Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007 Presented by Nicky Mahilani CSC 774 In-class presentation 1 Acknowledgement: Based on slides provided by Author

Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 2

Computer Science Sensor Networks Group of sensor nodes report to a Base Station(BS) Without data aggregation –Data redundancy –Communication cost –Energy expenditure Reporting raw data is inefficient BS 3

Computer Science Data Aggregation in Sensor Networks With data aggregation we can reduce –Data redundancy –Communication cost –Energy expenditure A lossy data compression process BS 4

Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 5

Computer Science Security Challenges in Data Aggregation?(1) A compromised intermediate node may change the aggregated data BS cannot verify the result without knowing original readings False Alarm BS Compromised node 6

Computer Science Hop-by-hop aggregation –Aggregates computed by a higher-level node are from ‘more’ low-level nodes –If a compromised node is closer to BS, false value from it has more impact on the final result computed by BS Legitimate temperature (32F ~ 150F) BS 7 Security Challenges in Data Aggregation?(2)

Computer Science Security Challenges in Data Aggregation?(3) Question: Can the BS obtain a good approximation of the fusion result when a fraction of nodes are compromised? False Alarm BS Compromised node 8

Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 9

Computer Science Network Model BS - An unbalanced tree rooted at BS - Data is aggregated hop by hop - Each aggregate is a tuple (value, count) - Every node only forwards one copy 10

Computer Science Attack Model Goal: Inject false data without being detected by BS Example: –Without modifying the received aggregate (98.7F~101F, 51) –Count change attack (100F~150F, *) –Value change attack (32F~150F, 51) Legitimate temperature (32F ~ 150F) BS (100F, 50) (?, ?) 11

Computer Science SDAP: Secure Hop-by-hop Data Aggregation Protocol Basic Principle –Divide and conquer –Commit and attest Protocol Overview –Tree Construction & Query Dissemination –Probabilistic grouping Partition nodes into logical groups of similar size –Hop-by-hop aggregation Each group generates a commitment which cannot be denied later –Verification & attestation BS identifies suspicious groups Suspect groups attest correctness of commitments to BS 12

Computer Science Tree Construction & Query Dissemination Tree construction Query dissemination –BS  * : F agg, S g F agg : an aggregation function, e.g., avg, count S g : a random number as grouping seed 13 Legitimate temperature (32F ~ 150F) avg

Computer Science Probabilistic grouping & data aggregation Probabilistic grouping is conducted through group leader selection –H(K x, S g |x) < F g (c) x : node id K x : master key of x H : pseudorandom function, uniform output in [0,1) S g : for security and load balance c : count F g : grouping function, [0,1) output increasing with c 14 Legitimate temperature (32F ~ 150F) H(K id, S g |id) > F g (1) H(K w’, S g |w’) < F g (8) H(K x, S g |x) < F g (15) H(K y, S g |y) < F g (c)

Computer Science Probabilistic grouping & data aggregation Probabilistic grouping is conducted through group leader selection –H(K x, S g |x) < F g (c) x : node id K x : master key of x H : pseudorandom function, uniform output in [0,1) S g : for security and load balance c : count F g : grouping function, [0,1) output increasing with c 15 Legitimate temperature (32F ~ 150F) By choosing appropriate grouping functions, group sizes are roughly even with small deviation, providing good basis for attestation

Computer Science Group Aggregation 16 Format of aggregates flag value count MAC id seed Encrypted Authenticated Flag: initialized to 0, set to 1 after leaders finish group aggregation, so that other nodes on the path just forward group commitments –u  v : u, 0, E(K uv,1|R u |S g )|MAC u MAC u =MAC(K u, 0|1|u|R u |S g ) Leaf node aggregation

Computer Science Group Aggregation (2) 17 –v  w : v, 0, E(K vw,3|Agg v |S g )|MAC v Agg v =F agg (R v, R u, R u’ ) MAC v =MAC(K v, 0|3|v|Agg v | MAC u MAC u’ |S g ) MAC is also computed hop by hop, thus representing authentication of all the nodes contributing to the data H( K v, S g |v) > F g (3) Immediate node aggregation

Computer Science Group Aggregation (3) 18 –x  BS : x, 1, E(K x,15|Agg x |S g )|MAC x Agg x =F agg (R x, Agg w, Agg w’ ) MAC x =MAC(K x, 1|15|x|Agg x |MAC w MAC w’ |S g ) H( K x, S g |x) < F g (15) Default leader of leftover nodes Tracking the forwarding path: A forwarding table (incoming link, group id) Group id is the id of group leader Bloom filter may help scale up Leader node aggregation

Computer Science Verification & attestation BS identifies suspicious groups for attestation Outlier detection by Grubbs’ Test –extensions: multiple outliers, bivariate P c * P value <α? (significance level, e.g., 0.05) –Attackers tend to forge false values as well as large counts correspondingly, to make false values count for larger fraction in the final result 19 (x, 142F, 50)(y, 100F, 20)(w’, 95F, 25)(BS, 90F, 28)

Computer Science Verification & attestation (2) 20 Forwarding attestation requests from BS Suppose group x is under suspicion BS  y: x, S a, S g S a : a random number as attestation seed Node y then forwards this request to leader x

Computer Science Group attestation −Probabilistic attestation path selection From x, each parent sums up counts of all the children, then computes picks up i th child on the path, if Verification & attestation (3) 21

Computer Science Verification & attestation (4) 22 Attestation response from groups Each node on the path sends back count and reading Sibling node sends back count, aggregate and MAC (leaf only sends count and reading)

Computer Science Verification & attestation (5) Group response validation by BS BS reconstructs Agg x and MAC x based on responses –If both match the submitted values, accepts them –Otherwise, rejects them 23

Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 24

Computer Science Detection Rate 25 m is the number of attestation paths C v : Count value m Detection Rate

Computer Science Grouping Function (F g ) Goal: small variations on group sizes –if c = 1, Fg(c) = 0 –if c  infinite, Fg(c) = 1 –increase slowly in the beginning, approach to 1 quickly after a certain value above the mean 26

Computer Science Communication Overhead Packet*hop: 3.4k~4.4K in a non-secure aggregation scheme: 3k in a no aggregation secure scheme: 21k 27

Computer Science Outline Data Aggregation in Sensor Networks Security Challenges SDAP Details Performance Evaluation Conclusion Future Work 28

Computer Science Conclusion & Future Work A probabilistic grouping based secure data aggregation protocol –Divide-and-conquer –Commit-and-attest –With adjustable detection rate –Low performance overhead Challenges: –Max/Min –Content-based attestation Readings from nodes in the same neighborhood should bear certain temporal/spatial correlations 29

Computer Science Thank you ! Questions ??? 30