SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003

Large Scale Sensor Networks Monitoring Purposes Limited Computation Resources Limited Communication Resources Query Processing over Sensor data

Aggregation In-network processing and aggregation –Reduces volume of raw data Aggregators do aggregation Aggregators or sensors may be compromised –DDoS Attacks –Stealthy Attacks

Objectives Secure Information Aggregation Aggregate-commit-prove approach –Aggregators commit data from the sensors –Aggregator proves the correctness to Home Server Secure computation of Median Min/Max Distinct elements and other queries

Model Each sensor has unique ID Home server and Aggregator store master keys, K B and K A Each sensor stores shared keys MAC KA (node ID) and MAC KB (node ID) Adversarial attacks on sensor values, {1,..,m} aggregator Home server

Assumptions Aggregator is resources-enhanced Uncorrupted sensors are not disconnected from the aggregators Home Server and Aggregators can broadcast to sensors Only a small no. of sensors can be attacked Many kinds of attacks but focus is on stealthy attacks

General Approach Three phases: aggregate, commit and prove Aggregator aggregates raw data with a commitment –Computation of results –Commitment to data Home server and aggregator perform interactive proofs to verify reported results –Report results –Prove the correctness (committed data represents true sensor values, aggregate is accurate)

Commit Merkle hash tree used to commit to a set of values

Query Estimation Secure Computation of Median on (a i, ID i ) pairs Median by Random sampling –Theorem: The median of a uniform sample of l out of n elements a1,..,an with probability at least 1-2/exp(2l  2 ) yields an element whose position in the sorted sequence a1,..,an is with  n of n/2. –Proof: Pr[|X – n/2| >  n ]  exp(-2l  2 ) [ and using Hoeffding bound] –Sample size needed  (1/  2 ) by Bar-Yossef et. al.

Secure Median Computation Aggregator, A commits the measured values (sorted) using a hash-tree construction Home server, B gets an alleged median, a B verifies (using Spot-Check-II by Ergun et. Al) –Commited sequence is sorted –All elements are distinct B checks that a is close to the median of committed sequence –By randomly picking elements from the sequence and comparing elements from the left and right parts

Secure Computation of Min/Max procedure MinRootedTree(d) /* code for sensor I */ p i = S i, v i = a i, id i = S i for i = 1..d do send(v i, id i ) to all neighbors receive (v j, id j ) from neighbors if v j < v i for some j then p i = S j, v i = a j, id i = S j procedure FindMin(  ) /* code for home server */ request construction of a tree using MinRootedTree if tree construction failed then return REJECT request number n of the nodes in the tree For I = 1…(1/  ) do pick j  {1,..,n} request j-th node from the tree follow path to the root if path is inconsistent then return REJECT return ACCEPT

Other queries and issues Random Node Selection –Home Server distributes hash function h –Sensors compute MIN using h, ID and time interval Distinct number of elements can be found by finding the lower (Bar-Yossef ) and upper bound (using sampling). –Network size is a special case –  = {(i,j) | 1  i  n, 1  j  a j } Forward Secure Authentication by changing keys in every time interval Secure Hierarchical Aggregation using multiple aggregators

Conclusion Secure Aggregate Information Computation of Estimates Protocol for secure aggregation