SIA: Secure Information Aggregation in Sensor Networks

1
SIA Secure Information Aggregation in Sensor
Networks

• Bartosz Przydatek, Dawn Song, Adrian Perrig
• Carnegie Mellon University

Carl Hartung CSCI 7143 Secure Sensor Networks
2
Overview

• Secure Aggregation
• What is aggregation in sensor networks
• Why aggregate?
• Security Issues with aggregation
• Communication
• Efficiency vs. Accuracy
• Aggregate-Commit-Prove
• Computing
• Median, Min/Max, Average
• Conclusions

3
Aggregation in sensor networks

• Aggregators
• Collect information from nearby sensors
• Process it locally
• Send the processed information to user
• Reduces communication power consumption

4
Why Aggregate?

• Given a query, it may be unnecessary and
  inefficient to return all raw data collected from
  each sensorinstead, information should be
  processed and aggregated within the network and
  only processed and aggregated information is
  returned

5
Security issues with aggregation

• Node Compromise
• One or more sensor nodes
• Aggregator(s)
• Denial of Service
• Stealth Attack
• Make user accept false aggregation results
• Goal of Paper
• Prevent the user from accepting incorrect results

6
Communication

• Each sensor has unique identifier and shares key
  with home server and aggregator
• Home Server and Aggregator each have master key
  KB and KA respectively.
• Nodes store the shared keys MACKB(node ID) and
  MACKA (node ID), where MAC is a secure message
  authentication code.

7
Assumptions

• Uncorrupted sensors can reach each other via
  paths of uncorrupted sensors (including
  aggregator)
• Base station has a mechanism to broadcast
  authentic messages such that each node can verify
  authenticity. (TESLA, other?)

8
More Assumptions

• Attacker can corrupt some sensors as well as
  aggregator.
• Attacker has complete control over corrupted
  node(s)
• Attacker can corrupt at most a small fraction
  of nodes.

9
Efficiency vs. Accuracy

• Assume communication between nodes/aggregator and
  Home Server is expensive
• Trivial solution
• Send all data with aggregated data so Home Server
  can verify. Linear communication.
• Must be willing to accept a small non-zero
  possibility of error to get sub-linear
  communication.

10
Efficiency vs. Accuracy

• Let f be a function of a1,,an into real numbers,
  and let y f(a1,,an).
• ? is a multiplicative e-approximation of y if (1-
  e)y lt ? lt (1 e)y.
• In addition to approximation error e, also use d
  to upper bound the probability of not detecting a
  cheating aggregator.
• Called a (e, d)-approximation.
• Finds e-approximation with probability at least 1
  d.

e
11
Aggregate Commit Prove

• Aggregators compute aggregation of sensor nodes
  data
• Report aggregated data to home server along with
  commitment
• Home server and aggregator perform efficient
  interactive proofs such that the home server will
  be able to verify results or detect cheating.

12
Aggregator collects data
A
B
Aggregator
Home Server
C

• Nodes share key with Aggregator, preventing
  impersonation, but not flawed data from a corrupt
  sensor

13
Aggregator commits data
v0,0 H(v1,0 v1,1 )
Example M5 is authentic if the following holds
true v0,0 H(v1,0 H( H(v3,4 H(m5))
v2,3))
v1,0
v1,1
v2,0
v2,1
v2,2
v2,3
v3,0
v3,1
v3,2
v3,3
v3,4
v3,5
v3,6
v3,7
m0
m1
m2
m3
m4
m5
m6
m7
14
Aggregator commits data
v0,0 H(v1,0 v1,1 )
Example M5 is authentic if the following holds
true v0,0 H(v1,0 H( H(v3,4 H(m5))
v2,3))
v1,0
v1,1
v2,0
v2,1
v2,2
v2,3
v3,0
v3,1
v3,2
v3,3
v3,4
v3,5
v3,6
v3,7
m0
m1
m2
m3
m4
m5
m6
m7
15
Aggregator proves data
A
B
Aggregator
Home Server
C
Aggregated data and Commitment

• Home Server checks committed data and aggregated
  data in order to verify

16
Computing the Median

• Require Aggregator to commit in hash-tree
  construction AND values are sorted
• 2 committed sequences
• One sorted on measured values
• One sorted on sensor IDs
• Pick random elements from one list and verify
  that they are present in the other
• Pick random elements from committed sequence and
  check that elements picked from left half are
  less than median, elements from right half are
  greater.
• Requires only O(log n/e) elements to check
  whether is an e-approximation.

17
Computing the Min/Max

• Construct a spanning tree in the network of
  sensors such that the root of the tree holds the
  minimum element.
• Each node authenticates its final state using the
  shared key with the home server, and sends the
  authenticated state to the aggregator.
• The aggregator checks consistency of tree and
  commits to the list of all nodes and their
  states, and reports the root-node to the home
  server.
• Home server randomly picks a node in the
  committed list and traverses the path from the
  chosen node to the root, checking the consistency
  of the constructed tree. If all checks are
  successful, home server accepts the value
  reported by the aggregator.

18
Counting Distinct Elements

• Random Node Selection
• Home Server distributes hash function h
• Sensors compute MIN using h, ID, and time
  interval
• Find lower and upper bounds using sampling.

19
Forward Secure Authentication

• Time is divided into constant time intervals
• Each sensor updates its key shared with the home
  station at the beginning of each time interval
  using a one way function.
• Uses updated key to compute the MAC on the
  sensing data during that time interval.
• If hacker compromises sensor at a later time,
  because of the one-way function, will be unable
  to compute the MAC key for the previous time
  interval.
• Problem How to efficiently store past data and
  authenticator.

20
Hierarchical Aggregation

• If networks is too big, might need to use
  multiple Aggregators
• Basically, have regular aggregators and super
  aggregators
• Super aggregators aggregate the data from regular
  aggregators

21
Conclusions

• Possible to securely aggregate information using
  the aggregate-commit-prove framework even when
  some nodes (including the aggregator) are
  compromised.
• Can be done with less than linear communication
• Not all values from all nodes need to be sent to
  home server to verify that aggregation is
  correct.
• Forward Secure Authentication
• Ensure that a hacker can not change previous
  values/measurements on a node compromised later
  in time.