 2hr Dh)
25Summary/Future Work
- Reduced node congestion from O(?log2n) to
O(?logn) - Future work
- Determining if there is an actual performance
difference - K-way merging