SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

Slides:



Advertisements
Similar presentations
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Advertisements

Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
Security Issues In Sensor Networks By Priya Palanivelu.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
LPT for Data Aggregation in Wireless Sensor networks Marc Lee and Vincent W.S Wong Department of Electrical and Computer Engineering, University of British.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
CS 580S Sensor Networks and Systems Professor Kyoung Don Kang Lecture 7 February 13, 2006.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.
Secure Data Aggregation in Wireless Sensor Networks: A Survey Yingpeng Sang, Hong Shen Yasushi Inoguchi, Yasuo Tan, Naixue Xiong Proceedings of the Seventh.
Aggregation in Sensor Networks
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Content Addressable Network CAN. The CAN is essentially a distributed Internet-scale hash table that maps file names to their location in the network.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Salah A. Aly,Moustafa Youssef, Hager S. Darwish,Mahmoud Zidan Distributed Flooding-based Storage Algorithms for Large-Scale Wireless Sensor Networks Communications,
Detection of Denial-of-Message Attacks on Sensor Network Broadcasts Jonathan M.McCune Elaine Shi Adrian Perrig and Michael K.Reiter.
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Neighborhood-Based Topology Recognition in Sensor Networks S.P. Fekete, A. Kröller, D. Pfisterer, S. Fischer, and C. Buschmann Corby Ziesman.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Mangai Vetrivelan Snigdha Joshi Avani Atre. Sensor Network Vulnerabilities o Unshielded Sensor Network Nodes vulnerable to be compromised. o Attacks on.
Key management for wireless sensor networks Sources: ACM Transactions on Sensor Networks, 2(4), pp , Sources: Computer Communications, 30(9),
Dr. Sudharman K. Jayaweera and Amila Kariyapperuma ECE Department University of New Mexico Ankur Sharma Department of ECE Indian Institute of Technology,
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
By: Gang Zhou Computer Science Department University of Virginia 1 Medians and Beyond: New Aggregation Techniques for Sensor Networks CS851 Seminar Presentation.
Security for Broadcast Network
Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Aggregation and Secure Aggregation. [Aggre_1] Section 12 Why do we need Aggregation? Sensor networks – Event-based Systems Example Query: –What is the.
On Mobile Sink Node for Target Tracking in Wireless Sensor Networks Thanh Hai Trinh and Hee Yong Youn Pervasive Computing and Communications Workshops(PerComW'07)
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
Cryptographic hash functions
RS – Reed Solomon List Decoding.
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Compact routing schemes with improved stretch
Aggregation.
Presentation transcript:

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure Sensor Networks

Overview Secure Aggregation What is aggregation in sensor networks Why aggregate? Security Issues with aggregation Communication Efficiency vs. Accuracy Aggregate-Commit-Prove Computing Median, Min/Max, Average Conclusions

Aggregation in sensor networks Aggregators Collect information from nearby sensors Process it locally Send the processed information to user Reduces communication & power consumption

Why Aggregate? Given a query, it may be unnecessary and inefficient to return all raw data collected from each sensor—instead, information should be processed and aggregated within the network and only processed and aggregated information is returned

Security issues with aggregation Node Compromise One or more sensor nodes Aggregator(s) Denial of Service Stealth Attack Make user accept false aggregation results Goal of Paper: Prevent the user from accepting incorrect results

Communication Each sensor has unique identifier and shares key with home server and aggregator Home Server and Aggregator each have master key K B and K A respectively. Nodes store the shared keys MAC K B (node ID) and MAC K A (node ID), where MAC is a secure message authentication code.

Assumptions Uncorrupted sensors can reach each other via paths of uncorrupted sensors (including aggregator) Base station has a mechanism to broadcast authentic messages such that each node can verify authenticity. (TESLA, other?)

More Assumptions Attacker can corrupt some* sensors as well as aggregator. Attacker has complete control over corrupted node(s) * Attacker can corrupt at most a small fraction of nodes.

Efficiency vs. Accuracy Assume communication between nodes/aggregator and Home Server is expensive Trivial solution Send all data with aggregated data so Home Server can verify. – Linear communication. Must be willing to accept a small non-zero possibility of error to get sub-linear communication.

Efficiency vs. Accuracy Let f be a function of a 1,…,a n into real numbers, and let y = f(a 1,…,a n). ỹ is a multiplicative ε-approximation of y if (1- ε)y <= ỹ <= (1+ ε)y. In addition to approximation error ε, also use δ to upper bound the probability of not detecting a cheating aggregator. Called a (ε, δ)-approximation. Finds ε-approximation with probability at least 1 – δ. ε

Aggregate – Commit – Prove Aggregators compute aggregation of sensor nodes’ data Report aggregated data to home server along with commitment Home server and aggregator perform efficient interactive proofs such that the home server will be able to verify results or detect cheating.

Aggregator collects data A B C Aggregator Nodes share key with Aggregator, preventing impersonation, but not flawed data from a corrupt sensor Home Server

Aggregator commits data m0m0 m1m1 m2m2 m3m3 v 3,0 v 3,1 v 3,2 v 3,3 v 2,0 v 1,0 m4m4 m5m5 m6m6 m7m7 v 3,4 v 3,5 v 3,6 v 3,7 v 0,0 = H(v 1,0 || v 1,1 ) v 2,1 v 2,2 v 2,3 v 1,1 Example: M5 is authentic if the following holds true: v0,0 = H(v1,0 || H( H(v3,4 || H(m5)) || v2,3))

Aggregator commits data m0m0 m1m1 m2m2 m3m3 v 3,0 v 3,1 v 3,2 v 3,3 v 2,0 v 1,0 m4m4 m5m5 m6m6 m7m7 v 3,4 v 3,5 v 3,6 v 3,7 v 0,0 = H(v 1,0 || v 1,1 ) v 2,1 v 2,2 v 2,3 v 1,1 Example: M5 is authentic if the following holds true: v0,0 = H(v1,0 || H( H(v3,4 || H(m5)) || v2,3))

Aggregator proves data A B C Aggregator Home Server checks committed data and aggregated data in order to verify Home Server Aggregated data and Commitment

Computing the Median Require Aggregator to commit in hash-tree construction AND values are sorted 2 committed sequences One sorted on measured values One sorted on sensor IDs Pick random elements from one list and verify that they are present in the other Pick random elements from committed sequence and check that elements picked from left half are less than median, elements from right half are greater. Requires only O(log n/ε) elements to check whether is an ε-approximation.

Computing the Min/Max Construct a spanning tree in the network of sensors such that the root of the tree holds the minimum element. Each node authenticates its final state using the shared key with the home server, and sends the authenticated state to the aggregator. The aggregator checks consistency of tree and commits to the list of all nodes and their states, and reports the root-node to the home server. Home server randomly picks a node in the committed list and traverses the path from the chosen node to the root, checking the consistency of the constructed tree. If all checks are successful, home server accepts the value reported by the aggregator.

Counting Distinct Elements Random Node Selection Home Server distributes hash function h Sensors compute MIN using h, ID, and time interval Find lower and upper bounds using sampling.

Forward Secure Authentication Time is divided into constant time intervals Each sensor updates its key shared with the home station at the beginning of each time interval using a one way function. Uses updated key to compute the MAC on the sensing data during that time interval. If hacker compromises sensor at a later time, because of the one-way function, will be unable to compute the MAC key for the previous time interval. Problem: How to efficiently store past data and authenticator.

Hierarchical Aggregation If networks is too big, might need to use multiple Aggregators Basically, have regular aggregators and super aggregators Super aggregators aggregate the data from regular aggregators

Conclusions Possible to securely aggregate information using the aggregate-commit-prove framework even when some nodes (including the aggregator) are compromised. Can be done with less than linear communication Not all values from all nodes need to be sent to home server to verify that aggregation is correct. Forward Secure Authentication Ensure that a hacker can not change previous values/measurements on a node compromised later in time.